Issues in LogicalConnection.php (devel) - Issues in devel - phpservicebus/persistence-doctrine1 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (6)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/LogicalConnection.php (2 issues)

Labels

Documentation 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace PSB\Persistence\Doctrine1;


use PSB\Core\Exception\CriticalErrorException;
use PSB\Core\Util\Guard;

class LogicalConnection
{
    /**
     * @var string
     */
    private $name;

    /**
     * @var string
     */
    private $dsn;

    /**
     * @var \Doctrine_Manager
     */
    private $manager;

    /**
     * @param string            $name
     * @param string            $dsn
     * @param \Doctrine_Manager $manager
     */
    public function __construct($name = null, $dsn, \Doctrine_Manager $manager)
    {
        Guard::againstNullAndEmpty('dns', $dsn);

        $this->name = $name === '' ? null : $name;
        $this->dsn = $dsn;
        $this->manager = $manager;
    }

    /**
     * @return string
     */
    public function getName()
    {
        return $this->name;
    }

    /**
     * @return string
     */
    public function getDsn()
    {
        return $this->dsn;
    }

    /**
     * @return \Doctrine_Manager
     */
    public function getManager()
    {
        return $this->manager;
    }

    /**
     * @return int
     */
    public function beginTransaction()
    {
        return $this->getConnection()->beginTransaction();
    }

    /**
     * @return bool
     */
    public function commit()
    {
        return $this->getConnection()->commit();
    }

    /**
     * Rolls back the transaction.
     * It makes sure that the connection is in the correct state regardless of what happened before.
     * Correct state means that the connection does not have a transaction nesting level > 0
     *
     * @return bool
     */
    public function rollBack()
    {
        /**
         * Roll back all the way as this is supposed to be the top level transaction and we want to reset
         * the nesting level
         */
        $transactionNestingLevel = $this->getConnection()->getTransactionLevel();
        for ($i = 0; $i < $transactionNestingLevel - 1; $i++) {
            $this->getConnection()->rollBack();
        }
        return $this->getConnection()->rollBack();
    }

    /**
     * @param \Closure $func
     *
     * @throws \Exception
     */
    public function transactional(\Closure $func)
    {
        $this->beginTransaction();
        try {
            $func($this);
            $this->commit();
        } catch (\Exception $e) {
            $this->rollback();
            throw $e;
        }
    }

    /**
     * @return int
     */
    public function getTransactionNestingLevel()
    {
        return $this->getConnection()->getTransactionLevel();
    }

    /**
     * @param string $query
     * @param array  $params
     *
     * @return \Doctrine_Adapter_Statement|\PDOStatement
     */
    public function executeUpdate($query, array $params = [])
    {
        return $this->getConnection()->standaloneQuery($query, $params);
    }

    /**
     * @param string $query
     * @param array  $params
     *
     * @return \PDOStatement|\Doctrine_Adapter_Statement
     */
    public function executeQuery($query, array $params = [])
    {
        return $this->getConnection()->standaloneQuery($query, $params);
    }

    /**
     * @param string $tableName
     * @param array  $data
     *
     * @return int
     */
    public function insert($tableName, array $data)
    {
        $columns = array_keys($data);
        foreach ($columns as $key => $value) {
            $columns[$key] = $this->getConnection()->quoteIdentifier($value);
        }

        $query = 'INSERT INTO ' . $this->getConnection()->quoteIdentifier($tableName)
            . ' (' . implode(', ', $columns) . ')'
            . ' VALUES (' . implode(', ', array_fill(0, count($columns), '?')) . ')';

        return $this->getConnection()->exec($query, array_values($data));
    }

    /**
     * @return string
     */
    public function lastInsertId()
    {
        return $this->getConnection()->lastInsertId();
    }

    /**
     * @param \Exception $e
     *
     * @return \Exception
     */
    public function reconnectIfNeeded(\Exception $e)
    {
        // presumably, any exception caught here is related to some connection error
        if (!$this->ping()) {
            // if pinging fails, we try to reconnect
            try {
                $this->manager->closeConnection($this->getConnection());
                $this->getConnection()->connect();
            } catch (\Exception $e) {
                // if reconnecting fails, there is no way that the bus can continue to function
                return new CriticalErrorException("Database connection failed.", 0, $e);
            }
        }

        return $e;
    }

    /**
     * @return bool
     * @throws \Doctrine_Connection_Exception
     */
    public function connect()
    {
        return $this->getConnection()->connect();
    }

    /**
     * @return \Doctrine_Connection
     */
    public function getWrappedConnection()
    {
        return $this->getConnection();
    }

    /**
     * @return bool
     */
    public function ping()
    {
        $this->connect();

        try {
            $this->executeQuery($this->getDummySelectSQL());
        } catch (\Exception $e) {
            return false;
        }

        return true;
    }

    /**
     * @return bool
     */
    public function isEmbeddedDatabase()
    {
        $driverName = $this->getConnection()->getDriverName();
        if (stripos($driverName, 'sqlite') !== false) {
            return true;
        }

        return false;
    }

    /**
     * @param string $tableName
     * @param array  $fields
     * @param array  $options
     */
    public function createTable($tableName, array $fields = [], array $options = [])
    {
        $this->getConnection()->export->createTable($tableName, $fields, $options);
    }

    /**
     * @return \Doctrine_Connection
     * @throws \Doctrine_Connection_Exception
     * @throws \Doctrine_Manager_Exception
     */
    private function getConnection()
    {
        // if there is a name and a connection with that name exists, use that one
        if ($this->name && $this->manager->contains($this->name)) {
            return $this->manager->getConnection($this->name);
        }

        // if there is a name and no connection with that name exists, create one
        if ($this->name) {
            return $this->manager->openConnection($this->dsn, $this->name);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        }

        // if there is no name (so it's not using multiple connections) and one connection is present, use that one
        if (!$this->name && $this->manager->count()) {
            return $this->manager->getCurrentConnection();
        }

        // if there is no name (so it's not using multiple connections) and no connection is present, create one
        return $this->manager->openConnection($this->dsn);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
    }

    /**
     * Taken from doctrine 2
     *
     * @return string
     */
    private function getDummySelectSQL()
    {
        $driverName = strtolower($this->getConnection()->getDriverName());
        switch ($driverName) {
            case 'db2':
                $sql = 'SELECT 1 FROM sysibm.sysdummy1';
                break;
            case 'oci':
                $sql = 'SELECT 1 FROM dual';
                break;
            default:
                $sql = 'SELECT 1';
        }
        return $sql;
    }
}


1		<?php
2		namespace PSB\Persistence\Doctrine1;
3
4
5		use PSB\Core\Exception\CriticalErrorException;
6		use PSB\Core\Util\Guard;
7
8		class LogicalConnection
9		{
10		/**
11		* @var string
12		*/
13		private $name;
14
15		/**
16		* @var string
17		*/
18		private $dsn;
19
20		/**
21		* @var \Doctrine_Manager
22		*/
23		private $manager;
24
25		/**
26		* @param string $name
27		* @param string $dsn
28		* @param \Doctrine_Manager $manager
29		*/
30	5	public function __construct($name = null, $dsn, \Doctrine_Manager $manager)
31		{
32	5	Guard::againstNullAndEmpty('dns', $dsn);
33
34	4	$this->name = $name === '' ? null : $name;
35	4	$this->dsn = $dsn;
36	4	$this->manager = $manager;
37	4	}
38
39		/**
40		* @return string
41		*/
42	3	public function getName()
43		{
44	3	return $this->name;
45		}
46
47		/**
48		* @return string
49		*/
50	3	public function getDsn()
51		{
52	3	return $this->dsn;
53		}
54
55		/**
56		* @return \Doctrine_Manager
57		*/
58	3	public function getManager()
59		{
60	3	return $this->manager;
61		}
62
63		/**
64		* @return int
65		*/
66	10	public function beginTransaction()
67		{
68	10	return $this->getConnection()->beginTransaction();
69		}
70
71		/**
72		* @return bool
73		*/
74	7	public function commit()
75		{
76	7	return $this->getConnection()->commit();
77		}
78
79		/**
80		* Rolls back the transaction.
81		* It makes sure that the connection is in the correct state regardless of what happened before.
82		* Correct state means that the connection does not have a transaction nesting level > 0
83		*
84		* @return bool
85		*/
86	6	public function rollBack()
87		{
88		/**
89		* Roll back all the way as this is supposed to be the top level transaction and we want to reset
90		* the nesting level
91		*/
92	6	$transactionNestingLevel = $this->getConnection()->getTransactionLevel();
93	6	for ($i = 0; $i < $transactionNestingLevel - 1; $i++) {
94	1	$this->getConnection()->rollBack();
95	1	}
96	6	return $this->getConnection()->rollBack();
97		}
98
99		/**
100		* @param \Closure $func
101		*
102		* @throws \Exception
103		*/
104	7	public function transactional(\Closure $func)
105		{
106	7	$this->beginTransaction();
107		try {
108	7	$func($this);
109	7	$this->commit();
110	7	} catch (\Exception $e) {
111	1	$this->rollback();
112	1	throw $e;
113		}
114	7	}
115
116		/**
117		* @return int
118		*/
119	2	public function getTransactionNestingLevel()
120		{
121	2	return $this->getConnection()->getTransactionLevel();
122		}
123
124		/**
125		* @param string $query
126		* @param array $params
127		*
128		* @return \Doctrine_Adapter_Statement\|\PDOStatement
129		*/
130	4	public function executeUpdate($query, array $params = [])
131		{
132	4	return $this->getConnection()->standaloneQuery($query, $params);
133		}
134
135		/**
136		* @param string $query
137		* @param array $params
138		*
139		* @return \PDOStatement\|\Doctrine_Adapter_Statement
140		*/
141	16	public function executeQuery($query, array $params = [])
142		{
143	16	return $this->getConnection()->standaloneQuery($query, $params);
144		}
145
146		/**
147		* @param string $tableName
148		* @param array $data
149		*
150		* @return int
151		*/
152	7	public function insert($tableName, array $data)
153		{
154	7	$columns = array_keys($data);
155	7	foreach ($columns as $key => $value) {
156	7	$columns[$key] = $this->getConnection()->quoteIdentifier($value);
157	7	}
158
159	7	$query = 'INSERT INTO ' . $this->getConnection()->quoteIdentifier($tableName)
160	7	. ' (' . implode(', ', $columns) . ')'
161	7	. ' VALUES (' . implode(', ', array_fill(0, count($columns), '?')) . ')';
162
163	7	return $this->getConnection()->exec($query, array_values($data));
164		}
165
166		/**
167		* @return string
168		*/
169	2	public function lastInsertId()
170		{
171	2	return $this->getConnection()->lastInsertId();
172		}
173
174		/**
175		* @param \Exception $e
176		*
177		* @return \Exception
178		*/
179	4	public function reconnectIfNeeded(\Exception $e)
180		{
181		// presumably, any exception caught here is related to some connection error
182	4	if (!$this->ping()) {
183		// if pinging fails, we try to reconnect
184		try {
185	4	$this->manager->closeConnection($this->getConnection());
186	4	$this->getConnection()->connect();
187	4	} catch (\Exception $e) {
188		// if reconnecting fails, there is no way that the bus can continue to function
189		return new CriticalErrorException("Database connection failed.", 0, $e);
190		}
191	4	}
192
193	4	return $e;
194		}
195
196		/**
197		* @return bool
198		* @throws \Doctrine_Connection_Exception
199		*/
200	6	public function connect()
201		{
202	6	return $this->getConnection()->connect();
203		}
204
205		/**
206		* @return \Doctrine_Connection
207		*/
208	5	public function getWrappedConnection()
209		{
210	5	return $this->getConnection();
211		}
212
213		/**
214		* @return bool
215		*/
216	4	public function ping()
217		{
218	4	$this->connect();
219
220		try {
221	4	$this->executeQuery($this->getDummySelectSQL());
222	4	} catch (\Exception $e) {
223	4	return false;
224		}
225
226	4	return true;
227		}
228
229		/**
230		* @return bool
231		*/
232	4	public function isEmbeddedDatabase()
233		{
234	4	$driverName = $this->getConnection()->getDriverName();
235	4	if (stripos($driverName, 'sqlite') !== false) {
236		return true;
237		}
238
239	4	return false;
240		}
241
242		/**
243		* @param string $tableName
244		* @param array $fields
245		* @param array $options
246		*/
247		public function createTable($tableName, array $fields = [], array $options = [])
248		{
249		$this->getConnection()->export->createTable($tableName, $fields, $options);
250		}
251
252		/**
253		* @return \Doctrine_Connection
254		* @throws \Doctrine_Connection_Exception
255		* @throws \Doctrine_Manager_Exception
256		*/
257	16	private function getConnection()
258		{
259		// if there is a name and a connection with that name exists, use that one
260	16	if ($this->name && $this->manager->contains($this->name)) {
261		return $this->manager->getConnection($this->name);
262		}
263
264		// if there is a name and no connection with that name exists, create one
265	16	if ($this->name) {
266		return $this->manager->openConnection($this->dsn, $this->name);
		0 ignored issues – show Documentation introduced 2016-06-08 18:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this->dsn` is of type `string`, but the function expects a `object<PDO>\|object<Doctrine_Adapter_Interface>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
267		}
268
269		// if there is no name (so it's not using multiple connections) and one connection is present, use that one
270	16	if (!$this->name && $this->manager->count()) {
271	16	return $this->manager->getCurrentConnection();
272		}
273
274		// if there is no name (so it's not using multiple connections) and no connection is present, create one
275	4	return $this->manager->openConnection($this->dsn);
		0 ignored issues – show Documentation introduced 2016-06-08 18:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this->dsn` is of type `string`, but the function expects a `object<PDO>\|object<Doctrine_Adapter_Interface>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
276		}
277
278		/**
279		* Taken from doctrine 2
280		*
281		* @return string
282		*/
283	4	private function getDummySelectSQL()
284		{
285	4	$driverName = strtolower($this->getConnection()->getDriverName());
286		switch ($driverName) {
287	4	case 'db2':
288		$sql = 'SELECT 1 FROM sysibm.sysdummy1';
289		break;
290	4	case 'oci':
291		$sql = 'SELECT 1 FROM dual';
292		break;
293	4	default:
294	4	$sql = 'SELECT 1';
295	4	}
296	4	return $sql;
297		}
298		}
299

phpservicebus / persistence-doctrine1

Issues (6)

Security Analysis no request data

src/LogicalConnection.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like