Issues in Generic.php (master) - Issues in master - kakserpom/phpdaemon - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1507)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

PHPDaemon/BoundSocket/Generic.php (16 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace PHPDaemon\BoundSocket;

use PHPDaemon\Core\Daemon;
use PHPDaemon\Core\EventLoop;
use PHPDaemon\FS\FileSystem;
use PHPDaemon\Traits\EventLoopContainer;

/**
 * Generic
 *
 * @property mixed addr
 * @package Coress
 *
 * @author  Vasily Zorin <[email protected]>
 * @dynamic_fields
 */
abstract class Generic
{
    use \PHPDaemon\Traits\ClassWatchdog;
    use EventLoopContainer;

    /**
     * Enabled?
     * @var boolean
     */
    protected $enabled = false;

    /**
     * File descriptor
     * @var mixed
     */
    protected $fd;

    /**
     * Event
     * @var \EventListener\Event
     */
    protected $ev;

    /**
     * PID of process which bound this socket
     * @var int
     */
    protected $pid;

    /**
     * Pool
     * @var \PHPDaemon\Network\Pool
     */
    protected $pool;

    /**
     * Listener mode?
     * @var boolean
     */
    protected $listenerMode = false;

    /**
     * Context
     * @var mixed
     */
    protected $ctx;

    /**
     * URI
     * @var string
     */
    protected $uri;

    /**
     * Context name
     * @var string
     */
    protected $ctxname;

    /**
     * Reuse?
     * @var boolean
     */
    protected $reuse = true;

    /**
     * SSL
     * @var mixed
     */
    protected $ssl;

    /**
     * TLS
     * @var mixed
     */
    protected $tls;

    /**
     * Erroneous?
     * @var boolean
     */
    protected $erroneous = false;

    /**
     * Private key file
     * @var string
     */
    protected $pkfile;

    /**
     * Certificate file
     * @var string
     */
    protected $certfile;

    /**
     * CA file
     * @var string
     */
    protected $cafile;

    /**
     * Passphrase
     * @var string
     */
    protected $passphrase;

    /**
     * Verify peer?
     * @var boolean
     */
    protected $verifypeer = false;

    /**
     * Verify depth
     * @var integer
     */
    protected $verifydepth;

    /**
     * Allow self-signed?
     * @var boolean
     */
    protected $allowselfsigned = true;

    /**
     * Source
     * @var string
     */
    protected $source;

    /**
     * Revision
     * @var integer
     */
    protected $revision;

    /**
     * Constructor
     * @param string URI
     * @return object

     */
    public function __construct($uri)
    {
        $this->uri = is_array($uri) ? $uri : \PHPDaemon\Config\_Object::parseCfgUri($uri);

        if (!$this->uri) {
            return;
        }
        $this->importParams();
        if ($this->ssl || $this->tls) {
            $this->initSecureContext();
        }
    }

    /**
     * toString handler
     * @return string
     */
    public function __toString()
    {
        return $this->uri['uri'];
    }

    /**
     * Get URI
     * @return string
     */
    public function getUri()
    {
        return $this->uri;
    }

    /**
     * Get port
     * @return string|null
     */
    public function getPort()
    {
        return isset($this->port) ? $this->port : null;
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }

    /**
     * Import parameters
     * @return void
     */
    protected function importParams()
    {
        foreach ($this->uri['params'] as $key => $val) {

            if (isset($this->{$key}) && is_bool($this->{$key})) {
                $this->{$key} = (bool)$val;
                continue;
            }
            if (!property_exists($this, $key)) {
                Daemon::log(get_class($this) . ': unrecognized setting \'' . $key . '\'');
                continue;
            }
            $this->{$key} = $val;
        }
        if (property_exists($this, 'port') && !isset($this->port)) {
            if (isset($this->uri['port'])) {
                $this->port = $this->uri['port'];
            } elseif ($this->defaultPort) {
class MyClass { }

$x = new MyClass();
$x->foo = true;
                $this->port = $this->defaultPort;
            }
        }
        if (property_exists($this, 'host') && !isset($this->host)) {
            if (isset($this->uri['host'])) {
                $this->host = $this->uri['host'];
class MyClass { }

$x = new MyClass();
$x->foo = true;
            }
        }
        if (!$this->ctxname) {
            return;
        }
        if (!isset(Daemon::$config->{'TransportContext:' . $this->ctxname})) {

            Daemon::log(get_class($this) . ': undefined transport context \'' . $this->ctxname . '\'');
            return;
        }
        $ctx = Daemon::$config->{'TransportContext:' . $this->ctxname};
        foreach ($ctx as $key => $entry) {

            $value = ($entry instanceof \PHPDaemon\Config\Entry\Generic) ? $entry->value : $entry;
            if (isset($this->{$key}) && is_bool($this->{$key})) {
                $this->{$key} = (bool)$value;
                continue;
            }
            if (!property_exists($this, $key)) {
                Daemon::log(get_class($this) . ': unrecognized setting in transport context \'' . $this->ctxname . '\': \'' . $key . '\'');
                continue;
            }
            $this->{$key} = $value;
        }
    }

    /**
     * Initialize SSL/TLS context
     * @return void
     */
    protected function initSecureContext()
    {
        if (!\EventUtil::sslRandPoll()) {

            Daemon::$process->log(get_class($this->pool) . ': EventUtil::sslRandPoll failed');
            $this->erroneous = true;
            return;
        }
        if (!FileSystem::checkFileReadable($this->certfile) || !FileSystem::checkFileReadable($this->pkfile)) {
            Daemon::log('Couldn\'t read ' . $this->certfile . ' or ' . $this->pkfile . ' file.  To generate a key' . PHP_EOL
                . 'and self-signed certificate, run' . PHP_EOL
                . '  openssl genrsa -out ' . escapeshellarg($this->pkfile) . ' 2048' . PHP_EOL
                . '  openssl req -new -key ' . escapeshellarg($this->pkfile) . '  -out cert.req' . PHP_EOL
                . '  openssl x509 -req -days 365 -in cert.req -signkey ' . escapeshellarg($this->pkfile) . '  -out ' . escapeshellarg($this->certfile));

            return;
        }
        $params = [
            \EventSslContext::OPT_LOCAL_CERT => $this->certfile,
            \EventSslContext::OPT_LOCAL_PK => $this->pkfile,
            \EventSslContext::OPT_VERIFY_PEER => $this->verifypeer,
            \EventSslContext::OPT_ALLOW_SELF_SIGNED => $this->allowselfsigned,
        ];
        if ($this->passphrase !== null) {
            $params[\EventSslContext::OPT_PASSPHRASE] = $this->passphrase;
        }
        if ($this->verifydepth !== null) {
            $params[\EventSslContext::OPT_VERIFY_DEPTH] = $this->verifydepth;
        }
        if ($this->cafile !== null) {
            $params[\EventSslContext::OPT_CA_FILE] = $this->cafile;
        }
        if ($this->tls === true) {
            $method = \EventSslContext::TLS_SERVER_METHOD;
        } elseif ($this->tls === 'v11') {
            $method = \EventSslContext::TLSv11_SERVER_METHOD;
        } elseif ($this->tls === 'v12') {
            $method = \EventSslContext::TLSv12_SERVER_METHOD;
        } elseif ($this->ssl === 'v3' || $this->ssl === true || $this->ssl === '1') {
            $method = \EventSslContext::SSLv3_SERVER_METHOD;
        } elseif ($this->ssl === 'v2') {
            $method = \EventSslContext::SSLv2_SERVER_METHOD;
        } elseif ($this->ssl === 'v23') {
            $method = \EventSslContext::SSLv23_SERVER_METHOD;
        } elseif ($this->ssl) {
            Daemon::log(get_class($this) . ': unrecognized SSL version \'' . $this->ssl . '\'');
            return;
        } else {
            return;
        }
        $this->ctx = new \EventSslContext($method, $params);
    }

    /**
     * Attach to ConnectionPool
     * @param ConnectionPool
     * @return void
     */
    public function attachTo(\PHPDaemon\Network\Pool $pool)
    {
        $this->pool = $pool;
        $this->pool->attachBound($this);
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
    }

    /**
     * Route incoming request to related application
     * @param resource Socket
     * @param string $fd
     * @return void
     */
    public function setFd($fd)
    {
        $this->fd = $fd;
        $this->pid = posix_getpid();
    }

    /**
     * Called when socket is bound
     * @return boolean|null Success
     */
    protected function onBound()
    {
    }

    /**
     * Enable socket events
     * @return void
     */
    public function enable()

    {
        if ($this->enabled) {
            return;
        }
        if (!$this->fd) {
            return;
        }
        $this->enabled = true;
        if ($this->ev === null) {
            if ($this->eventLoop === null) {
                $this->eventLoop = EventLoop::$instance;
            }
            $this->ev = $this->eventLoop->listener(
                [$this, 'onAcceptEv'],
                null,
                \EventListener::OPT_CLOSE_ON_FREE | \EventListener::OPT_REUSEABLE,
                -1,
                $this->fd
            );
            $this->onBound();
        } else {
            $this->ev->enable();
        }
    }

    /**
     * @param \EventListener $listener
     * @param $fd
     * @param $addrPort
     * @param $ctx
     */
    public function onAcceptEv(\EventListener $listener, $fd, $addrPort, $ctx)

    {
        $class = $this->pool->connectionClass;
        if (!class_exists($class) || !is_subclass_of($class, '\\PHPDaemon\\Network\\Connection')) {
            Daemon::log(get_class($this) . ' (' . get_class($this->pool) . '): onAcceptEv: wrong connectionClass: ' . $class);
            return;
        }
        $conn = new $class(null, $this->pool);
        $conn->setParentSocket($this);

        if (!$this instanceof UNIX) {
            $conn->setPeername($addrPort[0], $addrPort[1]);
        }

        if ($this->ctx) {
            $conn->setContext($this->ctx, \EventBufferEvent::SSL_ACCEPTING);
        }

        $conn->setFd($fd);
    }

    /**
     * Disable all events of sockets
     * @return void
     */
    public function disable()
    {
        if (!$this->enabled) {
            return;
        }
        $this->enabled = false;
        if ($this->ev instanceof \Event) {
if ($x instanceof DoesNotExist) {
    // Do something.
}
            $this->ev->del();
        } elseif ($this->ev instanceof \EventListener) {
if ($x instanceof DoesNotExist) {
    // Do something.
}
            $this->ev->disable();
        }
    }

    /**
     * Close each of binded sockets.
     * @return void
     */
    public function close()
    {
        if (isset($this->ev)) {
            $this->ev = null;
        }
        if ($this->pid !== posix_getpid()) { // preventing closing pre-bound sockets in workers
            return;
        }
        if (is_resource($this->fd)) {
            socket_close($this->fd);
        }
    }

    /**
     * Finishes Generic
     * @return void
     */
    public function finish()
    {
        $this->disable();
        $this->close();
        $this->pool->detachBound($this);
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
    }

    /**
     * Destructor
     * @return void
     */
    public function __destruct()
    {
        $this->close();
    }

    /**
     * Bind given addreess
     * @return boolean Success.
     */
    abstract public function bindSocket();

    /**
     * Checks if the CIDR-mask matches the IP
     * @param string CIDR-mask
     * @param string IP
     * @return boolean Result
     */
    public static function netMatch($CIDR, $IP)
    {
        /* TODO: IPV6 */
        if (is_array($CIDR)) {
            foreach ($CIDR as &$v) {
                if (self::netMatch($v, $IP)) {
                    return true;
                }
            }

            return false;
        }

        $e = explode('/', $CIDR, 2);

        if (!isset($e[1])) {
            return $e[0] === $IP;
        }

        return (ip2long($IP) & ~((1 << (32 - $e[1])) - 1)) === ip2long($e[0]);
    }
}


Issues (1507)

Security Analysis not enabled

PHPDaemon/BoundSocket/Generic.php (16 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

1		<?php
2		namespace PHPDaemon\BoundSocket;
3
4		use PHPDaemon\Core\Daemon;
5		use PHPDaemon\Core\EventLoop;
6		use PHPDaemon\FS\FileSystem;
7		use PHPDaemon\Traits\EventLoopContainer;
8
9		/**
10		* Generic
11		*
12		* @property mixed addr
13		* @package Coress
14		*
15		* @author Vasily Zorin <[email protected]>
16		* @dynamic_fields
17		*/
18		abstract class Generic
19		{
20		use \PHPDaemon\Traits\ClassWatchdog;
21		use EventLoopContainer;
22
23		/**
24		* Enabled?
25		* @var boolean
26		*/
27		protected $enabled = false;
28
29		/**
30		* File descriptor
31		* @var mixed
32		*/
33		protected $fd;
34
35		/**
36		* Event
37		* @var \EventListener\Event
38		*/
39		protected $ev;
40
41		/**
42		* PID of process which bound this socket
43		* @var int
44		*/
45		protected $pid;
46
47		/**
48		* Pool
49		* @var \PHPDaemon\Network\Pool
50		*/
51		protected $pool;
52
53		/**
54		* Listener mode?
55		* @var boolean
56		*/
57		protected $listenerMode = false;
58
59		/**
60		* Context
61		* @var mixed
62		*/
63		protected $ctx;
64
65		/**
66		* URI
67		* @var string
68		*/
69		protected $uri;
70
71		/**
72		* Context name
73		* @var string
74		*/
75		protected $ctxname;
76
77		/**
78		* Reuse?
79		* @var boolean
80		*/
81		protected $reuse = true;
82
83		/**
84		* SSL
85		* @var mixed
86		*/
87		protected $ssl;
88
89		/**
90		* TLS
91		* @var mixed
92		*/
93		protected $tls;
94
95		/**
96		* Erroneous?
97		* @var boolean
98		*/
99		protected $erroneous = false;
100
101		/**
102		* Private key file
103		* @var string
104		*/
105		protected $pkfile;
106
107		/**
108		* Certificate file
109		* @var string
110		*/
111		protected $certfile;
112
113		/**
114		* CA file
115		* @var string
116		*/
117		protected $cafile;
118
119		/**
120		* Passphrase
121		* @var string
122		*/
123		protected $passphrase;
124
125		/**
126		* Verify peer?
127		* @var boolean
128		*/
129		protected $verifypeer = false;
130
131		/**
132		* Verify depth
133		* @var integer
134		*/
135		protected $verifydepth;
136
137		/**
138		* Allow self-signed?
139		* @var boolean
140		*/
141		protected $allowselfsigned = true;
142
143		/**
144		* Source
145		* @var string
146		*/
147		protected $source;
148
149		/**
150		* Revision
151		* @var integer
152		*/
153		protected $revision;
154
155		/**
156		* Constructor
157		* @param string URI
158		* @return object
		0 ignored issues – show Comprehensibility Best Practice introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
159		*/
160		public function __construct($uri)
161		{
162		$this->uri = is_array($uri) ? $uri : \PHPDaemon\Config\_Object::parseCfgUri($uri);
		0 ignored issues – show Documentation Bug introduced 2018-05-21 18:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `is_array($uri) ? $uri : ...ject::parseCfgUri($uri)` of type `false` or `array` is incompatible with the declared type `string` of property `$uri`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
163		if (!$this->uri) {
164		return;
165		}
166		$this->importParams();
167		if ($this->ssl \|\| $this->tls) {
168		$this->initSecureContext();
169		}
170		}
171
172		/**
173		* toString handler
174		* @return string
175		*/
176		public function __toString()
177		{
178		return $this->uri['uri'];
179		}
180
181		/**
182		* Get URI
183		* @return string
184		*/
185		public function getUri()
186		{
187		return $this->uri;
188		}
189
190		/**
191		* Get port
192		* @return string\|null
193		*/
194		public function getPort()
195		{
196		return isset($this->port) ? $this->port : null;
		0 ignored issues – show Bug introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `port` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
197		}
198
199		/**
200		* Import parameters
201		* @return void
202		*/
203		protected function importParams()
204		{
205	View Code Duplication	foreach ($this->uri['params'] as $key => $val) {
		0 ignored issues – show Bug introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->uri['params']` of type `string` is not traversable. Loading history... Duplication introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
206		if (isset($this->{$key}) && is_bool($this->{$key})) {
207		$this->{$key} = (bool)$val;
208		continue;
209		}
210		if (!property_exists($this, $key)) {
211		Daemon::log(get_class($this) . ': unrecognized setting \'' . $key . '\'');
212		continue;
213		}
214		$this->{$key} = $val;
215		}
216		if (property_exists($this, 'port') && !isset($this->port)) {
217		if (isset($this->uri['port'])) {
218		$this->port = $this->uri['port'];
219		} elseif ($this->defaultPort) {
		0 ignored issues – show Bug introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `defaultPort` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
220		$this->port = $this->defaultPort;
221		}
222		}
223		if (property_exists($this, 'host') && !isset($this->host)) {
224		if (isset($this->uri['host'])) {
225		$this->host = $this->uri['host'];
		0 ignored issues – show Bug introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `host` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
226		}
227		}
228		if (!$this->ctxname) {
229		return;
230		}
231	View Code Duplication	if (!isset(Daemon::$config->{'TransportContext:' . $this->ctxname})) {
		0 ignored issues – show Duplication introduced 2015-12-08 22:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
232		Daemon::log(get_class($this) . ': undefined transport context \'' . $this->ctxname . '\'');
233		return;
234		}
235		$ctx = Daemon::$config->{'TransportContext:' . $this->ctxname};
236	View Code Duplication	foreach ($ctx as $key => $entry) {
		0 ignored issues – show Duplication introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
237		$value = ($entry instanceof \PHPDaemon\Config\Entry\Generic) ? $entry->value : $entry;
238		if (isset($this->{$key}) && is_bool($this->{$key})) {
239		$this->{$key} = (bool)$value;
240		continue;
241		}
242		if (!property_exists($this, $key)) {
243		Daemon::log(get_class($this) . ': unrecognized setting in transport context \'' . $this->ctxname . '\': \'' . $key . '\'');
244		continue;
245		}
246		$this->{$key} = $value;
247		}
248		}
249
250		/**
251		* Initialize SSL/TLS context
252		* @return void
253		*/
254		protected function initSecureContext()
255		{
256	View Code Duplication	if (!\EventUtil::sslRandPoll()) {
		0 ignored issues – show Duplication introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
257		Daemon::$process->log(get_class($this->pool) . ': EventUtil::sslRandPoll failed');
258		$this->erroneous = true;
259		return;
260		}
261		if (!FileSystem::checkFileReadable($this->certfile) \|\| !FileSystem::checkFileReadable($this->pkfile)) {
262		Daemon::log('Couldn\'t read ' . $this->certfile . ' or ' . $this->pkfile . ' file. To generate a key' . PHP_EOL
263		. 'and self-signed certificate, run' . PHP_EOL
264		. ' openssl genrsa -out ' . escapeshellarg($this->pkfile) . ' 2048' . PHP_EOL
265		. ' openssl req -new -key ' . escapeshellarg($this->pkfile) . ' -out cert.req' . PHP_EOL
266		. ' openssl x509 -req -days 365 -in cert.req -signkey ' . escapeshellarg($this->pkfile) . ' -out ' . escapeshellarg($this->certfile));
267
268		return;
269		}
270		$params = [
271		\EventSslContext::OPT_LOCAL_CERT => $this->certfile,
272		\EventSslContext::OPT_LOCAL_PK => $this->pkfile,
273		\EventSslContext::OPT_VERIFY_PEER => $this->verifypeer,
274		\EventSslContext::OPT_ALLOW_SELF_SIGNED => $this->allowselfsigned,
275		];
276		if ($this->passphrase !== null) {
277		$params[\EventSslContext::OPT_PASSPHRASE] = $this->passphrase;
278		}
279		if ($this->verifydepth !== null) {
280		$params[\EventSslContext::OPT_VERIFY_DEPTH] = $this->verifydepth;
281		}
282		if ($this->cafile !== null) {
283		$params[\EventSslContext::OPT_CA_FILE] = $this->cafile;
284		}
285		if ($this->tls === true) {
286		$method = \EventSslContext::TLS_SERVER_METHOD;
287		} elseif ($this->tls === 'v11') {
288		$method = \EventSslContext::TLSv11_SERVER_METHOD;
289		} elseif ($this->tls === 'v12') {
290		$method = \EventSslContext::TLSv12_SERVER_METHOD;
291		} elseif ($this->ssl === 'v3' \|\| $this->ssl === true \|\| $this->ssl === '1') {
292		$method = \EventSslContext::SSLv3_SERVER_METHOD;
293		} elseif ($this->ssl === 'v2') {
294		$method = \EventSslContext::SSLv2_SERVER_METHOD;
295		} elseif ($this->ssl === 'v23') {
296		$method = \EventSslContext::SSLv23_SERVER_METHOD;
297		} elseif ($this->ssl) {
298		Daemon::log(get_class($this) . ': unrecognized SSL version \'' . $this->ssl . '\'');
299		return;
300		} else {
301		return;
302		}
303		$this->ctx = new \EventSslContext($method, $params);
304		}
305
306		/**
307		* Attach to ConnectionPool
308		* @param ConnectionPool
309		* @return void
310		*/
311		public function attachTo(\PHPDaemon\Network\Pool $pool)
312		{
313		$this->pool = $pool;
314		$this->pool->attachBound($this);
		0 ignored issues – show Documentation Bug introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `attachBound` does not exist on `object<PHPDaemon\Network\Pool>`? Since you implemented `__call`, maybe consider adding a @method annotation. If you implement `__call` and you know which methods are available, you can improve IDE auto-completion and static analysis by adding a @method annotation to the class. This is often the case, when `__call` is implemented by a parent class and only the child class knows which methods exist: class ParentClass { private $data = array(); public function __call($method, array $args) { if (0 === strpos($method, 'get')) { return $this->data[strtolower(substr($method, 3))]; } throw new \LogicException(sprintf('Unsupported method: %s', $method)); } } /** * If this class knows which fields exist, you can specify the methods here: * * @method string getName() */ class SomeClass extends ParentClass { } Loading history...
315		}
316
317		/**
318		* Route incoming request to related application
319		* @param resource Socket
320		* @param string $fd
321		* @return void
322		*/
323		public function setFd($fd)
324		{
325		$this->fd = $fd;
326		$this->pid = posix_getpid();
327		}
328
329		/**
330		* Called when socket is bound
331		* @return boolean\|null Success
332		*/
333		protected function onBound()
334		{
335		}
336
337		/**
338		* Enable socket events
339		* @return void
340		*/
341	View Code Duplication	public function enable()
		0 ignored issues – show Duplication introduced 2018-01-16 22:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
342		{
343		if ($this->enabled) {
344		return;
345		}
346		if (!$this->fd) {
347		return;
348		}
349		$this->enabled = true;
350		if ($this->ev === null) {
351		if ($this->eventLoop === null) {
352		$this->eventLoop = EventLoop::$instance;
353		}
354		$this->ev = $this->eventLoop->listener(
355		[$this, 'onAcceptEv'],
356		null,
357		\EventListener::OPT_CLOSE_ON_FREE \| \EventListener::OPT_REUSEABLE,
358		-1,
359		$this->fd
360		);
361		$this->onBound();
362		} else {
363		$this->ev->enable();
364		}
365		}
366
367		/**
368		* @param \EventListener $listener
369		* @param $fd
370		* @param $addrPort
371		* @param $ctx
372		*/
373		public function onAcceptEv(\EventListener $listener, $fd, $addrPort, $ctx)
		0 ignored issues – show Unused Code introduced 2018-01-16 22:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$ctx` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
374		{
375		$class = $this->pool->connectionClass;
376		if (!class_exists($class) \|\| !is_subclass_of($class, '\\PHPDaemon\\Network\\Connection')) {
377		Daemon::log(get_class($this) . ' (' . get_class($this->pool) . '): onAcceptEv: wrong connectionClass: ' . $class);
378		return;
379		}
380		$conn = new $class(null, $this->pool);
381		$conn->setParentSocket($this);
382
383		if (!$this instanceof UNIX) {
384		$conn->setPeername($addrPort[0], $addrPort[1]);
385		}
386
387		if ($this->ctx) {
388		$conn->setContext($this->ctx, \EventBufferEvent::SSL_ACCEPTING);
389		}
390
391		$conn->setFd($fd);
392		}
393
394		/**
395		* Disable all events of sockets
396		* @return void
397		*/
398		public function disable()
399		{
400		if (!$this->enabled) {
401		return;
402		}
403		$this->enabled = false;
404		if ($this->ev instanceof \Event) {
		0 ignored issues – show Bug introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Event` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
405		$this->ev->del();
406		} elseif ($this->ev instanceof \EventListener) {
		0 ignored issues – show Bug introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `EventListener` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
407		$this->ev->disable();
408		}
409		}
410
411		/**
412		* Close each of binded sockets.
413		* @return void
414		*/
415		public function close()
416		{
417		if (isset($this->ev)) {
418		$this->ev = null;
419		}
420		if ($this->pid !== posix_getpid()) { // preventing closing pre-bound sockets in workers
421		return;
422		}
423		if (is_resource($this->fd)) {
424		socket_close($this->fd);
425		}
426		}
427
428		/**
429		* Finishes Generic
430		* @return void
431		*/
432		public function finish()
433		{
434		$this->disable();
435		$this->close();
436		$this->pool->detachBound($this);
		0 ignored issues – show Documentation Bug introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `detachBound` does not exist on `object<PHPDaemon\Network\Pool>`? Since you implemented `__call`, maybe consider adding a @method annotation. If you implement `__call` and you know which methods are available, you can improve IDE auto-completion and static analysis by adding a @method annotation to the class. This is often the case, when `__call` is implemented by a parent class and only the child class knows which methods exist: class ParentClass { private $data = array(); public function __call($method, array $args) { if (0 === strpos($method, 'get')) { return $this->data[strtolower(substr($method, 3))]; } throw new \LogicException(sprintf('Unsupported method: %s', $method)); } } /** * If this class knows which fields exist, you can specify the methods here: * * @method string getName() */ class SomeClass extends ParentClass { } Loading history...
437		}
438
439		/**
440		* Destructor
441		* @return void
442		*/
443		public function __destruct()
444		{
445		$this->close();
446		}
447
448		/**
449		* Bind given addreess
450		* @return boolean Success.
451		*/
452		abstract public function bindSocket();
453
454		/**
455		* Checks if the CIDR-mask matches the IP
456		* @param string CIDR-mask
457		* @param string IP
458		* @return boolean Result
459		*/
460		public static function netMatch($CIDR, $IP)
461		{
462		/* TODO: IPV6 */
463		if (is_array($CIDR)) {
464		foreach ($CIDR as &$v) {
465		if (self::netMatch($v, $IP)) {
466		return true;
467		}
468		}
469
470		return false;
471		}
472
473		$e = explode('/', $CIDR, 2);
474
475		if (!isset($e[1])) {
476		return $e[0] === $IP;
477		}
478
479		return (ip2long($IP) & ~((1 << (32 - $e[1])) - 1)) === ip2long($e[0]);
480		}
481		}
482

kakserpom / phpdaemon

Issues (1507)

Security Analysis not enabled

PHPDaemon/BoundSocket/Generic.php (16 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

Duplication Side-by-Side

Filter issues like