Issues in Container.php (master) - Issues in master - oliviermadre/dic-it - Measure and Improve Code Quality continuously with Scrutinizer

Issues (30)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/DICIT/Container.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace DICIT;

use \DICIT\Util\Arrays;

class Container
{
    /**
     *
     * @var mixed[]
     */
    protected $config = array();

    /**
     *
     * @var \DICIT\ArrayResolver
     */
    protected $parameters;

    /**
     *
     * @var \DICIT\ArrayResolver
     */
    protected $classes;

    /**
     *
     * @var \DICIT\Registry
     */
    protected $registry = null;

    /**
     *
     * @var \DICIT\ActivatorFactory
     */
    protected $activatorFactory = null;

    /**
     *
     * @var \DICIT\InjectorFactory
     */
    protected $injectorFactory = null;

    /**
     *
     * @var \DICIT\EncapsulatorFactory
     */
    protected $encapsulatorFactory = null;

    /**
     *
     * @var \DICIT\ReferenceResolver
     */
    protected $referenceResolver = null;

    /**
     *
     * @param Config\AbstractConfig $cfg
     * @param ActivatorFactory $activatorFactory
     * @param InjectorFactory $injectorFactory
     */
    public function __construct(Config\AbstractConfig $cfg,
        ActivatorFactory $activatorFactory = null, InjectorFactory $injectorFactory = null)
    {
        $this->registry = new Registry();
        $this->config = new ArrayResolver($cfg->load());


        $this->parameters = $this->config->resolve('parameters', array());
        $this->classes = $this->config->resolve('classes', array());

        $this->activatorFactory = $activatorFactory ?: new ActivatorFactory();
        $this->injectorFactory = $injectorFactory ?: new InjectorFactory();
        $this->encapsulatorFactory = new EncapsulatorFactory();
        $this->referenceResolver = new ReferenceResolver($this);
    }

    /**
     * Binds an existing object or an object definition to a key in the container.
     * @param string $key The key to which the new object/definition should be bound.
     * @param mixed $item An array or an object to bind.
     * If $item is an object, it will be registered as a singleton in the
     * object registry. Otherwise, $item will be handled as an object definition.
     */
    public function bind($key, $item)
    {
        if (is_array($item)) {
            $this->classes[$key] = $item;
        }
        else {
            $this->registry->set($key, $item);
        }
    }

    /**
     * Set a parameter in the container on any key
     * @param [type] $key   [description]

     * @param [type] $value [description]

     */
    public function setParameter($key, $value)
    {
        $path = explode('.', $key);

        $this->validateParameter($key, $value);


        $root = array();
        $r = &$root;
        foreach($path as $subNode) {
            $r[$subNode] = array();
            $r = &$r[$subNode];
        }
        $r = $value;
        $r = &$root;

        if ($this->parameters) {
            $parameters = $this->parameters->extract();
        }
        else {
            $parameters = array();
        }

        $this->parameters = new ArrayResolver(Arrays::mergeRecursiveUnique($parameters, $r));
        return $this;
    }

    /**
     * Retrieve the parameter value configured in the container
     * @param  string $parameterName
     * @return mixed
     */
    public function getParameter($parameterName)
    {
        $value = $this->parameters->resolve($parameterName);

        if ($value instanceof ArrayResolver) {
            return $value->extract();
        }

        return $value;
    }

    /**
     * Retrieve a class configured in the container
     * @param  string $serviceName
     * @return object
     */
    public function get($serviceName)
    {
        if ($this->registry->has($serviceName)) {
            return $this->registry->get($serviceName);
        }

        $serviceConfig = $this->classes->resolve($serviceName, null);

        if ($serviceConfig == null) {
            throw new \DICIT\UnknownDefinitionException($serviceName);
        }

        try {
            return $this->loadService($serviceName, $serviceConfig->extract());
        }
        catch (\DICIT\UnknownDefinitionException $ex) {
            throw new \RuntimeException(
                sprintf("Dependency '%s' not found while trying to build '%s'.",
                    $ex->getServiceName(), $serviceName));
        }
    }


    public function resolve($reference)
    {
        return $this->referenceResolver->resolve($reference);
    }

    /**
     * Resolves an array of references.
     * @param array $references
     * @return array containing all the resolved references
     */
    public function resolveMany(array $references = null)
    {
        if ($references === null) {
            return array();
        }

        return $this->referenceResolver->resolveMany($references);
    }

    /**
     * Flush the registry
     * @return Container
     */
    public function flushRegistry()
    {
        $this->registry->flush();
        return $this;
    }

    /**
     * Chain of command of the class loader
     * @param  array $serviceConfig
     * @param string $serviceName
     * @return object
     */
    protected function loadService($serviceName, $serviceConfig)
    {
        $isSingleton = false;

        if (array_key_exists('singleton', $serviceConfig)) {
            $isSingleton = (bool)$serviceConfig['singleton'];
        }

        $class = $this->activate($serviceName, $serviceConfig);

        if ($isSingleton) {
            // Only store if singleton'ed to spare memory
            $this->registry->set($serviceName, $class);
        }

        $this->inject($class, $serviceConfig);
        $class = $this->encapsulate($class, $serviceConfig);

        return $class;
    }

    /**
     * Handles class instanciation
     * @param  array $serviceConfig
     * @param string $serviceName
     * @return object
     */
    protected function activate($serviceName, $serviceConfig)
    {
        $activator = $this->activatorFactory->getActivator($serviceName, $serviceConfig);

        return $activator->createInstance($this, $serviceName, $serviceConfig);
    }

    /**
     * Handle method invocations in the class
     * @param  object $class
     * @param  array $serviceConfig
     * @return boolean
     */
    protected function inject($class, $serviceConfig)
    {
        $injectors = $this->injectorFactory->getInjectors();

        foreach ($injectors as $injector) {
            $injector->inject($this, $class, $serviceConfig);
        }

        return true;
    }

    /**
     * Interceptor handler
     * @param  object $class
     * @param  array $serviceConfig
     * @return object
     */
    protected function encapsulate($class, $serviceConfig)
    {
        $encapsulators = $this->encapsulatorFactory->getEncapsulators();

        foreach ($encapsulators as $encapsulator) {
            $class = $encapsulator->encapsulate($this, $class, $serviceConfig);
        }

        return $class;
    }

    /**
     * Check that the value to bind is a scalar, or an array multi-dimensional of scalars
     * @param  string $key
     * @param  mixed $value
     * @return boolean
     *
     * @throws IllegalTypeException
     *
     */
    protected function validateParameter($key, $value)
    {
        if (is_scalar($value)) {
            return true;
        }

        if (is_object($value)) {
            throw new IllegalTypeException(sprintf("Can't bind parameter %s with a callable", $key));
        }

        if (is_array($value)) {
            array_walk_recursive($value, function($item, $k) use($key) {
                if (!is_scalar($item)) {
                    throw new IllegalTypeException(
                        sprintf("Can't bind parameter, unauthorized value on key '%s' of '%s'", $k, $key));
                }
            });
        }

        return true;
    }
}


1			<?php
2			namespace DICIT;
3
4			use \DICIT\Util\Arrays;
5
6			class Container
7			{
8			/**
9			*
10			* @var mixed[]
11			*/
12			protected $config = array();
13
14			/**
15			*
16			* @var \DICIT\ArrayResolver
17			*/
18			protected $parameters;
19
20			/**
21			*
22			* @var \DICIT\ArrayResolver
23			*/
24			protected $classes;
25
26			/**
27			*
28			* @var \DICIT\Registry
29			*/
30			protected $registry = null;
31
32			/**
33			*
34			* @var \DICIT\ActivatorFactory
35			*/
36			protected $activatorFactory = null;
37
38			/**
39			*
40			* @var \DICIT\InjectorFactory
41			*/
42			protected $injectorFactory = null;
43
44			/**
45			*
46			* @var \DICIT\EncapsulatorFactory
47			*/
48			protected $encapsulatorFactory = null;
49
50			/**
51			*
52			* @var \DICIT\ReferenceResolver
53			*/
54			protected $referenceResolver = null;
55
56			/**
57			*
58			* @param Config\AbstractConfig $cfg
59			* @param ActivatorFactory $activatorFactory
60			* @param InjectorFactory $injectorFactory
61			*/
62			public function __construct(Config\AbstractConfig $cfg,
63			ActivatorFactory $activatorFactory = null, InjectorFactory $injectorFactory = null)
64			{
65			$this->registry = new Registry();
66			$this->config = new ArrayResolver($cfg->load());
			0 ignored issues – show Documentation Bug introduced 2017-01-11 10:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `new \DICIT\ArrayResolver($cfg->load())` of type `object<DICIT\ArrayResolver>` is incompatible with the declared type `array<integer,*>` of property `$config`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
67
68			$this->parameters = $this->config->resolve('parameters', array());
69			$this->classes = $this->config->resolve('classes', array());
70
71			$this->activatorFactory = $activatorFactory ?: new ActivatorFactory();
72			$this->injectorFactory = $injectorFactory ?: new InjectorFactory();
73			$this->encapsulatorFactory = new EncapsulatorFactory();
74			$this->referenceResolver = new ReferenceResolver($this);
75			}
76
77			/**
78			* Binds an existing object or an object definition to a key in the container.
79			* @param string $key The key to which the new object/definition should be bound.
80			* @param mixed $item An array or an object to bind.
81			* If $item is an object, it will be registered as a singleton in the
82			* object registry. Otherwise, $item will be handled as an object definition.
83			*/
84			public function bind($key, $item)
85			{
86			if (is_array($item)) {
87			$this->classes[$key] = $item;
88			}
89			else {
90			$this->registry->set($key, $item);
91			}
92			}
93
94			/**
95			* Set a parameter in the container on any key
96			* @param [type] $key [description]
			0 ignored issues – show Documentation introduced 2017-01-11 10:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `[type]` could not be parsed: Unknown type name "" at position 0. [(view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
97			* @param [type] $value [description]
			0 ignored issues – show Documentation introduced 2017-01-11 10:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `[type]` could not be parsed: Unknown type name "" at position 0. [(view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
98			*/
99			public function setParameter($key, $value)
100			{
101			$path = explode('.', $key);
102
103			$this->validateParameter($key, $value);
104
105
106			$root = array();
107			$r = &$root;
108			foreach($path as $subNode) {
109			$r[$subNode] = array();
110			$r = &$r[$subNode];
111			}
112			$r = $value;
113			$r = &$root;
114
115			if ($this->parameters) {
116			$parameters = $this->parameters->extract();
117			}
118			else {
119			$parameters = array();
120			}
121
122			$this->parameters = new ArrayResolver(Arrays::mergeRecursiveUnique($parameters, $r));
123			return $this;
124			}
125
126			/**
127			* Retrieve the parameter value configured in the container
128			* @param string $parameterName
129			* @return mixed
130			*/
131			public function getParameter($parameterName)
132			{
133			$value = $this->parameters->resolve($parameterName);
134
135			if ($value instanceof ArrayResolver) {
136			return $value->extract();
137			}
138
139			return $value;
140			}
141
142			/**
143			* Retrieve a class configured in the container
144			* @param string $serviceName
145			* @return object
146			*/
147			public function get($serviceName)
148			{
149			if ($this->registry->has($serviceName)) {
150			return $this->registry->get($serviceName);
151			}
152
153			$serviceConfig = $this->classes->resolve($serviceName, null);
154
155			if ($serviceConfig == null) {
156			throw new \DICIT\UnknownDefinitionException($serviceName);
157			}
158
159			try {
160			return $this->loadService($serviceName, $serviceConfig->extract());
161			}
162			catch (\DICIT\UnknownDefinitionException $ex) {
163			throw new \RuntimeException(
164			sprintf("Dependency '%s' not found while trying to build '%s'.",
165			$ex->getServiceName(), $serviceName));
166			}
167			}
168
169
170			public function resolve($reference)
171			{
172			return $this->referenceResolver->resolve($reference);
173			}
174
175			/**
176			* Resolves an array of references.
177			* @param array $references
178			* @return array containing all the resolved references
179			*/
180			public function resolveMany(array $references = null)
181			{
182			if ($references === null) {
183			return array();
184			}
185
186			return $this->referenceResolver->resolveMany($references);
187			}
188
189			/**
190			* Flush the registry
191			* @return Container
192			*/
193			public function flushRegistry()
194			{
195			$this->registry->flush();
196			return $this;
197			}
198
199			/**
200			* Chain of command of the class loader
201			* @param array $serviceConfig
202			* @param string $serviceName
203			* @return object
204			*/
205			protected function loadService($serviceName, $serviceConfig)
206			{
207			$isSingleton = false;
208
209			if (array_key_exists('singleton', $serviceConfig)) {
210			$isSingleton = (bool)$serviceConfig['singleton'];
211			}
212
213			$class = $this->activate($serviceName, $serviceConfig);
214
215			if ($isSingleton) {
216			// Only store if singleton'ed to spare memory
217			$this->registry->set($serviceName, $class);
218			}
219
220			$this->inject($class, $serviceConfig);
221			$class = $this->encapsulate($class, $serviceConfig);
222
223			return $class;
224			}
225
226			/**
227			* Handles class instanciation
228			* @param array $serviceConfig
229			* @param string $serviceName
230			* @return object
231			*/
232			protected function activate($serviceName, $serviceConfig)
233			{
234			$activator = $this->activatorFactory->getActivator($serviceName, $serviceConfig);
235
236			return $activator->createInstance($this, $serviceName, $serviceConfig);
237			}
238
239			/**
240			* Handle method invocations in the class
241			* @param object $class
242			* @param array $serviceConfig
243			* @return boolean
244			*/
245			protected function inject($class, $serviceConfig)
246			{
247			$injectors = $this->injectorFactory->getInjectors();
248
249			foreach ($injectors as $injector) {
250			$injector->inject($this, $class, $serviceConfig);
251			}
252
253			return true;
254			}
255
256			/**
257			* Interceptor handler
258			* @param object $class
259			* @param array $serviceConfig
260			* @return object
261			*/
262			protected function encapsulate($class, $serviceConfig)
263			{
264			$encapsulators = $this->encapsulatorFactory->getEncapsulators();
265
266			foreach ($encapsulators as $encapsulator) {
267			$class = $encapsulator->encapsulate($this, $class, $serviceConfig);
268			}
269
270			return $class;
271			}
272
273			/**
274			* Check that the value to bind is a scalar, or an array multi-dimensional of scalars
275			* @param string $key
276			* @param mixed $value
277			* @return boolean
278			*
279			* @throws IllegalTypeException
280			*
281			*/
282			protected function validateParameter($key, $value)
283			{
284			if (is_scalar($value)) {
285			return true;
286			}
287
288			if (is_object($value)) {
289			throw new IllegalTypeException(sprintf("Can't bind parameter %s with a callable", $key));
290			}
291
292			if (is_array($value)) {
293			array_walk_recursive($value, function($item, $k) use($key) {
294			if (!is_scalar($item)) {
295			throw new IllegalTypeException(
296			sprintf("Can't bind parameter, unauthorized value on key '%s' of '%s'", $k, $key));
297			}
298			});
299			}
300
301			return true;
302			}
303			}
304

oliviermadre / dic-it

Issues (30)

Security Analysis no request data

src/DICIT/Container.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like