GitHub Access Token became invalid

It seems like the GitHub access token used for retrieving details about this repository from GitHub became invalid. This might prevent certain types of inspections from being run (in particular, everything related to pull requests).
Please ask an admin of your repository to re-new the access token on this website.

Issues (41)

Security Analysis    no request data  

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  Header Injection
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Configuration/AbstractLoader.php (3 issues)

1
<?php
2
3
declare(strict_types=1);
4
5
namespace Teebot\Configuration;
6
7
use Symfony\Component\Config\{
8
    Definition\Processor,
9
    Definition\ConfigurationInterface,
10
    Exception\FileLoaderLoadException,
11
    FileLocator
12
};
13
use Symfony\Component\Yaml\Yaml;
14
use Dotenv\{
15
    Dotenv,
16
    Exception\InvalidPathException
17
};
18
19
/**
20
 * Abstract configuration loader
21
 *
22
 * @package Teebot\Configuration
23
 */
24
abstract class AbstractLoader
25
{
26
    protected const FILE_NAME = 'config%s.yml';
27
28
    /**
29
     * @var string $path
30
     */
31
    protected $path;
32
33
    /**
34
     * @var string $fileName
35
     */
36
    protected $fileName;
37
38
    /**
39
     * @param string $path
40
     */
41
    public function __construct(string $path)
42
    {
43
        $this->initEnv($path);
44
45
        $this->path     = $path;
46
        $this->fileName = $this->getFileName();
47
    }
48
49
    /**
50
     * Loads configuration
51
     *
52
     * @return ContainerInterface
53
     */
54
    public function load(): ContainerInterface
55
    {
56
        $configFile = $this->getConfigFile();
57
        $data       = Yaml::parse(file_get_contents($configFile));
58
59
        return $this->loadFromArray($data);
60
    }
61
62
    /**
63
     * Loads configuration from array
64
     *
65
     * @param array $configData
66
     *
67
     * @return ContainerInterface
68
     */
69
    public function loadFromArray(array $configData): ContainerInterface
70
    {
71
        $config = $this->processConfig($configData);
72
73
        return $this->initContainer($config);
74
    }
75
76
    /**
77
     * Returns config file name based on the current environment
78
     *
79
     * @return string
80
     */
81
    protected function getFileName(): string
82
    {
83
        $env = getenv('ENV') ? '_' . getenv('ENV') : '';
84
85
        return sprintf(static::FILE_NAME, $env);
86
    }
87
88
    /**
89
     * Initializes and loads the DotEnv, suppress the DotEnv exception to continue loading process
90
     *
91
     * @param string $path
92
     */
93
    protected function initEnv(string $path)
94
    {
95
        try {
96
            $dotenv = new Dotenv($path);
97
            $dotenv->load();
98
        } catch (InvalidPathException $e) {
0 ignored issues
show
Coding Style Comprehensibility introduced by
Consider adding a comment why this CATCH block is empty.
Loading history...
99
        }
100
    }
101
102
    /**
103
     * Returns path to config file
104
     *
105
     * @return string
106
     *
107
     * @throws FileLoaderLoadException
108
     */
109
    protected function getConfigFile(): string
110
    {
111
        $locator    = new FileLocator($this->path);
112
        $configFile = $locator->locate($this->fileName, null, true);
113
114
        if (!is_readable($configFile)) {
0 ignored issues
show
It seems like $configFile can also be of type array; however, parameter $filename of is_readable() does only seem to accept string, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

114
        if (!is_readable(/** @scrutinizer ignore-type */ $configFile)) {
Loading history...
115
            throw new FileLoaderLoadException('Config file is not readable!');
116
        }
117
118
        return $configFile;
0 ignored issues
show
Bug Best Practice introduced by
The expression return $configFile could return the type array which is incompatible with the type-hinted return string. Consider adding an additional type-check to rule them out.
Loading history...
119
    }
120
121
    /**
122
     * Processes the config
123
     *
124
     * @param array $data
125
     *
126
     * @return array
127
     */
128
    protected function processConfig(array $data): array
129
    {
130
        $processor       = new Processor();
131
        $configuration   = $this->getConfiguration();
132
        $processedConfig = $processor->processConfiguration($configuration, $data);
133
134
        return $processedConfig;
135
    }
136
137
    /**
138
     * @return ConfigurationInterface
139
     */
140
    abstract protected function getConfiguration(): ConfigurationInterface;
141
142
    /**
143
     * @param array $config
144
     *
145
     * @return ContainerInterface
146
     */
147
    abstract protected function initContainer(array $config): ContainerInterface;
148
}
149