Issues in OVHConfiguration.php (master) - Issues in master - sausin/laravel-ovh - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/OVHConfiguration.php (1 issue)

Labels

Bug 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Sausin\LaravelOvh;

use BadMethodCallException;

class OVHConfiguration
{
    /**
     * Returns the Project Auth Server URL.
     *
     * @return string
     */
    protected string $authUrl;


    /**
     * Returns the Project ID.
     *
     * @return string
     */
    protected string $projectId;

    /**
     * Returns the Project Region.
     * It could be one of the following:
     *  - BHS
     *  - DE
     *  - GRA
     *  - SBG
     *  - UK
     *  - WAW
     * Make sure to check your container's region at OVH's Dashboard.
     *
     * @return string
     */
    protected string $region;

    /**
     * Returns the User Domain in the Project.
     * OVH uses the "Default" region by... default...
     *
     * @return string
     */
    protected string $userDomain;

    /**
     * Returns the Project Username.
     *
     * @return string
     */
    protected string $username;

    /**
     * Returns the Password for the current User.
     *
     * @return string
     */
    protected string $password;

    /**
     * Returns the name of the desired Container.
     *
     * @return string
     */
    protected string $containerName;

    /**
     * OPTIONAL.
     *
     * Returns the pre-assigned Temp Url Key of either the Container or Project.
     * This is used to generate Temporary Access Urls for files in the container.
     *
     * Returns NULL if there's no Temp Url Key specified.
     *
     * @return string|null
     */
    protected ?string $tempUrlKey;

    /**
     * OPTIONAL.
     *
     * Returns the Custom Endpoint configured for the container.
     *
     * Returns NULL if there's no Custom Endpoint.
     *
     * @return string|null
     */
    protected ?string $endpoint;

    /**
     * OPTIONAL.
     *
     * Returns Object Threshold, used while uploading large files.
     *
     * Returns NULL if disabled.
     *
     * @return string|null
     */
    protected ?string $swiftLargeObjectThreshold;

    /**
     * OPTIONAL.
     *
     * Returns Object Segment Size, used while uploading large files.
     *
     * Returns NULL if disabled.
     *
     * @return string|null
     */
    protected ?string $swiftSegmentSize;

    /**
     * OPTIONAL.
     *
     * Returns Segment Container Name, used while uploading large files.
     *
     * Returns NULL if disabled. Will use Container Name.
     *
     * @return string|null
     */
    protected ?string $swiftSegmentContainer;

    /**
     * OPTIONAL.
     *
     * Returns the time in seconds on which an object should
     * be deleted from de Container after being uploaded.
     *
     * Returns NULL if uploaded objects should not be deleted
     * by default.
     *
     * @return int|null
     */
    protected ?int $deleteAfter;

    /**
     * OPTIONAL.
     *
     * Prefixes all paths with this valus. Useful in multi-tenant setups
     *
     * Returns NULL if disabled.
     *
     * @return string|null
     */
    protected ?string $prefix;

    /**
     * OVHConfiguration constructor.
     */
    protected function __construct()
    {
    }

    /**
     * Creates a new OVHConfiguration instance.
     *
     * @param array $config
     * @return static
     */
    public static function make(array $config): self
    {
        $neededKeys = ['authUrl', 'projectId', 'region', 'userDomain', 'username', 'password', 'containerName'];
        $missingKeys = array_diff($neededKeys, array_keys($config));

        if (count($missingKeys) > 0) {
            throw new BadMethodCallException('The following keys must be provided: '.implode(', ', $missingKeys));
        }

        return (new self())
            ->setAuthUrl($config['authUrl'])
            ->setProjectId($config['projectId'])
            ->setRegion($config['region'])
            ->setUserDomain($config['userDomain'])
            ->setUsername($config['username'])
            ->setPassword($config['password'])
            ->setContainerName($config['containerName'])
            ->setTempUrlKey($config['tempUrlKey'] ?? null)
            ->setEndpoint($config['endpoint'] ?? null)
            ->setSwiftLargeObjectThreshold($config['swiftLargeObjectThreshold'] ?? null)
            ->setSwiftSegmentSize($config['swiftSegmentSize'] ?? null)
            ->setSwiftSegmentContainer($config['swiftSegmentContainer'] ?? null)
            ->setDeleteAfter($config['deleteAfter'] ?? null)
            ->setPrefix($config['prefix'] ?? null);
    }

    /**
     * @return string
     */
    public function getAuthUrl(): string
    {
        return $this->authUrl;
    }

    /**
     * @param string $authUrl
     * @return OVHConfiguration
     */
    public function setAuthUrl(string $authUrl): self
    {
        $this->authUrl = $authUrl;

        return $this;
    }

    /**
     * @return string
     */
    public function getProjectId(): string
    {
        return $this->projectId;
    }

    /**
     * @param string $projectId
     * @return OVHConfiguration
     */
    public function setProjectId(string $projectId): self
    {
        $this->projectId = $projectId;

        return $this;
    }

    /**
     * @return string
     */
    public function getRegion(): string
    {
        return $this->region;
    }

    /**
     * @param string $region
     * @return OVHConfiguration
     */
    public function setRegion(string $region): self
    {
        $this->region = $region;

        return $this;
    }

    /**
     * @return string
     */
    public function getUserDomain(): string
    {
        return $this->userDomain;
    }

    /**
     * @param string $userDomain
     * @return OVHConfiguration
     */
    public function setUserDomain(string $userDomain): self
    {
        $this->userDomain = $userDomain;

        return $this;
    }

    /**
     * @return string
     */
    public function getUsername(): string
    {
        return $this->username;
    }

    /**
     * @param string $username
     * @return OVHConfiguration
     */
    public function setUsername(string $username): self
    {
        $this->username = $username;

        return $this;
    }

    /**
     * @return string
     */
    public function getPassword(): string
    {
        return $this->password;
    }

    /**
     * @param string $password
     * @return OVHConfiguration
     */
    public function setPassword(string $password): self
    {
        $this->password = $password;

        return $this;
    }

    /**
     * @return string
     */
    public function getContainerName(): string
    {
        return $this->containerName;
    }

    /**
     * @param string $containerName
     * @return OVHConfiguration
     */
    public function setContainerName(string $containerName): self
    {
        $this->containerName = $containerName;

        return $this;
    }

    /**
     * @return string|null
     */
    public function getTempUrlKey(): ?string
    {
        return $this->tempUrlKey;
    }

    /**
     * @param string|null $tempUrlKey
     * @return OVHConfiguration
     */
    public function setTempUrlKey(?string $tempUrlKey): self
    {
        $this->tempUrlKey = $tempUrlKey;

        return $this;
    }

    /**
     * @return string|null
     */
    public function getEndpoint(): ?string
    {
        return $this->endpoint;
    }

    /**
     * @param string|null $endpoint
     * @return OVHConfiguration
     */
    public function setEndpoint(?string $endpoint): self
    {
        $this->endpoint = $endpoint;

        return $this;
    }

    /**
     * @return string|null
     */
    public function getSwiftLargeObjectThreshold(): ?string
    {
        return $this->swiftLargeObjectThreshold;
    }

    /**
     * @param string|null $swiftLargeObjectThreshold
     * @return OVHConfiguration
     */
    public function setSwiftLargeObjectThreshold(?string $swiftLargeObjectThreshold): self
    {
        $this->swiftLargeObjectThreshold = $swiftLargeObjectThreshold;

        return $this;
    }

    /**
     * @return string|null
     */
    public function getSwiftSegmentSize(): ?string
    {
        return $this->swiftSegmentSize;
    }

    /**
     * @param string|null $swiftSegmentSize
     * @return OVHConfiguration
     */
    public function setSwiftSegmentSize(?string $swiftSegmentSize): self
    {
        $this->swiftSegmentSize = $swiftSegmentSize;

        return $this;
    }

    /**
     * @return string|null
     */
    public function getSwiftSegmentContainer(): ?string
    {
        return $this->swiftSegmentContainer;
    }

    /**
     * @param string|null $swiftSegmentContainer
     * @return OVHConfiguration
     */
    public function setSwiftSegmentContainer(?string $swiftSegmentContainer): self
    {
        $this->swiftSegmentContainer = $swiftSegmentContainer;

        return $this;
    }

    /**
     * @return int|null
     */
    public function getDeleteAfter(): ?int
    {
        return $this->deleteAfter;
    }

    /**
     * @param int|null $deleteAfter
     * @return OVHConfiguration
     */
    public function setDeleteAfter(?int $deleteAfter): self
    {
        $this->deleteAfter = $deleteAfter;

        return $this;
    }

    /**
     * @return string|null
     */
    public function getPrefix(): ?string
    {
        return $this->prefix;
    }

    /**
     * @param string|null $prefix
     * @return OVHConfiguration
     */
    public function setPrefix(?string $prefix): self
    {
        $this->prefix = $prefix;

        return $this;
    }
}


1			<?php
2
3			namespace Sausin\LaravelOvh;
4
5			use BadMethodCallException;
6
7			class OVHConfiguration
8			{
9			/**
10			* Returns the Project Auth Server URL.
11			*
12			* @return string
13			*/
14			protected string $authUrl;
			0 ignored issues – show Bug introduced 2020-05-04 22:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code did not parse for me. Apparently, there is an error somewhere around this line: Syntax error, unexpected T_STRING, expecting T_FUNCTION or T_CONST Loading history...
15
16			/**
17			* Returns the Project ID.
18			*
19			* @return string
20			*/
21			protected string $projectId;
22
23			/**
24			* Returns the Project Region.
25			* It could be one of the following:
26			* - BHS
27			* - DE
28			* - GRA
29			* - SBG
30			* - UK
31			* - WAW
32			* Make sure to check your container's region at OVH's Dashboard.
33			*
34			* @return string
35			*/
36			protected string $region;
37
38			/**
39			* Returns the User Domain in the Project.
40			* OVH uses the "Default" region by... default...
41			*
42			* @return string
43			*/
44			protected string $userDomain;
45
46			/**
47			* Returns the Project Username.
48			*
49			* @return string
50			*/
51			protected string $username;
52
53			/**
54			* Returns the Password for the current User.
55			*
56			* @return string
57			*/
58			protected string $password;
59
60			/**
61			* Returns the name of the desired Container.
62			*
63			* @return string
64			*/
65			protected string $containerName;
66
67			/**
68			* OPTIONAL.
69			*
70			* Returns the pre-assigned Temp Url Key of either the Container or Project.
71			* This is used to generate Temporary Access Urls for files in the container.
72			*
73			* Returns NULL if there's no Temp Url Key specified.
74			*
75			* @return string\|null
76			*/
77			protected ?string $tempUrlKey;
78
79			/**
80			* OPTIONAL.
81			*
82			* Returns the Custom Endpoint configured for the container.
83			*
84			* Returns NULL if there's no Custom Endpoint.
85			*
86			* @return string\|null
87			*/
88			protected ?string $endpoint;
89
90			/**
91			* OPTIONAL.
92			*
93			* Returns Object Threshold, used while uploading large files.
94			*
95			* Returns NULL if disabled.
96			*
97			* @return string\|null
98			*/
99			protected ?string $swiftLargeObjectThreshold;
100
101			/**
102			* OPTIONAL.
103			*
104			* Returns Object Segment Size, used while uploading large files.
105			*
106			* Returns NULL if disabled.
107			*
108			* @return string\|null
109			*/
110			protected ?string $swiftSegmentSize;
111
112			/**
113			* OPTIONAL.
114			*
115			* Returns Segment Container Name, used while uploading large files.
116			*
117			* Returns NULL if disabled. Will use Container Name.
118			*
119			* @return string\|null
120			*/
121			protected ?string $swiftSegmentContainer;
122
123			/**
124			* OPTIONAL.
125			*
126			* Returns the time in seconds on which an object should
127			* be deleted from de Container after being uploaded.
128			*
129			* Returns NULL if uploaded objects should not be deleted
130			* by default.
131			*
132			* @return int\|null
133			*/
134			protected ?int $deleteAfter;
135
136			/**
137			* OPTIONAL.
138			*
139			* Prefixes all paths with this valus. Useful in multi-tenant setups
140			*
141			* Returns NULL if disabled.
142			*
143			* @return string\|null
144			*/
145			protected ?string $prefix;
146
147			/**
148			* OVHConfiguration constructor.
149			*/
150			protected function __construct()
151			{
152			}
153
154			/**
155			* Creates a new OVHConfiguration instance.
156			*
157			* @param array $config
158			* @return static
159			*/
160			public static function make(array $config): self
161			{
162			$neededKeys = ['authUrl', 'projectId', 'region', 'userDomain', 'username', 'password', 'containerName'];
163			$missingKeys = array_diff($neededKeys, array_keys($config));
164
165			if (count($missingKeys) > 0) {
166			throw new BadMethodCallException('The following keys must be provided: '.implode(', ', $missingKeys));
167			}
168
169			return (new self())
170			->setAuthUrl($config['authUrl'])
171			->setProjectId($config['projectId'])
172			->setRegion($config['region'])
173			->setUserDomain($config['userDomain'])
174			->setUsername($config['username'])
175			->setPassword($config['password'])
176			->setContainerName($config['containerName'])
177			->setTempUrlKey($config['tempUrlKey'] ?? null)
178			->setEndpoint($config['endpoint'] ?? null)
179			->setSwiftLargeObjectThreshold($config['swiftLargeObjectThreshold'] ?? null)
180			->setSwiftSegmentSize($config['swiftSegmentSize'] ?? null)
181			->setSwiftSegmentContainer($config['swiftSegmentContainer'] ?? null)
182			->setDeleteAfter($config['deleteAfter'] ?? null)
183			->setPrefix($config['prefix'] ?? null);
184			}
185
186			/**
187			* @return string
188			*/
189			public function getAuthUrl(): string
190			{
191			return $this->authUrl;
192			}
193
194			/**
195			* @param string $authUrl
196			* @return OVHConfiguration
197			*/
198			public function setAuthUrl(string $authUrl): self
199			{
200			$this->authUrl = $authUrl;
201
202			return $this;
203			}
204
205			/**
206			* @return string
207			*/
208			public function getProjectId(): string
209			{
210			return $this->projectId;
211			}
212
213			/**
214			* @param string $projectId
215			* @return OVHConfiguration
216			*/
217			public function setProjectId(string $projectId): self
218			{
219			$this->projectId = $projectId;
220
221			return $this;
222			}
223
224			/**
225			* @return string
226			*/
227			public function getRegion(): string
228			{
229			return $this->region;
230			}
231
232			/**
233			* @param string $region
234			* @return OVHConfiguration
235			*/
236			public function setRegion(string $region): self
237			{
238			$this->region = $region;
239
240			return $this;
241			}
242
243			/**
244			* @return string
245			*/
246			public function getUserDomain(): string
247			{
248			return $this->userDomain;
249			}
250
251			/**
252			* @param string $userDomain
253			* @return OVHConfiguration
254			*/
255			public function setUserDomain(string $userDomain): self
256			{
257			$this->userDomain = $userDomain;
258
259			return $this;
260			}
261
262			/**
263			* @return string
264			*/
265			public function getUsername(): string
266			{
267			return $this->username;
268			}
269
270			/**
271			* @param string $username
272			* @return OVHConfiguration
273			*/
274			public function setUsername(string $username): self
275			{
276			$this->username = $username;
277
278			return $this;
279			}
280
281			/**
282			* @return string
283			*/
284			public function getPassword(): string
285			{
286			return $this->password;
287			}
288
289			/**
290			* @param string $password
291			* @return OVHConfiguration
292			*/
293			public function setPassword(string $password): self
294			{
295			$this->password = $password;
296
297			return $this;
298			}
299
300			/**
301			* @return string
302			*/
303			public function getContainerName(): string
304			{
305			return $this->containerName;
306			}
307
308			/**
309			* @param string $containerName
310			* @return OVHConfiguration
311			*/
312			public function setContainerName(string $containerName): self
313			{
314			$this->containerName = $containerName;
315
316			return $this;
317			}
318
319			/**
320			* @return string\|null
321			*/
322			public function getTempUrlKey(): ?string
323			{
324			return $this->tempUrlKey;
325			}
326
327			/**
328			* @param string\|null $tempUrlKey
329			* @return OVHConfiguration
330			*/
331			public function setTempUrlKey(?string $tempUrlKey): self
332			{
333			$this->tempUrlKey = $tempUrlKey;
334
335			return $this;
336			}
337
338			/**
339			* @return string\|null
340			*/
341			public function getEndpoint(): ?string
342			{
343			return $this->endpoint;
344			}
345
346			/**
347			* @param string\|null $endpoint
348			* @return OVHConfiguration
349			*/
350			public function setEndpoint(?string $endpoint): self
351			{
352			$this->endpoint = $endpoint;
353
354			return $this;
355			}
356
357			/**
358			* @return string\|null
359			*/
360			public function getSwiftLargeObjectThreshold(): ?string
361			{
362			return $this->swiftLargeObjectThreshold;
363			}
364
365			/**
366			* @param string\|null $swiftLargeObjectThreshold
367			* @return OVHConfiguration
368			*/
369			public function setSwiftLargeObjectThreshold(?string $swiftLargeObjectThreshold): self
370			{
371			$this->swiftLargeObjectThreshold = $swiftLargeObjectThreshold;
372
373			return $this;
374			}
375
376			/**
377			* @return string\|null
378			*/
379			public function getSwiftSegmentSize(): ?string
380			{
381			return $this->swiftSegmentSize;
382			}
383
384			/**
385			* @param string\|null $swiftSegmentSize
386			* @return OVHConfiguration
387			*/
388			public function setSwiftSegmentSize(?string $swiftSegmentSize): self
389			{
390			$this->swiftSegmentSize = $swiftSegmentSize;
391
392			return $this;
393			}
394
395			/**
396			* @return string\|null
397			*/
398			public function getSwiftSegmentContainer(): ?string
399			{
400			return $this->swiftSegmentContainer;
401			}
402
403			/**
404			* @param string\|null $swiftSegmentContainer
405			* @return OVHConfiguration
406			*/
407			public function setSwiftSegmentContainer(?string $swiftSegmentContainer): self
408			{
409			$this->swiftSegmentContainer = $swiftSegmentContainer;
410
411			return $this;
412			}
413
414			/**
415			* @return int\|null
416			*/
417			public function getDeleteAfter(): ?int
418			{
419			return $this->deleteAfter;
420			}
421
422			/**
423			* @param int\|null $deleteAfter
424			* @return OVHConfiguration
425			*/
426			public function setDeleteAfter(?int $deleteAfter): self
427			{
428			$this->deleteAfter = $deleteAfter;
429
430			return $this;
431			}
432
433			/**
434			* @return string\|null
435			*/
436			public function getPrefix(): ?string
437			{
438			return $this->prefix;
439			}
440
441			/**
442			* @param string\|null $prefix
443			* @return OVHConfiguration
444			*/
445			public function setPrefix(?string $prefix): self
446			{
447			$this->prefix = $prefix;
448
449			return $this;
450			}
451			}
452

sausin / laravel-ovh

Issues (5)

Security Analysis no request data

src/OVHConfiguration.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like