Issues in Properties.php (master) - Issues in master - php-kitchen/platform - Measure and Improve Code Quality continuously with Scrutinizer

Issues (389)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Mixin/Properties.php (5 issues)

Labels

Severity

Informational 5

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace PHPKitchen\Platform\Mixin;

use PHPKitchen\Platform\Exception\Runtime\Property\InvalidAccessException;
use PHPKitchen\Platform\Exception\Runtime\Property\UndefinedPropertyException;

/**
 * Represents implementation of properties for PHP classes.
 *
 * @author Dmitry Kolodko <[email protected]>
 * @since 1.0
 */
trait Properties {
    /**
     * Do not call this method directly as it is a PHP magic method that
     * will be implicitly called when executing `$value = $object->property;`.
     *
     * @param string $name the property name
     *
     * @return mixed the property value
     *
     * @throws UndefinedPropertyException if the property is not defined
     * @throws InvalidAccessException if the property is write-only
     *
     * @see getProperty()
     * @see __set()
     * @since 1.0
     */
    public function __get($name) {
        return $this->getProperty($name);
    }

    /**
     * Returns the value of an object property.
     *
     * @param string $property the property name
     *
     * @return mixed the property value
     *
     * @throws UndefinedPropertyException if the property is not defined
     * @throws InvalidAccessException if the property is write-only
     *
     * @see setProperty()
     * @since 1.0
     */
    protected function getProperty(string $property) {

        if ($this->hasGetterFor($property)) {
            return $this->{'get' . $property}();
        } elseif ($this->hasCondition($property)) {
            return $this->$property();
        } elseif ($this->hasSetterFor($property)) {
            throw new InvalidAccessException('Getting write-only property: ' . static::class . '::' . $property);
        }

        throw new UndefinedPropertyException('Getting unknown property: ' . static::class . '::' . $property);
    }

    /**
     * Do not call this method directly as it is a PHP magic method that
     * will be implicitly called when executing `$object->property = $value;`.
     *
     * @param string $name the property name
     * @param mixed $value the property value
     *
     * @throws UndefinedPropertyException if the property is not defined
     * @throws InvalidAccessException if the property is read-only
     *
     * @see setProperty()
     * @see __get()
     *
     * @since 1.0
     */
    public function __set($name, $value) {
        $this->setProperty($name, $value);
    }

    /**
     * Sets value of an object property.
     *
     * @param string $name the property name
     * @param mixed $value the property value
     *
     * @throws UndefinedPropertyException if the property is not defined
     * @throws InvalidAccessException if the property is read-only
     *
     * @see getProperty()
     * @since 1.0
     */
    protected function setProperty(string $name, $value): void {
        $setter = 'set' . $name;
        if ($this->hasMethod($setter)) {
            $this->$setter($value);
        } elseif ($this->hasMethod('get' . $name)) {

            throw new InvalidAccessException('Setting read-only property: ' . static::class . '::' . $name);
        } else {
            throw new UndefinedPropertyException('Setting unknown property: ' . static::class . '::' . $name);
        }
    }

    /**
     * Do not call this method directly as it is a PHP magic method that
     * will be implicitly called when executing `isset($object->property)`.
     *
     * @param string $name the property name
     *
     * @return bool whether the named property is set (not null).
     *
     * @see isPropertySet
     * @see http://php.net/manual/en/function.isset.php
     *
     * @since 1.0
     */
    public function __isset($name) {

        return $this->isPropertySet($name);
    }

    /**
     * Checks if a property is set, i.e. defined and not null.
     *
     * Note that if the property is not defined, false will be returned.
     *
     * @param string $name the property name
     *
     * @return bool whether the named property is set (not null).
     *
     * @since 1.0
     */
    public function isPropertySet(string $name): bool {
        $getter = 'get' . $name;
        if ($this->hasMethod($getter)) {
            return $this->$getter() !== null;
        }

        return false;
    }

    /**
     * Do not call this method directly as it is a PHP magic method that
     * will be implicitly called when executing `unset($object->property)`.
     *
     * @param string $name the property name
     *
     * @throws InvalidAccessException if the property is read only.
     *
     * @see unSetProperty
     * @see http://php.net/manual/en/function.unset.php
     *
     * @since 1.0
     */
    public function __unset($name) {
        $this->unSetProperty($name);
    }

    /**
     * Sets an object property to null.
     *
     * Note that if the property is not defined, this method will do nothing.
     * If the property is read-only, it will throw an exception.
     *
     * @param string $name the property name
     *
     * @throws InvalidAccessException if the property is read only.
     *
     * @since 1.0
     */
    public function unSetProperty(string $name): void {
        $setter = 'set' . $name;
        if ($this->hasMethod($setter)) {
            $this->$setter(null);
        } elseif ($this->hasMethod('get' . $name)) {

            throw new InvalidAccessException('Unsetting read-only property: ' . static::class . '::' . $name);
        }
    }

    /**
     * Returns a value indicating whether a property is defined.
     *
     * A property is defined if:
     *
     * - the class has a getter or setter method associated with the specified name
     *   (in this case, property name is case-insensitive);
     * - the class has a member variable with the specified name;
     *
     * @param string $name the property name
     *
     * @return bool whether the property is defined
     *
     * @see canGetProperty()
     * @see canSetProperty()
     *
     * @since 1.0
     */
    public function hasProperty($name): bool {
        return $this->canGetProperty($name) || $this->canSetProperty($name);
    }

    /**
     * Returns a value indicating whether a condition property is defined.
     *
     * A condition property is defined if:
     * - the class has a "is" method associated with the specified name;
     * - the class has a "has" method associated with the specified name;
     *
     * Note: property name is case-insensitive
     *
     * @param string $name the property name
     *
     * @return bool whether the condition property is defined
     *
     * @since 1.0
     */
    public function hasCondition($name): bool {
        return $this->hasMethod($name) && (strpos($name, 'is') === 0 || strpos($name, 'has') === 0);
    }

    /**
     * Returns a value indicating whether a property can be read.
     *
     * A property is readable if:
     *
     * - the class has a getter method associated with the specified name
     *   (in this case, property name is case-insensitive);
     * - the class has a member variable with the specified name;
     *
     * @param string $property the property name
     *
     * @return bool whether the property can be read
     * @see canSetProperty()
     *
     * @since 1.0
     */
    public function canGetProperty(string $property): bool {

        return $this->hasGetterFor($property) || $this->hasField($property) || $this->hasCondition($property);
    }

    /**
     * Returns a value indicating whether a property can be set.
     *
     * A property is writable if:
     * - the class has a setter method associated with the specified name
     *   (in this case, property name is case-insensitive);
     * - the class has a member variable with the specified name;
     *
     * @param string $property the property name
     *
     * @return bool whether the property can be written
     *
     * @see canGetProperty()
     *
     * @since 1.0
     */
    public function canSetProperty(string $property): bool {

        return $this->hasSetterFor($property) || $this->hasField($property);
    }

    /**
     * Returns a value indicating whether a class field is defined.
     *
     * @param string $name the field name
     *
     * @return bool whether the field is defined
     *
     * @since 1.0
     */
    public function hasField(string $name): bool {
        return property_exists($this, $name);
    }

    /**
     * Returns a value indicating whether a getter is defined for property.
     *
     * @param string $property the property name
     *
     * @return bool whether the getter is defined
     *
     * @since 1.0
     */
    public function hasGetterFor(string $property): bool {
        return $this->hasMethod('get' . $property);
    }

    /**
     * Returns a value indicating whether a setter is defined for property.
     *
     * @param string $property the property name
     *
     * @return bool whether the getter is defined
     *
     * @since 1.0
     */
    public function hasSetterFor(string $property): bool {
        return $this->hasMethod('set' . $property);
    }

    /**
     * Returns a value indicating whether a method is defined.
     *
     * The default implementation is a call to php function `method_exists()`.
     * You may override this method when you implemented the php magic method `__call()`.
     *
     * @param string $name the method name
     *
     * @return bool whether the method is defined
     *
     * @since 1.0
     */
    public function hasMethod(string $name): bool {
        return method_exists($this, $name);
    }
}

1		<?php
2
3		namespace PHPKitchen\Platform\Mixin;
4
5		use PHPKitchen\Platform\Exception\Runtime\Property\InvalidAccessException;
6		use PHPKitchen\Platform\Exception\Runtime\Property\UndefinedPropertyException;
7
8		/**
9		* Represents implementation of properties for PHP classes.
10		*
11		* @author Dmitry Kolodko <[email protected]>
12		* @since 1.0
13		*/
14		trait Properties {
15		/**
16		* Do not call this method directly as it is a PHP magic method that
17		* will be implicitly called when executing `$value = $object->property;`.
18		*
19		* @param string $name the property name
20		*
21		* @return mixed the property value
22		*
23		* @throws UndefinedPropertyException if the property is not defined
24		* @throws InvalidAccessException if the property is write-only
25		*
26		* @see getProperty()
27		* @see __set()
28		* @since 1.0
29		*/
30		public function __get($name) {
31		return $this->getProperty($name);
32		}
33
34		/**
35		* Returns the value of an object property.
36		*
37		* @param string $property the property name
38		*
39		* @return mixed the property value
40		*
41		* @throws UndefinedPropertyException if the property is not defined
42		* @throws InvalidAccessException if the property is write-only
43		*
44		* @see setProperty()
45		* @since 1.0
46		*/
47		protected function getProperty(string $property) {
48
49		if ($this->hasGetterFor($property)) {
50		return $this->{'get' . $property}();
51		} elseif ($this->hasCondition($property)) {
52		return $this->$property();
53		} elseif ($this->hasSetterFor($property)) {
54		throw new InvalidAccessException('Getting write-only property: ' . static::class . '::' . $property);
55		}
56
57		throw new UndefinedPropertyException('Getting unknown property: ' . static::class . '::' . $property);
58		}
59
60		/**
61		* Do not call this method directly as it is a PHP magic method that
62		* will be implicitly called when executing `$object->property = $value;`.
63		*
64		* @param string $name the property name
65		* @param mixed $value the property value
66		*
67		* @throws UndefinedPropertyException if the property is not defined
68		* @throws InvalidAccessException if the property is read-only
69		*
70		* @see setProperty()
71		* @see __get()
72		*
73		* @since 1.0
74		*/
75		public function __set($name, $value) {
76		$this->setProperty($name, $value);
77		}
78
79		/**
80		* Sets value of an object property.
81		*
82		* @param string $name the property name
83		* @param mixed $value the property value
84		*
85		* @throws UndefinedPropertyException if the property is not defined
86		* @throws InvalidAccessException if the property is read-only
87		*
88		* @see getProperty()
89		* @since 1.0
90		*/
91		protected function setProperty(string $name, $value): void {
92		$setter = 'set' . $name;
93		if ($this->hasMethod($setter)) {
94		$this->$setter($value);
95	View Code Duplication	} elseif ($this->hasMethod('get' . $name)) {
		0 ignored issues – show Duplication introduced 2018-01-26 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
96		throw new InvalidAccessException('Setting read-only property: ' . static::class . '::' . $name);
97		} else {
98		throw new UndefinedPropertyException('Setting unknown property: ' . static::class . '::' . $name);
99		}
100		}
101
102		/**
103		* Do not call this method directly as it is a PHP magic method that
104		* will be implicitly called when executing `isset($object->property)`.
105		*
106		* @param string $name the property name
107		*
108		* @return bool whether the named property is set (not null).
109		*
110		* @see isPropertySet
111		* @see http://php.net/manual/en/function.isset.php
112		*
113		* @since 1.0
114		*/
115		public function __isset($name) {
		0 ignored issues – show Coding Style introduced 2018-01-26 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this `function __isset()` does not seem to conform to the naming convention (`^(?:is\|has\|should\|may\|supports)`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
116		return $this->isPropertySet($name);
117		}
118
119		/**
120		* Checks if a property is set, i.e. defined and not null.
121		*
122		* Note that if the property is not defined, false will be returned.
123		*
124		* @param string $name the property name
125		*
126		* @return bool whether the named property is set (not null).
127		*
128		* @since 1.0
129		*/
130		public function isPropertySet(string $name): bool {
131		$getter = 'get' . $name;
132		if ($this->hasMethod($getter)) {
133		return $this->$getter() !== null;
134		}
135
136		return false;
137		}
138
139		/**
140		* Do not call this method directly as it is a PHP magic method that
141		* will be implicitly called when executing `unset($object->property)`.
142		*
143		* @param string $name the property name
144		*
145		* @throws InvalidAccessException if the property is read only.
146		*
147		* @see unSetProperty
148		* @see http://php.net/manual/en/function.unset.php
149		*
150		* @since 1.0
151		*/
152		public function __unset($name) {
153		$this->unSetProperty($name);
154		}
155
156		/**
157		* Sets an object property to null.
158		*
159		* Note that if the property is not defined, this method will do nothing.
160		* If the property is read-only, it will throw an exception.
161		*
162		* @param string $name the property name
163		*
164		* @throws InvalidAccessException if the property is read only.
165		*
166		* @since 1.0
167		*/
168		public function unSetProperty(string $name): void {
169		$setter = 'set' . $name;
170		if ($this->hasMethod($setter)) {
171		$this->$setter(null);
172	View Code Duplication	} elseif ($this->hasMethod('get' . $name)) {
		0 ignored issues – show Duplication introduced 2018-01-26 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
173		throw new InvalidAccessException('Unsetting read-only property: ' . static::class . '::' . $name);
174		}
175		}
176
177		/**
178		* Returns a value indicating whether a property is defined.
179		*
180		* A property is defined if:
181		*
182		* - the class has a getter or setter method associated with the specified name
183		* (in this case, property name is case-insensitive);
184		* - the class has a member variable with the specified name;
185		*
186		* @param string $name the property name
187		*
188		* @return bool whether the property is defined
189		*
190		* @see canGetProperty()
191		* @see canSetProperty()
192		*
193		* @since 1.0
194		*/
195		public function hasProperty($name): bool {
196		return $this->canGetProperty($name) \|\| $this->canSetProperty($name);
197		}
198
199		/**
200		* Returns a value indicating whether a condition property is defined.
201		*
202		* A condition property is defined if:
203		* - the class has a "is" method associated with the specified name;
204		* - the class has a "has" method associated with the specified name;
205		*
206		* Note: property name is case-insensitive
207		*
208		* @param string $name the property name
209		*
210		* @return bool whether the condition property is defined
211		*
212		* @since 1.0
213		*/
214		public function hasCondition($name): bool {
215		return $this->hasMethod($name) && (strpos($name, 'is') === 0 \|\| strpos($name, 'has') === 0);
216		}
217
218		/**
219		* Returns a value indicating whether a property can be read.
220		*
221		* A property is readable if:
222		*
223		* - the class has a getter method associated with the specified name
224		* (in this case, property name is case-insensitive);
225		* - the class has a member variable with the specified name;
226		*
227		* @param string $property the property name
228		*
229		* @return bool whether the property can be read
230		* @see canSetProperty()
231		*
232		* @since 1.0
233		*/
234		public function canGetProperty(string $property): bool {
		0 ignored issues – show Coding Style introduced 2018-01-26 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this `function canGetProperty()` does not seem to conform to the naming convention (`^(?:is\|has\|should\|may\|supports)`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
235		return $this->hasGetterFor($property) \|\| $this->hasField($property) \|\| $this->hasCondition($property);
236		}
237
238		/**
239		* Returns a value indicating whether a property can be set.
240		*
241		* A property is writable if:
242		* - the class has a setter method associated with the specified name
243		* (in this case, property name is case-insensitive);
244		* - the class has a member variable with the specified name;
245		*
246		* @param string $property the property name
247		*
248		* @return bool whether the property can be written
249		*
250		* @see canGetProperty()
251		*
252		* @since 1.0
253		*/
254		public function canSetProperty(string $property): bool {
		0 ignored issues – show Coding Style introduced 2018-01-26 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this `function canSetProperty()` does not seem to conform to the naming convention (`^(?:is\|has\|should\|may\|supports)`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
255		return $this->hasSetterFor($property) \|\| $this->hasField($property);
256		}
257
258		/**
259		* Returns a value indicating whether a class field is defined.
260		*
261		* @param string $name the field name
262		*
263		* @return bool whether the field is defined
264		*
265		* @since 1.0
266		*/
267		public function hasField(string $name): bool {
268		return property_exists($this, $name);
269		}
270
271		/**
272		* Returns a value indicating whether a getter is defined for property.
273		*
274		* @param string $property the property name
275		*
276		* @return bool whether the getter is defined
277		*
278		* @since 1.0
279		*/
280		public function hasGetterFor(string $property): bool {
281		return $this->hasMethod('get' . $property);
282		}
283
284		/**
285		* Returns a value indicating whether a setter is defined for property.
286		*
287		* @param string $property the property name
288		*
289		* @return bool whether the getter is defined
290		*
291		* @since 1.0
292		*/
293		public function hasSetterFor(string $property): bool {
294		return $this->hasMethod('set' . $property);
295		}
296
297		/**
298		* Returns a value indicating whether a method is defined.
299		*
300		* The default implementation is a call to php function `method_exists()`.
301		* You may override this method when you implemented the php magic method `__call()`.
302		*
303		* @param string $name the method name
304		*
305		* @return bool whether the method is defined
306		*
307		* @since 1.0
308		*/
309		public function hasMethod(string $name): bool {
310		return method_exists($this, $name);
311		}
312		}

php-kitchen / platform

Issues (389)

Security Analysis no request data

src/Mixin/Properties.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like