Issues in RemoteAdapter.php (master) - Issues in master - smalot/magento-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (7)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Adapter/RemoteAdapter.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * @project Magento Bridge for Symfony 2.
 *
 * @author  Sébastien MALOT <[email protected]>
 * @license MIT
 * @url     <https://github.com/smalot/magento-bundle>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Smalot\MagentoBundle\Adapter;

use Smalot\Magento\ActionInterface;
use Smalot\Magento\MultiCallQueueInterface;
use Smalot\Magento\RemoteAdapter as BaseRemoteAdapter;
use Smalot\MagentoBundle\Event\MultiCallTransportEvent;
use Smalot\MagentoBundle\Event\SecurityEvent;
use Smalot\MagentoBundle\Event\SingleCallTransportEvent;
use Smalot\MagentoBundle\Logger\LoggerInterface;
use Smalot\MagentoBundle\MagentoException;
use Smalot\MagentoBundle\MagentoEvents;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;

/**
 * Class RemoteAdapter
 *
 * @package Smalot\MagentoBundle\Adapter
 */
class RemoteAdapter extends BaseRemoteAdapter
{
    /**
     * @var string
     */
    protected $connection;

    /**
     * @var \Symfony\Component\EventDispatcher\EventDispatcherInterface
     */
    protected $dispatcher;

    /**
     * @var \Smalot\MagentoBundle\Logger\LoggerInterface
     */
    protected $logger;

    /**
     * @param string $connection
     * @param string $path
     * @param string $apiUser
     * @param string $apiKey
     * @param array  $options
     * @param bool   $autoLogin
     */
    public function __construct($connection, $path, $apiUser, $apiKey, $options = array(), $autoLogin = true)
    {
        $this->connection = $connection;

        parent::__construct($path, $apiUser, $apiKey, $options, $autoLogin);
    }

    /**
     * @param EventDispatcherInterface $dispatcher
     *
     * @return $this
     */
    public function setDispatcher(EventDispatcherInterface $dispatcher)
    {
        $this->dispatcher = $dispatcher;

        return $this;
    }

    /**
     * @param LoggerInterface $logger
     *
     * @return $this
     */
    public function setLogger(LoggerInterface $logger)
    {
        $this->logger = $logger;

        return $this;
    }

    /**
     * @param string $apiUser
     * @param string $apiKey
     *
     * @return bool
     * @throws \Exception
     */
    public function login($apiUser = null, $apiKey = null)
    {
        $apiUser = (null === $apiUser ? $this->apiUser : $apiUser);
        $apiKey  = (null === $apiKey ? $this->apiKey : $apiKey);

        $event = new SecurityEvent($this, $apiUser, $apiKey);
        $this->dispatcher->dispatch(MagentoEvents::PRE_LOGIN, $event);

        // Retrieve ApiUser and ApiKey from SecurityEvent to allow override mechanism.
        $apiUser = $event->getApiUser();
        $apiKey  = $event->getApiKey();

        if (null !== $this->logger) {

            $logId           = $this->logger->start();
            $this->sessionId = $this->soapClient->login($apiUser, $apiKey);
            $this->logger->stop($logId, $this->connection, 'login', 'session: ' . $this->sessionId);
        } else {
            $this->sessionId = $this->soapClient->login($apiUser, $apiKey);
        }

        $event = new SecurityEvent($this, $apiUser, $apiKey, $this->sessionId);
        $this->dispatcher->dispatch(MagentoEvents::POST_LOGIN, $event);

        if ($this->sessionId) {
            return true;
        }

        return false;
    }

    /**
     * @return bool
     */
    public function logout()
    {
        $event = new SecurityEvent($this, null, null, $this->sessionId);
        $this->dispatcher->dispatch(MagentoEvents::PRE_LOGOUT, $event);

        if (null !== $this->sessionId) {
            if (null !== $this->logger) {
                $logId = $this->logger->start();
                $this->soapClient->endSession($this->sessionId);
                $this->logger->stop($logId, $this->connection, 'logout', 'session: ' . $this->sessionId);
            } else {
                $this->soapClient->endSession($this->sessionId);
            }

            $event = new SecurityEvent($this, null, null, $this->sessionId);
            $this->dispatcher->dispatch(MagentoEvents::POST_LOGOUT, $event);

            $this->sessionId = null;

            return true;
        }

        return false;
    }

    /**
     * @param ActionInterface $action
     * @param bool            $throwsException
     *
     * @return array|null
     * @throws MagentoException
     */
    public function call(ActionInterface $action, $throwsException = true)
    {
        try {
            if (is_null($this->sessionId) && $this->autoLogin) {
                $this->login();
            }

            if (is_null($this->sessionId)) {
                throw new MagentoException('Not connected.');
            }

            $event = new SingleCallTransportEvent($this, $action);
            $this->dispatcher->dispatch(MagentoEvents::PRE_SINGLE_CALL, $event);
            $action = $event->getAction();

            if (null !== $this->logger) {
                $logId  = $this->logger->start();
                $result = $this->soapClient->call($this->sessionId, $action->getMethod(), $action->getArguments());
                $this->logger->stop($logId, $this->connection, 'call', 'action: ' . $action->getMethod());
            } else {
                $result = $this->soapClient->call($this->sessionId, $action->getMethod(), $action->getArguments());
            }

            $event = new SingleCallTransportEvent($this, $action, $result);
            $this->dispatcher->dispatch(MagentoEvents::POST_SINGLE_CALL, $event);
            $result = $event->getResult();

            return $result;

        } catch (MagentoException $e) {
            if ($throwsException) {
                throw $e;
            }

            return null;
        }
    }

    /**
     * @param MultiCallQueueInterface $queue
     * @param bool                    $throwsException
     *
     * @return array
     * @throws MagentoException
     */
    public function multiCall(MultiCallQueueInterface $queue, $throwsException = false)
    {
        try {
            $this->checkSecurity();

            $event = new MultiCallTransportEvent($this, $queue);
            $this->dispatcher->dispatch(MagentoEvents::PRE_MULTI_CALL, $event);
            $queue = $event->getQueue();

            $actions = $this->getActions($queue);

            if (null !== $this->logger) {

                $logId   = $this->logger->start();
                $results = $this->soapClient->multiCall($this->sessionId, $actions);
                $this->logger->stop($logId, $this->connection, 'multicall', 'queue: ' . count($actions) . ' action(s)');
            } else {
                $results = $this->soapClient->multiCall($this->sessionId, $actions);
            }

            $event = new MultiCallTransportEvent($this, $queue, $results);
            $this->dispatcher->dispatch(MagentoEvents::POST_MULTI_CALL, $event);
            $queue   = $event->getQueue();
            $results = $event->getResults();

            $this->handleCallbacks($queue, $results);

            return $results;

        } catch (MagentoException $e) {
            return array();
        }
    }
}


1		<?php
2
3		/**
4		* @project Magento Bridge for Symfony 2.
5		*
6		* @author Sébastien MALOT <[email protected]>
7		* @license MIT
8		* @url <https://github.com/smalot/magento-bundle>
9		*
10		* For the full copyright and license information, please view the LICENSE
11		* file that was distributed with this source code.
12		*/
13
14		namespace Smalot\MagentoBundle\Adapter;
15
16		use Smalot\Magento\ActionInterface;
17		use Smalot\Magento\MultiCallQueueInterface;
18		use Smalot\Magento\RemoteAdapter as BaseRemoteAdapter;
19		use Smalot\MagentoBundle\Event\MultiCallTransportEvent;
20		use Smalot\MagentoBundle\Event\SecurityEvent;
21		use Smalot\MagentoBundle\Event\SingleCallTransportEvent;
22		use Smalot\MagentoBundle\Logger\LoggerInterface;
23		use Smalot\MagentoBundle\MagentoException;
24		use Smalot\MagentoBundle\MagentoEvents;
25		use Symfony\Component\EventDispatcher\EventDispatcherInterface;
26
27		/**
28		* Class RemoteAdapter
29		*
30		* @package Smalot\MagentoBundle\Adapter
31		*/
32		class RemoteAdapter extends BaseRemoteAdapter
33		{
34		/**
35		* @var string
36		*/
37		protected $connection;
38
39		/**
40		* @var \Symfony\Component\EventDispatcher\EventDispatcherInterface
41		*/
42		protected $dispatcher;
43
44		/**
45		* @var \Smalot\MagentoBundle\Logger\LoggerInterface
46		*/
47		protected $logger;
48
49		/**
50		* @param string $connection
51		* @param string $path
52		* @param string $apiUser
53		* @param string $apiKey
54		* @param array $options
55		* @param bool $autoLogin
56		*/
57		public function __construct($connection, $path, $apiUser, $apiKey, $options = array(), $autoLogin = true)
58		{
59		$this->connection = $connection;
60
61		parent::__construct($path, $apiUser, $apiKey, $options, $autoLogin);
62		}
63
64		/**
65		* @param EventDispatcherInterface $dispatcher
66		*
67		* @return $this
68		*/
69		public function setDispatcher(EventDispatcherInterface $dispatcher)
70		{
71		$this->dispatcher = $dispatcher;
72
73		return $this;
74		}
75
76		/**
77		* @param LoggerInterface $logger
78		*
79		* @return $this
80		*/
81		public function setLogger(LoggerInterface $logger)
82		{
83		$this->logger = $logger;
84
85		return $this;
86		}
87
88		/**
89		* @param string $apiUser
90		* @param string $apiKey
91		*
92		* @return bool
93		* @throws \Exception
94		*/
95		public function login($apiUser = null, $apiKey = null)
96		{
97		$apiUser = (null === $apiUser ? $this->apiUser : $apiUser);
98		$apiKey = (null === $apiKey ? $this->apiKey : $apiKey);
99
100		$event = new SecurityEvent($this, $apiUser, $apiKey);
101		$this->dispatcher->dispatch(MagentoEvents::PRE_LOGIN, $event);
102
103		// Retrieve ApiUser and ApiKey from SecurityEvent to allow override mechanism.
104		$apiUser = $event->getApiUser();
105		$apiKey = $event->getApiKey();
106
107	View Code Duplication	if (null !== $this->logger) {
		0 ignored issues – show Duplication introduced 2016-08-14 14:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
108		$logId = $this->logger->start();
109		$this->sessionId = $this->soapClient->login($apiUser, $apiKey);
110		$this->logger->stop($logId, $this->connection, 'login', 'session: ' . $this->sessionId);
111		} else {
112		$this->sessionId = $this->soapClient->login($apiUser, $apiKey);
113		}
114
115		$event = new SecurityEvent($this, $apiUser, $apiKey, $this->sessionId);
116		$this->dispatcher->dispatch(MagentoEvents::POST_LOGIN, $event);
117
118		if ($this->sessionId) {
119		return true;
120		}
121
122		return false;
123		}
124
125		/**
126		* @return bool
127		*/
128		public function logout()
129		{
130		$event = new SecurityEvent($this, null, null, $this->sessionId);
131		$this->dispatcher->dispatch(MagentoEvents::PRE_LOGOUT, $event);
132
133		if (null !== $this->sessionId) {
134		if (null !== $this->logger) {
135		$logId = $this->logger->start();
136		$this->soapClient->endSession($this->sessionId);
137		$this->logger->stop($logId, $this->connection, 'logout', 'session: ' . $this->sessionId);
138		} else {
139		$this->soapClient->endSession($this->sessionId);
140		}
141
142		$event = new SecurityEvent($this, null, null, $this->sessionId);
143		$this->dispatcher->dispatch(MagentoEvents::POST_LOGOUT, $event);
144
145		$this->sessionId = null;
146
147		return true;
148		}
149
150		return false;
151		}
152
153		/**
154		* @param ActionInterface $action
155		* @param bool $throwsException
156		*
157		* @return array\|null
158		* @throws MagentoException
159		*/
160		public function call(ActionInterface $action, $throwsException = true)
161		{
162		try {
163		if (is_null($this->sessionId) && $this->autoLogin) {
164		$this->login();
165		}
166
167		if (is_null($this->sessionId)) {
168		throw new MagentoException('Not connected.');
169		}
170
171		$event = new SingleCallTransportEvent($this, $action);
172		$this->dispatcher->dispatch(MagentoEvents::PRE_SINGLE_CALL, $event);
173		$action = $event->getAction();
174
175		if (null !== $this->logger) {
176		$logId = $this->logger->start();
177		$result = $this->soapClient->call($this->sessionId, $action->getMethod(), $action->getArguments());
178		$this->logger->stop($logId, $this->connection, 'call', 'action: ' . $action->getMethod());
179		} else {
180		$result = $this->soapClient->call($this->sessionId, $action->getMethod(), $action->getArguments());
181		}
182
183		$event = new SingleCallTransportEvent($this, $action, $result);
184		$this->dispatcher->dispatch(MagentoEvents::POST_SINGLE_CALL, $event);
185		$result = $event->getResult();
186
187		return $result;
188
189		} catch (MagentoException $e) {
190		if ($throwsException) {
191		throw $e;
192		}
193
194		return null;
195		}
196		}
197
198		/**
199		* @param MultiCallQueueInterface $queue
200		* @param bool $throwsException
201		*
202		* @return array
203		* @throws MagentoException
204		*/
205		public function multiCall(MultiCallQueueInterface $queue, $throwsException = false)
206		{
207		try {
208		$this->checkSecurity();
209
210		$event = new MultiCallTransportEvent($this, $queue);
211		$this->dispatcher->dispatch(MagentoEvents::PRE_MULTI_CALL, $event);
212		$queue = $event->getQueue();
213
214		$actions = $this->getActions($queue);
215
216	View Code Duplication	if (null !== $this->logger) {
		0 ignored issues – show Duplication introduced 2016-08-14 14:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
217		$logId = $this->logger->start();
218		$results = $this->soapClient->multiCall($this->sessionId, $actions);
219		$this->logger->stop($logId, $this->connection, 'multicall', 'queue: ' . count($actions) . ' action(s)');
220		} else {
221		$results = $this->soapClient->multiCall($this->sessionId, $actions);
222		}
223
224		$event = new MultiCallTransportEvent($this, $queue, $results);
225		$this->dispatcher->dispatch(MagentoEvents::POST_MULTI_CALL, $event);
226		$queue = $event->getQueue();
227		$results = $event->getResults();
228
229		$this->handleCallbacks($queue, $results);
230
231		return $results;
232
233		} catch (MagentoException $e) {
234		return array();
235		}
236		}
237		}
238

smalot / magento-bundle

Issues (7)

Security Analysis not enabled

Adapter/RemoteAdapter.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like