Issues in Database.php (master) - Issues in master - mosiyash/taisiya-propel-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (20)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Database/Database.php (1 issue)

Labels

Bug 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Taisiya\PropelBundle\Database;

use Taisiya\PropelBundle\Database\Exception\InvalidArgumentException;

abstract class Database implements DatabaseInterface
{
    const ID_METHOD_NATIVE             = 'native';
    const ID_METHOD_NONE               = 'none';
    const PHP_NAMING_METHOD_NOCHANGE   = 'nochange';
    const PHP_NAMING_METHOD_UNDERSCORE = 'underscore';
    const PHP_NAMING_METHOD_PHPNAME    = 'phpname';
    const PHP_NAMING_METHOD_CLEAN      = 'clean';

    /**
     * @var array
     */
    private $tables = [];

    /**
     * The default id method to use for auto-increment columns.
     *
     * @var string
     */
    private $defaultIdMethod = self::ID_METHOD_NATIVE;

    /**
     * The “package” for the generated classes.
     * Classes are created in subdirectories according to the package value.
     *
     * @var string|null
     */
    private $package = null;

    /**
     * The default SQL schema containing the tables.
     * Ignored on RDBMS not supporting database schemas.
     *
     * @var string|null
     */
    private $schema = null;

    /**
     * The default namespace that generated model classes will use (PHP 5.3 only).
     * This attribute can be completed or overridden at the table level.
     *
     * @var string|null
     */
    private $namespace = null;

    /**
     * The default base class that all generated Propel objects should extend
     * (in place of propel.om.BaseObject).
     *
     * @var string|null
     */
    private $baseClass = null;

    /**
     * The default naming method to use for tables of this database.
     * Defaults to underscore, which transforms table names into CamelCase phpNames.
     *
     * @var string
     */
    private $defaultPhpNamingMethod = self::PHP_NAMING_METHOD_UNDERSCORE;

    /**
     * Adds indexes for each component of the primary key (when using composite primary keys).
     *
     * @var bool
     */
    private $heavyIndexing = false;

    /**
     * Auotes all identifiers (table name, column names) in DDL and SQL queries.
     * This is necessary if you use reserved words as table or column name.
     *
     * @var bool
     */
    private $identifierQuoting = false;

    /**
     * Prefix to all the SQL table names.
     *
     * @var string|null
     */
    private $tablePrefix = null;

    /**
     * Database constructor.
     *
     * @param string $defaultIdMethod Sets the default id method to use for auto-increment columns
     *
     * @throws InvalidArgumentException
     */
    final public function __construct(string $defaultIdMethod = self::ID_METHOD_NATIVE)
    {
        if (!in_array($defaultIdMethod, [self::ID_METHOD_NATIVE, self::ID_METHOD_NONE])) {
            throw new InvalidArgumentException('Incorrect value for defaultIdValue');
        }

        $this->defaultIdMethod = $defaultIdMethod;
    }

    /**
     * Gets the default id method.
     *
     * @return string
     */
    final public function getDefaultIdMethod(): string
    {
        return $this->defaultIdMethod;
    }

    /**
     * @param Table $table
     *
     * @throws InvalidArgumentException
     *
     * @return Database
     */
    final public function createTable(Table $table): Database
    {
        if ($this->hasTable($table::getName())) {
            throw new InvalidArgumentException('Table '.$table::getName().' already added');
        }

        $this->tables[$table::getName()] = $table;

        return $this;
    }

    /**
     * @param Table $table
     *
     * @return Database
     */
    final public function createTableIfNotExists(Table $table): Database
    {
        if (!$this->hasTable($table::getName())) {
            $this->createTable($table);
        }

        return $this;
    }

    /**
     * @param Table $table
     *
     * @throws InvalidArgumentException
     *
     * @return Database
     */
    final public function removeTable(Table $table): Database
    {
        if (!$this->hasTable($table::getName())) {
            throw new InvalidArgumentException('Table '.$table::getName().' not exists');
        }

        unset($this->tables[$table::getName()]);

        return $this;
    }

    /**
     * @param string $name
     *
     * @throws InvalidArgumentException
     *
     * @return Table
     */
    final public function getTable(string $name): Table
    {
        if (!array_key_exists($name, $this->tables)) {
            throw new InvalidArgumentException('Table '.$name.' not added');
        }

        return $this->tables[$name];
    }

    /**
     * @param string $name
     *
     * @return bool
     */
    final public function hasTable(string $name): bool
    {
        return array_key_exists($name, $this->tables);
    }

    /**
     * @return array
     */
    final public function getTables(): array
    {
        return $this->tables;
    }

    /**
     * @return null|string
     */
    final public function getPackage(): ? string

    {
        return $this->package;
    }

    /**
     * @param string|null $package
     *
     * @return Database
     */
    final public function setPackage(string $package = null) : Database
    {
        $this->package = $package;

        return $this;
    }

    /**
     * @return null|string
     */
    final public function getSchema(): ? string
    {
        return $this->schema;
    }

    /**
     * @param string|null $schema
     *
     * @return Database
     */
    final public function setSchema(string $schema = null) : Database
    {
        $this->schema = $schema;

        return $this;
    }

    /**
     * @return null|string
     */
    final public function getNamespace(): ? string
    {
        return $this->namespace;
    }

    /**
     * @param null|string $namespace
     *
     * @return Database
     */
    final public function setNamespace(string $namespace = null) : Database
    {
        $this->namespace = $namespace;

        return $this;
    }

    /**
     * @return null|string
     */
    final public function getBaseClass(): ? string
    {
        return $this->baseClass;
    }

    /**
     * @param null|string $baseClass
     *
     * @return Database
     */
    final public function setBaseClass(string $baseClass = null) : Database
    {
        $this->baseClass = $baseClass;

        return $this;
    }

    /**
     * @return string
     */
    final public function getDefaultPhpNamingMethod(): string
    {
        return $this->defaultPhpNamingMethod;
    }

    /**
     * @param string $defaultPhpNamingMethod
     *
     * @throws InvalidArgumentException
     *
     * @return Database
     */
    final public function setDefaultPhpNamingMethod(string $defaultPhpNamingMethod): Database
    {
        $availableMethods = [
            self::PHP_NAMING_METHOD_NOCHANGE,
            self::PHP_NAMING_METHOD_UNDERSCORE,
            self::PHP_NAMING_METHOD_PHPNAME,
            self::PHP_NAMING_METHOD_CLEAN,
        ];

        if (!in_array($defaultPhpNamingMethod, $availableMethods)) {
            throw new InvalidArgumentException('Invalid naming method.');
        }

        $this->defaultPhpNamingMethod = $defaultPhpNamingMethod;

        return $this;
    }

    /**
     * @return bool
     */
    final public function isHeavyIndexing(): bool
    {
        return $this->heavyIndexing;
    }

    /**
     * @param bool $heavyIndexing
     *
     * @return Database
     */
    final public function setHeavyIndexing(bool $heavyIndexing): Database
    {
        $this->heavyIndexing = $heavyIndexing;

        return $this;
    }

    /**
     * @return bool
     */
    final public function isIdentifierQuoting(): bool
    {
        return $this->identifierQuoting;
    }

    /**
     * @param bool $identifierQuoting
     *
     * @return Database
     */
    final public function setIdentifierQuoting(bool $identifierQuoting): Database
    {
        $this->identifierQuoting = $identifierQuoting;

        return $this;
    }

    /**
     * @return null|string
     */
    final public function getTablePrefix(): ? string
    {
        return $this->tablePrefix;
    }

    /**
     * @param null|string $tablePrefix
     *
     * @return Database
     */
    final public function setTablePrefix(string $tablePrefix = null) : Database
    {
        $this->tablePrefix = $tablePrefix;

        return $this;
    }

    /**
     * @param \DOMDocument $dom
     */
    final public function appendToXmlDocument(\DOMDocument $dom): void
    {
        $database = $dom->createElement('database');
        $database->setAttribute('name', $this::getName());
        $database->setAttribute('defaultIdMethod', $this->getDefaultIdMethod());

        $additionalProperties = [
            'package',
            'schema',
            'namespace',
            'baseClass',
            'defaultPhpNamingMethod',
            'heavyIndexing',
            'identifierQuoting',
            'tablePrefix',
        ];

        foreach ($additionalProperties as $propertyName) {
            $method = method_exists($this, 'get'.ucfirst($propertyName))
                ? 'get'.ucfirst($propertyName)
                : 'is'.ucfirst($propertyName);

            $propertyValue = $this->{$method}();
            if ($propertyValue != '') {
                if (is_bool($propertyValue)) {
                    $propertyValue = $propertyValue ? 'true' : false;
                }
                $database->setAttribute($propertyName, $propertyValue);
            }
        }

        /** @var Table $table */
        foreach ($this->getTables() as $table) {
            $table->appendToXmlDocument($dom, $database);
        }

        $dom->appendChild($database);
    }
}


1			<?php
2
3			namespace Taisiya\PropelBundle\Database;
4
5			use Taisiya\PropelBundle\Database\Exception\InvalidArgumentException;
6
7			abstract class Database implements DatabaseInterface
8			{
9			const ID_METHOD_NATIVE = 'native';
10			const ID_METHOD_NONE = 'none';
11			const PHP_NAMING_METHOD_NOCHANGE = 'nochange';
12			const PHP_NAMING_METHOD_UNDERSCORE = 'underscore';
13			const PHP_NAMING_METHOD_PHPNAME = 'phpname';
14			const PHP_NAMING_METHOD_CLEAN = 'clean';
15
16			/**
17			* @var array
18			*/
19			private $tables = [];
20
21			/**
22			* The default id method to use for auto-increment columns.
23			*
24			* @var string
25			*/
26			private $defaultIdMethod = self::ID_METHOD_NATIVE;
27
28			/**
29			* The “package” for the generated classes.
30			* Classes are created in subdirectories according to the package value.
31			*
32			* @var string\|null
33			*/
34			private $package = null;
35
36			/**
37			* The default SQL schema containing the tables.
38			* Ignored on RDBMS not supporting database schemas.
39			*
40			* @var string\|null
41			*/
42			private $schema = null;
43
44			/**
45			* The default namespace that generated model classes will use (PHP 5.3 only).
46			* This attribute can be completed or overridden at the table level.
47			*
48			* @var string\|null
49			*/
50			private $namespace = null;
51
52			/**
53			* The default base class that all generated Propel objects should extend
54			* (in place of propel.om.BaseObject).
55			*
56			* @var string\|null
57			*/
58			private $baseClass = null;
59
60			/**
61			* The default naming method to use for tables of this database.
62			* Defaults to underscore, which transforms table names into CamelCase phpNames.
63			*
64			* @var string
65			*/
66			private $defaultPhpNamingMethod = self::PHP_NAMING_METHOD_UNDERSCORE;
67
68			/**
69			* Adds indexes for each component of the primary key (when using composite primary keys).
70			*
71			* @var bool
72			*/
73			private $heavyIndexing = false;
74
75			/**
76			* Auotes all identifiers (table name, column names) in DDL and SQL queries.
77			* This is necessary if you use reserved words as table or column name.
78			*
79			* @var bool
80			*/
81			private $identifierQuoting = false;
82
83			/**
84			* Prefix to all the SQL table names.
85			*
86			* @var string\|null
87			*/
88			private $tablePrefix = null;
89
90			/**
91			* Database constructor.
92			*
93			* @param string $defaultIdMethod Sets the default id method to use for auto-increment columns
94			*
95			* @throws InvalidArgumentException
96			*/
97			final public function __construct(string $defaultIdMethod = self::ID_METHOD_NATIVE)
98			{
99			if (!in_array($defaultIdMethod, [self::ID_METHOD_NATIVE, self::ID_METHOD_NONE])) {
100			throw new InvalidArgumentException('Incorrect value for defaultIdValue');
101			}
102
103			$this->defaultIdMethod = $defaultIdMethod;
104			}
105
106			/**
107			* Gets the default id method.
108			*
109			* @return string
110			*/
111			final public function getDefaultIdMethod(): string
112			{
113			return $this->defaultIdMethod;
114			}
115
116			/**
117			* @param Table $table
118			*
119			* @throws InvalidArgumentException
120			*
121			* @return Database
122			*/
123			final public function createTable(Table $table): Database
124			{
125			if ($this->hasTable($table::getName())) {
126			throw new InvalidArgumentException('Table '.$table::getName().' already added');
127			}
128
129			$this->tables[$table::getName()] = $table;
130
131			return $this;
132			}
133
134			/**
135			* @param Table $table
136			*
137			* @return Database
138			*/
139			final public function createTableIfNotExists(Table $table): Database
140			{
141			if (!$this->hasTable($table::getName())) {
142			$this->createTable($table);
143			}
144
145			return $this;
146			}
147
148			/**
149			* @param Table $table
150			*
151			* @throws InvalidArgumentException
152			*
153			* @return Database
154			*/
155			final public function removeTable(Table $table): Database
156			{
157			if (!$this->hasTable($table::getName())) {
158			throw new InvalidArgumentException('Table '.$table::getName().' not exists');
159			}
160
161			unset($this->tables[$table::getName()]);
162
163			return $this;
164			}
165
166			/**
167			* @param string $name
168			*
169			* @throws InvalidArgumentException
170			*
171			* @return Table
172			*/
173			final public function getTable(string $name): Table
174			{
175			if (!array_key_exists($name, $this->tables)) {
176			throw new InvalidArgumentException('Table '.$name.' not added');
177			}
178
179			return $this->tables[$name];
180			}
181
182			/**
183			* @param string $name
184			*
185			* @return bool
186			*/
187			final public function hasTable(string $name): bool
188			{
189			return array_key_exists($name, $this->tables);
190			}
191
192			/**
193			* @return array
194			*/
195			final public function getTables(): array
196			{
197			return $this->tables;
198			}
199
200			/**
201			* @return null\|string
202			*/
203			final public function getPackage(): ? string
			0 ignored issues – show Bug introduced 2016-10-13 08:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code did not parse for me. Apparently, there is an error somewhere around this line: Syntax error, unexpected '?' Loading history...
204			{
205			return $this->package;
206			}
207
208			/**
209			* @param string\|null $package
210			*
211			* @return Database
212			*/
213			final public function setPackage(string $package = null) : Database
214			{
215			$this->package = $package;
216
217			return $this;
218			}
219
220			/**
221			* @return null\|string
222			*/
223			final public function getSchema(): ? string
224			{
225			return $this->schema;
226			}
227
228			/**
229			* @param string\|null $schema
230			*
231			* @return Database
232			*/
233			final public function setSchema(string $schema = null) : Database
234			{
235			$this->schema = $schema;
236
237			return $this;
238			}
239
240			/**
241			* @return null\|string
242			*/
243			final public function getNamespace(): ? string
244			{
245			return $this->namespace;
246			}
247
248			/**
249			* @param null\|string $namespace
250			*
251			* @return Database
252			*/
253			final public function setNamespace(string $namespace = null) : Database
254			{
255			$this->namespace = $namespace;
256
257			return $this;
258			}
259
260			/**
261			* @return null\|string
262			*/
263			final public function getBaseClass(): ? string
264			{
265			return $this->baseClass;
266			}
267
268			/**
269			* @param null\|string $baseClass
270			*
271			* @return Database
272			*/
273			final public function setBaseClass(string $baseClass = null) : Database
274			{
275			$this->baseClass = $baseClass;
276
277			return $this;
278			}
279
280			/**
281			* @return string
282			*/
283			final public function getDefaultPhpNamingMethod(): string
284			{
285			return $this->defaultPhpNamingMethod;
286			}
287
288			/**
289			* @param string $defaultPhpNamingMethod
290			*
291			* @throws InvalidArgumentException
292			*
293			* @return Database
294			*/
295			final public function setDefaultPhpNamingMethod(string $defaultPhpNamingMethod): Database
296			{
297			$availableMethods = [
298			self::PHP_NAMING_METHOD_NOCHANGE,
299			self::PHP_NAMING_METHOD_UNDERSCORE,
300			self::PHP_NAMING_METHOD_PHPNAME,
301			self::PHP_NAMING_METHOD_CLEAN,
302			];
303
304			if (!in_array($defaultPhpNamingMethod, $availableMethods)) {
305			throw new InvalidArgumentException('Invalid naming method.');
306			}
307
308			$this->defaultPhpNamingMethod = $defaultPhpNamingMethod;
309
310			return $this;
311			}
312
313			/**
314			* @return bool
315			*/
316			final public function isHeavyIndexing(): bool
317			{
318			return $this->heavyIndexing;
319			}
320
321			/**
322			* @param bool $heavyIndexing
323			*
324			* @return Database
325			*/
326			final public function setHeavyIndexing(bool $heavyIndexing): Database
327			{
328			$this->heavyIndexing = $heavyIndexing;
329
330			return $this;
331			}
332
333			/**
334			* @return bool
335			*/
336			final public function isIdentifierQuoting(): bool
337			{
338			return $this->identifierQuoting;
339			}
340
341			/**
342			* @param bool $identifierQuoting
343			*
344			* @return Database
345			*/
346			final public function setIdentifierQuoting(bool $identifierQuoting): Database
347			{
348			$this->identifierQuoting = $identifierQuoting;
349
350			return $this;
351			}
352
353			/**
354			* @return null\|string
355			*/
356			final public function getTablePrefix(): ? string
357			{
358			return $this->tablePrefix;
359			}
360
361			/**
362			* @param null\|string $tablePrefix
363			*
364			* @return Database
365			*/
366			final public function setTablePrefix(string $tablePrefix = null) : Database
367			{
368			$this->tablePrefix = $tablePrefix;
369
370			return $this;
371			}
372
373			/**
374			* @param \DOMDocument $dom
375			*/
376			final public function appendToXmlDocument(\DOMDocument $dom): void
377			{
378			$database = $dom->createElement('database');
379			$database->setAttribute('name', $this::getName());
380			$database->setAttribute('defaultIdMethod', $this->getDefaultIdMethod());
381
382			$additionalProperties = [
383			'package',
384			'schema',
385			'namespace',
386			'baseClass',
387			'defaultPhpNamingMethod',
388			'heavyIndexing',
389			'identifierQuoting',
390			'tablePrefix',
391			];
392
393			foreach ($additionalProperties as $propertyName) {
394			$method = method_exists($this, 'get'.ucfirst($propertyName))
395			? 'get'.ucfirst($propertyName)
396			: 'is'.ucfirst($propertyName);
397
398			$propertyValue = $this->{$method}();
399			if ($propertyValue != '') {
400			if (is_bool($propertyValue)) {
401			$propertyValue = $propertyValue ? 'true' : false;
402			}
403			$database->setAttribute($propertyName, $propertyValue);
404			}
405			}
406
407			/** @var Table $table */
408			foreach ($this->getTables() as $table) {
409			$table->appendToXmlDocument($dom, $database);
410			}
411
412			$dom->appendChild($database);
413			}
414			}
415

mosiyash / taisiya-propel-bundle

Issues (20)

Security Analysis no request data

src/Database/Database.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like