Issues (63)

Security Analysis    no request data  

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Search.php (1 issue)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
3
/*
4
 * This file is part of the ONGR package.
5
 *
6
 * (c) NFQ Technologies UAB <[email protected]>
7
 *
8
 * For the full copyright and license information, please view the LICENSE
9
 * file that was distributed with this source code.
10
 */
11
12
namespace ONGR\ElasticsearchDSL;
13
14
use ONGR\ElasticsearchDSL\Aggregation\AbstractAggregation;
15
use ONGR\ElasticsearchDSL\Highlight\Highlight;
16
use ONGR\ElasticsearchDSL\InnerHit\NestedInnerHit;
17
use ONGR\ElasticsearchDSL\Query\Compound\BoolQuery;
18
use ONGR\ElasticsearchDSL\SearchEndpoint\AbstractSearchEndpoint;
19
use ONGR\ElasticsearchDSL\SearchEndpoint\AggregationsEndpoint;
20
use ONGR\ElasticsearchDSL\SearchEndpoint\HighlightEndpoint;
21
use ONGR\ElasticsearchDSL\SearchEndpoint\InnerHitsEndpoint;
22
use ONGR\ElasticsearchDSL\SearchEndpoint\PostFilterEndpoint;
23
use ONGR\ElasticsearchDSL\SearchEndpoint\QueryEndpoint;
24
use ONGR\ElasticsearchDSL\SearchEndpoint\SearchEndpointFactory;
25
use ONGR\ElasticsearchDSL\SearchEndpoint\SearchEndpointInterface;
26
use ONGR\ElasticsearchDSL\SearchEndpoint\SortEndpoint;
27
use ONGR\ElasticsearchDSL\Serializer\Normalizer\CustomReferencedNormalizer;
28
use ONGR\ElasticsearchDSL\Serializer\OrderedSerializer;
29
use Symfony\Component\Serializer\Normalizer\CustomNormalizer;
30
use ONGR\ElasticsearchDSL\SearchEndpoint\SuggestEndpoint;
31
32
/**
33
 * Search object that can be executed by a manager.
34
 */
35
class Search
36
{
37
    /**
38
     * If you don’t need to track the total number of hits at all you can improve
39
     * query times by setting this option to false. Defaults to true.
40
     *
41
     * @var bool
42
     */
43
    private $trackTotalHits;
44
45
    /**
46
     * To retrieve hits from a certain offset. Defaults to 0.
47
     *
48
     * @var int
49
     */
50
    private $from;
51
52
    /**
53
     * The number of hits to return. Defaults to 10. If you do not care about getting some
54
     * hits back but only about the number of matches and/or aggregations, setting the value
55
     * to 0 will help performance.
56
     *
57
     * @var int
58
     */
59
    private $size;
60
61
    /**
62
     * Allows to control how the _source field is returned with every hit. By default
63
     * operations return the contents of the _source field unless you have used the
64
     * stored_fields parameter or if the _source field is disabled.
65
     *
66
     * @var bool
67
     */
68
    private $source;
69
70
    /**
71
     * Allows to selectively load specific stored fields for each document represented by a search hit.
72
     *
73
     * @var array
74
     */
75
    private $storedFields;
76
77
    /**
78
     * Allows to return a script evaluation (based on different fields) for each hit.
79
     * Script fields can work on fields that are not stored, and allow to return custom
80
     * values to be returned (the evaluated value of the script). Script fields can
81
     * also access the actual _source document indexed and extract specific elements
82
     * to be returned from it (can be an "object" type).
83
     *
84
     * @var array
85
     */
86
    private $scriptFields;
87
88
    /**
89
     * Allows to return the doc value representation of a field for each hit. Doc value
90
     * fields can work on fields that are not stored. Note that if the fields parameter
91
     * specifies fields without docvalues it will try to load the value from the fielddata
92
     * cache causing the terms for that field to be loaded to memory (cached), which will
93
     * result in more memory consumption.
94
     *
95
     * @var array
96
     */
97
    private $docValueFields;
98
99
    /**
100
     * Enables explanation for each hit on how its score was computed.
101
     *
102
     * @var bool
103
     */
104
    private $explain;
105
106
    /**
107
     * Returns a version for each search hit.
108
     *
109
     * @var bool
110
     */
111
    private $version;
112
113
    /**
114
     * Allows to configure different boost level per index when searching across more
115
     * than one indices. This is very handy when hits coming from one index matter more
116
     * than hits coming from another index (think social graph where each user has an index).
117
     *
118
     * @var array
119
     */
120
    private $indicesBoost;
121
122
    /**
123
     * Exclude documents which have a _score less than the minimum specified in min_score.
124
     *
125
     * @var int
126
     */
127
    private $minScore;
128
129
    /**
130
     * Pagination of results can be done by using the from and size but the cost becomes
131
     * prohibitive when the deep pagination is reached. The index.max_result_window which
132
     * defaults to 10,000 is a safeguard, search requests take heap memory and time
133
     * proportional to from + size. The Scroll api is recommended for efficient deep
134
     * scrolling but scroll contexts are costly and it is not recommended to use it for
135
     * real time user requests. The search_after parameter circumvents this problem by
136
     * providing a live cursor. The idea is to use the results from the previous page to
137
     * help the retrieval of the next page.
138
     *
139
     * @var array
140
     */
141
    private $searchAfter;
142
143
    /**
144
     * URI parameters alongside Request body search.
145
     *
146
     * @link https://www.elastic.co/guide/en/elasticsearch/reference/current/search-uri-request.html
147
     *
148
     * @var array
149
     */
150
    private $uriParams = [];
151
152
    /**
153
     * While a search request returns a single “page” of results, the scroll API can be used to retrieve
154
     * large numbers of results (or even all results) from a single search request, in much the same way
155
     * as you would use a cursor on a traditional database. Scrolling is not intended for real time user
156
     * requests, but rather for processing large amounts of data, e.g. in order to reindex the contents
157
     * of one index into a new index with a different configuration.
158
     *
159
     * @var string
160
     */
161
    private $scroll;
162
163
    /**
164
     * @var OrderedSerializer
165
     */
166
    private static $serializer;
167
168
    /**
169
     * @var SearchEndpointInterface[]
170
     */
171
    private $endpoints = [];
172
173
    /**
174
     * Constructor to initialize static properties
175
     */
176
    public function __construct()
177
    {
178
        $this->initializeSerializer();
179
    }
180
181
    /**
182
     * Wakeup method to initialize static properties
183
     */
184
    public function __wakeup()
185
    {
186
        $this->initializeSerializer();
187
    }
188
189
    /**
190
     * Initializes the serializer
191
     */
192
    private function initializeSerializer()
193
    {
194
        if (static::$serializer === null) {
195
            static::$serializer = new OrderedSerializer(
196
                [
197
                    new CustomReferencedNormalizer(),
198
                    new CustomNormalizer(),
199
                ]
200
            );
201
        }
202
    }
203
204
    /**
205
     * Destroys search endpoint.
206
     *
207
     * @param string $type Endpoint type.
208
     */
209
    public function destroyEndpoint($type)
210
    {
211
        unset($this->endpoints[$type]);
212
    }
213
214
    /**
215
     * Adds query to the search.
216
     *
217
     * @param BuilderInterface $query
218
     * @param string           $boolType
219
     * @param string           $key
220
     *
221
     * @return $this
222
     */
223
    public function addQuery(BuilderInterface $query, $boolType = BoolQuery::MUST, $key = null)
224
    {
225
        $endpoint = $this->getEndpoint(QueryEndpoint::NAME);
226
        $endpoint->addToBool($query, $boolType, $key);
227
228
        return $this;
229
    }
230
231
    /**
232
     * Returns endpoint instance.
233
     *
234
     * @param string $type Endpoint type.
235
     *
236
     * @return SearchEndpointInterface
237
     */
238
    private function getEndpoint($type)
239
    {
240
        if (!array_key_exists($type, $this->endpoints)) {
241
            $this->endpoints[$type] = SearchEndpointFactory::get($type);
242
        }
243
244
        return $this->endpoints[$type];
245
    }
246
247
    /**
248
     * Returns queries inside BoolQuery instance.
249
     *
250
     * @return BoolQuery
251
     */
252
    public function getQueries()
253
    {
254
        $endpoint = $this->getEndpoint(QueryEndpoint::NAME);
255
256
        return $endpoint->getBool();
257
    }
258
259
    /**
260
     * Sets query endpoint parameters.
261
     *
262
     * @param array $parameters
263
     *
264
     * @return $this
265
     */
266
    public function setQueryParameters(array $parameters)
267
    {
268
        $this->setEndpointParameters(QueryEndpoint::NAME, $parameters);
269
270
        return $this;
271
    }
272
273
    /**
274
     * Sets parameters to the endpoint.
275
     *
276
     * @param string $endpointName
277
     * @param array  $parameters
278
     *
279
     * @return $this
280
     */
281
    public function setEndpointParameters($endpointName, array $parameters)
282
    {
283
        /** @var AbstractSearchEndpoint $endpoint */
284
        $endpoint = $this->getEndpoint($endpointName);
285
        $endpoint->setParameters($parameters);
286
287
        return $this;
288
    }
289
290
    /**
291
     * Adds a post filter to search.
292
     *
293
     * @param BuilderInterface $filter   Filter.
294
     * @param string           $boolType Example boolType values:
295
     *                                   - must
296
     *                                   - must_not
297
     *                                   - should.
298
     * @param string           $key
299
     *
300
     * @return $this.
301
     */
302
    public function addPostFilter(BuilderInterface $filter, $boolType = BoolQuery::MUST, $key = null)
303
    {
304
        $this
305
            ->getEndpoint(PostFilterEndpoint::NAME)
306
            ->addToBool($filter, $boolType, $key);
307
308
        return $this;
309
    }
310
311
    /**
312
     * Returns queries inside BoolFilter instance.
313
     *
314
     * @return BoolQuery
315
     */
316
    public function getPostFilters()
317
    {
318
        $endpoint = $this->getEndpoint(PostFilterEndpoint::NAME);
319
320
        return $endpoint->getBool();
321
    }
322
323
    /**
324
     * Sets post filter endpoint parameters.
325
     *
326
     * @param array $parameters
327
     *
328
     * @return $this
329
     */
330
    public function setPostFilterParameters(array $parameters)
331
    {
332
        $this->setEndpointParameters(PostFilterEndpoint::NAME, $parameters);
333
334
        return $this;
335
    }
336
337
    /**
338
     * Adds aggregation into search.
339
     *
340
     * @param AbstractAggregation $aggregation
341
     *
342
     * @return $this
343
     */
344
    public function addAggregation(AbstractAggregation $aggregation)
345
    {
346
        $this->getEndpoint(AggregationsEndpoint::NAME)->add($aggregation, $aggregation->getName());
347
348
        return $this;
349
    }
350
351
    /**
352
     * Returns all aggregations.
353
     *
354
     * @return BuilderInterface[]
355
     */
356
    public function getAggregations()
357
    {
358
        return $this->getEndpoint(AggregationsEndpoint::NAME)->getAll();
359
    }
360
361
    /**
362
     * Adds inner hit into search.
363
     *
364
     * @param NestedInnerHit $innerHit
365
     *
366
     * @return $this
367
     */
368
    public function addInnerHit(NestedInnerHit $innerHit)
369
    {
370
        $this->getEndpoint(InnerHitsEndpoint::NAME)->add($innerHit, $innerHit->getName());
371
372
        return $this;
373
    }
374
375
    /**
376
     * Returns all inner hits.
377
     *
378
     * @return BuilderInterface[]
379
     */
380
    public function getInnerHits()
381
    {
382
        return $this->getEndpoint(InnerHitsEndpoint::NAME)->getAll();
383
    }
384
385
    /**
386
     * Adds sort to search.
387
     *
388
     * @param BuilderInterface $sort
389
     *
390
     * @return $this
391
     */
392
    public function addSort(BuilderInterface $sort)
393
    {
394
        $this->getEndpoint(SortEndpoint::NAME)->add($sort);
395
396
        return $this;
397
    }
398
399
    /**
400
     * Returns all set sorts.
401
     *
402
     * @return BuilderInterface[]
403
     */
404
    public function getSorts()
405
    {
406
        return $this->getEndpoint(SortEndpoint::NAME)->getAll();
407
    }
408
409
    /**
410
     * Allows to highlight search results on one or more fields.
411
     *
412
     * @param Highlight $highlight
413
     *
414
     * @return $this.
415
     */
416
    public function addHighlight($highlight)
417
    {
418
        $this->getEndpoint(HighlightEndpoint::NAME)->add($highlight);
419
420
        return $this;
421
    }
422
423
    /**
424
     * Returns highlight builder.
425
     *
426
     * @return BuilderInterface
427
     */
428
    public function getHighlights()
429
    {
430
        /** @var HighlightEndpoint $highlightEndpoint */
431
        $highlightEndpoint = $this->getEndpoint(HighlightEndpoint::NAME);
432
433
        return $highlightEndpoint->getHighlight();
434
    }
435
436
    /**
437
    * Adds suggest into search.
438
    *
439
    * @param BuilderInterface $suggest
440
    *
441
    * @return $this
442
    */
443
    public function addSuggest(NamedBuilderInterface $suggest)
444
    {
445
        $this->getEndpoint(SuggestEndpoint::NAME)->add($suggest, $suggest->getName());
0 ignored issues
show
$suggest->getName() is of type string, but the function expects a array|null.

It seems like the type of the argument is not accepted by the function/method which you are calling.

In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.

We suggest to add an explicit type cast like in the following example:

function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
Loading history...
446
447
        return $this;
448
    }
449
450
    /**
451
    * Returns all suggests.
452
    *
453
    * @return BuilderInterface[]
454
    */
455
    public function getSuggests()
456
    {
457
        return $this->getEndpoint(SuggestEndpoint::NAME)->getAll();
458
    }
459
460
    /**
461
     * @return null|int
462
     */
463
    public function getFrom()
464
    {
465
        return $this->from;
466
    }
467
468
    /**
469
     * @param null|int $from
470
     *
471
     * @return $this
472
     */
473
    public function setFrom($from)
474
    {
475
        $this->from = $from;
476
477
        return $this;
478
    }
479
480
    /**
481
     * @return bool
482
     */
483
    public function isTrackTotalHits()
484
    {
485
        return $this->trackTotalHits;
486
    }
487
488
    /**
489
     * @param bool $trackTotalHits
490
     *
491
     * @return $this
492
     */
493
    public function setTrackTotalHits(bool $trackTotalHits)
494
    {
495
        $this->trackTotalHits = $trackTotalHits;
496
497
        return $this;
498
    }
499
500
    /**
501
     * @return null|int
502
     */
503
    public function getSize()
504
    {
505
        return $this->size;
506
    }
507
508
    /**
509
     * @param null|int $size
510
     *
511
     * @return $this
512
     */
513
    public function setSize($size)
514
    {
515
        $this->size = $size;
516
517
        return $this;
518
    }
519
520
    /**
521
     * @return bool
522
     */
523
    public function isSource()
524
    {
525
        return $this->source;
526
    }
527
528
    /**
529
     * @param bool $source
530
     *
531
     * @return $this
532
     */
533
    public function setSource($source)
534
    {
535
        $this->source = $source;
536
537
        return $this;
538
    }
539
540
    /**
541
     * @return array
542
     */
543
    public function getStoredFields()
544
    {
545
        return $this->storedFields;
546
    }
547
548
    /**
549
     * @param array $storedFields
550
     *
551
     * @return $this
552
     */
553
    public function setStoredFields($storedFields)
554
    {
555
        $this->storedFields = $storedFields;
556
557
        return $this;
558
    }
559
560
    /**
561
     * @return array
562
     */
563
    public function getScriptFields()
564
    {
565
        return $this->scriptFields;
566
    }
567
568
    /**
569
     * @param array $scriptFields
570
     *
571
     * @return $this
572
     */
573
    public function setScriptFields($scriptFields)
574
    {
575
        $this->scriptFields = $scriptFields;
576
577
        return $this;
578
    }
579
580
    /**
581
     * @return array
582
     */
583
    public function getDocValueFields()
584
    {
585
        return $this->docValueFields;
586
    }
587
588
    /**
589
     * @param array $docValueFields
590
     *
591
     * @return $this
592
     */
593
    public function setDocValueFields($docValueFields)
594
    {
595
        $this->docValueFields = $docValueFields;
596
597
        return $this;
598
    }
599
600
    /**
601
     * @return bool
602
     */
603
    public function isExplain()
604
    {
605
        return $this->explain;
606
    }
607
608
    /**
609
     * @param bool $explain
610
     *
611
     * @return $this
612
     */
613
    public function setExplain($explain)
614
    {
615
        $this->explain = $explain;
616
617
        return $this;
618
    }
619
620
    /**
621
     * @return bool
622
     */
623
    public function isVersion()
624
    {
625
        return $this->version;
626
    }
627
628
    /**
629
     * @param bool $version
630
     *
631
     * @return $this
632
     */
633
    public function setVersion($version)
634
    {
635
        $this->version = $version;
636
637
        return $this;
638
    }
639
640
    /**
641
     * @return array
642
     */
643
    public function getIndicesBoost()
644
    {
645
        return $this->indicesBoost;
646
    }
647
648
    /**
649
     * @param array $indicesBoost
650
     *
651
     * @return $this
652
     */
653
    public function setIndicesBoost($indicesBoost)
654
    {
655
        $this->indicesBoost = $indicesBoost;
656
657
        return $this;
658
    }
659
660
    /**
661
     * @return int
662
     */
663
    public function getMinScore()
664
    {
665
        return $this->minScore;
666
    }
667
668
    /**
669
     * @param int $minScore
670
     *
671
     * @return $this
672
     */
673
    public function setMinScore($minScore)
674
    {
675
        $this->minScore = $minScore;
676
677
        return $this;
678
    }
679
680
    /**
681
     * @return array
682
     */
683
    public function getSearchAfter()
684
    {
685
        return $this->searchAfter;
686
    }
687
688
    /**
689
     * @param array $searchAfter
690
     *
691
     * @return $this
692
     */
693
    public function setSearchAfter($searchAfter)
694
    {
695
        $this->searchAfter = $searchAfter;
696
697
        return $this;
698
    }
699
700
    /**
701
     * @return string
702
     */
703
    public function getScroll()
704
    {
705
        return $this->scroll;
706
    }
707
708
    /**
709
     * @param string $scroll
710
     *
711
     * @return $this
712
     */
713
    public function setScroll($scroll = '5m')
714
    {
715
        $this->scroll = $scroll;
716
717
        $this->addUriParam('scroll', $this->scroll);
718
719
        return $this;
720
    }
721
722
    /**
723
     * @param string $name
724
     * @param string|array|bool $value
725
     *
726
     * @return $this
727
     */
728
    public function addUriParam($name, $value)
729
    {
730
        if (in_array($name, [
731
            'q',
732
            'df',
733
            'analyzer',
734
            'analyze_wildcard',
735
            'default_operator',
736
            'lenient',
737
            'explain',
738
            '_source',
739
            '_source_exclude',
740
            '_source_include',
741
            'stored_fields',
742
            'sort',
743
            'track_scores',
744
            'timeout',
745
            'terminate_after',
746
            'from',
747
            'size',
748
            'search_type',
749
            'scroll',
750
            'allow_no_indices',
751
            'ignore_unavailable',
752
            'typed_keys',
753
            'pre_filter_shard_size',
754
            'ignore_unavailable',
755
        ])) {
756
            $this->uriParams[$name] = $value;
757
        } else {
758
            throw new \InvalidArgumentException(sprintf('Parameter %s is not supported.', $value));
759
        }
760
761
        return $this;
762
    }
763
764
    /**
765
     * Returns query url parameters.
766
     *
767
     * @return array
768
     */
769
    public function getUriParams()
770
    {
771
        return $this->uriParams;
772
    }
773
774
    /**
775
     * {@inheritdoc}
776
     */
777
    public function toArray()
778
    {
779
        $output = array_filter(static::$serializer->normalize($this->endpoints));
780
781
        $params = [
782
            'from' => 'from',
783
            'size' => 'size',
784
            'source' => '_source',
785
            'storedFields' => 'stored_fields',
786
            'scriptFields' => 'script_fields',
787
            'docValueFields' => 'docvalue_fields',
788
            'explain' => 'explain',
789
            'version' => 'version',
790
            'indicesBoost' => 'indices_boost',
791
            'minScore' => 'min_score',
792
            'searchAfter' => 'search_after',
793
            'trackTotalHits' => 'track_total_hits',
794
        ];
795
796
        foreach ($params as $field => $param) {
797
            if ($this->$field !== null) {
798
                $output[$param] = $this->$field;
799
            }
800
        }
801
802
        return $output;
803
    }
804
}
805