Issues in UrlHelper.php (develop) - Issues in develop - jnjxp/jnjxp.urlhelper - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/UrlHelper.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * View Helper for Aura\Router
 *
 * PHP version 5
 *
 * Copyright (C) 2016 Jake Johns
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 *
 * @category  ViewHelper
 * @package   Jnjxp\UrlHelper
 * @author    Jake Johns <[email protected]>
 * @copyright 2016 Jake Johns
 * @license   http://jnj.mit-license.org/2016 MIT License
 * @link      http://github.com/jnjxp/jnjxp.urlhelper
 */

namespace Jnjxp\UrlHelper;

use Aura\Router\Generator;
use Aura\Router\Matcher;

use Psr\Http\Message\ServerRequestInterface as Request;

/**
 * UrlHelper
 *
 * @category ViewHelper
 * @package  Jnjxp\UrlHelper
 * @author   Jake Johns <[email protected]>
 * @license  http://jnj.mit-license.org/ MIT License
 * @link     http://github.com/jnjxp/jnjxp.urlhelper
 */
class UrlHelper
{
    /**
     * Generates URL paths from routes.
     *
     * @var Generator
     *
     * @access protected
     */
    protected $generator;

    /**
     * Contains Matched and Failed route after routing
     *
     * @var Matcher
     *
     * @access protected
     */
    protected $matcher;

    /**
     * Request
     *
     * @var Request
     *
     * @access protected
     */
    protected $request;

    /**
     * __construct
     *
     * @param Generator $generator route generator
     * @param Matcher   $matcher   route matcher
     *
     * @access public
     */
    public function __construct(Generator $generator, Matcher $matcher)
    {
        $this->generator = $generator;
        $this->matcher = $matcher;
    }

    /**
     * Generate URL or return helper
     *
     * @param string $name route name
     * @param array  $data array of params
     *
     * @return $this|string
     *
     * @access public
     */
    public function __invoke($name = null, $data = [])
    {
        if (null === $name) {
            return $this;
        }
        return $this->generate($name, $data);

    }

    /**
     * Set current request
     *
     * @param Request $request current request
     *
     * @return Request
     * @throws Exception if request already set
     *
     * @access public
     */
    public function setRequest(Request $request)
    {
        if (null !== $this->request) {
            throw new \Exception('Request already set');
        }
        $this->request = $request;
    }

    /**
     * Get current request
     *
     * @return Request
     *
     * @access public
     */
    public function getRequest()
    {
        return $this->request;
    }

    /**
     * Get current route
     *
     * @return \Aura\Router\Route|false
     *
     * @access public
     */
    public function getRoute()
    {
        return $this->matcher->getMatchedRoute();
    }

    /**
     * Get failed route
     *
     * @return \Aura\Router\Route
     *
     * @access public
     */
    public function getFailedRoute()
    {
        return $this->matcher->getFailedRoute();
    }

    /**
     * Generate URL
     *
     * @param string $name name of route
     * @param array  $data params
     *
     * @return string
     *
     * @access public
     */
    public function generate($name, $data = [])
    {
        return $this->generator->generate($name, $data);
    }

    /**
     * Generate raw URL
     *
     * @param string $name name of route
     * @param array  $data params
     *
     * @return string
     *
     * @access public
     */
    public function generateRaw($name, $data = [])
    {
        return $this->generator->generateRaw($name, $data);
    }
}


1		<?php
2		/**
3		* View Helper for Aura\Router
4		*
5		* PHP version 5
6		*
7		* Copyright (C) 2016 Jake Johns
8		*
9		* This software may be modified and distributed under the terms
10		* of the MIT license. See the LICENSE file for details.
11		*
12		* @category ViewHelper
13		* @package Jnjxp\UrlHelper
14		* @author Jake Johns <[email protected]>
15		* @copyright 2016 Jake Johns
16		* @license http://jnj.mit-license.org/2016 MIT License
17		* @link http://github.com/jnjxp/jnjxp.urlhelper
18		*/
19
20		namespace Jnjxp\UrlHelper;
21
22		use Aura\Router\Generator;
23		use Aura\Router\Matcher;
24
25		use Psr\Http\Message\ServerRequestInterface as Request;
26
27		/**
28		* UrlHelper
29		*
30		* @category ViewHelper
31		* @package Jnjxp\UrlHelper
32		* @author Jake Johns <[email protected]>
33		* @license http://jnj.mit-license.org/ MIT License
34		* @link http://github.com/jnjxp/jnjxp.urlhelper
35		*/
36		class UrlHelper
37		{
38		/**
39		* Generates URL paths from routes.
40		*
41		* @var Generator
42		*
43		* @access protected
44		*/
45		protected $generator;
46
47		/**
48		* Contains Matched and Failed route after routing
49		*
50		* @var Matcher
51		*
52		* @access protected
53		*/
54		protected $matcher;
55
56		/**
57		* Request
58		*
59		* @var Request
60		*
61		* @access protected
62		*/
63		protected $request;
64
65		/**
66		* __construct
67		*
68		* @param Generator $generator route generator
69		* @param Matcher $matcher route matcher
70		*
71		* @access public
72		*/
73	10	public function __construct(Generator $generator, Matcher $matcher)
74		{
75	10	$this->generator = $generator;
76	10	$this->matcher = $matcher;
77	10	}
78
79		/**
80		* Generate URL or return helper
81		*
82		* @param string $name route name
83		* @param array $data array of params
84		*
85		* @return $this\|string
86		*
87		* @access public
88		*/
89	2	public function __invoke($name = null, $data = [])
90		{
91	2	if (null === $name) {
92	1	return $this;
93		}
94	1	return $this->generate($name, $data);
		0 ignored issues – show Comprehensibility Best Practice introduced 2016-09-25 01:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->generate($name, $data);` of type `string\|false` adds `false` to the return on line 94 which is incompatible with the return type documented by `Jnjxp\UrlHelper\UrlHelper::__invoke` of type `Jnjxp\UrlHelper\UrlHelper\|string`. It seems like you forgot to handle an error condition. Loading history...
95		}
96
97		/**
98		* Set current request
99		*
100		* @param Request $request current request
101		*
102		* @return Request
103		* @throws Exception if request already set
104		*
105		* @access public
106		*/
107	2	public function setRequest(Request $request)
108		{
109	2	if (null !== $this->request) {
110	1	throw new \Exception('Request already set');
111		}
112	2	$this->request = $request;
113	2	}
114
115		/**
116		* Get current request
117		*
118		* @return Request
119		*
120		* @access public
121		*/
122	1	public function getRequest()
123		{
124	1	return $this->request;
125		}
126
127		/**
128		* Get current route
129		*
130		* @return \Aura\Router\Route\|false
131		*
132		* @access public
133		*/
134	1	public function getRoute()
135		{
136	1	return $this->matcher->getMatchedRoute();
137		}
138
139		/**
140		* Get failed route
141		*
142		* @return \Aura\Router\Route
143		*
144		* @access public
145		*/
146	1	public function getFailedRoute()
147		{
148	1	return $this->matcher->getFailedRoute();
149		}
150
151		/**
152		* Generate URL
153		*
154		* @param string $name name of route
155		* @param array $data params
156		*
157		* @return string
158		*
159		* @access public
160		*/
161	2	public function generate($name, $data = [])
162		{
163	2	return $this->generator->generate($name, $data);
164		}
165
166		/**
167		* Generate raw URL
168		*
169		* @param string $name name of route
170		* @param array $data params
171		*
172		* @return string
173		*
174		* @access public
175		*/
176	1	public function generateRaw($name, $data = [])
177		{
178	1	return $this->generator->generateRaw($name, $data);
179		}
180		}
181

jnjxp / jnjxp.urlhelper

Issues (1)

Security Analysis no request data

src/UrlHelper.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like