Issues in RuleNode.php (develop) - Issues in develop - mishal/iless - Measure and Improve Code Quality continuously with Scrutinizer

Issues (191)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/ILess/Node/RuleNode.php (5 issues)

Labels

Severity

Minor 5

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the ILess
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace ILess\Node;

use ILess\Context;
use ILess\Exception\Exception;
use ILess\FileInfo;
use ILess\Node;
use ILess\Output\OutputInterface;
use ILess\Output\StandardOutput;

/**
 * Rule.
 */
class RuleNode extends Node implements MakeableImportantInterface, MarkableAsReferencedInterface
{
    /**
     * Node type.
     *
     * @var string
     */
    protected $type = 'Rule';

    /**
     * The name.
     *
     * @var string
     */
    public $name;

    /**
     * Important keyword ( "!important").
     *
     * @var string
     */
    public $important;

    /**
     * Current index.
     *
     * @var int
     */
    public $index = 0;

    /**
     * Inline flag.
     *
     * @var bool
     */
    public $inline = false;

    /**
     * Is variable?
     *
     * @var bool
     */
    public $variable = false;

    /**
     * Merge flag.
     *
     * @var bool
     */
    public $merge = false;

    /**
     * Constructor.
     *
     * @param string|array $name The rule name
     * @param string|ValueNode $value The value
     * @param string $important Important keyword
     * @param string|null $merge Merge?
     * @param int $index Current index
     * @param FileInfo $currentFileInfo The current file info
     * @param bool $inline Inline flag
     * @param bool|null $variable
     */
    public function __construct(
        $name,
        $value,
        $important = null,
        $merge = null,
        $index = 0,
        FileInfo $currentFileInfo = null,
        $inline = false,
        $variable = null
    ) {
        parent::__construct(($value instanceof Node) ? $value : new ValueNode([$value]));

        $this->name = $name;
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}
        $this->important = $important ? ' ' . trim($important) : '';
        $this->merge = $merge;
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}
        $this->index = $index;
        $this->currentFileInfo = $currentFileInfo;
        $this->inline = (boolean) $inline;
        $this->variable = null !== $variable ? $variable : (is_string($name) && $name[0] === '@');
    }

    /**
     * Compiles the node.
     *
     * @param Context $context The context
     * @param array|null $arguments Array of arguments
     * @param bool|null $important Important flag
     *
     * @return RuleNode
     *
     * @throws
     */
    public function compile(Context $context, $arguments = null, $important = null)
    {
        $strictMathBypass = false;
        $return = null;
        $name = $this->name;
        $variable = $this->variable;

        if (!is_string($name)) {
            // expand 'primitive' name directly to get
            // things faster (~10% for benchmark.less):
            $name = (count($name) === 1 && $name[0] instanceof KeywordNode) ? $name[0]->value : $this->evalName($context,
                $name);
            $variable = false; // never treat expanded interpolation as new variable name
        }

        if ($name === 'font' && !$context->strictMath) {
            $strictMathBypass = true;
            $context->strictMath = true;
        }

        $e = null;
        try {
            array_push($context->importantScope, []);
            $compiledValue = $this->value->compile($context);

            if (!$this->variable && $compiledValue instanceof DetachedRulesetNode) {
                throw new Exception('Rulesets cannot be evaluated on a property.', $this->index,
                    $this->currentFileInfo);
            }

            $important = $this->important;
            $importantResult = array_pop($context->importantScope);

            if (!$important && isset($importantResult['important'])) {
                $important = $importantResult['important'];
            }

            $return = new self($name,
                $compiledValue,
                $important, $this->merge,
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
                $this->index, $this->currentFileInfo,
                $this->inline,
                $variable
            );
        } catch (Exception $e) {
            if ($e instanceof Exception) {
                if ($e->getCurrentFile() === null && $e->getIndex() === null) {
                    $e->setCurrentFile($this->currentFileInfo, $this->index);
                }
            }
        }

        if ($strictMathBypass) {
            $context->strictMath = false;
        }

        if (isset($e)) {
            throw $e;
        }

        return $return;
    }

    /**
     * @param Context $context
     * @param array $name
     *
     * @return string
     */
    private function evalName(Context $context, $name)
    {
        $output = new StandardOutput();
        for ($i = 0, $n = count($name); $i < $n; ++$i) {
            $name[$i]->compile($context)->generateCss($context, $output);
        }

        return $output->toString();
    }

    /**
     * {@inheritdoc}
     */
    public function generateCSS(Context $context, OutputInterface $output)
    {
        $output->add($this->name . ($context->compress ? ':' : ': '), $this->currentFileInfo, $this->index);
        try {
            $this->value->generateCSS($context, $output);
        } catch (Exception $e) {
            if ($this->currentFileInfo) {
                $e->setCurrentFile($this->currentFileInfo, $this->index);
            }
            // rethrow
            throw $e;
        }
        $output->add($this->important . (($this->inline || ($context->lastRule && $context->compress)) ? '' : ';'),
            $this->currentFileInfo, $this->index);
    }

    /**
     * Makes the node important.
     *
     * @return RuleNode
     */
    public function makeImportant()
    {
        return new self(
            $this->name,
            $this->value,
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
            '!important',
            $this->merge,
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
            $this->index,
            $this->currentFileInfo,
            $this->inline
        );
    }

    /**
     * Marks as referenced.
     */
    public function markReferenced()
    {
        if ($this->value) {
            $this->markReferencedRecursive($this->value);
        }
    }

    private function markReferencedRecursive(&$value)
    {
        if (!is_array($value)) {
            if ($value instanceof MarkableAsReferencedInterface) {
                $value->markReferenced();
            }
        } else {
            foreach ($value as &$v) {
                $this->markReferencedRecursive($v);
            }
        }
    }
}


1			<?php
2
3			/*
4			* This file is part of the ILess
5			*
6			* For the full copyright and license information, please view the LICENSE
7			* file that was distributed with this source code.
8			*/
9
10			namespace ILess\Node;
11
12			use ILess\Context;
13			use ILess\Exception\Exception;
14			use ILess\FileInfo;
15			use ILess\Node;
16			use ILess\Output\OutputInterface;
17			use ILess\Output\StandardOutput;
18
19			/**
20			* Rule.
21			*/
22			class RuleNode extends Node implements MakeableImportantInterface, MarkableAsReferencedInterface
23			{
24			/**
25			* Node type.
26			*
27			* @var string
28			*/
29			protected $type = 'Rule';
30
31			/**
32			* The name.
33			*
34			* @var string
35			*/
36			public $name;
37
38			/**
39			* Important keyword ( "!important").
40			*
41			* @var string
42			*/
43			public $important;
44
45			/**
46			* Current index.
47			*
48			* @var int
49			*/
50			public $index = 0;
51
52			/**
53			* Inline flag.
54			*
55			* @var bool
56			*/
57			public $inline = false;
58
59			/**
60			* Is variable?
61			*
62			* @var bool
63			*/
64			public $variable = false;
65
66			/**
67			* Merge flag.
68			*
69			* @var bool
70			*/
71			public $merge = false;
72
73			/**
74			* Constructor.
75			*
76			* @param string\|array $name The rule name
77			* @param string\|ValueNode $value The value
78			* @param string $important Important keyword
79			* @param string\|null $merge Merge?
80			* @param int $index Current index
81			* @param FileInfo $currentFileInfo The current file info
82			* @param bool $inline Inline flag
83			* @param bool\|null $variable
84			*/
85			public function __construct(
86			$name,
87			$value,
88			$important = null,
89			$merge = null,
90			$index = 0,
91			FileInfo $currentFileInfo = null,
92			$inline = false,
93			$variable = null
94			) {
95			parent::__construct(($value instanceof Node) ? $value : new ValueNode([$value]));
96
97			$this->name = $name;
			0 ignored issues – show Documentation Bug introduced 2016-03-10 07:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$name` can also be of type `array`. However, the property `$name` is declared as type `string`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
98			$this->important = $important ? ' ' . trim($important) : '';
99			$this->merge = $merge;
			0 ignored issues – show Documentation Bug introduced 2016-03-10 07:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$merge` can also be of type `string`. However, the property `$merge` is declared as type `boolean`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
100			$this->index = $index;
101			$this->currentFileInfo = $currentFileInfo;
102			$this->inline = (boolean) $inline;
103			$this->variable = null !== $variable ? $variable : (is_string($name) && $name[0] === '@');
104			}
105
106			/**
107			* Compiles the node.
108			*
109			* @param Context $context The context
110			* @param array\|null $arguments Array of arguments
111			* @param bool\|null $important Important flag
112			*
113			* @return RuleNode
114			*
115			* @throws
116			*/
117			public function compile(Context $context, $arguments = null, $important = null)
118			{
119			$strictMathBypass = false;
120			$return = null;
121			$name = $this->name;
122			$variable = $this->variable;
123
124			if (!is_string($name)) {
125			// expand 'primitive' name directly to get
126			// things faster (~10% for benchmark.less):
127			$name = (count($name) === 1 && $name[0] instanceof KeywordNode) ? $name[0]->value : $this->evalName($context,
128			$name);
129			$variable = false; // never treat expanded interpolation as new variable name
130			}
131
132			if ($name === 'font' && !$context->strictMath) {
133			$strictMathBypass = true;
134			$context->strictMath = true;
135			}
136
137			$e = null;
138			try {
139			array_push($context->importantScope, []);
140			$compiledValue = $this->value->compile($context);
141
142			if (!$this->variable && $compiledValue instanceof DetachedRulesetNode) {
143			throw new Exception('Rulesets cannot be evaluated on a property.', $this->index,
144			$this->currentFileInfo);
145			}
146
147			$important = $this->important;
148			$importantResult = array_pop($context->importantScope);
149
150			if (!$important && isset($importantResult['important'])) {
151			$important = $importantResult['important'];
152			}
153
154			$return = new self($name,
155			$compiledValue,
156			$important, $this->merge,
			0 ignored issues – show Documentation introduced 2016-03-10 07:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this->merge` is of type `boolean`, but the function expects a `string\|null`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
157			$this->index, $this->currentFileInfo,
158			$this->inline,
159			$variable
160			);
161			} catch (Exception $e) {
162			if ($e instanceof Exception) {
163			if ($e->getCurrentFile() === null && $e->getIndex() === null) {
164			$e->setCurrentFile($this->currentFileInfo, $this->index);
165			}
166			}
167			}
168
169			if ($strictMathBypass) {
170			$context->strictMath = false;
171			}
172
173			if (isset($e)) {
174			throw $e;
175			}
176
177			return $return;
178			}
179
180			/**
181			* @param Context $context
182			* @param array $name
183			*
184			* @return string
185			*/
186			private function evalName(Context $context, $name)
187			{
188			$output = new StandardOutput();
189			for ($i = 0, $n = count($name); $i < $n; ++$i) {
190			$name[$i]->compile($context)->generateCss($context, $output);
191			}
192
193			return $output->toString();
194			}
195
196			/**
197			* {@inheritdoc}
198			*/
199			public function generateCSS(Context $context, OutputInterface $output)
200			{
201			$output->add($this->name . ($context->compress ? ':' : ': '), $this->currentFileInfo, $this->index);
202			try {
203			$this->value->generateCSS($context, $output);
204			} catch (Exception $e) {
205			if ($this->currentFileInfo) {
206			$e->setCurrentFile($this->currentFileInfo, $this->index);
207			}
208			// rethrow
209			throw $e;
210			}
211			$output->add($this->important . (($this->inline \|\| ($context->lastRule && $context->compress)) ? '' : ';'),
212			$this->currentFileInfo, $this->index);
213			}
214
215			/**
216			* Makes the node important.
217			*
218			* @return RuleNode
219			*/
220			public function makeImportant()
221			{
222			return new self(
223			$this->name,
224			$this->value,
			0 ignored issues – show Bug introduced 2016-03-10 07:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->value` can also be of type `object<ILess\Node>`; however, `ILess\Node\RuleNode::__construct()` does only seem to accept `string\|object<ILess\Node\ValueNode>`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
225			'!important',
226			$this->merge,
			0 ignored issues – show Documentation introduced 2016-03-10 07:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this->merge` is of type `boolean`, but the function expects a `string\|null`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
227			$this->index,
228			$this->currentFileInfo,
229			$this->inline
230			);
231			}
232
233			/**
234			* Marks as referenced.
235			*/
236			public function markReferenced()
237			{
238			if ($this->value) {
239			$this->markReferencedRecursive($this->value);
240			}
241			}
242
243			private function markReferencedRecursive(&$value)
244			{
245			if (!is_array($value)) {
246			if ($value instanceof MarkableAsReferencedInterface) {
247			$value->markReferenced();
248			}
249			} else {
250			foreach ($value as &$v) {
251			$this->markReferencedRecursive($v);
252			}
253			}
254			}
255			}
256

mishal / iless

Issues (191)

Security Analysis no request data

lib/ILess/Node/RuleNode.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like