GitHub Access Token became invalid

It seems like the GitHub access token used for retrieving details about this repository from GitHub became invalid. This might prevent certain types of inspections from being run (in particular, everything related to pull requests).
Please ask an admin of your repository to re-new the access token on this website.

Issues (19)

Security Analysis    no request data  

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Promise.php (8 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
3
namespace Gandung\Promise;
4
5
/**
6
 * @author Paulus Gandung Prakosa <[email protected]>
7
 */
8
class Promise implements PromiseInterface
9
{
10
    /**
11
     * @var integer
12
     */
13
    private $state = self::STATE_PENDING;
14
15
    /**
16
     * @var mixed
17
     */
18
    private $current;
19
20
    /**
21
     * @var array
22
     */
23
    private $context = [];
24
25
    /**
26
     * @var \Closure
27
     */
28
    private $waitCallback;
29
30
    /**
31
     * @var \Closure
32
     */
33
    private $cancelCallback;
34
35
    /**
36
     * @var boolean
37
     */
38
    private $isStateTransformed;
39
40
    /**
41
     * Appends fulfillment and rejection handlers to the promise, and returns an immutable
42
     * new promise resolving to the return value of the handler.
43
     *
44
     * @param \Closure $onFulfilled Callback to be called when promise state is fulfilled.
45
     * @param \Closure $onRejected Callback to be called when promise state is rejected.
46
     * @return Promise
47
     */
48
    public function then($onFulfilled = null, $onRejected = null)
49
    {
50
        if ($this->state === self::STATE_PENDING) {
51
            $q = new Promise();
52
            $this->context[] = [$q, $onFulfilled, $onRejected];
53
54
            return $q;
55
        }
56
57
        if ($this->state === self::STATE_FULFILLED) {
58
            return $onFulfilled
0 ignored issues
show
Bug Compatibility introduced by
The expression $onFulfilled ? (new \Gan...romise($this->current); of type Gandung\Promise\Promise|...romise\FulfilledPromise adds the type Gandung\Promise\FulfilledPromise to the return on line 58 which is incompatible with the return type declared by the interface Gandung\Promise\PromiseInterface::then of type Gandung\Promise\Promise.
Loading history...
59
                ? (new FulfilledPromise($this->current))->then($onFulfilled, null)
60
                : new FulfilledPromise($this->current);
61
        }
62
63
        return $onRejected
0 ignored issues
show
Bug Compatibility introduced by
The expression $onRejected ? (new \Gand...romise($this->current); of type Gandung\Promise\Promise|...Promise\RejectedPromise adds the type Gandung\Promise\RejectedPromise to the return on line 63 which is incompatible with the return type declared by the interface Gandung\Promise\PromiseInterface::then of type Gandung\Promise\Promise.
Loading history...
64
            ? (new RejectedPromise($this->current))->then(null, $onRejected)
65
            : new RejectedPromise($this->current);
66
    }
67
68
    /**
69
     * Set waiting callback.
70
     *
71
     * @param \Closure $callback Callback to be set.
72
     * @return void
73
     */
74
    public function setWaitCallback(\Closure $callback = null)
75
    {
76
        if (!($callback instanceof \Closure)) {
77
            throw new \InvalidArgumentException(
78
                sprintf("Parameter 1 of %s must be a valid callback.", __METHOD__)
79
            );
80
        }
81
82
        $this->waitCallback = $callback;
83
    }
84
85
    /**
86
     * Set cancellation callback.
87
     *
88
     * @param \Closure $callback Callback to be set.
89
     * @return void
90
     */
91
    public function setCancelCallback(\Closure $callback = null)
92
    {
93
        if (!($callback instanceof \Closure)) {
94
            throw new \InvalidArgumentException(
95
                sprintf("Parameter 1 of %s must be a valid callback.", __METHOD__)
96
            );
97
        }
98
99
        $this->cancelCallback = $callback;
100
    }
101
102
    /**
103
     * Comparing current promise state to new state and current promise value
104
     * to new value.
105
     *
106
     * @param mixed $value Value to be compare.
107
     * @param integer $state New promise state to be compare.
108
     * @return null|boolean
109
     */
110
    private function validateState($value, $state)
111
    {
112
        if ($this->state !== self::STATE_PENDING) {
113
            if ($value === $this->current && $state === $this->state) {
114
                return null;
115
            }
116
117
            $prevStatus = $this->state;
118
            $currentStatus = $state;
119
120
            throw $this->state === $state
121
                ? new \LogicException(
122
                    sprintf("State of the promise is already %s", $prevStatus == 4 ? 'fulfilled' : 'rejected')
123
                )
124
                : new \LogicException(
125
                    sprintf(
126
                        "Unable to change %s promise to %s",
127
                        $prevStatus == 4 ? 'fulfilled' : 'rejected',
128
                        $currentStatus == 4 ? 'fulfilled' : 'rejected'
129
                    )
130
                );
131
        }
132
133
        if ($value === $this) {
134
            throw new \LogicException(
135
                "Unable to fulfill or reject a promise with itself."
136
            );
137
        }
138
139
        return true;
140
    }
141
142
    /**
143
     * {@inheritdoc}
144
     */
145
    public function resolve($value)
146
    {
147
        $this->isStateTransformed = $this->validateState($value, self::STATE_FULFILLED);
148
149
        if ($this->isStateTransformed) {
150
            $this->setState(self::STATE_FULFILLED);
151
            $this->trigger($value);
152
        }
153
    }
154
155
    /**
156
     * {@inheritdoc}
157
     */
158
    public function reject($reason)
159
    {
160
        $this->isStateTransformed = $this->validateState($reason, self::STATE_REJECTED);
161
162
        if ($this->isStateTransformed) {
163
            $this->setState(self::STATE_REJECTED);
164
            $this->trigger($reason);
165
        }
166
    }
167
168
    /**
169
     * Synchronously forces promise to complete using wait method.
170
     *
171
     * @return mixed
172
     */
173
    public function wait()
174
    {
175
        $this->waitInPendingState();
176
177
        $q = $this->current instanceof PromiseInterface
178
            ? $this->current->wait()
0 ignored issues
show
It seems like you code against a concrete implementation and not the interface Gandung\Promise\PromiseInterface as the method wait() does only exist in the following implementations of said interface: Gandung\Promise\Promise.

Let’s take a look at an example:

interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}

In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break.

Available Fixes

  1. Change the type-hint for the parameter:

    class AuthSystem
    {
        public function authenticate(MyUser $user) { /* ... */ }
    }
    
  2. Add an additional type-check:

    class AuthSystem
    {
        public function authenticate(User $user)
        {
            if ($user instanceof MyUser) {
                $this->logger->info(/** ... */);
            }
    
            // or alternatively
            if ( ! $user instanceof MyUser) {
                throw new \LogicException(
                    '$user must be an instance of MyUser, '
                   .'other instances are not supported.'
                );
            }
    
        }
    }
    
Note: PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case.
  1. Add the method to the interface:

    interface User
    {
        /** @return string */
        public function getPassword();
    
        /** @return string */
        public function getDisplayName();
    }
    
Loading history...
179
            : $this->current;
180
181
        if ($this->current instanceof PromiseInterface || $this->currentState() === self::STATE_FULFILLED) {
182
            return $q;
183
        } else {
184
            throw $q instanceof \Exception
185
                ? $q
186
                : new \Exception($q);
187
        }
188
    }
189
190
    /**
191
     * Cancel a promise that has not yet been fulfilled.
192
     *
193
     * @return mixed
194
     */
195
    public function cancel()
196
    {
197
        if ($this->currentState() !== self::STATE_PENDING) {
198
            return;
199
        }
200
201
        if ($this->cancelCallback) {
202
            $cancelCallback = $this->cancelCallback;
203
            $this->cancelCallback = null;
204
205
            try {
206
                $cancelCallback();
207
            } catch (\Exception $e) {
208
                $this->reject($e);
209
            }
210
        }
211
212
        if ($this->currentState() === self::STATE_PENDING) {
213
            $this->reject('Promise has been cancelled.');
214
        }
215
216
        $e = $this->current instanceof PromiseInterface
217
            ? $this->current->cancel()
0 ignored issues
show
It seems like you code against a concrete implementation and not the interface Gandung\Promise\PromiseInterface as the method cancel() does only exist in the following implementations of said interface: Gandung\Promise\Promise.

Let’s take a look at an example:

interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}

In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break.

Available Fixes

  1. Change the type-hint for the parameter:

    class AuthSystem
    {
        public function authenticate(MyUser $user) { /* ... */ }
    }
    
  2. Add an additional type-check:

    class AuthSystem
    {
        public function authenticate(User $user)
        {
            if ($user instanceof MyUser) {
                $this->logger->info(/** ... */);
            }
    
            // or alternatively
            if ( ! $user instanceof MyUser) {
                throw new \LogicException(
                    '$user must be an instance of MyUser, '
                   .'other instances are not supported.'
                );
            }
    
        }
    }
    
Note: PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case.
  1. Add the method to the interface:

    interface User
    {
        /** @return string */
        public function getPassword();
    
        /** @return string */
        public function getDisplayName();
    }
    
Loading history...
218
            : $this->current;
219
220
        if ($this->current instanceof PromiseInterface || $this->currentState() === self::STATE_REJECTED) {
221
            return $e;
222
        }
223
    }
224
225
    /**
226
     * {@inheritdoc}
227
     */
228
    public function currentState()
229
    {
230
        return $this->state;
231
    }
232
233
    /**
234
     * Invoking promise handler based on current state and given value.
235
     *
236
     * @param mixed $value
237
     * @return void
238
     */
239
    private function trigger($value)
240
    {
241
        $context = $this->context;
242
        $this->context = null;
0 ignored issues
show
Documentation Bug introduced by
It seems like null of type null is incompatible with the declared type array of property $context.

Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property.

Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..

Loading history...
243
        $this->current = $value;
244
        $this->waitCallback = null;
245
        $this->cancelCallback = null;
246
247
        if (!method_exists($value, 'then')) {
248
            $index = $this->state === self::STATE_FULFILLED ? 1 : 2;
249
250
            Context\ContextStack::create()->store(
251
            static function () use ($index, $context, $value) {
252
                foreach ($context as $c) {
253
                    self::invokeContext($c, $index, $value);
254
                }
255
            });
256
257
            Context\ContextStack::getQueueHandler()->run();
0 ignored issues
show
The method run cannot be called on \Gandung\Promise\Context...tack::getQueueHandler() (of type array).

Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects.

Loading history...
258
        } elseif ($value instanceof Promise && $value->currentState() === self::STATE_PENDING) {
259
            $value->context = array_merge($value->context, $context);
260
        } else {
261
            $value->then(
262
            static function ($value) use ($context) {
263
                foreach ($context as $c) {
264
                    self::invokeContext($c, 1, $value);
265
                }
266
            },
267
            static function ($reason) use ($context) {
268
                foreach ($context as $c) {
269
                    self::invokeContext($c, 2, $reason);
270
                }
271
            }
272
            );
273
        }
274
    }
275
276
    /**
277
     * Invoking handler based on given context, index, and value.
278
     *
279
     * @param array $context
280
     * @param integer $index
281
     * @param mixed $value
282
     * @return void
283
     */
284
    private static function invokeContext($context, $index, $value)
285
    {
286
        $promise = $context[0];
287
288
        if ($promise->currentState() !== self::STATE_PENDING) {
289
            return;
290
        }
291
292
        try {
293
            if (isset($context[$index])) {
294
                $promise->resolve($context[$index]($value));
295
            } elseif ($index === 1) {
296
                $promise->resolve($value);
297
            } else {
298
                $promise->reject($value);
299
            }
300
        } catch (\Throwable $e) {
0 ignored issues
show
The class Throwable does not exist. Did you forget a USE statement, or did you not list all dependencies?

Scrutinizer analyzes your composer.json/composer.lock file if available to determine the classes, and functions that are defined by your dependencies.

It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis.

Loading history...
301
            $promise->reject($e);
302
        } catch (\Exception $e) {
303
            $promise->reject($e);
304
        }
305
    }
306
307
    /**
308
     * Set promise state to given state.
309
     *
310
     * @param integer $state
311
     * @return void
312
     */
313
    private function setState($state)
314
    {
315
        if ($state !== self::STATE_PENDING &&
316
            $state !== self::STATE_FULFILLED &&
317
            $state !== self::STATE_REJECTED) {
318
            throw new \InvalidArgumentException(
319
                sprintf("Parameter 1 of %s must be a valid promise state.", __METHOD__)
320
            );
321
        }
322
323
        $this->state = $state;
324
    }
325
326
    /**
327
     * Synchronously forces promise to wait when current promise state is pending.
328
     *
329
     * @return void
330
     */
331
    private function waitInPendingState()
332
    {
333
        if ($this->currentState() !== self::STATE_PENDING) {
334
            return;
335
        } elseif ($this->waitCallback) {
336
            try {
337
                $waitCallback = $this->waitCallback;
338
                $this->waitCallback = null;
339
                $waitCallback();
340
            } catch (\Exception $e) {
341
                if ($this->currentState() === self::STATE_PENDING) {
342
                    $this->reject($e);
343
                } else {
344
                    throw $e;
345
                }
346
            }
347
        }
348
349
        Context\ContextStack::getQueueHandler()->run();
0 ignored issues
show
The method run cannot be called on \Gandung\Promise\Context...tack::getQueueHandler() (of type array).

Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects.

Loading history...
350
351
        if ($this->currentState() === self::STATE_PENDING) {
352
            $this->reject(
353
                'Invoking the synchronous wait callback resolver didn\'t resolve the current promise'
354
            );
355
        }
356
    }
357
}
358