Issues in FieldExpression.php (dev) - Issues in dev - old-town/old-town-workflow - Measure and Improve Code Quality continuously with Scrutinizer

Issues (302)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Query/FieldExpression.php (3 issues)

Labels

Duplication 3

Severity

Informational 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @link https://github.com/old-town/old-town-workflow
 * @author  Malofeykin Andrey  <[email protected]>
 */
namespace OldTown\Workflow\Query;

use OldTown\Workflow\Exception\ArgumentNotNumericException;
use OldTown\Workflow\Exception\InvalidArgumentException;

/**
 * Class FieldExpression
 * @package OldTown\Workflow\Query
 */
class FieldExpression extends AbstractExpression
{
    /**
     * Константа для оператора сравнения
     *
     * @var integer
     */
    const EQUALS = 1;

    /**
     * Константа для оператора сравнения
     *
     * @var integer
     */
    const LT = 2;

    /**
     * Константа для оператора сравнения
     *
     * @var integer
     */
    const GT = 3;

    /**
     * Константа для оператора сравнения
     *
     * @var integer
     */
    const NOT_EQUALS = 5;

    // fields

    /**
     * Константа для поля "владелец" в workflow
     *
     * @var integer
     */
    const OWNER = 1;

    /**
     * Константа для даты создания
     *
     * @var integer
     */
    const START_DATE = 2;

    /**
     * Константа для даты окончания
     *
     * @var integer
     */
    const FINISH_DATE = 3;

    /**
     * Константа для действия
     *
     * @var integer
     */
    const ACTION = 4;

    /**
     * Константа для шага
     *
     * @var integer
     */
    const STEP = 5;

    /**
     * Константа опредяющая того кто вызвал переход в соотвтетсвтующее состояние
     *
     * @var integer
     */
    const CALLER = 6;

    /**
     * Константа определяющее поле со статусом
     *
     * @var integer
     */
    const STATUS = 7;

    /**
     * Константа для поля - имя
     *
     * @var integer
     */
    const NAME = 8;

    /**
     * Константа для поля состояния
     *
     * @var integer
     */
    const STATE = 9;

    /**
     * Константа для интервала
     *
     * @var integer
     */
    const DUE_DATE = 10;

    // field context

    /**
     * Константа для поиса по истории шагов
     *
     * @var integer
     */
    const HISTORY_STEPS = 1;

    /**
     * Константа для поиска в текущих шагах
     *
     * @var integer
     */
    const CURRENT_STEPS = 2;

    /**
     * Константа для поиска по экземпляру workflow
     *
     * @var integer
     */
    const ENTRY = 3;

    /**
     * @var mixed
     */
    private $value;

    /**
     * @var integer
     */
    private $context;

    /**
     * @var integer
     */
    private $field;

    /**
     * @var integer
     */
    private $operator;

    /**
     * @param integer $field
     * @param integer $context
     * @param integer $operator
     * @param mixed $value
     * @param bool $negate
     *
     * @throws ArgumentNotNumericException
     * @throws InvalidArgumentException
     */
    public function __construct($field, $context, $operator, $value, $negate = false)
    {
        $this->setValue($value);
        $this->setContext($context);
        $this->setField($field);
        $this->setOperator($operator);
        $this->negate = (boolean)$negate;
    }

    /**
     * Возвращает значение
     *
     * @return mixed
     */
    public function getValue()
    {
        return $this->value;
    }

    /**
     * Устанавливает значение
     *
     * @param mixed $value
     * @return $this
     * @throws InvalidArgumentException
     */
    public function setValue($value)
    {
        $this->value = $value;

        return $this;
    }

    /**
     * Возвращает контекст
     *
     * @return int
     */
    public function getContext()
    {
        return $this->context;
    }

    /**
     * Устанавливает контекст
     *
     * @param int $context
     * @return $this
     * @throws ArgumentNotNumericException
     */
    public function setContext($context)

    {
        if (!is_numeric($context)) {
            $errMsg = sprintf('Аргумент должен быть числом. Актуальное значение %s', $context);
            throw new ArgumentNotNumericException($errMsg);
        }

        $this->context = (integer)$context;

        return $this;
    }

    /**
     * Возвращает поле
     *
     * @return int
     */
    public function getField()
    {
        return $this->field;
    }

    /**
     * Устанавливает поле
     *
     * @param int $field
     * @return $this
     * @throws ArgumentNotNumericException
     */
    public function setField($field)

    {
        if (!is_numeric($field)) {
            $errMsg = sprintf('Аргумент должен быть числом. Актуальное значение %s', $field);
            throw new ArgumentNotNumericException($errMsg);
        }

        $this->field = (integer)$field;

        return $this;
    }

    /**
     * Возвращает оператор
     *
     * @return int
     */
    public function getOperator()
    {
        return $this->operator;
    }

    /**
     * Устанавливает оператор
     *
     * @param int $operator
     * @return $this
     * @throws ArgumentNotNumericException
     */
    public function setOperator($operator)

    {
        if (!is_numeric($operator)) {
            $errMsg = sprintf('Аргумент должен быть числом. Актуальное значение %s', $operator);
            throw new ArgumentNotNumericException($errMsg);
        }

        $this->operator = (integer)$operator;

        return $this;
    }



    /**
     * Флаг определяющий есть ли вложенные свойства
     *
     * @return boolean
     */
    public function isNested()
    {
        return false;
    }
}


GitHub Access Token became invalid

Issues (302)

Security Analysis not enabled

src/Query/FieldExpression.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* @link https://github.com/old-town/old-town-workflow
4			* @author Malofeykin Andrey <[email protected]>
5			*/
6			namespace OldTown\Workflow\Query;
7
8			use OldTown\Workflow\Exception\ArgumentNotNumericException;
9			use OldTown\Workflow\Exception\InvalidArgumentException;
10
11			/**
12			* Class FieldExpression
13			* @package OldTown\Workflow\Query
14			*/
15			class FieldExpression extends AbstractExpression
16			{
17			/**
18			* Константа для оператора сравнения
19			*
20			* @var integer
21			*/
22			const EQUALS = 1;
23
24			/**
25			* Константа для оператора сравнения
26			*
27			* @var integer
28			*/
29			const LT = 2;
30
31			/**
32			* Константа для оператора сравнения
33			*
34			* @var integer
35			*/
36			const GT = 3;
37
38			/**
39			* Константа для оператора сравнения
40			*
41			* @var integer
42			*/
43			const NOT_EQUALS = 5;
44
45			// fields
46
47			/**
48			* Константа для поля "владелец" в workflow
49			*
50			* @var integer
51			*/
52			const OWNER = 1;
53
54			/**
55			* Константа для даты создания
56			*
57			* @var integer
58			*/
59			const START_DATE = 2;
60
61			/**
62			* Константа для даты окончания
63			*
64			* @var integer
65			*/
66			const FINISH_DATE = 3;
67
68			/**
69			* Константа для действия
70			*
71			* @var integer
72			*/
73			const ACTION = 4;
74
75			/**
76			* Константа для шага
77			*
78			* @var integer
79			*/
80			const STEP = 5;
81
82			/**
83			* Константа опредяющая того кто вызвал переход в соотвтетсвтующее состояние
84			*
85			* @var integer
86			*/
87			const CALLER = 6;
88
89			/**
90			* Константа определяющее поле со статусом
91			*
92			* @var integer
93			*/
94			const STATUS = 7;
95
96			/**
97			* Константа для поля - имя
98			*
99			* @var integer
100			*/
101			const NAME = 8;
102
103			/**
104			* Константа для поля состояния
105			*
106			* @var integer
107			*/
108			const STATE = 9;
109
110			/**
111			* Константа для интервала
112			*
113			* @var integer
114			*/
115			const DUE_DATE = 10;
116
117			// field context
118
119			/**
120			* Константа для поиса по истории шагов
121			*
122			* @var integer
123			*/
124			const HISTORY_STEPS = 1;
125
126			/**
127			* Константа для поиска в текущих шагах
128			*
129			* @var integer
130			*/
131			const CURRENT_STEPS = 2;
132
133			/**
134			* Константа для поиска по экземпляру workflow
135			*
136			* @var integer
137			*/
138			const ENTRY = 3;
139
140			/**
141			* @var mixed
142			*/
143			private $value;
144
145			/**
146			* @var integer
147			*/
148			private $context;
149
150			/**
151			* @var integer
152			*/
153			private $field;
154
155			/**
156			* @var integer
157			*/
158			private $operator;
159
160			/**
161			* @param integer $field
162			* @param integer $context
163			* @param integer $operator
164			* @param mixed $value
165			* @param bool $negate
166			*
167			* @throws ArgumentNotNumericException
168			* @throws InvalidArgumentException
169			*/
170	13		public function __construct($field, $context, $operator, $value, $negate = false)
171			{
172	13		$this->setValue($value);
173	13		$this->setContext($context);
174	13		$this->setField($field);
175	13		$this->setOperator($operator);
176	13		$this->negate = (boolean)$negate;
177	13		}
178
179			/**
180			* Возвращает значение
181			*
182			* @return mixed
183			*/
184	12		public function getValue()
185			{
186	12		return $this->value;
187			}
188
189			/**
190			* Устанавливает значение
191			*
192			* @param mixed $value
193			* @return $this
194			* @throws InvalidArgumentException
195			*/
196	13		public function setValue($value)
197			{
198	13		$this->value = $value;
199
200	13		return $this;
201			}
202
203			/**
204			* Возвращает контекст
205			*
206			* @return int
207			*/
208	12		public function getContext()
209			{
210	12		return $this->context;
211			}
212
213			/**
214			* Устанавливает контекст
215			*
216			* @param int $context
217			* @return $this
218			* @throws ArgumentNotNumericException
219			*/
220	13	View Code Duplication	public function setContext($context)
			0 ignored issues – show Duplication introduced 2016-02-12 06:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
221			{
222	13		if (!is_numeric($context)) {
223			$errMsg = sprintf('Аргумент должен быть числом. Актуальное значение %s', $context);
224			throw new ArgumentNotNumericException($errMsg);
225			}
226
227	13		$this->context = (integer)$context;
228
229	13		return $this;
230			}
231
232			/**
233			* Возвращает поле
234			*
235			* @return int
236			*/
237	12		public function getField()
238			{
239	12		return $this->field;
240			}
241
242			/**
243			* Устанавливает поле
244			*
245			* @param int $field
246			* @return $this
247			* @throws ArgumentNotNumericException
248			*/
249	13	View Code Duplication	public function setField($field)
			0 ignored issues – show Duplication introduced 2016-02-12 06:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
250			{
251	13		if (!is_numeric($field)) {
252			$errMsg = sprintf('Аргумент должен быть числом. Актуальное значение %s', $field);
253			throw new ArgumentNotNumericException($errMsg);
254			}
255
256	13		$this->field = (integer)$field;
257
258	13		return $this;
259			}
260
261			/**
262			* Возвращает оператор
263			*
264			* @return int
265			*/
266	12		public function getOperator()
267			{
268	12		return $this->operator;
269			}
270
271			/**
272			* Устанавливает оператор
273			*
274			* @param int $operator
275			* @return $this
276			* @throws ArgumentNotNumericException
277			*/
278	13	View Code Duplication	public function setOperator($operator)
			0 ignored issues – show Duplication introduced 2016-02-12 06:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
279			{
280	13		if (!is_numeric($operator)) {
281			$errMsg = sprintf('Аргумент должен быть числом. Актуальное значение %s', $operator);
282			throw new ArgumentNotNumericException($errMsg);
283			}
284
285	13		$this->operator = (integer)$operator;
286
287	13		return $this;
288			}
289
290
291
292			/**
293			* Флаг определяющий есть ли вложенные свойства
294			*
295			* @return boolean
296			*/
297	12		public function isNested()
298			{
299	12		return false;
300			}
301			}
302

old-town / old-town-workflow

GitHub Access Token became invalid

Issues (302)

Security Analysis not enabled

src/Query/FieldExpression.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like