Issues in Application.php (master) - Issues in master - samsoncms/api - Measure and Improve Code Quality continuously with Scrutinizer

Issues (168)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/generator/Application.php (2 issues)

Labels

Unused Code 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
//[PHPCOMPRESSOR(remove,start)]
/**
 * Created by Vitaly Iegorov <[email protected]>.
 * on 23.03.16 at 14:51
 */
namespace samsoncms\api\generator;

use samsonphp\generator\Generator;

/**
 * SamsonCMS application classes generator.
 *
 * @package samsoncms\application\generator
 */
class Application extends \samsoncms\api\generator\Generic
{
    /** Default control class name */
    const DEFAULT_GENERIC_CONTROL_TYPE = 'Control';

    /** Path to index view of main page */
    const MAIN_INDEX_VIEW = 'www/main_application/index';

    /** Path to item view of main page */
    const MAIN_ITEM_VIEW = 'www/main_application/row';

    /**
     * Query constructor.
     *
     * @param Generator $generator
     * @param           $metadata
     */
    public function __construct(Generator $generator, $metadata)
    {
        parent::__construct($generator, $metadata);

        $this->className .= 'Application';
    }

    public function createSubMenuView(Metadata $metadata, $namespace = __NAMESPACE__)

    {

        $code = <<<'EOD'

    <li>
        <a class="sub_menu_a <?php if(isv('all_materials')):?>active<?php endif?>" href="<?php module_url()?>">
            <i class="icon2 icon2-list"></i>
            <?=$appName?>
        </a>
    </li>
    <li>
        <a class="sub_menu_a <?php if(isv('new_material')):?>active<?php endif?>" href="<?php module_url('new');?>">
            <i class="icon2 icon2-plus"></i> <?php t('Add'); ?> <?=lcfirst($appName);?> <?php t('item')?>
        </a>
    </li>

EOD;

        return str_replace('{{fields}}', implode(',', array_merge(array(), array("\n\t\t\t" . 'new Control()'. "\n\t\t"))), $code);
    }

    /**
     * Render method for rendering view of entity on main page
     * @param $entityName
     * @return string
     */
    public function renderViewsOnMainPage($entityName)
    {

        $code = <<<'EOD'

    /** Output for main page1 */
    public function main()
    {
        // Get module id
        $moduleId = $this->id;

        // Get module description
        $navName = $this->description;

        // Get path to views
        $mainIndexView = $this->mainIndexView;
        $mainItemView = $this->mainItemView;

        // Return material block HTML on main page
        /*return (new \samsoncms\api\generated\{{collection_name}}Collection($this))
            // Render index
            ->indexView(function($html, $renderer) use ($navName, $mainIndexView) {
                return $renderer->view($mainIndexView)
                    ->set($html, \samsoncms\api\renderable\Collection::ITEMS_VIEW_VARIABLE)
                    ->navName($navName)
                    ->output();
            })
            // Render item
            ->itemView(function($item, $renderer) use ($moduleId, $mainItemView) {
                return $renderer->view($mainItemView)
                    ->set($item, \samsoncms\api\renderable\Collection::ITEM_VIEW_VARIABLE)
                    //->user(m('social')->user())
                    ->moduleId($moduleId)
                    ->output();
            })
            ->output();*/
    }
EOD;

        return str_replace(array('{{collection_name}}'), array($entityName), $code);
    }

    /**
     * Class definition generation part.
     *
     * @param \samsoncms\api\generator\metadata\ApplicationMetadata $metadata Entity metadata
     */
    protected function createDefinition($metadata)
    {
        $this->generator
            ->multiComment(array('Class application for "' . $metadata->name . '"'))
            ->defClass($this->className, '\\' . \samsoncms\app\material\Application::class);
    }

    /**
     * Class fields generation part.
     *
     * @param \samsoncms\api\generator\metadata\ApplicationMetadata $metadata Entity metadata
     */
    protected function createFields($metadata)
    {
        $this->generator
            ->commentVar('string', 'Application name')
            ->defVar('public $name', $metadata->name)
            ->commentVar('string', 'Application description')
            ->defVar('public $description', $metadata->description)
            ->commentVar('string', 'Identifier')
            ->defVar('protected $id', $metadata->entity)
            ->commentVar('string', 'Icon class')
            ->defVar('public $icon', $metadata->iconApplication)
            ->commentVar('bool', 'Flag for hiding Application icon in main menu')
            ->defClassVar('$hide', 'public', !$metadata->showApplication ? 1 : 0)
            ->commentVar('string', 'Path to rendering index view in main page')
            ->defClassVar('$mainIndexView', 'public', self::MAIN_INDEX_VIEW)
            ->commentVar('string', 'Path to rendering item view in main page')
            ->defClassVar('$mainItemView', 'public', self::MAIN_ITEM_VIEW)
            ->commentVar('array', 'Collection of structures related to entity')
            ->defClassVar('$navigation', 'public static', (int)$metadata->identifier)
            ->commentVar('array', 'All structures which have to have material at creation')
            ->defClassVar('$structures', 'public static', array_merge(array($metadata->entityID), $metadata->childNavigationIDs))
            ->commentVar('string', 'Collection class name for rendering entities collection')
            ->defClassVar('$collectionClass', 'protected', $metadata->entityClassName . 'Collection');
    }

    /**
     * Class constructor generation part.
     *
     * @param \samsoncms\api\generator\metadata\VirtualMetadata $metadata Entity metadata
     */
    protected function createConstructor($metadata)
    {
        $constructorCode = <<<'EOD'
    /**
     * Render materials list with pager
     *
     * @param string $navigationId Structure identifier
     * @param string $search Keywords to filter table
     * @param int $page Current table page
     * @return array Asynchronous response containing status and materials list with pager on success
     * or just status on asynchronous controller failure
     */
    public function __async_collection($navigationId = '0', $search = '', $page = 1)
    {
        return parent::__async_collection(self::$navigation, $search, $page);
    }
EOD;

        $this->generator->text($constructorCode);
    }
}
//[PHPCOMPRESSOR(remove,end)]


1			<?php
2			//[PHPCOMPRESSOR(remove,start)]
3			/**
4			* Created by Vitaly Iegorov <[email protected]>.
5			* on 23.03.16 at 14:51
6			*/
7			namespace samsoncms\api\generator;
8
9			use samsonphp\generator\Generator;
10
11			/**
12			* SamsonCMS application classes generator.
13			*
14			* @package samsoncms\application\generator
15			*/
16			class Application extends \samsoncms\api\generator\Generic
17			{
18			/** Default control class name */
19			const DEFAULT_GENERIC_CONTROL_TYPE = 'Control';
20
21			/** Path to index view of main page */
22			const MAIN_INDEX_VIEW = 'www/main_application/index';
23
24			/** Path to item view of main page */
25			const MAIN_ITEM_VIEW = 'www/main_application/row';
26
27			/**
28			* Query constructor.
29			*
30			* @param Generator $generator
31			* @param $metadata
32			*/
33			public function __construct(Generator $generator, $metadata)
34			{
35			parent::__construct($generator, $metadata);
36
37			$this->className .= 'Application';
38			}
39
40			public function createSubMenuView(Metadata $metadata, $namespace = __NAMESPACE__)
			0 ignored issues – show Unused Code introduced 2016-03-25 15:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$metadata` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2016-03-25 15:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$namespace` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
41			{
42
43			$code = <<<'EOD'
44
45			<li>
46			<a class="sub_menu_a <?php if(isv('all_materials')):?>active<?php endif?>" href="<?php module_url()?>">
47			<i class="icon2 icon2-list"></i>
48			<?=$appName?>
49			</a>
50			</li>
51			<li>
52			<a class="sub_menu_a <?php if(isv('new_material')):?>active<?php endif?>" href="<?php module_url('new');?>">
53			<i class="icon2 icon2-plus"></i> <?php t('Add'); ?> <?=lcfirst($appName);?> <?php t('item')?>
54			</a>
55			</li>
56
57			EOD;
58
59			return str_replace('{{fields}}', implode(',', array_merge(array(), array("\n\t\t\t" . 'new Control()'. "\n\t\t"))), $code);
60			}
61
62			/**
63			* Render method for rendering view of entity on main page
64			* @param $entityName
65			* @return string
66			*/
67			public function renderViewsOnMainPage($entityName)
68			{
69
70			$code = <<<'EOD'
71
72			/** Output for main page1 */
73			public function main()
74			{
75			// Get module id
76			$moduleId = $this->id;
77
78			// Get module description
79			$navName = $this->description;
80
81			// Get path to views
82			$mainIndexView = $this->mainIndexView;
83			$mainItemView = $this->mainItemView;
84
85			// Return material block HTML on main page
86			/*return (new \samsoncms\api\generated\{{collection_name}}Collection($this))
87			// Render index
88			->indexView(function($html, $renderer) use ($navName, $mainIndexView) {
89			return $renderer->view($mainIndexView)
90			->set($html, \samsoncms\api\renderable\Collection::ITEMS_VIEW_VARIABLE)
91			->navName($navName)
92			->output();
93			})
94			// Render item
95			->itemView(function($item, $renderer) use ($moduleId, $mainItemView) {
96			return $renderer->view($mainItemView)
97			->set($item, \samsoncms\api\renderable\Collection::ITEM_VIEW_VARIABLE)
98			//->user(m('social')->user())
99			->moduleId($moduleId)
100			->output();
101			})
102			->output();*/
103			}
104			EOD;
105
106			return str_replace(array('{{collection_name}}'), array($entityName), $code);
107			}
108
109			/**
110			* Class definition generation part.
111			*
112			* @param \samsoncms\api\generator\metadata\ApplicationMetadata $metadata Entity metadata
113			*/
114			protected function createDefinition($metadata)
115			{
116			$this->generator
117			->multiComment(array('Class application for "' . $metadata->name . '"'))
118			->defClass($this->className, '\\' . \samsoncms\app\material\Application::class);
119			}
120
121			/**
122			* Class fields generation part.
123			*
124			* @param \samsoncms\api\generator\metadata\ApplicationMetadata $metadata Entity metadata
125			*/
126			protected function createFields($metadata)
127			{
128			$this->generator
129			->commentVar('string', 'Application name')
130			->defVar('public $name', $metadata->name)
131			->commentVar('string', 'Application description')
132			->defVar('public $description', $metadata->description)
133			->commentVar('string', 'Identifier')
134			->defVar('protected $id', $metadata->entity)
135			->commentVar('string', 'Icon class')
136			->defVar('public $icon', $metadata->iconApplication)
137			->commentVar('bool', 'Flag for hiding Application icon in main menu')
138			->defClassVar('$hide', 'public', !$metadata->showApplication ? 1 : 0)
139			->commentVar('string', 'Path to rendering index view in main page')
140			->defClassVar('$mainIndexView', 'public', self::MAIN_INDEX_VIEW)
141			->commentVar('string', 'Path to rendering item view in main page')
142			->defClassVar('$mainItemView', 'public', self::MAIN_ITEM_VIEW)
143			->commentVar('array', 'Collection of structures related to entity')
144			->defClassVar('$navigation', 'public static', (int)$metadata->identifier)
145			->commentVar('array', 'All structures which have to have material at creation')
146			->defClassVar('$structures', 'public static', array_merge(array($metadata->entityID), $metadata->childNavigationIDs))
147			->commentVar('string', 'Collection class name for rendering entities collection')
148			->defClassVar('$collectionClass', 'protected', $metadata->entityClassName . 'Collection');
149			}
150
151			/**
152			* Class constructor generation part.
153			*
154			* @param \samsoncms\api\generator\metadata\VirtualMetadata $metadata Entity metadata
155			*/
156			protected function createConstructor($metadata)
157			{
158			$constructorCode = <<<'EOD'
159			/**
160			* Render materials list with pager
161			*
162			* @param string $navigationId Structure identifier
163			* @param string $search Keywords to filter table
164			* @param int $page Current table page
165			* @return array Asynchronous response containing status and materials list with pager on success
166			* or just status on asynchronous controller failure
167			*/
168			public function __async_collection($navigationId = '0', $search = '', $page = 1)
169			{
170			return parent::__async_collection(self::$navigation, $search, $page);
171			}
172			EOD;
173
174			$this->generator->text($constructorCode);
175			}
176			}
177			//[PHPCOMPRESSOR(remove,end)]
178

samsoncms / api

Issues (168)

Security Analysis no request data

src/generator/Application.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like