Issues in temporaryphoto.php (master) - Issues in master - owncloud/contacts - Measure and Improve Code Quality continuously with Scrutinizer

Issues (493)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/utils/temporaryphoto.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * ownCloud - TemporaryPhoto
 *
 * @author Thomas Tanghus
 * @copyright 2014 Thomas Tanghus ([email protected])
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

namespace OCA\Contacts\Utils;

use OCP\ICache;
use OCP\Image;

/**
 * This class is used for getting a temporary contact photo for cropping.
 *
 * Sub-classes must override __construct() and processImage()
 */
class TemporaryPhoto {

	const MAX_SIZE = 400;

	const PHOTO_CURRENT		=	0;
	const PHOTO_FILESYSTEM	=	1;
	const PHOTO_UPLOADED	=	2;
	const PHOTO_USER		=	3;

	/**
	 * @var \OCP\ICache
	 */
	protected $cache;

	/**
	* @var \OCP\Image
	*/
	protected $image;

	/**
	* Cache key for temporary storage.
	*
	* @var string
	*/
	protected $key;


	/**
	* Whether normalizePhoto() has already been called.
	*
	* @var bool
	*/
	protected $normalized;

	/**
	* Whether the photo is cached.
	*
	* @var bool
	*/
	protected $cached;

	/**
	* Photo loader classes.
	*
	* @var array
	*/
    static public $classMap = array(

		'OCA\\Contacts\\Utils\\TemporaryPhoto\\Contact',
		'OCA\\Contacts\\Utils\\TemporaryPhoto\\FileSystem',
		'OCA\\Contacts\\Utils\\TemporaryPhoto\\Uploaded',
		'OCA\\Contacts\\Utils\\TemporaryPhoto\\User',
	);

	/**
	* Always call parents ctor in subclasses:
	*   		parent::__construct($cache);
	*/
	public function __construct(ICache $cache, $key = null) {
		$this->cache = $cache;
		$this->key = $key;
		if (!is_null($key)) {
			$this->processImage();
		}
	}

	/**
	* Returns an instance of a subclass of this class
	*
	*/
	public static function create(ICache $cache, $type = null, $data = null) {
		if (isset(self::$classMap[$type])) {
			return new self::$classMap[$type]($cache, $data);
		} else {
			return new self($cache, $data);
		}
	}

	/**
	* Remove a cached image by key.
	*
	* @param string $key
	*/
	public function remove($key) {
		return $this->cache->remove($key);
	}

	/**
	* Do what's needed to get the image from storage
	* depending on the type.
	* After this method is called $this->image must hold an
	* instance of \OCP\Image.
	*/
	protected function processImage() {
		$this->image = new Image();
		$this->image->loadFromData($this->cache->get($this->key));
	}

	/**
	* Whether this image is valied
	*
	* @return bool
	*/
	public function isValid() {
		return (($this->image instanceof Image) && $this->image->valid());
if ($x instanceof DoesNotExist) {
    // Do something.
}
	}

	/**
	* Get the key to the cache image.
	*
	* @return string
	*/
	public function getKey() {
		$this->cachePhoto();
		return $this->key;
	}

	/**
	* Get normalized image.
	*
	* @return \OCP\Image
	*/
	public function getPhoto() {
		$this->normalizePhoto();
		return $this->image;
	}

	/**
	* Save image data to cache and return the key
	*
	* @return string
	*/
	private function cachePhoto() {
		if ($this->cached) {
			return;
		}

		if (!$this->image instanceof Image) {
if ($x instanceof DoesNotExist) {
    // Do something.
}
			$this->processImage();
		}
		$this->normalizePhoto();

		$data = $this->image->data();
		$this->key = uniqid('photo-');
		$this->cache->set($this->key, $data, 600);
	}

	/**
	* Resize and rotate the image if needed.
	*/
	private function normalizePhoto() {
		
		if($this->normalized) {
			return;
		}

		$this->image->fixOrientation();

		if ($this->image->height() > self::MAX_SIZE
			|| $this->image->width() > self::MAX_SIZE
		) {
			$this->image->resize(self::MAX_SIZE);
		}

		$this->normalized = true;
	}

	public function getMimeType(){
		return $this->image->mimeType();
	}

	public function getImage(){
		return $this->image;
	}
}

Issues (493)

Security Analysis not enabled

lib/utils/temporaryphoto.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

1			<?php
2			/**
3			* ownCloud - TemporaryPhoto
4			*
5			* @author Thomas Tanghus
6			* @copyright 2014 Thomas Tanghus ([email protected])
7			*
8			* This library is free software; you can redistribute it and/or
9			* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
10			* License as published by the Free Software Foundation; either
11			* version 3 of the License, or any later version.
12			*
13			* This library is distributed in the hope that it will be useful,
14			* but WITHOUT ANY WARRANTY; without even the implied warranty of
15			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16			* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
17			*
18			* You should have received a copy of the GNU Affero General Public
19			* License along with this library. If not, see <http://www.gnu.org/licenses/>.
20			*
21			*/
22
23			namespace OCA\Contacts\Utils;
24
25			use OCP\ICache;
26			use OCP\Image;
27
28			/**
29			* This class is used for getting a temporary contact photo for cropping.
30			*
31			* Sub-classes must override __construct() and processImage()
32			*/
33			class TemporaryPhoto {
34
35			const MAX_SIZE = 400;
36
37			const PHOTO_CURRENT = 0;
38			const PHOTO_FILESYSTEM = 1;
39			const PHOTO_UPLOADED = 2;
40			const PHOTO_USER = 3;
41
42			/**
43			* @var \OCP\ICache
44			*/
45			protected $cache;
46
47			/**
48			* @var \OCP\Image
49			*/
50			protected $image;
51
52			/**
53			* Cache key for temporary storage.
54			*
55			* @var string
56			*/
57			protected $key;
58
59
60			/**
61			* Whether normalizePhoto() has already been called.
62			*
63			* @var bool
64			*/
65			protected $normalized;
66
67			/**
68			* Whether the photo is cached.
69			*
70			* @var bool
71			*/
72			protected $cached;
73
74			/**
75			* Photo loader classes.
76			*
77			* @var array
78			*/
79			static public $classMap = array(
			0 ignored issues – show Coding Style introduced 2015-11-26 05:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this Tabs must be used to indent lines; spaces are not allowed Loading history...
80			'OCA\\Contacts\\Utils\\TemporaryPhoto\\Contact',
81			'OCA\\Contacts\\Utils\\TemporaryPhoto\\FileSystem',
82			'OCA\\Contacts\\Utils\\TemporaryPhoto\\Uploaded',
83			'OCA\\Contacts\\Utils\\TemporaryPhoto\\User',
84			);
85
86			/**
87			* Always call parents ctor in subclasses:
88			* parent::__construct($cache);
89			*/
90			public function __construct(ICache $cache, $key = null) {
91			$this->cache = $cache;
92			$this->key = $key;
93			if (!is_null($key)) {
94			$this->processImage();
95			}
96			}
97
98			/**
99			* Returns an instance of a subclass of this class
100			*
101			*/
102			public static function create(ICache $cache, $type = null, $data = null) {
103			if (isset(self::$classMap[$type])) {
104			return new self::$classMap[$type]($cache, $data);
105			} else {
106			return new self($cache, $data);
107			}
108			}
109
110			/**
111			* Remove a cached image by key.
112			*
113			* @param string $key
114			*/
115			public function remove($key) {
116			return $this->cache->remove($key);
117			}
118
119			/**
120			* Do what's needed to get the image from storage
121			* depending on the type.
122			* After this method is called $this->image must hold an
123			* instance of \OCP\Image.
124			*/
125			protected function processImage() {
126			$this->image = new Image();
127			$this->image->loadFromData($this->cache->get($this->key));
128			}
129
130			/**
131			* Whether this image is valied
132			*
133			* @return bool
134			*/
135			public function isValid() {
136			return (($this->image instanceof Image) && $this->image->valid());
			0 ignored issues – show Bug introduced 2015-11-26 05:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `OCP\Image` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
137			}
138
139			/**
140			* Get the key to the cache image.
141			*
142			* @return string
143			*/
144			public function getKey() {
145			$this->cachePhoto();
146			return $this->key;
147			}
148
149			/**
150			* Get normalized image.
151			*
152			* @return \OCP\Image
153			*/
154			public function getPhoto() {
155			$this->normalizePhoto();
156			return $this->image;
157			}
158
159			/**
160			* Save image data to cache and return the key
161			*
162			* @return string
163			*/
164			private function cachePhoto() {
165			if ($this->cached) {
166			return;
167			}
168
169			if (!$this->image instanceof Image) {
			0 ignored issues – show Bug introduced 2015-11-26 05:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `OCP\Image` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
170			$this->processImage();
171			}
172			$this->normalizePhoto();
173
174			$data = $this->image->data();
175			$this->key = uniqid('photo-');
176			$this->cache->set($this->key, $data, 600);
177			}
178
179			/**
180			* Resize and rotate the image if needed.
181			*/
182			private function normalizePhoto() {
183
184			if($this->normalized) {
185			return;
186			}
187
188			$this->image->fixOrientation();
189
190			if ($this->image->height() > self::MAX_SIZE
191			\|\| $this->image->width() > self::MAX_SIZE
192			) {
193			$this->image->resize(self::MAX_SIZE);
194			}
195
196			$this->normalized = true;
197			}
198
199			public function getMimeType(){
200			return $this->image->mimeType();
201			}
202
203			public function getImage(){
204			return $this->image;
205			}
206			}

owncloud / contacts

Issues (493)

Security Analysis not enabled

lib/utils/temporaryphoto.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

Duplication Side-by-Side

Filter issues like