Issues in Transmission.php (master) - Issues in master - kleiram/transmission-php - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/Transmission/Transmission.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Transmission;

use Transmission\Model\Torrent;
use Transmission\Model\Session;
use Transmission\Model\FreeSpace;
use Transmission\Model\Stats\Session as SessionStats;
use Transmission\Util\PropertyMapper;
use Transmission\Util\ResponseValidator;

/**
 * @author Ramon Kleiss <[email protected]>
 */
class Transmission
{
    /**
     * @var Client
     */
    protected $client;

    /**
     * @var ResponseValidator
     */
    protected $validator;

    /**
     * @var PropertyMapper
     */
    protected $mapper;

    /**
     * Constructor
     *
     * @param string  $host
     * @param integer $port
     * @param string  $path
     */
    public function __construct($host = null, $port = null, $path = null)
    {
        $this->setClient(new Client($host, $port, $path));
        $this->setMapper(new PropertyMapper());
        $this->setValidator(new ResponseValidator());
    }

    /**
     * Get all the torrents in the download queue
     *
     * @return Torrent[]
     */
    public function all()
    {
        $client   = $this->getClient();
        $mapper   = $this->getMapper();
        $response = $this->getClient()->call(
            'torrent-get',
            array('fields' => array_keys(Torrent::getMapping()))
        );

        $torrents = array_map(function ($data) use ($mapper, $client) {
            return $mapper->map(
                new Torrent($client),
                $data
            );
        }, $this->getValidator()->validate('torrent-get', $response));

        return $torrents;
    }

    /**
     * Get a specific torrent from the download queue
     *
     * @param  integer                    $id
     * @return Torrent
     * @throws \RuntimeException
     */
    public function get($id)
    {
        $client   = $this->getClient();
        $mapper   = $this->getMapper();
        $response = $this->getClient()->call('torrent-get', array(
            'fields' => array_keys(Torrent::getMapping()),
            'ids'    => array($id)
        ));

        $torrent = array_reduce(
            $this->getValidator()->validate('torrent-get', $response),
            function ($torrent, $data) use ($mapper, $client) {
                return $torrent ? $torrent : $mapper->map(new Torrent($client), $data);
            });

        if (!$torrent instanceof Torrent) {
            throw new \RuntimeException(sprintf("Torrent with ID %s not found", $id));
        }

        return $torrent;
    }

    /**
     * Get the Transmission session
     *
     * @return Session
     */
    public function getSession()

    {
        $response = $this->getClient()->call(
            'session-get',
            array()
        );

        return $this->getMapper()->map(
            new Session($this->getClient()),
            $this->getValidator()->validate('session-get', $response)
        );
    }

    /**
     * @return SessionStats
     */
    public function getSessionStats()

    {
        $response = $this->getClient()->call(
            'session-stats',
            array()
        );

        return $this->getMapper()->map(
            new SessionStats(),
            $this->getValidator()->validate('session-stats', $response)
        );
    }

    /**
     * Get Free space
     * @param  string $path
     * @return FreeSpace
     */
    public function getFreeSpace($path=null)
    {
        if (!$path) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $path = $this->getSession()->getDownloadDir();
        }
        $response = $this->getClient()->call(
            'free-space',
            array('path'=>$path)
        );

        return $this->getMapper()->map(
            new FreeSpace(),
            $this->getValidator()->validate('free-space', $response)
        );
    }

    /**
     * Add a torrent to the download queue
     *
     * @param  string   $torrent
     * @param  boolean  $metainfo
     * @param  string   $savepath
     * @return Torrent
     */
    public function add($torrent, $metainfo = false, $savepath = null)
    {
        $parameters = array($metainfo ? 'metainfo' : 'filename' => $torrent);

        if ($savepath !== null) {
            $parameters['download-dir'] = (string) $savepath;
        }

        $response = $this->getClient()->call(
            'torrent-add',
            $parameters
        );

        return $this->getMapper()->map(
            new Torrent($this->getClient()),
            $this->getValidator()->validate('torrent-add', $response)
        );
    }

    /**
     * Start the download of a torrent
     *
     * @param Torrent $torrent
     * @param bool    $now
     */
    public function start(Torrent $torrent, $now = false)
    {
        $this->getClient()->call(
            $now ? 'torrent-start-now' : 'torrent-start',
            array('ids' => array($torrent->getId()))
        );
    }

    /**
     * Stop the download of a torrent
     *
     * @param Torrent $torrent
     */
    public function stop(Torrent $torrent)
    {
        $this->getClient()->call(
            'torrent-stop',
            array('ids' => array($torrent->getId()))
        );
    }

    /**
     * Verify the download of a torrent
     *
     * @param Torrent $torrent
     */
    public function verify(Torrent $torrent)
    {
        $this->getClient()->call(
            'torrent-verify',
            array('ids' => array($torrent->getId()))
        );
    }

    /**
     * Request a reannounce of a torrent
     *
     * @param Torrent $torrent
     */
    public function reannounce(Torrent $torrent)
    {
        $this->getClient()->call(
            'torrent-reannounce',
            array('ids' => array($torrent->getId()))
        );
    }

    /**
     * Remove a torrent from the download queue
     *
     * @param Torrent $torrent
     */
    public function remove(Torrent $torrent, $localData = false)
    {
        $arguments = array('ids' => array($torrent->getId()));

        if ($localData) {
            $arguments['delete-local-data'] = true;
        }

        $this->getClient()->call('torrent-remove', $arguments);
    }

    /**
     * Set the client used to connect to Transmission
     *
     * @param Client $client
     */
    public function setClient(Client $client)
    {
        $this->client = $client;
    }

    /**
     * Get the client used to connect to Transmission
     *
     * @return Client
     */
    public function getClient()
    {
        return $this->client;
    }

    /**
     * Set the hostname of the Transmission server
     *
     * @param string $host
     */
    public function setHost($host)
    {
        $this->getClient()->setHost($host);
    }

    /**
     * Get the hostname of the Transmission server
     *
     * @return string
     */
    public function getHost()
    {
        return $this->getClient()->getHost();
    }

    /**
     * Set the port the Transmission server is listening on
     *
     * @param integer $port
     */
    public function setPort($port)
    {
        $this->getClient()->setPort($port);
    }

    /**
     * Get the port the Transmission server is listening on
     *
     * @return integer
     */
    public function getPort()
    {
        return $this->getClient()->getPort();
    }

    /**
     * Set the mapper used to map responses from Transmission to models
     *
     * @param PropertyMapper $mapper
     */
    public function setMapper(PropertyMapper $mapper)
    {
        $this->mapper = $mapper;
    }

    /**
     * Get the mapper used to map responses from Transmission to models
     *
     * @return PropertyMapper
     */
    public function getMapper()
    {
        return $this->mapper;
    }

    /**
     * Set the validator used to validate Transmission responses
     *
     * @param ResponseValidator $validator
     */
    public function setValidator(ResponseValidator $validator)
    {
        $this->validator = $validator;
    }

    /**
     * Get the validator used to validate Transmission responses
     *
     * @return ResponseValidator
     */
    public function getValidator()
    {
        return $this->validator;
    }
}


GitHub Access Token became invalid

Issues (9)

Security Analysis no request data

lib/Transmission/Transmission.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2		namespace Transmission;
3
4		use Transmission\Model\Torrent;
5		use Transmission\Model\Session;
6		use Transmission\Model\FreeSpace;
7		use Transmission\Model\Stats\Session as SessionStats;
8		use Transmission\Util\PropertyMapper;
9		use Transmission\Util\ResponseValidator;
10
11		/**
12		* @author Ramon Kleiss <[email protected]>
13		*/
14		class Transmission
15		{
16		/**
17		* @var Client
18		*/
19		protected $client;
20
21		/**
22		* @var ResponseValidator
23		*/
24		protected $validator;
25
26		/**
27		* @var PropertyMapper
28		*/
29		protected $mapper;
30
31		/**
32		* Constructor
33		*
34		* @param string $host
35		* @param integer $port
36		* @param string $path
37		*/
38		public function __construct($host = null, $port = null, $path = null)
39		{
40		$this->setClient(new Client($host, $port, $path));
41		$this->setMapper(new PropertyMapper());
42		$this->setValidator(new ResponseValidator());
43		}
44
45		/**
46		* Get all the torrents in the download queue
47		*
48		* @return Torrent[]
49		*/
50		public function all()
51		{
52		$client = $this->getClient();
53		$mapper = $this->getMapper();
54		$response = $this->getClient()->call(
55		'torrent-get',
56		array('fields' => array_keys(Torrent::getMapping()))
57		);
58
59		$torrents = array_map(function ($data) use ($mapper, $client) {
60		return $mapper->map(
61		new Torrent($client),
62		$data
63		);
64		}, $this->getValidator()->validate('torrent-get', $response));
65
66		return $torrents;
67		}
68
69		/**
70		* Get a specific torrent from the download queue
71		*
72		* @param integer $id
73		* @return Torrent
74		* @throws \RuntimeException
75		*/
76		public function get($id)
77		{
78		$client = $this->getClient();
79		$mapper = $this->getMapper();
80		$response = $this->getClient()->call('torrent-get', array(
81		'fields' => array_keys(Torrent::getMapping()),
82		'ids' => array($id)
83		));
84
85		$torrent = array_reduce(
86		$this->getValidator()->validate('torrent-get', $response),
87		function ($torrent, $data) use ($mapper, $client) {
88		return $torrent ? $torrent : $mapper->map(new Torrent($client), $data);
89		});
90
91		if (!$torrent instanceof Torrent) {
92		throw new \RuntimeException(sprintf("Torrent with ID %s not found", $id));
93		}
94
95		return $torrent;
96		}
97
98		/**
99		* Get the Transmission session
100		*
101		* @return Session
102		*/
103	View Code Duplication	public function getSession()
		0 ignored issues – show Duplication introduced 2016-01-07 20:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
104		{
105		$response = $this->getClient()->call(
106		'session-get',
107		array()
108		);
109
110		return $this->getMapper()->map(
111		new Session($this->getClient()),
112		$this->getValidator()->validate('session-get', $response)
113		);
114		}
115
116		/**
117		* @return SessionStats
118		*/
119	View Code Duplication	public function getSessionStats()
		0 ignored issues – show Duplication introduced 2016-01-07 20:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
120		{
121		$response = $this->getClient()->call(
122		'session-stats',
123		array()
124		);
125
126		return $this->getMapper()->map(
127		new SessionStats(),
128		$this->getValidator()->validate('session-stats', $response)
129		);
130		}
131
132		/**
133		* Get Free space
134		* @param string $path
135		* @return FreeSpace
136		*/
137		public function getFreeSpace($path=null)
138		{
139		if (!$path) {
		0 ignored issues – show Bug Best Practice introduced 2016-01-07 20:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$path` of type `string\|null` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
140		$path = $this->getSession()->getDownloadDir();
141		}
142		$response = $this->getClient()->call(
143		'free-space',
144		array('path'=>$path)
145		);
146
147		return $this->getMapper()->map(
148		new FreeSpace(),
149		$this->getValidator()->validate('free-space', $response)
150		);
151		}
152
153		/**
154		* Add a torrent to the download queue
155		*
156		* @param string $torrent
157		* @param boolean $metainfo
158		* @param string $savepath
159		* @return Torrent
160		*/
161		public function add($torrent, $metainfo = false, $savepath = null)
162		{
163		$parameters = array($metainfo ? 'metainfo' : 'filename' => $torrent);
164
165		if ($savepath !== null) {
166		$parameters['download-dir'] = (string) $savepath;
167		}
168
169		$response = $this->getClient()->call(
170		'torrent-add',
171		$parameters
172		);
173
174		return $this->getMapper()->map(
175		new Torrent($this->getClient()),
176		$this->getValidator()->validate('torrent-add', $response)
177		);
178		}
179
180		/**
181		* Start the download of a torrent
182		*
183		* @param Torrent $torrent
184		* @param bool $now
185		*/
186		public function start(Torrent $torrent, $now = false)
187		{
188		$this->getClient()->call(
189		$now ? 'torrent-start-now' : 'torrent-start',
190		array('ids' => array($torrent->getId()))
191		);
192		}
193
194		/**
195		* Stop the download of a torrent
196		*
197		* @param Torrent $torrent
198		*/
199		public function stop(Torrent $torrent)
200		{
201		$this->getClient()->call(
202		'torrent-stop',
203		array('ids' => array($torrent->getId()))
204		);
205		}
206
207		/**
208		* Verify the download of a torrent
209		*
210		* @param Torrent $torrent
211		*/
212		public function verify(Torrent $torrent)
213		{
214		$this->getClient()->call(
215		'torrent-verify',
216		array('ids' => array($torrent->getId()))
217		);
218		}
219
220		/**
221		* Request a reannounce of a torrent
222		*
223		* @param Torrent $torrent
224		*/
225		public function reannounce(Torrent $torrent)
226		{
227		$this->getClient()->call(
228		'torrent-reannounce',
229		array('ids' => array($torrent->getId()))
230		);
231		}
232
233		/**
234		* Remove a torrent from the download queue
235		*
236		* @param Torrent $torrent
237		*/
238		public function remove(Torrent $torrent, $localData = false)
239		{
240		$arguments = array('ids' => array($torrent->getId()));
241
242		if ($localData) {
243		$arguments['delete-local-data'] = true;
244		}
245
246		$this->getClient()->call('torrent-remove', $arguments);
247		}
248
249		/**
250		* Set the client used to connect to Transmission
251		*
252		* @param Client $client
253		*/
254		public function setClient(Client $client)
255		{
256		$this->client = $client;
257		}
258
259		/**
260		* Get the client used to connect to Transmission
261		*
262		* @return Client
263		*/
264		public function getClient()
265		{
266		return $this->client;
267		}
268
269		/**
270		* Set the hostname of the Transmission server
271		*
272		* @param string $host
273		*/
274		public function setHost($host)
275		{
276		$this->getClient()->setHost($host);
277		}
278
279		/**
280		* Get the hostname of the Transmission server
281		*
282		* @return string
283		*/
284		public function getHost()
285		{
286		return $this->getClient()->getHost();
287		}
288
289		/**
290		* Set the port the Transmission server is listening on
291		*
292		* @param integer $port
293		*/
294		public function setPort($port)
295		{
296		$this->getClient()->setPort($port);
297		}
298
299		/**
300		* Get the port the Transmission server is listening on
301		*
302		* @return integer
303		*/
304		public function getPort()
305		{
306		return $this->getClient()->getPort();
307		}
308
309		/**
310		* Set the mapper used to map responses from Transmission to models
311		*
312		* @param PropertyMapper $mapper
313		*/
314		public function setMapper(PropertyMapper $mapper)
315		{
316		$this->mapper = $mapper;
317		}
318
319		/**
320		* Get the mapper used to map responses from Transmission to models
321		*
322		* @return PropertyMapper
323		*/
324		public function getMapper()
325		{
326		return $this->mapper;
327		}
328
329		/**
330		* Set the validator used to validate Transmission responses
331		*
332		* @param ResponseValidator $validator
333		*/
334		public function setValidator(ResponseValidator $validator)
335		{
336		$this->validator = $validator;
337		}
338
339		/**
340		* Get the validator used to validate Transmission responses
341		*
342		* @return ResponseValidator
343		*/
344		public function getValidator()
345		{
346		return $this->validator;
347		}
348		}
349

kleiram / transmission-php

GitHub Access Token became invalid

Issues (9)

Security Analysis no request data

lib/Transmission/Transmission.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like