Issues in Property.php (master) - Issues in master - rudestan/Teebot - Measure and Improve Code Quality continuously with Scrutinizer

Issues (41)

Security Analysis no request data

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Api/Traits/Property.php (1 issue)

Labels

Severity

Major 1

<?php

/**
 * Trait with methods to work with properties. Used in Method and Entity classes.
 *
 * @package Teebot (Telegram bot framework)
 *
 * @author  Stanislav Drozdov <[email protected]>
 */

declare(strict_types=1);

namespace Teebot\Api\Traits;

use Teebot\Api\Exception\PropertyException;

trait Property
{
    /**
     * List of properties supported by method in format: property name => required or not
     *
     * @var array
     */
    protected $supportedProperties = [];

    /**
     * Returns camel cased property's getter or setter method name. Checks method for existence.
     *
     * @param string $prefix Prefix of the method e.g. "set" or "get"
     * @param string $name   Method's name
     *
     * @return null|string
     */
    protected function getSetGetMethodName(string $prefix, string $name): ?string
    {
        $setter = $prefix . str_replace("_", "", ucwords($name, "_"));

        if (method_exists($this, $setter)) {
            return $setter;
        }

        return null;
    }

    /**
     * Sets properties of the class from array.
     *
     * @param array $data An associative array with property => value data
     */
    protected function setProperties(array $data)
    {
        foreach ($data as $name => $value) {
            $this->setProperty((string) $name, $value);
        }
    }

    /**
     * Sets property of the class.
     *
     * @param string     $name  Property name
     * @param null|mixed $value Value of the property
     */
    protected function setProperty(string $name, $value = null)
    {
        $setterMethod = $this->getSetGetMethodName("set", $name);

        if ($setterMethod !== null) {
            $this->{$setterMethod}($value);

            return;
        }

        if (property_exists($this, $name)) {
            $this->{$name} = $value;
        }
    }

    /**
     * Returns properties as string. Used for building get query string if GET method was set.
     *
     * @return string
     */
    public function getPropertiesAsString(): string
    {
        $properties = $this->getPropertiesArray();

        return $properties ? http_build_query($properties) : '';
    }

    /**
     * Returns an array with properties. Array with supported properties should be defined
     * in the class.
     *
     * @param bool $validate Flag whether validation for required properties should be applied
     *
     * @return array
     */
    public function getPropertiesArray(bool $validate = true): array
    {
        $properties = [];

        if (empty($this->supportedProperties)) {
            return $properties;
        }

        foreach ($this->supportedProperties as $name => $isRequired) {

            $getterMethod = $this->getSetGetMethodName("get", $name);

            if ($getterMethod && $this->{$getterMethod}() !== null) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
                $properties[$name] = $this->{$getterMethod}();

                continue;
            }

            if (property_exists($this, $name) && $this->{$name} !== null) {
                $properties[$name] = $this->{$name};
            }
        }

        if ($validate) {
            $this->validateProperties($properties);
        }

        return $properties;
    }

    /**
     * Returns multipart properties
     *
     * @param bool $validate
     *
     * @return array
     */
    public function getPropertiesMultipart(bool $validate = true): array
    {
        $requestProperties = [];
        $properties        = $this->getPropertiesArray($validate);

        foreach ($properties as $k => $v) {
            $requestProperties[] = [
                'name'     => $k,
                'contents' => $v,
            ];
        }

        return $requestProperties;
    }

    /**
     * Validates properties and checks which are required
     *
     * @param array $properties An associative array of the properties
     *
     * @throws PropertyException
     */
    protected function validateProperties(array $properties)
    {
        foreach ($this->supportedProperties as $propertyName => $isRequired) {
            if ($isRequired === true && empty($properties[$propertyName])) {
                throw new PropertyException('Required property "'.$propertyName.'" is not set!');
            }
        }
    }

    /**
     * Returns object's properties encoded as JSON string
     *
     * @param bool $validate Flag whether validation for required properties should be applied
     *
     * @return string
     */
    public function asJson(bool $validate = true): string
    {
        $properties = $this->getPropertiesArray($validate);

        return json_encode($properties);
    }
}


1			<?php
2
3			/**
4			* Trait with methods to work with properties. Used in Method and Entity classes.
5			*
6			* @package Teebot (Telegram bot framework)
7			*
8			* @author Stanislav Drozdov <[email protected]>
9			*/
10
11			declare(strict_types=1);
12
13			namespace Teebot\Api\Traits;
14
15			use Teebot\Api\Exception\PropertyException;
16
17			trait Property
18			{
19			/**
20			* List of properties supported by method in format: property name => required or not
21			*
22			* @var array
23			*/
24			protected $supportedProperties = [];
25
26			/**
27			* Returns camel cased property's getter or setter method name. Checks method for existence.
28			*
29			* @param string $prefix Prefix of the method e.g. "set" or "get"
30			* @param string $name Method's name
31			*
32			* @return null\|string
33			*/
34			protected function getSetGetMethodName(string $prefix, string $name): ?string
35			{
36			$setter = $prefix . str_replace("_", "", ucwords($name, "_"));
37
38			if (method_exists($this, $setter)) {
39			return $setter;
40			}
41
42			return null;
43			}
44
45			/**
46			* Sets properties of the class from array.
47			*
48			* @param array $data An associative array with property => value data
49			*/
50			protected function setProperties(array $data)
51			{
52			foreach ($data as $name => $value) {
53			$this->setProperty((string) $name, $value);
54			}
55			}
56
57			/**
58			* Sets property of the class.
59			*
60			* @param string $name Property name
61			* @param null\|mixed $value Value of the property
62			*/
63			protected function setProperty(string $name, $value = null)
64			{
65			$setterMethod = $this->getSetGetMethodName("set", $name);
66
67			if ($setterMethod !== null) {
68			$this->{$setterMethod}($value);
69
70			return;
71			}
72
73			if (property_exists($this, $name)) {
74			$this->{$name} = $value;
75			}
76			}
77
78			/**
79			* Returns properties as string. Used for building get query string if GET method was set.
80			*
81			* @return string
82			*/
83			public function getPropertiesAsString(): string
84			{
85			$properties = $this->getPropertiesArray();
86
87			return $properties ? http_build_query($properties) : '';
88			}
89
90			/**
91			* Returns an array with properties. Array with supported properties should be defined
92			* in the class.
93			*
94			* @param bool $validate Flag whether validation for required properties should be applied
95			*
96			* @return array
97			*/
98			public function getPropertiesArray(bool $validate = true): array
99			{
100			$properties = [];
101
102			if (empty($this->supportedProperties)) {
103			return $properties;
104			}
105
106			foreach ($this->supportedProperties as $name => $isRequired) {
107
108			$getterMethod = $this->getSetGetMethodName("get", $name);
109
110			if ($getterMethod && $this->{$getterMethod}() !== null) {
			0 ignored issues – show Bug Best Practice introduced 2017-11-24 08:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$getterMethod` of type `null\|string` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
111			$properties[$name] = $this->{$getterMethod}();
112
113			continue;
114			}
115
116			if (property_exists($this, $name) && $this->{$name} !== null) {
117			$properties[$name] = $this->{$name};
118			}
119			}
120
121			if ($validate) {
122			$this->validateProperties($properties);
123			}
124
125			return $properties;
126			}
127
128			/**
129			* Returns multipart properties
130			*
131			* @param bool $validate
132			*
133			* @return array
134			*/
135			public function getPropertiesMultipart(bool $validate = true): array
136			{
137			$requestProperties = [];
138			$properties = $this->getPropertiesArray($validate);
139
140			foreach ($properties as $k => $v) {
141			$requestProperties[] = [
142			'name' => $k,
143			'contents' => $v,
144			];
145			}
146
147			return $requestProperties;
148			}
149
150			/**
151			* Validates properties and checks which are required
152			*
153			* @param array $properties An associative array of the properties
154			*
155			* @throws PropertyException
156			*/
157			protected function validateProperties(array $properties)
158			{
159			foreach ($this->supportedProperties as $propertyName => $isRequired) {
160			if ($isRequired === true && empty($properties[$propertyName])) {
161			throw new PropertyException('Required property "'.$propertyName.'" is not set!');
162			}
163			}
164			}
165
166			/**
167			* Returns object's properties encoded as JSON string
168			*
169			* @param bool $validate Flag whether validation for required properties should be applied
170			*
171			* @return string
172			*/
173			public function asJson(bool $validate = true): string
174			{
175			$properties = $this->getPropertiesArray($validate);
176
177			return json_encode($properties);
178			}
179			}
180

GitHub Access Token became invalid

Issues (41)

Security Analysis no request data

src/Api/Traits/Property.php (1 issue)

Labels

Severity

Introduced By

rudestan / Teebot

GitHub Access Token became invalid

Issues (41)

Security Analysis no request data

src/Api/Traits/Property.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like