EventDispatcher::addSubscriber() - Code Metrics - Inspection of "Merge pull request #869 from schmittjoh/drop-hhvm" - schmittjoh/serializer - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ae9c65...55772a )

by Asmir

created 2018-02-03 18:17 UTC

EventDispatcher::addSubscriber() B

↳ Parent: EventDispatcher

Complexity

Conditions	6
Paths	10

Size

Total Lines	14
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	9
CRAP Score	6.0359

Importance

Changes

Metric	Value
dl	0
loc	14
ccs	9
cts	10
cp	0.9
rs	8.8571
c	0
b	0
f	0
cc	6
eloc	9
nc	10
nop	1
crap	6.0359

<?php

/*
 * Copyright 2016 Johannes M. Schmitt <[email protected]>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace JMS\Serializer\EventDispatcher;

use JMS\Serializer\Exception\InvalidArgumentException;

/**
 * Light-weight event dispatcher.
 *
 * This implementation focuses primarily on performance, and dispatching
 * events for certain classes. It is not a general purpose event dispatcher.
 *
 * @author Johannes M. Schmitt <[email protected]>
 */
class EventDispatcher implements EventDispatcherInterface
{
    private $listeners = array();
    private $classListeners = array();

    public static function getDefaultMethodName($eventName)
    {
        return 'on' . str_replace(array('_', '.'), '', $eventName);
    }

    /**
     * Sets the listeners.
     *
     * @param array $listeners
     */
    public function setListeners(array $listeners)
    {
        $this->listeners = $listeners;
        $this->classListeners = array();
    }

    public function addListener($eventName, $callable, $class = null, $format = null)
    {
        $this->listeners[$eventName][] = array($callable, null === $class ? null : strtolower($class), $format);
        unset($this->classListeners[$eventName]);
    }

    public function addSubscriber(EventSubscriberInterface $subscriber)
    {
        foreach ($subscriber->getSubscribedEvents() as $eventData) {
            if (!isset($eventData['event'])) {
                throw new InvalidArgumentException(sprintf('Each event must have a "event" key.'));
            }

            $method = isset($eventData['method']) ? $eventData['method'] : self::getDefaultMethodName($eventData['event']);
            $class = isset($eventData['class']) ? strtolower($eventData['class']) : null;
            $format = isset($eventData['format']) ? $eventData['format'] : null;
            $this->listeners[$eventData['event']][] = array(array($subscriber, $method), $class, $format);
            unset($this->classListeners[$eventData['event']]);
        }
    }

    public function hasListeners($eventName, $class, $format)
    {
        if (!isset($this->listeners[$eventName])) {
            return false;
        }

        $loweredClass = strtolower($class);
        if (!isset($this->classListeners[$eventName][$loweredClass][$format])) {
            $this->classListeners[$eventName][$loweredClass][$format] = $this->initializeListeners($eventName, $loweredClass, $format);
        }

        return !!$this->classListeners[$eventName][$loweredClass][$format];
    }

    public function dispatch($eventName, $class, $format, Event $event)
    {
        if (!isset($this->listeners[$eventName])) {
            return;
        }

        $loweredClass = strtolower($class);
        if (!isset($this->classListeners[$eventName][$loweredClass][$format])) {
            $this->classListeners[$eventName][$loweredClass][$format] = $this->initializeListeners($eventName, $loweredClass, $format);
        }

        foreach ($this->classListeners[$eventName][$loweredClass][$format] as $listener) {

            if ($event->isPropagationStopped()) {
                break;
            }

            call_user_func($listener, $event, $eventName, $loweredClass, $format, $this);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
        }
    }

    /**
     * @param string $eventName
     * @param string $loweredClass
     * @param string $format
     *
     * @return array An array of listeners
     */
    protected function initializeListeners($eventName, $loweredClass, $format)
    {
        $listeners = array();
        foreach ($this->listeners[$eventName] as $listener) {
            if (null !== $listener[1] && $loweredClass !== $listener[1]) {
                continue;
            }
            if (null !== $listener[2] && $format !== $listener[2]) {
                continue;
            }

            $listeners[] = $listener[0];
        }

        return $listeners;
    }
}


1		<?php
2
3		/*
4		* Copyright 2016 Johannes M. Schmitt <[email protected]>
5		*
6		* Licensed under the Apache License, Version 2.0 (the "License");
7		* you may not use this file except in compliance with the License.
8		* You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing, software
13		* distributed under the License is distributed on an "AS IS" BASIS,
14		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15		* See the License for the specific language governing permissions and
16		* limitations under the License.
17		*/
18
19		namespace JMS\Serializer\EventDispatcher;
20
21		use JMS\Serializer\Exception\InvalidArgumentException;
22
23		/**
24		* Light-weight event dispatcher.
25		*
26		* This implementation focuses primarily on performance, and dispatching
27		* events for certain classes. It is not a general purpose event dispatcher.
28		*
29		* @author Johannes M. Schmitt <[email protected]>
30		*/
31		class EventDispatcher implements EventDispatcherInterface
32		{
33		private $listeners = array();
34		private $classListeners = array();
35
36	3	public static function getDefaultMethodName($eventName)
37		{
38	3	return 'on' . str_replace(array('_', '.'), '', $eventName);
39		}
40
41		/**
42		* Sets the listeners.
43		*
44		* @param array $listeners
45		*/
46		public function setListeners(array $listeners)
47		{
48		$this->listeners = $listeners;
49		$this->classListeners = array();
50		}
51
52	20	public function addListener($eventName, $callable, $class = null, $format = null)
53		{
54	20	$this->listeners[$eventName][] = array($callable, null === $class ? null : strtolower($class), $format);
55	20	unset($this->classListeners[$eventName]);
56	20	}
57
58	399	public function addSubscriber(EventSubscriberInterface $subscriber)
59		{
60	399	foreach ($subscriber->getSubscribedEvents() as $eventData) {
61	399	if (!isset($eventData['event'])) {
62		throw new InvalidArgumentException(sprintf('Each event must have a "event" key.'));
63		}
64
65	399	$method = isset($eventData['method']) ? $eventData['method'] : self::getDefaultMethodName($eventData['event']);
66	399	$class = isset($eventData['class']) ? strtolower($eventData['class']) : null;
67	399	$format = isset($eventData['format']) ? $eventData['format'] : null;
68	399	$this->listeners[$eventData['event']][] = array(array($subscriber, $method), $class, $format);
69	399	unset($this->classListeners[$eventData['event']]);
70		}
71	399	}
72
73	259	public function hasListeners($eventName, $class, $format)
74		{
75	259	if (!isset($this->listeners[$eventName])) {
76	227	return false;
77		}
78
79	241	$loweredClass = strtolower($class);
80	241	if (!isset($this->classListeners[$eventName][$loweredClass][$format])) {
81	241	$this->classListeners[$eventName][$loweredClass][$format] = $this->initializeListeners($eventName, $loweredClass, $format);
82		}
83
84	241	return !!$this->classListeners[$eventName][$loweredClass][$format];
85		}
86
87	250	public function dispatch($eventName, $class, $format, Event $event)
88		{
89	250	if (!isset($this->listeners[$eventName])) {
90	5	return;
91		}
92
93	250	$loweredClass = strtolower($class);
94	250	if (!isset($this->classListeners[$eventName][$loweredClass][$format])) {
95	21	$this->classListeners[$eventName][$loweredClass][$format] = $this->initializeListeners($eventName, $loweredClass, $format);
96		}
97
98	250	foreach ($this->classListeners[$eventName][$loweredClass][$format] as $listener) {
99
100	250	if ($event->isPropagationStopped()) {
101	12	break;
102		}
103
104	250	call_user_func($listener, $event, $eventName, $loweredClass, $format, $this);
		0 ignored issues – show Security Code Execution introduced 2017-04-22 09:27 UTC by Report Bug Copy Issue Report `$listener` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 5 paths for user data to reach this point 1. Path: Read from `$_GET,` and `$data` is assigned in NativeRequestHandler.php on line 62 Read from `$_GET,` and `$data` is assigned in vendor/NativeRequestHandler.php on line 62 `$data` is passed to Form::submit() in vendor/NativeRequestHandler.php on line 118 `$submittedData` is passed to FormEvent::__construct() in vendor/Form.php on line 550 FormEvent::$data is assigned in vendor/FormEvent.php on line 27 Tainted property FormEvent::$data is read in vendor/FormEvent.php on line 47 FormEvent::getData() returns tainted data, and `$data` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 63 `$name` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 79 `$name` is passed to Form::add() in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 80 `$child` is passed to FormFactory::createNamed() in vendor/Form.php on line 863 `$name` is passed to FormFactory::createNamedBuilder() in vendor/FormFactory.php on line 38 `$name` is passed to ResolvedFormType::createBuilder() in vendor/FormFactory.php on line 76 `$name` is passed to ResolvedFormType::newBuilder() in vendor/ResolvedFormType.php on line 100 `$name` is passed to ButtonBuilder::__construct() in vendor/ResolvedFormType.php on line 217 `$name` is assigned in vendor/ButtonBuilder.php on line 65 ButtonBuilder::$name is assigned in vendor/ButtonBuilder.php on line 70 Tainted property ButtonBuilder::$name is read in vendor/ButtonBuilder.php on line 534 ButtonBuilder::getName() returns tainted data in vendor/Form.php on line 207 Form::getName() returns tainted data, and `$children` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 153 `$form` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 158 `$form` is passed to GenericSerializationVisitor::setRoot() in src/JMS/Serializer/Handler/FormErrorHandler.php on line 162 GenericSerializationVisitor::$root is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 220 Tainted property GenericSerializationVisitor::$root is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 103 GenericSerializationVisitor::visitArray() returns tainted data in src/JMS/Serializer/GraphNavigator.php on line 153 GraphNavigator::accept() returns tainted data, and `$v` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 155 `$v` is passed through array_merge(), and GenericSerializationVisitor::$data is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 164 Tainted property GenericSerializationVisitor::$data is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 141 GenericSerializationVisitor::endVisitingObject() returns tainted data, and `$rs` is assigned in src/JMS/Serializer/GraphNavigator.php on line 277 `$rs` is passed to GraphNavigator::afterVisitingObject() in src/JMS/Serializer/GraphNavigator.php on line 278 `$object` is passed to ObjectEvent::__construct() in src/JMS/Serializer/GraphNavigator.php on line 346 ObjectEvent::$object is assigned in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 31 Tainted property ObjectEvent::$object is read in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 36 ObjectEvent::getObject() returns tainted data, and `$object` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 99 `$object` is passed through get_parent_class(), and `$parentClassName` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 101 `$parentClassName` is passed to EventDispatcher::dispatch() in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 107 `$class` is passed through strtolower(), and `$loweredClass` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 93 EventDispatcher::$classListeners is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 95 Tainted property EventDispatcher::$classListeners is read, and `$listener` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 98 2. Path: Read from `$_GET,` and `$data` is assigned in NativeRequestHandler.php on line 70 Read from `$_GET,` and `$data` is assigned in vendor/NativeRequestHandler.php on line 70 `$data` is passed to Form::submit() in vendor/NativeRequestHandler.php on line 118 `$submittedData` is passed to FormEvent::__construct() in vendor/Form.php on line 550 FormEvent::$data is assigned in vendor/FormEvent.php on line 27 Tainted property FormEvent::$data is read in vendor/FormEvent.php on line 47 FormEvent::getData() returns tainted data, and `$data` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 63 `$name` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 79 `$name` is passed to Form::add() in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 80 `$child` is passed to FormFactory::createNamed() in vendor/Form.php on line 863 `$name` is passed to FormFactory::createNamedBuilder() in vendor/FormFactory.php on line 38 `$name` is passed to ResolvedFormType::createBuilder() in vendor/FormFactory.php on line 76 `$name` is passed to ResolvedFormType::newBuilder() in vendor/ResolvedFormType.php on line 100 `$name` is passed to ButtonBuilder::__construct() in vendor/ResolvedFormType.php on line 217 `$name` is assigned in vendor/ButtonBuilder.php on line 65 ButtonBuilder::$name is assigned in vendor/ButtonBuilder.php on line 70 Tainted property ButtonBuilder::$name is read in vendor/ButtonBuilder.php on line 534 ButtonBuilder::getName() returns tainted data in vendor/Form.php on line 207 Form::getName() returns tainted data, and `$children` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 153 `$form` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 158 `$form` is passed to GenericSerializationVisitor::setRoot() in src/JMS/Serializer/Handler/FormErrorHandler.php on line 162 GenericSerializationVisitor::$root is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 220 Tainted property GenericSerializationVisitor::$root is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 103 GenericSerializationVisitor::visitArray() returns tainted data in src/JMS/Serializer/GraphNavigator.php on line 153 GraphNavigator::accept() returns tainted data, and `$v` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 155 `$v` is passed through array_merge(), and GenericSerializationVisitor::$data is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 164 Tainted property GenericSerializationVisitor::$data is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 141 GenericSerializationVisitor::endVisitingObject() returns tainted data, and `$rs` is assigned in src/JMS/Serializer/GraphNavigator.php on line 277 `$rs` is passed to GraphNavigator::afterVisitingObject() in src/JMS/Serializer/GraphNavigator.php on line 278 `$object` is passed to ObjectEvent::__construct() in src/JMS/Serializer/GraphNavigator.php on line 346 ObjectEvent::$object is assigned in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 31 Tainted property ObjectEvent::$object is read in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 36 ObjectEvent::getObject() returns tainted data, and `$object` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 99 `$object` is passed through get_parent_class(), and `$parentClassName` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 101 `$parentClassName` is passed to EventDispatcher::dispatch() in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 107 `$class` is passed through strtolower(), and `$loweredClass` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 93 EventDispatcher::$classListeners is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 95 Tainted property EventDispatcher::$classListeners is read, and `$listener` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 98 3. Path: Read from `$_POST,` and `$params` is assigned in NativeRequestHandler.php on line 95 Read from `$_POST,` and `$params` is assigned in vendor/NativeRequestHandler.php on line 95 `$data` is assigned in vendor/NativeRequestHandler.php on line 109 `$data` is passed to Form::submit() in vendor/NativeRequestHandler.php on line 118 `$submittedData` is passed to FormEvent::__construct() in vendor/Form.php on line 550 FormEvent::$data is assigned in vendor/FormEvent.php on line 27 Tainted property FormEvent::$data is read in vendor/FormEvent.php on line 47 FormEvent::getData() returns tainted data, and `$data` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 63 `$name` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 79 `$name` is passed to Form::add() in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 80 `$child` is passed to FormFactory::createNamed() in vendor/Form.php on line 863 `$name` is passed to FormFactory::createNamedBuilder() in vendor/FormFactory.php on line 38 `$name` is passed to ResolvedFormType::createBuilder() in vendor/FormFactory.php on line 76 `$name` is passed to ResolvedFormType::newBuilder() in vendor/ResolvedFormType.php on line 100 `$name` is passed to ButtonBuilder::__construct() in vendor/ResolvedFormType.php on line 217 `$name` is assigned in vendor/ButtonBuilder.php on line 65 ButtonBuilder::$name is assigned in vendor/ButtonBuilder.php on line 70 Tainted property ButtonBuilder::$name is read in vendor/ButtonBuilder.php on line 534 ButtonBuilder::getName() returns tainted data in vendor/Form.php on line 207 Form::getName() returns tainted data, and `$children` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 153 `$form` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 158 `$form` is passed to GenericSerializationVisitor::setRoot() in src/JMS/Serializer/Handler/FormErrorHandler.php on line 162 GenericSerializationVisitor::$root is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 220 Tainted property GenericSerializationVisitor::$root is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 103 GenericSerializationVisitor::visitArray() returns tainted data in src/JMS/Serializer/GraphNavigator.php on line 153 GraphNavigator::accept() returns tainted data, and `$v` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 155 `$v` is passed through array_merge(), and GenericSerializationVisitor::$data is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 164 Tainted property GenericSerializationVisitor::$data is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 141 GenericSerializationVisitor::endVisitingObject() returns tainted data, and `$rs` is assigned in src/JMS/Serializer/GraphNavigator.php on line 277 `$rs` is passed to GraphNavigator::afterVisitingObject() in src/JMS/Serializer/GraphNavigator.php on line 278 `$object` is passed to ObjectEvent::__construct() in src/JMS/Serializer/GraphNavigator.php on line 346 ObjectEvent::$object is assigned in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 31 Tainted property ObjectEvent::$object is read in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 36 ObjectEvent::getObject() returns tainted data, and `$object` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 99 `$object` is passed through get_parent_class(), and `$parentClassName` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 101 `$parentClassName` is passed to EventDispatcher::dispatch() in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 107 `$class` is passed through strtolower(), and `$loweredClass` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 93 EventDispatcher::$classListeners is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 95 Tainted property EventDispatcher::$classListeners is read, and `$listener` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 98 4. Path: Read from `$_POST,` and `$params` is assigned in NativeRequestHandler.php on line 99 Read from `$_POST,` and `$params` is assigned in vendor/NativeRequestHandler.php on line 99 `$data` is assigned in vendor/NativeRequestHandler.php on line 109 `$data` is passed to Form::submit() in vendor/NativeRequestHandler.php on line 118 `$submittedData` is passed to FormEvent::__construct() in vendor/Form.php on line 550 FormEvent::$data is assigned in vendor/FormEvent.php on line 27 Tainted property FormEvent::$data is read in vendor/FormEvent.php on line 47 FormEvent::getData() returns tainted data, and `$data` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 63 `$name` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 79 `$name` is passed to Form::add() in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 80 `$child` is passed to FormFactory::createNamed() in vendor/Form.php on line 863 `$name` is passed to FormFactory::createNamedBuilder() in vendor/FormFactory.php on line 38 `$name` is passed to ResolvedFormType::createBuilder() in vendor/FormFactory.php on line 76 `$name` is passed to ResolvedFormType::newBuilder() in vendor/ResolvedFormType.php on line 100 `$name` is passed to ButtonBuilder::__construct() in vendor/ResolvedFormType.php on line 217 `$name` is assigned in vendor/ButtonBuilder.php on line 65 ButtonBuilder::$name is assigned in vendor/ButtonBuilder.php on line 70 Tainted property ButtonBuilder::$name is read in vendor/ButtonBuilder.php on line 534 ButtonBuilder::getName() returns tainted data in vendor/Form.php on line 207 Form::getName() returns tainted data, and `$children` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 153 `$form` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 158 `$form` is passed to GenericSerializationVisitor::setRoot() in src/JMS/Serializer/Handler/FormErrorHandler.php on line 162 GenericSerializationVisitor::$root is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 220 Tainted property GenericSerializationVisitor::$root is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 103 GenericSerializationVisitor::visitArray() returns tainted data in src/JMS/Serializer/GraphNavigator.php on line 153 GraphNavigator::accept() returns tainted data, and `$v` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 155 `$v` is passed through array_merge(), and GenericSerializationVisitor::$data is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 164 Tainted property GenericSerializationVisitor::$data is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 141 GenericSerializationVisitor::endVisitingObject() returns tainted data, and `$rs` is assigned in src/JMS/Serializer/GraphNavigator.php on line 277 `$rs` is passed to GraphNavigator::afterVisitingObject() in src/JMS/Serializer/GraphNavigator.php on line 278 `$object` is passed to ObjectEvent::__construct() in src/JMS/Serializer/GraphNavigator.php on line 346 ObjectEvent::$object is assigned in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 31 Tainted property ObjectEvent::$object is read in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 36 ObjectEvent::getObject() returns tainted data, and `$object` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 99 `$object` is passed through get_parent_class(), and `$parentClassName` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 101 `$parentClassName` is passed to EventDispatcher::dispatch() in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 107 `$class` is passed through strtolower(), and `$loweredClass` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 93 EventDispatcher::$classListeners is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 95 Tainted property EventDispatcher::$classListeners is read, and `$listener` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 98 5. Path: Read from `$_FILES,` and `$fileKey` is assigned in NativeRequestHandler.php on line 90 Read from `$_FILES,` and `$fileKey` is assigned in vendor/NativeRequestHandler.php on line 90 `$fixedFiles` is assigned in vendor/NativeRequestHandler.php on line 91 `$files` is assigned in vendor/NativeRequestHandler.php on line 96 `$data` is assigned in vendor/NativeRequestHandler.php on line 109 `$data` is passed to Form::submit() in vendor/NativeRequestHandler.php on line 118 `$submittedData` is passed to FormEvent::__construct() in vendor/Form.php on line 550 FormEvent::$data is assigned in vendor/FormEvent.php on line 27 Tainted property FormEvent::$data is read in vendor/FormEvent.php on line 47 FormEvent::getData() returns tainted data, and `$data` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 63 `$name` is assigned in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 79 `$name` is passed to Form::add() in vendor/Extension/Core/EventListener/ResizeFormListener.php on line 80 `$child` is passed to FormFactory::createNamed() in vendor/Form.php on line 863 `$name` is passed to FormFactory::createNamedBuilder() in vendor/FormFactory.php on line 38 `$name` is passed to ResolvedFormType::createBuilder() in vendor/FormFactory.php on line 76 `$name` is passed to ResolvedFormType::newBuilder() in vendor/ResolvedFormType.php on line 100 `$name` is passed to ButtonBuilder::__construct() in vendor/ResolvedFormType.php on line 217 `$name` is assigned in vendor/ButtonBuilder.php on line 65 ButtonBuilder::$name is assigned in vendor/ButtonBuilder.php on line 70 Tainted property ButtonBuilder::$name is read in vendor/ButtonBuilder.php on line 534 ButtonBuilder::getName() returns tainted data in vendor/Form.php on line 207 Form::getName() returns tainted data, and `$children` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 153 `$form` is assigned in src/JMS/Serializer/Handler/FormErrorHandler.php on line 158 `$form` is passed to GenericSerializationVisitor::setRoot() in src/JMS/Serializer/Handler/FormErrorHandler.php on line 162 GenericSerializationVisitor::$root is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 220 Tainted property GenericSerializationVisitor::$root is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 103 GenericSerializationVisitor::visitArray() returns tainted data in src/JMS/Serializer/GraphNavigator.php on line 153 GraphNavigator::accept() returns tainted data, and `$v` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 155 `$v` is passed through array_merge(), and GenericSerializationVisitor::$data is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 164 Tainted property GenericSerializationVisitor::$data is read, and `$rs` is assigned in src/JMS/Serializer/GenericSerializationVisitor.php on line 141 GenericSerializationVisitor::endVisitingObject() returns tainted data, and `$rs` is assigned in src/JMS/Serializer/GraphNavigator.php on line 277 `$rs` is passed to GraphNavigator::afterVisitingObject() in src/JMS/Serializer/GraphNavigator.php on line 278 `$object` is passed to ObjectEvent::__construct() in src/JMS/Serializer/GraphNavigator.php on line 346 ObjectEvent::$object is assigned in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 31 Tainted property ObjectEvent::$object is read in src/JMS/Serializer/EventDispatcher/ObjectEvent.php on line 36 ObjectEvent::getObject() returns tainted data, and `$object` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 99 `$object` is passed through get_parent_class(), and `$parentClassName` is assigned in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 101 `$parentClassName` is passed to EventDispatcher::dispatch() in src/JMS/Serializer/EventDispatcher/Subscriber/DoctrineProxySubscriber.php on line 107 `$class` is passed through strtolower(), and `$loweredClass` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 93 EventDispatcher::$classListeners is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 95 Tainted property EventDispatcher::$classListeners is read, and `$listener` is assigned in src/JMS/Serializer/EventDispatcher/EventDispatcher.php on line 98 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
105		}
106	250	}
107
108		/**
109		* @param string $eventName
110		* @param string $loweredClass
111		* @param string $format
112		*
113		* @return array An array of listeners
114		*/
115	255	protected function initializeListeners($eventName, $loweredClass, $format)
116		{
117	255	$listeners = array();
118	255	foreach ($this->listeners[$eventName] as $listener) {
119	255	if (null !== $listener[1] && $loweredClass !== $listener[1]) {
120	10	continue;
121		}
122	255	if (null !== $listener[2] && $format !== $listener[2]) {
123	3	continue;
124		}
125
126	255	$listeners[] = $listener[0];
127		}
128
129	255	return $listeners;
130		}
131		}
132

schmittjoh / serializer

Push — master ( ae9c65...55772a )

EventDispatcher::addSubscriber() B

Complexity

Size

Duplication

Code Coverage

Importance

5 paths for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like