Issues in CCachePool.php (master) - Issues in master - ohavsvik/CachePsr6 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Cache/CCachePool.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Anax\Cache;

/**
 *
 */
class CCachePool implements \Psr\Cache\CacheItemPoolInterface
{
    /**
     * An array with all cache items,
     * @var \Psr\Cache\CacheItemInterface[]
     */
    private $cacheItems;

    /**
     * An array of items to be saved later
     * @var \Psr\Cache\CacheItemInterface[]
     */
    private $defferedItems;

    /**
     * The path to the cache items
     * @var string
     */
    public $path;

    /**
     * Inits one array with the cached items and one with the deffered
     *
     */
    public function __construct()
    {
        //$this->cacheItems    = isset($_SESSION['cacheItems']) ? $_SESSION['cacheItems'] : [];

        $this->defferedItems = [];

        $this->path = __DIR__ . "/../../cacheitems/";

        // Creates a writable cache folder on the server
        if (!is_dir($this->path)) {
            mkdir($this->path, 0777, true);
        }

        $this->cacheItems = array();
        $this->initCache();
    }

    /**
     * Used to fill the array with existing cache items
     *
     * @return void
     */
    private function initCache()
    {
        // Init the cacheitems
        $files = glob($this->path . '/*.val');
        $expirations = glob($this->path . '/*.meta');

        sort($files);
        sort($expirations);

        $count = COUNT($files);

        for ($i = 0; $i < $count; $i++) {
            $key = basename($files[$i]);
            $key = preg_replace('/\\.[^.\\s]{3,4}$/', '', $key);

            $expiration = unserialize(file_get_contents($expirations[$i]));
            $this->cacheItems[] = new \Anax\Cache\CCacheFile($key, null, $expiration);
        }
    }

    /**
     * Returns a Cache Item representing the specified key.
     *
     * This method must always return a CacheItemInterface object, even in case of
     * a cache miss. It MUST NOT return null.
     *
     * @param string $key
     *   The key for which to return the corresponding Cache Item.
     *
     * @throws InvalidArgumentException
     *   If the $key string is not a legal value a \Psr\Cache\InvalidArgumentException
     *   MUST be thrown.
     *
     * @return \Psr\Cache\CacheItemInterface
     *   The corresponding Cache Item.
     */
    public function getItem($key)
    {
        // Checks if the key is valid
        $this->checkKey($key);

        // Iterate all items to find the right match
        foreach ($this->cacheItems as $cacheItem) {
            if ($cacheItem->getKey() == $key) {
                return $cacheItem;
            }
        }

        // If the item was not found in the current array, a new item is created and added to the array
        $item = new \Anax\Cache\CCacheFile($key);
        $this->cacheItems[] = $item;

        return $item;
    }

    /**
     * Generates a key from a string.
     *
     * @param string $str
     *   The value to convert to a key-string, must be unique
     *
     * @return string
     *   A generated key-string
     */
    public function generateKey($str)
    {
        $strEncoded = base64_encode($str);
        return 'ch_' . md5($strEncoded);
    }

    /**
     * Checks if a key string is valid, invalid values are {}()/\@:
     *
     * @param string $key
     * A string to ckeck, invalid values are {}()/\@:
     *
     * @throws InvalidArgumentException
     * If $key are not a legal value
     *
     * @return void
     */
    public function checkKey($key)
    {
        // The characters that are not legal/is invalid
        $invalidValues = "/[\/\{\}\(\)\@\:\.\\\]/";

        // Checks for matches in the key
        if (preg_match_all($invalidValues, $key, $matches)) {
            throw new \Anax\Cache\InvalidKeyException($matches);
        }
    }

    /**
     * Returns a traversable set of cache items.
     *
     * @param array $keys
     * An indexed array of keys of items to retrieve.
     * @throws InvalidArgumentException
     *   If any of the keys in $keys are not a legal value a \Psr\Cache\InvalidArgumentException
     *   MUST be thrown.
     *
     * @return array|\Traversable
     *   A traversable collection of Cache Items keyed by the cache keys of
     *   each item. A Cache item will be returned for each key, even if that
     *   key is not found. However, if no keys are specified then an empty
     *   traversable MUST be returned instead.
     */
    public function getItems(array $keys = array())
    {
        // Validating the keys
        foreach ($keys as $key) {
            $this->checkKey($key);
        }

        // Iterates all keys and gets the associated item
        $items = array();
        $nKeys = count($keys);
        for ($i=0; $i < $nKeys; $i++) {
            $items[(string) $keys[$i]] = $this->getItem($keys[$i]);
        }

        return $items;
    }

    /**
     * Confirms if the cache contains specified cache item.
     *
     * Note: This method MAY avoid retrieving the cached value for performance reasons.
     * This could result in a race condition with CacheItemInterface::get(). To avoid
     * such situation use CacheItemInterface::isHit() instead.
     *
     * @param string $key
     *    The key for which to check existence.
     *
     * @throws InvalidArgumentException
     *   If the $key string is not a legal value a \Psr\Cache\InvalidArgumentException
     *   MUST be thrown.
     *
     * @return bool
     *  True if item exists in the cache, false otherwise.
     */
    public function hasItem($key)
    {
        //Validates the key
        $this->checkKey($key);

        // is_file

        foreach ($this->cacheItems as $cacheItem) {
            if ($cacheItem->getKey() == $key) {
                return true;
            }
        }
        return false;
    }

    /**
     * Deletes all items in the pool.
     *
     * @return bool
     *   True if the pool was successfully cleared. False if there was an error.
     */
    public function clear()
    {
        $this->cacheItems = array();
        $this->defferedItems = array();

        $files = glob($this->path . '/*');

        if (!array_map('unlink', $files)) {
            return false;
        }

        return true;
    }

    /**
     * Removes the item from the pool.
     *
     * @param string $key
     *   The key for which to delete
     *
     * @throws InvalidArgumentException
     *   If the $key string is not a legal value a \Psr\Cache\InvalidArgumentException
     *   MUST be thrown.
     *
     * @return bool
     *   True if the item was successfully removed. False if there was an error.
     */
    public function deleteItem($key)
    {
        //Checks if the key is valid
        $this->checkKey($key);

        foreach ($this->cacheItems as $cacheItem) {
            if ($key == $cacheItem->getKey()) {
                $file = $cacheItem->filename($cacheItem->getKey());
                if (is_file($file)) {
                    unlink($file);
                    unset($cacheItem);
                } else {
                    return false;
                }
                return true;
            }
        }
        return false;
    }

    /**
     * Removes multiple items from the pool.
     *
     * @param array $keys
     *   An array of keys that should be removed from the pool.

     * @throws InvalidArgumentException
     *   If any of the keys in $keys are not a legal value a \Psr\Cache\InvalidArgumentException
     *   MUST be thrown.
     *
     * @return bool
     *   True if the items were successfully removed. False if there was an error.
     */
    public function deleteItems(array $keys)
    {
        //Checks if the keys are valid
        foreach ($keys as $key) {
            $this->checkKey($key);
        }

        foreach ($keys as $key) {
            if (!$this->deleteItem($key)) {
                return false;
            }
        }
        return true;
    }

    /**
     * Persists a cache item immediately.
     *
     * @param \Psr\Cache\CacheItemInterface $item
     *   The cache item to save.
     *
     * @return bool
     *   True if the item was successfully persisted. False if there was an error.
     */
    public function save(\Psr\Cache\CacheItemInterface $item)
    {
        // Gets the filename
        $file = $item->filename($item->getKey());

        // Checks if the file write failes and serializes the value
        if (!file_put_contents($file, serialize($item->getValue()))) {
            return false;
        }

        $file = $item->filename($item->getKey(), 'expiration');

        // Checks if the file write failes and serializes the value
        if (!file_put_contents($file, serialize($item->expiration))) {
interface SomeInterface { }
class SomeClass implements SomeInterface {
    public $a;
}

function someFunction(SomeInterface $object) {
    if ($object instanceof SomeClass) {
        $a = $object->a;
    }
}
            return false;
        }

        return true;
    }

    /**
     * Sets a cache item to be persisted later.
     *
     * @param \Psr\Cache\CacheItemInterface $item
     *   The cache item to save.
     *
     * @return bool
     *   False if the item could not be queued or if a commit was attempted and failed. True otherwise.
     */
    public function saveDeferred(\Psr\Cache\CacheItemInterface $item)
    {
        // Checks if the item is already saved as deffered
        foreach ($this->defferedItems as $defferedItem) {
            if ($defferedItem->getKey() == $item->getKey()) {
                return false;
            }
        }

        // Adds the item to the array of deffered items and returns true if it was successfull
        if (array_push($this->defferedItems, $item)) {
            return true;
        }

        return false;
    }

    /**
     * Persists any deferred cache items.
     *
     * @return bool
     *   True if all not-yet-saved items were successfully saved or there were none. False otherwise.
     */
    public function commit()
    {
        // Saves all items in $defferedItems
        foreach ($this->defferedItems as $item) {
            if (!$this->save($item)) {
                return false;
            }
        }

        // Resets the deffered array
        $this->defferedItems = array();
        return true;
    }
}


Issues (10)

Security Analysis no request data

src/Cache/CCachePool.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1		<?php
2
3		namespace Anax\Cache;
4
5		/**
6		*
7		*/
8		class CCachePool implements \Psr\Cache\CacheItemPoolInterface
9		{
10		/**
11		* An array with all cache items,
12		* @var \Psr\Cache\CacheItemInterface[]
13		*/
14		private $cacheItems;
15
16		/**
17		* An array of items to be saved later
18		* @var \Psr\Cache\CacheItemInterface[]
19		*/
20		private $defferedItems;
21
22		/**
23		* The path to the cache items
24		* @var string
25		*/
26		public $path;
27
28		/**
29		* Inits one array with the cached items and one with the deffered
30		*
31		*/
32	12	public function __construct()
33		{
34		//$this->cacheItems = isset($_SESSION['cacheItems']) ? $_SESSION['cacheItems'] : [];
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-01-19 08:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this `70%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
35	12	$this->defferedItems = [];
36
37	12	$this->path = __DIR__ . "/../../cacheitems/";
38
39		// Creates a writable cache folder on the server
40	12	if (!is_dir($this->path)) {
41	1	mkdir($this->path, 0777, true);
42	1	}
43
44	12	$this->cacheItems = array();
45	12	$this->initCache();
46	12	}
47
48		/**
49		* Used to fill the array with existing cache items
50		*
51		* @return void
52		*/
53	12	private function initCache()
54		{
55		// Init the cacheitems
56	12	$files = glob($this->path . '/*.val');
57	12	$expirations = glob($this->path . '/*.meta');
58
59	12	sort($files);
60	12	sort($expirations);
61
62	12	$count = COUNT($files);
63
64	12	for ($i = 0; $i < $count; $i++) {
65	7	$key = basename($files[$i]);
66	7	$key = preg_replace('/\\.[^.\\s]{3,4}$/', '', $key);
67
68	7	$expiration = unserialize(file_get_contents($expirations[$i]));
69	7	$this->cacheItems[] = new \Anax\Cache\CCacheFile($key, null, $expiration);
70	7	}
71	12	}
72
73		/**
74		* Returns a Cache Item representing the specified key.
75		*
76		* This method must always return a CacheItemInterface object, even in case of
77		* a cache miss. It MUST NOT return null.
78		*
79		* @param string $key
80		* The key for which to return the corresponding Cache Item.
81		*
82		* @throws InvalidArgumentException
83		* If the $key string is not a legal value a \Psr\Cache\InvalidArgumentException
84		* MUST be thrown.
85		*
86		* @return \Psr\Cache\CacheItemInterface
87		* The corresponding Cache Item.
88		*/
89	9	public function getItem($key)
90		{
91		// Checks if the key is valid
92	9	$this->checkKey($key);
93
94		// Iterate all items to find the right match
95	9	foreach ($this->cacheItems as $cacheItem) {
96	7	if ($cacheItem->getKey() == $key) {
97	2	return $cacheItem;
98		}
99	8	}
100
101		// If the item was not found in the current array, a new item is created and added to the array
102	8	$item = new \Anax\Cache\CCacheFile($key);
103	8	$this->cacheItems[] = $item;
104
105	8	return $item;
106		}
107
108		/**
109		* Generates a key from a string.
110		*
111		* @param string $str
112		* The value to convert to a key-string, must be unique
113		*
114		* @return string
115		* A generated key-string
116		*/
117	2	public function generateKey($str)
118		{
119	2	$strEncoded = base64_encode($str);
120	2	return 'ch_' . md5($strEncoded);
121		}
122
123		/**
124		* Checks if a key string is valid, invalid values are {}()/\@:
125		*
126		* @param string $key
127		* A string to ckeck, invalid values are {}()/\@:
128		*
129		* @throws InvalidArgumentException
130		* If $key are not a legal value
131		*
132		* @return void
133		*/
134	11	public function checkKey($key)
135		{
136		// The characters that are not legal/is invalid
137	11	$invalidValues = "/[\/\{\}\(\)\@\:\.\\\]/";
138
139		// Checks for matches in the key
140	11	if (preg_match_all($invalidValues, $key, $matches)) {
141	1	throw new \Anax\Cache\InvalidKeyException($matches);
142		}
143	10	}
144
145		/**
146		* Returns a traversable set of cache items.
147		*
148		* @param array $keys
149		* An indexed array of keys of items to retrieve.
150		* @throws InvalidArgumentException
151		* If any of the keys in $keys are not a legal value a \Psr\Cache\InvalidArgumentException
152		* MUST be thrown.
153		*
154		* @return array\|\Traversable
155		* A traversable collection of Cache Items keyed by the cache keys of
156		* each item. A Cache item will be returned for each key, even if that
157		* key is not found. However, if no keys are specified then an empty
158		* traversable MUST be returned instead.
159		*/
160	1	public function getItems(array $keys = array())
161		{
162		// Validating the keys
163	1	foreach ($keys as $key) {
164	1	$this->checkKey($key);
165	1	}
166
167		// Iterates all keys and gets the associated item
168	1	$items = array();
169	1	$nKeys = count($keys);
170	1	for ($i=0; $i < $nKeys; $i++) {
171	1	$items[(string) $keys[$i]] = $this->getItem($keys[$i]);
172	1	}
173
174	1	return $items;
175		}
176
177		/**
178		* Confirms if the cache contains specified cache item.
179		*
180		* Note: This method MAY avoid retrieving the cached value for performance reasons.
181		* This could result in a race condition with CacheItemInterface::get(). To avoid
182		* such situation use CacheItemInterface::isHit() instead.
183		*
184		* @param string $key
185		* The key for which to check existence.
186		*
187		* @throws InvalidArgumentException
188		* If the $key string is not a legal value a \Psr\Cache\InvalidArgumentException
189		* MUST be thrown.
190		*
191		* @return bool
192		* True if item exists in the cache, false otherwise.
193		*/
194	1	public function hasItem($key)
195		{
196		//Validates the key
197	1	$this->checkKey($key);
198
199		// is_file
200
201	1	foreach ($this->cacheItems as $cacheItem) {
202	1	if ($cacheItem->getKey() == $key) {
203	1	return true;
204		}
205	1	}
206	1	return false;
207		}
208
209		/**
210		* Deletes all items in the pool.
211		*
212		* @return bool
213		* True if the pool was successfully cleared. False if there was an error.
214		*/
215	1	public function clear()
216		{
217	1	$this->cacheItems = array();
218	1	$this->defferedItems = array();
219
220	1	$files = glob($this->path . '/*');
221
222	1	if (!array_map('unlink', $files)) {
223		return false;
224		}
225
226	1	return true;
227		}
228
229		/**
230		* Removes the item from the pool.
231		*
232		* @param string $key
233		* The key for which to delete
234		*
235		* @throws InvalidArgumentException
236		* If the $key string is not a legal value a \Psr\Cache\InvalidArgumentException
237		* MUST be thrown.
238		*
239		* @return bool
240		* True if the item was successfully removed. False if there was an error.
241		*/
242	2	public function deleteItem($key)
243		{
244		//Checks if the key is valid
245	2	$this->checkKey($key);
246
247	2	foreach ($this->cacheItems as $cacheItem) {
248	1	if ($key == $cacheItem->getKey()) {
249	1	$file = $cacheItem->filename($cacheItem->getKey());
250	1	if (is_file($file)) {
251	1	unlink($file);
252	1	unset($cacheItem);
253	1	} else {
254		return false;
255		}
256	1	return true;
257		}
258	2	}
259	1	return false;
260		}
261
262		/**
263		* Removes multiple items from the pool.
264		*
265		* @param array $keys
266		* An array of keys that should be removed from the pool.
267
268		* @throws InvalidArgumentException
269		* If any of the keys in $keys are not a legal value a \Psr\Cache\InvalidArgumentException
270		* MUST be thrown.
271		*
272		* @return bool
273		* True if the items were successfully removed. False if there was an error.
274		*/
275	2	public function deleteItems(array $keys)
276		{
277		//Checks if the keys are valid
278	2	foreach ($keys as $key) {
279	2	$this->checkKey($key);
280	2	}
281
282	2	foreach ($keys as $key) {
283	2	if (!$this->deleteItem($key)) {
284	1	return false;
285		}
286	1	}
287	1	return true;
288		}
289
290		/**
291		* Persists a cache item immediately.
292		*
293		* @param \Psr\Cache\CacheItemInterface $item
294		* The cache item to save.
295		*
296		* @return bool
297		* True if the item was successfully persisted. False if there was an error.
298		*/
299	5	public function save(\Psr\Cache\CacheItemInterface $item)
300		{
301		// Gets the filename
302	5	$file = $item->filename($item->getKey());
303
304		// Checks if the file write failes and serializes the value
305	5	if (!file_put_contents($file, serialize($item->getValue()))) {
306		return false;
307		}
308
309	5	$file = $item->filename($item->getKey(), 'expiration');
310
311		// Checks if the file write failes and serializes the value
312	5	if (!file_put_contents($file, serialize($item->expiration))) {
		0 ignored issues – show Bug introduced 2016-01-19 08:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `expiration` on the interface `Psr\Cache\CacheItemInterface` suggest that you code against a concrete implementation. How about adding an `instanceof` check? If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes Adding an additional type check: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeInterface $object) { if ($object instanceof SomeClass) { $a = $object->a; } } Changing the type hint: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeClass $object) { $a = $object->a; } Loading history...
313		return false;
314		}
315
316	5	return true;
317		}
318
319		/**
320		* Sets a cache item to be persisted later.
321		*
322		* @param \Psr\Cache\CacheItemInterface $item
323		* The cache item to save.
324		*
325		* @return bool
326		* False if the item could not be queued or if a commit was attempted and failed. True otherwise.
327		*/
328	1	public function saveDeferred(\Psr\Cache\CacheItemInterface $item)
329		{
330		// Checks if the item is already saved as deffered
331	1	foreach ($this->defferedItems as $defferedItem) {
332	1	if ($defferedItem->getKey() == $item->getKey()) {
333	1	return false;
334		}
335	1	}
336
337		// Adds the item to the array of deffered items and returns true if it was successfull
338	1	if (array_push($this->defferedItems, $item)) {
339	1	return true;
340		}
341
342		return false;
343		}
344
345		/**
346		* Persists any deferred cache items.
347		*
348		* @return bool
349		* True if all not-yet-saved items were successfully saved or there were none. False otherwise.
350		*/
351	1	public function commit()
352		{
353		// Saves all items in $defferedItems
354	1	foreach ($this->defferedItems as $item) {
355	1	if (!$this->save($item)) {
356		return false;
357		}
358	1	}
359
360		// Resets the deffered array
361	1	$this->defferedItems = array();
362	1	return true;
363		}
364		}
365

ohavsvik / CachePsr6

Issues (10)

Security Analysis no request data

src/Cache/CCachePool.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like