Issues in Response.php (master) - Issues in master - las93/venus3 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (190)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

bundles/lib/Response.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Manage Form
 *
 * @category  	lib
 * @author    	Judicaël Paquet <[email protected]>
 * @copyright 	Copyright (c) 2013-2014 PAQUET Judicaël FR Inc. (https://github.com/las93)
 * @license   	https://github.com/las93/venus2/blob/master/LICENSE.md Tout droit réservé à PAQUET Judicaël
 * @version   	Release: 1.0.0
 * @filesource	https://github.com/las93/venus2
 * @link      	https://github.com/las93
 * @since     	1.0
 */
namespace Venus\lib;

use \Venus\core\Mother as Mother;
use \Venus\lib\Request as Request;
use \Venus\lib\Response\Json as Json;
use \Venus\lib\Response\Mock as Mock;
use \Venus\lib\Response\Yaml as Yaml;

/**
 * This class manage the Form
 *
 * @property \Venus\lib\Request\Headers headers
 * @category  	lib
 * @author    	Judicaël Paquet <[email protected]>
 * @copyright 	Copyright (c) 2013-2014 PAQUET Judicaël FR Inc. (https://github.com/las93)
 * @license   	https://github.com/las93/venus2/blob/master/LICENSE.md Tout droit réservé à PAQUET Judicaël
 * @version   	Release: 1.0.0
 * @filesource	https://github.com/las93/venus2
 * @link      	https://github.com/las93
 * @since     	1.0
 */
class Response extends Mother
{
	const HTTP_CONTINUE = 100;
	const HTTP_SWITCHING_PROTOCOLS = 101;
	const HTTP_PROCESSING = 102;
	const HTTP_OK = 200;
	const HTTP_CREATED = 201;
	const HTTP_ACCEPTED = 202;
	const HTTP_NON_AUTHORITATIVE_INFORMATION = 203;
	const HTTP_NO_CONTENT = 204;
	const HTTP_RESET_CONTENT = 205;
	const HTTP_PARTIAL_CONTENT = 206;
	const HTTP_MULTI_STATUS = 207;
	const HTTP_ALREADY_REPORTED = 208;
	const HTTP_CONTENT_DIFFERENT = 210;
	const HTTP_IM_USED = 226;
	const HTTP_MULTIPLE_CHOICES = 300;
	const HTTP_MOVED_PERMANENTLY = 301;
	const HTTP_MOVED_TEMPORARILY = 302;
	const HTTP_SEE_OTHER = 303;
	const HTTP_NOT_MODIFIED = 304;
	const HTTP_USE_PROXY = 305;
	const HTTP_RESERVED = 306;
	const HTTP_TEMPORARY_REDIRECT = 307;
	const HTTP_PERMANENTLY_REDIRECT = 308;
	const HTTP_TOO_MANY_REDIRECTS = 310;
	const HTTP_BAD_REQUEST = 400;
	const HTTP_UNAUTHORIZED = 401;
	const HTTP_PAYMENT_REQUIRED = 402;
	const HTTP_FORBIDDEN = 403;
	const HTTP_NOT_FOUND = 404;
	const HTTP_METHOD_NOT_ALLOWED = 405;
	const HTTP_NOT_ACCEPTABLE = 406;
	const HTTP_PROXY_AUTHENTICATION_REQUIRED = 407;
	const HTTP_REQUEST_TIMEOUT = 408;
	const HTTP_CONFLICT = 409;
	const HTTP_GONE = 410;
	const HTTP_LENGTH_REQUIRED = 411;
	const HTTP_PRECONDITION_FAILED = 412;
	const HTTP_REQUEST_ENTITY_TOO_LARGE = 413;
	const HTTP_REQUEST_URI_TOO_LONG = 414;
	const HTTP_UNSUPPORTED_MEDIA_TYPE = 415;
	const HTTP_REQUESTED_RANGE_NOT_SATISFIABLE = 416;
	const HTTP_EXPECTATION_FAILED = 417;
	const HTTP_I_AM_A_TEAPOT = 418;
	const HTTP_MISDIRECTED_REQUEST = 421;
	const HTTP_UNPROCESSABLE_ENTITY = 422;
	const HTTP_LOCKED = 423;
	const HTTP_METHOD_FAILURE = 424;
	const HTTP_UNORDERED_COLLECTION = 425;
	const HTTP_UPGRADE_REQUIRED = 426;
	const HTTP_PRECONDITION_REQUIRED = 428;
	const HTTP_TOO_MANY_REQUESTS = 429;
	const HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE = 431;
	const HTTP_RETRY_WITH = 449;
	const HTTP_BLOCKED_BY_WINDOWS_PARENTAL_CONTROLS = 450;
	const HTTP_UNAVAILABLE_FOR_LEGAL_REASONS = 451;
	const HTTP_UNRECOVERABLE_ERROR = 456;
	const HTTP_CLIENT_HAS_CLOSED_CONNECTION = 499;
	const HTTP_INTERNAL_SERVER_ERROR = 500;
	const HTTP_NOT_IMPLEMENTED = 501;
	const HTTP_BAD_GATEWAY = 502;
	const HTTP_SERVICE_UNAVAILABLE = 503;
	const HTTP_GATEWAY_TIMEOUT = 504;
	const HTTP_VERSION_NOT_SUPPORTED = 505;
	const HTTP_VARIANT_ALSO_NEGOTIATES = 506;
	const HTTP_INSUFFICIENT_STORAGE = 507;
	const HTTP_LOOP_DETECTED = 508;
	const HTTP_BANDWIDTH_LIMIT_EXCEEDED = 509;
	const HTTP_NOT_EXTENDED = 510;
	const HTTP_NETWORK_AUTHENTICATION_REQUIRED = 511;
	const HTTP_WEB_SERVER_IS_RETURNING_AN_UNKNOWN_ERROR = 520;

	public static $statusTexts = [
		100 => 'Continue',
		101 => 'Switching Protocols',
		102 => 'Processing',
		200 => 'OK',
		201 => 'Created',
		202 => 'Accepted',
		203 => 'Non-Authoritative Information',
		204 => 'No Content',
		205 => 'Reset Content',
		206 => 'Partial Content',
		207 => 'Multi-Status',
		208 => 'Already Reported',		
		210 => 'Content Different',
		226 => 'IM Used',
		300 => 'Multiple Choices',
		301 => 'Moved Permanently',
		302 => 'Moved Temporarily',
		303 => 'See Other',
		304 => 'Not Modified',
		305 => 'Use Proxy',
		306 => '',
		307 => 'Temporary Redirect',
		308 => 'Permanent Redirect',
		310 => 'Too many Redirects',
		400 => 'Bad Request',
		401 => 'Unauthorized',
		402 => 'Payment Required',
		403 => 'Forbidden',
		404 => 'Not Found',
		405 => 'Method Not Allowed',
		406 => 'Not Acceptable',
		407 => 'Proxy Authentication Required',
		408 => 'Request Timeout',
		409 => 'Conflict',
		410 => 'Gone',
		411 => 'Length Required',
		412 => 'Precondition Failed',
		413 => 'Payload Too Large',
		414 => 'Request-URI Too Long',
		415 => 'Unsupported Media Type',
		416 => 'Requested range unsatisfiable',
		417 => 'Expectation Failed',
		418 => 'I\'m a teapot',
		421 => 'Misdirected Request',
		422 => 'Unprocessable Entity',
		423 => 'Locked',
		424 => 'Method failure',
		425 => 'Unordered Collection',
		426 => 'Upgrade Required',
		428 => 'Precondition Required',
		429 => 'Too Many Requests',
		431 => 'Request Header Fields Too Large',
		449 => 'Retry With',
		450 => 'Blocked by Windows Parental Controls',
		451 => 'Unavailable For Legal Reasons',
		456 => 'Unrecoverable Error',
		499 => 'Client has closed connection',
		500 => 'Internal Server Error',
		501 => 'Not Implemented',
		502 => 'Bad Gateway',
		503 => 'Service Unavailable',
		504 => 'Gateway Timeout',
		505 => 'HTTP Version Not Supported',
		506 => 'Variant Also Negotiates',
		507 => 'Insufficient Storage',
		508 => 'Loop Detected',
		509 => 'Bandwidth Limit Exceeded',
		510 => 'Not Extended',
		511 => 'Network Authentication Required',
		520 => 'Web server is returning an unknown error',
	];

	/**
	 * the translation language
	 * @var string
	 */
	private static $_sKindOfReturn = 'json';

	/**
	 * @var string
	 */
	private $content;

	/**
	 * @var int
	 */
	private $statusCode = 0;

	/**
	 * Response constructor.
     */
	public function __construct()
	{
		/**
		 * @return \Venus\lib\Request
         */
		$this->headers = function() { $request = new Request(); return $request->headers; };
	}

	/**
	 * set the language if you don't want take the default language of the configuration file
	 *
	 * @access public
	 * @param  string $sKindOfReturn
	 * @return void
	 */
	public static function setKindOfReturn(string $sKindOfReturn)
	{
		self::$_sKindOfReturn = $sKindOfReturn;
	}

	/**
	 * translate the content
	 *
	 * @access public
	 * @param  mixed $mContent content to translate
	 * @return mixed
	 */
	public function translate($mContent)
	{
		if (self::$_sKindOfReturn === 'yaml') { return Yaml::translate($mContent); }
		else if (self::$_sKindOfReturn === 'mock') { return Mock::translate($mContent); }
		else { return Json::translate($mContent); }
	}

	/**
	 * @return string
     */
	public function getContent() : string
	{
		return $this->content;
	}

	/**
	 * @param string $content
	 * @return Response
     */
	public function setContent(string $content) : Response
	{
		$this->content = $content;
		return $this;
	}

	/**
	 * @return int
     */
	public function getStatusCode() : int
	{
		return $this->statusCode;
	}

	/**
	 * @param int $statusCode
	 * @return Response
     */
	public function setStatusCode(int $statusCode) : Response
	{
		$this->statusCode = $statusCode;
		return $this;
	}

	public function send()
	{
		if ($this->getStatusCode() > 0) {
			$this->headers->set('HTTP/1.1 '.$this->getStatusCode().' '.self::$statusTexts[$this->getStatusCode()]);
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
		}

		echo $this->getContent();
	}
}


Issues (190)

Security Analysis not enabled

bundles/lib/Response.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1			<?php
2
3			/**
4			* Manage Form
5			*
6			* @category lib
7			* @author Judicaël Paquet <[email protected]>
8			* @copyright Copyright (c) 2013-2014 PAQUET Judicaël FR Inc. (https://github.com/las93)
9			* @license https://github.com/las93/venus2/blob/master/LICENSE.md Tout droit réservé à PAQUET Judicaël
10			* @version Release: 1.0.0
11			* @filesource https://github.com/las93/venus2
12			* @link https://github.com/las93
13			* @since 1.0
14			*/
15			namespace Venus\lib;
16
17			use \Venus\core\Mother as Mother;
18			use \Venus\lib\Request as Request;
19			use \Venus\lib\Response\Json as Json;
20			use \Venus\lib\Response\Mock as Mock;
21			use \Venus\lib\Response\Yaml as Yaml;
22
23			/**
24			* This class manage the Form
25			*
26			* @property \Venus\lib\Request\Headers headers
27			* @category lib
28			* @author Judicaël Paquet <[email protected]>
29			* @copyright Copyright (c) 2013-2014 PAQUET Judicaël FR Inc. (https://github.com/las93)
30			* @license https://github.com/las93/venus2/blob/master/LICENSE.md Tout droit réservé à PAQUET Judicaël
31			* @version Release: 1.0.0
32			* @filesource https://github.com/las93/venus2
33			* @link https://github.com/las93
34			* @since 1.0
35			*/
36			class Response extends Mother
37			{
38			const HTTP_CONTINUE = 100;
39			const HTTP_SWITCHING_PROTOCOLS = 101;
40			const HTTP_PROCESSING = 102;
41			const HTTP_OK = 200;
42			const HTTP_CREATED = 201;
43			const HTTP_ACCEPTED = 202;
44			const HTTP_NON_AUTHORITATIVE_INFORMATION = 203;
45			const HTTP_NO_CONTENT = 204;
46			const HTTP_RESET_CONTENT = 205;
47			const HTTP_PARTIAL_CONTENT = 206;
48			const HTTP_MULTI_STATUS = 207;
49			const HTTP_ALREADY_REPORTED = 208;
50			const HTTP_CONTENT_DIFFERENT = 210;
51			const HTTP_IM_USED = 226;
52			const HTTP_MULTIPLE_CHOICES = 300;
53			const HTTP_MOVED_PERMANENTLY = 301;
54			const HTTP_MOVED_TEMPORARILY = 302;
55			const HTTP_SEE_OTHER = 303;
56			const HTTP_NOT_MODIFIED = 304;
57			const HTTP_USE_PROXY = 305;
58			const HTTP_RESERVED = 306;
59			const HTTP_TEMPORARY_REDIRECT = 307;
60			const HTTP_PERMANENTLY_REDIRECT = 308;
61			const HTTP_TOO_MANY_REDIRECTS = 310;
62			const HTTP_BAD_REQUEST = 400;
63			const HTTP_UNAUTHORIZED = 401;
64			const HTTP_PAYMENT_REQUIRED = 402;
65			const HTTP_FORBIDDEN = 403;
66			const HTTP_NOT_FOUND = 404;
67			const HTTP_METHOD_NOT_ALLOWED = 405;
68			const HTTP_NOT_ACCEPTABLE = 406;
69			const HTTP_PROXY_AUTHENTICATION_REQUIRED = 407;
70			const HTTP_REQUEST_TIMEOUT = 408;
71			const HTTP_CONFLICT = 409;
72			const HTTP_GONE = 410;
73			const HTTP_LENGTH_REQUIRED = 411;
74			const HTTP_PRECONDITION_FAILED = 412;
75			const HTTP_REQUEST_ENTITY_TOO_LARGE = 413;
76			const HTTP_REQUEST_URI_TOO_LONG = 414;
77			const HTTP_UNSUPPORTED_MEDIA_TYPE = 415;
78			const HTTP_REQUESTED_RANGE_NOT_SATISFIABLE = 416;
79			const HTTP_EXPECTATION_FAILED = 417;
80			const HTTP_I_AM_A_TEAPOT = 418;
81			const HTTP_MISDIRECTED_REQUEST = 421;
82			const HTTP_UNPROCESSABLE_ENTITY = 422;
83			const HTTP_LOCKED = 423;
84			const HTTP_METHOD_FAILURE = 424;
85			const HTTP_UNORDERED_COLLECTION = 425;
86			const HTTP_UPGRADE_REQUIRED = 426;
87			const HTTP_PRECONDITION_REQUIRED = 428;
88			const HTTP_TOO_MANY_REQUESTS = 429;
89			const HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE = 431;
90			const HTTP_RETRY_WITH = 449;
91			const HTTP_BLOCKED_BY_WINDOWS_PARENTAL_CONTROLS = 450;
92			const HTTP_UNAVAILABLE_FOR_LEGAL_REASONS = 451;
93			const HTTP_UNRECOVERABLE_ERROR = 456;
94			const HTTP_CLIENT_HAS_CLOSED_CONNECTION = 499;
95			const HTTP_INTERNAL_SERVER_ERROR = 500;
96			const HTTP_NOT_IMPLEMENTED = 501;
97			const HTTP_BAD_GATEWAY = 502;
98			const HTTP_SERVICE_UNAVAILABLE = 503;
99			const HTTP_GATEWAY_TIMEOUT = 504;
100			const HTTP_VERSION_NOT_SUPPORTED = 505;
101			const HTTP_VARIANT_ALSO_NEGOTIATES = 506;
102			const HTTP_INSUFFICIENT_STORAGE = 507;
103			const HTTP_LOOP_DETECTED = 508;
104			const HTTP_BANDWIDTH_LIMIT_EXCEEDED = 509;
105			const HTTP_NOT_EXTENDED = 510;
106			const HTTP_NETWORK_AUTHENTICATION_REQUIRED = 511;
107			const HTTP_WEB_SERVER_IS_RETURNING_AN_UNKNOWN_ERROR = 520;
108
109			public static $statusTexts = [
110			100 => 'Continue',
111			101 => 'Switching Protocols',
112			102 => 'Processing',
113			200 => 'OK',
114			201 => 'Created',
115			202 => 'Accepted',
116			203 => 'Non-Authoritative Information',
117			204 => 'No Content',
118			205 => 'Reset Content',
119			206 => 'Partial Content',
120			207 => 'Multi-Status',
121			208 => 'Already Reported',
122			210 => 'Content Different',
123			226 => 'IM Used',
124			300 => 'Multiple Choices',
125			301 => 'Moved Permanently',
126			302 => 'Moved Temporarily',
127			303 => 'See Other',
128			304 => 'Not Modified',
129			305 => 'Use Proxy',
130			306 => '',
131			307 => 'Temporary Redirect',
132			308 => 'Permanent Redirect',
133			310 => 'Too many Redirects',
134			400 => 'Bad Request',
135			401 => 'Unauthorized',
136			402 => 'Payment Required',
137			403 => 'Forbidden',
138			404 => 'Not Found',
139			405 => 'Method Not Allowed',
140			406 => 'Not Acceptable',
141			407 => 'Proxy Authentication Required',
142			408 => 'Request Timeout',
143			409 => 'Conflict',
144			410 => 'Gone',
145			411 => 'Length Required',
146			412 => 'Precondition Failed',
147			413 => 'Payload Too Large',
148			414 => 'Request-URI Too Long',
149			415 => 'Unsupported Media Type',
150			416 => 'Requested range unsatisfiable',
151			417 => 'Expectation Failed',
152			418 => 'I\'m a teapot',
153			421 => 'Misdirected Request',
154			422 => 'Unprocessable Entity',
155			423 => 'Locked',
156			424 => 'Method failure',
157			425 => 'Unordered Collection',
158			426 => 'Upgrade Required',
159			428 => 'Precondition Required',
160			429 => 'Too Many Requests',
161			431 => 'Request Header Fields Too Large',
162			449 => 'Retry With',
163			450 => 'Blocked by Windows Parental Controls',
164			451 => 'Unavailable For Legal Reasons',
165			456 => 'Unrecoverable Error',
166			499 => 'Client has closed connection',
167			500 => 'Internal Server Error',
168			501 => 'Not Implemented',
169			502 => 'Bad Gateway',
170			503 => 'Service Unavailable',
171			504 => 'Gateway Timeout',
172			505 => 'HTTP Version Not Supported',
173			506 => 'Variant Also Negotiates',
174			507 => 'Insufficient Storage',
175			508 => 'Loop Detected',
176			509 => 'Bandwidth Limit Exceeded',
177			510 => 'Not Extended',
178			511 => 'Network Authentication Required',
179			520 => 'Web server is returning an unknown error',
180			];
181
182			/**
183			* the translation language
184			* @var string
185			*/
186			private static $_sKindOfReturn = 'json';
187
188			/**
189			* @var string
190			*/
191			private $content;
192
193			/**
194			* @var int
195			*/
196			private $statusCode = 0;
197
198			/**
199			* Response constructor.
200			*/
201			public function __construct()
202			{
203			/**
204			* @return \Venus\lib\Request
205			*/
206			$this->headers = function() { $request = new Request(); return $request->headers; };
207			}
208
209			/**
210			* set the language if you don't want take the default language of the configuration file
211			*
212			* @access public
213			* @param string $sKindOfReturn
214			* @return void
215			*/
216			public static function setKindOfReturn(string $sKindOfReturn)
217			{
218			self::$_sKindOfReturn = $sKindOfReturn;
219			}
220
221			/**
222			* translate the content
223			*
224			* @access public
225			* @param mixed $mContent content to translate
226			* @return mixed
227			*/
228			public function translate($mContent)
229			{
230			if (self::$_sKindOfReturn === 'yaml') { return Yaml::translate($mContent); }
231			else if (self::$_sKindOfReturn === 'mock') { return Mock::translate($mContent); }
232			else { return Json::translate($mContent); }
233			}
234
235			/**
236			* @return string
237			*/
238			public function getContent() : string
239			{
240			return $this->content;
241			}
242
243			/**
244			* @param string $content
245			* @return Response
246			*/
247			public function setContent(string $content) : Response
248			{
249			$this->content = $content;
250			return $this;
251			}
252
253			/**
254			* @return int
255			*/
256			public function getStatusCode() : int
257			{
258			return $this->statusCode;
259			}
260
261			/**
262			* @param int $statusCode
263			* @return Response
264			*/
265			public function setStatusCode(int $statusCode) : Response
266			{
267			$this->statusCode = $statusCode;
268			return $this;
269			}
270
271			public function send()
272			{
273			if ($this->getStatusCode() > 0) {
274			$this->headers->set('HTTP/1.1 '.$this->getStatusCode().' '.self::$statusTexts[$this->getStatusCode()]);
			0 ignored issues – show Bug introduced 2016-09-08 12:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `set` does only exist in `Venus\lib\Request\Headers`, but not in `Closure`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
275			}
276
277			echo $this->getContent();
278			}
279			}
280

las93 / venus3

Issues (190)

Security Analysis not enabled

bundles/lib/Response.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like