Issues in Builder.php (master) - Issues in master - samrap/acf-fluent - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Fluent/Builder.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Samrap\Acf\Fluent;

use BadMethodCallException;
use Samrap\Acf\Exceptions\BuilderException;

class Builder
{
    /**
     * The Builder's runner.
     *
     * @var \Samrap\Acf\Fluent\Runner
     */
    protected $runner;

    /**
     * An array of functions callable as methods of this class.
     *
     * @var array
     */
    protected $macros;

    /**
     * The field name or key to build off of.
     *
     * @var string
     */
    public $field;

    /**
     * The post ID to get the field from.
     *
     * @var int
     */
    public $id;

    /**
     * The internal type to expect when retrieving a value.
     *
     * @var string
     */
    public $expect;

    /**
     * The default value to use when retrieving a value that is null or does not
     * pass components added to the builder, such as the 'expect' component.
     *
     * @var mixed
     */
    public $default;

    /**
     * The function to use to escape a retrieved value.
     *
     * @var string
     */
    public $escape;

    /**
     * Whether or not to do shortcodes.
     *
     * @var bool
     */
    public $shortcodes;

    /*
     * Get the field raw (unformatted).
     *
     * @var bool
     */
    public $raw = false;

    /**
     * The regular expression that the field's value must match.
     *
     * @var string
     */
    public $matches;

    /**
     * Create a new Builder instance.
     *
     * @param  \Samrap\Acf\Fluent\Runner  $runner
     */
    public function __construct(Runner $runner, array $macros = [])
    {
        $this->runner = $runner;
        $this->macros = $macros;
    }

    /**
     * Get the runner instance.
     *
     * @return \Samrap\Acf\Fluent\Runner
     */
    public function getRunner()
    {
        return $this->runner;
    }

    /**
     * Set the field component.
     *
     * @param  string  $name
     * @return \Samrap\Acf\Fluent\Builder
     */
    public function field($name)
    {
        $this->field = $name;

        return $this;
    }

    /**
     * Set the post component.
     *
     * @param  int  $id
     * @return \Samrap\Acf\Fluent\Builder
     */
    public function id($id)
    {
        $this->id = $id;

        return $this;
    }

    /**
     * Set the expect component.
     *
     * @param  string  $type
     * @return \Samrap\Acf\Fluent\Builder
     */
    public function expect($type)
    {
        $this->expect = $type;

        return $this;
    }

    /**
     * Set the default component.
     *
     * @param  string  $default
     * @return \Samrap\Acf\Fluent\Builder
     */
    public function default($default)
    {
        $this->default = $default;

        return $this;
    }

    /**
     * Set the escape component.
     *
     * @param  callable  $func
     * @return \Samrap\Acf\Fluent\Builder
     */
    public function escape($func = 'esc_html')
    {
        // It is up to the runner to prevent malicious code.
        $this->escape = $func;


        return $this;
    }

    /**
     * Set the shortcodes component.
     *
     * @return \Samrap\Acf\Fluent\Builder
     */
    public function shortcodes()
    {
        $this->shortcodes = true;

        return $this;
    }

    /*
     * Set the raw component.
     *
     * @return \Samrap\Acf\Fluent\Builder
     */
    public function raw()
    {
        $this->raw = true;

        return $this;
    }

    /**
     * Set the matches component.
     *
     * @param  string  $pattern
     * @return \Samrap\Acf\Fluent\Builder
     */
    public function matches($pattern)
    {
        $this->matches = $pattern;

        return $this;
    }

    /**
     * Pass the builder to the runner's get method.
     *
     * @return mixed
     */
    public function get()
    {
        if (is_null($this->field)) {
            throw new BuilderException('Cannot get a null field.');
        }

        return $this->runner->get($this);
    }

    /**
     * Pass the builder and the given value to the runner's update method.
     *
     * @param  mixed  $value
     * @return void
     */
    public function update($value)
    {
        return $this->runner->update($this, $value);
    }

    /**
     * Call a macro if it exists.
     *
     * @param  string  $name
     * @param  array  $arguments
     * @return \Samrap\Acf\Fluent\Builder
     */
    public function __call($name, $arguments)
    {
        if (! isset($this->macros[$name])) {
            throw new BadMethodCallException(
                "The method or macro {$name} does not exist."
            );
        }

        $this->macros[$name]($this, ...$arguments);

        return $this;
    }
}


GitHub Access Token became invalid

Issues (3)

Security Analysis no request data

src/Fluent/Builder.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			namespace Samrap\Acf\Fluent;
4
5			use BadMethodCallException;
6			use Samrap\Acf\Exceptions\BuilderException;
7
8			class Builder
9			{
10			/**
11			* The Builder's runner.
12			*
13			* @var \Samrap\Acf\Fluent\Runner
14			*/
15			protected $runner;
16
17			/**
18			* An array of functions callable as methods of this class.
19			*
20			* @var array
21			*/
22			protected $macros;
23
24			/**
25			* The field name or key to build off of.
26			*
27			* @var string
28			*/
29			public $field;
30
31			/**
32			* The post ID to get the field from.
33			*
34			* @var int
35			*/
36			public $id;
37
38			/**
39			* The internal type to expect when retrieving a value.
40			*
41			* @var string
42			*/
43			public $expect;
44
45			/**
46			* The default value to use when retrieving a value that is null or does not
47			* pass components added to the builder, such as the 'expect' component.
48			*
49			* @var mixed
50			*/
51			public $default;
52
53			/**
54			* The function to use to escape a retrieved value.
55			*
56			* @var string
57			*/
58			public $escape;
59
60			/**
61			* Whether or not to do shortcodes.
62			*
63			* @var bool
64			*/
65			public $shortcodes;
66
67			/*
68			* Get the field raw (unformatted).
69			*
70			* @var bool
71			*/
72			public $raw = false;
73
74			/**
75			* The regular expression that the field's value must match.
76			*
77			* @var string
78			*/
79			public $matches;
80
81			/**
82			* Create a new Builder instance.
83			*
84			* @param \Samrap\Acf\Fluent\Runner $runner
85			*/
86			public function __construct(Runner $runner, array $macros = [])
87			{
88			$this->runner = $runner;
89			$this->macros = $macros;
90			}
91
92			/**
93			* Get the runner instance.
94			*
95			* @return \Samrap\Acf\Fluent\Runner
96			*/
97			public function getRunner()
98			{
99			return $this->runner;
100			}
101
102			/**
103			* Set the field component.
104			*
105			* @param string $name
106			* @return \Samrap\Acf\Fluent\Builder
107			*/
108			public function field($name)
109			{
110			$this->field = $name;
111
112			return $this;
113			}
114
115			/**
116			* Set the post component.
117			*
118			* @param int $id
119			* @return \Samrap\Acf\Fluent\Builder
120			*/
121			public function id($id)
122			{
123			$this->id = $id;
124
125			return $this;
126			}
127
128			/**
129			* Set the expect component.
130			*
131			* @param string $type
132			* @return \Samrap\Acf\Fluent\Builder
133			*/
134			public function expect($type)
135			{
136			$this->expect = $type;
137
138			return $this;
139			}
140
141			/**
142			* Set the default component.
143			*
144			* @param string $default
145			* @return \Samrap\Acf\Fluent\Builder
146			*/
147			public function default($default)
148			{
149			$this->default = $default;
150
151			return $this;
152			}
153
154			/**
155			* Set the escape component.
156			*
157			* @param callable $func
158			* @return \Samrap\Acf\Fluent\Builder
159			*/
160			public function escape($func = 'esc_html')
161			{
162			// It is up to the runner to prevent malicious code.
163			$this->escape = $func;
			0 ignored issues – show Documentation Bug introduced 2018-01-03 23:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$func` of type `callable` is incompatible with the declared type `string` of property `$escape`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
164
165			return $this;
166			}
167
168			/**
169			* Set the shortcodes component.
170			*
171			* @return \Samrap\Acf\Fluent\Builder
172			*/
173			public function shortcodes()
174			{
175			$this->shortcodes = true;
176
177			return $this;
178			}
179
180			/*
181			* Set the raw component.
182			*
183			* @return \Samrap\Acf\Fluent\Builder
184			*/
185			public function raw()
186			{
187			$this->raw = true;
188
189			return $this;
190			}
191
192			/**
193			* Set the matches component.
194			*
195			* @param string $pattern
196			* @return \Samrap\Acf\Fluent\Builder
197			*/
198			public function matches($pattern)
199			{
200			$this->matches = $pattern;
201
202			return $this;
203			}
204
205			/**
206			* Pass the builder to the runner's get method.
207			*
208			* @return mixed
209			*/
210			public function get()
211			{
212			if (is_null($this->field)) {
213			throw new BuilderException('Cannot get a null field.');
214			}
215
216			return $this->runner->get($this);
217			}
218
219			/**
220			* Pass the builder and the given value to the runner's update method.
221			*
222			* @param mixed $value
223			* @return void
224			*/
225			public function update($value)
226			{
227			return $this->runner->update($this, $value);
228			}
229
230			/**
231			* Call a macro if it exists.
232			*
233			* @param string $name
234			* @param array $arguments
235			* @return \Samrap\Acf\Fluent\Builder
236			*/
237			public function __call($name, $arguments)
238			{
239			if (! isset($this->macros[$name])) {
240			throw new BadMethodCallException(
241			"The method or macro {$name} does not exist."
242			);
243			}
244
245			$this->macros[$name]($this, ...$arguments);
246
247			return $this;
248			}
249			}
250

samrap / acf-fluent

GitHub Access Token became invalid

Issues (3)

Security Analysis no request data

src/Fluent/Builder.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like