BaseController::__call() - Code Metrics - Inspection of "3.0.0.18" - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( e0ed8e...0d3aa7 )

by Nils

created 2022-06-19 10:52 UTC

BaseController::__call() A

↳ Parent: BaseController

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	1
eloc	1
c	1
b	0
f	0
nc	1
nop	2
dl	0
loc	3
rs	10

<?php
/**
 * Teampass - a collaborative passwords manager.
 * ---
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * ---
 *
 * @project   Teampass API
 *
 * @file      BaseController.php
 * ---
 *
 * @author    Nils Laumaillé ([email protected])
 *
 * @copyright 2009-2022 Teampass.net
 *
 * @license   https://spdx.org/licenses/GPL-3.0-only.html#licenseText GPL-3.0
 * ---
 *
 * @see       https://www.teampass.net
 */
class BaseController
{
    /**
     * __call magic method.
     */
    public function __call($name, $arguments)
    {
        $this->sendOutput('', array('HTTP/1.1 404 Not Found'));
    }
 
    /**
     * Get URI elements.
     * 
     * @return array
     */
    public function getUriSegments()
    {
        $uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
        $uri = explode( '/', $uri );
        return $this->sanitizeUrl($uri);
    }
 
    /**
     * Get querystring params.
     * 
     * @return array
     */
    public function getQueryStringParams()
    {
        parse_str($_SERVER['QUERY_STRING'], $query);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
        return $this->sanitizeUrl($query);
    }


    /**
     * Undocumented function
     *
     * @param array $array
     * @return array
     */
    public function sanitizeUrl(array $array) : array
    {
        $filters = [];
        for ($i=0; $i < count($array); $i++) {
for ($i=0; $i<count($array); $i++) { // calls count() on each iteration
}

// Better
for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once
}
            array_push($filters, 'trim|escape');
        }
        
        return dataSanitizer(
            $array,
            $filters,
            __DIR__.'/../../..'
        );
    }


    /**
     * Send API output.
     *
     * @param mixed  $data
     * @param string $httpHeader
     */
    protected function sendOutput($data, $httpHeaders=array())
    {
        header_remove('Set-Cookie');
 
        if (is_array($httpHeaders) && count($httpHeaders)) {
            foreach ($httpHeaders as $httpHeader) {
                header($httpHeader);
            }
        }
 
        echo $data;
        exit;

    }
}

1			<?php
2			/**
3			* Teampass - a collaborative passwords manager.
4			* ---
5			* This library is distributed in the hope that it will be useful,
6			* but WITHOUT ANY WARRANTY; without even the implied warranty of
7			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
8			* ---
9			*
10			* @project Teampass API
11			*
12			* @file BaseController.php
13			* ---
14			*
15			* @author Nils Laumaillé ([email protected])
16			*
17			* @copyright 2009-2022 Teampass.net
18			*
19			* @license https://spdx.org/licenses/GPL-3.0-only.html#licenseText GPL-3.0
20			* ---
21			*
22			* @see https://www.teampass.net
23			*/
24			class BaseController
25			{
26			/**
27			* __call magic method.
28			*/
29			public function __call($name, $arguments)
30			{
31			$this->sendOutput('', array('HTTP/1.1 404 Not Found'));
32			}
33
34			/**
35			* Get URI elements.
36			*
37			* @return array
38			*/
39			public function getUriSegments()
40			{
41			$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
42			$uri = explode( '/', $uri );
43			return $this->sanitizeUrl($uri);
44			}
45
46			/**
47			* Get querystring params.
48			*
49			* @return array
50			*/
51			public function getQueryStringParams()
52			{
53			parse_str($_SERVER['QUERY_STRING'], $query);
			0 ignored issues – show Security Variable Injection introduced 2022-05-25 09:55 UTC by Report Bug Copy Issue Report `$_SERVER['QUERY_STRING']` can contain request data and is used in variable name context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read tainted data from array in api/Controller/Api/BaseController.php on line 53 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
54			return $this->sanitizeUrl($query);
55			}
56
57
58			/**
59			* Undocumented function
60			*
61			* @param array $array
62			* @return array
63			*/
64			public function sanitizeUrl(array $array) : array
65			{
66			$filters = [];
67			for ($i=0; $i < count($array); $i++) {
			0 ignored issues – show Performance Best Practice introduced 2022-06-19 11:03 UTC by Report Bug Copy Issue Report It seems like you are calling the size function `count()` as part of the test condition. You might want to compute the size beforehand, and not on each iteration. If the size of the collection does not change during the iteration, it is generally a good practice to compute it beforehand, and not on each iteration: for ($i=0; $i<count($array); $i++) { // calls count() on each iteration } // Better for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once } Loading history...
68			array_push($filters, 'trim\|escape');
69			}
70
71			return dataSanitizer(
72			$array,
73			$filters,
74			__DIR__.'/../../..'
75			);
76			}
77
78
79			/**
80			* Send API output.
81			*
82			* @param mixed $data
83			* @param string $httpHeader
84			*/
85			protected function sendOutput($data, $httpHeaders=array())
86			{
87			header_remove('Set-Cookie');
88
89			if (is_array($httpHeaders) && count($httpHeaders)) {
90			foreach ($httpHeaders as $httpHeader) {
91			header($httpHeader);
92			}
93			}
94
95			echo $data;
96			exit;
			0 ignored issues – show Best Practice introduced 2022-05-25 09:55 UTC by Report Bug Copy Issue Report Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
97			}
98			}

nilsteampassnet / TeamPass

Push — master ( e0ed8e...0d3aa7 )

BaseController::__call() A

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like