Console::action() - Code Metrics - linpax/microphp-framework - Measure and Improve Code Quality continuously with Scrutinizer

Console::action() A
last analyzed 2016-11-09 05:13 UTC

↳ Parent: Console

Complexity

Conditions	3
Paths	4

Size

Total Lines	21
Code Lines	12

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	21
rs	9.3142
c	0
b	0
f	0
cc	3
eloc	12
nc	4
nop	1

<?php /** MicroConsole */

namespace Micro\Cli;

use Micro\Base\Exception;
use Micro\Web\ResponseInjector;
use Psr\Http\Message\ResponseInterface;

/**
 * Console class file.
 *
 * @author Oleg Lunegov <[email protected]>
 * @link https://github.com/linpax/microphp-framework
 * @copyright Copyright (c) 2013 Oleg Lunegov
 * @license https://github.com/linpax/microphp-framework/blob/master/LICENSE
 * @package Micro
 * @subpackage Cli
 * @version 1.0
 * @since 1.0
 * @abstract
 */
class Console
{
    /** @var string $command Parsed command */
    protected $command;


    /**
     * Constructor command
     *
     * @access public
     * @result void
     */
    public function __construct()
    {
    }

    /**
     * Run action of console command by name
     *
     * @access public
     *
     * @param string $name Command name
     *
     * @return ResponseInterface
     * @throws \RuntimeException|\InvalidArgumentException|Exception
     */
    public function action($name)
    {
        $command = '\\App\\Consoles\\'.ucfirst($name).'ConsoleCommand';
        $command = class_exists($command) ? $command : '\\Micro\\Cli\\Consoles\\'.ucfirst($name).'ConsoleCommand';

        if (!class_exists($command)) {
            throw new Exception('Command `'.$name.'` not found');
        }

        /** @var ConsoleCommand $command */
        $command = new $command();
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
        $command->execute();

        $response = (new ResponseInjector)->build();
        $response = $response->withHeader('status', (string)(int)$command->result);

        $stream = $response->getBody();
        $stream->write($command->message);

        return $response->withBody($stream);
    }
}


Console::action() A
last analyzed 2016-11-09 05:13 UTC

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

General Strategies to prevent injection

1			<?php /** MicroConsole */
2
3			namespace Micro\Cli;
4
5			use Micro\Base\Exception;
6			use Micro\Web\ResponseInjector;
7			use Psr\Http\Message\ResponseInterface;
8
9			/**
10			* Console class file.
11			*
12			* @author Oleg Lunegov <[email protected]>
13			* @link https://github.com/linpax/microphp-framework
14			* @copyright Copyright (c) 2013 Oleg Lunegov
15			* @license https://github.com/linpax/microphp-framework/blob/master/LICENSE
16			* @package Micro
17			* @subpackage Cli
18			* @version 1.0
19			* @since 1.0
20			* @abstract
21			*/
22			class Console
23			{
24			/** @var string $command Parsed command */
25			protected $command;
26
27
28			/**
29			* Constructor command
30			*
31			* @access public
32			* @result void
33			*/
34			public function __construct()
35			{
36			}
37
38			/**
39			* Run action of console command by name
40			*
41			* @access public
42			*
43			* @param string $name Command name
44			*
45			* @return ResponseInterface
46			* @throws \RuntimeException\|\InvalidArgumentException\|Exception
47			*/
48			public function action($name)
49			{
50			$command = '\\App\\Consoles\\'.ucfirst($name).'ConsoleCommand';
51			$command = class_exists($command) ? $command : '\\Micro\\Cli\\Consoles\\'.ucfirst($name).'ConsoleCommand';
52
53			if (!class_exists($command)) {
54			throw new Exception('Command `'.$name.'` not found');
55			}
56
57			/** @var ConsoleCommand $command */
58			$command = new $command();
			0 ignored issues – show Security Code Execution introduced 2016-11-09 03:32 UTC by Report Bug Copy Issue Report `$command` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_GET,` and `$query ?: $_GET` is passed to ServerRequest::__construct() in vendor/src/ServerRequestFactory.php on line 71 ServerRequest::$queryParams is assigned in vendor/src/ServerRequest.php on line 101 Tainted property ServerRequest::$queryParams is read in vendor/src/ServerRequest.php on line 156 ServerRequest::getQueryParams() returns tainted data, and `$rawQuery` is assigned in src/mvc/MvcResolver.php on line 53 `$query` is assigned in src/mvc/MvcResolver.php on line 55 `$query` is assigned in src/mvc/MvcResolver.php on line 56 MvcResolver::$uri is assigned in src/mvc/MvcResolver.php on line 58 Tainted property MvcResolver::$uri is read, and `$this->uri` is passed through substr(), and `substr($this->uri, 0, $key ?: strlen($this->uri))` is passed through explode(), and `$uriBlocks` is assigned in src/mvc/MvcResolver.php on line 84 `$uriBlocks` is passed to MvcResolver::prepareAction() in src/mvc/MvcResolver.php on line 93 `$uriBlocks` is passed through array_shift(), and MvcResolver::$action is assigned in src/mvc/MvcResolver.php on line 202 Tainted property MvcResolver::$action is read in src/mvc/MvcResolver.php on line 264 MvcResolver::getAction() returns tainted data, and `$action` is assigned in src/base/Application.php on line 88 `(string) $action` is passed to Console::action() in src/base/Application.php on line 97 `$name` is passed through ucfirst(), and `$command` is assigned in src/cli/Console.php on line 51 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
59			$command->execute();
60
61			$response = (new ResponseInjector)->build();
62			$response = $response->withHeader('status', (string)(int)$command->result);
63
64			$stream = $response->getBody();
65			$stream->write($command->message);
66
67			return $response->withBody($stream);
68			}
69			}
70

linpax / microphp-framework

Console::action() A last analyzed 2016-11-09 05:13 UTC

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like

Console::action() A
last analyzed 2016-11-09 05:13 UTC