Issues in Result.php (master) - Issues in master - layershifter/TLDExtract - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Result.php (2 issues)

Labels

Unused Code 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * TLDExtract: Library for extraction of domain parts e.g. TLD. Domain parser that uses Public Suffix List.
 *
 * @link      https://github.com/layershifter/TLDExtract
 *
 * @copyright Copyright (c) 2016, Alexander Fedyashov
 * @license   https://raw.githubusercontent.com/layershifter/TLDExtract/master/LICENSE Apache 2.0 License
 */

namespace LayerShifter\TLDExtract;

use LayerShifter\TLDSupport\Helpers\IP;

/**
 * This class holds the components of a domain name.
 *
 * You can access the components using either method, property or array syntax. For example, "echo $result->suffix" and
 * "echo $result['suffix']" will both work and output the same string.
 *
 * All properties are read-only.
 *
 * @property-read null|string $subdomain
 * @property-read null|string $hostname
 * @property-read null|string $suffix
 */
class Result implements \ArrayAccess, ResultInterface
{
    /**
     * The subdomain. For example, the subdomain of "a.b.google.com" is "a.b".
     *
     * @var null|string
     */
    private $subdomain;
    /**
     * Hostname part of domain or IP-address. For example, in "a.b.google.com" the registered domain is "google".
     *
     * @var null|string
     */
    private $hostname;
    /**
     * The top-level domain / public suffix. For example: "com", "co.uk", "act.edu.au".
     *
     * @var null|string
     */
    private $suffix;

    /**
     * Constructor of class.
     *
     * @param null|string $subdomain
     * @param null|string $hostname
     * @param null|string $suffix
     */
    public function __construct($subdomain, $hostname, $suffix)
    {
        $this->subdomain = $subdomain;
        $this->hostname = $hostname;
        $this->suffix = $suffix;
    }

    /**
     * Returns subdomain if it exists.
     *
     * @return null|string
     */
    public function getSubdomain()
    {
        return $this->subdomain;
    }

    /**
     * Return subdomains if they exist, example subdomain is "www.news", method will return array ['www', 'bbc'].
     *
     * @return null|array
     */
    public function getSubdomains()
    {
        return null === $this->subdomain ? null : explode('.', $this->subdomain);
    }

    /**
     * Returns hostname if it exists.
     *
     * @return null|string
     */
    public function getHostname()
    {
        return $this->hostname;
    }

    /**
     * Returns suffix if it exists.
     *
     * @return null|string
     */
    public function getSuffix()
    {
        return $this->suffix;
    }

    /**
     * Method that returns full host record.
     *
     * @return string
     */
    public function getFullHost()
    {
        // Case 1: Host hasn't suffix, possibly IP.

        if (null === $this->suffix) {
            return $this->hostname;
        }

        // Case 2: Domain with suffix, but without subdomain.

        if (null === $this->subdomain) {
            return $this->hostname . '.' . $this->suffix;
        }

        // Case 3: Domain with suffix & subdomain.

        return implode('.', [$this->subdomain, $this->hostname, $this->suffix]);
    }

    /**
     * Returns registrable domain or null.
     *
     * @return null|string
     */
    public function getRegistrableDomain()
    {
        if (null === $this->suffix) {
            return null;
        }

        return null === $this->hostname ? null : $this->hostname . '.' . $this->suffix;
    }

    /**
     * Returns true if domain is valid.
     *
     * @return bool
     */
    public function isValidDomain()
    {
        return null !== $this->getRegistrableDomain();
    }

    /**
     * Returns true is result is IP.
     *
     * @return bool
     */
    public function isIp()
    {
        return null === $this->suffix && IP::isValid($this->hostname);
    }

    /**
     * Magic method for run isset on private params.
     *
     * @param string $name Field name
     *
     * @return bool
     */
    public function __isset($name)
    {
        return property_exists($this, $name);
    }

    /**
     * Converts class fields to string.
     *
     * @return string
     */
    public function __toString()
    {
        return $this->getFullHost();
    }

    /**
     * Whether or not an offset exists.
     *
     * @param mixed $offset An offset to check for
     *
     * @return bool
     */
    public function offsetExists($offset)
    {
        return property_exists($this, $offset);
    }

    /**
     * Returns the value at specified offset.
     *
     * @param mixed $offset The offset to retrieve.
     *
     * @throws \OutOfRangeException
     *
     * @return mixed
     */
    public function offsetGet($offset)
    {
        return $this->{$offset};
    }

    /**
     * Magic method, controls access to private params.
     *
     * @param string $name Name of params to retrieve
     *
     * @throws \OutOfRangeException
     *
     * @return mixed
     */
    public function __get($name)
    {
        if (!property_exists($this, $name)) {
            throw new \OutOfRangeException(sprintf('Unknown field "%s"', $name));
        }

        return $this->{$name};
    }

    /**
     * Magic method, makes params read-only.
     *
     * @param string $name  Name of params to retrieve
     * @param mixed  $value Value to set
     *
     * @throws \LogicException
     *
     * @return void
     */
    public function __set($name, $value)

    {
        throw new \LogicException("Can't modify an immutable object.");
    }

    /**
     * Disables assigns a value to the specified offset.
     *
     * @param mixed $offset The offset to assign the value to
     * @param mixed $value  Value to set
     *
     * @throws \LogicException
     *
     * @return void
     */
    public function offsetSet($offset, $value)
    {
        throw new \LogicException(
            sprintf("Can't modify an immutable object. You tried to set value '%s' to field '%s'.", $value, $offset)
        );
    }

    /**
     * Disables unset of an offset.
     *
     * @param mixed $offset The offset for unset
     *
     * @throws \LogicException
     *
     * @return void
     */
    public function offsetUnset($offset)
    {
        throw new \LogicException(sprintf("Can't modify an immutable object. You tried to unset '%s.'", $offset));
    }

    /**
     * Get the domain name components as a native PHP array. The returned array will contain these keys: 'subdomain',
     * 'domain' and 'tld'.
     *
     * @return array
     */
    public function toArray()
    {
        return [
            'subdomain' => $this->subdomain,
            'hostname'  => $this->hostname,
            'suffix'    => $this->suffix,
        ];
    }

    /**
     * Get the domain name components as a JSON.
     *
     * @return string
     */
    public function toJson()
    {
        return json_encode($this->toArray());
    }
}


1			<?php
2			/**
3			* TLDExtract: Library for extraction of domain parts e.g. TLD. Domain parser that uses Public Suffix List.
4			*
5			* @link https://github.com/layershifter/TLDExtract
6			*
7			* @copyright Copyright (c) 2016, Alexander Fedyashov
8			* @license https://raw.githubusercontent.com/layershifter/TLDExtract/master/LICENSE Apache 2.0 License
9			*/
10
11			namespace LayerShifter\TLDExtract;
12
13			use LayerShifter\TLDSupport\Helpers\IP;
14
15			/**
16			* This class holds the components of a domain name.
17			*
18			* You can access the components using either method, property or array syntax. For example, "echo $result->suffix" and
19			* "echo $result['suffix']" will both work and output the same string.
20			*
21			* All properties are read-only.
22			*
23			* @property-read null\|string $subdomain
24			* @property-read null\|string $hostname
25			* @property-read null\|string $suffix
26			*/
27			class Result implements \ArrayAccess, ResultInterface
28			{
29			/**
30			* The subdomain. For example, the subdomain of "a.b.google.com" is "a.b".
31			*
32			* @var null\|string
33			*/
34			private $subdomain;
35			/**
36			* Hostname part of domain or IP-address. For example, in "a.b.google.com" the registered domain is "google".
37			*
38			* @var null\|string
39			*/
40			private $hostname;
41			/**
42			* The top-level domain / public suffix. For example: "com", "co.uk", "act.edu.au".
43			*
44			* @var null\|string
45			*/
46			private $suffix;
47
48			/**
49			* Constructor of class.
50			*
51			* @param null\|string $subdomain
52			* @param null\|string $hostname
53			* @param null\|string $suffix
54			*/
55			public function __construct($subdomain, $hostname, $suffix)
56			{
57			$this->subdomain = $subdomain;
58			$this->hostname = $hostname;
59			$this->suffix = $suffix;
60			}
61
62			/**
63			* Returns subdomain if it exists.
64			*
65			* @return null\|string
66			*/
67			public function getSubdomain()
68			{
69			return $this->subdomain;
70			}
71
72			/**
73			* Return subdomains if they exist, example subdomain is "www.news", method will return array ['www', 'bbc'].
74			*
75			* @return null\|array
76			*/
77			public function getSubdomains()
78			{
79			return null === $this->subdomain ? null : explode('.', $this->subdomain);
80			}
81
82			/**
83			* Returns hostname if it exists.
84			*
85			* @return null\|string
86			*/
87			public function getHostname()
88			{
89			return $this->hostname;
90			}
91
92			/**
93			* Returns suffix if it exists.
94			*
95			* @return null\|string
96			*/
97			public function getSuffix()
98			{
99			return $this->suffix;
100			}
101
102			/**
103			* Method that returns full host record.
104			*
105			* @return string
106			*/
107			public function getFullHost()
108			{
109			// Case 1: Host hasn't suffix, possibly IP.
110
111			if (null === $this->suffix) {
112			return $this->hostname;
113			}
114
115			// Case 2: Domain with suffix, but without subdomain.
116
117			if (null === $this->subdomain) {
118			return $this->hostname . '.' . $this->suffix;
119			}
120
121			// Case 3: Domain with suffix & subdomain.
122
123			return implode('.', [$this->subdomain, $this->hostname, $this->suffix]);
124			}
125
126			/**
127			* Returns registrable domain or null.
128			*
129			* @return null\|string
130			*/
131			public function getRegistrableDomain()
132			{
133			if (null === $this->suffix) {
134			return null;
135			}
136
137			return null === $this->hostname ? null : $this->hostname . '.' . $this->suffix;
138			}
139
140			/**
141			* Returns true if domain is valid.
142			*
143			* @return bool
144			*/
145			public function isValidDomain()
146			{
147			return null !== $this->getRegistrableDomain();
148			}
149
150			/**
151			* Returns true is result is IP.
152			*
153			* @return bool
154			*/
155			public function isIp()
156			{
157			return null === $this->suffix && IP::isValid($this->hostname);
158			}
159
160			/**
161			* Magic method for run isset on private params.
162			*
163			* @param string $name Field name
164			*
165			* @return bool
166			*/
167			public function __isset($name)
168			{
169			return property_exists($this, $name);
170			}
171
172			/**
173			* Converts class fields to string.
174			*
175			* @return string
176			*/
177			public function __toString()
178			{
179			return $this->getFullHost();
180			}
181
182			/**
183			* Whether or not an offset exists.
184			*
185			* @param mixed $offset An offset to check for
186			*
187			* @return bool
188			*/
189			public function offsetExists($offset)
190			{
191			return property_exists($this, $offset);
192			}
193
194			/**
195			* Returns the value at specified offset.
196			*
197			* @param mixed $offset The offset to retrieve.
198			*
199			* @throws \OutOfRangeException
200			*
201			* @return mixed
202			*/
203			public function offsetGet($offset)
204			{
205			return $this->{$offset};
206			}
207
208			/**
209			* Magic method, controls access to private params.
210			*
211			* @param string $name Name of params to retrieve
212			*
213			* @throws \OutOfRangeException
214			*
215			* @return mixed
216			*/
217			public function __get($name)
218			{
219			if (!property_exists($this, $name)) {
220			throw new \OutOfRangeException(sprintf('Unknown field "%s"', $name));
221			}
222
223			return $this->{$name};
224			}
225
226			/**
227			* Magic method, makes params read-only.
228			*
229			* @param string $name Name of params to retrieve
230			* @param mixed $value Value to set
231			*
232			* @throws \LogicException
233			*
234			* @return void
235			*/
236			public function __set($name, $value)
			0 ignored issues – show Unused Code introduced 2016-06-20 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$name` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2016-06-20 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$value` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
237			{
238			throw new \LogicException("Can't modify an immutable object.");
239			}
240
241			/**
242			* Disables assigns a value to the specified offset.
243			*
244			* @param mixed $offset The offset to assign the value to
245			* @param mixed $value Value to set
246			*
247			* @throws \LogicException
248			*
249			* @return void
250			*/
251			public function offsetSet($offset, $value)
252			{
253			throw new \LogicException(
254			sprintf("Can't modify an immutable object. You tried to set value '%s' to field '%s'.", $value, $offset)
255			);
256			}
257
258			/**
259			* Disables unset of an offset.
260			*
261			* @param mixed $offset The offset for unset
262			*
263			* @throws \LogicException
264			*
265			* @return void
266			*/
267			public function offsetUnset($offset)
268			{
269			throw new \LogicException(sprintf("Can't modify an immutable object. You tried to unset '%s.'", $offset));
270			}
271
272			/**
273			* Get the domain name components as a native PHP array. The returned array will contain these keys: 'subdomain',
274			* 'domain' and 'tld'.
275			*
276			* @return array
277			*/
278			public function toArray()
279			{
280			return [
281			'subdomain' => $this->subdomain,
282			'hostname' => $this->hostname,
283			'suffix' => $this->suffix,
284			];
285			}
286
287			/**
288			* Get the domain name components as a JSON.
289			*
290			* @return string
291			*/
292			public function toJson()
293			{
294			return json_encode($this->toArray());
295			}
296			}
297

layershifter / TLDExtract

Issues (5)

Security Analysis no request data

src/Result.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like