Issues in ProcedureTest.php (master) - Issues in master - jonnnnyw/php-phantomjs - Measure and Improve Code Quality continuously with Scrutinizer

Issues (57)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

PhantomJs/Tests/Unit/Procedure/ProcedureTest.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the php-phantomjs.
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */
namespace JonnyW\PhantomJs\Tests\Unit\Procedure;

use Twig_Environment;
use Twig_Loader_String;
use JonnyW\PhantomJs\Engine;
use JonnyW\PhantomJs\Cache\FileCache;
use JonnyW\PhantomJs\Cache\CacheInterface;
use JonnyW\PhantomJs\Parser\JsonParser;
use JonnyW\PhantomJs\Parser\ParserInterface;
use JonnyW\PhantomJs\Template\TemplateRenderer;
use JonnyW\PhantomJs\Template\TemplateRendererInterface;
use JonnyW\PhantomJs\Procedure\Input;
use JonnyW\PhantomJs\Procedure\Output;
use JonnyW\PhantomJs\Procedure\Procedure;

/**
 * PHP PhantomJs
 *
 * @author Jon Wenmoth <[email protected]>
 */
class ProcedureTest extends \PHPUnit_Framework_TestCase
{

/** +++++++++++++++++++++++++++++++++++ **/
/** ++++++++++++++ TESTS ++++++++++++++ **/
/** +++++++++++++++++++++++++++++++++++ **/

    /**
     * Test procedure template can be
     * set in procedure
     *
     * @access public
     * @return void
     */
    public function testProcedureTemplateCanBeSetInProcedure()
    {
        $template = 'PROCEDURE_TEMPLATE';

        $engne     = $this->getEngine();
        $parser    = $this->getParser();
        $cache     = $this->getCache();
        $renderer  = $this->getRenderer();

        $procedure = $this->getProcedure($engne, $parser, $cache, $renderer);
        $procedure->setTemplate($template);

        $this->assertSame($procedure->getTemplate(), $template);
    }

    /**
     * Test procedure can be compiled.
     *
     * @access public
     * @return void
     */
    public function testProcedureCanBeCompiled()
    {
        $template = 'TEST_{{ input.get("uncompiled") }}_PROCEDURE';

        $engne     = $this->getEngine();
        $parser    = $this->getParser();
        $cache     = $this->getCache();
        $renderer  = $this->getRenderer();

        $input  = $this->getInput();
        $input->set('uncompiled', 'COMPILED');

        $procedure = $this->getProcedure($engne, $parser, $cache, $renderer);
        $procedure->setTemplate($template);

        $this->assertSame('TEST_COMPILED_PROCEDURE', $procedure->compile($input));
    }

    /**
     * Test not writable exception is thrown if procedure
     * script cannot be written to file
     *
     * @access public
     * @return void
     */
    public function testNotWritableExceptionIsThrownIfProcedureScriptCannotBeWrittenToFile()
    {
        $this->setExpectedException('\JonnyW\PhantomJs\Exception\NotWritableException');

        $engne    = $this->getEngine();
        $parser   = $this->getParser();
        $renderer = $this->getRenderer();

        $cache = $this->getCache('/an/invalid/dir');

        $input  = $this->getInput();
        $output = $this->getOutput();

        $procedure = $this->getProcedure($engne, $parser, $cache, $renderer);
        $procedure->run($input, $output);
    }

    /**
     * Test procedure failed exception is thrown if procedure
     * cannot be run.
     *
     * @access public
     * @return void
     */
    public function testProcedureFailedExceptionIsThrownIfProcedureCannotBeRun()
    {
        $this->setExpectedException('\JonnyW\PhantomJs\Exception\ProcedureFailedException');

        $parser   = $this->getParser();
        $cache    = $this->getCache();
        $renderer = $this->getRenderer();
        $input    = $this->getInput();
        $output   = $this->getOutput();

        $engne = $this->getEngine();
        $engne->method('getCommand')

            ->will($this->throwException(new \Exception()));

        $procedure = $this->getProcedure($engne, $parser, $cache, $renderer);
        $procedure->run($input, $output);
    }

/** +++++++++++++++++++++++++++++++++++ **/
/** ++++++++++ TEST ENTITIES ++++++++++ **/
/** +++++++++++++++++++++++++++++++++++ **/

    /**
     * Get procedure instance.
     *
     * @access protected
     * @param  \JonnyW\PhantomJs\Engine                             $engine
     * @param  \JonnyW\PhantomJs\Parser\ParserInterface             $parser
     * @param  \JonnyW\PhantomJs\Cache\CacheInterface               $cacheHandler
     * @param  \JonnyW\PhantomJs\Template\TemplateRendererInterface $renderer
     * @return \JonnyW\PhantomJs\Procedure\Procedure
     */
    protected function getProcedure(Engine $engine, ParserInterface $parser, CacheInterface $cacheHandler, TemplateRendererInterface $renderer)
    {
        $procedure = new Procedure($engine, $parser, $cacheHandler, $renderer);

        return $procedure;
    }

    /**
     * Get parser.
     *
     * @access protected
     * @return \JonnyW\PhantomJs\Parser\JsonParser
     */
    protected function getParser()
    {
        $parser = new JsonParser();

        return $parser;
    }

    /**
     * Get cache.
     *
     * @access protected
     * @param  string                            $cacheDir  (default: '')
     * @param  string                            $extension (default: 'proc')
     * @return \JonnyW\PhantomJs\Cache\FileCache
     */
    protected function getCache($cacheDir = '', $extension = 'proc')

    {
        $cache = new FileCache(($cacheDir ? $cacheDir : sys_get_temp_dir()), 'proc');

        return $cache;
    }

    /**
     * Get template renderer.
     *
     * @access protected
     * @return \JonnyW\PhantomJs\Template\TemplateRenderer
     */
    protected function getRenderer()
    {
        $twig = new Twig_Environment(
            new Twig_Loader_String()

        );

        $renderer = new TemplateRenderer($twig);

        return $renderer;
    }

    /**
     * Get input
     *
     * @access protected
     * @return \JonnyW\PhantomJs\Procedure\Input
     */
    protected function getInput()
    {
        $input = new Input();

        return $input;
    }

    /**
     * Get output.
     *
     * @access protected
     * @return \JonnyW\PhantomJs\Procedure\Output
     */
    protected function getOutput()
    {
        $output = new Output();

        return $output;
    }

/** +++++++++++++++++++++++++++++++++++ **/
/** ++++++++++ MOCKS / STUBS ++++++++++ **/
/** +++++++++++++++++++++++++++++++++++ **/

    /**
     * Get engine
     *
     * @access protected
     * @return \JonnyW\PhantomJs\Engine
     */
    protected function getEngine()
    {
        $engine = $this->getMock('\JonnyW\PhantomJs\Engine');

        return $engine;
    }
}


GitHub Access Token became invalid

Issues (57)

Security Analysis no request data

PhantomJs/Tests/Unit/Procedure/ProcedureTest.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			/*
4			* This file is part of the php-phantomjs.
5			*
6			* For the full copyright and license information, please view the LICENSE
7			* file that was distributed with this source code.
8			*/
9			namespace JonnyW\PhantomJs\Tests\Unit\Procedure;
10
11			use Twig_Environment;
12			use Twig_Loader_String;
13			use JonnyW\PhantomJs\Engine;
14			use JonnyW\PhantomJs\Cache\FileCache;
15			use JonnyW\PhantomJs\Cache\CacheInterface;
16			use JonnyW\PhantomJs\Parser\JsonParser;
17			use JonnyW\PhantomJs\Parser\ParserInterface;
18			use JonnyW\PhantomJs\Template\TemplateRenderer;
19			use JonnyW\PhantomJs\Template\TemplateRendererInterface;
20			use JonnyW\PhantomJs\Procedure\Input;
21			use JonnyW\PhantomJs\Procedure\Output;
22			use JonnyW\PhantomJs\Procedure\Procedure;
23
24			/**
25			* PHP PhantomJs
26			*
27			* @author Jon Wenmoth <[email protected]>
28			*/
29			class ProcedureTest extends \PHPUnit_Framework_TestCase
30			{
31
32			/ +++++++++++++++++++++++++++++++++++ /
33			/ ++++++++++++++ TESTS ++++++++++++++ /
34			/ +++++++++++++++++++++++++++++++++++ /
35
36			/**
37			* Test procedure template can be
38			* set in procedure
39			*
40			* @access public
41			* @return void
42			*/
43			public function testProcedureTemplateCanBeSetInProcedure()
44			{
45			$template = 'PROCEDURE_TEMPLATE';
46
47			$engne = $this->getEngine();
48			$parser = $this->getParser();
49			$cache = $this->getCache();
50			$renderer = $this->getRenderer();
51
52			$procedure = $this->getProcedure($engne, $parser, $cache, $renderer);
53			$procedure->setTemplate($template);
54
55			$this->assertSame($procedure->getTemplate(), $template);
56			}
57
58			/**
59			* Test procedure can be compiled.
60			*
61			* @access public
62			* @return void
63			*/
64			public function testProcedureCanBeCompiled()
65			{
66			$template = 'TEST_{{ input.get("uncompiled") }}_PROCEDURE';
67
68			$engne = $this->getEngine();
69			$parser = $this->getParser();
70			$cache = $this->getCache();
71			$renderer = $this->getRenderer();
72
73			$input = $this->getInput();
74			$input->set('uncompiled', 'COMPILED');
75
76			$procedure = $this->getProcedure($engne, $parser, $cache, $renderer);
77			$procedure->setTemplate($template);
78
79			$this->assertSame('TEST_COMPILED_PROCEDURE', $procedure->compile($input));
80			}
81
82			/**
83			* Test not writable exception is thrown if procedure
84			* script cannot be written to file
85			*
86			* @access public
87			* @return void
88			*/
89			public function testNotWritableExceptionIsThrownIfProcedureScriptCannotBeWrittenToFile()
90			{
91			$this->setExpectedException('\JonnyW\PhantomJs\Exception\NotWritableException');
92
93			$engne = $this->getEngine();
94			$parser = $this->getParser();
95			$renderer = $this->getRenderer();
96
97			$cache = $this->getCache('/an/invalid/dir');
98
99			$input = $this->getInput();
100			$output = $this->getOutput();
101
102			$procedure = $this->getProcedure($engne, $parser, $cache, $renderer);
103			$procedure->run($input, $output);
104			}
105
106			/**
107			* Test procedure failed exception is thrown if procedure
108			* cannot be run.
109			*
110			* @access public
111			* @return void
112			*/
113			public function testProcedureFailedExceptionIsThrownIfProcedureCannotBeRun()
114			{
115			$this->setExpectedException('\JonnyW\PhantomJs\Exception\ProcedureFailedException');
116
117			$parser = $this->getParser();
118			$cache = $this->getCache();
119			$renderer = $this->getRenderer();
120			$input = $this->getInput();
121			$output = $this->getOutput();
122
123			$engne = $this->getEngine();
124			$engne->method('getCommand')
			0 ignored issues – show Bug introduced 2015-12-17 10:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `method()` does not seem to exist on `object<JonnyW\PhantomJs\Engine>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
125			->will($this->throwException(new \Exception()));
126
127			$procedure = $this->getProcedure($engne, $parser, $cache, $renderer);
128			$procedure->run($input, $output);
129			}
130
131			/ +++++++++++++++++++++++++++++++++++ /
132			/ ++++++++++ TEST ENTITIES ++++++++++ /
133			/ +++++++++++++++++++++++++++++++++++ /
134
135			/**
136			* Get procedure instance.
137			*
138			* @access protected
139			* @param \JonnyW\PhantomJs\Engine $engine
140			* @param \JonnyW\PhantomJs\Parser\ParserInterface $parser
141			* @param \JonnyW\PhantomJs\Cache\CacheInterface $cacheHandler
142			* @param \JonnyW\PhantomJs\Template\TemplateRendererInterface $renderer
143			* @return \JonnyW\PhantomJs\Procedure\Procedure
144			*/
145			protected function getProcedure(Engine $engine, ParserInterface $parser, CacheInterface $cacheHandler, TemplateRendererInterface $renderer)
146			{
147			$procedure = new Procedure($engine, $parser, $cacheHandler, $renderer);
148
149			return $procedure;
150			}
151
152			/**
153			* Get parser.
154			*
155			* @access protected
156			* @return \JonnyW\PhantomJs\Parser\JsonParser
157			*/
158			protected function getParser()
159			{
160			$parser = new JsonParser();
161
162			return $parser;
163			}
164
165			/**
166			* Get cache.
167			*
168			* @access protected
169			* @param string $cacheDir (default: '')
170			* @param string $extension (default: 'proc')
171			* @return \JonnyW\PhantomJs\Cache\FileCache
172			*/
173			protected function getCache($cacheDir = '', $extension = 'proc')
			0 ignored issues – show Unused Code introduced 2017-11-12 16:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$extension` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
174			{
175			$cache = new FileCache(($cacheDir ? $cacheDir : sys_get_temp_dir()), 'proc');
176
177			return $cache;
178			}
179
180			/**
181			* Get template renderer.
182			*
183			* @access protected
184			* @return \JonnyW\PhantomJs\Template\TemplateRenderer
185			*/
186			protected function getRenderer()
187			{
188			$twig = new Twig_Environment(
189			new Twig_Loader_String()
			0 ignored issues – show Deprecated Code introduced 2015-12-17 10:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Twig_Loader_String` has been deprecated with message: since 1.18.1 (to be removed in 2.0) This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead. Loading history...
190			);
191
192			$renderer = new TemplateRenderer($twig);
193
194			return $renderer;
195			}
196
197			/**
198			* Get input
199			*
200			* @access protected
201			* @return \JonnyW\PhantomJs\Procedure\Input
202			*/
203			protected function getInput()
204			{
205			$input = new Input();
206
207			return $input;
208			}
209
210			/**
211			* Get output.
212			*
213			* @access protected
214			* @return \JonnyW\PhantomJs\Procedure\Output
215			*/
216			protected function getOutput()
217			{
218			$output = new Output();
219
220			return $output;
221			}
222
223			/ +++++++++++++++++++++++++++++++++++ /
224			/ ++++++++++ MOCKS / STUBS ++++++++++ /
225			/ +++++++++++++++++++++++++++++++++++ /
226
227			/**
228			* Get engine
229			*
230			* @access protected
231			* @return \JonnyW\PhantomJs\Engine
232			*/
233			protected function getEngine()
234			{
235			$engine = $this->getMock('\JonnyW\PhantomJs\Engine');
236
237			return $engine;
238			}
239			}
240

jonnnnyw / php-phantomjs

GitHub Access Token became invalid

Issues (57)

Security Analysis no request data

PhantomJs/Tests/Unit/Procedure/ProcedureTest.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like