Issues in FakePDOStatement.php (master) - Issues in master - rkrx/php-fakepdo - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/FakePDOStatement.php (4 issues)

Labels

Bug 4

Severity

Minor 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Kir\FakePDO;

use Kir\FakePDO\EventHandlers\EventHandler;
use Kir\FakePDO\EventHandlers\EventHandlerTrait;
use Kir\FakePDO\Tools\MethodNameGenerator;
use PDO;
use PDOStatement;

class FakePDOStatement extends PDOStatement {
	use EventHandlerTrait;

	/** @var array */
	private $attributes = null;
	/** @var MethodNameGenerator */
	private $methodNameGenerator = null;

	/**
	 * @param EventHandler $eventHandler
	 */
	public function __construct(EventHandler $eventHandler = null) {
		$this->setEventHandler($eventHandler);
		$this->methodNameGenerator = new MethodNameGenerator('PDOStatement');
	}

	/**
	 * @param array|null $bound_input_params
	 * @return bool
	 */
	public function execute($bound_input_params = NULL) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array($bound_input_params), function () {
			return true;
		});
	}

	/**
	 * @param int|null $fetch_style
	 * @param int $cursor_orientation
	 * @param int $cursor_offset
	 * @return mixed
	 */
	public function fetch($fetch_style = null, $cursor_orientation = PDO::FETCH_ORI_NEXT, $cursor_offset = 0) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array($fetch_style, $cursor_orientation, $cursor_offset), function () {
			return [];
		});
	}

	/**
	 * @param mixed $parameter
	 * @param mixed $variable
	 * @param int $data_type
	 * @param int|null $length
	 * @param int|null $driver_options
	 * @return bool|mixed
	 */
	public function bindParam($parameter, &$variable, $data_type = PDO::PARAM_STR, $length = null, $driver_options = null) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array($parameter, $variable, $data_type, $driver_options), function () {
			return true;
		});
	}

	/**
	 * @param mixed $column
	 * @param mixed $param
	 * @param int $type
	 * @param int $maxlen
	 * @param mixed $driverdata
	 * @return bool|void
	 */
	public function bindColumn($column, &$param, $type = null, $maxlen = null, $driverdata = null) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array($column, $param, $type, $maxlen, $driverdata), function () {
			return true;
		});
	}

	/**
	 * @param mixed $parameter
	 * @param mixed $value
	 * @param int $data_type
	 * @return bool|mixed
	 */
	public function bindValue($parameter, $value, $data_type = PDO::PARAM_STR) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array($parameter, $value, $data_type), function () {
			return true;
		});
	}

	/**
	 * @return int
	 */
	public function rowCount() {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return 0;
		});
	}

	/**
	 * @param int $column_number
	 * @return string
	 */
	public function fetchColumn($column_number = 0) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return '';
		});
	}

	/**
	 * @param mixed|null $how
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 * @param mixed|null $class_name
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 * @param array|null $ctor_args
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 * @return array
	 */
	public function fetchAll(int $mode = PDO::FETCH_BOTH, mixed ...$args) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return [];
		});
	}

	/**
	 * @param string $class_name
	 * @param array $ctor_args
	 * @return mixed
	 */
	public function fetchObject($class_name = NULL, $ctor_args = NULL) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return new \stdClass();
		});
	}

	/**
	 * @return string
	 */
	public function errorCode() {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return '';
		});
	}

	/**
	 * @return array
	 */
	public function errorInfo() {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return [0, 0, 0];
		});
	}

	/**
	 * @param int $attribute
	 * @return mixed
	 */
	public function getAttribute($attribute) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array($attribute), function ($attribute) {
			$attribute = json_encode($attribute);
			if(array_key_exists($attribute, $this->attributes)) {
				return $this->attributes[$attribute];
			}
			return null;
		});
	}

	/**
	 * @param int $attribute
	 * @param mixed $value
	 * @return bool
	 */
	public function setAttribute($attribute, $value) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array($attribute, $value), function ($attribute, $value) {
			$attribute = json_encode($attribute);
			$this->attributes[$attribute] = $value;
			return true;
		});
	}

	/**
	 *
	 */
	public function columnCount() {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return 0;
		});
	}

	/**
	 * @param int $column
	 * @return array
	 */
	public function getColumnMeta($column) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array($column), function () {
			return [];
		});
	}

	/**
	 * @param int $mode
	 * @param array|null $params
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 * @return bool
	 */
	public function setFetchMode(int $mode, ...$args) {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array($mode), function () {
			return true;
		});
	}

	/**
	 * @return bool
	 */
	public function nextRowset() {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return true;
		});
	}

	/**
	 * @return bool
	 */
	public function closeCursor() {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return true;
		});
	}

	/**
	 * @return bool
	 */
	public function debugDumpParams() {
		$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
		return $this->invokeEventHandler($methodName, array(), function () {
			return true;
		});
	}
}


1			<?php
2			namespace Kir\FakePDO;
3
4			use Kir\FakePDO\EventHandlers\EventHandler;
5			use Kir\FakePDO\EventHandlers\EventHandlerTrait;
6			use Kir\FakePDO\Tools\MethodNameGenerator;
7			use PDO;
8			use PDOStatement;
9
10			class FakePDOStatement extends PDOStatement {
11			use EventHandlerTrait;
12
13			/** @var array */
14			private $attributes = null;
15			/** @var MethodNameGenerator */
16			private $methodNameGenerator = null;
17
18			/**
19			* @param EventHandler $eventHandler
20			*/
21			public function __construct(EventHandler $eventHandler = null) {
22			$this->setEventHandler($eventHandler);
23			$this->methodNameGenerator = new MethodNameGenerator('PDOStatement');
24			}
25
26			/**
27			* @param array\|null $bound_input_params
28			* @return bool
29			*/
30			public function execute($bound_input_params = NULL) {
31			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
32			return $this->invokeEventHandler($methodName, array($bound_input_params), function () {
33			return true;
34			});
35			}
36
37			/**
38			* @param int\|null $fetch_style
39			* @param int $cursor_orientation
40			* @param int $cursor_offset
41			* @return mixed
42			*/
43			public function fetch($fetch_style = null, $cursor_orientation = PDO::FETCH_ORI_NEXT, $cursor_offset = 0) {
44			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
45			return $this->invokeEventHandler($methodName, array($fetch_style, $cursor_orientation, $cursor_offset), function () {
46			return [];
47			});
48			}
49
50			/**
51			* @param mixed $parameter
52			* @param mixed $variable
53			* @param int $data_type
54			* @param int\|null $length
55			* @param int\|null $driver_options
56			* @return bool\|mixed
57			*/
58			public function bindParam($parameter, &$variable, $data_type = PDO::PARAM_STR, $length = null, $driver_options = null) {
59			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
60			return $this->invokeEventHandler($methodName, array($parameter, $variable, $data_type, $driver_options), function () {
61			return true;
62			});
63			}
64
65			/**
66			* @param mixed $column
67			* @param mixed $param
68			* @param int $type
69			* @param int $maxlen
70			* @param mixed $driverdata
71			* @return bool\|void
72			*/
73			public function bindColumn($column, &$param, $type = null, $maxlen = null, $driverdata = null) {
74			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
75			return $this->invokeEventHandler($methodName, array($column, $param, $type, $maxlen, $driverdata), function () {
76			return true;
77			});
78			}
79
80			/**
81			* @param mixed $parameter
82			* @param mixed $value
83			* @param int $data_type
84			* @return bool\|mixed
85			*/
86			public function bindValue($parameter, $value, $data_type = PDO::PARAM_STR) {
87			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
88			return $this->invokeEventHandler($methodName, array($parameter, $value, $data_type), function () {
89			return true;
90			});
91			}
92
93			/**
94			* @return int
95			*/
96			public function rowCount() {
97			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
98			return $this->invokeEventHandler($methodName, array(), function () {
99			return 0;
100			});
101			}
102
103			/**
104			* @param int $column_number
105			* @return string
106			*/
107			public function fetchColumn($column_number = 0) {
108			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
109			return $this->invokeEventHandler($methodName, array(), function () {
110			return '';
111			});
112			}
113
114			/**
115			* @param mixed\|null $how
			0 ignored issues – show Bug introduced 2020-10-18 15:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$how`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
116			* @param mixed\|null $class_name
			0 ignored issues – show Bug introduced 2020-10-18 15:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$class_name`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
117			* @param array\|null $ctor_args
			0 ignored issues – show Bug introduced 2020-10-18 15:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$ctor_args`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
118			* @return array
119			*/
120			public function fetchAll(int $mode = PDO::FETCH_BOTH, mixed ...$args) {
121			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
122			return $this->invokeEventHandler($methodName, array(), function () {
123			return [];
124			});
125			}
126
127			/**
128			* @param string $class_name
129			* @param array $ctor_args
130			* @return mixed
131			*/
132			public function fetchObject($class_name = NULL, $ctor_args = NULL) {
133			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
134			return $this->invokeEventHandler($methodName, array(), function () {
135			return new \stdClass();
136			});
137			}
138
139			/**
140			* @return string
141			*/
142			public function errorCode() {
143			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
144			return $this->invokeEventHandler($methodName, array(), function () {
145			return '';
146			});
147			}
148
149			/**
150			* @return array
151			*/
152			public function errorInfo() {
153			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
154			return $this->invokeEventHandler($methodName, array(), function () {
155			return [0, 0, 0];
156			});
157			}
158
159			/**
160			* @param int $attribute
161			* @return mixed
162			*/
163			public function getAttribute($attribute) {
164			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
165			return $this->invokeEventHandler($methodName, array($attribute), function ($attribute) {
166			$attribute = json_encode($attribute);
167			if(array_key_exists($attribute, $this->attributes)) {
168			return $this->attributes[$attribute];
169			}
170			return null;
171			});
172			}
173
174			/**
175			* @param int $attribute
176			* @param mixed $value
177			* @return bool
178			*/
179			public function setAttribute($attribute, $value) {
180			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
181			return $this->invokeEventHandler($methodName, array($attribute, $value), function ($attribute, $value) {
182			$attribute = json_encode($attribute);
183			$this->attributes[$attribute] = $value;
184			return true;
185			});
186			}
187
188			/**
189			*
190			*/
191			public function columnCount() {
192			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
193			return $this->invokeEventHandler($methodName, array(), function () {
194			return 0;
195			});
196			}
197
198			/**
199			* @param int $column
200			* @return array
201			*/
202			public function getColumnMeta($column) {
203			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
204			return $this->invokeEventHandler($methodName, array($column), function () {
205			return [];
206			});
207			}
208
209			/**
210			* @param int $mode
211			* @param array\|null $params
			0 ignored issues – show Bug introduced 2020-10-18 15:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$params`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
212			* @return bool
213			*/
214			public function setFetchMode(int $mode, ...$args) {
215			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
216			return $this->invokeEventHandler($methodName, array($mode), function () {
217			return true;
218			});
219			}
220
221			/**
222			* @return bool
223			*/
224			public function nextRowset() {
225			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
226			return $this->invokeEventHandler($methodName, array(), function () {
227			return true;
228			});
229			}
230
231			/**
232			* @return bool
233			*/
234			public function closeCursor() {
235			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
236			return $this->invokeEventHandler($methodName, array(), function () {
237			return true;
238			});
239			}
240
241			/**
242			* @return bool
243			*/
244			public function debugDumpParams() {
245			$methodName = $this->methodNameGenerator->getQualifiedMethodName(__FUNCTION__);
246			return $this->invokeEventHandler($methodName, array(), function () {
247			return true;
248			});
249			}
250			}
251

rkrx / php-fakepdo

Issues (4)

Security Analysis no request data

src/FakePDOStatement.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like