Issues in Renderable.php (master) - Issues in master - samsoncms/api - Measure and Improve Code Quality continuously with Scrutinizer

Issues (168)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Renderable.php (2 issues)

Labels

Bug 2

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Created by Vitaly Iegorov <[email protected]>.
 * on 19.03.16 at 16:02
 */
namespace samsoncms\api;

use samsoncms\api\exception\RenderableViewNotSet;
use samsonframework\core\ViewInterface;
use samsonframework\view\View;

define('RENDERABLE_ITEMS_VARIABLE', 'items');
define('RENDERABLE_ITEM_VARIABLE', 'item');

/**
 * Generic renderable methods and variables.
 *
 * @package samsoncms\api
 */
trait Renderable
{
    /** @var string|callable Block view file or callback */
    protected $indexView;

    /** @var string|callable Item view file or callback */
    protected $itemView;

    /** @var string|callable Empty view file or callback */
    protected $emptyView;

    /** @var ViewInterface View render object */
    protected $renderer;

    /** @var int Count of entities on one page */
    protected $pageSize;

    /** @var int Current page number */
    protected $pageNumber;

    /**
     * Set pagination for SamsonCMS query.
     *
     * @param int      $pageNumber Result page number
     * @param int|null $pageSize   Results page size
     *
     * @return $this Chaining
     */
    public function pager($pageNumber, $pageSize = null)
    {
        $this->pageNumber = $pageNumber;
        $this->pageSize = null !== $pageSize ? $pageSize : $this->pageSize;

        return $this;
    }

    /**
     * Set index view path.
     *
     * @param string|callable|View $indexView Index view path or callback
     *
     * @return $this Chaining
     */
    public function indexView($indexView)
    {
        $this->indexView = $indexView;
        return $this;
    }

    /**
     * Set item view path.
     *
     * @param string|callable|View $itemView Item view path or callback
     *
     * @return $this Chaining
     */
    public function itemView($itemView)
    {
        $this->itemView = $itemView;

        return $this;
    }

    /**
     * Set empty view path.
     *
     * @param string|callable|View $emptyView Empty view path or callback
     *
     * @return $this Chaining
     */
    public function emptyView($emptyView)
    {
        $this->emptyView = $emptyView;
        return $this;
    }

    /**
     * Render Entity collection item.
     *
     * @param mixed $item SamsonCMS entity for rendering
     *
     * @return string Rendered HTML
     */
    public function renderItem($item)
    {
        // Set correct renderer old style or new \samsonframework\view
        $renderer = ($this->itemView instanceof View)
            ? $this->itemView
            : $this->renderer->view($this->itemView);

        return $renderer
            ->set($item, RENDERABLE_ITEM_VARIABLE)
            ->output();

    }

    /**
     * Render empty collection item.
     *
     * @return string Rendered HTML
     */
    public function renderEmpty()
    {
        // Set correct renderer old style or new \samsonframework\view
        $renderer = ($this->emptyView instanceof View)
            ? $this->emptyView
            : $this->renderer->view($this->emptyView);

        return $renderer->output();
    }

    /**
     * Render Entity collection index.
     *
     * @param string $items Collection of rendered items
     *
     * @return string Rendered HTML
     */
    public function renderIndex($items)
    {
        // Set correct renderer old style or new \samsonframework\view
        $renderer = ($this->indexView instanceof View)
            ? $this->indexView
            : $this->renderer->view($this->indexView);

        return $renderer
            ->set($items, RENDERABLE_ITEMS_VARIABLE)
            ->output();
    }

    /** @return string Rendered fields table */
    public function __toString()
    {
        return $this->output();
    }

    /** @return string Rendered HTML for fields table */
    public function output()
    {
        // Validate renderable views
        if ($this->indexView === null) {
            throw new RenderableViewNotSet('indexView');
        }

        if ($this->itemView === null) {
            throw new RenderableViewNotSet('itemView');
        }

        if ($this->emptyView === null) {
            throw new RenderableViewNotSet('emptyView');
        }

        // Perform SamsonCMS query
        $collection = $this->find($this->pageNumber, $this->pageSize);
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}

        if (count($collection)) {
            return $this->renderer($collection);
        } else { // Render empty entity view
            return $this->innerRender('', $collection, 'emptyView', 'renderEmpty');
        }
    }

    /**
     * Collection items renderer.
     *
     * @param mixed $collection Items collection for rendering
     * @return string Rendered items
     */
    protected function renderer($collection)
    {
        // Render each entity view in collection
        $html = '';
        foreach ($collection as $row) {
            $html .= $this->innerRender($row, $collection, 'itemView', 'renderItem');
        }

        // Render collection main view with items
        return $this->innerRender($html, $collection, 'indexView', 'renderIndex');
    }

    /**
     * Generic view renderer.
     *
     * @param mixed    $item
     * @param Entity[] $collection
     * @param string   $variableName
     * @param string   $methodName
     *
     * @return mixed Rendered view
     */
    protected function innerRender($item, $collection, $variableName, $methodName)
    {
        return is_callable($this->$variableName)
            ? call_user_func($this->$variableName, $item, $this->renderer, $this->query, $collection)
class MyClass { }

$x = new MyClass();
$x->foo = true;
            : $this->$methodName($item);
    }
}


1			<?php
2			/**
3			* Created by Vitaly Iegorov <[email protected]>.
4			* on 19.03.16 at 16:02
5			*/
6			namespace samsoncms\api;
7
8			use samsoncms\api\exception\RenderableViewNotSet;
9			use samsonframework\core\ViewInterface;
10			use samsonframework\view\View;
11
12			define('RENDERABLE_ITEMS_VARIABLE', 'items');
13			define('RENDERABLE_ITEM_VARIABLE', 'item');
14
15			/**
16			* Generic renderable methods and variables.
17			*
18			* @package samsoncms\api
19			*/
20			trait Renderable
21			{
22			/** @var string\|callable Block view file or callback */
23			protected $indexView;
24
25			/** @var string\|callable Item view file or callback */
26			protected $itemView;
27
28			/** @var string\|callable Empty view file or callback */
29			protected $emptyView;
30
31			/** @var ViewInterface View render object */
32			protected $renderer;
33
34			/** @var int Count of entities on one page */
35			protected $pageSize;
36
37			/** @var int Current page number */
38			protected $pageNumber;
39
40			/**
41			* Set pagination for SamsonCMS query.
42			*
43			* @param int $pageNumber Result page number
44			* @param int\|null $pageSize Results page size
45			*
46			* @return $this Chaining
47			*/
48			public function pager($pageNumber, $pageSize = null)
49			{
50			$this->pageNumber = $pageNumber;
51			$this->pageSize = null !== $pageSize ? $pageSize : $this->pageSize;
52
53			return $this;
54			}
55
56			/**
57			* Set index view path.
58			*
59			* @param string\|callable\|View $indexView Index view path or callback
60			*
61			* @return $this Chaining
62			*/
63			public function indexView($indexView)
64			{
65			$this->indexView = $indexView;
66			return $this;
67			}
68
69			/**
70			* Set item view path.
71			*
72			* @param string\|callable\|View $itemView Item view path or callback
73			*
74			* @return $this Chaining
75			*/
76			public function itemView($itemView)
77			{
78			$this->itemView = $itemView;
79
80			return $this;
81			}
82
83			/**
84			* Set empty view path.
85			*
86			* @param string\|callable\|View $emptyView Empty view path or callback
87			*
88			* @return $this Chaining
89			*/
90			public function emptyView($emptyView)
91			{
92			$this->emptyView = $emptyView;
93			return $this;
94			}
95
96			/**
97			* Render Entity collection item.
98			*
99			* @param mixed $item SamsonCMS entity for rendering
100			*
101			* @return string Rendered HTML
102			*/
103			public function renderItem($item)
104			{
105			// Set correct renderer old style or new \samsonframework\view
106			$renderer = ($this->itemView instanceof View)
107			? $this->itemView
108			: $this->renderer->view($this->itemView);
109
110			return $renderer
111			->set($item, RENDERABLE_ITEM_VARIABLE)
112			->output();
113
114			}
115
116			/**
117			* Render empty collection item.
118			*
119			* @return string Rendered HTML
120			*/
121			public function renderEmpty()
122			{
123			// Set correct renderer old style or new \samsonframework\view
124			$renderer = ($this->emptyView instanceof View)
125			? $this->emptyView
126			: $this->renderer->view($this->emptyView);
127
128			return $renderer->output();
129			}
130
131			/**
132			* Render Entity collection index.
133			*
134			* @param string $items Collection of rendered items
135			*
136			* @return string Rendered HTML
137			*/
138			public function renderIndex($items)
139			{
140			// Set correct renderer old style or new \samsonframework\view
141			$renderer = ($this->indexView instanceof View)
142			? $this->indexView
143			: $this->renderer->view($this->indexView);
144
145			return $renderer
146			->set($items, RENDERABLE_ITEMS_VARIABLE)
147			->output();
148			}
149
150			/** @return string Rendered fields table */
151			public function __toString()
152			{
153			return $this->output();
154			}
155
156			/** @return string Rendered HTML for fields table */
157			public function output()
158			{
159			// Validate renderable views
160			if ($this->indexView === null) {
161			throw new RenderableViewNotSet('indexView');
162			}
163
164			if ($this->itemView === null) {
165			throw new RenderableViewNotSet('itemView');
166			}
167
168			if ($this->emptyView === null) {
169			throw new RenderableViewNotSet('emptyView');
170			}
171
172			// Perform SamsonCMS query
173			$collection = $this->find($this->pageNumber, $this->pageSize);
			0 ignored issues – show Bug introduced 2016-03-19 15:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `find()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
174
175			if (count($collection)) {
176			return $this->renderer($collection);
177			} else { // Render empty entity view
178			return $this->innerRender('', $collection, 'emptyView', 'renderEmpty');
179			}
180			}
181
182			/**
183			* Collection items renderer.
184			*
185			* @param mixed $collection Items collection for rendering
186			* @return string Rendered items
187			*/
188			protected function renderer($collection)
189			{
190			// Render each entity view in collection
191			$html = '';
192			foreach ($collection as $row) {
193			$html .= $this->innerRender($row, $collection, 'itemView', 'renderItem');
194			}
195
196			// Render collection main view with items
197			return $this->innerRender($html, $collection, 'indexView', 'renderIndex');
198			}
199
200			/**
201			* Generic view renderer.
202			*
203			* @param mixed $item
204			* @param Entity[] $collection
205			* @param string $variableName
206			* @param string $methodName
207			*
208			* @return mixed Rendered view
209			*/
210			protected function innerRender($item, $collection, $variableName, $methodName)
211			{
212			return is_callable($this->$variableName)
213			? call_user_func($this->$variableName, $item, $this->renderer, $this->query, $collection)
			0 ignored issues – show Bug introduced 2016-03-19 15:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `query` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
214			: $this->$methodName($item);
215			}
216			}
217

samsoncms / api

Issues (168)

Security Analysis no request data

src/Renderable.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like