Issues in StorageManager.php (master) - Issues in master - naturalweb/nwlaravel - Measure and Improve Code Quality continuously with Scrutinizer

Issues (116)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/NwLaravel/FileStorage/StorageManager.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace NwLaravel\FileStorage;

use \Exception;
use \RuntimeException;
use Symfony\Component\HttpFoundation\File\UploadedFile;
use Illuminate\Contracts\Filesystem\Filesystem as Storage;
use Intervention\Image\Image;

/**
 * Class StorageManager
 */
class StorageManager
{
    /**
     * @var Storage
     */
    protected $storage;

    /**
     * @var ImagineFactory
     */
    protected $imagineFactory;

    /**
     * Construct
     *
     * @param Storage        $storage
     * @param ImagineFactory $imagineFactory
     */
    public function __construct(Storage $storage, ImagineFactory $imagineFactory = null)
    {
        $this->storage = $storage;
        $this->imagineFactory = $imagineFactory;
    }

    /**
     * File Exists
     *
     * @param string $filename Path File
     *
     * @return bool
     */
    public function exists($filename)
    {
        try {
            return $this->storage->exists($filename);

        } catch (\Exception $e) {
            return false;
        }
    }

    /**
     * Get Size
     *
     * @param string $filename Path File
     *
     * @return bool
     */
    public function size($filename)
    {
        try {
            return intval($this->storage->size($filename));

        } catch (\Exception $e) {
            return 0;
        }
    }

    /**
     * Get MimeType File
     *
     * @param string $filename Path File
     *
     * @return bool
     */
    public function mimeType($filename)
    {
        try {
            return $this->storage->mimeType($filename);

        } catch (\Exception $e) {
            return null;
        }
    }

    /**
     * Path is Directory
     *
     * @param string $path Path Directory
     *
     * @return bool
     */
    public function isDir($path)
    {
        $mimeType = $this->mimeType($path);

        if ($this->exists($path) && (!$mimeType || $mimeType == 'directory')) {
            return true;
        }

        return false;
    }

    /**
     * Is File
     *
     * @param string $filename Path File
     *
     * @return bool
     */
    public function isFile($filename)
    {
        return !$this->isDir($filename);
    }

    /**
     * Get Meta Data
     *
     * @param string $filename Path File
     *
     * @return bool
     */
    public function metaData($filename)
    {
        try {
            return $this->storage->getMetadata($filename);


        } catch (\Exception $e) {
            return null;
        }
    }

    /**
     * Read Content File
     *
     * @param string $filename Path File
     *
     * @return string
     */
    public function readFile($filename)
    {
        return $this->storage->get($filename);
    }

    /**
     * Delete File
     *
     * @param string $filename Path File
     *
     * @return bool
     */
    public function deleteFile($filename)
    {
        if ($this->isDir($filename)) {
            return false;
        }

        return $this->storage->delete($filename);
    }

    /**
     * Delete Folder
     *
     * @param string $folder
     *
     * @return bool
     */
    public function deleteFolder($folder)
    {
        if ($this->isFile($folder)) {
            return false;
        }

        return $this->storage->deleteDirectory($folder);
    }

    /**
     * Files in Folder
     *
     * @param string $path
     * @param bool   $recursive
     *
     * @return array
     */
    public function files($path, $recursive = false)
    {
        if ($this->isFile($path)) {
            return null;
        }

        return $this->storage->files($path, (bool) $recursive);
    }

    /**
     * UploadFile
     *
     * @param UploadedFile|string $file     Uploaded File
     * @param string       $folder   String Folder
     * @param string       $name     String Name
     * @param bool         $override Boolean Over Ride
     * @param array        $config   Array Config Upload
     *
     * @return bool
     */
    public function uploadFile($file, $folder = null, $name = null, $override = false, array $config = [])
    {
        $data = $this->parseFile($file, $folder, $name, $override);

        $success = (bool) $this->storage->put($data['filename'], file_get_contents($file), $config);

        if ($success) {
            return $data;
        }

        return false;
    }

    /**
     * Upload Image
     *
     * @param UploadedFile $file     Uploaded File
     * @param string       $folder   String Folder
     * @param string       $name     String Name
     * @param array        $options  Array Options
     * @param bool         $override Boolean Over Ride
     * @param array        $config  Array Config Upload
     *
     * @return bool
     */
    public function uploadImage(
        $file,
        $folder = null,
        $name = null,
        array $options = [],
        $override = false,
        array $config = []
    ) {
        $data = $this->parseFile($file, $folder, $name, $override);

        if ($this->imagineFactory) {
            if ($file instanceof UploadedFile) {
                $pathImage = $file->getPathname();
            } else {
                $pathImage = $file;
            }

            $width = isset($options['width']) ? intval($options['width']) : 0;
            $height = isset($options['height']) ? intval($options['height']) : 0;
            $scale = isset($options['scale']) ? (bool) $options['scale'] : true;
            $opacity = isset($options['opacity']) ? (float) $options['opacity'] : null;
            $watermark = isset($options['watermark']) ? $options['watermark'] : null;
            $quality = isset($options['quality']) ? intval($options['quality']) : 85; // Quality Deufault: 85;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

            $imagine = $this->imagineFactory->make($pathImage);
            $imagine->stripProfiles();
            $imagine->resize($width, $height, !$scale);
            $imagine->opacity($opacity);
            $imagine->watermark($watermark);
            // $imagine = $imagine->save($pathImage.'.'.$data['extension'], $quality);
            $data['size'] = $imagine->filesize();
            $content = $imagine->encode();
        } else {
            $content = file_get_contents($file);
        }

        $success = $this->storage->put($data['filename'], $content, $config);

        if ($success) {
            return $data;
        }

        return false;
    }

    /**
     * Parse Filename
     *
     * @param UploadedFile|string $file     Uploaded File
     * @param string       $name     String Name
     * @param string       $folder   String Folder
     * @param bool         $override Boolean Over Ride
     *
     * @return bool|array
     */
    protected function parseFile($file, $folder = null, $name = null, $override = false)
    {
        if (!$file instanceof UploadedFile && !file_exists($file)) {
            throw new RuntimeException("File invalid");
        }

        $folder = trim((string) $folder, '/');
        $folder = $folder ? "{$folder}/" : "";
        $this->storage->makeDirectory($folder);

        if ($file instanceof UploadedFile) {
            $clientOriginalName = $file->getClientOriginalName();
            $extension = $file->getClientOriginalExtension();
            $size = $file->getClientSize();
            $mime = $file->getClientMimeType();
        } else {
            $info = pathinfo($file);
            $clientOriginalName = $info['filename'];
            $extension = $info['extension'];
            $size = filesize($file);
            $mime = mime_content_type($file);
        }

        $name = $name ?: $clientOriginalName;
        $nameOriginal = str_slug(pathinfo($name, PATHINFO_FILENAME));

        if (empty($nameOriginal)) {
            $nameOriginal = str_random(10);
        }

        $sufix = '';
        $count = 1;
        do {
            $name = "{$nameOriginal}{$sufix}.{$extension}";
            $filename = "{$folder}{$name}";
            $sufix = "({$count})";
            $count++;

        } while (!$override && $this->storage->exists($filename));

        return compact('filename', 'name', 'extension', 'size', 'mime');
    }

    /**
     * Crop Image
     *
     * @param string $filename
     * @param int    $width
     * @param int    $height
     * @param int    $x
     * @param int    $y
     *
     * @return bool
     */
    public function cropImage(
        $filename,
        $width,
        $height,
        $x,
        $y,
        $target = null
    ) {
        if (!$this->imagineFactory) {
            return false;
        }

        $image = $this->storage->get($filename);
        $imagine = $this->imagineFactory->make($image);
        $imagine->crop($width, $height, $x, $y);

        if (!$target) {
            $target = $filename;
        }

        return $this->storage->put($target, $imagine->encode());
    }

    /**
     * Watermark Image
     *
     * @param string $filename
     * @param int    $width
     * @param int    $height
     * @param int    $x
     * @param int    $y
     *
     * @return bool
     */
    public function watermarkImage(
        $filename,
        $watermark,
        $position = 'center',
        $opacity = null,
        $target = null
    ) {
        if (!$this->imagineFactory) {
            return false;
        }

        $filename = $bemArquivo->file;


        $pathTmp = tempnam(sys_get_temp_dir(), $name);

        file_put_contents($pathTmp, $this->storage->get($filename));
        $imagine = $this->imagineFactory->make($pathTmp);
        @unlink($pathTmp);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

        // Se o watermark existe
        if (file_exists($watermark)) {
            $imagine->watermark($watermark, $position, $opacity);
        }

        if (!$target) {
            $target = $filename;
        }

        return $this->storage->put($target, $imagine->encode());
    }

    /**
     * Dynamically handle calls into the query instance.
     *
     * @param  string  $method
     * @param  array  $parameters
     * @return mixed
     */
    public function __call($method, $parameters)
    {
        return $this->storage->{$method}(...$parameters);
    }
}


1			<?php
2
3			namespace NwLaravel\FileStorage;
4
5			use \Exception;
6			use \RuntimeException;
7			use Symfony\Component\HttpFoundation\File\UploadedFile;
8			use Illuminate\Contracts\Filesystem\Filesystem as Storage;
9			use Intervention\Image\Image;
10
11			/**
12			* Class StorageManager
13			*/
14			class StorageManager
15			{
16			/**
17			* @var Storage
18			*/
19			protected $storage;
20
21			/**
22			* @var ImagineFactory
23			*/
24			protected $imagineFactory;
25
26			/**
27			* Construct
28			*
29			* @param Storage $storage
30			* @param ImagineFactory $imagineFactory
31			*/
32			public function __construct(Storage $storage, ImagineFactory $imagineFactory = null)
33			{
34			$this->storage = $storage;
35			$this->imagineFactory = $imagineFactory;
36			}
37
38			/**
39			* File Exists
40			*
41			* @param string $filename Path File
42			*
43			* @return bool
44			*/
45			public function exists($filename)
46			{
47			try {
48			return $this->storage->exists($filename);
49
50			} catch (\Exception $e) {
51			return false;
52			}
53			}
54
55			/**
56			* Get Size
57			*
58			* @param string $filename Path File
59			*
60			* @return bool
61			*/
62			public function size($filename)
63			{
64			try {
65			return intval($this->storage->size($filename));
66
67			} catch (\Exception $e) {
68			return 0;
69			}
70			}
71
72			/**
73			* Get MimeType File
74			*
75			* @param string $filename Path File
76			*
77			* @return bool
78			*/
79			public function mimeType($filename)
80			{
81			try {
82			return $this->storage->mimeType($filename);
83
84			} catch (\Exception $e) {
85			return null;
86			}
87			}
88
89			/**
90			* Path is Directory
91			*
92			* @param string $path Path Directory
93			*
94			* @return bool
95			*/
96			public function isDir($path)
97			{
98			$mimeType = $this->mimeType($path);
99
100			if ($this->exists($path) && (!$mimeType \|\| $mimeType == 'directory')) {
101			return true;
102			}
103
104			return false;
105			}
106
107			/**
108			* Is File
109			*
110			* @param string $filename Path File
111			*
112			* @return bool
113			*/
114			public function isFile($filename)
115			{
116			return !$this->isDir($filename);
117			}
118
119			/**
120			* Get Meta Data
121			*
122			* @param string $filename Path File
123			*
124			* @return bool
125			*/
126			public function metaData($filename)
127			{
128			try {
129			return $this->storage->getMetadata($filename);
			0 ignored issues – show Bug introduced 2016-07-21 14:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getMetadata()` does not seem to exist on `object<Illuminate\Contra...\Filesystem\Filesystem>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
130
131			} catch (\Exception $e) {
132			return null;
133			}
134			}
135
136			/**
137			* Read Content File
138			*
139			* @param string $filename Path File
140			*
141			* @return string
142			*/
143			public function readFile($filename)
144			{
145			return $this->storage->get($filename);
146			}
147
148			/**
149			* Delete File
150			*
151			* @param string $filename Path File
152			*
153			* @return bool
154			*/
155			public function deleteFile($filename)
156			{
157			if ($this->isDir($filename)) {
158			return false;
159			}
160
161			return $this->storage->delete($filename);
162			}
163
164			/**
165			* Delete Folder
166			*
167			* @param string $folder
168			*
169			* @return bool
170			*/
171			public function deleteFolder($folder)
172			{
173			if ($this->isFile($folder)) {
174			return false;
175			}
176
177			return $this->storage->deleteDirectory($folder);
178			}
179
180			/**
181			* Files in Folder
182			*
183			* @param string $path
184			* @param bool $recursive
185			*
186			* @return array
187			*/
188			public function files($path, $recursive = false)
189			{
190			if ($this->isFile($path)) {
191			return null;
192			}
193
194			return $this->storage->files($path, (bool) $recursive);
195			}
196
197			/**
198			* UploadFile
199			*
200			* @param UploadedFile\|string $file Uploaded File
201			* @param string $folder String Folder
202			* @param string $name String Name
203			* @param bool $override Boolean Over Ride
204			* @param array $config Array Config Upload
205			*
206			* @return bool
207			*/
208			public function uploadFile($file, $folder = null, $name = null, $override = false, array $config = [])
209			{
210			$data = $this->parseFile($file, $folder, $name, $override);
211
212			$success = (bool) $this->storage->put($data['filename'], file_get_contents($file), $config);
213
214			if ($success) {
215			return $data;
216			}
217
218			return false;
219			}
220
221			/**
222			* Upload Image
223			*
224			* @param UploadedFile $file Uploaded File
225			* @param string $folder String Folder
226			* @param string $name String Name
227			* @param array $options Array Options
228			* @param bool $override Boolean Over Ride
229			* @param array $config Array Config Upload
230			*
231			* @return bool
232			*/
233			public function uploadImage(
234			$file,
235			$folder = null,
236			$name = null,
237			array $options = [],
238			$override = false,
239			array $config = []
240			) {
241			$data = $this->parseFile($file, $folder, $name, $override);
242
243			if ($this->imagineFactory) {
244			if ($file instanceof UploadedFile) {
245			$pathImage = $file->getPathname();
246			} else {
247			$pathImage = $file;
248			}
249
250			$width = isset($options['width']) ? intval($options['width']) : 0;
251			$height = isset($options['height']) ? intval($options['height']) : 0;
252			$scale = isset($options['scale']) ? (bool) $options['scale'] : true;
253			$opacity = isset($options['opacity']) ? (float) $options['opacity'] : null;
254			$watermark = isset($options['watermark']) ? $options['watermark'] : null;
255			$quality = isset($options['quality']) ? intval($options['quality']) : 85; // Quality Deufault: 85;
			0 ignored issues – show Unused Code introduced 2019-09-27 13:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$quality` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
256
257			$imagine = $this->imagineFactory->make($pathImage);
258			$imagine->stripProfiles();
259			$imagine->resize($width, $height, !$scale);
260			$imagine->opacity($opacity);
261			$imagine->watermark($watermark);
262			// $imagine = $imagine->save($pathImage.'.'.$data['extension'], $quality);
263			$data['size'] = $imagine->filesize();
264			$content = $imagine->encode();
265			} else {
266			$content = file_get_contents($file);
267			}
268
269			$success = $this->storage->put($data['filename'], $content, $config);
270
271			if ($success) {
272			return $data;
273			}
274
275			return false;
276			}
277
278			/**
279			* Parse Filename
280			*
281			* @param UploadedFile\|string $file Uploaded File
282			* @param string $name String Name
283			* @param string $folder String Folder
284			* @param bool $override Boolean Over Ride
285			*
286			* @return bool\|array
287			*/
288			protected function parseFile($file, $folder = null, $name = null, $override = false)
289			{
290			if (!$file instanceof UploadedFile && !file_exists($file)) {
291			throw new RuntimeException("File invalid");
292			}
293
294			$folder = trim((string) $folder, '/');
295			$folder = $folder ? "{$folder}/" : "";
296			$this->storage->makeDirectory($folder);
297
298			if ($file instanceof UploadedFile) {
299			$clientOriginalName = $file->getClientOriginalName();
300			$extension = $file->getClientOriginalExtension();
301			$size = $file->getClientSize();
302			$mime = $file->getClientMimeType();
303			} else {
304			$info = pathinfo($file);
305			$clientOriginalName = $info['filename'];
306			$extension = $info['extension'];
307			$size = filesize($file);
308			$mime = mime_content_type($file);
309			}
310
311			$name = $name ?: $clientOriginalName;
312			$nameOriginal = str_slug(pathinfo($name, PATHINFO_FILENAME));
313
314			if (empty($nameOriginal)) {
315			$nameOriginal = str_random(10);
316			}
317
318			$sufix = '';
319			$count = 1;
320			do {
321			$name = "{$nameOriginal}{$sufix}.{$extension}";
322			$filename = "{$folder}{$name}";
323			$sufix = "({$count})";
324			$count++;
325
326			} while (!$override && $this->storage->exists($filename));
327
328			return compact('filename', 'name', 'extension', 'size', 'mime');
329			}
330
331			/**
332			* Crop Image
333			*
334			* @param string $filename
335			* @param int $width
336			* @param int $height
337			* @param int $x
338			* @param int $y
339			*
340			* @return bool
341			*/
342			public function cropImage(
343			$filename,
344			$width,
345			$height,
346			$x,
347			$y,
348			$target = null
349			) {
350			if (!$this->imagineFactory) {
351			return false;
352			}
353
354			$image = $this->storage->get($filename);
355			$imagine = $this->imagineFactory->make($image);
356			$imagine->crop($width, $height, $x, $y);
357
358			if (!$target) {
359			$target = $filename;
360			}
361
362			return $this->storage->put($target, $imagine->encode());
363			}
364
365			/**
366			* Watermark Image
367			*
368			* @param string $filename
369			* @param int $width
370			* @param int $height
371			* @param int $x
372			* @param int $y
373			*
374			* @return bool
375			*/
376			public function watermarkImage(
377			$filename,
378			$watermark,
379			$position = 'center',
380			$opacity = null,
381			$target = null
382			) {
383			if (!$this->imagineFactory) {
384			return false;
385			}
386
387			$filename = $bemArquivo->file;
			0 ignored issues – show Bug introduced 2019-09-26 18:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$bemArquivo` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
388
389			$pathTmp = tempnam(sys_get_temp_dir(), $name);
			0 ignored issues – show Bug introduced 2019-09-26 18:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$name` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
390			file_put_contents($pathTmp, $this->storage->get($filename));
391			$imagine = $this->imagineFactory->make($pathTmp);
392			@unlink($pathTmp);
			0 ignored issues – show Security Best Practice introduced 2019-09-26 18:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
393
394			// Se o watermark existe
395			if (file_exists($watermark)) {
396			$imagine->watermark($watermark, $position, $opacity);
397			}
398
399			if (!$target) {
400			$target = $filename;
401			}
402
403			return $this->storage->put($target, $imagine->encode());
404			}
405
406			/**
407			* Dynamically handle calls into the query instance.
408			*
409			* @param string $method
410			* @param array $parameters
411			* @return mixed
412			*/
413			public function __call($method, $parameters)
414			{
415			return $this->storage->{$method}(...$parameters);
416			}
417			}
418

naturalweb / nwlaravel

Issues (116)

Security Analysis not enabled

src/NwLaravel/FileStorage/StorageManager.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like