Issues in Select2Context.php (master) - Issues in master - novaway/BehatCommonContext - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Context/Select2Context.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Novaway\CommonContexts\Context;

use Behat\Mink\Element\DocumentElement;

class Select2Context extends BaseContext
{
    const DEFAULT_TIMEOUT = 60;

    /** @var int */
    private $timeout;

    /**
     * Constructor
     *
     * @param int $timeout Timeout for waiting results (in seconds)
     */
    public function __construct($timeout = self::DEFAULT_TIMEOUT)
    {
        $this->timeout = $timeout;
    }

    /**
     * Fills in Select2 field with specified
     *
     * @When /^(?:|I )fill in select2 "(?P<field>(?:[^"]|\\")*)" with "(?P<value>(?:[^"]|\\")*)"$/
     * @When /^(?:|I )fill in select2 "(?P<value>(?:[^"]|\\")*)" for "(?P<field>(?:[^"]|\\")*)"$/
     */
    public function iFillInSelect2Field($field, $value)
    {
        $page = $this->getSession()->getPage();

        $this->openField($page, $field);
        $this->selectValue($page, $field, $value, $this->timeout);
    }

    /**
     * Fills in Select2 field with specified and wait for results
     *
     * @When /^(?:|I )fill in select2 "(?P<field>(?:[^"]|\\")*)" with "(?P<value>(?:[^"]|\\")*)" and wait (?P<time>(?:[^"]|\\")*) seconds until results are loaded$/
     * @When /^(?:|I )fill in select2 "(?P<value>(?:[^"]|\\")*)" for "(?P<field>(?:[^"]|\\")*)" and wait (?P<time>(?:[^"]|\\")*) seconds until results are loaded$/
     */
    public function iFillInSelect2FieldWaitUntilResultsAreLoaded($field, $value, $time)
    {
        $page = $this->getSession()->getPage();

        $this->openField($page, $field);
        $this->selectValue($page, $field, $value, $time);
    }

    /**
     * Fill Select2 input field
     *
     * @When /^(?:|I )fill in select2 input "(?P<field>(?:[^"]|\\")*)" with "(?P<value>(?:[^"]|\\")*)"$/
     */
    public function iFillInSelect2InputWith($field, $value)
    {
        $page = $this->getSession()->getPage();

        $this->openField($page, $field);
        $this->fillSearchField($page, $field, $value);
    }

    /**
     * Fill Select2 input field and select a value
     *
     * @When /^(?:|I )fill in select2 input "(?P<field>(?:[^"]|\\")*)" with "(?P<value>(?:[^"]|\\")*)" and select "(?P<entry>(?:[^"]|\\")*)"$/
     */
    public function iFillInSelect2InputWithAndSelect($field, $value, $entry)
    {
        $page = $this->getSession()->getPage();

        $this->openField($page, $field);
        $this->fillSearchField($page, $field, $value);
        $this->selectValue($page, $field, $entry, $this->timeout);
    }

    /**
     * Fill Select2 input field
     *
     * @Then /^(?:|I )should see (?P<num>\d+) choice(?:|s) in select2 "(?P<field>(?:[^"]|\\")*)"$/
     */
    public function iShouldSeeSelectChoices($field, $num)
    {
        $selector = sprintf('#select2-%s-results li', $field);

        $this->assertSession()->elementsCount('css', $selector, intval($num));
    }

    /**
     * Open Select2 choice list
     *
     * @param DocumentElement $page
     * @param string          $field
     * @throws \Exception
     */
    private function openField(DocumentElement $page, $field)

    {
        // force select2 to be closed
        $page->find('css', 'body')->press();

        $fieldName = sprintf('select[name="%s"] + .select2-container', $field);

        $inputField = $page->find('css', $fieldName);
        if (!$inputField) {
            throw new \Exception(sprintf('No field "%s" found', $field));
        }

        $choice = $inputField->find('css', '.select2-selection');
        if (!$choice) {
            throw new \Exception(sprintf('No select2 choice found for "%s"', $field));
        }
        $choice->press();
    }

    /**
     * Fill Select2 search field
     *
     * @param DocumentElement $page
     * @param string          $field
     * @param string          $value
     * @throws \Exception
     */
    private function fillSearchField(DocumentElement $page, $field, $value)
    {
        $driver = $this->getSession()->getDriver();
        if ('Behat\Mink\Driver\Selenium2Driver' === get_class($driver)) {
            // Can't use `$this->getSession()->getPage()->find()` because of https://github.com/minkphp/MinkSelenium2Driver/issues/188
            $select2Input = $this->getSession()->getDriver()->getWebDriverSession()->element('xpath', "//html/descendant-or-self::*[@class and contains(concat(' ', normalize-space(@class), ' '), ' select2-search__field ')]");
interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}
            if (!$select2Input) {
                throw new \Exception(sprintf('No field "%s" found', $field));
            }
            $select2Input->postValue(['value' => [$value]]);
        } else {
            $select2Input = $page->find('css', '.select2-search__field');
            if (!$select2Input) {
                throw new \Exception(sprintf('No input found for "%s"', $field));
            }
            $select2Input->setValue($value);
        }

        $this->waitForLoadingResults($this->timeout);
    }

    /**
     * Select value in choice list
     *
     * @param DocumentElement $page
     * @param string          $field
     * @param string          $value
     * @param int             $time
     * @throws \Exception
     */
    private function selectValue(DocumentElement $page, $field, $value, $time)
    {
        $this->waitForLoadingResults($time);

        $chosenResults = $page->findAll('css', '.select2-results li');
        foreach ($chosenResults as $result) {
            if ($result->getText() == $value) {
                $result->click();
                return;
            }
        }

        throw new \Exception(sprintf('Value "%s" not found for "%s"', $value, $field));
    }

    /**
     * Wait the end of fetching Select2 results
     *
     * @param int $time Time to wait in seconds
     */
    private function waitForLoadingResults($time)
    {
        for ($i = 0; $i < $time; $i++) {
            if (!$this->getSession()->getPage()->find('css', '.select2-results__option.loading-results')) {
                return;
            }

            sleep(1);
        }
    }
}


1		<?php
2
3		namespace Novaway\CommonContexts\Context;
4
5		use Behat\Mink\Element\DocumentElement;
6
7		class Select2Context extends BaseContext
8		{
9		const DEFAULT_TIMEOUT = 60;
10
11		/** @var int */
12		private $timeout;
13
14		/**
15		* Constructor
16		*
17		* @param int $timeout Timeout for waiting results (in seconds)
18		*/
19		public function __construct($timeout = self::DEFAULT_TIMEOUT)
20		{
21		$this->timeout = $timeout;
22		}
23
24		/**
25		* Fills in Select2 field with specified
26		*
27		* @When /^(?:\|I )fill in select2 "(?P<field>(?:[^"]\|\\"))" with "(?P<value>(?:[^"]\|\\"))"$/
28		* @When /^(?:\|I )fill in select2 "(?P<value>(?:[^"]\|\\"))" for "(?P<field>(?:[^"]\|\\"))"$/
29		*/
30		public function iFillInSelect2Field($field, $value)
31		{
32		$page = $this->getSession()->getPage();
33
34		$this->openField($page, $field);
35		$this->selectValue($page, $field, $value, $this->timeout);
36		}
37
38		/**
39		* Fills in Select2 field with specified and wait for results
40		*
41		* @When /^(?:\|I )fill in select2 "(?P<field>(?:[^"]\|\\"))" with "(?P<value>(?:[^"]\|\\"))" and wait (?P<time>(?:[^"]\|\\")*) seconds until results are loaded$/
42		* @When /^(?:\|I )fill in select2 "(?P<value>(?:[^"]\|\\"))" for "(?P<field>(?:[^"]\|\\"))" and wait (?P<time>(?:[^"]\|\\")*) seconds until results are loaded$/
43		*/
44		public function iFillInSelect2FieldWaitUntilResultsAreLoaded($field, $value, $time)
45		{
46		$page = $this->getSession()->getPage();
47
48		$this->openField($page, $field);
49		$this->selectValue($page, $field, $value, $time);
50		}
51
52		/**
53		* Fill Select2 input field
54		*
55		* @When /^(?:\|I )fill in select2 input "(?P<field>(?:[^"]\|\\"))" with "(?P<value>(?:[^"]\|\\"))"$/
56		*/
57		public function iFillInSelect2InputWith($field, $value)
58		{
59		$page = $this->getSession()->getPage();
60
61		$this->openField($page, $field);
62		$this->fillSearchField($page, $field, $value);
63		}
64
65		/**
66		* Fill Select2 input field and select a value
67		*
68		* @When /^(?:\|I )fill in select2 input "(?P<field>(?:[^"]\|\\"))" with "(?P<value>(?:[^"]\|\\"))" and select "(?P<entry>(?:[^"]\|\\")*)"$/
69		*/
70		public function iFillInSelect2InputWithAndSelect($field, $value, $entry)
71		{
72		$page = $this->getSession()->getPage();
73
74		$this->openField($page, $field);
75		$this->fillSearchField($page, $field, $value);
76		$this->selectValue($page, $field, $entry, $this->timeout);
77		}
78
79		/**
80		* Fill Select2 input field
81		*
82		* @Then /^(?:\|I )should see (?P<num>\d+) choice(?:\|s) in select2 "(?P<field>(?:[^"]\|\\")*)"$/
83		*/
84		public function iShouldSeeSelectChoices($field, $num)
85		{
86		$selector = sprintf('#select2-%s-results li', $field);
87
88		$this->assertSession()->elementsCount('css', $selector, intval($num));
89		}
90
91		/**
92		* Open Select2 choice list
93		*
94		* @param DocumentElement $page
95		* @param string $field
96		* @throws \Exception
97		*/
98	View Code Duplication	private function openField(DocumentElement $page, $field)
		0 ignored issues – show Duplication introduced 2017-09-11 15:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
99		{
100		// force select2 to be closed
101		$page->find('css', 'body')->press();
102
103		$fieldName = sprintf('select[name="%s"] + .select2-container', $field);
104
105		$inputField = $page->find('css', $fieldName);
106		if (!$inputField) {
107		throw new \Exception(sprintf('No field "%s" found', $field));
108		}
109
110		$choice = $inputField->find('css', '.select2-selection');
111		if (!$choice) {
112		throw new \Exception(sprintf('No select2 choice found for "%s"', $field));
113		}
114		$choice->press();
115		}
116
117		/**
118		* Fill Select2 search field
119		*
120		* @param DocumentElement $page
121		* @param string $field
122		* @param string $value
123		* @throws \Exception
124		*/
125		private function fillSearchField(DocumentElement $page, $field, $value)
126		{
127		$driver = $this->getSession()->getDriver();
128		if ('Behat\Mink\Driver\Selenium2Driver' === get_class($driver)) {
129		// Can't use `$this->getSession()->getPage()->find()` because of https://github.com/minkphp/MinkSelenium2Driver/issues/188
130		$select2Input = $this->getSession()->getDriver()->getWebDriverSession()->element('xpath', "//html/descendant-or-self::*[@class and contains(concat(' ', normalize-space(@class), ' '), ' select2-search__field ')]");
		0 ignored issues – show Bug introduced 2015-12-12 20:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you code against a concrete implementation and not the interface `Behat\Mink\Driver\DriverInterface` as the method `getWebDriverSession()` does only exist in the following implementations of said interface: `Behat\Mink\Driver\Selenium2Driver`. Let’s take a look at an example: interface User { /** @return string / public function getPassword(); } class MyUser implements User { public function getPassword() { // return something } public function getDisplayName() { // return some name. } } class AuthSystem { public function authenticate(User $user) { $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName())); // do something. } } In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break. Available Fixes Change the type-hint for the parameter: class AuthSystem { public function authenticate(MyUser $user) { / ... / } } Add an additional type-check: class AuthSystem { public function authenticate(User $user) { if ($user instanceof MyUser) { $this->logger->info(/* ... /); } // or alternatively if ( ! $user instanceof MyUser) { throw new \LogicException( '$user must be an instance of MyUser, ' .'other instances are not supported.' ); } } } Note:* PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case. Add the method to the interface: interface User { /** @return string / public function getPassword(); /* @return string */ public function getDisplayName(); } Loading history...
131		if (!$select2Input) {
132		throw new \Exception(sprintf('No field "%s" found', $field));
133		}
134		$select2Input->postValue(['value' => [$value]]);
135		} else {
136		$select2Input = $page->find('css', '.select2-search__field');
137		if (!$select2Input) {
138		throw new \Exception(sprintf('No input found for "%s"', $field));
139		}
140		$select2Input->setValue($value);
141		}
142
143		$this->waitForLoadingResults($this->timeout);
144		}
145
146		/**
147		* Select value in choice list
148		*
149		* @param DocumentElement $page
150		* @param string $field
151		* @param string $value
152		* @param int $time
153		* @throws \Exception
154		*/
155		private function selectValue(DocumentElement $page, $field, $value, $time)
156		{
157		$this->waitForLoadingResults($time);
158
159		$chosenResults = $page->findAll('css', '.select2-results li');
160		foreach ($chosenResults as $result) {
161		if ($result->getText() == $value) {
162		$result->click();
163		return;
164		}
165		}
166
167		throw new \Exception(sprintf('Value "%s" not found for "%s"', $value, $field));
168		}
169
170		/**
171		* Wait the end of fetching Select2 results
172		*
173		* @param int $time Time to wait in seconds
174		*/
175		private function waitForLoadingResults($time)
176		{
177		for ($i = 0; $i < $time; $i++) {
178		if (!$this->getSession()->getPage()->find('css', '.select2-results__option.loading-results')) {
179		return;
180		}
181
182		sleep(1);
183		}
184		}
185		}
186

novaway / BehatCommonContext

Issues (3)

Security Analysis no request data

src/Context/Select2Context.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like