Issues in Soundcloud.php (master) - Issues in master - njasm/soundcloud - Measure and Improve Code Quality continuously with Scrutinizer

Issues (7)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Soundcloud/Soundcloud.php (1 issue)

Labels

Deprecated Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Njasm\Soundcloud;

use Njasm\Soundcloud\Auth\Auth;
use Njasm\Soundcloud\Auth\AuthInterface;
use Njasm\Soundcloud\Request\Request;
use Njasm\Soundcloud\Request\RequestInterface;

use Njasm\Container\Container;
use Njasm\Soundcloud\Request\Response;
use Njasm\Soundcloud\Request\ResponseInterface;
use Njasm\Soundcloud\Resource\Resource;
use Njasm\Soundcloud\Resource\ResourceInterface;
use Njasm\Soundcloud\UrlBuilder\UrlBuilder;
use Njasm\Soundcloud\UrlBuilder\UrlBuilderInterface;

/**
 * SoundCloud API wrapper in PHP
 *
 * @author      Nelson J Morais <[email protected]>
 * @copyright   2014 Nelson J Morais <[email protected]>
 * @license     http://www.opensource.org/licenses/mit-license.php MIT
 * @link        http://github.com/njasm/soundcloud
 * @package     Njasm\Soundcloud
 */

class Soundcloud
{
    const VERSION = '2.2.6-dev';
    const LIB_NAME = 'Njasm-Soundcloud';
    const LIB_URL = 'https://www.github.com/njasm/soundcloud';

    /** @var ResourceInterface */
    protected $resource;
    /** @var RequestInterface */
    protected $request;
    /** @var ResponseInterface */
    protected $response;
    /** @var AuthInterface */
    protected $auth;
    /** @var string */
    protected $responseFormat;
    /** @var Container */
    protected $container;

    public function __construct($clientID = null, $clientSecret = null, $authCallbackUri = null)
    {
        $this->container = new Container();

        $this->container->bind(AuthInterface::class, Auth::class);
        $this->container->bind(RequestInterface::class, Request::class);
        $this->container->bind(ResponseInterface::class, Response::class);
        $this->container->bind(ResourceInterface::class, Resource::class);
        $this->container->bind(UrlBuilderInterface::class, UrlBuilder::class);

        $this->auth = $this->make(AuthInterface::class, [$clientID, $clientSecret, $authCallbackUri]);
    }

    /**
     * Get ClientID for this instance
     * 
     * @return string The ClientID set for this instance
     */
    public function getAuthClientID()
    {
        return $this->auth->getClientID();
    }
    
    /**
     * Get the access token.
     * 
     * @return mixed the token, else null is returned
     */
    public function getAuthToken()
    {
        return $this->auth->getToken();
    }
    
    /**
     * Get the token scope.
     * 
     * @return mixed the scope for this access token, null if empty
     */
    public function getAuthScope()
    {
        return $this->auth->getScope();
    }

    /**
     * Get the token scope.
     * 
     * @return mixed the scope for this access token, null if empty
     */
    public function getExpires()
    {
        return $this->auth->getExpires();
    }

    /**
     * Set the Auth access token.
     * 
     * @return void
     */
    public function setAccessToken($accessToken)
    {
        $this->auth->setToken($accessToken);
    }

    /**
     * Set the Auth Scope.
     * 
     * @return void
     */
    public function setAuthScope($scope)
    {
        $this->auth->setScope($scope);
    }

    /**
     * Set the Auth Expires.
     * 
     * @return void
     */
    public function setAuthExpires($expires)
    {
        $this->auth->setExpires($expires);
    }
    
    /**
     * Set the Auth refresh token.
     * 
     * @return void
     */    
    public function setRefreshToken($refreshToken)
    {
        $this->auth->setRefreshToken($refreshToken);
    }
        
    
    /**
     * Sets up a GET Resource.
     * 
     * @param string $path
     * @param array $params
     * @return \Njasm\Soundcloud\Soundcloud
     */
    public function get($path, array $params = array())
    {
        $params = $this->mergeAuthParams($params);
        $this->resource = $this->make(ResourceInterface::class, [Request::VERB_GET, $path, $params]);
        return $this;
    }

    /**
     * Sets up a PUT Resource.
     * 
     * @param string $path
     * @param array $params
     * @return \Njasm\Soundcloud\Soundcloud
     */
    public function put($path, array $params = array())
    {
        $params = $this->mergeAuthParams($params);
        $this->resource = $this->make(ResourceInterface::class, [Request::VERB_PUT, $path, $params]);
        return $this;
    }
    
    /**
     * Sets up a POST Resource.
     * 
     * @param string $path
     * @param array $params
     * @return \Njasm\Soundcloud\Soundcloud
     */
    public function post($path, array $params = array())
    {
        $params = $this->mergeAuthParams($params);
        $this->resource = $this->make(ResourceInterface::class, [Request::VERB_POST, $path, $params]);
        return $this;
    }
    
    /**
     * Sets up a DELETE Resource.
     * 
     * @param string $path
     * @param array $params
     * @return \Njasm\Soundcloud\Soundcloud
     */
    public function delete($path, array $params = array())
    {
        $params = $this->mergeAuthParams($params);
        $this->resource = $this->make(
            ResourceInterface::class, [Request::VERB_DELETE, $path, $params]
        );
        return $this;
    }
    
    /**
     * @param string $interface the interface to build
     * @param array $params the interface object dependencies
     * @return object
     */
    protected function make($interface, array $params = array())
    {
        return $this->container->get($interface, $params);
    }
    
    /**
     * Sets resource params.
     * 
     * @param array $params
     * @return \Njasm\Soundcloud\Soundcloud
     * @throws RuntimeException
     */
    public function setParams(array $params = array())
    {
        if (!isset($this->resource)) {
            throw new \RuntimeException("No Resource found. you must call a http verb method before " . __METHOD__);
        }
        
        $this->resource->setParams($params);
        
        return $this;
    }
    
    /**
     * Executes the request against soundcloud api.
     * 
     * @param array $params
     * @return \Njasm\Soundcloud\Request\ResponseInterface
     */
    public function request(array $params = array())
    {
        $urlBuilder = $this->make(UrlBuilderInterface::class, [$this->resource]);
        $this->request = $this->make(RequestInterface::class, [$this->resource, $urlBuilder, $this->container]);
        $this->request->setOptions($params);
        $this->setResponseFormat($this->request);
        
        $this->response = $this->request->exec();
        
        return $this->response;
    }
    
    /**
     * Get Last Curl Response object.
     * 
     * @return mixed The Response Object, null if no request was yet made
     */
    public function getCurlResponse()
    {
        return (isset($this->response)) ? $this->response : null;
    }
    
    /**
     * Sets the Accept Header to application/xml.
     *
     * @deprecated Soundcloud does not support XML responses anymore.
     * @see https://github.com/njasm/soundcloud/issues/16
     *
     * @return Soundcloud
     */
    public function asXml()
    {
        $this->asJson();

        return $this;
    }
    
    /**
     * Sets the Accept Header to application/json.
     *
     * @deprecated Soundcloud does not support XML responses anymore and calling this method will be redundant.
     * @see https://github.com/njasm/soundcloud/issues/16
     *
     * @return Soundcloud
     */
    public function asJson()
    {
        $this->responseFormat = "json";
        return $this;
    }
    
    /**
     * Set response format for Request.
     *
     * @param \Njasm\Soundcloud\Request\RequestInterface
     * @return void
     */
    protected function setResponseFormat(RequestInterface $request)
    {
        if ($this->responseFormat == "xml") {
            $request->asXml();
        } else {
            $request->asJson();
        }
    }
    
    /**
     * Build array of auth params for the next request.
     * 
     * @param array $params
     * @param bool $includeClientSecret
     * @return array
     */
    protected function mergeAuthParams(array $params = array(), $includeClientSecret = false)
    {
        return $this->auth->mergeParams($params, $includeClientSecret);
    }
}


1		<?php
2
3		namespace Njasm\Soundcloud;
4
5		use Njasm\Soundcloud\Auth\Auth;
6		use Njasm\Soundcloud\Auth\AuthInterface;
7		use Njasm\Soundcloud\Request\Request;
8		use Njasm\Soundcloud\Request\RequestInterface;
9
10		use Njasm\Container\Container;
11		use Njasm\Soundcloud\Request\Response;
12		use Njasm\Soundcloud\Request\ResponseInterface;
13		use Njasm\Soundcloud\Resource\Resource;
14		use Njasm\Soundcloud\Resource\ResourceInterface;
15		use Njasm\Soundcloud\UrlBuilder\UrlBuilder;
16		use Njasm\Soundcloud\UrlBuilder\UrlBuilderInterface;
17
18		/**
19		* SoundCloud API wrapper in PHP
20		*
21		* @author Nelson J Morais <[email protected]>
22		* @copyright 2014 Nelson J Morais <[email protected]>
23		* @license http://www.opensource.org/licenses/mit-license.php MIT
24		* @link http://github.com/njasm/soundcloud
25		* @package Njasm\Soundcloud
26		*/
27
28		class Soundcloud
29		{
30		const VERSION = '2.2.6-dev';
31		const LIB_NAME = 'Njasm-Soundcloud';
32		const LIB_URL = 'https://www.github.com/njasm/soundcloud';
33
34		/** @var ResourceInterface */
35		protected $resource;
36		/** @var RequestInterface */
37		protected $request;
38		/** @var ResponseInterface */
39		protected $response;
40		/** @var AuthInterface */
41		protected $auth;
42		/** @var string */
43		protected $responseFormat;
44		/** @var Container */
45		protected $container;
46
47	22	public function __construct($clientID = null, $clientSecret = null, $authCallbackUri = null)
48		{
49	22	$this->container = new Container();
50
51	22	$this->container->bind(AuthInterface::class, Auth::class);
52	22	$this->container->bind(RequestInterface::class, Request::class);
53	22	$this->container->bind(ResponseInterface::class, Response::class);
54	22	$this->container->bind(ResourceInterface::class, Resource::class);
55	22	$this->container->bind(UrlBuilderInterface::class, UrlBuilder::class);
56
57	22	$this->auth = $this->make(AuthInterface::class, [$clientID, $clientSecret, $authCallbackUri]);
58	22	}
59
60		/**
61		* Get ClientID for this instance
62		*
63		* @return string The ClientID set for this instance
64		*/
65	2	public function getAuthClientID()
66		{
67	2	return $this->auth->getClientID();
68		}
69
70		/**
71		* Get the access token.
72		*
73		* @return mixed the token, else null is returned
74		*/
75	3	public function getAuthToken()
76		{
77	3	return $this->auth->getToken();
78		}
79
80		/**
81		* Get the token scope.
82		*
83		* @return mixed the scope for this access token, null if empty
84		*/
85	1	public function getAuthScope()
86		{
87	1	return $this->auth->getScope();
88		}
89
90		/**
91		* Get the token scope.
92		*
93		* @return mixed the scope for this access token, null if empty
94		*/
95	1	public function getExpires()
96		{
97	1	return $this->auth->getExpires();
98		}
99
100		/**
101		* Set the Auth access token.
102		*
103		* @return void
104		*/
105		public function setAccessToken($accessToken)
106		{
107		$this->auth->setToken($accessToken);
108		}
109
110		/**
111		* Set the Auth Scope.
112		*
113		* @return void
114		*/
115		public function setAuthScope($scope)
116		{
117		$this->auth->setScope($scope);
118		}
119
120		/**
121		* Set the Auth Expires.
122		*
123		* @return void
124		*/
125		public function setAuthExpires($expires)
126		{
127		$this->auth->setExpires($expires);
128		}
129
130		/**
131		* Set the Auth refresh token.
132		*
133		* @return void
134		*/
135		public function setRefreshToken($refreshToken)
136		{
137		$this->auth->setRefreshToken($refreshToken);
138		}
139
140
141		/**
142		* Sets up a GET Resource.
143		*
144		* @param string $path
145		* @param array $params
146		* @return \Njasm\Soundcloud\Soundcloud
147		*/
148	4	public function get($path, array $params = array())
149		{
150	4	$params = $this->mergeAuthParams($params);
151	4	$this->resource = $this->make(ResourceInterface::class, [Request::VERB_GET, $path, $params]);
152	4	return $this;
153		}
154
155		/**
156		* Sets up a PUT Resource.
157		*
158		* @param string $path
159		* @param array $params
160		* @return \Njasm\Soundcloud\Soundcloud
161		*/
162	1	public function put($path, array $params = array())
163		{
164	1	$params = $this->mergeAuthParams($params);
165	1	$this->resource = $this->make(ResourceInterface::class, [Request::VERB_PUT, $path, $params]);
166	1	return $this;
167		}
168
169		/**
170		* Sets up a POST Resource.
171		*
172		* @param string $path
173		* @param array $params
174		* @return \Njasm\Soundcloud\Soundcloud
175		*/
176	5	public function post($path, array $params = array())
177		{
178	5	$params = $this->mergeAuthParams($params);
179	5	$this->resource = $this->make(ResourceInterface::class, [Request::VERB_POST, $path, $params]);
180	5	return $this;
181		}
182
183		/**
184		* Sets up a DELETE Resource.
185		*
186		* @param string $path
187		* @param array $params
188		* @return \Njasm\Soundcloud\Soundcloud
189		*/
190	1	public function delete($path, array $params = array())
191		{
192	1	$params = $this->mergeAuthParams($params);
193	1	$this->resource = $this->make(
194	1	ResourceInterface::class, [Request::VERB_DELETE, $path, $params]
195		);
196	1	return $this;
197		}
198
199		/**
200		* @param string $interface the interface to build
201		* @param array $params the interface object dependencies
202		* @return object
203		*/
204	22	protected function make($interface, array $params = array())
205		{
206	22	return $this->container->get($interface, $params);
207		}
208
209		/**
210		* Sets resource params.
211		*
212		* @param array $params
213		* @return \Njasm\Soundcloud\Soundcloud
214		* @throws RuntimeException
215		*/
216	3	public function setParams(array $params = array())
217		{
218	3	if (!isset($this->resource)) {
219	1	throw new \RuntimeException("No Resource found. you must call a http verb method before " . __METHOD__);
220		}
221
222	2	$this->resource->setParams($params);
223
224	2	return $this;
225		}
226
227		/**
228		* Executes the request against soundcloud api.
229		*
230		* @param array $params
231		* @return \Njasm\Soundcloud\Request\ResponseInterface
232		*/
233	6	public function request(array $params = array())
234		{
235	6	$urlBuilder = $this->make(UrlBuilderInterface::class, [$this->resource]);
236	6	$this->request = $this->make(RequestInterface::class, [$this->resource, $urlBuilder, $this->container]);
237	6	$this->request->setOptions($params);
238	6	$this->setResponseFormat($this->request);
239
240	6	$this->response = $this->request->exec();
241
242	6	return $this->response;
243		}
244
245		/**
246		* Get Last Curl Response object.
247		*
248		* @return mixed The Response Object, null if no request was yet made
249		*/
250	1	public function getCurlResponse()
251		{
252	1	return (isset($this->response)) ? $this->response : null;
253		}
254
255		/**
256		* Sets the Accept Header to application/xml.
257		*
258		* @deprecated Soundcloud does not support XML responses anymore.
259		* @see https://github.com/njasm/soundcloud/issues/16
260		*
261		* @return Soundcloud
262		*/
263	1	public function asXml()
264		{
265	1	$this->asJson();
		0 ignored issues – show Deprecated Code introduced 2015-11-20 21:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `Njasm\Soundcloud\Soundcloud::asJson()` has been deprecated with message: Soundcloud does not support XML responses anymore and calling this method will be redundant. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
266	1	return $this;
267		}
268
269		/**
270		* Sets the Accept Header to application/json.
271		*
272		* @deprecated Soundcloud does not support XML responses anymore and calling this method will be redundant.
273		* @see https://github.com/njasm/soundcloud/issues/16
274		*
275		* @return Soundcloud
276		*/
277	5	public function asJson()
278		{
279	5	$this->responseFormat = "json";
280	5	return $this;
281		}
282
283		/**
284		* Set response format for Request.
285		*
286		* @param \Njasm\Soundcloud\Request\RequestInterface
287		* @return void
288		*/
289	7	protected function setResponseFormat(RequestInterface $request)
290		{
291	7	if ($this->responseFormat == "xml") {
292		$request->asXml();
293		} else {
294	7	$request->asJson();
295		}
296	7	}
297
298		/**
299		* Build array of auth params for the next request.
300		*
301		* @param array $params
302		* @param bool $includeClientSecret
303		* @return array
304		*/
305	12	protected function mergeAuthParams(array $params = array(), $includeClientSecret = false)
306		{
307	12	return $this->auth->mergeParams($params, $includeClientSecret);
308		}
309		}
310

njasm / soundcloud

Issues (7)

Security Analysis no request data

src/Soundcloud/Soundcloud.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like