Issues in Connector.php (master) - Issues in master - jasny/codeception-module - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Connector.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Jasny\Codeception;

use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use Jasny\HttpMessage\Response;
use Jasny\HttpMessage\ServerRequest;
use Jasny\HttpMessage\GlobalEnvironmentInterface;
use Jasny\HttpMessage\OutputBufferStream;
use Jasny\RouterInterface;
use Symfony\Component\BrowserKit\HttpBrowser;
use Symfony\Component\BrowserKit\Request as BrowserKitRequest;
use Symfony\Component\BrowserKit\Response as BrowserKitResponse;

/**
 * Codeception connector for Jasny\MVC
 */
class Connector extends HttpBrowser
{
    /**
     * @var RouterInterface
     */
    protected $router;
    
    /**
     * Request with the current global environent
     * @var ServerRequestInterface
     */
    protected $baseRequest;
    
    /**
     * Request with the current global environent
     * @var ResponseInterface
     */
    protected $baseResponse;
    
    /**
     * @var RequestConvertor
     */
    protected $requestConvertor;
    
    /**
     * @var ResponseConvertor
     */
    protected $responseConvertor;
    
    
    /**
     * Set the router
     *
     * @param RouterInterface $router
     */
    public function setRouter(RouterInterface $router)
    {
        $this->router = $router;
    }
    
    /**
     * Get the router
     *
     * @return RouterInterface
     */
    public function getRouter()
    {
        return $this->router;
    }
    
    
    /**
     * Set the base request
     *
     * @param ServerRequestInterface $request
     */
    public function setBaseRequest(ServerRequestInterface $request)
    {
        if ($request instanceof GlobalEnvironmentInterface && $request->isStale()) {
            throw new \RuntimeException("Unable to set base request: ServerRequest is stale");
        }
        
        $this->baseRequest = $request;
    }
    
    /**
     * Get the base request
     *
     * @return ServerRequestInterface
     */
    public function getBaseRequest()

    {
        if (!isset($this->baseRequest)) {
            $this->baseRequest = new ServerRequest();
        }
        
        $request = $this->baseRequest;
        
        if ($request instanceof GlobalEnvironmentInterface && $request->isStale() === false) {
            $request = $request->withGlobalEnvironment(true); // Make sure base request is stale
        }
        
        return $request;
    }
    
    
    /**
     * Set the base response
     *
     * @param ResponseInterface $response
     */
    public function setBaseResponse(ResponseInterface $response)
    {
        if ($response instanceof GlobalEnvironmentInterface && $response->isStale()) {
            throw new \RuntimeException("Unable to set base response: Response is stale");
        }
        
        $this->baseResponse = $response;
    }
    
    /**
     * Get the base response
     *
     * @return ResponseInterface
     */
    public function getBaseResponse()

    {
        if (!isset($this->baseResponse)) {
            $this->baseResponse = new Response();
        }
        
        $response = $this->baseResponse;
        
        if ($response instanceof GlobalEnvironmentInterface && $response->isStale() === false) {
            $response = $response->withGlobalEnvironment(true); // Make sure base response is stale
        }
        
        return $response;
    }
    

    /**
     * Reset the request
     */
    protected function resetInput()
    {
        if ($this->baseRequest instanceof GlobalEnvironmentInterface) {
            $this->baseRequest = $this->baseRequest->revive();
        }
    }

    /**
     * Reset the response
     */
    protected function resetOutput()
    {
        if ($this->baseResponse instanceof GlobalEnvironmentInterface) {
            $this->baseResponse = $this->baseResponse->revive();
        }
        
        // Clear output buffer
        if (isset($this->baseResponse) && $this->baseResponse->getBody() instanceof OutputBufferStream) {
            $this->baseResponse = $this->baseResponse->withBody(clone $this->baseResponse->getBody());
        }
    }
    
    /**
     * Reset the request and response.
     * This is only required when the request and/or response are bound to the global environment.
     */
    public function reset()
    {
        $this->resetInput();
        $this->resetOutput();
    }

    
    /**
     * Set the request convertor
     *
     * @param RequestConvertor $convertor
     */
    public function setRequestConvertor(RequestConvertor $convertor)
    {
        $this->requestConvertor = $convertor;
    }
    
    /**
     * Get the request convertor
     *
     * @return RequestConvertor
     */
    public function getRequestConvertor()
    {
        if (!isset($this->requestConvertor)) {
            $this->requestConvertor = new RequestConvertor();
        }
        
        return $this->requestConvertor;
    }
    
    
    /**
     * Set the response convertor
     *
     * @param ResponseConvertor $convertor
     */
    public function setResponseConvertor(ResponseConvertor $convertor)
    {
        $this->responseConvertor = $convertor;
    }
    
    /**
     * Get the response convertor
     *
     * @return ResponseConvertor
     */
    public function getResponseConvertor()
    {
        if (!isset($this->responseConvertor)) {
            $this->responseConvertor = new ResponseConvertor();
        }
        
        return $this->responseConvertor;
    }
    
    
    /**
     * Makes a request.
     *
     * @param BrowserKitRequest $request
     * @return BrowserKitResponse
     */
    protected function doRequest($request): BrowserKitResponse
    {
        if ($this->getRouter() === null) {
            throw new \BadMethodCallException("Router not set");
        }
        
        $this->reset(); // Reset before each HTTP request
        
        $psrRequest = $this->getRequestConvertor()->convert($request, $this->getBaseRequest());
        
        $router = $this->getRouter();
        $psrResponse = $router->handle($psrRequest, $this->getBaseResponse());
        
        return $this->getResponseConvertor()->convert($psrResponse);
    }
}


1			<?php
2
3			namespace Jasny\Codeception;
4
5			use Psr\Http\Message\ServerRequestInterface;
6			use Psr\Http\Message\ResponseInterface;
7			use Jasny\HttpMessage\Response;
8			use Jasny\HttpMessage\ServerRequest;
9			use Jasny\HttpMessage\GlobalEnvironmentInterface;
10			use Jasny\HttpMessage\OutputBufferStream;
11			use Jasny\RouterInterface;
12			use Symfony\Component\BrowserKit\HttpBrowser;
13			use Symfony\Component\BrowserKit\Request as BrowserKitRequest;
14			use Symfony\Component\BrowserKit\Response as BrowserKitResponse;
15
16			/**
17			* Codeception connector for Jasny\MVC
18			*/
19			class Connector extends HttpBrowser
20			{
21			/**
22			* @var RouterInterface
23			*/
24			protected $router;
25
26			/**
27			* Request with the current global environent
28			* @var ServerRequestInterface
29			*/
30			protected $baseRequest;
31
32			/**
33			* Request with the current global environent
34			* @var ResponseInterface
35			*/
36			protected $baseResponse;
37
38			/**
39			* @var RequestConvertor
40			*/
41			protected $requestConvertor;
42
43			/**
44			* @var ResponseConvertor
45			*/
46			protected $responseConvertor;
47
48
49			/**
50			* Set the router
51			*
52			* @param RouterInterface $router
53			*/
54	3		public function setRouter(RouterInterface $router)
55			{
56	3		$this->router = $router;
57	3		}
58
59			/**
60			* Get the router
61			*
62			* @return RouterInterface
63			*/
64	4		public function getRouter()
65			{
66	4		return $this->router;
67			}
68
69
70			/**
71			* Set the base request
72			*
73			* @param ServerRequestInterface $request
74			*/
75	6		public function setBaseRequest(ServerRequestInterface $request)
76			{
77	6		if ($request instanceof GlobalEnvironmentInterface && $request->isStale()) {
78	1		throw new \RuntimeException("Unable to set base request: ServerRequest is stale");
79			}
80
81	5		$this->baseRequest = $request;
82	5		}
83
84			/**
85			* Get the base request
86			*
87			* @return ServerRequestInterface
88			*/
89	6	View Code Duplication	public function getBaseRequest()
			0 ignored issues – show Duplication introduced 2019-12-20 03:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
90			{
91	6		if (!isset($this->baseRequest)) {
92	1		$this->baseRequest = new ServerRequest();
93			}
94
95	6		$request = $this->baseRequest;
96
97	6		if ($request instanceof GlobalEnvironmentInterface && $request->isStale() === false) {
98	1		$request = $request->withGlobalEnvironment(true); // Make sure base request is stale
99			}
100
101	6		return $request;
102			}
103
104
105			/**
106			* Set the base response
107			*
108			* @param ResponseInterface $response
109			*/
110	6		public function setBaseResponse(ResponseInterface $response)
111			{
112	6		if ($response instanceof GlobalEnvironmentInterface && $response->isStale()) {
113	1		throw new \RuntimeException("Unable to set base response: Response is stale");
114			}
115
116	5		$this->baseResponse = $response;
117	5		}
118
119			/**
120			* Get the base response
121			*
122			* @return ResponseInterface
123			*/
124	6	View Code Duplication	public function getBaseResponse()
			0 ignored issues – show Duplication introduced 2019-12-20 03:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
125			{
126	6		if (!isset($this->baseResponse)) {
127	1		$this->baseResponse = new Response();
128			}
129
130	6		$response = $this->baseResponse;
131
132	6		if ($response instanceof GlobalEnvironmentInterface && $response->isStale() === false) {
133	1		$response = $response->withGlobalEnvironment(true); // Make sure base response is stale
134			}
135
136	6		return $response;
137			}
138
139
140			/**
141			* Reset the request
142			*/
143	3		protected function resetInput()
144			{
145	3		if ($this->baseRequest instanceof GlobalEnvironmentInterface) {
146	1		$this->baseRequest = $this->baseRequest->revive();
147			}
148	3		}
149
150			/**
151			* Reset the response
152			*/
153	3		protected function resetOutput()
154			{
155	3		if ($this->baseResponse instanceof GlobalEnvironmentInterface) {
156	1		$this->baseResponse = $this->baseResponse->revive();
157			}
158
159			// Clear output buffer
160	3		if (isset($this->baseResponse) && $this->baseResponse->getBody() instanceof OutputBufferStream) {
161	1		$this->baseResponse = $this->baseResponse->withBody(clone $this->baseResponse->getBody());
162			}
163	3		}
164
165			/**
166			* Reset the request and response.
167			* This is only required when the request and/or response are bound to the global environment.
168			*/
169	3		public function reset()
170			{
171	3		$this->resetInput();
172	3		$this->resetOutput();
173	3		}
174
175
176			/**
177			* Set the request convertor
178			*
179			* @param RequestConvertor $convertor
180			*/
181	3		public function setRequestConvertor(RequestConvertor $convertor)
182			{
183	3		$this->requestConvertor = $convertor;
184	3		}
185
186			/**
187			* Get the request convertor
188			*
189			* @return RequestConvertor
190			*/
191	4		public function getRequestConvertor()
192			{
193	4		if (!isset($this->requestConvertor)) {
194	1		$this->requestConvertor = new RequestConvertor();
195			}
196
197	4		return $this->requestConvertor;
198			}
199
200
201			/**
202			* Set the response convertor
203			*
204			* @param ResponseConvertor $convertor
205			*/
206	3		public function setResponseConvertor(ResponseConvertor $convertor)
207			{
208	3		$this->responseConvertor = $convertor;
209	3		}
210
211			/**
212			* Get the response convertor
213			*
214			* @return ResponseConvertor
215			*/
216	4		public function getResponseConvertor()
217			{
218	4		if (!isset($this->responseConvertor)) {
219	1		$this->responseConvertor = new ResponseConvertor();
220			}
221
222	4		return $this->responseConvertor;
223			}
224
225
226			/**
227			* Makes a request.
228			*
229			* @param BrowserKitRequest $request
230			* @return BrowserKitResponse
231			*/
232	3		protected function doRequest($request): BrowserKitResponse
233			{
234	3		if ($this->getRouter() === null) {
235	1		throw new \BadMethodCallException("Router not set");
236			}
237
238	2		$this->reset(); // Reset before each HTTP request
239
240	2		$psrRequest = $this->getRequestConvertor()->convert($request, $this->getBaseRequest());
241
242	2		$router = $this->getRouter();
243	2		$psrResponse = $router->handle($psrRequest, $this->getBaseResponse());
244
245	2		return $this->getResponseConvertor()->convert($psrResponse);
246			}
247			}
248

jasny / codeception-module

Issues (2)

Security Analysis not enabled

src/Connector.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like