Issues in Eloquence.php (master) - Issues in master - jarektkaczyk/eloquence-base - Measure and Improve Code Quality continuously with Scrutinizer

Issues (27)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Eloquence.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Sofa\Eloquence;

use Illuminate\Database\Connection;
use Sofa\Hookable\Hookable;
use Sofa\Hookable\Contracts\ArgumentBag;
use Sofa\Eloquence\Query\Builder as QueryBuilder;
use Sofa\Eloquence\AttributeCleaner\Observer as AttributeCleaner;

/**
 * This trait is an entry point for all the hooks that we want to apply
 * on the Eloquent Model and Builder in order to let the magic happen.
 *
 * It also provides hasColumn and getColumnListing helper methods
 * so you can easily list or check columns in the model's table.
 *
 * @version 5.5
 *
 * @method Connection getConnection()
 * @method string getTable()
 */
trait Eloquence
{
    use Hookable;

    /**
     * Model's table column listing.
     *
     * @var array
     */
    protected static $columnListing = [];

    /**
     * Boot the trait.
     *
     * @codeCoverageIgnore
     *
     * @return void
     */
    public static function bootEloquence()
    {
        static::observe(new AttributeCleaner);
    }

    /**
     * Determine whether where should be treated as whereNull.
     *
     * @param  string $method
     * @param  ArgumentBag $args
     * @return bool
     */
    protected function isWhereNull($method, ArgumentBag $args)
    {
        return $method === 'whereNull' || $method === 'where' && $this->isWhereNullByArgs($args);
    }

    /**
     * Determine whether where is a whereNull by the arguments passed to where method.
     *
     * @param  ArgumentBag $args
     * @return bool
     */
    protected function isWhereNullByArgs(ArgumentBag $args)
    {
        return is_null($args->get('operator'))
            || is_null($args->get('value')) && !in_array($args->get('operator'), ['<>', '!=']);
    }

    /**
     * Extract real name and alias from the sql select clause.
     *
     * @param  string $column
     * @return array
     */
    protected function extractColumnAlias($column)
    {
        $alias = $column;

        if (strpos($column, ' as ') !== false) {
            list($column, $alias) = explode(' as ', $column);
        }

        return [$column, $alias];
    }

    /**
     * Get the target relation and column from the mapping.
     *
     * @param  string $mapping
     * @return array
     */
    public function parseMappedColumn($mapping)
    {
        $segments = explode('.', $mapping);

        $column = array_pop($segments);

        $target = implode('.', $segments);

        return [$target, $column];
    }

    /**
     * Determine whether the key is meta attribute or actual table field.
     *
     * @param  string  $key
     * @return bool
     */
    public static function hasColumn($key)
    {
        static::loadColumnListing();

        return in_array((string) $key, static::$columnListing);
    }

    /**
     * Get searchable columns defined on the model.
     *
     * @return array
     */
    public function getSearchableColumns()
    {
        return (property_exists($this, 'searchableColumns')) ? $this->searchableColumns : [];
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }

    /**
     * Get model table columns.
     *
     * @return array
     */
    public static function getColumnListing()
    {
        static::loadColumnListing();

        return static::$columnListing;
    }

    /**
     * Fetch model table columns.
     *
     * @return void
     */
    protected static function loadColumnListing()
    {
        if (empty(static::$columnListing)) {
            $instance = new static;

            static::$columnListing = $instance->getConnection()
                                        ->getSchemaBuilder()
                                        ->getColumnListing($instance->getTable());
        }
    }

    /**
     * Create new Eloquence query builder for the instance.
     *
     * @param QueryBuilder $query
     * @return Builder
     */
    public function newEloquentBuilder($query)
    {
        return new Builder($query);
    }

    /**
     * Get a new query builder instance for the connection.
     *
     * @return QueryBuilder
     */
    protected function newBaseQueryBuilder()
    {
        $conn = $this->getConnection();

        $grammar = $conn->getQueryGrammar();

        return new QueryBuilder($conn, $grammar, $conn->getPostProcessor());
    }
}


1			<?php
2
3			namespace Sofa\Eloquence;
4
5			use Illuminate\Database\Connection;
6			use Sofa\Hookable\Hookable;
7			use Sofa\Hookable\Contracts\ArgumentBag;
8			use Sofa\Eloquence\Query\Builder as QueryBuilder;
9			use Sofa\Eloquence\AttributeCleaner\Observer as AttributeCleaner;
10
11			/**
12			* This trait is an entry point for all the hooks that we want to apply
13			* on the Eloquent Model and Builder in order to let the magic happen.
14			*
15			* It also provides hasColumn and getColumnListing helper methods
16			* so you can easily list or check columns in the model's table.
17			*
18			* @version 5.5
19			*
20			* @method Connection getConnection()
21			* @method string getTable()
22			*/
23			trait Eloquence
24			{
25			use Hookable;
26
27			/**
28			* Model's table column listing.
29			*
30			* @var array
31			*/
32			protected static $columnListing = [];
33
34			/**
35			* Boot the trait.
36			*
37			* @codeCoverageIgnore
38			*
39			* @return void
40			*/
41			public static function bootEloquence()
42			{
43			static::observe(new AttributeCleaner);
44			}
45
46			/**
47			* Determine whether where should be treated as whereNull.
48			*
49			* @param string $method
50			* @param ArgumentBag $args
51			* @return bool
52			*/
53			protected function isWhereNull($method, ArgumentBag $args)
54			{
55			return $method === 'whereNull' \|\| $method === 'where' && $this->isWhereNullByArgs($args);
56			}
57
58			/**
59			* Determine whether where is a whereNull by the arguments passed to where method.
60			*
61			* @param ArgumentBag $args
62			* @return bool
63			*/
64			protected function isWhereNullByArgs(ArgumentBag $args)
65			{
66			return is_null($args->get('operator'))
67			\|\| is_null($args->get('value')) && !in_array($args->get('operator'), ['<>', '!=']);
68			}
69
70			/**
71			* Extract real name and alias from the sql select clause.
72			*
73			* @param string $column
74			* @return array
75			*/
76			protected function extractColumnAlias($column)
77			{
78			$alias = $column;
79
80			if (strpos($column, ' as ') !== false) {
81			list($column, $alias) = explode(' as ', $column);
82			}
83
84			return [$column, $alias];
85			}
86
87			/**
88			* Get the target relation and column from the mapping.
89			*
90			* @param string $mapping
91			* @return array
92			*/
93			public function parseMappedColumn($mapping)
94			{
95			$segments = explode('.', $mapping);
96
97			$column = array_pop($segments);
98
99			$target = implode('.', $segments);
100
101			return [$target, $column];
102			}
103
104			/**
105			* Determine whether the key is meta attribute or actual table field.
106			*
107			* @param string $key
108			* @return bool
109			*/
110			public static function hasColumn($key)
111			{
112			static::loadColumnListing();
113
114			return in_array((string) $key, static::$columnListing);
115			}
116
117			/**
118			* Get searchable columns defined on the model.
119			*
120			* @return array
121			*/
122			public function getSearchableColumns()
123			{
124			return (property_exists($this, 'searchableColumns')) ? $this->searchableColumns : [];
			0 ignored issues – show Bug introduced 2018-07-21 13:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `searchableColumns` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
125			}
126
127			/**
128			* Get model table columns.
129			*
130			* @return array
131			*/
132			public static function getColumnListing()
133			{
134			static::loadColumnListing();
135
136			return static::$columnListing;
137			}
138
139			/**
140			* Fetch model table columns.
141			*
142			* @return void
143			*/
144			protected static function loadColumnListing()
145			{
146			if (empty(static::$columnListing)) {
147			$instance = new static;
148
149			static::$columnListing = $instance->getConnection()
150			->getSchemaBuilder()
151			->getColumnListing($instance->getTable());
152			}
153			}
154
155			/**
156			* Create new Eloquence query builder for the instance.
157			*
158			* @param QueryBuilder $query
159			* @return Builder
160			*/
161			public function newEloquentBuilder($query)
162			{
163			return new Builder($query);
164			}
165
166			/**
167			* Get a new query builder instance for the connection.
168			*
169			* @return QueryBuilder
170			*/
171			protected function newBaseQueryBuilder()
172			{
173			$conn = $this->getConnection();
174
175			$grammar = $conn->getQueryGrammar();
176
177			return new QueryBuilder($conn, $grammar, $conn->getPostProcessor());
178			}
179			}
180

GitHub Access Token became invalid

Issues (27)

Security Analysis no request data

src/Eloquence.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

jarektkaczyk / eloquence-base

GitHub Access Token became invalid

Issues (27)

Security Analysis no request data

src/Eloquence.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like