Issues in Addon.php (master) - Issues in master - jumilla/laravel-addomnipot - Measure and Improve Code Quality continuously with Scrutinizer

Issues (181)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

sources/Addon.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Jumilla\Addomnipot\Laravel;

use Illuminate\Contracts\Foundation\Application;
use Illuminate\Config\Repository;
use RuntimeException;

class Addon
{
    /**
     * @param \Illuminate\Contracts\Foundation\Application  $app
     * @param string $name
     * @param string $path
     *
     * @return static
     */
    public static function create($app, $name, $path)
    {
        $pathComponents = explode('/', $path);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

        $config = static::loadAddonConfig($path, $name);

        return new static($app, $name, $path, $config);
    }

    /**
     * @param string $path
     * @param string $name
     *
     * @return array
     */
    protected static function loadAddonConfig($path, $name)
    {
        if (file_exists($path.'/addon.php')) {
            $config = require $path.'/addon.php';
        } else {
            throw new RuntimeException("No such config file for addon '$name', need 'addon.php'.");
        }

        $version = array_get($config, 'version', 5);
        if ($version != 5) {
            throw new RuntimeException($version.': Illigal addon version.');
        }

        return $config;
    }

    /**
     * @var \Illuminate\Contracts\Foundation\Application
     */
    protected $app;

    /**
     * @var string
     */
    protected $name;

    /**
     * @var string
     */
    protected $path;

    /**
     * @var \Illuminate\Contracts\Config\Repository
     */
    protected $config;

    /**
     * @param \Illuminate\Contracts\Foundation\Application  $app
     * @param string  $name
     * @param string  $path
     * @param array   $config
     */
    public function __construct($app, $name, $path, array $config)
    {
        $this->app = $app;
        $this->name = $name;
        $this->path = $path;
        $this->config = new Repository();
        $this->config->set('addon', $config);
    }

    /**
     * get name.
     *
     * @return string
     */
    public function name()
    {
        return $this->name;
    }

    /**
     * get fullpath.
     *
     * @param string $path
     *
     * @return string
     */
    public function path($path = null)
    {
        if (func_num_args() == 0) {
            return $this->path;
        } else {
            return $this->path.'/'.$path;
        }
    }

    /**
     * get relative path.
     *
     * @param \Illuminate\Contracts\Foundation\Application $app
     *
     * @return string
     */
    public function relativePath(Application $app)
    {
        return substr($this->path, strlen($app->basePath()) + 1);
    }

    /**
     * get version.
     *
     * @return int
     */
    public function version()
    {
        return $this->config('addon.version', 5);
    }

    /**
     * get PHP namespace.
     *
     * @return string
     */
    public function phpNamespace()
    {
        return trim($this->config('addon.namespace', ''), '\\');
    }

    /**
     * get config value.
     *
     * @param string $key
     * @param mixed $default
     *
     * @return mixed
     */
    public function config($key, $default = null)
    {
        return $this->config->get($key, $default);
    }

    /**
     * set config value.
     *
     * @param string $key
     * @param mixed $value
     */
    public function setConfig($key, $value)
    {
        $this->config->set($key, $value);
    }

    /**
     * Get a lang resource name
     *
     * @param string $resource
     *
     * @return string
     */
    public function transName($resource)
    {
        return $this->name.'::'.$resource;
    }

    /**
     * Translate the given message.
     *
     * @param string $id
     * @param array $parameters
     * @param string $domain
     * @param string $locale
     * @return string
     */
    public function trans()
    {
        $args = func_get_args();
        $args[0] = $this->transName($args[0]);

        return call_user_func_array([$this->app['translator'], 'trans'], $args);
    }

    /**
     * Translates the given message based on a count.
     *
     * @param string $id
     * @param int $number
     * @param array $parameters
     * @param string $domain
     * @param string $locale
     * @return string
     */
    public function transChoice()
    {
         $args = func_get_args();
         $args[0] = $this->transName($args[0]);

         return call_user_func_array([$this->app['translator'], 'transChoice'], $args);
    }

    /**
     * Get a view resource name
     *
     * @param string $resource
     *
     * @return string
     */
    public function viewName($resource)
    {
        return $this->name.'::'.$resource;
    }

    /**
     * @param string $view
     * @param array $data
     * @param array $mergeData
     *
     * @return \Illuminate\View\View
     */
    public function view($view, $data = [], $mergeData = [])
    {
        return $this->app['view']->make($this->viewname($view), $data, $mergeData);
    }

    /**
     * Get a spec resource name
     *
     * @param string $resource
     *
     * @return string
     */
    public function specName($resource)
    {
        return $this->name.'::'.$resource;
    }

    /**
     * Get spec.
     *
     * @param string $path
     *
     * @return \Jumilla\Addomnipot\Laravel\Specs\InputSpec
     */
    public function spec($path)
    {
        return $this->app[SpecFactory::class]->make($this->specName($path));
    }
}


1			<?php
2
3			namespace Jumilla\Addomnipot\Laravel;
4
5			use Illuminate\Contracts\Foundation\Application;
6			use Illuminate\Config\Repository;
7			use RuntimeException;
8
9			class Addon
10			{
11			/**
12			* @param \Illuminate\Contracts\Foundation\Application $app
13			* @param string $name
14			* @param string $path
15			*
16			* @return static
17			*/
18	6		public static function create($app, $name, $path)
19			{
20	6		$pathComponents = explode('/', $path);
			0 ignored issues – show Unused Code introduced 2017-02-05 09:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$pathComponents` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
21
22	6		$config = static::loadAddonConfig($path, $name);
23
24	5		return new static($app, $name, $path, $config);
25			}
26
27			/**
28			* @param string $path
29			* @param string $name
30			*
31			* @return array
32			*/
33	6		protected static function loadAddonConfig($path, $name)
34			{
35	6		if (file_exists($path.'/addon.php')) {
36	5		$config = require $path.'/addon.php';
37			} else {
38	1		throw new RuntimeException("No such config file for addon '$name', need 'addon.php'.");
39			}
40
41	5		$version = array_get($config, 'version', 5);
42	5		if ($version != 5) {
43			throw new RuntimeException($version.': Illigal addon version.');
44			}
45
46	5		return $config;
47			}
48
49			/**
50			* @var \Illuminate\Contracts\Foundation\Application
51			*/
52			protected $app;
53
54			/**
55			* @var string
56			*/
57			protected $name;
58
59			/**
60			* @var string
61			*/
62			protected $path;
63
64			/**
65			* @var \Illuminate\Contracts\Config\Repository
66			*/
67			protected $config;
68
69			/**
70			* @param \Illuminate\Contracts\Foundation\Application $app
71			* @param string $name
72			* @param string $path
73			* @param array $config
74			*/
75	12		public function __construct($app, $name, $path, array $config)
76			{
77	12		$this->app = $app;
78	12		$this->name = $name;
79	12		$this->path = $path;
80	12		$this->config = new Repository();
81	12		$this->config->set('addon', $config);
82	12		}
83
84			/**
85			* get name.
86			*
87			* @return string
88			*/
89	7		public function name()
90			{
91	7		return $this->name;
92			}
93
94			/**
95			* get fullpath.
96			*
97			* @param string $path
98			*
99			* @return string
100			*/
101	5		public function path($path = null)
102			{
103	5		if (func_num_args() == 0) {
104	2		return $this->path;
105			} else {
106	5		return $this->path.'/'.$path;
107			}
108			}
109
110			/**
111			* get relative path.
112			*
113			* @param \Illuminate\Contracts\Foundation\Application $app
114			*
115			* @return string
116			*/
117	5		public function relativePath(Application $app)
118			{
119	5		return substr($this->path, strlen($app->basePath()) + 1);
120			}
121
122			/**
123			* get version.
124			*
125			* @return int
126			*/
127	2		public function version()
128			{
129	2		return $this->config('addon.version', 5);
130			}
131
132			/**
133			* get PHP namespace.
134			*
135			* @return string
136			*/
137	7		public function phpNamespace()
138			{
139	7		return trim($this->config('addon.namespace', ''), '\\');
140			}
141
142			/**
143			* get config value.
144			*
145			* @param string $key
146			* @param mixed $default
147			*
148			* @return mixed
149			*/
150	9		public function config($key, $default = null)
151			{
152	9		return $this->config->get($key, $default);
153			}
154
155			/**
156			* set config value.
157			*
158			* @param string $key
159			* @param mixed $value
160			*/
161			public function setConfig($key, $value)
162			{
163			$this->config->set($key, $value);
164			}
165
166			/**
167			* Get a lang resource name
168			*
169			* @param string $resource
170			*
171			* @return string
172			*/
173	1		public function transName($resource)
174			{
175	1		return $this->name.'::'.$resource;
176			}
177
178			/**
179			* Translate the given message.
180			*
181			* @param string $id
182			* @param array $parameters
183			* @param string $domain
184			* @param string $locale
185			* @return string
186			*/
187	1	View Code Duplication	public function trans()
188			{
189	1		$args = func_get_args();
190	1		$args[0] = $this->transName($args[0]);
191
192	1		return call_user_func_array([$this->app['translator'], 'trans'], $args);
193			}
194
195			/**
196			* Translates the given message based on a count.
197			*
198			* @param string $id
199			* @param int $number
200			* @param array $parameters
201			* @param string $domain
202			* @param string $locale
203			* @return string
204			*/
205	1	View Code Duplication	public function transChoice()
206			{
207	1		$args = func_get_args();
208	1		$args[0] = $this->transName($args[0]);
209
210	1		return call_user_func_array([$this->app['translator'], 'transChoice'], $args);
211			}
212
213			/**
214			* Get a view resource name
215			*
216			* @param string $resource
217			*
218			* @return string
219			*/
220			public function viewName($resource)
221			{
222			return $this->name.'::'.$resource;
223			}
224
225			/**
226			* @param string $view
227			* @param array $data
228			* @param array $mergeData
229			*
230			* @return \Illuminate\View\View
231			*/
232			public function view($view, $data = [], $mergeData = [])
233			{
234			return $this->app['view']->make($this->viewname($view), $data, $mergeData);
235			}
236
237			/**
238			* Get a spec resource name
239			*
240			* @param string $resource
241			*
242			* @return string
243			*/
244			public function specName($resource)
245			{
246			return $this->name.'::'.$resource;
247			}
248
249			/**
250			* Get spec.
251			*
252			* @param string $path
253			*
254			* @return \Jumilla\Addomnipot\Laravel\Specs\InputSpec
255			*/
256			public function spec($path)
257			{
258			return $this->app[SpecFactory::class]->make($this->specName($path));
259			}
260			}
261

jumilla / laravel-addomnipot

Issues (181)

Security Analysis no request data

sources/Addon.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like