Issues in TagTest.php (master) - Issues in master - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Issues (201)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

tests/unit/Template/TagTest.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript\Tests\Template;

use org\bovigo\vfs\vfsStream as Stream;
use org\bovigo\vfs\vfsStreamFile as StreamFile;
use org\bovigo\vfs\vfsStreamWrapper as StreamWrapper;
use Redaxscript\Db;
use Redaxscript\Model;
use Redaxscript\Template;
use Redaxscript\Tests\TestCaseAbstract;

/**
 * TagTest
 *
 * @since 2.3.0
 *
 * @package Redaxscript
 * @category Tests
 * @author Henry Ruhs
 *
 * @covers Redaxscript\Template\Tag
 */

class TagTest extends TestCaseAbstract
{
	/**
	 * setUp
	 *
	 * @since 3.1.0
	 */

	public function setUp() : void
	{
		parent::setUp();
		$optionArray = $this->getOptionArray();
		$installer = $this->installerFactory();
		$installer->init();
		$installer->rawCreate();
		$installer->insertSettings($optionArray);
		$categoryOne = Db::forTablePrefix('categories')->create();
		$categoryOne
			->set(
			[
				'title' => 'Category One',
				'alias' => 'category-one'
			])
			->save();
		$articleOne = Db::forTablePrefix('articles')->create();
		$articleOne
			->set(
			[
				'title' => 'Article One',
				'alias' => 'article-one',
				'category' => $categoryOne->id,
				'comments' => 1
			])
			->save();
		Db::forTablePrefix('articles')
			->create()
			->set(
			[
				'title' => 'Article Two',
				'alias' => 'article-two',
				'category' => $categoryOne->id
			])
			->save();
		Db::forTablePrefix('comments')
			->create()
			->set(
			[
				'author' => 'Comment One',
				'text' => 'Comment One',
				'article' => $articleOne->id
			])
			->save();
		Db::forTablePrefix('comments')
			->create()
			->set(
			[
				'author' => 'Comment Two',
				'text' => 'Comment Two',
				'article' => $articleOne->id
			])
			->save();
	}

	/**
	 * tearDown
	 *
	 * @since 3.1.0
	 */

	public function tearDown() : void
	{
		$this->dropDatabase();
	}

	/**
	 * testBase
	 *
	 * @since 3.0.0
	 */

	public function testBase() : void
	{
		/* actual */

		$actual = Template\Tag::base();

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testTitle
	 *
	 * @since 3.0.0
	 */

	public function testTitle() : void
	{
		/* actual */

		$actual = Template\Tag::title('test');

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testLink
	 *
	 * @since 3.0.0
	 */

	public function testLink() : void
	{
		/* actual */

		$actual = Template\Tag::link();

		/* compare */

		$this->assertInstanceOf('Redaxscript\Head\Link', $actual);
	}

	/**
	 * testMeta
	 *
	 * @since 3.0.0
	 */

	public function testMeta() : void
	{
		/* actual */

		$actual = Template\Tag::meta();

		/* compare */

		$this->assertInstanceOf('Redaxscript\Head\Meta', $actual);
	}

	/**
	 * testScript
	 *
	 * @since 3.0.0
	 */

	public function testScript() : void
	{
		/* actual */

		$actual = Template\Tag::script();

		/* compare */

		$this->assertInstanceOf('Redaxscript\Head\Script', $actual);
	}

	/**
	 * testStyle
	 *
	 * @since 3.0.0
	 */

	public function testStyle() : void
	{
		/* actual */

		$actual = Template\Tag::style();

		/* compare */

		$this->assertInstanceOf('Redaxscript\Head\Style', $actual);
	}

	/**
	 * testBreadcrumb
	 *
	 * @since 2.3.0
	 */

	public function testBreadcrumb() : void
	{
		/* actual */

		$actual = Template\Tag::breadcrumb();

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testPartial
	 *
	 * @since 2.3.0
	 */

	public function testPartial() : void
	{
		/* setup */

		Stream::setup('root');
		$file = new StreamFile('partial.phtml');
		StreamWrapper::getRoot()->addChild($file);
interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}

		/* actual */

		$actual = Template\Tag::partial(Stream::url('root' . DIRECTORY_SEPARATOR . 'partial.phtml'));

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testPaginationArticles
	 *
	 * @since 4.0.0
	 */

	public function testPaginationArticles() : void
	{
		/* setup */

		$settingModel = new Model\Setting();
		$settingModel->set('limit', 1);

		/* actual */

		$actual = Template\Tag::pagination('articles', 1);

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testPaginationComments
	 *
	 * @since 4.0.0
	 */

	public function testPaginationComments() : void
	{
		/* setup */

		$settingModel = new Model\Setting();
		$settingModel->set('limit', 1);

		/* actual */

		$actual = Template\Tag::pagination('comments', 1);

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testPaginationInvalid
	 *
	 * @since 4.0.0
	 */

	public function testPaginationInvalid() : void
	{
		/* actual */

		$actual = Template\Tag::pagination('invalid', 1);

		/* compare */

		$this->assertNull($actual);
	}

	/**
	 * testNavigationCategories
	 *
	 * @since 3.3.1
	 */

	public function testNavigationCategories() : void
	{
		/* actual */

		$actual = Template\Tag::navigation('categories');

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testNavigationArticles
	 *
	 * @since 3.3.1
	 */

	public function testNavigationArticles() : void
	{
		/* actual */

		$actual = Template\Tag::navigation('articles');

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testNavigationComments
	 *
	 * @since 3.3.1
	 */

	public function testNavigationComments() : void
	{
		/* actual */

		$actual = Template\Tag::navigation('comments');

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testNavigationLanguages
	 *
	 * @since 3.3.1
	 */

	public function testNavigationLanguages() : void
	{
		/* actual */

		$actual = Template\Tag::navigation('languages');

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testNavigationTemplates
	 *
	 * @since 3.3.1
	 */

	public function testNavigationTemplates() : void
	{
		/* actual */

		$actual = Template\Tag::navigation('templates');

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testNavigationTemplates
	 *
	 * @since 3.3.1
	 */

	public function testNavigationInvalid() : void
	{
		/* actual */

		$actual = Template\Tag::navigation('invalid');

		/* compare */

		$this->assertNull($actual);
	}

	/**
	 * testConsole
	 *
	 * @since 3.0.0
	 */

	public function testConsole() : void
	{
		/* setup */

		$this->_request->setStream('argv', 'help');

		/* actual */

		$actual = Template\Tag::console();

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testConsoleInvalid
	 *
	 * @since 3.0.0
	 */

	public function testConsoleInvalid() : void
	{
		/* setup */

		$this->_request->setStream('argv', 'invalidCommand');

		/* actual */

		$actual = Template\Tag::console();

		/* compare */

		$this->assertNull($actual);
	}

	/**
	 * testConsoleForm
	 *
	 * @since 3.0.0
	 */

	public function testConsoleForm() : void
	{
		/* actual */

		$actual = Template\Tag::consoleForm();

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testCommentForm
	 *
	 * @since 4.0.0
	 */

	public function testCommentForm() : void
	{
		/* actual */

		$actual = Template\Tag::commentForm(1);

		/* compare */

		$this->assertIsString($actual);
	}

	/**
	 * testSearchForm
	 *
	 * @since 3.0.0
	 */

	public function testSearchForm() : void
	{
		/* actual */

		$actual = Template\Tag::searchForm();

		/* compare */

		$this->assertIsString($actual);
	}

}


Issues (201)

Security Analysis no request data

tests/unit/Template/TagTest.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1			<?php
2			namespace Redaxscript\Tests\Template;
3
4			use org\bovigo\vfs\vfsStream as Stream;
5			use org\bovigo\vfs\vfsStreamFile as StreamFile;
6			use org\bovigo\vfs\vfsStreamWrapper as StreamWrapper;
7			use Redaxscript\Db;
8			use Redaxscript\Model;
9			use Redaxscript\Template;
10			use Redaxscript\Tests\TestCaseAbstract;
11
12			/**
13			* TagTest
14			*
15			* @since 2.3.0
16			*
17			* @package Redaxscript
18			* @category Tests
19			* @author Henry Ruhs
20			*
21			* @covers Redaxscript\Template\Tag
22			*/
23
24			class TagTest extends TestCaseAbstract
25			{
26			/**
27			* setUp
28			*
29			* @since 3.1.0
30			*/
31
32			public function setUp() : void
33			{
34			parent::setUp();
35			$optionArray = $this->getOptionArray();
36			$installer = $this->installerFactory();
37			$installer->init();
38			$installer->rawCreate();
39			$installer->insertSettings($optionArray);
40			$categoryOne = Db::forTablePrefix('categories')->create();
41			$categoryOne
42			->set(
43			[
44			'title' => 'Category One',
45			'alias' => 'category-one'
46			])
47			->save();
48			$articleOne = Db::forTablePrefix('articles')->create();
49			$articleOne
50			->set(
51			[
52			'title' => 'Article One',
53			'alias' => 'article-one',
54			'category' => $categoryOne->id,
55			'comments' => 1
56			])
57			->save();
58			Db::forTablePrefix('articles')
59			->create()
60			->set(
61			[
62			'title' => 'Article Two',
63			'alias' => 'article-two',
64			'category' => $categoryOne->id
65			])
66			->save();
67			Db::forTablePrefix('comments')
68			->create()
69			->set(
70			[
71			'author' => 'Comment One',
72			'text' => 'Comment One',
73			'article' => $articleOne->id
74			])
75			->save();
76			Db::forTablePrefix('comments')
77			->create()
78			->set(
79			[
80			'author' => 'Comment Two',
81			'text' => 'Comment Two',
82			'article' => $articleOne->id
83			])
84			->save();
85			}
86
87			/**
88			* tearDown
89			*
90			* @since 3.1.0
91			*/
92
93			public function tearDown() : void
94			{
95			$this->dropDatabase();
96			}
97
98			/**
99			* testBase
100			*
101			* @since 3.0.0
102			*/
103
104			public function testBase() : void
105			{
106			/* actual */
107
108			$actual = Template\Tag::base();
109
110			/* compare */
111
112			$this->assertIsString($actual);
113			}
114
115			/**
116			* testTitle
117			*
118			* @since 3.0.0
119			*/
120
121			public function testTitle() : void
122			{
123			/* actual */
124
125			$actual = Template\Tag::title('test');
126
127			/* compare */
128
129			$this->assertIsString($actual);
130			}
131
132			/**
133			* testLink
134			*
135			* @since 3.0.0
136			*/
137
138			public function testLink() : void
139			{
140			/* actual */
141
142			$actual = Template\Tag::link();
143
144			/* compare */
145
146			$this->assertInstanceOf('Redaxscript\Head\Link', $actual);
147			}
148
149			/**
150			* testMeta
151			*
152			* @since 3.0.0
153			*/
154
155			public function testMeta() : void
156			{
157			/* actual */
158
159			$actual = Template\Tag::meta();
160
161			/* compare */
162
163			$this->assertInstanceOf('Redaxscript\Head\Meta', $actual);
164			}
165
166			/**
167			* testScript
168			*
169			* @since 3.0.0
170			*/
171
172			public function testScript() : void
173			{
174			/* actual */
175
176			$actual = Template\Tag::script();
177
178			/* compare */
179
180			$this->assertInstanceOf('Redaxscript\Head\Script', $actual);
181			}
182
183			/**
184			* testStyle
185			*
186			* @since 3.0.0
187			*/
188
189			public function testStyle() : void
190			{
191			/* actual */
192
193			$actual = Template\Tag::style();
194
195			/* compare */
196
197			$this->assertInstanceOf('Redaxscript\Head\Style', $actual);
198			}
199
200			/**
201			* testBreadcrumb
202			*
203			* @since 2.3.0
204			*/
205
206			public function testBreadcrumb() : void
207			{
208			/* actual */
209
210			$actual = Template\Tag::breadcrumb();
211
212			/* compare */
213
214			$this->assertIsString($actual);
215			}
216
217			/**
218			* testPartial
219			*
220			* @since 2.3.0
221			*/
222
223			public function testPartial() : void
224			{
225			/* setup */
226
227			Stream::setup('root');
228			$file = new StreamFile('partial.phtml');
229			StreamWrapper::getRoot()->addChild($file);
			0 ignored issues – show Bug introduced 2017-10-31 19:54 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you code against a concrete implementation and not the interface `org\bovigo\vfs\vfsStreamContent` as the method `addChild()` does only exist in the following implementations of said interface: `org\bovigo\vfs\DotDirectory`, `org\bovigo\vfs\vfsStreamDirectory`. Let’s take a look at an example: interface User { /** @return string / public function getPassword(); } class MyUser implements User { public function getPassword() { // return something } public function getDisplayName() { // return some name. } } class AuthSystem { public function authenticate(User $user) { $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName())); // do something. } } In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break. Available Fixes Change the type-hint for the parameter: class AuthSystem { public function authenticate(MyUser $user) { / ... / } } Add an additional type-check: class AuthSystem { public function authenticate(User $user) { if ($user instanceof MyUser) { $this->logger->info(/* ... /); } // or alternatively if ( ! $user instanceof MyUser) { throw new \LogicException( '$user must be an instance of MyUser, ' .'other instances are not supported.' ); } } } Note:* PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case. Add the method to the interface: interface User { /** @return string / public function getPassword(); /* @return string */ public function getDisplayName(); } Loading history...
230
231			/* actual */
232
233			$actual = Template\Tag::partial(Stream::url('root' . DIRECTORY_SEPARATOR . 'partial.phtml'));
234
235			/* compare */
236
237			$this->assertIsString($actual);
238			}
239
240			/**
241			* testPaginationArticles
242			*
243			* @since 4.0.0
244			*/
245
246			public function testPaginationArticles() : void
247			{
248			/* setup */
249
250			$settingModel = new Model\Setting();
251			$settingModel->set('limit', 1);
252
253			/* actual */
254
255			$actual = Template\Tag::pagination('articles', 1);
256
257			/* compare */
258
259			$this->assertIsString($actual);
260			}
261
262			/**
263			* testPaginationComments
264			*
265			* @since 4.0.0
266			*/
267
268			public function testPaginationComments() : void
269			{
270			/* setup */
271
272			$settingModel = new Model\Setting();
273			$settingModel->set('limit', 1);
274
275			/* actual */
276
277			$actual = Template\Tag::pagination('comments', 1);
278
279			/* compare */
280
281			$this->assertIsString($actual);
282			}
283
284			/**
285			* testPaginationInvalid
286			*
287			* @since 4.0.0
288			*/
289
290			public function testPaginationInvalid() : void
291			{
292			/* actual */
293
294			$actual = Template\Tag::pagination('invalid', 1);
295
296			/* compare */
297
298			$this->assertNull($actual);
299			}
300
301			/**
302			* testNavigationCategories
303			*
304			* @since 3.3.1
305			*/
306
307			public function testNavigationCategories() : void
308			{
309			/* actual */
310
311			$actual = Template\Tag::navigation('categories');
312
313			/* compare */
314
315			$this->assertIsString($actual);
316			}
317
318			/**
319			* testNavigationArticles
320			*
321			* @since 3.3.1
322			*/
323
324			public function testNavigationArticles() : void
325			{
326			/* actual */
327
328			$actual = Template\Tag::navigation('articles');
329
330			/* compare */
331
332			$this->assertIsString($actual);
333			}
334
335			/**
336			* testNavigationComments
337			*
338			* @since 3.3.1
339			*/
340
341			public function testNavigationComments() : void
342			{
343			/* actual */
344
345			$actual = Template\Tag::navigation('comments');
346
347			/* compare */
348
349			$this->assertIsString($actual);
350			}
351
352			/**
353			* testNavigationLanguages
354			*
355			* @since 3.3.1
356			*/
357
358			public function testNavigationLanguages() : void
359			{
360			/* actual */
361
362			$actual = Template\Tag::navigation('languages');
363
364			/* compare */
365
366			$this->assertIsString($actual);
367			}
368
369			/**
370			* testNavigationTemplates
371			*
372			* @since 3.3.1
373			*/
374
375			public function testNavigationTemplates() : void
376			{
377			/* actual */
378
379			$actual = Template\Tag::navigation('templates');
380
381			/* compare */
382
383			$this->assertIsString($actual);
384			}
385
386			/**
387			* testNavigationTemplates
388			*
389			* @since 3.3.1
390			*/
391
392			public function testNavigationInvalid() : void
393			{
394			/* actual */
395
396			$actual = Template\Tag::navigation('invalid');
397
398			/* compare */
399
400			$this->assertNull($actual);
401			}
402
403			/**
404			* testConsole
405			*
406			* @since 3.0.0
407			*/
408
409			public function testConsole() : void
410			{
411			/* setup */
412
413			$this->_request->setStream('argv', 'help');
414
415			/* actual */
416
417			$actual = Template\Tag::console();
418
419			/* compare */
420
421			$this->assertIsString($actual);
422			}
423
424			/**
425			* testConsoleInvalid
426			*
427			* @since 3.0.0
428			*/
429
430			public function testConsoleInvalid() : void
431			{
432			/* setup */
433
434			$this->_request->setStream('argv', 'invalidCommand');
435
436			/* actual */
437
438			$actual = Template\Tag::console();
439
440			/* compare */
441
442			$this->assertNull($actual);
443			}
444
445			/**
446			* testConsoleForm
447			*
448			* @since 3.0.0
449			*/
450
451			public function testConsoleForm() : void
452			{
453			/* actual */
454
455			$actual = Template\Tag::consoleForm();
456
457			/* compare */
458
459			$this->assertIsString($actual);
460			}
461
462			/**
463			* testCommentForm
464			*
465			* @since 4.0.0
466			*/
467
468			public function testCommentForm() : void
469			{
470			/* actual */
471
472			$actual = Template\Tag::commentForm(1);
473
474			/* compare */
475
476			$this->assertIsString($actual);
477			}
478
479			/**
480			* testSearchForm
481			*
482			* @since 3.0.0
483			*/
484
485			public function testSearchForm() : void
486			{
487			/* actual */
488
489			$actual = Template\Tag::searchForm();
490
491			/* compare */
492
493			$this->assertIsString($actual);
494			}
495
496			}
497

redaxscript / redaxscript

Issues (201)

Security Analysis no request data

tests/unit/Template/TagTest.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like