Issues in Stack.php (master) - Issues in master - php-http/HttplugBundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (171)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Collector/Stack.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

namespace Http\HttplugBundle\Collector;

/**
 * A Stack hold a collection of Profile to track the whole request execution.
 *
 * @author Fabien Bourigault <[email protected]>
 *
 * @internal
 */
final class Stack
{
    /**
     * @var string
     */
    private $client;

    /**
     * @var Stack
     */
    private $parent;

    /**
     * @var Profile[]
     */
    private $profiles = [];

    /**
     * @var string
     */
    private $request;

    /**
     * @var string
     */
    private $response;

    /**
     * @var bool
     */
    private $failed = false;

    /**
     * @var string
     */
    private $requestTarget;

    /**
     * @var string
     */
    private $requestMethod;

    /**
     * @var string
     */
    private $requestHost;

    /**
     * @var string
     */
    private $requestScheme;

    /**
     * @var string
     */
    private $clientRequest;

    /**
     * @var string
     */
    private $clientResponse;

    /**
     * @var string
     */
    private $clientException;

    /**
     * @var int
     */
    private $responseCode;

    /**
     * @var int
     */
    private $duration = 0;

    /**
     * @var string
     */
    private $curlCommand;

    /**
     * @param string $client
     * @param string $request
     */
    public function __construct($client, $request)
    {
        $this->client = $client;
        $this->request = $request;
    }

    /**
     * @return string
     */
    public function getClient()
    {
        return $this->client;
    }

    /**
     * @return Stack
     */
    public function getParent()
    {
        return $this->parent;
    }

    /**
     * @param Stack $parent
     */
    public function setParent(self $parent)
    {
        $this->parent = $parent;

    }

    public function addProfile(Profile $profile)
    {
        $this->profiles[] = $profile;
    }

    /**
     * @return Profile[]
     */
    public function getProfiles()
    {
        return $this->profiles;
    }

    /**
     * @return string
     */
    public function getRequest()
    {
        return $this->request;
    }

    /**
     * @return string
     */
    public function getResponse()
    {
        return $this->response;
    }

    /**
     * @param string $response
     */
    public function setResponse($response)
    {
        $this->response = $response;
    }

    /**
     * @return bool
     */
    public function isFailed()
    {
        return $this->failed;
    }

    /**
     * @param bool $failed
     */
    public function setFailed($failed)
    {
        $this->failed = $failed;
    }

    /**
     * @return string
     */
    public function getRequestTarget()
    {
        return $this->requestTarget;
    }

    /**
     * @param string $requestTarget
     */
    public function setRequestTarget($requestTarget)
    {
        $this->requestTarget = $requestTarget;
    }

    /**
     * @return string
     */
    public function getRequestMethod()
    {
        return $this->requestMethod;
    }

    /**
     * @param string $requestMethod
     */
    public function setRequestMethod($requestMethod)
    {
        $this->requestMethod = $requestMethod;
    }

    /**
     * @return string
     */
    public function getClientRequest()
    {
        return $this->clientRequest;
    }

    /**
     * @param string $clientRequest
     */
    public function setClientRequest($clientRequest)
    {
        $this->clientRequest = $clientRequest;
    }

    /**
     * @return mixed
     */
    public function getClientResponse()
    {
        return $this->clientResponse;
    }

    /**
     * @param mixed $clientResponse
     */
    public function setClientResponse($clientResponse)
    {
        $this->clientResponse = $clientResponse;
    }

    /**
     * @return string
     */
    public function getClientException()
    {
        return $this->clientException;
    }

    /**
     * @param string $clientException
     */
    public function setClientException($clientException)
    {
        $this->clientException = $clientException;
    }

    /**
     * @return int
     */
    public function getResponseCode()
    {
        return $this->responseCode;
    }

    /**
     * @param int $responseCode
     */
    public function setResponseCode($responseCode)
    {
        $this->responseCode = $responseCode;
    }

    /**
     * @return string
     */
    public function getRequestHost()
    {
        return $this->requestHost;
    }

    /**
     * @param string $requestHost
     */
    public function setRequestHost($requestHost)
    {
        $this->requestHost = $requestHost;
    }

    /**
     * @return string
     */
    public function getRequestScheme()
    {
        return $this->requestScheme;
    }

    /**
     * @param string $requestScheme
     */
    public function setRequestScheme($requestScheme)
    {
        $this->requestScheme = $requestScheme;
    }

    /**
     * @return int
     */
    public function getDuration()
    {
        return $this->duration;
    }

    /**
     * @param int $duration
     */
    public function setDuration($duration)
    {
        $this->duration = $duration;
    }

    /**
     * @return string
     */
    public function getCurlCommand()
    {
        return $this->curlCommand;
    }

    /**
     * @param string $curlCommand
     */
    public function setCurlCommand($curlCommand)
    {
        $this->curlCommand = $curlCommand;
    }

    /**
     * @return string
     */
    public function getClientSlug()
    {
        return preg_replace('/[^a-zA-Z0-9_-]/u', '_', $this->client);
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace Http\HttplugBundle\Collector;
6
7		/**
8		* A Stack hold a collection of Profile to track the whole request execution.
9		*
10		* @author Fabien Bourigault <[email protected]>
11		*
12		* @internal
13		*/
14		final class Stack
15		{
16		/**
17		* @var string
18		*/
19		private $client;
20
21		/**
22		* @var Stack
23		*/
24		private $parent;
25
26		/**
27		* @var Profile[]
28		*/
29		private $profiles = [];
30
31		/**
32		* @var string
33		*/
34		private $request;
35
36		/**
37		* @var string
38		*/
39		private $response;
40
41		/**
42		* @var bool
43		*/
44		private $failed = false;
45
46		/**
47		* @var string
48		*/
49		private $requestTarget;
50
51		/**
52		* @var string
53		*/
54		private $requestMethod;
55
56		/**
57		* @var string
58		*/
59		private $requestHost;
60
61		/**
62		* @var string
63		*/
64		private $requestScheme;
65
66		/**
67		* @var string
68		*/
69		private $clientRequest;
70
71		/**
72		* @var string
73		*/
74		private $clientResponse;
75
76		/**
77		* @var string
78		*/
79		private $clientException;
80
81		/**
82		* @var int
83		*/
84		private $responseCode;
85
86		/**
87		* @var int
88		*/
89		private $duration = 0;
90
91		/**
92		* @var string
93		*/
94		private $curlCommand;
95
96		/**
97		* @param string $client
98		* @param string $request
99		*/
100	25	public function __construct($client, $request)
101		{
102	25	$this->client = $client;
103	25	$this->request = $request;
104	25	}
105
106		/**
107		* @return string
108		*/
109	3	public function getClient()
110		{
111	3	return $this->client;
112		}
113
114		/**
115		* @return Stack
116		*/
117	9	public function getParent()
118		{
119	9	return $this->parent;
120		}
121
122		/**
123		* @param Stack $parent
124		*/
125	2	public function setParent(self $parent)
126		{
127	2	$this->parent = $parent;
		0 ignored issues – show Documentation Bug introduced 2020-03-30 07:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$parent` of type `object<self>` is incompatible with the declared type `object<Http\HttplugBundle\Collector\Stack>` of property `$parent`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
128	2	}
129
130	9	public function addProfile(Profile $profile)
131		{
132	9	$this->profiles[] = $profile;
133	9	}
134
135		/**
136		* @return Profile[]
137		*/
138	4	public function getProfiles()
139		{
140	4	return $this->profiles;
141		}
142
143		/**
144		* @return string
145		*/
146	1	public function getRequest()
147		{
148	1	return $this->request;
149		}
150
151		/**
152		* @return string
153		*/
154	1	public function getResponse()
155		{
156	1	return $this->response;
157		}
158
159		/**
160		* @param string $response
161		*/
162	6	public function setResponse($response)
163		{
164	6	$this->response = $response;
165	6	}
166
167		/**
168		* @return bool
169		*/
170		public function isFailed()
171		{
172		return $this->failed;
173		}
174
175		/**
176		* @param bool $failed
177		*/
178	1	public function setFailed($failed)
179		{
180	1	$this->failed = $failed;
181	1	}
182
183		/**
184		* @return string
185		*/
186	11	public function getRequestTarget()
187		{
188	11	return $this->requestTarget;
189		}
190
191		/**
192		* @param string $requestTarget
193		*/
194	14	public function setRequestTarget($requestTarget)
195		{
196	14	$this->requestTarget = $requestTarget;
197	14	}
198
199		/**
200		* @return string
201		*/
202	11	public function getRequestMethod()
203		{
204	11	return $this->requestMethod;
205		}
206
207		/**
208		* @param string $requestMethod
209		*/
210	14	public function setRequestMethod($requestMethod)
211		{
212	14	$this->requestMethod = $requestMethod;
213	14	}
214
215		/**
216		* @return string
217		*/
218	9	public function getClientRequest()
219		{
220	9	return $this->clientRequest;
221		}
222
223		/**
224		* @param string $clientRequest
225		*/
226	14	public function setClientRequest($clientRequest)
227		{
228	14	$this->clientRequest = $clientRequest;
229	14	}
230
231		/**
232		* @return mixed
233		*/
234	1	public function getClientResponse()
235		{
236	1	return $this->clientResponse;
237		}
238
239		/**
240		* @param mixed $clientResponse
241		*/
242	6	public function setClientResponse($clientResponse)
243		{
244	6	$this->clientResponse = $clientResponse;
245	6	}
246
247		/**
248		* @return string
249		*/
250	1	public function getClientException()
251		{
252	1	return $this->clientException;
253		}
254
255		/**
256		* @param string $clientException
257		*/
258	2	public function setClientException($clientException)
259		{
260	2	$this->clientException = $clientException;
261	2	}
262
263		/**
264		* @return int
265		*/
266	1	public function getResponseCode()
267		{
268	1	return $this->responseCode;
269		}
270
271		/**
272		* @param int $responseCode
273		*/
274	6	public function setResponseCode($responseCode)
275		{
276	6	$this->responseCode = $responseCode;
277	6	}
278
279		/**
280		* @return string
281		*/
282	11	public function getRequestHost()
283		{
284	11	return $this->requestHost;
285		}
286
287		/**
288		* @param string $requestHost
289		*/
290	14	public function setRequestHost($requestHost)
291		{
292	14	$this->requestHost = $requestHost;
293	14	}
294
295		/**
296		* @return string
297		*/
298	11	public function getRequestScheme()
299		{
300	11	return $this->requestScheme;
301		}
302
303		/**
304		* @param string $requestScheme
305		*/
306	14	public function setRequestScheme($requestScheme)
307		{
308	14	$this->requestScheme = $requestScheme;
309	14	}
310
311		/**
312		* @return int
313		*/
314	2	public function getDuration()
315		{
316	2	return $this->duration;
317		}
318
319		/**
320		* @param int $duration
321		*/
322	8	public function setDuration($duration)
323		{
324	8	$this->duration = $duration;
325	8	}
326
327		/**
328		* @return string
329		*/
330	9	public function getCurlCommand()
331		{
332	9	return $this->curlCommand;
333		}
334
335		/**
336		* @param string $curlCommand
337		*/
338	14	public function setCurlCommand($curlCommand)
339		{
340	14	$this->curlCommand = $curlCommand;
341	14	}
342
343		/**
344		* @return string
345		*/
346		public function getClientSlug()
347		{
348		return preg_replace('/[^a-zA-Z0-9_-]/u', '_', $this->client);
349		}
350		}
351

php-http / HttplugBundle

Issues (171)

Security Analysis not enabled

src/Collector/Stack.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like