Issues in ApiCommand.php (master) - Issues in master - shogodev/argilla - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1410)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

protected/extensions/api-docs/ApiCommand.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * ApiCommand class file.
 *
 * @author Qiang Xue <[email protected]>
 * @link http://www.yiiframework.com/
 * @copyright 2008-2013 Yii Software LLC
 * @license http://www.yiiframework.com/license/
 */

Yii::import('frontend.commands.api.*');

/**
 * MessageCommand extracts messages to be translated from source files.
 * The extracted messages are saved as PHP message source files
 * under the specified directory.
 *
 * @author Qiang Xue <[email protected]>
 * @package system.build
 * @since 1.0
 */
class ApiCommand extends CConsoleCommand
{
	const URL_PATTERN='/\{\{([^\}]+)\|([^\}]+)\}\}/';
	public $classes;
	public $packages;
	public $pageTitle;
	public $themePath;
	public $currentClass;
	public $baseSourceUrl="https://github.com/shogodev/argilla/blob/master/";
	public $version;

	protected function buildPackages($docPath)
	{
		file_put_contents($docPath.'/packages.txt',serialize($this->packages));
	}

	protected function buildKeywords($docPath)
	{
		$keywords=array();
		foreach($this->classes as $class)
			$keywords[]=$class->name;
		foreach($this->classes as $class)
		{
			$name=$class->name;
			foreach($class->properties as $property)
			{
				if(!$property->isInherited)
					$keywords[]=$name.'.'.$property->name;
			}
			foreach($class->methods as $method)
			{
				if(!$method->isInherited)
					$keywords[]=$name.'.'.$method->name.'()';
			}
		}
		file_put_contents($docPath.'/keywords.txt',implode(',',$keywords));
	}

	public function render($view,$data=null,$return=false,$layout='main')
	{
		$viewFile=$this->themePath."/views/{$view}.php";
		$layoutFile=$this->themePath."/layouts/{$layout}.php";
		$content=$this->renderFile($viewFile,$data,true);
		return $this->renderFile($layoutFile,array('content'=>$content),$return);
	}

	public function renderPartial($view,$data=null,$return=false)
	{
		$viewFile=$this->themePath."/views/{$view}.php";
		return $this->renderFile($viewFile,$data,$return);
	}

	public function renderSourceLink($sourcePath,$line=null)
	{
		if($line===null)
			return CHtml::link('framework'.$sourcePath,$this->baseSourceUrl.$sourcePath,array('class'=>'sourceLink'));
		else
			return CHtml::link('framework'.$sourcePath.'#'.$line, $this->baseSourceUrl.$sourcePath.'#L'.$line,array('class'=>'sourceLink'));
	}

	public function highlight($code,$limit=20)
	{
		$code=preg_replace("/^    /m",'',rtrim(str_replace("  ","    ",$code)));
		$code=highlight_string("<?php\n".$code,true);
		return preg_replace('/&lt;\\?php<br \\/>/','',$code,1);
	}

	protected function buildOfflinePages($docPath,$themePath)
	{
		$this->themePath=$themePath;
		@mkdir($docPath);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
		$content=$this->render('index',null,true);
		$content=preg_replace_callback(self::URL_PATTERN,array($this,'fixOfflineLink'),$content);
		file_put_contents($docPath.'/index.html',$content);

		foreach($this->classes as $name=>$class)
		{
			$this->currentClass=$name;
			$this->pageTitle=$name;
			$content=$this->render('class',array('class'=>$class),true);
			$content=preg_replace_callback(self::URL_PATTERN,array($this,'fixOfflineLink'),$content);
			file_put_contents($docPath.'/'.$name.'.html',$content);
		}

		CFileHelper::copyDirectory($this->themePath.'/assets',$docPath);

		$content=$this->renderPartial('chmProject',null,true);
		file_put_contents($docPath.'/manual.hhp',$content);

		$content=$this->renderPartial('chmIndex',null,true);
		file_put_contents($docPath.'/manual.hhk',$content);

		$content=$this->renderPartial('chmContents',null,true);
		file_put_contents($docPath.'/manual.hhc',$content);
	}

	protected function buildModel($sourcePath,$options)
	{
		$files = CFileHelper::findFiles($sourcePath, $options);

    $model=new ApiModel;
		$model->build($files);
		return $model;
	}

	public function renderInheritance($class)

	{
		$parents=array($class->signature);
		foreach($class->parentClasses as $parent)
		{
			if(isset($this->classes[$parent]))
				$parents[]='{{'.$parent.'|'.$parent.'}}';
			else
				$parents[]=$parent;
		}
		return implode(" &raquo;\n",$parents);
	}

	public function renderImplements($class)

	{
		$interfaces=array();
		foreach($class->interfaces as $interface)
		{
			if(isset($this->classes[$interface]))
				$interfaces[]='{{'.$interface.'|'.$interface.'}}';
			else
				$interfaces[]=$interface;
		}
		return implode(', ',$interfaces);
	}

	public function renderSubclasses($class)

	{
		$subclasses=array();
		foreach($class->subclasses as $subclass)
		{
			if(isset($this->classes[$subclass]))
				$subclasses[]='{{'.$subclass.'|'.$subclass.'}}';
			else
				$subclasses[]=$subclass;
		}
		return implode(', ',$subclasses);
	}

	public function renderTypeUrl($type)

	{
		if(isset($this->classes[$type]) && $type!==$this->currentClass)
			return '{{'.$type.'|'.$type.'}}';
		else
			return $type;
	}

	public function renderSubjectUrl($type,$subject,$text=null)
	{
		if($text===null)
			$text=$subject;
		if(isset($this->classes[$type])) {
			return '{{'.$type.'::'.$subject.'-detail'.'|'.$text.'}}';
		}
		else
			return $text;
	}

	public function renderPropertySignature($property)
	{
		if(!empty($property->signature))
			return $property->signature;
		$sig='';
		if(!empty($property->getter))
			$sig=$property->getter->signature;
		if(!empty($property->setter))
		{
			if($sig!=='')
				$sig.='<br/>';
			$sig.=$property->setter->signature;
		}
		return $sig;
	}

	public function fixMethodAnchor($class,$name)
	{
		if(isset($this->classes[$class]->properties[$name]))
			return $name."()";
		else
			return $name;
	}

	protected function fixOfflineLink($matches)
	{
		if(($pos=strpos($matches[1],'::'))!==false)
		{
			$className=substr($matches[1],0,$pos);
			$method=substr($matches[1],$pos+2);
			return "<a href=\"{$className}.html#{$method}\">{$matches[2]}</a>";
		}
		else
			return "<a href=\"{$matches[1]}.html\">{$matches[2]}</a>";
	}
}


GitHub Access Token became invalid

Issues (1410)

Security Analysis not enabled

protected/extensions/api-docs/ApiCommand.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2		/**
3		* ApiCommand class file.
4		*
5		* @author Qiang Xue <[email protected]>
6		* @link http://www.yiiframework.com/
7		* @copyright 2008-2013 Yii Software LLC
8		* @license http://www.yiiframework.com/license/
9		*/
10
11		Yii::import('frontend.commands.api.*');
12
13		/**
14		* MessageCommand extracts messages to be translated from source files.
15		* The extracted messages are saved as PHP message source files
16		* under the specified directory.
17		*
18		* @author Qiang Xue <[email protected]>
19		* @package system.build
20		* @since 1.0
21		*/
22		class ApiCommand extends CConsoleCommand
23		{
24		const URL_PATTERN='/\{\{([^\}]+)\\|([^\}]+)\}\}/';
25		public $classes;
26		public $packages;
27		public $pageTitle;
28		public $themePath;
29		public $currentClass;
30		public $baseSourceUrl="https://github.com/shogodev/argilla/blob/master/";
31		public $version;
32
33		protected function buildPackages($docPath)
34		{
35		file_put_contents($docPath.'/packages.txt',serialize($this->packages));
36		}
37
38		protected function buildKeywords($docPath)
39		{
40		$keywords=array();
41		foreach($this->classes as $class)
42		$keywords[]=$class->name;
43		foreach($this->classes as $class)
44		{
45		$name=$class->name;
46		foreach($class->properties as $property)
47		{
48		if(!$property->isInherited)
49		$keywords[]=$name.'.'.$property->name;
50		}
51		foreach($class->methods as $method)
52		{
53		if(!$method->isInherited)
54		$keywords[]=$name.'.'.$method->name.'()';
55		}
56		}
57		file_put_contents($docPath.'/keywords.txt',implode(',',$keywords));
58		}
59
60		public function render($view,$data=null,$return=false,$layout='main')
61		{
62		$viewFile=$this->themePath."/views/{$view}.php";
63		$layoutFile=$this->themePath."/layouts/{$layout}.php";
64		$content=$this->renderFile($viewFile,$data,true);
65		return $this->renderFile($layoutFile,array('content'=>$content),$return);
66		}
67
68		public function renderPartial($view,$data=null,$return=false)
69		{
70		$viewFile=$this->themePath."/views/{$view}.php";
71		return $this->renderFile($viewFile,$data,$return);
72		}
73
74		public function renderSourceLink($sourcePath,$line=null)
75		{
76		if($line===null)
77		return CHtml::link('framework'.$sourcePath,$this->baseSourceUrl.$sourcePath,array('class'=>'sourceLink'));
78		else
79		return CHtml::link('framework'.$sourcePath.'#'.$line, $this->baseSourceUrl.$sourcePath.'#L'.$line,array('class'=>'sourceLink'));
80		}
81
82		public function highlight($code,$limit=20)
83		{
84		$code=preg_replace("/^ /m",'',rtrim(str_replace(" "," ",$code)));
85		$code=highlight_string("<?php\n".$code,true);
86		return preg_replace('/<\\?php<br \\/>/','',$code,1);
87		}
88
89		protected function buildOfflinePages($docPath,$themePath)
90		{
91		$this->themePath=$themePath;
92		@mkdir($docPath);
		0 ignored issues – show Security Best Practice introduced 2015-11-25 11:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
93		$content=$this->render('index',null,true);
94		$content=preg_replace_callback(self::URL_PATTERN,array($this,'fixOfflineLink'),$content);
95		file_put_contents($docPath.'/index.html',$content);
96
97		foreach($this->classes as $name=>$class)
98		{
99		$this->currentClass=$name;
100		$this->pageTitle=$name;
101		$content=$this->render('class',array('class'=>$class),true);
102		$content=preg_replace_callback(self::URL_PATTERN,array($this,'fixOfflineLink'),$content);
103		file_put_contents($docPath.'/'.$name.'.html',$content);
104		}
105
106		CFileHelper::copyDirectory($this->themePath.'/assets',$docPath);
107
108		$content=$this->renderPartial('chmProject',null,true);
109		file_put_contents($docPath.'/manual.hhp',$content);
110
111		$content=$this->renderPartial('chmIndex',null,true);
112		file_put_contents($docPath.'/manual.hhk',$content);
113
114		$content=$this->renderPartial('chmContents',null,true);
115		file_put_contents($docPath.'/manual.hhc',$content);
116		}
117
118		protected function buildModel($sourcePath,$options)
119		{
120		$files = CFileHelper::findFiles($sourcePath, $options);
121
122		$model=new ApiModel;
123		$model->build($files);
124		return $model;
125		}
126
127	View Code Duplication	public function renderInheritance($class)
		0 ignored issues – show Duplication introduced 2017-10-20 12:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
128		{
129		$parents=array($class->signature);
130		foreach($class->parentClasses as $parent)
131		{
132		if(isset($this->classes[$parent]))
133		$parents[]='{{'.$parent.'\|'.$parent.'}}';
134		else
135		$parents[]=$parent;
136		}
137		return implode(" »\n",$parents);
138		}
139
140	View Code Duplication	public function renderImplements($class)
		0 ignored issues – show Duplication introduced 2017-10-20 12:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
141		{
142		$interfaces=array();
143		foreach($class->interfaces as $interface)
144		{
145		if(isset($this->classes[$interface]))
146		$interfaces[]='{{'.$interface.'\|'.$interface.'}}';
147		else
148		$interfaces[]=$interface;
149		}
150		return implode(', ',$interfaces);
151		}
152
153	View Code Duplication	public function renderSubclasses($class)
		0 ignored issues – show Duplication introduced 2017-10-20 12:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
154		{
155		$subclasses=array();
156		foreach($class->subclasses as $subclass)
157		{
158		if(isset($this->classes[$subclass]))
159		$subclasses[]='{{'.$subclass.'\|'.$subclass.'}}';
160		else
161		$subclasses[]=$subclass;
162		}
163		return implode(', ',$subclasses);
164		}
165
166	View Code Duplication	public function renderTypeUrl($type)
		0 ignored issues – show Duplication introduced 2015-11-25 11:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
167		{
168		if(isset($this->classes[$type]) && $type!==$this->currentClass)
169		return '{{'.$type.'\|'.$type.'}}';
170		else
171		return $type;
172		}
173
174		public function renderSubjectUrl($type,$subject,$text=null)
175		{
176		if($text===null)
177		$text=$subject;
178		if(isset($this->classes[$type])) {
179		return '{{'.$type.'::'.$subject.'-detail'.'\|'.$text.'}}';
180		}
181		else
182		return $text;
183		}
184
185		public function renderPropertySignature($property)
186		{
187		if(!empty($property->signature))
188		return $property->signature;
189		$sig='';
190		if(!empty($property->getter))
191		$sig=$property->getter->signature;
192		if(!empty($property->setter))
193		{
194		if($sig!=='')
195		$sig.='<br/>';
196		$sig.=$property->setter->signature;
197		}
198		return $sig;
199		}
200
201		public function fixMethodAnchor($class,$name)
202		{
203		if(isset($this->classes[$class]->properties[$name]))
204		return $name."()";
205		else
206		return $name;
207		}
208
209		protected function fixOfflineLink($matches)
210		{
211		if(($pos=strpos($matches[1],'::'))!==false)
212		{
213		$className=substr($matches[1],0,$pos);
214		$method=substr($matches[1],$pos+2);
215		return "<a href=\"{$className}.html#{$method}\">{$matches[2]}</a>";
216		}
217		else
218		return "<a href=\"{$matches[1]}.html\">{$matches[2]}</a>";
219		}
220		}
221

shogodev / argilla

GitHub Access Token became invalid

Issues (1410)

Security Analysis not enabled

protected/extensions/api-docs/ApiCommand.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like