Issues in Name.php (master) - Issues in master - nikic/PHP-Parser - Measure and Improve Code Quality continuously with Scrutinizer

Issues (110)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/PhpParser/Node/Name.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace PhpParser\Node;

use PhpParser\NodeAbstract;

class Name extends NodeAbstract
{
    /** @var string[] Parts of the name */
    public $parts;

    /**
     * Constructs a name node.
     *
     * @param string|array $parts      Parts of the name (or name as string)
     * @param array        $attributes Additional attributes
     */
    public function __construct($parts, array $attributes = array()) {
        if (!is_array($parts)) {
            $parts = explode('\\', $parts);
        }

        parent::__construct($attributes);
        $this->parts = $parts;
    }

    public function getSubNodeNames() {
        return array('parts');
    }

    /**
     * Gets the first part of the name, i.e. everything before the first namespace separator.
     *
     * @return string First part of the name
     */
    public function getFirst() {
        return $this->parts[0];
    }

    /**
     * Gets the last part of the name, i.e. everything after the last namespace separator.
     *
     * @return string Last part of the name
     */
    public function getLast() {
        return $this->parts[count($this->parts) - 1];
    }

    /**
     * Checks whether the name is unqualified. (E.g. Name)
     *
     * @return bool Whether the name is unqualified
     */
    public function isUnqualified() {
        return 1 == count($this->parts);
    }

    /**
     * Checks whether the name is qualified. (E.g. Name\Name)
     *
     * @return bool Whether the name is qualified
     */
    public function isQualified() {
        return 1 < count($this->parts);
    }

    /**
     * Checks whether the name is fully qualified. (E.g. \Name)
     *
     * @return bool Whether the name is fully qualified
     */
    public function isFullyQualified() {
        return false;
    }

    /**
     * Checks whether the name is explicitly relative to the current namespace. (E.g. namespace\Name)
     *
     * @return bool Whether the name is relative
     */
    public function isRelative() {
        return false;
    }

    /**
     * Returns a string representation of the name by imploding the namespace parts with a separator.
     *
     * @param string $separator The separator to use (defaults to the namespace separator \)
     *
     * @return string String representation
     */
    public function toString($separator = '\\') {
        return implode($separator, $this->parts);
    }

    /**
     * Returns a string representation of the name by imploding the namespace parts with the
     * namespace separator.
     *
     * @return string String representation
     */
    public function __toString() {
        return implode('\\', $this->parts);
    }

    /**
     * Sets the whole name.
     *
     * @deprecated Create a new Name instead, or manually modify the $parts property
     *
     * @param string|array|self $name The name to set the whole name to
     */
    public function set($name) {
        $this->parts = self::prepareName($name);
    }

    /**
     * Prepends a name to this name.
     *
     * @deprecated Use Name::concat($name1, $name2) instead
     *
     * @param string|array|self $name Name to prepend
     */
    public function prepend($name) {
        $this->parts = array_merge(self::prepareName($name), $this->parts);

    }

    /**
     * Appends a name to this name.
     *
     * @deprecated Use Name::concat($name1, $name2) instead
     *
     * @param string|array|self $name Name to append
     */
    public function append($name) {
        $this->parts = array_merge($this->parts, self::prepareName($name));

    }

    /**
     * Sets the first part of the name.
     *
     * @deprecated Use concat($first, $name->slice(1)) instead
     *
     * @param string|array|self $name The name to set the first part to
     */
    public function setFirst($name) {
        array_splice($this->parts, 0, 1, self::prepareName($name));
    }

    /**
     * Sets the last part of the name.
     *
     * @param string|array|self $name The name to set the last part to
     */
    public function setLast($name) {
        array_splice($this->parts, -1, 1, self::prepareName($name));
    }

    /**
     * Gets a slice of a name (similar to array_slice).
     *
     * This method returns a new instance of the same type as the original and with the same
     * attributes.
     *
     * If the slice is empty, a Name with an empty parts array is returned. While this is
     * meaningless in itself, it works correctly in conjunction with concat().
     *
     * @param int $offset Offset to start the slice at
     *
     * @return static Sliced name
     */
    public function slice($offset) {
        // TODO negative offset and length
        if ($offset < 0 || $offset > count($this->parts)) {
            throw new \OutOfBoundsException(sprintf('Offset %d is out of bounds', $offset));
        }

        return new static(array_slice($this->parts, $offset), $this->attributes);
    }

    /**
     * Concatenate two names, yielding a new Name instance.
     *
     * The type of the generated instance depends on which class this method is called on, for
     * example Name\FullyQualified::concat() will yield a Name\FullyQualified instance.
     *
     * @param string|array|self $name1      The first name
     * @param string|array|self $name2      The second name
     * @param array             $attributes Attributes to assign to concatenated name
     *
     * @return static Concatenated name
     */
    public static function concat($name1, $name2, array $attributes = []) {
        return new static(
            array_merge(self::prepareName($name1), self::prepareName($name2)), $attributes
        );
    }

    /**
     * Prepares a (string, array or Name node) name for use in name changing methods by converting
     * it to an array.
     *
     * @param string|array|self $name Name to prepare
     *
     * @return array Prepared name
     */
    private static function prepareName($name) {
        if (is_string($name)) {
            return explode('\\', $name);
        } elseif (is_array($name)) {
            return $name;
        } elseif ($name instanceof self) {
            return $name->parts;
        }

        throw new \InvalidArgumentException(
            'When changing a name you need to pass either a string, an array or a Name node'
        );
    }
}


1			<?php
2
3			namespace PhpParser\Node;
4
5			use PhpParser\NodeAbstract;
6
7			class Name extends NodeAbstract
8			{
9			/** @var string[] Parts of the name */
10			public $parts;
11
12			/**
13			* Constructs a name node.
14			*
15			* @param string\|array $parts Parts of the name (or name as string)
16			* @param array $attributes Additional attributes
17			*/
18			public function __construct($parts, array $attributes = array()) {
19			if (!is_array($parts)) {
20			$parts = explode('\\', $parts);
21			}
22
23			parent::__construct($attributes);
24			$this->parts = $parts;
25			}
26
27			public function getSubNodeNames() {
28			return array('parts');
29			}
30
31			/**
32			* Gets the first part of the name, i.e. everything before the first namespace separator.
33			*
34			* @return string First part of the name
35			*/
36			public function getFirst() {
37			return $this->parts[0];
38			}
39
40			/**
41			* Gets the last part of the name, i.e. everything after the last namespace separator.
42			*
43			* @return string Last part of the name
44			*/
45			public function getLast() {
46			return $this->parts[count($this->parts) - 1];
47			}
48
49			/**
50			* Checks whether the name is unqualified. (E.g. Name)
51			*
52			* @return bool Whether the name is unqualified
53			*/
54			public function isUnqualified() {
55			return 1 == count($this->parts);
56			}
57
58			/**
59			* Checks whether the name is qualified. (E.g. Name\Name)
60			*
61			* @return bool Whether the name is qualified
62			*/
63			public function isQualified() {
64			return 1 < count($this->parts);
65			}
66
67			/**
68			* Checks whether the name is fully qualified. (E.g. \Name)
69			*
70			* @return bool Whether the name is fully qualified
71			*/
72			public function isFullyQualified() {
73			return false;
74			}
75
76			/**
77			* Checks whether the name is explicitly relative to the current namespace. (E.g. namespace\Name)
78			*
79			* @return bool Whether the name is relative
80			*/
81			public function isRelative() {
82			return false;
83			}
84
85			/**
86			* Returns a string representation of the name by imploding the namespace parts with a separator.
87			*
88			* @param string $separator The separator to use (defaults to the namespace separator \)
89			*
90			* @return string String representation
91			*/
92			public function toString($separator = '\\') {
93			return implode($separator, $this->parts);
94			}
95
96			/**
97			* Returns a string representation of the name by imploding the namespace parts with the
98			* namespace separator.
99			*
100			* @return string String representation
101			*/
102			public function __toString() {
103			return implode('\\', $this->parts);
104			}
105
106			/**
107			* Sets the whole name.
108			*
109			* @deprecated Create a new Name instead, or manually modify the $parts property
110			*
111			* @param string\|array\|self $name The name to set the whole name to
112			*/
113			public function set($name) {
114			$this->parts = self::prepareName($name);
115			}
116
117			/**
118			* Prepends a name to this name.
119			*
120			* @deprecated Use Name::concat($name1, $name2) instead
121			*
122			* @param string\|array\|self $name Name to prepend
123			*/
124			public function prepend($name) {
125			$this->parts = array_merge(self::prepareName($name), $this->parts);
			0 ignored issues – show Documentation Bug introduced 2015-11-21 21:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `array_merge(self::prepar...e($name), $this->parts)` of type `array` is incompatible with the declared type `array<integer,string>` of property `$parts`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
126			}
127
128			/**
129			* Appends a name to this name.
130			*
131			* @deprecated Use Name::concat($name1, $name2) instead
132			*
133			* @param string\|array\|self $name Name to append
134			*/
135			public function append($name) {
136			$this->parts = array_merge($this->parts, self::prepareName($name));
			0 ignored issues – show Documentation Bug introduced 2015-11-21 21:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `array_merge($this->parts...lf::prepareName($name))` of type `array` is incompatible with the declared type `array<integer,string>` of property `$parts`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
137			}
138
139			/**
140			* Sets the first part of the name.
141			*
142			* @deprecated Use concat($first, $name->slice(1)) instead
143			*
144			* @param string\|array\|self $name The name to set the first part to
145			*/
146			public function setFirst($name) {
147			array_splice($this->parts, 0, 1, self::prepareName($name));
148			}
149
150			/**
151			* Sets the last part of the name.
152			*
153			* @param string\|array\|self $name The name to set the last part to
154			*/
155			public function setLast($name) {
156			array_splice($this->parts, -1, 1, self::prepareName($name));
157			}
158
159			/**
160			* Gets a slice of a name (similar to array_slice).
161			*
162			* This method returns a new instance of the same type as the original and with the same
163			* attributes.
164			*
165			* If the slice is empty, a Name with an empty parts array is returned. While this is
166			* meaningless in itself, it works correctly in conjunction with concat().
167			*
168			* @param int $offset Offset to start the slice at
169			*
170			* @return static Sliced name
171			*/
172			public function slice($offset) {
173			// TODO negative offset and length
174			if ($offset < 0 \|\| $offset > count($this->parts)) {
175			throw new \OutOfBoundsException(sprintf('Offset %d is out of bounds', $offset));
176			}
177
178			return new static(array_slice($this->parts, $offset), $this->attributes);
179			}
180
181			/**
182			* Concatenate two names, yielding a new Name instance.
183			*
184			* The type of the generated instance depends on which class this method is called on, for
185			* example Name\FullyQualified::concat() will yield a Name\FullyQualified instance.
186			*
187			* @param string\|array\|self $name1 The first name
188			* @param string\|array\|self $name2 The second name
189			* @param array $attributes Attributes to assign to concatenated name
190			*
191			* @return static Concatenated name
192			*/
193			public static function concat($name1, $name2, array $attributes = []) {
194			return new static(
195			array_merge(self::prepareName($name1), self::prepareName($name2)), $attributes
196			);
197			}
198
199			/**
200			* Prepares a (string, array or Name node) name for use in name changing methods by converting
201			* it to an array.
202			*
203			* @param string\|array\|self $name Name to prepare
204			*
205			* @return array Prepared name
206			*/
207			private static function prepareName($name) {
208			if (is_string($name)) {
209			return explode('\\', $name);
210			} elseif (is_array($name)) {
211			return $name;
212			} elseif ($name instanceof self) {
213			return $name->parts;
214			}
215
216			throw new \InvalidArgumentException(
217			'When changing a name you need to pass either a string, an array or a Name node'
218			);
219			}
220			}
221

nikic / PHP-Parser

Issues (110)

Security Analysis no request data

lib/PhpParser/Node/Name.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like