Issues in ExcelReader.php (master) - Issues in master - portphp/excel - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/ExcelReader.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Port\Excel;

use Port\Reader\CountableReader;

/**
 * Reads Excel files with the help of PHPExcel
 *
 * PHPExcel must be installed.
 *
 * @author David de Boer <[email protected]>
 *
 * @link http://phpexcel.codeplex.com/
 * @link https://github.com/logiQ/PHPExcel
 */
class ExcelReader implements CountableReader, \SeekableIterator
{
    /**
     * @var array
     */
    protected $worksheet;

    /**
     * @var integer
     */
    protected $headerRowNumber;

    /**
     * @var integer
     */
    protected $pointer = 0;

    /**
     * @var array
     */
    protected $columnHeaders;

    /**
     * Total number of rows
     *
     * @var integer
     */
    protected $count;

    /**
     * @param \SplFileObject $file            Excel file
     * @param integer        $headerRowNumber Optional number of header row
     * @param integer        $activeSheet     Index of active sheet to read from
     * @param boolean        $readOnly        If set to false, the reader take care of the excel formatting (slow)
     * @param integer        $maxRows         Maximum number of rows to read
     */
    public function __construct(\SplFileObject $file, $headerRowNumber = null, $activeSheet = null, $readOnly = true, $maxRows = null)
    {
        $reader = \PHPExcel_IOFactory::createReaderForFile($file->getPathName());
        $reader->setReadDataOnly($readOnly);
        /** @var \PHPExcel $excel */
        $excel = $reader->load($file->getPathname());

        if (null !== $activeSheet) {
            $excel->setActiveSheetIndex($activeSheet);
        }
        $sheet = $excel->getActiveSheet();

        if ($maxRows && $maxRows < $sheet->getHighestDataRow()) {
0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
            $maxColumn = $sheet->getHighestDataColumn();
            $this->worksheet = $sheet->rangeToArray('A1:' . $maxColumn . $maxRows);
        } else {
            $this->worksheet = $excel->getActiveSheet()->toArray();
        }

        if (null !== $headerRowNumber) {
            $this->setHeaderRowNumber($headerRowNumber);
        }
    }

    /**
     * Return the current row as an array
     *
     * If a header row has been set, an associative array will be returned
     *
     * @return array
     */
    public function current()
    {
        $row = $this->worksheet[$this->pointer];

        // If the CSV has column headers, use them to construct an associative
        // array for the columns in this line
        if (!empty($this->columnHeaders)) {
            // Count the number of elements in both: they must be equal.
            // If not, ignore the row
            if (count($this->columnHeaders) == count($row)) {
                return array_combine(array_values($this->columnHeaders), $row);
            }
        } else {
            // Else just return the column values
            return $row;
        }
    }

    /**
     * Get column headers
     *
     * @return array
     */
    public function getColumnHeaders()
    {
        return $this->columnHeaders;
    }

    /**
     * Set column headers
     *
     * @param array $columnHeaders
     */
    public function setColumnHeaders(array $columnHeaders)
    {
        $this->columnHeaders = $columnHeaders;
    }

    /**
     * Rewind the file pointer
     *
     * If a header row has been set, the pointer is set just below the header
     * row. That way, when you iterate over the rows, that header row is
     * skipped.
     */
    public function rewind()
    {
        if (null === $this->headerRowNumber) {
            $this->pointer = 0;
        } else {
            $this->pointer = $this->headerRowNumber + 1;
        }
    }

    /**
     * Set header row number
     *
     * @param integer $rowNumber Number of the row that contains column header names
     */
    public function setHeaderRowNumber($rowNumber)
    {
        $this->headerRowNumber = $rowNumber;
        $this->columnHeaders = $this->worksheet[$rowNumber];
    }

    /**
     * {@inheritdoc}
     */
    public function next()
    {
        $this->pointer++;
    }

    /**
     * {@inheritdoc}
     */
    public function valid()
    {
         return isset($this->worksheet[$this->pointer]);
    }

    /**
     * {@inheritdoc}
     */
    public function key()
    {
        return $this->pointer;
    }

    /**
     * {@inheritdoc}
     */
    public function seek($pointer)
    {
        $this->pointer = $pointer;
    }

    /**
     * {@inheritdoc}
     */
    public function count()
    {
        $count = count($this->worksheet);
        if (null !== $this->headerRowNumber) {
            $count--;
        }

        return $count;
    }

    /**
     * Get a row
     *
     * @param integer $number
     *
     * @return array
     */
    public function getRow($number)
    {
        $this->seek($number);

        return $this->current();
    }
}


1		<?php
2
3		namespace Port\Excel;
4
5		use Port\Reader\CountableReader;
6
7		/**
8		* Reads Excel files with the help of PHPExcel
9		*
10		* PHPExcel must be installed.
11		*
12		* @author David de Boer <[email protected]>
13		*
14		* @link http://phpexcel.codeplex.com/
15		* @link https://github.com/logiQ/PHPExcel
16		*/
17		class ExcelReader implements CountableReader, \SeekableIterator
18		{
19		/**
20		* @var array
21		*/
22		protected $worksheet;
23
24		/**
25		* @var integer
26		*/
27		protected $headerRowNumber;
28
29		/**
30		* @var integer
31		*/
32		protected $pointer = 0;
33
34		/**
35		* @var array
36		*/
37		protected $columnHeaders;
38
39		/**
40		* Total number of rows
41		*
42		* @var integer
43		*/
44		protected $count;
45
46		/**
47		* @param \SplFileObject $file Excel file
48		* @param integer $headerRowNumber Optional number of header row
49		* @param integer $activeSheet Index of active sheet to read from
50		* @param boolean $readOnly If set to false, the reader take care of the excel formatting (slow)
51		* @param integer $maxRows Maximum number of rows to read
52		*/
53	6	public function __construct(\SplFileObject $file, $headerRowNumber = null, $activeSheet = null, $readOnly = true, $maxRows = null)
54		{
55	6	$reader = \PHPExcel_IOFactory::createReaderForFile($file->getPathName());
56	6	$reader->setReadDataOnly($readOnly);
57		/** @var \PHPExcel $excel */
58	6	$excel = $reader->load($file->getPathname());
59
60	6	if (null !== $activeSheet) {
61	1	$excel->setActiveSheetIndex($activeSheet);
62	1	}
63	6	$sheet = $excel->getActiveSheet();
64
65	6	if ($maxRows && $maxRows < $sheet->getHighestDataRow()) {
		0 ignored issues – show Bug Best Practice introduced 2017-08-29 20:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$maxRows` of type `integer\|null` is loosely compared to `true`; this is ambiguous if the integer can be zero. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `integer` values, zero is a special case, in particular the following results might be unexpected: 0 == false // true 0 == null // true 123 == false // false 123 == null // false // It is often better to use strict comparison 0 === false // false 0 === null // false Loading history...
66	1	$maxColumn = $sheet->getHighestDataColumn();
67	1	$this->worksheet = $sheet->rangeToArray('A1:' . $maxColumn . $maxRows);
68	1	} else {
69	6	$this->worksheet = $excel->getActiveSheet()->toArray();
70		}
71
72	6	if (null !== $headerRowNumber) {
73	3	$this->setHeaderRowNumber($headerRowNumber);
74	3	}
75	6	}
76
77		/**
78		* Return the current row as an array
79		*
80		* If a header row has been set, an associative array will be returned
81		*
82		* @return array
83		*/
84	1	public function current()
85		{
86	1	$row = $this->worksheet[$this->pointer];
87
88		// If the CSV has column headers, use them to construct an associative
89		// array for the columns in this line
90	1	if (!empty($this->columnHeaders)) {
91		// Count the number of elements in both: they must be equal.
92		// If not, ignore the row
93	1	if (count($this->columnHeaders) == count($row)) {
94	1	return array_combine(array_values($this->columnHeaders), $row);
95		}
96		} else {
97		// Else just return the column values
98		return $row;
99		}
100		}
101
102		/**
103		* Get column headers
104		*
105		* @return array
106		*/
107		public function getColumnHeaders()
108		{
109		return $this->columnHeaders;
110		}
111
112		/**
113		* Set column headers
114		*
115		* @param array $columnHeaders
116		*/
117		public function setColumnHeaders(array $columnHeaders)
118		{
119		$this->columnHeaders = $columnHeaders;
120		}
121
122		/**
123		* Rewind the file pointer
124		*
125		* If a header row has been set, the pointer is set just below the header
126		* row. That way, when you iterate over the rows, that header row is
127		* skipped.
128		*/
129	1	public function rewind()
130		{
131	1	if (null === $this->headerRowNumber) {
132		$this->pointer = 0;
133		} else {
134	1	$this->pointer = $this->headerRowNumber + 1;
135		}
136	1	}
137
138		/**
139		* Set header row number
140		*
141		* @param integer $rowNumber Number of the row that contains column header names
142		*/
143	3	public function setHeaderRowNumber($rowNumber)
144		{
145	3	$this->headerRowNumber = $rowNumber;
146	3	$this->columnHeaders = $this->worksheet[$rowNumber];
147	3	}
148
149		/**
150		* {@inheritdoc}
151		*/
152	1	public function next()
153		{
154	1	$this->pointer++;
155	1	}
156
157		/**
158		* {@inheritdoc}
159		*/
160	1	public function valid()
161		{
162	1	return isset($this->worksheet[$this->pointer]);
163		}
164
165		/**
166		* {@inheritdoc}
167		*/
168		public function key()
169		{
170		return $this->pointer;
171		}
172
173		/**
174		* {@inheritdoc}
175		*/
176		public function seek($pointer)
177		{
178		$this->pointer = $pointer;
179		}
180
181		/**
182		* {@inheritdoc}
183		*/
184	5	public function count()
185		{
186	5	$count = count($this->worksheet);
187	5	if (null !== $this->headerRowNumber) {
188	2	$count--;
189	2	}
190
191	5	return $count;
192		}
193
194		/**
195		* Get a row
196		*
197		* @param integer $number
198		*
199		* @return array
200		*/
201		public function getRow($number)
202		{
203		$this->seek($number);
204
205		return $this->current();
206		}
207		}
208

portphp / excel

Issues (5)

Security Analysis no request data

src/ExcelReader.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like