Issues in ArrayConfiguration.php (dev) - Issues in dev - old-town/old-town-workflow - Measure and Improve Code Quality continuously with Scrutinizer

Issues (302)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Config/ArrayConfiguration.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @link https://github.com/old-town/old-town-workflow
 * @author  Malofeykin Andrey  <[email protected]>
 */
namespace OldTown\Workflow\Config;

use OldTown\Workflow\Loader\UrlWorkflowFactory;
use OldTown\Workflow\Loader\WorkflowDescriptor;
use OldTown\Workflow\Spi\WorkflowStoreInterface;
use OldTown\Workflow\Util\DefaultVariableResolver;
use OldTown\Workflow\Util\VariableResolverInterface;
use Psr\Http\Message\UriInterface;
use OldTown\Workflow\Loader\WorkflowFactoryInterface;


/**
 * Interface ConfigurationInterface
 *
 * @package OldTown\Workflow\Config
 */
class  ArrayConfiguration implements ConfigurationInterface
{
    /**
     * @var string
     */
    const PERSISTENCE = 'persistence';

    /**
     * @var string
     */
    const PERSISTENCE_ARGS = 'persistenceArgs';

    /**
     * @var string
     */
    const VARIABLE_RESOLVER = 'variableResolver';

    /**
     * @var string
     */
    const WORKFLOW_FACTORY = 'factory';

    /**
     * Флаг определяющий было ли иницилизированно workflow
     *
     * @var bool
     */
    protected $initialized = true;

    /**
     * Фабрика для создания workflow
     *
     * @var WorkflowFactoryInterface
     */
    protected $factory;

    /**
     * Хранилище состояния workflow
     *
     * @var WorkflowStoreInterface
     */
    protected $workflowStore;

    /**
     * Имя класса хранилища состяония workflow
     *
     * @var string
     */
    protected $persistence;

    /**
     * Опции для настройки хранилища стостояния workflow
     *
     * @var array
     */
    protected $persistenceArgs = [];

    /**
     * @var VariableResolverInterface
     */
    protected $variableResolver;

    /**
     * @param $options
     *
     * @throws \OldTown\Workflow\Exception\FactoryException
     * @throws \OldTown\Workflow\Config\Exception\InvalidVariableResolverException
     * @throws \OldTown\Workflow\Config\Exception\InvalidWorkflowFactoryException
     */
    public function __construct(array $options = [])
    {
        $this->init($options);
    }

    /**
     * @param array $options
     *
     * @throws \OldTown\Workflow\Exception\FactoryException
     * @throws \OldTown\Workflow\Config\Exception\InvalidVariableResolverException
     * @throws \OldTown\Workflow\Config\Exception\InvalidWorkflowFactoryException
     */
    protected function init(array $options = [])
    {
        if (array_key_exists(static::PERSISTENCE, $options)) {
            $this->persistence = $options[static::PERSISTENCE];
        }
        if (array_key_exists(static::PERSISTENCE_ARGS, $options)) {
            $this->persistenceArgs = $options[static::PERSISTENCE_ARGS];
        }

        if (array_key_exists(static::VARIABLE_RESOLVER, $options)) {
            $variableResolver = $options[static::VARIABLE_RESOLVER];
            if (null === $variableResolver) {
                $variableResolver = new DefaultVariableResolver();
            }
        } else {
            $variableResolver = new DefaultVariableResolver();
        }
        if (!$variableResolver instanceof VariableResolverInterface) {
            $errMsg = sprintf('Variable resolver not implements %s', VariableResolverInterface::class);
            throw new Exception\InvalidVariableResolverException($errMsg);
        }
        $this->variableResolver = $variableResolver;


        if (array_key_exists(static::WORKFLOW_FACTORY, $options)) {
            $workflowFactory = $options[static::WORKFLOW_FACTORY];
            if (null === $workflowFactory) {
                $workflowFactory = new UrlWorkflowFactory();
            }

            if (!$workflowFactory instanceof WorkflowFactoryInterface) {
                $errMsg = sprintf('Workflow factory not implements %s', WorkflowFactoryInterface::class);
                throw new Exception\InvalidWorkflowFactoryException($errMsg);
            }
            $workflowFactory->initDone();
            $this->factory = $workflowFactory;
        }
    }

    /**
     * @return WorkflowFactoryInterface
     */
    public function getFactory()
    {
        return $this->factory;
    }

    /**
     * Определяет была ли иницилазированна дананя конфигурация
     *
     * @return bool
     */
    public function isInitialized()
    {
        return $this->initialized;
    }

    /**
     * Определяет есть ли возможность модифицировать workflow  с з
     *
     * @param string $name
     *
     * @return bool
     */
    public function isModifiable($name)
    {
        return $this->factory->isModifiable($name);
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
    }

    /**
     * Возвращает имя класса хранилища состяония workflow
     *
     * @return string
     */
    public function getPersistence()
    {
        return $this->persistence;
    }

    /**
     * Возвращает опции для настройки хранилища стостояния workflow
     *
     * @return array
     */
    public function getPersistenceArgs()
    {
        return $this->persistenceArgs;
    }

    /**
     *
     * @return VariableResolverInterface
     */
    public function getVariableResolver()
    {
        return $this->variableResolver;
    }

    /**
     * @param string $name
     *
     * @return WorkflowDescriptor
     *
     * @throws Exception\InvalidWorkflowDescriptorException
     */
    public function getWorkflow($name)
    {
        $workflow = $this->factory->getWorkflow($name);

        if (!$workflow instanceof WorkflowDescriptor) {
            $errMsg = 'Unknown workflow name';
            throw new Exception\InvalidWorkflowDescriptorException($errMsg);
        }

        return $workflow;
    }

    /**
     * @return \String[]
     */
    public function getWorkflowNames()
    {
        return $this->factory->getWorkflowNames();
    }

    /**
     * @return WorkflowStoreInterface
     * @throws Exception\StoreException
     */
    public function getWorkflowStore()
    {
        if ($this->workflowStore) {
            return $this->workflowStore;
        }

        try {
            $class = $this->getPersistence();
            $r = new \ReflectionClass($class);
            /** @var WorkflowStoreInterface $store */
            $store = $r->newInstance();

            $args = $this->getPersistenceArgs();
            $store->init($args);
        } catch (\Exception $e) {
            throw new Exception\StoreException($e->getMessage(), $e->getCode(), $e);
        }

        $this->workflowStore = $store;

        return $this->workflowStore;
    }

    /**
     * @param UriInterface|null $url
     *
     * @throws Exception\MethodNotSupportedException
     */
    public function load(UriInterface $url = null)
    {
        $errMsg = sprintf('%s not supported method %s', ArrayConfiguration::class, __FUNCTION__);
        throw new Exception\MethodNotSupportedException($errMsg);
    }

    /**
     * @param string $workflow
     *
     * @return bool|void
     */
    public function removeWorkflow($workflow)
    {
        $this->factory->removeWorkflow($workflow);
    }

    /**
     * @param string             $name
     * @param WorkflowDescriptor $descriptor
     * @param bool|false         $replace
     *
     * @return bool|void
     */
    public function saveWorkflow($name, WorkflowDescriptor $descriptor, $replace = false)
    {
        $this->factory->saveWorkflow($name, $descriptor, $replace);
    }
}


GitHub Access Token became invalid

Issues (302)

Security Analysis not enabled

src/Config/ArrayConfiguration.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2		/**
3		* @link https://github.com/old-town/old-town-workflow
4		* @author Malofeykin Andrey <[email protected]>
5		*/
6		namespace OldTown\Workflow\Config;
7
8		use OldTown\Workflow\Loader\UrlWorkflowFactory;
9		use OldTown\Workflow\Loader\WorkflowDescriptor;
10		use OldTown\Workflow\Spi\WorkflowStoreInterface;
11		use OldTown\Workflow\Util\DefaultVariableResolver;
12		use OldTown\Workflow\Util\VariableResolverInterface;
13		use Psr\Http\Message\UriInterface;
14		use OldTown\Workflow\Loader\WorkflowFactoryInterface;
15
16
17		/**
18		* Interface ConfigurationInterface
19		*
20		* @package OldTown\Workflow\Config
21		*/
22		class ArrayConfiguration implements ConfigurationInterface
23		{
24		/**
25		* @var string
26		*/
27		const PERSISTENCE = 'persistence';
28
29		/**
30		* @var string
31		*/
32		const PERSISTENCE_ARGS = 'persistenceArgs';
33
34		/**
35		* @var string
36		*/
37		const VARIABLE_RESOLVER = 'variableResolver';
38
39		/**
40		* @var string
41		*/
42		const WORKFLOW_FACTORY = 'factory';
43
44		/**
45		* Флаг определяющий было ли иницилизированно workflow
46		*
47		* @var bool
48		*/
49		protected $initialized = true;
50
51		/**
52		* Фабрика для создания workflow
53		*
54		* @var WorkflowFactoryInterface
55		*/
56		protected $factory;
57
58		/**
59		* Хранилище состояния workflow
60		*
61		* @var WorkflowStoreInterface
62		*/
63		protected $workflowStore;
64
65		/**
66		* Имя класса хранилища состяония workflow
67		*
68		* @var string
69		*/
70		protected $persistence;
71
72		/**
73		* Опции для настройки хранилища стостояния workflow
74		*
75		* @var array
76		*/
77		protected $persistenceArgs = [];
78
79		/**
80		* @var VariableResolverInterface
81		*/
82		protected $variableResolver;
83
84		/**
85		* @param $options
86		*
87		* @throws \OldTown\Workflow\Exception\FactoryException
88		* @throws \OldTown\Workflow\Config\Exception\InvalidVariableResolverException
89		* @throws \OldTown\Workflow\Config\Exception\InvalidWorkflowFactoryException
90		*/
91	19	public function __construct(array $options = [])
92		{
93	19	$this->init($options);
94	19	}
95
96		/**
97		* @param array $options
98		*
99		* @throws \OldTown\Workflow\Exception\FactoryException
100		* @throws \OldTown\Workflow\Config\Exception\InvalidVariableResolverException
101		* @throws \OldTown\Workflow\Config\Exception\InvalidWorkflowFactoryException
102		*/
103	19	protected function init(array $options = [])
104		{
105	19	if (array_key_exists(static::PERSISTENCE, $options)) {
106	19	$this->persistence = $options[static::PERSISTENCE];
107	19	}
108	19	if (array_key_exists(static::PERSISTENCE_ARGS, $options)) {
109	19	$this->persistenceArgs = $options[static::PERSISTENCE_ARGS];
110	19	}
111
112	19	if (array_key_exists(static::VARIABLE_RESOLVER, $options)) {
113		$variableResolver = $options[static::VARIABLE_RESOLVER];
114		if (null === $variableResolver) {
115		$variableResolver = new DefaultVariableResolver();
116		}
117		} else {
118	19	$variableResolver = new DefaultVariableResolver();
119		}
120	19	if (!$variableResolver instanceof VariableResolverInterface) {
121		$errMsg = sprintf('Variable resolver not implements %s', VariableResolverInterface::class);
122		throw new Exception\InvalidVariableResolverException($errMsg);
123		}
124	19	$this->variableResolver = $variableResolver;
125
126
127	19	if (array_key_exists(static::WORKFLOW_FACTORY, $options)) {
128	19	$workflowFactory = $options[static::WORKFLOW_FACTORY];
129	19	if (null === $workflowFactory) {
130		$workflowFactory = new UrlWorkflowFactory();
131		}
132
133	19	if (!$workflowFactory instanceof WorkflowFactoryInterface) {
134		$errMsg = sprintf('Workflow factory not implements %s', WorkflowFactoryInterface::class);
135		throw new Exception\InvalidWorkflowFactoryException($errMsg);
136		}
137	19	$workflowFactory->initDone();
138	19	$this->factory = $workflowFactory;
139	19	}
140	19	}
141
142		/**
143		* @return WorkflowFactoryInterface
144		*/
145		public function getFactory()
146		{
147		return $this->factory;
148		}
149
150		/**
151		* Определяет была ли иницилазированна дананя конфигурация
152		*
153		* @return bool
154		*/
155	19	public function isInitialized()
156		{
157	19	return $this->initialized;
158		}
159
160		/**
161		* Определяет есть ли возможность модифицировать workflow с з
162		*
163		* @param string $name
164		*
165		* @return bool
166		*/
167		public function isModifiable($name)
168		{
169		return $this->factory->isModifiable($name);
		0 ignored issues – show Bug Best Practice introduced 2016-02-12 06:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type of `return $this->factory->isModifiable($name);` (`boolean`) is incompatible with the return type declared by the interface `OldTown\Workflow\Config\...Interface::isModifiable` of type `OldTown\Workflow\Config\true`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
170		}
171
172		/**
173		* Возвращает имя класса хранилища состяония workflow
174		*
175		* @return string
176		*/
177	19	public function getPersistence()
178		{
179	19	return $this->persistence;
180		}
181
182		/**
183		* Возвращает опции для настройки хранилища стостояния workflow
184		*
185		* @return array
186		*/
187	19	public function getPersistenceArgs()
188		{
189	19	return $this->persistenceArgs;
190		}
191
192		/**
193		*
194		* @return VariableResolverInterface
195		*/
196	19	public function getVariableResolver()
197		{
198	19	return $this->variableResolver;
199		}
200
201		/**
202		* @param string $name
203		*
204		* @return WorkflowDescriptor
205		*
206		* @throws Exception\InvalidWorkflowDescriptorException
207		*/
208	19	public function getWorkflow($name)
209		{
210	19	$workflow = $this->factory->getWorkflow($name);
211
212	19	if (!$workflow instanceof WorkflowDescriptor) {
213		$errMsg = 'Unknown workflow name';
214		throw new Exception\InvalidWorkflowDescriptorException($errMsg);
215		}
216
217	19	return $workflow;
218		}
219
220		/**
221		* @return \String[]
222		*/
223		public function getWorkflowNames()
224		{
225		return $this->factory->getWorkflowNames();
226		}
227
228		/**
229		* @return WorkflowStoreInterface
230		* @throws Exception\StoreException
231		*/
232	19	public function getWorkflowStore()
233		{
234	19	if ($this->workflowStore) {
235	19	return $this->workflowStore;
236		}
237
238		try {
239	19	$class = $this->getPersistence();
240	19	$r = new \ReflectionClass($class);
241		/** @var WorkflowStoreInterface $store */
242	19	$store = $r->newInstance();
243
244	19	$args = $this->getPersistenceArgs();
245	19	$store->init($args);
246	19	} catch (\Exception $e) {
247		throw new Exception\StoreException($e->getMessage(), $e->getCode(), $e);
248		}
249
250	19	$this->workflowStore = $store;
251
252	19	return $this->workflowStore;
253		}
254
255		/**
256		* @param UriInterface\|null $url
257		*
258		* @throws Exception\MethodNotSupportedException
259		*/
260		public function load(UriInterface $url = null)
261		{
262		$errMsg = sprintf('%s not supported method %s', ArrayConfiguration::class, __FUNCTION__);
263		throw new Exception\MethodNotSupportedException($errMsg);
264		}
265
266		/**
267		* @param string $workflow
268		*
269		* @return bool\|void
270		*/
271		public function removeWorkflow($workflow)
272		{
273		$this->factory->removeWorkflow($workflow);
274		}
275
276		/**
277		* @param string $name
278		* @param WorkflowDescriptor $descriptor
279		* @param bool\|false $replace
280		*
281		* @return bool\|void
282		*/
283		public function saveWorkflow($name, WorkflowDescriptor $descriptor, $replace = false)
284		{
285		$this->factory->saveWorkflow($name, $descriptor, $replace);
286		}
287		}
288

old-town / old-town-workflow

GitHub Access Token became invalid

Issues (302)

Security Analysis not enabled

src/Config/ArrayConfiguration.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like