Issues in Eloquence.php (5.2) - Issues in 5.2 - jarektkaczyk/eloquence - Measure and Improve Code Quality continuously with Scrutinizer

Issues (107)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Eloquence.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Sofa\Eloquence;

use Sofa\Hookable\Hookable;
use Sofa\Eloquence\Mutator\Mutator;
use Sofa\Hookable\Contracts\ArgumentBag;
use Sofa\Eloquence\Query\Builder as QueryBuilder;
use Sofa\Eloquence\Contracts\Mutator as MutatorContract;
use Sofa\Eloquence\AttributeCleaner\Observer as AttributeCleaner;

/**
 * This trait is an entry point for all the hooks that we want to apply
 * on the Eloquent Model and Builder in order to let the magic happen.
 *
 * It also provides hasColumn and getColumnListing helper methods
 * so you can easily list or check columns in the model's table.
 *
 * @version 5.1
 *
 * @method \Illuminate\Database\Connection getConnection()
 * @method string getTable()
 */
trait Eloquence
{
    use Hookable;

    /**
     * Attribute mutator instance.
     *
     * @var \Sofa\Eloquence\Contracts\Mutator
     */
    protected static $attributeMutator;

    /**
     * Model's table column listing.
     *
     * @var array
     */
    protected static $columnListing = [];

    /**
     * Boot the trait.
     *
     * @codeCoverageIgnore
     *
     * @return void
     */
    public static function bootEloquence()
    {
        static::observe(new AttributeCleaner);

        if (!isset(static::$attributeMutator)) {
            if (function_exists('app') && app()->bound('eloquence.mutator')) {
                static::setAttributeMutator(app('eloquence.mutator'));
            } else {
                static::setAttributeMutator(new Mutator);
            }
        }
    }

    /**
     * Determine whether where should be treated as whereNull.
     *
     * @param  string $method
     * @param  Sofa\Hookable\Contracts\ArgumentBag $args
     * @return boolean
     */
    protected function isWhereNull($method, ArgumentBag $args)
    {
        return $method === 'whereNull' || $method === 'where' && $this->isWhereNullByArgs($args);
    }

    /**
     * Determine whether where is a whereNull by the arguments passed to where method.
     *
     * @param  Sofa\Hookable\Contracts\ArgumentBag $args
     * @return boolean
     */
    protected function isWhereNullByArgs(ArgumentBag $args)
    {
        return is_null($args->get('operator'))
            || is_null($args->get('value')) && !in_array($args->get('operator'), ['<>', '!=']);
    }

    /**
     * Extract real name and alias from the sql select clause.
     *
     * @param  string $column
     * @return array
     */
    protected function extractColumnAlias($column)
    {
        $alias = $column;

        if (strpos($column, ' as ') !== false) {
            list($column, $alias) = explode(' as ', $column);
        }

        return [$column, $alias];
    }

    /**
     * Get the target relation and column from the mapping.
     *
     * @param  string $mapping
     * @return array
     */
    public function parseMappedColumn($mapping)
    {
        $segments = explode('.', $mapping);

        $column = array_pop($segments);

        $target = implode('.', $segments);

        return [$target, $column];
    }

    /**
     * Determine whether the key is meta attribute or actual table field.
     *
     * @param  string  $key
     * @return boolean
     */
    public static function hasColumn($key)
    {
        static::loadColumnListing();

        return in_array((string) $key, static::$columnListing);
    }

    /**
     * Get searchable columns defined on the model.
     *
     * @return array
     */
    public function getSearchableColumns()
    {
        return (property_exists($this, 'searchableColumns')) ? $this->searchableColumns : [];
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }

    /**
     * Get model table columns.
     *
     * @return array
     */
    public static function getColumnListing()
    {
        static::loadColumnListing();

        return static::$columnListing;
    }

    /**
     * Fetch model table columns.
     *
     * @return void
     */
    protected static function loadColumnListing()
    {
        if (empty(static::$columnListing)) {
            $instance = new static;

            static::$columnListing = $instance->getConnection()
                                        ->getSchemaBuilder()
                                        ->getColumnListing($instance->getTable());
        }
    }

    /**
     * Create new Eloquence query builder for the instance.
     *
     * @param  \Sofa\Eloquence\Query\Builder
     * @return \Sofa\Eloquence\Builder
     */
    public function newEloquentBuilder($query)
    {
        return new Builder($query);
    }

    /**
     * Get a new query builder instance for the connection.
     *
     * @return \Sofa\Eloquence\Query\Builder
     */
    protected function newBaseQueryBuilder()
    {
        $conn = $this->getConnection();

        $grammar = $conn->getQueryGrammar();

        return new QueryBuilder($conn, $grammar, $conn->getPostProcessor());
    }

    /**
     * Set attribute mutator instance.
     *
     * @codeCoverageIgnore
     *
     * @param  \Sofa\Eloquence\Contracts\Mutator $mutator
     * @return void
     */
    public static function setAttributeMutator(MutatorContract $mutator)
    {
        static::$attributeMutator = $mutator;
    }

    /**
     * Get attribute mutator instance.
     *
     * @codeCoverageIgnore
     *
     * @return \Sofa\Eloquence\Contracts\Mutator
     */
    public static function getAttributeMutator()
    {
        return static::$attributeMutator;
    }
}


1			<?php
2
3			namespace Sofa\Eloquence;
4
5			use Sofa\Hookable\Hookable;
6			use Sofa\Eloquence\Mutator\Mutator;
7			use Sofa\Hookable\Contracts\ArgumentBag;
8			use Sofa\Eloquence\Query\Builder as QueryBuilder;
9			use Sofa\Eloquence\Contracts\Mutator as MutatorContract;
10			use Sofa\Eloquence\AttributeCleaner\Observer as AttributeCleaner;
11
12			/**
13			* This trait is an entry point for all the hooks that we want to apply
14			* on the Eloquent Model and Builder in order to let the magic happen.
15			*
16			* It also provides hasColumn and getColumnListing helper methods
17			* so you can easily list or check columns in the model's table.
18			*
19			* @version 5.1
20			*
21			* @method \Illuminate\Database\Connection getConnection()
22			* @method string getTable()
23			*/
24			trait Eloquence
25			{
26			use Hookable;
27
28			/**
29			* Attribute mutator instance.
30			*
31			* @var \Sofa\Eloquence\Contracts\Mutator
32			*/
33			protected static $attributeMutator;
34
35			/**
36			* Model's table column listing.
37			*
38			* @var array
39			*/
40			protected static $columnListing = [];
41
42			/**
43			* Boot the trait.
44			*
45			* @codeCoverageIgnore
46			*
47			* @return void
48			*/
49			public static function bootEloquence()
50			{
51			static::observe(new AttributeCleaner);
52
53			if (!isset(static::$attributeMutator)) {
54			if (function_exists('app') && app()->bound('eloquence.mutator')) {
55			static::setAttributeMutator(app('eloquence.mutator'));
56			} else {
57			static::setAttributeMutator(new Mutator);
58			}
59			}
60			}
61
62			/**
63			* Determine whether where should be treated as whereNull.
64			*
65			* @param string $method
66			* @param Sofa\Hookable\Contracts\ArgumentBag $args
67			* @return boolean
68			*/
69			protected function isWhereNull($method, ArgumentBag $args)
70			{
71			return $method === 'whereNull' \|\| $method === 'where' && $this->isWhereNullByArgs($args);
72			}
73
74			/**
75			* Determine whether where is a whereNull by the arguments passed to where method.
76			*
77			* @param Sofa\Hookable\Contracts\ArgumentBag $args
78			* @return boolean
79			*/
80			protected function isWhereNullByArgs(ArgumentBag $args)
81			{
82			return is_null($args->get('operator'))
83			\|\| is_null($args->get('value')) && !in_array($args->get('operator'), ['<>', '!=']);
84			}
85
86			/**
87			* Extract real name and alias from the sql select clause.
88			*
89			* @param string $column
90			* @return array
91			*/
92			protected function extractColumnAlias($column)
93			{
94			$alias = $column;
95
96			if (strpos($column, ' as ') !== false) {
97			list($column, $alias) = explode(' as ', $column);
98			}
99
100			return [$column, $alias];
101			}
102
103			/**
104			* Get the target relation and column from the mapping.
105			*
106			* @param string $mapping
107			* @return array
108			*/
109			public function parseMappedColumn($mapping)
110			{
111			$segments = explode('.', $mapping);
112
113			$column = array_pop($segments);
114
115			$target = implode('.', $segments);
116
117			return [$target, $column];
118			}
119
120			/**
121			* Determine whether the key is meta attribute or actual table field.
122			*
123			* @param string $key
124			* @return boolean
125			*/
126			public static function hasColumn($key)
127			{
128			static::loadColumnListing();
129
130			return in_array((string) $key, static::$columnListing);
131			}
132
133			/**
134			* Get searchable columns defined on the model.
135			*
136			* @return array
137			*/
138			public function getSearchableColumns()
139			{
140			return (property_exists($this, 'searchableColumns')) ? $this->searchableColumns : [];
			0 ignored issues – show Bug introduced 2015-11-21 12:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `searchableColumns` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
141			}
142
143			/**
144			* Get model table columns.
145			*
146			* @return array
147			*/
148			public static function getColumnListing()
149			{
150			static::loadColumnListing();
151
152			return static::$columnListing;
153			}
154
155			/**
156			* Fetch model table columns.
157			*
158			* @return void
159			*/
160			protected static function loadColumnListing()
161			{
162			if (empty(static::$columnListing)) {
163			$instance = new static;
164
165			static::$columnListing = $instance->getConnection()
166			->getSchemaBuilder()
167			->getColumnListing($instance->getTable());
168			}
169			}
170
171			/**
172			* Create new Eloquence query builder for the instance.
173			*
174			* @param \Sofa\Eloquence\Query\Builder
175			* @return \Sofa\Eloquence\Builder
176			*/
177			public function newEloquentBuilder($query)
178			{
179			return new Builder($query);
180			}
181
182			/**
183			* Get a new query builder instance for the connection.
184			*
185			* @return \Sofa\Eloquence\Query\Builder
186			*/
187			protected function newBaseQueryBuilder()
188			{
189			$conn = $this->getConnection();
190
191			$grammar = $conn->getQueryGrammar();
192
193			return new QueryBuilder($conn, $grammar, $conn->getPostProcessor());
194			}
195
196			/**
197			* Set attribute mutator instance.
198			*
199			* @codeCoverageIgnore
200			*
201			* @param \Sofa\Eloquence\Contracts\Mutator $mutator
202			* @return void
203			*/
204			public static function setAttributeMutator(MutatorContract $mutator)
205			{
206			static::$attributeMutator = $mutator;
207			}
208
209			/**
210			* Get attribute mutator instance.
211			*
212			* @codeCoverageIgnore
213			*
214			* @return \Sofa\Eloquence\Contracts\Mutator
215			*/
216			public static function getAttributeMutator()
217			{
218			return static::$attributeMutator;
219			}
220			}
221

jarektkaczyk / eloquence

Issues (107)

Security Analysis no request data

src/Eloquence.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like