Issues in CanvasObject.php (master) - Issues in master - smtech/canvaspest - Measure and Improve Code Quality continuously with Scrutinizer

Issues (14)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/CanvasObject.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/** smtech\CanvasPest\CanvasObject */

namespace smtech\CanvasPest;

/**
 * An object that represents a single Canvas object, providing both object-
 * style access (obj->key) and array-style access (array[key]).
 * CanvasObject objects are immutable, so attempts to change their
 * underlying data will result in exceptions.
 *
 * A CanvasObject is returned from any API request for which the endpoint ends
 * with a specific ID number (e.g. http://example.com/api/v1/accounts/1/users/1).
 *
 * @author Seth Battis <[email protected]>
 **/
class CanvasObject implements \ArrayAccess, \Serializable
{

    /** @var array $data Backing store */
    private $data;

    /**
     * Construct a CanvasObject
     *
     * @param string|string[] $response JSON-encoded response from the Canvas
     *                                  API or the resulting JSON-decoded
     *                                  associative array
     **/
    public function __construct($response)
    {
        if (is_array($response)) {
            $this->data = $response;
        } else {
            $this->data = json_decode($response, true);

        }
    }

    /***************************************************************************
     * Object methods
     */

    /**
     * Whether a property exists
     *
     * @param string $key
     *
     * @return bool
     *
     * @see http://php.net/manual/en/language.oop5.overloading.php#language.oop5.overloading.members
     *      Property overloading
     **/
    public function __isset($key)
    {
        return isset($this->data[$key]);
    }

    /**
     * Property to retrieve
     *
     * @param string $key
     *
     * @return mixed
     *
     * @see http://php.net/manual/en/language.oop5.overloading.php#language.oop5.overloading.members
     *      Property overloading
     **/
    public function __get($key)
    {
        return $this->data[$key];
    }

    /**
     * Whether a property exists
     *
     * @deprecated Canvas objects are immutable
     *
     * @param string $key
     * @param mixed $value
     *
     * @return void
     *
     * @throws CanvasObject_Exception IMMUTABLE All calls to this method will cause an exception
     *
     * @see http://php.net/manual/en/language.oop5.overloading.php#language.oop5.overloading.members
     *      Property overloading
     **/
    public function __set($key, $value)
    {
        throw new CanvasObject_Exception(
            'Canvas objects are immutable',
            CanvasObject_Exception::IMMUTABLE
        );
    }

    /**
     * Unset a property
     *
     * @deprecated Canvas objects are immutable
     *
     * @param string $key
     *
     * @return void
     *
     * @throws CanvasObject_Exception IMMUTABLE All calls to this method will cause an exception
     *
     * @see http://php.net/manual/en/language.oop5.overloading.php#language.oop5.overloading.members
     *      Property overloading
     **/
    public function __unset($key)
    {
        throw new CanvasObject_Exception(
            'Canvas objects are immutable',
            CanvasObject_Exception::IMMUTABLE
        );
    }

    /***************************************************************************
     * ArrayAccess methods
     */

    /**
     * Whether an offset exists
     *
     * @param int|string $offset
     *
     * @return bool
     *
     * @see http://php.net/manual/en/arrayaccess.offsetexists.php ArrayAccess::offsetExists()
     **/
    public function offsetExists($offset)
    {
        return isset($this->data[$offset]);
    }

    /**
     * Offset to retrieve
     *
     * @param int|string $offset
     *
     * @return mixed|null
     *
     * @see http://php.net/manual/en/arrayaccess.offsetexists.php ArrayAccess::offsetGet()
     **/
    public function offsetGet($offset)
    {
        return $this->data[$offset];
    }

    /**
     * Assign a value to the specified offset
     *
     * @deprecated Canvas objects are immutable
     *
     * @param int|string $offset
     * @param mixed $value
     *
     * @return void
     *
     * @throws CanvasObject_Exception IMMUTABLE All calls to this method will cause an exception
     *
     * @see http://php.net/manual/en/arrayaccess.offsetset.php ArrayAccess::offsetSet()
     **/
    public function offsetSet($offset, $value)
    {
        throw new CanvasObject_Exception(
            'Canvas objects are immutable',
            CanvasObject_Exception::IMMUTABLE
        );
    }

    /**
     * Unset an offset
     *
     * @deprecated Canvas objects are immutable
     *
     * @param int|string $offset
     *
     * @return void
     *
     * @throws CanvasObject_Exception IMMUTABLE All calls to this method will cause an exception
     *
     * @see http://php.net/manual/en/arrayaccess.offsetunset.php ArrayAccess::offsetUnset()
     **/
    public function offsetUnset($offset)
    {
        throw new CanvasObject_Exception(
            'Canvas objects are immutable',
            CanvasObject_Exception::IMMUTABLE
        );
    }

    /***************************************************************************
     * Serializable methods
     */

    /**
     * String representation of CanvasObject
     *
     * @return string
     *
     * @see http://php.net/manual/en/serializable.serialize.php Serializable::serialize()
     **/
    public function serialize()
    {
        return serialize($this->data);
    }

    /**
     * Construct a CanvasObject from its string representation
     *
     * @param string $data
     *
     * @return void
     *
     * @see http://php.net/manual/en/serializable.unserialize.php Serializable::unsserialize()
     **/
    public function unserialize($data)
    {
        $this->data = unserialize($data);
    }

    /**************************************************************************/

    /**
     * An array representation of the CanvasObject
     *
     * @return array
     **/
    public function getArrayCopy()
    {
        return $this->data;
    }
}


1		<?php
2
3		/** smtech\CanvasPest\CanvasObject */
4
5		namespace smtech\CanvasPest;
6
7		/**
8		* An object that represents a single Canvas object, providing both object-
9		* style access (obj->key) and array-style access (array[key]).
10		* CanvasObject objects are immutable, so attempts to change their
11		* underlying data will result in exceptions.
12		*
13		* A CanvasObject is returned from any API request for which the endpoint ends
14		* with a specific ID number (e.g. http://example.com/api/v1/accounts/1/users/1).
15		*
16		* @author Seth Battis <[email protected]>
17		**/
18		class CanvasObject implements \ArrayAccess, \Serializable
19		{
20
21		/** @var array $data Backing store */
22		private $data;
23
24		/**
25		* Construct a CanvasObject
26		*
27		* @param string\|string[] $response JSON-encoded response from the Canvas
28		* API or the resulting JSON-decoded
29		* associative array
30		**/
31	18	public function __construct($response)
32		{
33	18	if (is_array($response)) {
34	7	$this->data = $response;
35	7	} else {
36	11	$this->data = json_decode($response, true);
		0 ignored issues – show Documentation Bug introduced 2016-08-05 16:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `json_decode($response, true)` of type `*` is incompatible with the declared type `array` of property `$data`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
37		}
38	18	}
39
40		/***************************************************************************
41		* Object methods
42		*/
43
44		/**
45		* Whether a property exists
46		*
47		* @param string $key
48		*
49		* @return bool
50		*
51		* @see http://php.net/manual/en/language.oop5.overloading.php#language.oop5.overloading.members
52		* Property overloading
53		**/
54	1	public function __isset($key)
55		{
56	1	return isset($this->data[$key]);
57		}
58
59		/**
60		* Property to retrieve
61		*
62		* @param string $key
63		*
64		* @return mixed
65		*
66		* @see http://php.net/manual/en/language.oop5.overloading.php#language.oop5.overloading.members
67		* Property overloading
68		**/
69	1	public function __get($key)
70		{
71	1	return $this->data[$key];
72		}
73
74		/**
75		* Whether a property exists
76		*
77		* @deprecated Canvas objects are immutable
78		*
79		* @param string $key
80		* @param mixed $value
81		*
82		* @return void
83		*
84		* @throws CanvasObject_Exception IMMUTABLE All calls to this method will cause an exception
85		*
86		* @see http://php.net/manual/en/language.oop5.overloading.php#language.oop5.overloading.members
87		* Property overloading
88		**/
89	1	public function __set($key, $value)
90		{
91	1	throw new CanvasObject_Exception(
92	1	'Canvas objects are immutable',
93		CanvasObject_Exception::IMMUTABLE
94	1	);
95		}
96
97		/**
98		* Unset a property
99		*
100		* @deprecated Canvas objects are immutable
101		*
102		* @param string $key
103		*
104		* @return void
105		*
106		* @throws CanvasObject_Exception IMMUTABLE All calls to this method will cause an exception
107		*
108		* @see http://php.net/manual/en/language.oop5.overloading.php#language.oop5.overloading.members
109		* Property overloading
110		**/
111	1	public function __unset($key)
112		{
113	1	throw new CanvasObject_Exception(
114	1	'Canvas objects are immutable',
115		CanvasObject_Exception::IMMUTABLE
116	1	);
117		}
118
119		/***************************************************************************
120		* ArrayAccess methods
121		*/
122
123		/**
124		* Whether an offset exists
125		*
126		* @param int\|string $offset
127		*
128		* @return bool
129		*
130		* @see http://php.net/manual/en/arrayaccess.offsetexists.php ArrayAccess::offsetExists()
131		**/
132	1	public function offsetExists($offset)
133		{
134	1	return isset($this->data[$offset]);
135		}
136
137		/**
138		* Offset to retrieve
139		*
140		* @param int\|string $offset
141		*
142		* @return mixed\|null
143		*
144		* @see http://php.net/manual/en/arrayaccess.offsetexists.php ArrayAccess::offsetGet()
145		**/
146	8	public function offsetGet($offset)
147		{
148	8	return $this->data[$offset];
149		}
150
151		/**
152		* Assign a value to the specified offset
153		*
154		* @deprecated Canvas objects are immutable
155		*
156		* @param int\|string $offset
157		* @param mixed $value
158		*
159		* @return void
160		*
161		* @throws CanvasObject_Exception IMMUTABLE All calls to this method will cause an exception
162		*
163		* @see http://php.net/manual/en/arrayaccess.offsetset.php ArrayAccess::offsetSet()
164		**/
165	1	public function offsetSet($offset, $value)
166		{
167	1	throw new CanvasObject_Exception(
168	1	'Canvas objects are immutable',
169		CanvasObject_Exception::IMMUTABLE
170	1	);
171		}
172
173		/**
174		* Unset an offset
175		*
176		* @deprecated Canvas objects are immutable
177		*
178		* @param int\|string $offset
179		*
180		* @return void
181		*
182		* @throws CanvasObject_Exception IMMUTABLE All calls to this method will cause an exception
183		*
184		* @see http://php.net/manual/en/arrayaccess.offsetunset.php ArrayAccess::offsetUnset()
185		**/
186	1	public function offsetUnset($offset)
187		{
188	1	throw new CanvasObject_Exception(
189	1	'Canvas objects are immutable',
190		CanvasObject_Exception::IMMUTABLE
191	1	);
192		}
193
194		/***************************************************************************
195		* Serializable methods
196		*/
197
198		/**
199		* String representation of CanvasObject
200		*
201		* @return string
202		*
203		* @see http://php.net/manual/en/serializable.serialize.php Serializable::serialize()
204		**/
205	2	public function serialize()
206		{
207	2	return serialize($this->data);
208		}
209
210		/**
211		* Construct a CanvasObject from its string representation
212		*
213		* @param string $data
214		*
215		* @return void
216		*
217		* @see http://php.net/manual/en/serializable.unserialize.php Serializable::unsserialize()
218		**/
219	2	public function unserialize($data)
220		{
221	2	$this->data = unserialize($data);
222	2	}
223
224		/**************************************************************************/
225
226		/**
227		* An array representation of the CanvasObject
228		*
229		* @return array
230		**/
231	1	public function getArrayCopy()
232		{
233	1	return $this->data;
234		}
235		}
236

smtech / canvaspest

Issues (14)

Security Analysis no request data

src/CanvasObject.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like