Issues in ContentAbstractTest.php (master) - Issues in master - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Issues (201)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

tests/unit/Model/ContentAbstractTest.php (3 issues)

Labels

Bug 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript\Tests\Model;

use Redaxscript\Db;
use Redaxscript\Model;
use Redaxscript\Tests\TestCaseAbstract;

/**
 * ContentAbstractTest
 *
 * @since 4.0.0
 *
 * @package Redaxscript
 * @category Tests
 * @author Henry Ruhs
 *
 * @covers Redaxscript\Model\ContentAbstract
 */

class ContentAbstractTest extends TestCaseAbstract
{
	/**
	 * setUp
	 *
	 * @since 4.0.0
	 */

	public function setUp() : void
	{
		parent::setUp();
		$optionArray = $this->getOptionArray();
		$installer = $this->installerFactory();
		$installer->init();
		$installer->rawCreate();
		$installer->insertSettings($optionArray);
		$articleOne = Db::forTablePrefix('articles')->create();
		$articleOne
			->set(
			[
				'title' => 'Article One',
				'alias' => 'article-one',
				'language' => 'en',
				'rank' => 1
			])
			->save();
		Db::forTablePrefix('articles')
			->create()
			->set(
			[
				'title' => 'Article One Sister',
				'alias' => 'article-one-sister',
				'language' => 'de',
				'sibling' => $articleOne->id,
				'rank' => 2
			])
			->save();
		Db::forTablePrefix('articles')
			->create()
			->set(
			[
				'title' => 'Article One Brother',
				'alias' => 'article-one-brother',
				'language' => 'fr',
				'sibling' => $articleOne->id,
				'rank' => 3
			])
			->save();
		$articleTwo = Db::forTablePrefix('articles')->create();
		$articleTwo
			->set(
			[
				'title' => 'Article Two',
				'alias' => 'article-two',
				'language' => 'en',
				'rank' => 4
			])
			->save();
		Db::forTablePrefix('articles')
			->create()
			->set(
			[
				'title' => 'Article Two Sister',
				'alias' => 'article-two-sister',
				'language' => 'de',
				'sibling' => $articleTwo->id,
				'rank' => 5
			])
			->save();
		Db::forTablePrefix('articles')
			->create()
			->set(
			[
				'title' => 'Article Three',
				'alias' => 'article-three',
				'language' => 'fr',
				'status' => 2,
				'rank' => 6,
				'date' => 1456786800
			])
			->save();
	}

	/**
	 * tearDown
	 *
	 * @since 4.0.0
	 */

	public function tearDown() : void
	{
		$this->dropDatabase();
	}

	/**
	 * testGetAllByOrder
	 *
	 * @since 4.0.0
	 *
	 * @param string $orderColumn
	 * @param array $expectArray
	 *
	 * @dataProvider providerAutoloader
	 */

	public function testGetAllByOrder(string $orderColumn = null, array $expectArray = []) : void
	{
		/* setup */

		$articleModel = new Model\Article();

		/* actual */

		$actualArray = [];
		$actualObject = $articleModel->getAllByOrder($orderColumn);

		/* process articles */

		foreach ($actualObject as $value)
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
		{
			$actualArray[] = $value->alias ?? null;
		}

		/* compare */

		$this->assertEquals($expectArray, $actualArray);
	}

	/**
	 * testGetByLanguageAndOrder
	 *
	 * @since 4.0.0
	 *
	 * @param string $language
	 * @param string $orderColumn
	 * @param array $expectArray
	 *
	 * @dataProvider providerAutoloader
	 */

	public function testGetByLanguageAndOrder(string $language = null, string $orderColumn = null, array $expectArray = []) : void
	{
		/* setup */

		$articleModel = new Model\Article();

		/* actual */

		$actualArray = [];
		$actualObject = $articleModel->getByLanguageAndOrder($language, $orderColumn);

		/* process articles */

		foreach ($actualObject as $value)
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
		{
			$actualArray[] = $value->alias ?? null;
		}

		/* compare */

		$this->assertEquals($expectArray, $actualArray);
	}

	/**
	 * testGetByLanguageAndOrder
	 *
	 * @since 4.0.0
	 *
	 * @param int $contentId
	 * @param string $language
	 * @param string $orderColumn
	 * @param array $expectArray
	 *
	 * @dataProvider providerAutoloader
	 */

	public function testGetSiblingByIdAndLanguageAndOrder(int $contentId = null, string $language = null, string $orderColumn = null, array $expectArray = []) : void
	{
		/* setup */

		$articleModel = new Model\Article();

		/* actual */

		$actualArray = [];
		$actualObject = $articleModel->getSiblingByIdAndLanguageAndOrder($contentId, $language, $orderColumn);

		/* process articles */

		foreach ($actualObject as $value)
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
		{
			$actualArray[] = $value->alias ?? null;
		}

		/* compare */

		$this->assertEquals($expectArray, $actualArray);
	}

	/**
	 * testGetSiblingArrayById
	 *
	 * @since 4.0.0
	 *
	 * @param int $contentId
	 * @param array $expectArray
	 *
	 * @dataProvider providerAutoloader
	 */

	public function testGetSiblingArrayById(int $contentId = null, array $expectArray = []) : void
	{
		/* setup */

		$articleModel = new Model\Article();

		/* actual */

		$actualArray = $articleModel->getSiblingArrayById($contentId);

		/* compare */

		$this->assertEquals($expectArray, $actualArray);
	}

	/**
	 * testPublishByDate
	 *
	 * @since 4.0.0
	 *
	 * @param int $date
	 * @param bool $expect
	 *
	 * @dataProvider providerAutoloader
	 */

	public function testPublishByDate(int $date = null, bool $expect = null) : void
	{
		/* setup */

		$articleModel = new Model\Article();

		/* actual */

		$actual = $articleModel->publishByDate($date);

		/* compare */

		$this->assertEquals($expect, $actual);
	}
}


1			<?php
2			namespace Redaxscript\Tests\Model;
3
4			use Redaxscript\Db;
5			use Redaxscript\Model;
6			use Redaxscript\Tests\TestCaseAbstract;
7
8			/**
9			* ContentAbstractTest
10			*
11			* @since 4.0.0
12			*
13			* @package Redaxscript
14			* @category Tests
15			* @author Henry Ruhs
16			*
17			* @covers Redaxscript\Model\ContentAbstract
18			*/
19
20			class ContentAbstractTest extends TestCaseAbstract
21			{
22			/**
23			* setUp
24			*
25			* @since 4.0.0
26			*/
27
28			public function setUp() : void
29			{
30			parent::setUp();
31			$optionArray = $this->getOptionArray();
32			$installer = $this->installerFactory();
33			$installer->init();
34			$installer->rawCreate();
35			$installer->insertSettings($optionArray);
36			$articleOne = Db::forTablePrefix('articles')->create();
37			$articleOne
38			->set(
39			[
40			'title' => 'Article One',
41			'alias' => 'article-one',
42			'language' => 'en',
43			'rank' => 1
44			])
45			->save();
46			Db::forTablePrefix('articles')
47			->create()
48			->set(
49			[
50			'title' => 'Article One Sister',
51			'alias' => 'article-one-sister',
52			'language' => 'de',
53			'sibling' => $articleOne->id,
54			'rank' => 2
55			])
56			->save();
57			Db::forTablePrefix('articles')
58			->create()
59			->set(
60			[
61			'title' => 'Article One Brother',
62			'alias' => 'article-one-brother',
63			'language' => 'fr',
64			'sibling' => $articleOne->id,
65			'rank' => 3
66			])
67			->save();
68			$articleTwo = Db::forTablePrefix('articles')->create();
69			$articleTwo
70			->set(
71			[
72			'title' => 'Article Two',
73			'alias' => 'article-two',
74			'language' => 'en',
75			'rank' => 4
76			])
77			->save();
78			Db::forTablePrefix('articles')
79			->create()
80			->set(
81			[
82			'title' => 'Article Two Sister',
83			'alias' => 'article-two-sister',
84			'language' => 'de',
85			'sibling' => $articleTwo->id,
86			'rank' => 5
87			])
88			->save();
89			Db::forTablePrefix('articles')
90			->create()
91			->set(
92			[
93			'title' => 'Article Three',
94			'alias' => 'article-three',
95			'language' => 'fr',
96			'status' => 2,
97			'rank' => 6,
98			'date' => 1456786800
99			])
100			->save();
101			}
102
103			/**
104			* tearDown
105			*
106			* @since 4.0.0
107			*/
108
109			public function tearDown() : void
110			{
111			$this->dropDatabase();
112			}
113
114			/**
115			* testGetAllByOrder
116			*
117			* @since 4.0.0
118			*
119			* @param string $orderColumn
120			* @param array $expectArray
121			*
122			* @dataProvider providerAutoloader
123			*/
124
125			public function testGetAllByOrder(string $orderColumn = null, array $expectArray = []) : void
126			{
127			/* setup */
128
129			$articleModel = new Model\Article();
130
131			/* actual */
132
133			$actualArray = [];
134			$actualObject = $articleModel->getAllByOrder($orderColumn);
135
136			/* process articles */
137
138			foreach ($actualObject as $value)
			0 ignored issues – show Bug introduced 2019-07-29 20:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$actualObject` of type `object\|null` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
139			{
140			$actualArray[] = $value->alias ?? null;
141			}
142
143			/* compare */
144
145			$this->assertEquals($expectArray, $actualArray);
146			}
147
148			/**
149			* testGetByLanguageAndOrder
150			*
151			* @since 4.0.0
152			*
153			* @param string $language
154			* @param string $orderColumn
155			* @param array $expectArray
156			*
157			* @dataProvider providerAutoloader
158			*/
159
160			public function testGetByLanguageAndOrder(string $language = null, string $orderColumn = null, array $expectArray = []) : void
161			{
162			/* setup */
163
164			$articleModel = new Model\Article();
165
166			/* actual */
167
168			$actualArray = [];
169			$actualObject = $articleModel->getByLanguageAndOrder($language, $orderColumn);
170
171			/* process articles */
172
173			foreach ($actualObject as $value)
			0 ignored issues – show Bug introduced 2019-07-29 20:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$actualObject` of type `object\|null` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
174			{
175			$actualArray[] = $value->alias ?? null;
176			}
177
178			/* compare */
179
180			$this->assertEquals($expectArray, $actualArray);
181			}
182
183			/**
184			* testGetByLanguageAndOrder
185			*
186			* @since 4.0.0
187			*
188			* @param int $contentId
189			* @param string $language
190			* @param string $orderColumn
191			* @param array $expectArray
192			*
193			* @dataProvider providerAutoloader
194			*/
195
196			public function testGetSiblingByIdAndLanguageAndOrder(int $contentId = null, string $language = null, string $orderColumn = null, array $expectArray = []) : void
197			{
198			/* setup */
199
200			$articleModel = new Model\Article();
201
202			/* actual */
203
204			$actualArray = [];
205			$actualObject = $articleModel->getSiblingByIdAndLanguageAndOrder($contentId, $language, $orderColumn);
206
207			/* process articles */
208
209			foreach ($actualObject as $value)
			0 ignored issues – show Bug introduced 2019-07-29 20:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$actualObject` of type `object\|null` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
210			{
211			$actualArray[] = $value->alias ?? null;
212			}
213
214			/* compare */
215
216			$this->assertEquals($expectArray, $actualArray);
217			}
218
219			/**
220			* testGetSiblingArrayById
221			*
222			* @since 4.0.0
223			*
224			* @param int $contentId
225			* @param array $expectArray
226			*
227			* @dataProvider providerAutoloader
228			*/
229
230			public function testGetSiblingArrayById(int $contentId = null, array $expectArray = []) : void
231			{
232			/* setup */
233
234			$articleModel = new Model\Article();
235
236			/* actual */
237
238			$actualArray = $articleModel->getSiblingArrayById($contentId);
239
240			/* compare */
241
242			$this->assertEquals($expectArray, $actualArray);
243			}
244
245			/**
246			* testPublishByDate
247			*
248			* @since 4.0.0
249			*
250			* @param int $date
251			* @param bool $expect
252			*
253			* @dataProvider providerAutoloader
254			*/
255
256			public function testPublishByDate(int $date = null, bool $expect = null) : void
257			{
258			/* setup */
259
260			$articleModel = new Model\Article();
261
262			/* actual */
263
264			$actual = $articleModel->publishByDate($date);
265
266			/* compare */
267
268			$this->assertEquals($expect, $actual);
269			}
270			}
271

redaxscript / redaxscript

Issues (201)

Security Analysis no request data

tests/unit/Model/ContentAbstractTest.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like