Issues in Config.php (master) - Issues in master - northwoods/container - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Zend/Config.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
declare(strict_types=1);

namespace Northwoods\Container\Zend;

use ArrayObject;
use Auryn\Injector;
use Northwoods\Container\ContainerException;
use Northwoods\Container\InjectorConfig;
use Psr\Container\ContainerInterface;

class Config implements InjectorConfig
{
    /** @var array */
    private $config;

    public function __construct(array $config)
    {
        $this->config = $config;
    }

    /**
     * Configure the injector using Zend Service Manager format
     */
    public function apply(Injector $injector): void
    {
        $dependencies = $this->config['dependencies'] ?? [];

        // Define the "config" service, accounting for the fact that Auryn
        // requires all returns are objects.
        $dependencies['services']['config'] = new ArrayObject($this->config, ArrayObject::ARRAY_AS_PROPS);

        $this->injectServices($injector, $dependencies);
        $this->injectFactories($injector, $dependencies);
        $this->injectInvokables($injector, $dependencies);
        $this->injectAliases($injector, $dependencies);
    }

    private function injectAliases(Injector $injector, array $dependencies): void

    {
        $aliases = $dependencies['aliases'] ?? [];
        foreach ($aliases as $alias => $target) {
            // Standard Auryn aliases do not work when chained. Work around by
            // lazily fetching the shared target from the container.
            $injector->share($alias)->share($target)->delegate($alias, $this->makeContainerGet($target));
        }
    }

    private function injectFactories(Injector $injector, array $dependencies): void
    {
        $factories = $dependencies['factories'] ?? [];
        foreach ($factories as $name => $factory) {
            $delegate = $this->makeFactory($injector, $name, $factory);
            if (isset($dependencies['delegators'][$name])) {

                $delegate = $this->makeDelegator(
                    $injector,
                    $name,
                    $delegate,
                    $dependencies['delegators'][$name]
                );
            }
            $injector->share($name)->delegate($name, $delegate);
        }
    }

    private function injectInvokables(Injector $injector, array $dependencies): void
    {
        $invokables = $dependencies['invokables'] ?? [];
        foreach ($invokables as $alias => $invokable) {
            if (is_string($alias) && $alias !== $invokable) {
                $injector->alias($alias, $invokable);
            }
            $delegate = $this->makeLazyInvokable($invokable, $invokable);
            if (isset($dependencies['delegators'][$invokable])) {

                $delegate = $this->makeDelegator(
                    $injector,
                    $invokable,
                    $delegate,
                    $dependencies['delegators'][$invokable]
                );
            }
            $injector->share($invokable)->delegate($invokable, $delegate);
        }
    }

    private function injectServices(Injector $injector, array $dependencies): void

    {
        $services = $dependencies['services'] ?? [];
        foreach ($services as $name => $service) {
            $injector->share($name)->delegate($name, $this->makeIdentity($service));
        }
    }

    private function makeDelegator(Injector $injector, string $name, callable $callback, array $delegators): callable
    {
        return /** @return object */ function () use ($injector, $name, $callback, $delegators) {
            foreach ($delegators as $delegator) {
                $container = $injector->make(ContainerInterface::class);
                $delegator = $this->makeInvokable($name, $delegator);
                $instance = $delegator($container, $name, $callback);
                $callback = $this->makeIdentity($instance);
$x = 1;
$callable = function() use ($x) {
    $x = 2; // Not visible in outer scope. If you would like this, how
            // about using a different variable name than $x?
};

$callable();
var_dump($x); // integer(1)
            }
            return $instance ?? $callback();
        };
    }

    private function makeContainerGet(string $name): callable
    {
        return /** @return object */ static function (ContainerInterface $container) use ($name) {
            return $container->get($name);
        };
    }

    /**
     * @param string|callable $factory
     */
    private function makeFactory(Injector $injector, string $name, $factory): callable
    {
        return /** @return object */ function () use ($injector, $name, $factory) {
            $container = $injector->make(ContainerInterface::class);
            $factory = $this->makeInvokable($name, $factory);
$x = 1;
$callable = function() use ($x) {
    $x = 2; // Not visible in outer scope. If you would like this, how
            // about using a different variable name than $x?
};

$callable();
var_dump($x); // integer(1)
            return $factory($container, $name);
        };
    }

    /**
     * @param object $object
     */
    private function makeIdentity($object): callable
    {
        return /** @return object */ static function () use ($object) {
            return $object;
        };
    }

    /**
     * @param string|callable $factory
     * @throws ContainerException if the factory cannot be made invokable
     */
    private function makeInvokable(string $name, $factory): callable
    {
        if (is_callable($factory)) {
            return $factory;
        }

        if ($this->isValidClass($factory)) {
            $factory = new $factory();
        }

        if (is_callable($factory) === false) {
            throw ContainerException::expectedInvokable($name);
        }

        return $factory;
    }

    /**
     * @param string|callable $factory
     */
    private function makeLazyInvokable(string $name, $factory): callable
    {
        return /** @return callable */ function () use ($name, $factory) {
            return $this->makeInvokable($name, $factory);
        };
    }

    /**
     * @param mixed $factory
     */
    private function isValidClass($factory): bool
    {
        return is_string($factory) && class_exists($factory);
    }
}


1			<?php
2			declare(strict_types=1);
3
4			namespace Northwoods\Container\Zend;
5
6			use ArrayObject;
7			use Auryn\Injector;
8			use Northwoods\Container\ContainerException;
9			use Northwoods\Container\InjectorConfig;
10			use Psr\Container\ContainerInterface;
11
12			class Config implements InjectorConfig
13			{
14			/** @var array */
15			private $config;
16
17	235		public function __construct(array $config)
18			{
19	235		$this->config = $config;
20	235		}
21
22			/**
23			* Configure the injector using Zend Service Manager format
24			*/
25	235		public function apply(Injector $injector): void
26			{
27	235		$dependencies = $this->config['dependencies'] ?? [];
28
29			// Define the "config" service, accounting for the fact that Auryn
30			// requires all returns are objects.
31	235		$dependencies['services']['config'] = new ArrayObject($this->config, ArrayObject::ARRAY_AS_PROPS);
32
33	235		$this->injectServices($injector, $dependencies);
34	235		$this->injectFactories($injector, $dependencies);
35	235		$this->injectInvokables($injector, $dependencies);
36	235		$this->injectAliases($injector, $dependencies);
37	235		}
38
39	235	View Code Duplication	private function injectAliases(Injector $injector, array $dependencies): void
			0 ignored issues – show Duplication introduced 2018-03-26 14:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
40			{
41	235		$aliases = $dependencies['aliases'] ?? [];
42	235		foreach ($aliases as $alias => $target) {
43			// Standard Auryn aliases do not work when chained. Work around by
44			// lazily fetching the shared target from the container.
45	132		$injector->share($alias)->share($target)->delegate($alias, $this->makeContainerGet($target));
46			}
47	235		}
48
49	235		private function injectFactories(Injector $injector, array $dependencies): void
50			{
51	235		$factories = $dependencies['factories'] ?? [];
52	235		foreach ($factories as $name => $factory) {
53	150		$delegate = $this->makeFactory($injector, $name, $factory);
54	150	View Code Duplication	if (isset($dependencies['delegators'][$name])) {
			0 ignored issues – show Duplication introduced 2018-03-26 14:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
55	96		$delegate = $this->makeDelegator(
56	96		$injector,
57	96		$name,
58	96		$delegate,
59	96		$dependencies['delegators'][$name]
60			);
61			}
62	150		$injector->share($name)->delegate($name, $delegate);
63			}
64	235		}
65
66	235		private function injectInvokables(Injector $injector, array $dependencies): void
67			{
68	235		$invokables = $dependencies['invokables'] ?? [];
69	235		foreach ($invokables as $alias => $invokable) {
70	77		if (is_string($alias) && $alias !== $invokable) {
71	29		$injector->alias($alias, $invokable);
72			}
73	77		$delegate = $this->makeLazyInvokable($invokable, $invokable);
74	77	View Code Duplication	if (isset($dependencies['delegators'][$invokable])) {
			0 ignored issues – show Duplication introduced 2018-03-26 14:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
75	49		$delegate = $this->makeDelegator(
76	49		$injector,
77	49		$invokable,
78	49		$delegate,
79	49		$dependencies['delegators'][$invokable]
80			);
81			}
82	77		$injector->share($invokable)->delegate($invokable, $delegate);
83			}
84	235		}
85
86	235	View Code Duplication	private function injectServices(Injector $injector, array $dependencies): void
			0 ignored issues – show Duplication introduced 2018-03-26 14:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
87			{
88	235		$services = $dependencies['services'] ?? [];
89	235		foreach ($services as $name => $service) {
90	235		$injector->share($name)->delegate($name, $this->makeIdentity($service));
91			}
92	235		}
93
94	145		private function makeDelegator(Injector $injector, string $name, callable $callback, array $delegators): callable
95			{
96			return /** @return object */ function () use ($injector, $name, $callback, $delegators) {
97	145		foreach ($delegators as $delegator) {
98	127		$container = $injector->make(ContainerInterface::class);
99	127		$delegator = $this->makeInvokable($name, $delegator);
100	73		$instance = $delegator($container, $name, $callback);
101	53		$callback = $this->makeIdentity($instance);
			0 ignored issues – show Bug introduced 2018-03-26 14:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different name than the imported variable `$callback`, or did you forget to import by reference? It seems like you are assigning to a variable which was imported through a `use` statement which was not imported by reference. For clarity, we suggest to use a different name or import by reference depending on whether you would like to have the change visibile in outer-scope. Change not visible in outer-scope $x = 1; $callable = function() use ($x) { $x = 2; // Not visible in outer scope. If you would like this, how // about using a different variable name than $x? }; $callable(); var_dump($x); // integer(1) Change visible in outer-scope $x = 1; $callable = function() use (&$x) { $x = 2; }; $callable(); var_dump($x); // integer(2) Loading history...
102			}
103	71		return $instance ?? $callback();
104	145		};
105			}
106
107	132		private function makeContainerGet(string $name): callable
108			{
109			return /** @return object */ static function (ContainerInterface $container) use ($name) {
110	132		return $container->get($name);
111	132		};
112			}
113
114			/**
115			* @param string\|callable $factory
116			*/
117	150		private function makeFactory(Injector $injector, string $name, $factory): callable
118			{
119			return /** @return object */ function () use ($injector, $name, $factory) {
120	102		$container = $injector->make(ContainerInterface::class);
121	102		$factory = $this->makeInvokable($name, $factory);
			0 ignored issues – show Bug introduced 2018-03-27 14:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different name than the imported variable `$factory`, or did you forget to import by reference? It seems like you are assigning to a variable which was imported through a `use` statement which was not imported by reference. For clarity, we suggest to use a different name or import by reference depending on whether you would like to have the change visibile in outer-scope. Change not visible in outer-scope $x = 1; $callable = function() use ($x) { $x = 2; // Not visible in outer scope. If you would like this, how // about using a different variable name than $x? }; $callable(); var_dump($x); // integer(1) Change visible in outer-scope $x = 1; $callable = function() use (&$x) { $x = 2; }; $callable(); var_dump($x); // integer(2) Loading history...
122	78		return $factory($container, $name);
123	150		};
124			}
125
126			/**
127			* @param object $object
128			*/
129	235		private function makeIdentity($object): callable
130			{
131			return /** @return object */ static function () use ($object) {
132	27		return $object;
133	235		};
134			}
135
136			/**
137			* @param string\|callable $factory
138			* @throws ContainerException if the factory cannot be made invokable
139			*/
140	223		private function makeInvokable(string $name, $factory): callable
141			{
142	223		if (is_callable($factory)) {
143	65		return $factory;
144			}
145
146	178		if ($this->isValidClass($factory)) {
147	150		$factory = new $factory();
148			}
149
150	156		if (is_callable($factory) === false) {
151	62		throw ContainerException::expectedInvokable($name);
152			}
153
154	108		return $factory;
155			}
156
157			/**
158			* @param string\|callable $factory
159			*/
160	77		private function makeLazyInvokable(string $name, $factory): callable
161			{
162			return /** @return callable */ function () use ($name, $factory) {
163	47		return $this->makeInvokable($name, $factory);
164	77		};
165			}
166
167			/**
168			* @param mixed $factory
169			*/
170	178		private function isValidClass($factory): bool
171			{
172	178		return is_string($factory) && class_exists($factory);
173			}
174			}
175

northwoods / container

Issues (9)

Security Analysis no request data

src/Zend/Config.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Change not visible in outer-scope

Change visible in outer-scope

Change not visible in outer-scope

Change visible in outer-scope

Duplication Side-by-Side

Filter issues like