Issues in CappedStorage.php (master) - Issues in master - kakserpom/phpdaemon - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1507)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

PHPDaemon/Cache/CappedStorage.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace PHPDaemon\Cache;

/**
 * CappedStorage
 * @package PHPDaemon\Cache
 * @author  Vasily Zorin <[email protected]>
 */
abstract class CappedStorage
{
    use \PHPDaemon\Traits\ClassWatchdog;
    use \PHPDaemon\Traits\StaticObjectWatchdog;

    /**
     * @var callable Sorter function
     */
    public $sorter;

    /**
     * @var integer Maximum number of cached elements
     */
    public $maxCacheSize = 64;

    /**
     * @var integer Additional window to decrease number of sorter calls
     */
    public $capWindow = 16;

    /**
     * @var array Storage of cached items
     */
    public $cache = [];

    /**
     * Sets cache size
     * @param  integer $size Maximum number of elements
     * @return void
     */
    public function setMaxCacheSize($size)
    {
        $this->maxCacheSize = $size;
    }

    /**
     * Sets cap window
     * @param  integer $w Additional window to decrease number of sorter calls
     * @return void
     */
    public function setCapWindow($w)
    {
        $this->capWindow = $w;
    }

    /**
     * Puts element in cache
     * @param  string $key Key
     * @param  mixed $value Value
     * @param  integer $ttl Time to live

     * @return mixed
     */
    public function put($key, $value, $ttl = null)
    {
        $k = $this->hash($key);
        if (isset($this->cache[$k])) {
            $item = $this->cache[$k];
            $item->setValue($value);
            if ($ttl !== null) {
                $item->expire = microtime(true) + $ttl;
            }
            return $item;
        }
        $item = new Item($value);
        if ($ttl !== null) {
            $item->expire = microtime(true) + $ttl;
$answer = 42;

$correct = false;

$correct = (bool) $answer;
        }
        $this->cache[$k] = $item;
        $s = sizeof($this->cache);
        if ($s > $this->maxCacheSize + $this->capWindow) {
            uasort($this->cache, $this->sorter);
            for (; $s > $this->maxCacheSize; --$s) {
                array_pop($this->cache);
            }
        }
        return $item;
    }

    /**
     * Hash function
     * @param  string $key Key
     * @return integer

     */
    public function hash($key)
    {
        return $key;
    }

    /**
     * Invalidates cache element
     * @param  string $key Key
     * @return void
     */
    public function invalidate($key)
    {
        $k = $this->hash($key);
        unset($this->cache[$k]);
    }

    /**
     * Gets element by key
     * @param  string $key Key
     * @return object Item
     */
    public function get($key)

    {
        $k = $this->hash($key);
        if (!isset($this->cache[$k])) {
            return null;
        }
        $item = $this->cache[$k];
        if (isset($item->expire)) {
            if (microtime(true) >= $item->expire) {
                unset($this->cache[$k]);
                return null;
            }
        }
        return $item;
    }

    /**
     * Gets value of element by key
     * @param  string $key Key
     * @return mixed
     */
    public function getValue($key)

    {
        $k = $this->hash($key);
        if (!isset($this->cache[$k])) {
            return null;
        }
        $item = $this->cache[$k];
        if (isset($item->expire)) {
            if (microtime(true) >= $item->expire) {
                unset($this->cache[$k]);
                return null;
            }
        }
        return $item->getValue();
    }
}


1		<?php
2		namespace PHPDaemon\Cache;
3
4		/**
5		* CappedStorage
6		* @package PHPDaemon\Cache
7		* @author Vasily Zorin <[email protected]>
8		*/
9		abstract class CappedStorage
10		{
11		use \PHPDaemon\Traits\ClassWatchdog;
12		use \PHPDaemon\Traits\StaticObjectWatchdog;
13
14		/**
15		* @var callable Sorter function
16		*/
17		public $sorter;
18
19		/**
20		* @var integer Maximum number of cached elements
21		*/
22		public $maxCacheSize = 64;
23
24		/**
25		* @var integer Additional window to decrease number of sorter calls
26		*/
27		public $capWindow = 16;
28
29		/**
30		* @var array Storage of cached items
31		*/
32		public $cache = [];
33
34		/**
35		* Sets cache size
36		* @param integer $size Maximum number of elements
37		* @return void
38		*/
39		public function setMaxCacheSize($size)
40		{
41		$this->maxCacheSize = $size;
42		}
43
44		/**
45		* Sets cap window
46		* @param integer $w Additional window to decrease number of sorter calls
47		* @return void
48		*/
49		public function setCapWindow($w)
50		{
51		$this->capWindow = $w;
52		}
53
54		/**
55		* Puts element in cache
56		* @param string $key Key
57		* @param mixed $value Value
58		* @param integer $ttl Time to live
		0 ignored issues – show Documentation introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$ttl` not be `integer\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
59		* @return mixed
60		*/
61		public function put($key, $value, $ttl = null)
62		{
63		$k = $this->hash($key);
64		if (isset($this->cache[$k])) {
65		$item = $this->cache[$k];
66		$item->setValue($value);
67		if ($ttl !== null) {
68		$item->expire = microtime(true) + $ttl;
69		}
70		return $item;
71		}
72		$item = new Item($value);
73		if ($ttl !== null) {
74		$item->expire = microtime(true) + $ttl;
		0 ignored issues – show Documentation Bug introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$expire` was declared of type `integer`, but `microtime(true) + $ttl` is of type `double`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
75		}
76		$this->cache[$k] = $item;
77		$s = sizeof($this->cache);
78		if ($s > $this->maxCacheSize + $this->capWindow) {
79		uasort($this->cache, $this->sorter);
80		for (; $s > $this->maxCacheSize; --$s) {
81		array_pop($this->cache);
82		}
83		}
84		return $item;
85		}
86
87		/**
88		* Hash function
89		* @param string $key Key
90		* @return integer
		0 ignored issues – show Documentation introduced 2015-12-06 14:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `string`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
91		*/
92		public function hash($key)
93		{
94		return $key;
95		}
96
97		/**
98		* Invalidates cache element
99		* @param string $key Key
100		* @return void
101		*/
102		public function invalidate($key)
103		{
104		$k = $this->hash($key);
105		unset($this->cache[$k]);
106		}
107
108		/**
109		* Gets element by key
110		* @param string $key Key
111		* @return object Item
112		*/
113	View Code Duplication	public function get($key)
		0 ignored issues – show Duplication introduced 2018-01-16 22:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
114		{
115		$k = $this->hash($key);
116		if (!isset($this->cache[$k])) {
117		return null;
118		}
119		$item = $this->cache[$k];
120		if (isset($item->expire)) {
121		if (microtime(true) >= $item->expire) {
122		unset($this->cache[$k]);
123		return null;
124		}
125		}
126		return $item;
127		}
128
129		/**
130		* Gets value of element by key
131		* @param string $key Key
132		* @return mixed
133		*/
134	View Code Duplication	public function getValue($key)
		0 ignored issues – show Duplication introduced 2018-01-16 22:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
135		{
136		$k = $this->hash($key);
137		if (!isset($this->cache[$k])) {
138		return null;
139		}
140		$item = $this->cache[$k];
141		if (isset($item->expire)) {
142		if (microtime(true) >= $item->expire) {
143		unset($this->cache[$k]);
144		return null;
145		}
146		}
147		return $item->getValue();
148		}
149		}
150

kakserpom / phpdaemon

Issues (1507)

Security Analysis not enabled

PHPDaemon/Cache/CappedStorage.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like