Issues in Attribute.php (5.2) - Issues in 5.2 - jarektkaczyk/eloquence - Measure and Improve Code Quality continuously with Scrutinizer

Issues (107)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Metable/Attribute.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Sofa\Eloquence\Metable;

use InvalidArgumentException;
use Illuminate\Database\Eloquent\Model;
use Sofa\Eloquence\Contracts\Attribute as AttributeContract;
use Sofa\Eloquence\Mutator\Mutator;

/**
 * @property array $attributes
 */
class Attribute extends Model implements AttributeContract
{
    /**
     * Attribute mutator instance.
     *
     * @var \Sofa\Eloquence\Contracts\Mutator
     */
    protected static $attributeMutator;

    /**
     * Custom table name.
     *
     * @var string
     */
    protected static $customTable;

    /**
     * The database table used by the model.
     *
     * @var string
     */
    protected $table = 'meta_attributes';

    /**
     * Indicates if the model should be timestamped.
     *
     * @var boolean
     */
    public $timestamps = false;

    /**
     * The primary key for the model.
     *
     * @var string
     */
    protected $primaryKey = 'meta_id';

    /**
     * @var array
     */
    protected $getterMutators = [
        'array'      => 'json_decode',
        'StdClass'   => 'json_decode',
        'DateTime'   => 'asDateTime',
        Model::class => 'unserialize',
    ];

    /**
     * @var array
     */
    protected $setterMutators = [
        'array'      => 'json_encode',
        'StdClass'   => 'json_encode',
        'DateTime'   => 'fromDateTime',
        Model::class => 'serialize',
    ];

    /**
     * The attributes included in the model's JSON and array form.
     *
     * @var array
     */
    protected $visible = ['meta_key', 'meta_value', 'meta_type'];

    /**
     * Create new attribute instance.
     *
     * @param string|array  $key
     * @param mixed  $value
     */
    public function __construct($key = null, $value = null)
    {
        // default behaviour
        if (is_array($key)) {
            parent::__construct($key);
        } else {
            parent::__construct();

            if (is_string($key)) {
                $this->set($key, $value);
            }
        }
    }

    /**
     * Boot this model.
     *
     * @codeCoverageIgnore
     *
     * @return void
     */
    protected static function boot()
    {
        parent::boot();

        if (!isset(static::$attributeMutator)) {
            if (function_exists('app') && app()->bound('eloquence.mutator')) {
                static::$attributeMutator = app('eloquence.mutator');
            } else {
                static::$attributeMutator = new Mutator;
            }
        }
    }

    /**
     * Set the meta attribute.
     *
     * @param string $key
     * @param mixed  $value
     */
    protected function set($key, $value)
    {
        $this->setMetaKey($key);
        $this->setValue($value);
    }

    /**
     * Create new AttributeBag.
     *
     * @param  array  $models
     * @return \Sofa\Eloquence\Metable\AttributeBag
     */
    public function newBag(array $models = [])
    {
        return new AttributeBag($models);
    }

    /**
     * Get the meta attribute value.
     *
     * @return mixed
     */
    public function getValue()
    {
        if ($this->hasMutator($this->attributes['meta_value'], 'getter', $this->attributes['meta_type'])) {
            return $this->mutateValue($this->attributes['meta_value'], 'getter');
        }

        return $this->castValue();
    }

    /**
     * Get the meta attribute key.
     *
     * @return string
     */
    public function getMetaKey()
    {
        return $this->attributes['meta_key'];
    }

    /**
     * Cast value to proper type.
     *
     * @return mixed
     */
    protected function castValue()
    {
        $value = $this->attributes['meta_value'];

        $validTypes = ['boolean', 'integer', 'float', 'double', 'array', 'object', 'null'];

        if (in_array($this->attributes['meta_type'], $validTypes)) {
            settype($value, $this->attributes['meta_type']);
        }

        return $value;
    }

    /**
     * Set key of the meta attribute.
     *
     * @param string $key
     *
     * @throws \InvalidArgumentException
     */
    protected function setMetaKey($key)
    {
        if (!preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $key)) {
            throw new InvalidArgumentException("Provided key [{$key}] is not valid variable name.");
        }

        $this->attributes['meta_key'] = $key;
    }

    /**
     * Set type of the meta attribute.
     *
     * @param mixed $value
     */
    protected function setType($value)
    {
        $this->attributes['meta_type'] = $this->hasMutator($value, 'setter')
            ? $this->getMutatedType($value, 'setter')
            : $this->getValueType($value);
    }

    /**
     * Set value of the meta attribute.
     *
     * @param mixed $value
     *
     * @throws \Sofa\Eloquence\Metable\InvalidTypeException
     */
    public function setValue($value)
    {
        $this->setType($value);

        if ($this->hasMutator($value, 'setter')) {
            $value = $this->mutateValue($value, 'setter');
        } elseif (!$this->isStringable($value) && !is_null($value)) {
            throw new InvalidTypeException(
                "Unsupported meta value type [{$this->getValueType($value)}]."
            );
        }

        $this->attributes['meta_value'] = $value;
    }

    /**
     * Mutate attribute value.
     *
     * @param  mixed  $value
     * @param  string $dir
     * @return mixed
     */
    protected function mutateValue($value, $dir = 'setter')
    {
        $mutator = $this->getMutator($value, $dir, $this->attributes['meta_type']);

        if (method_exists($this, $mutator)) {
            return $this->{$mutator}($value);
        }

        return static::$attributeMutator->mutate($value, $mutator);
    }

    /**
     * Determine whether the value type can be set to string.
     *
     * @param  mixed   $value
     * @return boolean
     */
    protected function isStringable($value)
    {
        return is_scalar($value);
    }

    /**
     * Get the value type.
     *
     * @param  mixed  $value
     * @return string
     */
    protected function getValueType($value)
    {
        $type = is_object($value) ? get_class($value) : gettype($value);

        // use float instead of deprecated double
        return ($type == 'double') ? 'float' : $type;
    }

    /**
     * Get the mutated type.
     *
     * @param  mixed  $value
     * @param  string $dir
     * @return string
     */
    protected function getMutatedType($value, $dir = 'setter')
    {
        foreach ($this->{"{$dir}Mutators"} as $mutated => $mutator) {

            if ($this->getValueType($value) == $mutated || $value instanceof $mutated) {
                return $mutated;
            }
        }
    }

    /**
     * Determine whether a mutator exists for the value type.
     *
     * @param  mixed   $value
     * @param  string  $dir
     * @return boolean
     */
    protected function hasMutator($value, $dir = 'setter', $type = null)
    {
        return (bool) $this->getMutator($value, $dir, $type);
    }

    /**
     * Get mutator for the type.
     *
     * @param  mixed  $value
     * @param  string $dir
     * @return string
     */
    protected function getMutator($value, $dir = 'setter', $type = null)
    {
        $type = $type ?: $this->getValueType($value);

        foreach ($this->{"{$dir}Mutators"} as $mutated => $mutator) {

            if ($type == $mutated || $value instanceof $mutated) {
                return $mutator;
            }
        }
    }

    /**
     * Allow custom table name for meta attributes via config.
     *
     * @return string
     */
    public function getTable()
    {
        return isset(static::$customTable) ? static::$customTable : parent::getTable();
    }

    /**
     * Set custom table for the meta attributes. Allows doing it only once
     * in order to mimic protected behaviour, most likely in the service
     * provider, which in turn gets the table name from configuration.
     *
     * @param string $table
     */
    public static function setCustomTable($table)
    {
        if (!isset(static::$customTable)) {
            static::$customTable = $table;
        }
    }

    /**
     * Handle casting value to string.
     *
     * @return string
     */
    public function castToString()
    {
        if ($this->attributes['meta_type'] == 'array') {
            return $this->attributes['meta_value'];
        }

        $value = $this->getValue();

        if ($this->isStringable($value) || is_object($value) && method_exists($value, '__toString')) {
            return (string) $value;
        }

        return '';
    }

    /**
     * Handle dynamic casting to string.
     *
     * @return string
     */
    public function __toString()
    {
        return $this->castToString();
    }
}


1		<?php
2
3		namespace Sofa\Eloquence\Metable;
4
5		use InvalidArgumentException;
6		use Illuminate\Database\Eloquent\Model;
7		use Sofa\Eloquence\Contracts\Attribute as AttributeContract;
8		use Sofa\Eloquence\Mutator\Mutator;
9
10		/**
11		* @property array $attributes
12		*/
13		class Attribute extends Model implements AttributeContract
14		{
15		/**
16		* Attribute mutator instance.
17		*
18		* @var \Sofa\Eloquence\Contracts\Mutator
19		*/
20		protected static $attributeMutator;
21
22		/**
23		* Custom table name.
24		*
25		* @var string
26		*/
27		protected static $customTable;
28
29		/**
30		* The database table used by the model.
31		*
32		* @var string
33		*/
34		protected $table = 'meta_attributes';
35
36		/**
37		* Indicates if the model should be timestamped.
38		*
39		* @var boolean
40		*/
41		public $timestamps = false;
42
43		/**
44		* The primary key for the model.
45		*
46		* @var string
47		*/
48		protected $primaryKey = 'meta_id';
49
50		/**
51		* @var array
52		*/
53		protected $getterMutators = [
54		'array' => 'json_decode',
55		'StdClass' => 'json_decode',
56		'DateTime' => 'asDateTime',
57		Model::class => 'unserialize',
58		];
59
60		/**
61		* @var array
62		*/
63		protected $setterMutators = [
64		'array' => 'json_encode',
65		'StdClass' => 'json_encode',
66		'DateTime' => 'fromDateTime',
67		Model::class => 'serialize',
68		];
69
70		/**
71		* The attributes included in the model's JSON and array form.
72		*
73		* @var array
74		*/
75		protected $visible = ['meta_key', 'meta_value', 'meta_type'];
76
77		/**
78		* Create new attribute instance.
79		*
80		* @param string\|array $key
81		* @param mixed $value
82		*/
83		public function __construct($key = null, $value = null)
84		{
85		// default behaviour
86		if (is_array($key)) {
87		parent::__construct($key);
88		} else {
89		parent::__construct();
90
91		if (is_string($key)) {
92		$this->set($key, $value);
93		}
94		}
95		}
96
97		/**
98		* Boot this model.
99		*
100		* @codeCoverageIgnore
101		*
102		* @return void
103		*/
104		protected static function boot()
105		{
106		parent::boot();
107
108		if (!isset(static::$attributeMutator)) {
109		if (function_exists('app') && app()->bound('eloquence.mutator')) {
110		static::$attributeMutator = app('eloquence.mutator');
111		} else {
112		static::$attributeMutator = new Mutator;
113		}
114		}
115		}
116
117		/**
118		* Set the meta attribute.
119		*
120		* @param string $key
121		* @param mixed $value
122		*/
123		protected function set($key, $value)
124		{
125		$this->setMetaKey($key);
126		$this->setValue($value);
127		}
128
129		/**
130		* Create new AttributeBag.
131		*
132		* @param array $models
133		* @return \Sofa\Eloquence\Metable\AttributeBag
134		*/
135		public function newBag(array $models = [])
136		{
137		return new AttributeBag($models);
138		}
139
140		/**
141		* Get the meta attribute value.
142		*
143		* @return mixed
144		*/
145		public function getValue()
146		{
147		if ($this->hasMutator($this->attributes['meta_value'], 'getter', $this->attributes['meta_type'])) {
148		return $this->mutateValue($this->attributes['meta_value'], 'getter');
149		}
150
151		return $this->castValue();
152		}
153
154		/**
155		* Get the meta attribute key.
156		*
157		* @return string
158		*/
159		public function getMetaKey()
160		{
161		return $this->attributes['meta_key'];
162		}
163
164		/**
165		* Cast value to proper type.
166		*
167		* @return mixed
168		*/
169		protected function castValue()
170		{
171		$value = $this->attributes['meta_value'];
172
173		$validTypes = ['boolean', 'integer', 'float', 'double', 'array', 'object', 'null'];
174
175		if (in_array($this->attributes['meta_type'], $validTypes)) {
176		settype($value, $this->attributes['meta_type']);
177		}
178
179		return $value;
180		}
181
182		/**
183		* Set key of the meta attribute.
184		*
185		* @param string $key
186		*
187		* @throws \InvalidArgumentException
188		*/
189		protected function setMetaKey($key)
190		{
191		if (!preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $key)) {
192		throw new InvalidArgumentException("Provided key [{$key}] is not valid variable name.");
193		}
194
195		$this->attributes['meta_key'] = $key;
196		}
197
198		/**
199		* Set type of the meta attribute.
200		*
201		* @param mixed $value
202		*/
203		protected function setType($value)
204		{
205		$this->attributes['meta_type'] = $this->hasMutator($value, 'setter')
206		? $this->getMutatedType($value, 'setter')
207		: $this->getValueType($value);
208		}
209
210		/**
211		* Set value of the meta attribute.
212		*
213		* @param mixed $value
214		*
215		* @throws \Sofa\Eloquence\Metable\InvalidTypeException
216		*/
217		public function setValue($value)
218		{
219		$this->setType($value);
220
221		if ($this->hasMutator($value, 'setter')) {
222		$value = $this->mutateValue($value, 'setter');
223		} elseif (!$this->isStringable($value) && !is_null($value)) {
224		throw new InvalidTypeException(
225		"Unsupported meta value type [{$this->getValueType($value)}]."
226		);
227		}
228
229		$this->attributes['meta_value'] = $value;
230		}
231
232		/**
233		* Mutate attribute value.
234		*
235		* @param mixed $value
236		* @param string $dir
237		* @return mixed
238		*/
239		protected function mutateValue($value, $dir = 'setter')
240		{
241		$mutator = $this->getMutator($value, $dir, $this->attributes['meta_type']);
242
243		if (method_exists($this, $mutator)) {
244		return $this->{$mutator}($value);
245		}
246
247		return static::$attributeMutator->mutate($value, $mutator);
248		}
249
250		/**
251		* Determine whether the value type can be set to string.
252		*
253		* @param mixed $value
254		* @return boolean
255		*/
256		protected function isStringable($value)
257		{
258		return is_scalar($value);
259		}
260
261		/**
262		* Get the value type.
263		*
264		* @param mixed $value
265		* @return string
266		*/
267		protected function getValueType($value)
268		{
269		$type = is_object($value) ? get_class($value) : gettype($value);
270
271		// use float instead of deprecated double
272		return ($type == 'double') ? 'float' : $type;
273		}
274
275		/**
276		* Get the mutated type.
277		*
278		* @param mixed $value
279		* @param string $dir
280		* @return string
281		*/
282		protected function getMutatedType($value, $dir = 'setter')
283		{
284	View Code Duplication	foreach ($this->{"{$dir}Mutators"} as $mutated => $mutator) {
		0 ignored issues – show Duplication introduced 2015-11-21 12:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
285		if ($this->getValueType($value) == $mutated \|\| $value instanceof $mutated) {
286		return $mutated;
287		}
288		}
289		}
290
291		/**
292		* Determine whether a mutator exists for the value type.
293		*
294		* @param mixed $value
295		* @param string $dir
296		* @return boolean
297		*/
298		protected function hasMutator($value, $dir = 'setter', $type = null)
299		{
300		return (bool) $this->getMutator($value, $dir, $type);
301		}
302
303		/**
304		* Get mutator for the type.
305		*
306		* @param mixed $value
307		* @param string $dir
308		* @return string
309		*/
310		protected function getMutator($value, $dir = 'setter', $type = null)
311		{
312		$type = $type ?: $this->getValueType($value);
313
314	View Code Duplication	foreach ($this->{"{$dir}Mutators"} as $mutated => $mutator) {
		0 ignored issues – show Duplication introduced 2015-11-21 12:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
315		if ($type == $mutated \|\| $value instanceof $mutated) {
316		return $mutator;
317		}
318		}
319		}
320
321		/**
322		* Allow custom table name for meta attributes via config.
323		*
324		* @return string
325		*/
326		public function getTable()
327		{
328		return isset(static::$customTable) ? static::$customTable : parent::getTable();
329		}
330
331		/**
332		* Set custom table for the meta attributes. Allows doing it only once
333		* in order to mimic protected behaviour, most likely in the service
334		* provider, which in turn gets the table name from configuration.
335		*
336		* @param string $table
337		*/
338		public static function setCustomTable($table)
339		{
340		if (!isset(static::$customTable)) {
341		static::$customTable = $table;
342		}
343		}
344
345		/**
346		* Handle casting value to string.
347		*
348		* @return string
349		*/
350		public function castToString()
351		{
352		if ($this->attributes['meta_type'] == 'array') {
353		return $this->attributes['meta_value'];
354		}
355
356		$value = $this->getValue();
357
358		if ($this->isStringable($value) \|\| is_object($value) && method_exists($value, '__toString')) {
359		return (string) $value;
360		}
361
362		return '';
363		}
364
365		/**
366		* Handle dynamic casting to string.
367		*
368		* @return string
369		*/
370		public function __toString()
371		{
372		return $this->castToString();
373		}
374		}
375

jarektkaczyk / eloquence

Issues (107)

Security Analysis no request data

src/Metable/Attribute.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like