Issues in Application.php (master) - Issues in master - limoncello-php-dist/application - Measure and Improve Code Quality continuously with Scrutinizer

Issues (94)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Packages/Application/Application.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php declare(strict_types=1);

namespace Limoncello\Application\Packages\Application;

/**
 * Copyright 2015-2020 [email protected]
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

use Limoncello\Application\CoreSettings\CoreData;
use Limoncello\Application\Settings\CacheSettingsProvider;
use Limoncello\Application\Settings\FileSettingsProvider;
use Limoncello\Application\Settings\InstanceSettingsProvider;
use Limoncello\Common\Reflection\ClassIsTrait;
use Limoncello\Container\Container;
use Limoncello\Contracts\Application\ApplicationConfigurationInterface as A;
use Limoncello\Contracts\Application\CacheSettingsProviderInterface;
use Limoncello\Contracts\Container\ContainerInterface as LimoncelloContainerInterface;
use Limoncello\Contracts\Core\SapiInterface;
use Limoncello\Contracts\Provider\ProvidesSettingsInterface;
use Limoncello\Contracts\Routing\RouterInterface;
use Limoncello\Contracts\Settings\SettingsProviderInterface;
use Limoncello\Core\Application\Sapi;
use ReflectionException;
use Zend\HttpHandlerRunner\Emitter\SapiEmitter;
use function assert;
use function call_user_func;
use function count;
use function is_array;
use function is_callable;
use function is_null;
use function is_string;
use function iterator_to_array;
use function reset;

/**
 * @package Limoncello\Application
 *
 * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
 * @SuppressWarnings(PHPMD.LongVariable)
 */
class Application extends \Limoncello\Core\Application\Application
{
    use ClassIsTrait;

    /**
     * @var string
     */
    private $settingsPath;

    /**
     * @var callable|string|null
     */
    private $settingCacheMethod;

    /**
     * @var CacheSettingsProviderInterface|null
     */
    private $cacheSettingsProvider = null;

    /**
     * @param string                     $settingsPath
     * @param string|array|callable|null $settingCacheMethod
     * @param SapiInterface|null         $sapi
     */
    public function __construct(string $settingsPath, $settingCacheMethod = null, SapiInterface $sapi = null)
    {
        // The reason we do not use `callable` for the input parameter is that at the moment
        // of calling the callable might not exist. Therefore when created it will pass
        // `is_callable` check and will be used for getting the cached data.
        assert(is_null($settingCacheMethod) || is_string($settingCacheMethod) || is_array($settingCacheMethod));

        $this->settingsPath       = $settingsPath;
        $this->settingCacheMethod = $settingCacheMethod;

        $this->setSapi($sapi ?? new Sapi(new SapiEmitter()));
    }

    /**
     * @inheritdoc
     *
     * @throws ReflectionException
     */
    protected function getCoreData(): array
    {
        return $this->getCacheSettingsProvider()->getCoreData();
    }

    /**
     * Get container from application. If `method` and `path` are specified the container will be configured
     * not only with global container configurators but with route's one as well.
     *
     * @param string|null $method
     * @param string|null $path
     *
     * @return LimoncelloContainerInterface
     *
     * @throws ReflectionException
     *
     * @SuppressWarnings(PHPMD.StaticAccess)
     */
    public function createContainer(string $method = null, string $path = null): LimoncelloContainerInterface
    {
        $container = $this->createContainerInstance();

        $routeConfigurators = [];
        $coreData           = $this->getCoreData();
        if (empty($method) === false && empty($path) === false) {
            list(, , , , , $routeConfigurators) = $this->initRouter($coreData)->match($method, $path);
        }

        // configure container
        assert(!empty($coreData));
        $globalConfigurators = CoreData::getGlobalConfiguratorsFromData($coreData);
        $this->configureContainer($container, $globalConfigurators, $routeConfigurators);

        return $container;
    }

    /**
     * @return LimoncelloContainerInterface
     *
     * @throws ReflectionException
     */
    protected function createContainerInstance(): LimoncelloContainerInterface
    {
        $container = new Container();

        $settingsProvider = $this->getCacheSettingsProvider();
        $container->offsetSet(SettingsProviderInterface::class, $settingsProvider);
        $container->offsetSet(CacheSettingsProviderInterface::class, $settingsProvider);
        $container->offsetSet(RouterInterface::class, $this->getRouter());

        return $container;
    }

    /**
     * @return string
     */
    protected function getSettingsPath(): string
    {
        return $this->settingsPath;
    }

    /**
     * @return callable|string|null
     */
    protected function getSettingCacheMethod()
    {
        return $this->settingCacheMethod;
    }

    /**
     * @return CacheSettingsProviderInterface
     *
     * @throws ReflectionException
     *
     * @SuppressWarnings(PHPMD.ElseExpression)
     * @SuppressWarnings(PHPMD.IfStatementAssignment)
     */
    private function getCacheSettingsProvider(): CacheSettingsProviderInterface
    {
        if ($this->cacheSettingsProvider === null) {
            $provider = new CacheSettingsProvider();

            if (is_callable($method = $this->getSettingCacheMethod()) === true) {
                $data = call_user_func($method);
                $provider->unserialize($data);
class User
{
    private $email;

    public function getEmail()
    {
        return $this->email;
    }

    public function setEmail($email)
    {
        $this->email = $email;
    }
}
            } else {
                $appConfig = $this->createApplicationConfiguration();
                $appData   = $appConfig->get();
                $coreData  = new CoreData(
                    $appData[A::KEY_ROUTES_PATH],
                    $appData[A::KEY_CONTAINER_CONFIGURATORS_PATH],
                    $appData[A::KEY_PROVIDER_CLASSES]
                );

                $provider->setInstanceSettings($appConfig, $coreData, $this->createInstanceSettingsProvider($appData));
            }

            $this->cacheSettingsProvider = $provider;
        }

        return $this->cacheSettingsProvider;
    }

    /**
     * @return A
     *
     * @throws ReflectionException
     */
    private function createApplicationConfiguration(): A
    {
        /** @noinspection PhpParamsInspection */
        $classes = iterator_to_array(static::selectClasses($this->getSettingsPath(), A::class));
        assert(
            count($classes) > 0,
            'Settings path must contain a class implementing ApplicationConfigurationInterface.'
        );
        assert(
            count($classes) === 1,
            'Settings path must contain only one class implementing ApplicationConfigurationInterface.'
        );
        $class    = reset($classes);
        $instance = new $class();
        assert($instance instanceof A);

        return $instance;
    }

    /**
     * @param array $applicationData
     *
     * @return InstanceSettingsProvider
     *
     * @throws ReflectionException
     */
    private function createInstanceSettingsProvider(array $applicationData): InstanceSettingsProvider
    {
        // Load all settings from path specified
        $provider = (new FileSettingsProvider($applicationData))->load($this->getSettingsPath());

        // Application settings have a list of providers which might have additional settings to load
        $providerClasses = $applicationData[A::KEY_PROVIDER_CLASSES];
        $selectedClasses = $this->selectClassImplements($providerClasses, ProvidesSettingsInterface::class);
        foreach ($selectedClasses as $providerClass) {
            /** @var ProvidesSettingsInterface $providerClass */
            foreach ($providerClass::getSettings() as $setting) {
                $provider->register($setting);
            }
        }

        return $provider;
    }
}


1		<?php declare(strict_types=1);
2
3		namespace Limoncello\Application\Packages\Application;
4
5		/**
6		* Copyright 2015-2020 [email protected]
7		*
8		* Licensed under the Apache License, Version 2.0 (the "License");
9		* you may not use this file except in compliance with the License.
10		* You may obtain a copy of the License at
11		*
12		* http://www.apache.org/licenses/LICENSE-2.0
13		*
14		* Unless required by applicable law or agreed to in writing, software
15		* distributed under the License is distributed on an "AS IS" BASIS,
16		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17		* See the License for the specific language governing permissions and
18		* limitations under the License.
19		*/
20
21		use Limoncello\Application\CoreSettings\CoreData;
22		use Limoncello\Application\Settings\CacheSettingsProvider;
23		use Limoncello\Application\Settings\FileSettingsProvider;
24		use Limoncello\Application\Settings\InstanceSettingsProvider;
25		use Limoncello\Common\Reflection\ClassIsTrait;
26		use Limoncello\Container\Container;
27		use Limoncello\Contracts\Application\ApplicationConfigurationInterface as A;
28		use Limoncello\Contracts\Application\CacheSettingsProviderInterface;
29		use Limoncello\Contracts\Container\ContainerInterface as LimoncelloContainerInterface;
30		use Limoncello\Contracts\Core\SapiInterface;
31		use Limoncello\Contracts\Provider\ProvidesSettingsInterface;
32		use Limoncello\Contracts\Routing\RouterInterface;
33		use Limoncello\Contracts\Settings\SettingsProviderInterface;
34		use Limoncello\Core\Application\Sapi;
35		use ReflectionException;
36		use Zend\HttpHandlerRunner\Emitter\SapiEmitter;
37		use function assert;
38		use function call_user_func;
39		use function count;
40		use function is_array;
41		use function is_callable;
42		use function is_null;
43		use function is_string;
44		use function iterator_to_array;
45		use function reset;
46
47		/**
48		* @package Limoncello\Application
49		*
50		* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
51		* @SuppressWarnings(PHPMD.LongVariable)
52		*/
53		class Application extends \Limoncello\Core\Application\Application
54		{
55		use ClassIsTrait;
56
57		/**
58		* @var string
59		*/
60		private $settingsPath;
61
62		/**
63		* @var callable\|string\|null
64		*/
65	2	private $settingCacheMethod;
66
67		/**
68		* @var CacheSettingsProviderInterface\|null
69		*/
70	2	private $cacheSettingsProvider = null;
71
72	2	/**
73	2	* @param string $settingsPath
74		* @param string\|array\|callable\|null $settingCacheMethod
75	2	* @param SapiInterface\|null $sapi
76		*/
77		public function __construct(string $settingsPath, $settingCacheMethod = null, SapiInterface $sapi = null)
78		{
79		// The reason we do not use `callable` for the input parameter is that at the moment
80		// of calling the callable might not exist. Therefore when created it will pass
81		// `is_callable` check and will be used for getting the cached data.
82		assert(is_null($settingCacheMethod) \|\| is_string($settingCacheMethod) \|\| is_array($settingCacheMethod));
83	2
84		$this->settingsPath = $settingsPath;
85	2	$this->settingCacheMethod = $settingCacheMethod;
86
87		$this->setSapi($sapi ?? new Sapi(new SapiEmitter()));
88		}
89
90		/**
91		* @inheritdoc
92		*
93		* @throws ReflectionException
94		*/
95		protected function getCoreData(): array
96		{
97		return $this->getCacheSettingsProvider()->getCoreData();
98		}
99
100		/**
101	2	* Get container from application. If `method` and `path` are specified the container will be configured
102		* not only with global container configurators but with route's one as well.
103	2	*
104		* @param string\|null $method
105	2	* @param string\|null $path
106	2	*
107	2	* @return LimoncelloContainerInterface
108	2	*
109		* @throws ReflectionException
110		*
111		* @SuppressWarnings(PHPMD.StaticAccess)
112	2	*/
113	2	public function createContainer(string $method = null, string $path = null): LimoncelloContainerInterface
114	2	{
115		$container = $this->createContainerInstance();
116	2
117		$routeConfigurators = [];
118		$coreData = $this->getCoreData();
119		if (empty($method) === false && empty($path) === false) {
120		list(, , , , , $routeConfigurators) = $this->initRouter($coreData)->match($method, $path);
121		}
122
123		// configure container
124	2	assert(!empty($coreData));
125		$globalConfigurators = CoreData::getGlobalConfiguratorsFromData($coreData);
126	2	$this->configureContainer($container, $globalConfigurators, $routeConfigurators);
127
128	2	return $container;
129	2	}
130	2
131	2	/**
132		* @return LimoncelloContainerInterface
133	2	*
134		* @throws ReflectionException
135		*/
136		protected function createContainerInstance(): LimoncelloContainerInterface
137		{
138		$container = new Container();
139	1
140		$settingsProvider = $this->getCacheSettingsProvider();
141	1	$container->offsetSet(SettingsProviderInterface::class, $settingsProvider);
142		$container->offsetSet(CacheSettingsProviderInterface::class, $settingsProvider);
143		$container->offsetSet(RouterInterface::class, $this->getRouter());
144
145		return $container;
146		}
147	2
148		/**
149	2	* @return string
150		*/
151		protected function getSettingsPath(): string
152		{
153		return $this->settingsPath;
154		}
155
156		/**
157		* @return callable\|string\|null
158		*/
159	2	protected function getSettingCacheMethod()
160		{
161	2	return $this->settingCacheMethod;
162	2	}
163
164	2	/**
165	1	* @return CacheSettingsProviderInterface
166	1	*
167		* @throws ReflectionException
168	1	*
169	1	* @SuppressWarnings(PHPMD.ElseExpression)
170	1	* @SuppressWarnings(PHPMD.IfStatementAssignment)
171	1	*/
172	1	private function getCacheSettingsProvider(): CacheSettingsProviderInterface
173	1	{
174		if ($this->cacheSettingsProvider === null) {
175		$provider = new CacheSettingsProvider();
176	1
177		if (is_callable($method = $this->getSettingCacheMethod()) === true) {
178		$data = call_user_func($method);
179	2	$provider->unserialize($data);
		0 ignored issues – show Unused Code introduced 2020-02-09 15:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to the method `Limoncello\Application\S...Provider::unserialize()` seems un-needed as the method has no side-effects. PHP Analyzer performs a side-effects analysis of your code. A side-effect is basically anything that might be visible after the scope of the method is left. Let’s take a look at an example: class User { private $email; public function getEmail() { return $this->email; } public function setEmail($email) { $this->email = $email; } } If we look at the `getEmail()` method, we can see that it has no side-effect. Whether you call this method or not, no future calls to other methods are affected by this. As such code as the following is useless: $user = new User(); $user->getEmail(); // This line could safely be removed as it has no effect. On the hand, if we look at the `setEmail()`, this method _has_ side-effects. In the following case, we could not remove the method call: $user = new User(); $user->setEmail('email@domain'); // This line has a side-effect (it changes an // instance variable). Loading history...
180		} else {
181		$appConfig = $this->createApplicationConfiguration();
182	2	$appData = $appConfig->get();
183		$coreData = new CoreData(
184		$appData[A::KEY_ROUTES_PATH],
185		$appData[A::KEY_CONTAINER_CONFIGURATORS_PATH],
186		$appData[A::KEY_PROVIDER_CLASSES]
187		);
188
189		$provider->setInstanceSettings($appConfig, $coreData, $this->createInstanceSettingsProvider($appData));
190	1	}
191
192		$this->cacheSettingsProvider = $provider;
193	1	}
194	1
195	1	return $this->cacheSettingsProvider;
196	1	}
197
198	1	/**
199	1	* @return A
200	1	*
201		* @throws ReflectionException
202	1	*/
203	1	private function createApplicationConfiguration(): A
204	1	{
205		/** @noinspection PhpParamsInspection */
206	1	$classes = iterator_to_array(static::selectClasses($this->getSettingsPath(), A::class));
207		assert(
208		count($classes) > 0,
209		'Settings path must contain a class implementing ApplicationConfigurationInterface.'
210		);
211		assert(
212		count($classes) === 1,
213		'Settings path must contain only one class implementing ApplicationConfigurationInterface.'
214		);
215		$class = reset($classes);
216	1	$instance = new $class();
217		assert($instance instanceof A);
218
219	1	return $instance;
220		}
221
222	1	/**
223	1	* @param array $applicationData
224	1	*
225		* @return InstanceSettingsProvider
226	1	*
227	1	* @throws ReflectionException
228		*/
229		private function createInstanceSettingsProvider(array $applicationData): InstanceSettingsProvider
230		{
231	1	// Load all settings from path specified
232		$provider = (new FileSettingsProvider($applicationData))->load($this->getSettingsPath());
233
234		// Application settings have a list of providers which might have additional settings to load
235		$providerClasses = $applicationData[A::KEY_PROVIDER_CLASSES];
236		$selectedClasses = $this->selectClassImplements($providerClasses, ProvidesSettingsInterface::class);
237		foreach ($selectedClasses as $providerClass) {
238		/** @var ProvidesSettingsInterface $providerClass */
239		foreach ($providerClass::getSettings() as $setting) {
240		$provider->register($setting);
241		}
242		}
243
244		return $provider;
245		}
246		}
247

limoncello-php-dist / application

Issues (94)

Security Analysis no request data

src/Packages/Application/Application.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like