Issues (387)

Branch: develop

Security Analysis    no request data  

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

tests/ReferenceImplementation.php (6 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
/**
3
 * This is a file Summary.
4
 *
5
 * This is a file description
6
 * @package File
7
 * @filesource
8
 */
9
10
namespace {
11
12
    /**
13
     * This is the summary of a constant in the global namespace.
14
     *
15
     * To check if the description is displayed correctly we *check* if it is handled correctly. And
16
     * if it shows any [Markdown](http://daringfireball.net) formatting.
17
     */
18
    const GLOBAL_CONSTANT_DEFINE_WITH_ROOT_NAMESPACE = 'test';
19
}
20
21
namespace My\Space {
22
23
    define('GLOBAL_CONSTANT_DEFINE', 'test');
24
25
    /**
26
     * @package Constant
27
     */
28
    define('Namespaced\\GLOBAL_CONSTANT_DEFINE', 'test');
29
30
    /**
31
     * @package Constant\Specific
32
     */
33
    const GLOBAL_CONSTANT_CONST = 'test';
34
35
    /**
36
     * @param integer   $param1 Example of a description & with ampersand (&).
37
     * @param string    $param3
38
     */
39
    function globalFunction($param1, \stdClass $param2, $param3 = '')
0 ignored issues
show
The parameter $param1 is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
The parameter $param2 is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
The parameter $param3 is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
40
    {
41
    }
42
43
    /**
44
     * A reference implementation for a subclass.
45
     *
46
     * This subclass's package has a different case than the superclass to test issue #558.
47
     *
48
     * @package class
49
     */
50
    class SubClass extends SuperClass
51
    {
52
        /**
53
         * @var integer   The first property in a list
54
         * @var \stdClass $propertyListItem2 The second property in a list
55
         */
56
        public $propertyListItem1;
57
58
        public $propertyListItem2;
59
    }
60
61
    /**
62
     * This is the summary for this class.
63
     *
64
     * This is a *longer* description that may contain Markdown code
65
     * and span multiple lines without causing any issues.
66
     *
67
     * @source
68
     * @author Mike van Riel <[email protected]>
69
     * @package Class
70
     * @method string myMagicMethod(\stdClass $argument1) This is a description.
71
     * @method static string myStaticMagicMethod(\stdClass $argument1) This is a description.
72
     * @property string $myMagicProperty This is a description.
73
     */
74
    class SuperClass implements SubInterface
75
    {
76
        const CLASS_CONSTANT = 'test';
77
78
        /** @var integer $staticProperty A static property */
79
        public static $staticProperty;
80
81
        /**
82
         * A public property
83
         * @var SubClass
84
         * @deprecated
85
         */
86
        public $publicProperty;
87
88
        protected $protectedProperty;
89
90
        private $privateProperty;
91
92
        /**
93
         * This is a public method.
94
         *
95
         * Example:
96
         *
97
         * ```
98
         * <?php
99
         * echo (string) $class->publicMethod();
100
         * if (true) {
101
         *     echo 'indented string';
102
         * }
103
         * ```
104
         *
105
         * @deprecated This is superseded by the SuperClass
106
         *
107
         * @see GLOBAL_CONSTANT_DEFINE       Refer to global constant.
108
         * @see globalFunction()             Refer to global function.
109
         * @see SuperClass::CLASS_CONSTANT   Refer to class constant.
110
         * @see self::CLASS_CONSTANT         Refer to class constant.
111
         * @see self::staticMethod()         Refer to method.
112
         * @see self::$privateProperty       Refer to property.
113
         * @see SuperClass::$privateProperty Refer to property.
114
         * @see SuperInterface               Refer to interface.
115
         * @see SubClass                     Refer to class.
116
         *
117
         * @throws \Exception if it fails.
118
         * @uses self::protectedMethod()
119
         * @link http://www.phpdoc.org
120
         *
121
         * @return SubInterface an instance of the SubInterface interface.
122
         * Example in the return statement:
123
         * ```
124
         * <?php
125
         * if (true) {
126
         *     echo 'another indented string';
127
         * }
128
         * ```
129
         */
130
        public function publicMethod()
131
        {
132
        }
133
134
        /**
135
         * This is a method definition showcasing the variadic syntax pre-php5.6.
136
         */
137
        public function variadicMethodWithOneExplicitParameter($first)
0 ignored issues
show
The parameter $first is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
138
        {
139
        }
140
141
        public static function staticMethod()
142
        {
143
        }
144
145
        protected function protectedMethod(\stdClass $argument)
0 ignored issues
show
The parameter $argument is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
146
        {
147
        }
148
149
        private function privateMethod()
0 ignored issues
show
This method is not used, and could be removed.
Loading history...
150
        {
151
        }
152
    }
153
154
    interface SubInterface extends SuperInterface, AnotherSuperInterface
155
    {
156
    }
157
158
    /**
159
     * @package File
160
     * @subpackage Interface\Super
161
     */
162
    interface SuperInterface
163
    {
164
        const INTERFACE_CONSTANT = 'test';
165
166
        public function publicMethod();
167
    }
168
169
    /**
170
     * @package File
171
     * @subpackage Interface
172
     */
173
    interface AnotherSuperInterface
174
    {
175
        public static function staticMethod();
176
    }
177
}
178
179
namespace My\Space\Errors {
180
181
    /**
182
     * @package Package1
183
     * @package Package2
184
     * @subpackage Subpackage1
185
     * @subpackage Subpackage2
186
     */
187
    class MultiplePackageTags
188
    {
189
        /**
190
         * @return type This is a generic default injected by IDEs, and is not a valid type
191
         */
192
        public function responseMayNotBeType()
193
        {
194
        }
195
    }
196
197
    /**
198
     * @subpackage Subpackage1
199
     */
200
    class SubPackageWithoutPackage
201
    {
202
    }
203
}
204