Issues in GenerateCommand.php (master) - Issues in master - ramsey/uuid-console - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Command/GenerateCommand.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * This file is part of the ramsey/uuid-console application
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @copyright Copyright (c) Ben Ramsey <[email protected]>
 * @license http://opensource.org/licenses/MIT MIT
 * @link https://packagist.org/packages/ramsey/uuid-console Packagist
 * @link https://github.com/ramsey/uuid-console GitHub
 */

namespace Ramsey\Uuid\Console\Command;

use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use Ramsey\Uuid\Console\Exception;
use Ramsey\Uuid\Uuid;
use Ramsey\Uuid\Generator\CombGenerator;
use Ramsey\Uuid\Codec\GuidStringCodec;
use Ramsey\Uuid\FeatureSet;
use Ramsey\Uuid\UuidFactory;

/**
 * Provides the console command to generate UUIDs
 */
class GenerateCommand extends Command
{
    /**
     * {@inheritDoc}
     */
    protected function configure()
    {
        parent::configure();

        $this->setName('generate')
            ->setDescription('Generate a UUID')
            ->addArgument(
                'version',
                InputArgument::OPTIONAL,
                'The UUID version to generate. Supported are version "1", "3", '
                . '"4" and "5".',
                1
            )
            ->addArgument(
                'namespace',
                InputArgument::OPTIONAL,
                'For version 3 or 5 UUIDs, the namespace to create a UUID for. '
                . 'May be either a UUID in string representation or an identifier '
                . 'for internally pre-defined namespace UUIDs (currently known '
                . 'are "ns:DNS", "ns:URL", "ns:OID", and "ns:X500").'
            )
            ->addArgument(
                'name',
                InputArgument::OPTIONAL,
                'For version 3 or 5 UUIDs, the name to create a UUID for. '
                . 'The name is a string of arbitrary length.'
            )
            ->addOption(
                'count',
                'c',
                InputOption::VALUE_REQUIRED,
                'Generate count UUIDs instead of just a single one.',
                1
            )
            ->addOption(
                'comb',
                null,
                InputOption::VALUE_NONE,
                'For version 4 UUIDs, uses the COMB strategy to generate the random data.'
            )
            ->addOption(
                'guid',
                'g',
                InputOption::VALUE_NONE,
                'Returns a GUID formatted UUID.'
            );
    }

    /**
     * {@inheritDoc}
     *
     * @param InputInterface $input
     * @param OutputInterface $output
     */
    protected function execute(InputInterface $input, OutputInterface $output)
    {
        $uuids = array();

        $count = filter_var(
            $input->getOption('count'),
            FILTER_VALIDATE_INT,
            array(
                'default' => 1,
                'min_range' => 1,
            )
        );

        if (((bool) $input->getOption('guid')) == true) {
            $features = new FeatureSet(true);

            Uuid::setFactory(new UuidFactory($features));
        }

        if (((bool) $input->getOption('comb')) === true) {
            Uuid::getFactory()->setRandomGenerator(
                new CombGenerator(
                    Uuid::getFactory()->getRandomGenerator(),
                    Uuid::getFactory()->getNumberConverter()
                )
            );
        }

        for ($i = 0; $i < $count; $i++) {
            $uuids[] = $this->createUuid(
                $input->getArgument('version'),
                $input->getArgument('namespace'),
                $input->getArgument('name')
            );
        }

        foreach ($uuids as $uuid) {
            $output->writeln((string) $uuid);
        }
    }

    /**
     * Creates the requested UUID
     *
     * @param int $version
     * @param string $namespace
     * @param string $name
     * @return Uuid
     */
    protected function createUuid($version, $namespace = null, $name = null)
    {
        switch ((int) $version) {
            case 1:
                $uuid = Uuid::uuid1();
                break;
            case 4:
                $uuid = Uuid::uuid4();
                break;
            case 3:
            case 5:
                $ns = $this->validateNamespace($namespace);
                if ($version == 3) {
                    $uuid = Uuid::uuid3($ns, $name);
                } else {
                    $uuid = Uuid::uuid5($ns, $name);
                }
                break;
            default:
                throw new Exception('Invalid UUID version. Supported are version "1", "3", "4", and "5".');
        }

        return $uuid;
    }

    /**
     * Validates the namespace argument
     *
     * @param string $namespace
     * @return string The namespace, if valid
     * @throws Exception
     */
    protected function validateNamespace($namespace)
    {
        switch ($namespace) {
            case 'ns:DNS':
                return Uuid::NAMESPACE_DNS;
                break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
            case 'ns:URL':
                return Uuid::NAMESPACE_URL;
                break;
            case 'ns:OID':
                return Uuid::NAMESPACE_OID;
                break;
            case 'ns:X500':
                return Uuid::NAMESPACE_X500;
                break;
        }

        if (Uuid::isValid($namespace)) {
            return $namespace;
        }

        throw new Exception(
            'Invalid namespace. '
            . 'May be either a UUID in string representation or an identifier '
            . 'for internally pre-defined namespace UUIDs (currently known '
            . 'are "ns:DNS", "ns:URL", "ns:OID", and "ns:X500").'
        );
    }
}


GitHub Access Token became invalid

Issues (1)

Security Analysis no request data

src/Command/GenerateCommand.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* This file is part of the ramsey/uuid-console application
4			*
5			* For the full copyright and license information, please view the LICENSE
6			* file that was distributed with this source code.
7			*
8			* @copyright Copyright (c) Ben Ramsey <[email protected]>
9			* @license http://opensource.org/licenses/MIT MIT
10			* @link https://packagist.org/packages/ramsey/uuid-console Packagist
11			* @link https://github.com/ramsey/uuid-console GitHub
12			*/
13
14			namespace Ramsey\Uuid\Console\Command;
15
16			use Symfony\Component\Console\Command\Command;
17			use Symfony\Component\Console\Input\InputArgument;
18			use Symfony\Component\Console\Input\InputInterface;
19			use Symfony\Component\Console\Input\InputOption;
20			use Symfony\Component\Console\Output\OutputInterface;
21			use Ramsey\Uuid\Console\Exception;
22			use Ramsey\Uuid\Uuid;
23			use Ramsey\Uuid\Generator\CombGenerator;
24			use Ramsey\Uuid\Codec\GuidStringCodec;
25			use Ramsey\Uuid\FeatureSet;
26			use Ramsey\Uuid\UuidFactory;
27
28			/**
29			* Provides the console command to generate UUIDs
30			*/
31			class GenerateCommand extends Command
32			{
33			/**
34			* {@inheritDoc}
35			*/
36			protected function configure()
37			{
38			parent::configure();
39
40			$this->setName('generate')
41			->setDescription('Generate a UUID')
42			->addArgument(
43			'version',
44			InputArgument::OPTIONAL,
45			'The UUID version to generate. Supported are version "1", "3", '
46			. '"4" and "5".',
47			1
48			)
49			->addArgument(
50			'namespace',
51			InputArgument::OPTIONAL,
52			'For version 3 or 5 UUIDs, the namespace to create a UUID for. '
53			. 'May be either a UUID in string representation or an identifier '
54			. 'for internally pre-defined namespace UUIDs (currently known '
55			. 'are "ns:DNS", "ns:URL", "ns:OID", and "ns:X500").'
56			)
57			->addArgument(
58			'name',
59			InputArgument::OPTIONAL,
60			'For version 3 or 5 UUIDs, the name to create a UUID for. '
61			. 'The name is a string of arbitrary length.'
62			)
63			->addOption(
64			'count',
65			'c',
66			InputOption::VALUE_REQUIRED,
67			'Generate count UUIDs instead of just a single one.',
68			1
69			)
70			->addOption(
71			'comb',
72			null,
73			InputOption::VALUE_NONE,
74			'For version 4 UUIDs, uses the COMB strategy to generate the random data.'
75			)
76			->addOption(
77			'guid',
78			'g',
79			InputOption::VALUE_NONE,
80			'Returns a GUID formatted UUID.'
81			);
82			}
83
84			/**
85			* {@inheritDoc}
86			*
87			* @param InputInterface $input
88			* @param OutputInterface $output
89			*/
90			protected function execute(InputInterface $input, OutputInterface $output)
91			{
92			$uuids = array();
93
94			$count = filter_var(
95			$input->getOption('count'),
96			FILTER_VALIDATE_INT,
97			array(
98			'default' => 1,
99			'min_range' => 1,
100			)
101			);
102
103			if (((bool) $input->getOption('guid')) == true) {
104			$features = new FeatureSet(true);
105
106			Uuid::setFactory(new UuidFactory($features));
107			}
108
109			if (((bool) $input->getOption('comb')) === true) {
110			Uuid::getFactory()->setRandomGenerator(
111			new CombGenerator(
112			Uuid::getFactory()->getRandomGenerator(),
113			Uuid::getFactory()->getNumberConverter()
114			)
115			);
116			}
117
118			for ($i = 0; $i < $count; $i++) {
119			$uuids[] = $this->createUuid(
120			$input->getArgument('version'),
121			$input->getArgument('namespace'),
122			$input->getArgument('name')
123			);
124			}
125
126			foreach ($uuids as $uuid) {
127			$output->writeln((string) $uuid);
128			}
129			}
130
131			/**
132			* Creates the requested UUID
133			*
134			* @param int $version
135			* @param string $namespace
136			* @param string $name
137			* @return Uuid
138			*/
139			protected function createUuid($version, $namespace = null, $name = null)
140			{
141			switch ((int) $version) {
142			case 1:
143			$uuid = Uuid::uuid1();
144			break;
145			case 4:
146			$uuid = Uuid::uuid4();
147			break;
148			case 3:
149			case 5:
150			$ns = $this->validateNamespace($namespace);
151			if ($version == 3) {
152			$uuid = Uuid::uuid3($ns, $name);
153			} else {
154			$uuid = Uuid::uuid5($ns, $name);
155			}
156			break;
157			default:
158			throw new Exception('Invalid UUID version. Supported are version "1", "3", "4", and "5".');
159			}
160
161			return $uuid;
162			}
163
164			/**
165			* Validates the namespace argument
166			*
167			* @param string $namespace
168			* @return string The namespace, if valid
169			* @throws Exception
170			*/
171			protected function validateNamespace($namespace)
172			{
173			switch ($namespace) {
174			case 'ns:DNS':
175			return Uuid::NAMESPACE_DNS;
176			break;
			0 ignored issues – show Unused Code introduced 2017-02-02 21:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
177			case 'ns:URL':
178			return Uuid::NAMESPACE_URL;
179			break;
180			case 'ns:OID':
181			return Uuid::NAMESPACE_OID;
182			break;
183			case 'ns:X500':
184			return Uuid::NAMESPACE_X500;
185			break;
186			}
187
188			if (Uuid::isValid($namespace)) {
189			return $namespace;
190			}
191
192			throw new Exception(
193			'Invalid namespace. '
194			. 'May be either a UUID in string representation or an identifier '
195			. 'for internally pre-defined namespace UUIDs (currently known '
196			. 'are "ns:DNS", "ns:URL", "ns:OID", and "ns:X500").'
197			);
198			}
199			}
200

ramsey / uuid-console

GitHub Access Token became invalid

Issues (1)

Security Analysis no request data

src/Command/GenerateCommand.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like