Issues in SubdomainsInstallShell.php (master) - Issues in master - multidimension-al/cakephp-subdomains - Measure and Improve Code Quality continuously with Scrutinizer

Issues (38)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Shell/SubdomainsInstallShell.php (17 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * CakePHP Plugin : CakePHP Subdomain Routing
 * Copyright (c) Multidimension.al (http://multidimension.al)
 * Github : https://github.com/multidimension-al/cakephp-subdomains
 *
 * Licensed under The MIT License
 * For full copyright and license information, please see the LICENSE file
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright (c) Multidimension.al (http://multidimension.al)
 * @link      https://github.com/multidimension-al/cakephp-subdomains Github
 * @license   http://www.opensource.org/licenses/mit-license.php MIT License
 */

namespace Multidimensional\Subdomains\Shell;

use Cake\Console\Shell;
use Cake\Core\Configure;
use Multidimensional\Subdomains\Middleware\SubdomainMiddleware;

class SubdomainsInstallShell extends Shell
{

    /**
     * @return void
     */
    public function main()
    {
        $this->clear();

        $this->helper('Multidimensional/Subdomains.Header')->output();

        $subdomains = $this->_getSubdomains();
        $continue = $this->_runProgram($subdomains);

        if ($continue) {
            do {
                $this->_inputSubdomain($subdomains);
                $this->_displayCurrentUniqueSubdomains($subdomains);
                $this->_deleteSubdomain($subdomains);
                $this->_writeConfig($subdomains);
                $this->_finalCheck($subdomains);
            } while (!$this->_countSubdomains($subdomains) && $this->_inputYesNo('Start over?'));
        }

        $this->_displayFinal($subdomains);
    }

    /**
     * @param array $subdomains

     * @return bool
     */
    private function _runProgram($subdomains)

    {
        if ($this->_countSubdomains($subdomains)) {
            return $this->_inputYesNo('Update configuration?');
        } else {
            return $this->_inputYesNo('Install subdomains plugin?');
        }
    }

    /**
     * @param array $subdomains

     * @return void
     */
    private function _displayCurrentUniqueSubdomains(&$subdomains)
    {
        if ($this->_countSubdomains($subdomains)) {
            $subdomains = $this->_uniqueSubdomains($subdomains);
            $subdomains = $this->_modifyArray($subdomains);
            $this->_displayCurrentSubdomains($subdomains);
        }
    }

    /**
     * @param array $subdomains

     * @return void
     */
    private function _inputSubdomain(&$subdomains)
    {
        $valid = true;
        $this->out();

        while (!$valid || $this->_inputYesNo('Add a subdomain?')) {
            $this->out();
            $subdomain = strtolower($this->in('Subdomain:'));
            $valid = $this->_validateSubdomain($subdomain);
            $this->out();

            if ($valid) {
                $subdomains[] = $subdomain;
            } else {
                $this->err('Invalid subdomain.');
            }
        };
    }

    /**
     * @param array $subdomains

     * @return array $subdomains
     */
    private function _uniqueSubdomains($subdomains)
    {
        if ($this->_countSubdomains($subdomains)) {
            return array_values(array_unique($subdomains));
        } else {
            return $subdomains;
        }
    }

    /**
     * @param array $subdomains

     * @return void
     */
    private function _writeConfig($subdomains)
    {
        Configure::write('Multidimensional/Subdomains.Subdomains', array_values($subdomains));
        Configure::dump('subdomains', 'default', ['Multidimensional/Subdomains']);
    }

    /**
     * @param array $subdomains

     * @return void
     */
    private function _displayFinal($subdomains)
    {
        $this->out();
        if ($this->_countSubdomains($subdomains)) {
            $this->out('Configuration saved!', 2);
        } else {
            $this->err('Plugin not currently active.', 2);
        }
    }

    /**
     * @param array $subdomains

     * @return void
     */
    private function _finalCheck($subdomains)
    {
        if (!$this->_countSubdomains($subdomains)) {
            $this->out();
            $this->err('No subdomains configured.', 2);
        }
    }

    /**
     * @return SubdomainMiddleware

     */
    private function _getSubdomains()
    {
        $subdomainMiddleware = new SubdomainMiddleware();
        $subdomains = $subdomainMiddleware->getSubdomains();
        $defaultSubdomains = $subdomainMiddleware->defaultSubdomains;

        return array_diff($subdomains, $defaultSubdomains);
    }

    /**
     * @param array $subdomains

     * @return array
     */
    private function _modifyArray(array $subdomains)
    {
        if ($this->_countSubdomains($subdomains)) {
            return array_combine(
                range(1, count($subdomains)),
                array_values($subdomains)
            );
        } else {
            return $subdomains;
        }
    }

    /**
     * @param array $subdomains

     * @return void
     */
    private function _displayCurrentSubdomains(array $subdomains)
    {
        if ($this->_countSubdomains($subdomains)) {
            $this->out();
            $this->out('Current subdomains:', 2);

            foreach ($subdomains as $key => $value) {
                $this->out(' ' . ($key) . '. ' . $value);
            }

            $this->out();
        }
    }

    /**
     * @param string $string

     * @return bool
     */
    private function _inputYesNo($string)

    {
        return strtolower($this->in($string, ['y', 'n'])) === 'y';
    }

    /**
     * @param array $subdomains

     * @return void
     */
    private function _deleteSubdomain(&$subdomains)
    {
        while ($this->_countSubdomains($subdomains) && $this->_inputYesNo('Delete a subdomain?')) {
            $this->out();
            $key = (int)$this->in('Enter number to delete:', array_keys($subdomains));

            if (isset($subdomains[$key])) {
                $this->out();
                $this->out('Deleted: ' . $subdomains[$key], 2);
                unset($subdomains[$key]);
            }
        }
    }

    /**
     * @param  string|null $subdomain

     * @return string|null

     */
    private function _validateSubdomain($subdomain)
    {
        if (is_null($subdomain) || empty($subdomain)) {
            return false;
        }

        return preg_match('/^[A-Za-z0-9]{1}(?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9]{1})?$/', $subdomain);
    }

    /**
     * @param  array $subdomains

     * @return int
     */
    private function _countSubdomains($subdomains)
    {
        if (!isset($subdomains) || !is_array($subdomains)) {
            return 0;
        }

        return count($subdomains);
    }
}


1			<?php
2			/**
3			* CakePHP Plugin : CakePHP Subdomain Routing
4			* Copyright (c) Multidimension.al (http://multidimension.al)
5			* Github : https://github.com/multidimension-al/cakephp-subdomains
6			*
7			* Licensed under The MIT License
8			* For full copyright and license information, please see the LICENSE file
9			* Redistributions of files must retain the above copyright notice.
10			*
11			* @copyright (c) Multidimension.al (http://multidimension.al)
12			* @link https://github.com/multidimension-al/cakephp-subdomains Github
13			* @license http://www.opensource.org/licenses/mit-license.php MIT License
14			*/
15
16			namespace Multidimensional\Subdomains\Shell;
17
18			use Cake\Console\Shell;
19			use Cake\Core\Configure;
20			use Multidimensional\Subdomains\Middleware\SubdomainMiddleware;
21
22			class SubdomainsInstallShell extends Shell
23			{
24
25			/**
26			* @return void
27			*/
28			public function main()
29			{
30			$this->clear();
31
32			$this->helper('Multidimensional/Subdomains.Header')->output();
33
34			$subdomains = $this->_getSubdomains();
35			$continue = $this->_runProgram($subdomains);
36
37			if ($continue) {
38			do {
39			$this->_inputSubdomain($subdomains);
40			$this->_displayCurrentUniqueSubdomains($subdomains);
41			$this->_deleteSubdomain($subdomains);
42			$this->_writeConfig($subdomains);
43			$this->_finalCheck($subdomains);
44			} while (!$this->_countSubdomains($subdomains) && $this->_inputYesNo('Start over?'));
45			}
46
47			$this->_displayFinal($subdomains);
48			}
49
50			/**
51			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
52			* @return bool
53			*/
54			private function _runProgram($subdomains)
			0 ignored issues – show Coding Style introduced 2017-01-07 02:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this `function _runProgram()` does not seem to conform to the naming convention (`^(?:is\|has\|should\|may\|supports)`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
55			{
56			if ($this->_countSubdomains($subdomains)) {
57			return $this->_inputYesNo('Update configuration?');
58			} else {
59			return $this->_inputYesNo('Install subdomains plugin?');
60			}
61			}
62
63			/**
64			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
65			* @return void
66			*/
67			private function _displayCurrentUniqueSubdomains(&$subdomains)
68			{
69			if ($this->_countSubdomains($subdomains)) {
70			$subdomains = $this->_uniqueSubdomains($subdomains);
71			$subdomains = $this->_modifyArray($subdomains);
72			$this->_displayCurrentSubdomains($subdomains);
73			}
74			}
75
76			/**
77			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
78			* @return void
79			*/
80			private function _inputSubdomain(&$subdomains)
81			{
82			$valid = true;
83			$this->out();
84
85			while (!$valid \|\| $this->_inputYesNo('Add a subdomain?')) {
86			$this->out();
87			$subdomain = strtolower($this->in('Subdomain:'));
88			$valid = $this->_validateSubdomain($subdomain);
89			$this->out();
90
91			if ($valid) {
92			$subdomains[] = $subdomain;
93			} else {
94			$this->err('Invalid subdomain.');
95			}
96			};
97			}
98
99			/**
100			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
101			* @return array $subdomains
102			*/
103			private function _uniqueSubdomains($subdomains)
104			{
105			if ($this->_countSubdomains($subdomains)) {
106			return array_values(array_unique($subdomains));
107			} else {
108			return $subdomains;
109			}
110			}
111
112			/**
113			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
114			* @return void
115			*/
116			private function _writeConfig($subdomains)
117			{
118			Configure::write('Multidimensional/Subdomains.Subdomains', array_values($subdomains));
119			Configure::dump('subdomains', 'default', ['Multidimensional/Subdomains']);
120			}
121
122			/**
123			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
124			* @return void
125			*/
126			private function _displayFinal($subdomains)
127			{
128			$this->out();
129			if ($this->_countSubdomains($subdomains)) {
130			$this->out('Configuration saved!', 2);
131			} else {
132			$this->err('Plugin not currently active.', 2);
133			}
134			}
135
136			/**
137			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
138			* @return void
139			*/
140			private function _finalCheck($subdomains)
141			{
142			if (!$this->_countSubdomains($subdomains)) {
143			$this->out();
144			$this->err('No subdomains configured.', 2);
145			}
146			}
147
148			/**
149			* @return SubdomainMiddleware
			0 ignored issues – show Documentation introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `array`? Also, consider making the array more specific, something like `array<String>`, or `String[]`. This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. If the return type contains the type array, this check recommends the use of a more specific type like `String[]` or `array<String>`. Loading history...
150			*/
151			private function _getSubdomains()
152			{
153			$subdomainMiddleware = new SubdomainMiddleware();
154			$subdomains = $subdomainMiddleware->getSubdomains();
155			$defaultSubdomains = $subdomainMiddleware->defaultSubdomains;
156
157			return array_diff($subdomains, $defaultSubdomains);
158			}
159
160			/**
161			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
162			* @return array
163			*/
164			private function _modifyArray(array $subdomains)
165			{
166			if ($this->_countSubdomains($subdomains)) {
167			return array_combine(
168			range(1, count($subdomains)),
169			array_values($subdomains)
170			);
171			} else {
172			return $subdomains;
173			}
174			}
175
176			/**
177			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
178			* @return void
179			*/
180			private function _displayCurrentSubdomains(array $subdomains)
181			{
182			if ($this->_countSubdomains($subdomains)) {
183			$this->out();
184			$this->out('Current subdomains:', 2);
185
186			foreach ($subdomains as $key => $value) {
187			$this->out(' ' . ($key) . '. ' . $value);
188			}
189
190			$this->out();
191			}
192			}
193
194			/**
195			* @param string $string
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
196			* @return bool
197			*/
198			private function _inputYesNo($string)
			0 ignored issues – show Coding Style introduced 2017-01-04 01:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this `function _inputYesNo()` does not seem to conform to the naming convention (`^(?:is\|has\|should\|may\|supports)`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
199			{
200			return strtolower($this->in($string, ['y', 'n'])) === 'y';
201			}
202
203			/**
204			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
205			* @return void
206			*/
207			private function _deleteSubdomain(&$subdomains)
208			{
209			while ($this->_countSubdomains($subdomains) && $this->_inputYesNo('Delete a subdomain?')) {
210			$this->out();
211			$key = (int)$this->in('Enter number to delete:', array_keys($subdomains));
212
213			if (isset($subdomains[$key])) {
214			$this->out();
215			$this->out('Deleted: ' . $subdomains[$key], 2);
216			unset($subdomains[$key]);
217			}
218			}
219			}
220
221			/**
222			* @param string\|null $subdomain
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
223			* @return string\|null
			0 ignored issues – show Documentation introduced 2017-01-11 22:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `false\|integer`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
224			*/
225			private function _validateSubdomain($subdomain)
226			{
227			if (is_null($subdomain) \|\| empty($subdomain)) {
228			return false;
229			}
230
231			return preg_match('/^[A-Za-z0-9]{1}(?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9]{1})?$/', $subdomain);
232			}
233
234			/**
235			* @param array $subdomains
			0 ignored issues – show introduced 2017-01-24 02:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
236			* @return int
237			*/
238			private function _countSubdomains($subdomains)
239			{
240			if (!isset($subdomains) \|\| !is_array($subdomains)) {
241			return 0;
242			}
243
244			return count($subdomains);
245			}
246			}
247

multidimension-al / cakephp-subdomains

Issues (38)

Security Analysis no request data

src/Shell/SubdomainsInstallShell.php (17 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like