Issues in Regx.php (master) - Issues in master - phpgearbox/string - Measure and Improve Code Quality continuously with Scrutinizer

Issues (18)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Methods/Regx.php (3 issues)

Labels

Severity

Informational 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace Gears\String\Methods;
////////////////////////////////////////////////////////////////////////////////
// __________ __             ________                   __________
// \______   \  |__ ______  /  _____/  ____ _____ ______\______   \ _______  ___
//  |     ___/  |  \\____ \/   \  ____/ __ \\__  \\_  __ \    |  _//  _ \  \/  /
//  |    |   |   Y  \  |_> >    \_\  \  ___/ / __ \|  | \/    |   (  <_> >    <
//  |____|   |___|  /   __/ \______  /\___  >____  /__|  |______  /\____/__/\_ \
//                \/|__|           \/     \/     \/             \/            \/
// -----------------------------------------------------------------------------
//          Designed and Developed by Brad Jones <brad @="bjc.id.au" />
// -----------------------------------------------------------------------------
////////////////////////////////////////////////////////////////////////////////

use voku\helper\UTF8;
use Gears\String\Exceptions\PcreException;

trait Regx
{
    /**
     * The delimiter we will use for all regular expressions.
     *
     * @link http://php.net/manual/en/regexp.reference.delimiters.php
     *
     * @var string
     */
    protected $regexDelimiter = '/';

    /**
     * Allows you to change the the default regular expression delimiter.
     *
     * @param string $value The delimiter to use for all future expressions.
     *
     * @return static
     */
    public function setRegexDelimiter($value)
    {
        $this->regexDelimiter = $value;

        return $this;
    }

    /**
     * Returns true if the string matches the supplied pattern, false otherwise.
     *
     * @param  string $pattern Regex pattern to match against.
     *
     * @param  string $options Matching conditions to be used.
     *
     * @return bool
     *
     * @throws PcreException   When PCRE Error occurs.
     */
    public function regexMatch($pattern, $options = '')
    {
        // Ensure the options contain the "u" modifier.
        if (!$this->newSelf($options)->contains('u')) $options .= 'u';

        // Build the expression
        $expression =
            $this->regexDelimiter.
            $pattern.
            $this->regexDelimiter.
            $options
        ;

        // Run the expression
        $result = preg_match($expression, $this->scalarString);

        // If no errors return true or false based on number of matches found.
        if ($result !== false) return $result === 1;

        // Otherwise throw with last known PCRE Error.
        throw new PcreException();
    }

    /**
     * Given an expression with capture groups, this will return those captures.
     *
     * Basically this is the same as `regexMatch()` but returns the array
     * of matches from `preg_match()` where as `regexMatch()` just returns
     * a boolean result.
     *
     * @param  string $pattern Regex pattern to match against.
     *
     * @param  string $options Matching conditions to be used.
     *
     * @return array           The matches discovered by `preg_match()`.
     *
     * @throws PcreException   When PCRE Error occurs.
     */
    public function regexExtract($pattern, $options = '')

    {
        // Define the array that will be filled by preg_match().
        $matches = [];

        // Ensure the options contain the "u" modifier.
        if (!$this->newSelf($options)->contains('u')) $options .= 'u';

        // Build the expression
        $expression =
            $this->regexDelimiter.
            $pattern.
            $this->regexDelimiter.
            $options
        ;

        // Run the expression
        $result = preg_match($expression, $this->scalarString, $matches);

        // If no errors return the $matches array
        if ($result !== false) return $this->newSelfs($matches);

        // Otherwise throw with last known PCRE Error.
        throw new PcreException();
    }

    /**
     * Replaces all occurrences of $pattern in $str by $replacement.
     *
     * @param  string $pattern     The regular expression pattern.
     *
     * @param  string $replacement The string to replace with.
     *
     * @param  string $options     Matching conditions to be used.
     *
     * @return static              Resulting string after the replacements
     *
     * @throws PcreException       When PCRE Error occurs.
     */
    public function regexReplace($pattern, $replacement, $options = '')

    {
        // The original regexReplace method in danielstjules/Stringy used
        // mb_ereg_replace() which supports an "r" flag, PCRE does not.
        if ($options === 'msr') $options = 'ms';

        // Ensure the options contain the "u" modifier.
        if (!$this->newSelf($options)->contains('u')) $options .= 'u';

        // Build the expression
        $expression =
            $this->regexDelimiter.
            $pattern.
            $this->regexDelimiter.
            $options
        ;

        // Run the regular expression replacement
        $replaced = preg_replace($expression, $replacement, $this->scalarString);

        // If no errors return the replacement
        if ($replaced !== null) return $this->newSelf($replaced);

        // Otherwise throw with last known PCRE Error.
        throw new PcreException();
    }

    /**
     * Splits the string with the provided regular expression.
     *
     * @param  string   $pattern The regex with which to split the string.
     *
     * @param  int|null $limit   Optional maximum number of results to return.
     *
     * @param  bool     $quote   By default this method will run the provided
     *                           $pattern through preg_quote(), this allows the
     *                           method to be used to split on simple substrings.
     *
     * @return static[]          An array of Str objects.
     */
    public function split($pattern, $limit = null, $quote = true)
    {
        // Not sure why you would do this but your wish is our command :)
        if ($limit === 0) return [];

        // UTF8::split errors when supplied an empty pattern in < PHP 5.4.13
        // and current versions of HHVM (3.8 and below)
        if ($pattern === '') return [$this->newSelf($this->scalarString)];

        // UTF8::split returns the remaining unsplit string
        // in the last index when supplying a limit.
        if ($limit > 0)
        {
            $limit += 1;
        }
        else
        {
            $limit = -1;
        }

        // TODO: As per the above comments, all well and good but we are not

        // using UTF8::split here, we are using preg_split???

        // Build the expression
        $expression = $this->regexDelimiter;

        if ($quote === true)
        {
            $expression .= preg_quote($pattern, $this->regexDelimiter);
        }
        else
        {
            $expression .= $pattern;
        }

        $expression .= $this->regexDelimiter.'u';

        // Split the string
        $array = preg_split($expression, $this->scalarString, $limit);

        // Remove any remaining unsplit string.
        if ($limit > 0 && count($array) === $limit) array_pop($array);

        return $this->newSelfs($array);
    }
}


GitHub Access Token became invalid

Issues (18)

Security Analysis no request data

src/Methods/Regx.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php namespace Gears\String\Methods;
2		////////////////////////////////////////////////////////////////////////////////
3		// __________ __ ________ __________
4		// \______ \ \|__ ______ / _____/ ____ _____ ______\______ \ _______ ___
5		// \| ___/ \| \\____ \/ \ ____/ __ \\__ \\_ __ \ \| _// _ \ \/ /
6		// \| \| \| Y \ \|_> > \_\ \ ___/ / __ \\| \| \/ \| ( <_> > <
7		// \|____\| \|___\| / __/ \______ /\___ >____ /__\| \|______ /\____/__/\_ \
8		// \/\|__\| \/ \/ \/ \/ \/
9		// -----------------------------------------------------------------------------
10		// Designed and Developed by Brad Jones <brad @="bjc.id.au" />
11		// -----------------------------------------------------------------------------
12		////////////////////////////////////////////////////////////////////////////////
13
14		use voku\helper\UTF8;
15		use Gears\String\Exceptions\PcreException;
16
17		trait Regx
18		{
19		/**
20		* The delimiter we will use for all regular expressions.
21		*
22		* @link http://php.net/manual/en/regexp.reference.delimiters.php
23		*
24		* @var string
25		*/
26		protected $regexDelimiter = '/';
27
28		/**
29		* Allows you to change the the default regular expression delimiter.
30		*
31		* @param string $value The delimiter to use for all future expressions.
32		*
33		* @return static
34		*/
35		public function setRegexDelimiter($value)
36		{
37		$this->regexDelimiter = $value;
38
39		return $this;
40		}
41
42		/**
43		* Returns true if the string matches the supplied pattern, false otherwise.
44		*
45		* @param string $pattern Regex pattern to match against.
46		*
47		* @param string $options Matching conditions to be used.
48		*
49		* @return bool
50		*
51		* @throws PcreException When PCRE Error occurs.
52		*/
53		public function regexMatch($pattern, $options = '')
54		{
55		// Ensure the options contain the "u" modifier.
56		if (!$this->newSelf($options)->contains('u')) $options .= 'u';
57
58		// Build the expression
59		$expression =
60		$this->regexDelimiter.
61		$pattern.
62		$this->regexDelimiter.
63		$options
64		;
65
66		// Run the expression
67		$result = preg_match($expression, $this->scalarString);
68
69		// If no errors return true or false based on number of matches found.
70		if ($result !== false) return $result === 1;
71
72		// Otherwise throw with last known PCRE Error.
73		throw new PcreException();
74		}
75
76		/**
77		* Given an expression with capture groups, this will return those captures.
78		*
79		* Basically this is the same as `regexMatch()` but returns the array
80		* of matches from `preg_match()` where as `regexMatch()` just returns
81		* a boolean result.
82		*
83		* @param string $pattern Regex pattern to match against.
84		*
85		* @param string $options Matching conditions to be used.
86		*
87		* @return array The matches discovered by `preg_match()`.
88		*
89		* @throws PcreException When PCRE Error occurs.
90		*/
91	View Code Duplication	public function regexExtract($pattern, $options = '')
		0 ignored issues – show Duplication introduced 2016-04-18 04:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
92		{
93		// Define the array that will be filled by preg_match().
94		$matches = [];
95
96		// Ensure the options contain the "u" modifier.
97		if (!$this->newSelf($options)->contains('u')) $options .= 'u';
98
99		// Build the expression
100		$expression =
101		$this->regexDelimiter.
102		$pattern.
103		$this->regexDelimiter.
104		$options
105		;
106
107		// Run the expression
108		$result = preg_match($expression, $this->scalarString, $matches);
109
110		// If no errors return the $matches array
111		if ($result !== false) return $this->newSelfs($matches);
112
113		// Otherwise throw with last known PCRE Error.
114		throw new PcreException();
115		}
116
117		/**
118		* Replaces all occurrences of $pattern in $str by $replacement.
119		*
120		* @param string $pattern The regular expression pattern.
121		*
122		* @param string $replacement The string to replace with.
123		*
124		* @param string $options Matching conditions to be used.
125		*
126		* @return static Resulting string after the replacements
127		*
128		* @throws PcreException When PCRE Error occurs.
129		*/
130	View Code Duplication	public function regexReplace($pattern, $replacement, $options = '')
		0 ignored issues – show Duplication introduced 2016-04-18 04:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
131		{
132		// The original regexReplace method in danielstjules/Stringy used
133		// mb_ereg_replace() which supports an "r" flag, PCRE does not.
134		if ($options === 'msr') $options = 'ms';
135
136		// Ensure the options contain the "u" modifier.
137		if (!$this->newSelf($options)->contains('u')) $options .= 'u';
138
139		// Build the expression
140		$expression =
141		$this->regexDelimiter.
142		$pattern.
143		$this->regexDelimiter.
144		$options
145		;
146
147		// Run the regular expression replacement
148		$replaced = preg_replace($expression, $replacement, $this->scalarString);
149
150		// If no errors return the replacement
151		if ($replaced !== null) return $this->newSelf($replaced);
152
153		// Otherwise throw with last known PCRE Error.
154		throw new PcreException();
155		}
156
157		/**
158		* Splits the string with the provided regular expression.
159		*
160		* @param string $pattern The regex with which to split the string.
161		*
162		* @param int\|null $limit Optional maximum number of results to return.
163		*
164		* @param bool $quote By default this method will run the provided
165		* $pattern through preg_quote(), this allows the
166		* method to be used to split on simple substrings.
167		*
168		* @return static[] An array of Str objects.
169		*/
170		public function split($pattern, $limit = null, $quote = true)
171		{
172		// Not sure why you would do this but your wish is our command :)
173		if ($limit === 0) return [];
174
175		// UTF8::split errors when supplied an empty pattern in < PHP 5.4.13
176		// and current versions of HHVM (3.8 and below)
177		if ($pattern === '') return [$this->newSelf($this->scalarString)];
178
179		// UTF8::split returns the remaining unsplit string
180		// in the last index when supplying a limit.
181		if ($limit > 0)
182		{
183		$limit += 1;
184		}
185		else
186		{
187		$limit = -1;
188		}
189
190		// TODO: As per the above comments, all well and good but we are not
		0 ignored issues – show Coding Style Best Practice introduced 2016-04-18 05:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
191		// using UTF8::split here, we are using preg_split???
192
193		// Build the expression
194		$expression = $this->regexDelimiter;
195
196		if ($quote === true)
197		{
198		$expression .= preg_quote($pattern, $this->regexDelimiter);
199		}
200		else
201		{
202		$expression .= $pattern;
203		}
204
205		$expression .= $this->regexDelimiter.'u';
206
207		// Split the string
208		$array = preg_split($expression, $this->scalarString, $limit);
209
210		// Remove any remaining unsplit string.
211		if ($limit > 0 && count($array) === $limit) array_pop($array);
212
213		return $this->newSelfs($array);
214		}
215		}
216

phpgearbox / string

GitHub Access Token became invalid

Issues (18)

Security Analysis no request data

src/Methods/Regx.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like