Issues in AjaxValidationController.php (development) - Issues in development - romm/formz - Measure and Improve Code Quality continuously with Scrutinizer

Issues (48)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Classes/Controller/AjaxValidationController.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * 2017 Romain CANON <[email protected]>
 *
 * This file is part of the TYPO3 FormZ project.
 * It is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License, either
 * version 3 of the License, or any later version.
 *
 * For the full copyright and license information, see:
 * http://www.gnu.org/licenses/gpl-3.0.html
 */

namespace Romm\Formz\Controller;

use Exception;
use Romm\Formz\Configuration\Form\Field\Validation\Validation;
use Romm\Formz\Core\Core;
use Romm\Formz\Error\AjaxResult;
use Romm\Formz\Error\FormzMessageInterface;
use Romm\Formz\Exceptions\ClassNotFoundException;
use Romm\Formz\Exceptions\EntryNotFoundException;
use Romm\Formz\Exceptions\InvalidArgumentTypeException;
use Romm\Formz\Exceptions\InvalidConfigurationException;
use Romm\Formz\Exceptions\MissingArgumentException;
use Romm\Formz\Form\FormInterface;
use Romm\Formz\Form\FormObject;
use Romm\Formz\Form\FormObjectFactory;
use Romm\Formz\Service\ContextService;
use Romm\Formz\Service\ExtensionService;
use Romm\Formz\Service\MessageService;
use Romm\Formz\Validation\DataObject\ValidatorDataObject;
use TYPO3\CMS\Extbase\Error\Error;
use TYPO3\CMS\Extbase\Mvc\Controller\ActionController;
use TYPO3\CMS\Extbase\Mvc\RequestInterface;
use TYPO3\CMS\Extbase\Mvc\ResponseInterface;
use TYPO3\CMS\Extbase\Mvc\Web\Request;
use TYPO3\CMS\Extbase\Mvc\Web\Response;
use TYPO3\CMS\Extbase\Reflection\ObjectAccess;
use TYPO3\CMS\Extbase\Validation\Validator\ValidatorInterface;

class AjaxValidationController extends ActionController
{
    const DEFAULT_ERROR_MESSAGE_KEY = 'default_error_message';

    /**
     * @var Request
     */
    protected $request;

    /**
     * @var Response
     */
    protected $response;

    /**
     * @var bool
     */
    protected $protectedRequestMode = true;

    /**
     * @var string
     */
    protected $formClassName;

    /**
     * @var string
     */
    protected $formName;

    /**
     * @var string
     */
    protected $fieldName;

    /**
     * @var string
     */
    protected $validatorName;

    /**
     * @var FormInterface
     */
    protected $form;

    /**
     * @var FormObject
     */
    protected $formObject;

    /**
     * @var AjaxResult
     */
    protected $result;

    /**
     * @var Validation
     */
    protected $validation;

    /**
     * The only accepted method for the request is `POST`.
     */
    public function initializeAction()
    {
        if ($this->request->getMethod() !== 'POST') {
            $this->throwStatus(400);
        }
    }

    /**
     * Will process the request, but also prevent any external message to be
     * displayed, and catch any exception that could occur during the
     * validation.
     *
     * @param RequestInterface  $request
     * @param ResponseInterface $response
     * @throws Exception
     */
    public function processRequest(RequestInterface $request, ResponseInterface $response)
    {
        $this->result = new AjaxResult;

        try {
            $this->processRequestParent($request, $response);
        } catch (Exception $exception) {
            if (false === $this->protectedRequestMode) {
                throw $exception;
            }

            $this->result->clear();

            $errorMessage = ExtensionService::get()->isInDebugMode()
                ? $this->getDebugMessageForException($exception)
                : ContextService::get()->translate(self::DEFAULT_ERROR_MESSAGE_KEY);

            $error = new Error($errorMessage, 1490176818);
            $this->result->addError($error);
            $this->result->setData('errorCode', $exception->getCode());
        }

        // Cleaning every external message.
        ob_clean();

        $this->injectResultInResponse();
    }

    /**
     * Will take care of adding a new argument to the request, based on the form
     * name and the form class name found in the request arguments.
     */
    protected function initializeActionMethodValidators()
    {
        $this->initializeActionMethodValidatorsParent();

        $request = $this->getRequest();

        if (false === $request->hasArgument('name')) {
            throw MissingArgumentException::ajaxControllerNameArgumentNotSet();
        }

        if (false === $request->hasArgument('className')) {
            throw MissingArgumentException::ajaxControllerClassNameArgumentNotSet();
        }

        $className = $request->getArgument('className');

        if (false === class_exists($className)) {
            throw ClassNotFoundException::ajaxControllerFormClassNameNotFound($className);
        }

        if (false === in_array(FormInterface::class, class_implements($className))) {
            throw InvalidArgumentTypeException::ajaxControllerWrongFormType($className);
        }

        $this->arguments->addNewArgument($request->getArgument('name'), $className, true);
    }

    /**
     * Main action that will process the field validation.
     *
     * @param string $name
     * @param string $className
     * @param string $fieldName
     * @param string $validatorName
     */
    public function runAction($name, $className, $fieldName, $validatorName)
    {
        $this->formName = $name;
        $this->formClassName = $className;
        $this->fieldName = $fieldName;
        $this->validatorName = $validatorName;
        $this->form = $this->getForm();

        $this->formObject = $this->getFormObject();
        $this->formObject->setForm($this->form);

        $this->validation = $this->getFieldValidation();

        $validatorDataObject = new ValidatorDataObject($this->formObject, $this->validation);

        /** @var ValidatorInterface $validator */
        $validator = Core::instantiate(
            $this->validation->getClassName(),
            $this->validation->getOptions(),
            $validatorDataObject
        );

        $fieldValue = ObjectAccess::getProperty($this->form, $this->fieldName);
        $result = $validator->validate($fieldValue);

        $this->result->merge($result);
    }

    /**
     * @return Validation
     * @throws EntryNotFoundException
     * @throws InvalidConfigurationException
     */
    protected function getFieldValidation()
    {
        $validationResult = $this->formObject->getConfigurationValidationResult();

        if (true === $validationResult->hasErrors()) {
            throw InvalidConfigurationException::ajaxControllerInvalidFormConfiguration();
        }

        $formConfiguration = $this->formObject->getConfiguration();

        if (false === $formConfiguration->hasField($this->fieldName)) {
            throw EntryNotFoundException::ajaxControllerFieldNotFound($this->fieldName, $this->formObject);
        }

        $field = $formConfiguration->getField($this->fieldName);

        if (false === $field->hasValidation($this->validatorName)) {
            throw EntryNotFoundException::ajaxControllerValidationNotFoundForField($this->validatorName, $this->fieldName);
        }

        $fieldValidationConfiguration = $field->getValidationByName($this->validatorName);

        if (false === $fieldValidationConfiguration->doesUseAjax()) {
            throw InvalidConfigurationException::ajaxControllerAjaxValidationNotActivated($this->validatorName, $this->fieldName);
        }

        return $fieldValidationConfiguration;
    }

    /**
     * Fetches errors/warnings/notices in the result, and put them in the JSON
     * response.
     */
    protected function injectResultInResponse()
    {
        $validationName = $this->validation instanceof Validation
            ? $this->validation->getName()
            : 'default';

        $validationResult = MessageService::get()->sanitizeValidatorResult($this->result, $validationName);

        $result = [
            'success'  => !$this->result->hasErrors(),
            'data'     => $this->result->getData(),
            'messages' => [
                'errors'   => $this->formatMessages($validationResult->getErrors()),
                'warnings' => $this->formatMessages($validationResult->getWarnings()),
                'notices'  => $this->formatMessages($validationResult->getNotices())
            ]
        ];

        $this->setUpResponseResult($result);
    }

    /**
     * @param array $result
     */
    protected function setUpResponseResult(array $result)
    {
        $this->response->setHeader('Content-Type', 'application/json');
        $this->response->setContent(json_encode($result));

        Core::get()->getPageController()->setContentType('application/json');
    }

    /**
     * @param FormzMessageInterface[] $messages
     * @return array
     */
    protected function formatMessages(array $messages)
    {
        $sortedMessages = [];

        foreach ($messages as $message) {
            $sortedMessages[$message->getMessageKey()] = $message->getMessage();

        }

        return $sortedMessages;
    }

    /**
     * Wrapper for unit tests.
     *
     * @param RequestInterface  $request
     * @param ResponseInterface $response
     */
    protected function processRequestParent(RequestInterface $request, ResponseInterface $response)
    {
        parent::processRequest($request, $response);
class Daddy
{
    protected function getFirstName()
    {
        return "Eidur";
    }

    protected function getSurName()
    {
        return "Gudjohnsen";
    }
}

class Son
{
    public function getFirstName()
    {
        return parent::getSurname();
    }
}
    }

    /**
     * Wrapper for unit tests.
     */
    protected function initializeActionMethodValidatorsParent()
    {
        parent::initializeActionMethodValidators();
class Daddy
{
    protected function getFirstName()
    {
        return "Eidur";
    }

    protected function getSurName()
    {
        return "Gudjohnsen";
    }
}

class Son
{
    public function getFirstName()
    {
        return parent::getSurname();
    }
}
    }

    /**
     * Used in unit testing.
     *
     * @param bool $flag
     */
    public function setProtectedRequestMode($flag)
    {
        $this->protectedRequestMode = (bool)$flag;
    }

    /**
     * @param Exception $exception
     * @return string
     */
    protected function getDebugMessageForException(Exception $exception)
    {
        return 'Debug mode – ' . $exception->getMessage();
    }

    /**
     * @return FormInterface
     * @throws MissingArgumentException
     */
    protected function getForm()
    {
        return $this->arguments->getArgument($this->formName)->getValue();
    }

    /**
     * @return FormObject
     */
    protected function getFormObject()
    {
        /** @var FormObjectFactory $formObjectFactory */
        $formObjectFactory = Core::instantiate(FormObjectFactory::class);

        return $formObjectFactory->getInstanceFromClassName($this->formClassName, $this->formName);
    }

    /**
     * Wrapper for unit tests.
     *
     * @return Request
     */
    protected function getRequest()
    {
        return $this->request;
    }
}


1			<?php
2			/*
3			* 2017 Romain CANON <[email protected]>
4			*
5			* This file is part of the TYPO3 FormZ project.
6			* It is free software; you can redistribute it and/or modify it
7			* under the terms of the GNU General Public License, either
8			* version 3 of the License, or any later version.
9			*
10			* For the full copyright and license information, see:
11			* http://www.gnu.org/licenses/gpl-3.0.html
12			*/
13
14			namespace Romm\Formz\Controller;
15
16			use Exception;
17			use Romm\Formz\Configuration\Form\Field\Validation\Validation;
18			use Romm\Formz\Core\Core;
19			use Romm\Formz\Error\AjaxResult;
20			use Romm\Formz\Error\FormzMessageInterface;
21			use Romm\Formz\Exceptions\ClassNotFoundException;
22			use Romm\Formz\Exceptions\EntryNotFoundException;
23			use Romm\Formz\Exceptions\InvalidArgumentTypeException;
24			use Romm\Formz\Exceptions\InvalidConfigurationException;
25			use Romm\Formz\Exceptions\MissingArgumentException;
26			use Romm\Formz\Form\FormInterface;
27			use Romm\Formz\Form\FormObject;
28			use Romm\Formz\Form\FormObjectFactory;
29			use Romm\Formz\Service\ContextService;
30			use Romm\Formz\Service\ExtensionService;
31			use Romm\Formz\Service\MessageService;
32			use Romm\Formz\Validation\DataObject\ValidatorDataObject;
33			use TYPO3\CMS\Extbase\Error\Error;
34			use TYPO3\CMS\Extbase\Mvc\Controller\ActionController;
35			use TYPO3\CMS\Extbase\Mvc\RequestInterface;
36			use TYPO3\CMS\Extbase\Mvc\ResponseInterface;
37			use TYPO3\CMS\Extbase\Mvc\Web\Request;
38			use TYPO3\CMS\Extbase\Mvc\Web\Response;
39			use TYPO3\CMS\Extbase\Reflection\ObjectAccess;
40			use TYPO3\CMS\Extbase\Validation\Validator\ValidatorInterface;
41
42			class AjaxValidationController extends ActionController
43			{
44			const DEFAULT_ERROR_MESSAGE_KEY = 'default_error_message';
45
46			/**
47			* @var Request
48			*/
49			protected $request;
50
51			/**
52			* @var Response
53			*/
54			protected $response;
55
56			/**
57			* @var bool
58			*/
59			protected $protectedRequestMode = true;
60
61			/**
62			* @var string
63			*/
64			protected $formClassName;
65
66			/**
67			* @var string
68			*/
69			protected $formName;
70
71			/**
72			* @var string
73			*/
74			protected $fieldName;
75
76			/**
77			* @var string
78			*/
79			protected $validatorName;
80
81			/**
82			* @var FormInterface
83			*/
84			protected $form;
85
86			/**
87			* @var FormObject
88			*/
89			protected $formObject;
90
91			/**
92			* @var AjaxResult
93			*/
94			protected $result;
95
96			/**
97			* @var Validation
98			*/
99			protected $validation;
100
101			/**
102			* The only accepted method for the request is `POST`.
103			*/
104			public function initializeAction()
105			{
106			if ($this->request->getMethod() !== 'POST') {
107			$this->throwStatus(400);
108			}
109			}
110
111			/**
112			* Will process the request, but also prevent any external message to be
113			* displayed, and catch any exception that could occur during the
114			* validation.
115			*
116			* @param RequestInterface $request
117			* @param ResponseInterface $response
118			* @throws Exception
119			*/
120			public function processRequest(RequestInterface $request, ResponseInterface $response)
121			{
122			$this->result = new AjaxResult;
123
124			try {
125			$this->processRequestParent($request, $response);
126			} catch (Exception $exception) {
127			if (false === $this->protectedRequestMode) {
128			throw $exception;
129			}
130
131			$this->result->clear();
132
133			$errorMessage = ExtensionService::get()->isInDebugMode()
134			? $this->getDebugMessageForException($exception)
135			: ContextService::get()->translate(self::DEFAULT_ERROR_MESSAGE_KEY);
136
137			$error = new Error($errorMessage, 1490176818);
138			$this->result->addError($error);
139			$this->result->setData('errorCode', $exception->getCode());
140			}
141
142			// Cleaning every external message.
143			ob_clean();
144
145			$this->injectResultInResponse();
146			}
147
148			/**
149			* Will take care of adding a new argument to the request, based on the form
150			* name and the form class name found in the request arguments.
151			*/
152			protected function initializeActionMethodValidators()
153			{
154			$this->initializeActionMethodValidatorsParent();
155
156			$request = $this->getRequest();
157
158			if (false === $request->hasArgument('name')) {
159			throw MissingArgumentException::ajaxControllerNameArgumentNotSet();
160			}
161
162			if (false === $request->hasArgument('className')) {
163			throw MissingArgumentException::ajaxControllerClassNameArgumentNotSet();
164			}
165
166			$className = $request->getArgument('className');
167
168			if (false === class_exists($className)) {
169			throw ClassNotFoundException::ajaxControllerFormClassNameNotFound($className);
170			}
171
172			if (false === in_array(FormInterface::class, class_implements($className))) {
173			throw InvalidArgumentTypeException::ajaxControllerWrongFormType($className);
174			}
175
176			$this->arguments->addNewArgument($request->getArgument('name'), $className, true);
177			}
178
179			/**
180			* Main action that will process the field validation.
181			*
182			* @param string $name
183			* @param string $className
184			* @param string $fieldName
185			* @param string $validatorName
186			*/
187			public function runAction($name, $className, $fieldName, $validatorName)
188			{
189			$this->formName = $name;
190			$this->formClassName = $className;
191			$this->fieldName = $fieldName;
192			$this->validatorName = $validatorName;
193			$this->form = $this->getForm();
194
195			$this->formObject = $this->getFormObject();
196			$this->formObject->setForm($this->form);
197
198			$this->validation = $this->getFieldValidation();
199
200			$validatorDataObject = new ValidatorDataObject($this->formObject, $this->validation);
201
202			/** @var ValidatorInterface $validator */
203			$validator = Core::instantiate(
204			$this->validation->getClassName(),
205			$this->validation->getOptions(),
206			$validatorDataObject
207			);
208
209			$fieldValue = ObjectAccess::getProperty($this->form, $this->fieldName);
210			$result = $validator->validate($fieldValue);
211
212			$this->result->merge($result);
213			}
214
215			/**
216			* @return Validation
217			* @throws EntryNotFoundException
218			* @throws InvalidConfigurationException
219			*/
220			protected function getFieldValidation()
221			{
222			$validationResult = $this->formObject->getConfigurationValidationResult();
223
224			if (true === $validationResult->hasErrors()) {
225			throw InvalidConfigurationException::ajaxControllerInvalidFormConfiguration();
226			}
227
228			$formConfiguration = $this->formObject->getConfiguration();
229
230			if (false === $formConfiguration->hasField($this->fieldName)) {
231			throw EntryNotFoundException::ajaxControllerFieldNotFound($this->fieldName, $this->formObject);
232			}
233
234			$field = $formConfiguration->getField($this->fieldName);
235
236			if (false === $field->hasValidation($this->validatorName)) {
237			throw EntryNotFoundException::ajaxControllerValidationNotFoundForField($this->validatorName, $this->fieldName);
238			}
239
240			$fieldValidationConfiguration = $field->getValidationByName($this->validatorName);
241
242			if (false === $fieldValidationConfiguration->doesUseAjax()) {
243			throw InvalidConfigurationException::ajaxControllerAjaxValidationNotActivated($this->validatorName, $this->fieldName);
244			}
245
246			return $fieldValidationConfiguration;
247			}
248
249			/**
250			* Fetches errors/warnings/notices in the result, and put them in the JSON
251			* response.
252			*/
253			protected function injectResultInResponse()
254			{
255			$validationName = $this->validation instanceof Validation
256			? $this->validation->getName()
257			: 'default';
258
259			$validationResult = MessageService::get()->sanitizeValidatorResult($this->result, $validationName);
260
261			$result = [
262			'success' => !$this->result->hasErrors(),
263			'data' => $this->result->getData(),
264			'messages' => [
265			'errors' => $this->formatMessages($validationResult->getErrors()),
266			'warnings' => $this->formatMessages($validationResult->getWarnings()),
267			'notices' => $this->formatMessages($validationResult->getNotices())
268			]
269			];
270
271			$this->setUpResponseResult($result);
272			}
273
274			/**
275			* @param array $result
276			*/
277			protected function setUpResponseResult(array $result)
278			{
279			$this->response->setHeader('Content-Type', 'application/json');
280			$this->response->setContent(json_encode($result));
281
282			Core::get()->getPageController()->setContentType('application/json');
283			}
284
285			/**
286			* @param FormzMessageInterface[] $messages
287			* @return array
288			*/
289			protected function formatMessages(array $messages)
290			{
291			$sortedMessages = [];
292
293			foreach ($messages as $message) {
294			$sortedMessages[$message->getMessageKey()] = $message->getMessage();
			0 ignored issues – show Bug introduced 2017-03-01 10:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getMessage()` does not exist on `Romm\Formz\Error\FormzMessageInterface`. Did you maybe mean `getMessageKey()`? This check marks calls to methods that do not seem to exist on an object. This is most likely the result of a method being renamed without all references to it being renamed likewise. Loading history...
295			}
296
297			return $sortedMessages;
298			}
299
300			/**
301			* Wrapper for unit tests.
302			*
303			* @param RequestInterface $request
304			* @param ResponseInterface $response
305			*/
306			protected function processRequestParent(RequestInterface $request, ResponseInterface $response)
307			{
308			parent::processRequest($request, $response);
			0 ignored issues – show Comprehensibility Bug introduced 2017-03-22 14:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you call parent on a different method (`processRequest()` instead of `processRequestParent()`). Are you sure this is correct? If so, you might want to change this to `$this->processRequest()`. This check looks for a call to a parent method whose name is different than the method from which it is called. Consider the following code: class Daddy { protected function getFirstName() { return "Eidur"; } protected function getSurName() { return "Gudjohnsen"; } } class Son { public function getFirstName() { return parent::getSurname(); } } The `getFirstName()` method in the `Son` calls the wrong method in the parent class. Loading history...
309			}
310
311			/**
312			* Wrapper for unit tests.
313			*/
314			protected function initializeActionMethodValidatorsParent()
315			{
316			parent::initializeActionMethodValidators();
			0 ignored issues – show Comprehensibility Bug introduced 2017-03-22 14:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you call parent on a different method (`initializeActionMethodValidators()` instead of `initializeActionMethodValidatorsParent()`). Are you sure this is correct? If so, you might want to change this to `$this->initializeActionMethodValidators()`. This check looks for a call to a parent method whose name is different than the method from which it is called. Consider the following code: class Daddy { protected function getFirstName() { return "Eidur"; } protected function getSurName() { return "Gudjohnsen"; } } class Son { public function getFirstName() { return parent::getSurname(); } } The `getFirstName()` method in the `Son` calls the wrong method in the parent class. Loading history...
317			}
318
319			/**
320			* Used in unit testing.
321			*
322			* @param bool $flag
323			*/
324			public function setProtectedRequestMode($flag)
325			{
326			$this->protectedRequestMode = (bool)$flag;
327			}
328
329			/**
330			* @param Exception $exception
331			* @return string
332			*/
333			protected function getDebugMessageForException(Exception $exception)
334			{
335			return 'Debug mode – ' . $exception->getMessage();
336			}
337
338			/**
339			* @return FormInterface
340			* @throws MissingArgumentException
341			*/
342			protected function getForm()
343			{
344			return $this->arguments->getArgument($this->formName)->getValue();
345			}
346
347			/**
348			* @return FormObject
349			*/
350			protected function getFormObject()
351			{
352			/** @var FormObjectFactory $formObjectFactory */
353			$formObjectFactory = Core::instantiate(FormObjectFactory::class);
354
355			return $formObjectFactory->getInstanceFromClassName($this->formClassName, $this->formName);
356			}
357
358			/**
359			* Wrapper for unit tests.
360			*
361			* @return Request
362			*/
363			protected function getRequest()
364			{
365			return $this->request;
366			}
367			}
368

romm / formz

Issues (48)

Security Analysis not enabled

Classes/Controller/AjaxValidationController.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like