Issues in Configuration.php (master) - Issues in master - mathielen/ImportEngineBundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (16)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

DependencyInjection/Configuration.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Mathielen\ImportEngineBundle\DependencyInjection;

use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;

class Configuration implements ConfigurationInterface
{
    public function getConfigTreeBuilder()
    {
        $storageTypes = array('callable', 'service', 'array', 'doctrine', 'file');
        $providerTypes = array('file', 'directory', 'upload', 'doctrine', 'service', 'dbal');
        $fileFormats = array('csv', 'excel', 'xml', 'yaml');

        $treeBuilder = new TreeBuilder();

        $treeBuilder

            ->root('mathielen_import_engine')
            ->fixXmlConfig('importer')
                ->children()
                    ->arrayNode('storageprovider')
                        ->useAttributeAsKey('name')
                        ->prototype('array')
                            ->fixXmlConfig('service') //allows <service> instead of <services>
                            ->fixXmlConfig('query', 'queries') //allows <query> instead of <queries>
                            ->children()
                                ->enumNode('type')
                                    ->values($providerTypes)
                                ->end()
                                ->scalarNode('uri')->end()                      //file
                                ->scalarNode('connection_factory')->end()       //dbal & doctrine
                                ->arrayNode('services')
                                    ->useAttributeAsKey('name')
                                    ->prototype('array')
                                        ->fixXmlConfig('method') //allows <method> instead of <methods>
                                        ->beforeNormalization()
                                            ->ifArray()
                                            ->then(function ($v) { return isset($v['methods']) || isset($v['method']) ? $v : array('methods' => $v); })
                                        ->end()
                                        ->children()
                                            ->arrayNode('methods')
                                                ->prototype('scalar')->end()
                                            ->end()
                                        ->end()
                                    ->end()
                                ->end()
                                ->arrayNode('queries')                          //dbal & doctrine
                                    ->beforeNormalization()
                                        ->ifString()
                                        ->then(function ($v) { return [$v]; })
                                    ->end()
                                    ->useAttributeAsKey('name')
                                    ->prototype('scalar')->end()
                                ->end()
                            ->end()
                        ->end()
                    ->end()
                    ->arrayNode('importers')
                        ->requiresAtLeastOneElement()
                        ->useAttributeAsKey('name')
                        ->prototype('array')
                            ->fixXmlConfig('mapping') //allows <mapping> instead of <mappings>
                            ->children()
                                ->arrayNode('context')
                                    ->beforeNormalization()
                                        ->ifString()
                                        ->then(function ($v) { return array($v); })
                                    ->end()
                                    ->prototype('variable')->end()
                                ->end()

                                ->arrayNode('preconditions')
                                    ->fixXmlConfig('field')  //allows <field> instead of <fields>
                                    ->children()
                                        ->arrayNode('format')
                                            ->beforeNormalization()
                                                ->ifString()
                                                ->then(function ($v) { return array($v); })
                                            ->end()
                                            ->prototype('enum')
                                                ->values($fileFormats)
                                            ->end()
                                        ->end()
                                        ->integerNode('fieldcount')->min(0)->end()
                                        ->arrayNode('filename')
                                            ->beforeNormalization()
                                                ->ifString()
                                                ->then(function ($v) { return array($v); })
                                            ->end()
                                            ->prototype('scalar')->end()
                                        ->end()
                                        ->arrayNode('fieldset')
                                            ->prototype('scalar')->end()
                                        ->end()
                                        ->arrayNode('fields')
                                            ->prototype('scalar')->end()
                                        ->end()
                                    ->end()
                                ->end()

                                ->arrayNode('object_factory')
                                    ->children()
                                        ->enumNode('type')
                                            ->defaultValue('default')
                                            ->values(array('default', 'jms_serializer'))
                                        ->end()
                                        ->scalarNode('class')
                                        ->end()
                                    ->end()
                                ->end()

                                ->arrayNode('filters')
                                    ->prototype('scalar')->end()
                                ->end()

                                ->arrayNode('mappings')
                                    ->normalizeKeys(false) //do not change - to _ with field names
                                    ->useAttributeAsKey('from')
                                    ->prototype('array')
                                        ->beforeNormalization()
                                            ->ifString()
                                            ->then(function ($v) { return array('to' => $v); })
                                        ->end()
                                        ->children()
                                            ->scalarNode('to')->end()
                                            ->scalarNode('converter')->end()
                                        ->end()
                                    ->end()
                                ->end()

                                ->arrayNode('source')
                                    ->children()
                                        ->enumNode('type')
                                            ->values($storageTypes)
                                        ->end()
                                        ->scalarNode('uri')->end()
                                        ->arrayNode('format')            //file
                                            ->fixXmlConfig('argument')
                                            ->beforeNormalization()
                                                ->ifString()
                                                ->then(function ($v) { return array('type' => $v); })
                                            ->end()
                                            ->children()
                                                ->scalarNode('type')->isRequired()->end()
                                                    ->arrayNode('arguments')
                                                    ->prototype('scalar')->end()
                                                ->end()
                                            ->end()
                                        ->end()
                                        ->scalarNode('service')->end()
                                        ->scalarNode('method')->end()
                                    ->end()
                                ->end()

                                ->arrayNode('validation')
                                    ->children()
                                        ->arrayNode('options')
                                            ->children()
                                                ->booleanNode('allowExtraFields')->end()
                                                ->booleanNode('allowMissingFields')->end()
                                            ->end()
                                        ->end()
                                        ->arrayNode('source')
                                            ->fixXmlConfig('constraint') //allows <constraint> instead of <constraints>
                                            ->beforeNormalization()
                                                ->ifArray()
                                                ->then(function ($v) { return isset($v['constraint']) || isset($v['constraints']) ? $v : array('constraints' => $v); })

                                            ->end()
                                            ->children()
                                                ->arrayNode('constraints')
                                                    ->useAttributeAsKey('field')
                                                    ->prototype('scalar')->end()
                                                ->end()
                                            ->end()
                                        ->end()
                                        ->arrayNode('target')
                                            ->fixXmlConfig('constraint') //allows <constraint> instead of <constraints>
                                            ->beforeNormalization()
                                                ->ifArray()
                                                ->then(function ($v) { return isset($v['constraint']) || isset($v['constraints']) ? $v : array('constraints' => $v); })

                                            ->end()
                                            ->children()
                                                ->arrayNode('constraints')
                                                    ->useAttributeAsKey('field')
                                                    ->prototype('scalar')->end()
                                                ->end()
                                            ->end()
                                        ->end()
                                    ->end()
                                ->end()

                                ->arrayNode('target')
                                    ->isRequired()
                                    ->beforeNormalization()
                                        ->always()
                                        ->then(function ($v) { return !isset($v['type']) ? ['type' => 'callable', 'callable' => $v] : $v; })
                                    ->end()
                                    ->children()
                                        ->enumNode('type')
                                            ->values($storageTypes)
                                        ->end()
                                        ->arrayNode('format')            //file
                                            ->fixXmlConfig('argument')
                                            ->beforeNormalization()
                                                ->ifString()
                                                ->then(function ($v) { return ['type' => $v]; })
                                            ->end()
                                            ->children()
                                                ->scalarNode('type')->isRequired()->end()
                                                ->arrayNode('arguments')
                                                    ->prototype('scalar')->end()
                                                ->end()
                                            ->end()
                                        ->end()
                                        ->scalarNode('uri')->end()      //file
                                        ->variableNode('callable')->end()  //callable
                                        ->variableNode('service')->end()  //service
                                        ->variableNode('method')->end()  //service
                                        ->scalarNode('entity')->end()   //doctrine
                                    ->end()
                                ->end()
                            ->end()
                        ->end()
                    ->end()
                ->end();

        return $treeBuilder;
    }
}


1			<?php
2
3			namespace Mathielen\ImportEngineBundle\DependencyInjection;
4
5			use Symfony\Component\Config\Definition\Builder\TreeBuilder;
6			use Symfony\Component\Config\Definition\ConfigurationInterface;
7
8			class Configuration implements ConfigurationInterface
9			{
10	11		public function getConfigTreeBuilder()
11			{
12	11		$storageTypes = array('callable', 'service', 'array', 'doctrine', 'file');
13	11		$providerTypes = array('file', 'directory', 'upload', 'doctrine', 'service', 'dbal');
14	11		$fileFormats = array('csv', 'excel', 'xml', 'yaml');
15
16	11		$treeBuilder = new TreeBuilder();
			0 ignored issues – show Bug introduced 2020-11-09 10:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `TreeBuilder::__construct()` misses a required argument `$name`. This check looks for function calls that miss required arguments. Loading history...
17			$treeBuilder
			0 ignored issues – show Bug introduced 2020-11-09 10:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `root()` does not seem to exist on `object<Symfony\Component...on\Builder\TreeBuilder>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
18	11		->root('mathielen_import_engine')
19	11		->fixXmlConfig('importer')
20	11		->children()
21	11		->arrayNode('storageprovider')
22	11		->useAttributeAsKey('name')
23	11		->prototype('array')
24	11		->fixXmlConfig('service') //allows <service> instead of <services>
25	11		->fixXmlConfig('query', 'queries') //allows <query> instead of <queries>
26	11		->children()
27	11		->enumNode('type')
28	11		->values($providerTypes)
29	11		->end()
30	11		->scalarNode('uri')->end() //file
31	11		->scalarNode('connection_factory')->end() //dbal & doctrine
32	11		->arrayNode('services')
33	11		->useAttributeAsKey('name')
34	11		->prototype('array')
35	11		->fixXmlConfig('method') //allows <method> instead of <methods>
36	11		->beforeNormalization()
37	11		->ifArray()
38			->then(function ($v) { return isset($v['methods']) \|\| isset($v['method']) ? $v : array('methods' => $v); })
39	11		->end()
40	11		->children()
41	11		->arrayNode('methods')
42	11		->prototype('scalar')->end()
43	11		->end()
44	11		->end()
45	11		->end()
46	11		->end()
47	11		->arrayNode('queries') //dbal & doctrine
48	11		->beforeNormalization()
49	11		->ifString()
50			->then(function ($v) { return [$v]; })
51	11		->end()
52	11		->useAttributeAsKey('name')
53	11		->prototype('scalar')->end()
54	11		->end()
55	11		->end()
56	11		->end()
57	11		->end()
58	11		->arrayNode('importers')
59	11		->requiresAtLeastOneElement()
60	11		->useAttributeAsKey('name')
61	11		->prototype('array')
62	11		->fixXmlConfig('mapping') //allows <mapping> instead of <mappings>
63	11		->children()
64	11		->arrayNode('context')
65	11		->beforeNormalization()
66	11		->ifString()
67			->then(function ($v) { return array($v); })
68	11		->end()
69	11		->prototype('variable')->end()
70	11		->end()
71
72	11		->arrayNode('preconditions')
73	11		->fixXmlConfig('field') //allows <field> instead of <fields>
74	11		->children()
75	11		->arrayNode('format')
76	11		->beforeNormalization()
77	11		->ifString()
78			->then(function ($v) { return array($v); })
79	11		->end()
80	11		->prototype('enum')
81	11		->values($fileFormats)
82	11		->end()
83	11		->end()
84	11		->integerNode('fieldcount')->min(0)->end()
85	11		->arrayNode('filename')
86	11		->beforeNormalization()
87	11		->ifString()
88			->then(function ($v) { return array($v); })
89	11		->end()
90	11		->prototype('scalar')->end()
91	11		->end()
92	11		->arrayNode('fieldset')
93	11		->prototype('scalar')->end()
94	11		->end()
95	11		->arrayNode('fields')
96	11		->prototype('scalar')->end()
97	11		->end()
98	11		->end()
99	11		->end()
100
101	11		->arrayNode('object_factory')
102	11		->children()
103	11		->enumNode('type')
104	11		->defaultValue('default')
105	11		->values(array('default', 'jms_serializer'))
106	11		->end()
107	11		->scalarNode('class')
108	11		->end()
109	11		->end()
110	11		->end()
111
112	11		->arrayNode('filters')
113	11		->prototype('scalar')->end()
114	11		->end()
115
116	11		->arrayNode('mappings')
117	11		->normalizeKeys(false) //do not change - to _ with field names
118	11		->useAttributeAsKey('from')
119	11		->prototype('array')
120	11		->beforeNormalization()
121	11		->ifString()
122			->then(function ($v) { return array('to' => $v); })
123	11		->end()
124	11		->children()
125	11		->scalarNode('to')->end()
126	11		->scalarNode('converter')->end()
127	11		->end()
128	11		->end()
129	11		->end()
130
131	11		->arrayNode('source')
132	11		->children()
133	11		->enumNode('type')
134	11		->values($storageTypes)
135	11		->end()
136	11		->scalarNode('uri')->end()
137	11		->arrayNode('format') //file
138	11		->fixXmlConfig('argument')
139	11		->beforeNormalization()
140	11		->ifString()
141			->then(function ($v) { return array('type' => $v); })
142	11		->end()
143	11		->children()
144	11		->scalarNode('type')->isRequired()->end()
145	11		->arrayNode('arguments')
146	11		->prototype('scalar')->end()
147	11		->end()
148	11		->end()
149	11		->end()
150	11		->scalarNode('service')->end()
151	11		->scalarNode('method')->end()
152	11		->end()
153	11		->end()
154
155	11		->arrayNode('validation')
156	11		->children()
157	11		->arrayNode('options')
158	11		->children()
159	11		->booleanNode('allowExtraFields')->end()
160	11		->booleanNode('allowMissingFields')->end()
161	11		->end()
162	11		->end()
163	11		->arrayNode('source')
164	11		->fixXmlConfig('constraint') //allows <constraint> instead of <constraints>
165	11		->beforeNormalization()
166	11		->ifArray()
167		View Code Duplication	->then(function ($v) { return isset($v['constraint']) \|\| isset($v['constraints']) ? $v : array('constraints' => $v); })
			0 ignored issues – show Duplication introduced 2015-12-04 08:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
168	11		->end()
169	11		->children()
170	11		->arrayNode('constraints')
171	11		->useAttributeAsKey('field')
172	11		->prototype('scalar')->end()
173	11		->end()
174	11		->end()
175	11		->end()
176	11		->arrayNode('target')
177	11		->fixXmlConfig('constraint') //allows <constraint> instead of <constraints>
178	11		->beforeNormalization()
179	11		->ifArray()
180		View Code Duplication	->then(function ($v) { return isset($v['constraint']) \|\| isset($v['constraints']) ? $v : array('constraints' => $v); })
			0 ignored issues – show Duplication introduced 2015-12-04 08:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
181	11		->end()
182	11		->children()
183	11		->arrayNode('constraints')
184	11		->useAttributeAsKey('field')
185	11		->prototype('scalar')->end()
186	11		->end()
187	11		->end()
188	11		->end()
189	11		->end()
190	11		->end()
191
192	11		->arrayNode('target')
193	11		->isRequired()
194	11		->beforeNormalization()
195	11		->always()
196			->then(function ($v) { return !isset($v['type']) ? ['type' => 'callable', 'callable' => $v] : $v; })
197	11		->end()
198	11		->children()
199	11		->enumNode('type')
200	11		->values($storageTypes)
201	11		->end()
202	11		->arrayNode('format') //file
203	11		->fixXmlConfig('argument')
204	11		->beforeNormalization()
205	11		->ifString()
206			->then(function ($v) { return ['type' => $v]; })
207	11		->end()
208	11		->children()
209	11		->scalarNode('type')->isRequired()->end()
210	11		->arrayNode('arguments')
211	11		->prototype('scalar')->end()
212	11		->end()
213	11		->end()
214	11		->end()
215	11		->scalarNode('uri')->end() //file
216	11		->variableNode('callable')->end() //callable
217	11		->variableNode('service')->end() //service
218	11		->variableNode('method')->end() //service
219	11		->scalarNode('entity')->end() //doctrine
220	11		->end()
221	11		->end()
222	11		->end()
223	11		->end()
224	11		->end()
225	11		->end();
226
227	11		return $treeBuilder;
228			}
229			}
230

mathielen / ImportEngineBundle

Issues (16)

Security Analysis no request data

DependencyInjection/Configuration.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like