Issues in Persistence.php (master) - Issues in master - sokil/php-mongo - Measure and Improve Code Quality continuously with Scrutinizer

Issues (142)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Persistence.php (3 issues)

Labels

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * This file is part of the PHPMongo package.
 *
 * (c) Dmytro Sokil <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Sokil\Mongo;

/**
 * Class use MongoWriteBatch classes from PECL driver above v. 1.5.0.
 * Before this version legacy persistencee must be used
 */
class Persistence implements \Countable
{
    const STATE_SAVE = 0;
    const STATE_REMOVE = 1;

    /**
     * @var \SplObjectStorage
     */
    protected $pool;

    public function __construct()
    {
        $this->pool = new \SplObjectStorage;
    }

    /**
     * Check if document already watched
     *
     * @param Document $document
     * @return bool
     */
    public function contains(Document $document)
    {
        return $this->pool->contains($document);
    }

    /**
     * Get count of documents in pool
     * @return int
     */
    public function count()
    {
        return $this->pool->count();
    }

    /**
     * Add document to watching pool for save
     *
     * @param Document $document
     * @return \Sokil\Mongo\Persistence
     */
    public function persist(Document $document)
    {
        $this->pool->attach($document, self::STATE_SAVE);

        return $this;
    }

    /**
     * Add document to watching pool for remove
     *
     * @param Document $document
     * @return \Sokil\Mongo\Persistence
     */
    public function remove(Document $document)
    {
        $this->pool->attach($document, self::STATE_REMOVE);

        return $this;
    }

    /**
     * Send data to database
     *
     * @return \Sokil\Mongo\Persistence
     */
    public function flush()
    {
        $insert = array();
        $update = array();
        $delete = array();

        // fill batch objects
        foreach ($this->pool as $document) {
            /* @var $document \Sokil\Mongo\Document */

            // collection
            $collection = $document->getCollection();
            $collectionName = $collection->getName();

            // persisting
            switch ($this->pool->offsetGet($document)) {
                case self::STATE_SAVE:
                    if ($document->isStored()) {
                        if (!isset($update[$collectionName])) {
                            $update[$collectionName] = new \MongoUpdateBatch($collection->getMongoCollection());
                        }
                        $update[$collectionName]->add(array(
                            'q' => array(
                                '_id' => $document->getId(),
                            ),
                            'u' => $document->getOperator()->toArray(),
                        ));
                    } else {
                        if (!isset($insert[$collectionName])) {
                            $insert[$collectionName] = new \MongoInsertBatch($collection->getMongoCollection());
                        }
                        $insert[$collectionName]->add($document->toArray());
                    }
                    break;

                case self::STATE_REMOVE:
                    // delete document form db
                    if ($document->isStored()) {
                        if (!isset($delete[$collectionName])) {
                            $delete[$collectionName] = new \MongoDeleteBatch($collection->getMongoCollection());
                        }
                        $delete[$collectionName]->add(array(
                            'q' => array(
                                '_id' => $document->getId(),
                            ),
                            'limit' => 1,
                        ));
                    }
                    // remove link form pool
                    $this->detach($document);
                    break;
            }
        }

        // write operations
        $writeOptions = array('w' => 1);
        
        // execute batch insert operations
        if ($insert) {

            foreach ($insert as $collectionName => $collectionInsert) {
                $collectionInsert->execute($writeOptions);
            }
        }

        // execute batch update operations
        if ($update) {

            foreach ($update as $collectionName => $collectionUpdate) {
                $collectionUpdate->execute($writeOptions);
            }
        }

        // execute batch delete operations
        if ($delete) {

            foreach ($delete as $collectionName => $collectionDelete) {
                $collectionDelete->execute($writeOptions);
            }
        }

        return $this;
    }

    /**
     * Stop watching document
     *
     * @param Document $document
     * @return \Sokil\Mongo\Persistence
     */
    public function detach(Document $document)
    {
        $this->pool->detach($document);

        return $this;
    }

    /**
     * Detach all documents from pool
     * @return \Sokil\Mongo\Persistence
     */
    public function clear()
    {
        $this->pool->removeAll($this->pool);

        return $this;
    }
}


1			<?php
2
3			/**
4			* This file is part of the PHPMongo package.
5			*
6			* (c) Dmytro Sokil <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			namespace Sokil\Mongo;
13
14			/**
15			* Class use MongoWriteBatch classes from PECL driver above v. 1.5.0.
16			* Before this version legacy persistencee must be used
17			*/
18			class Persistence implements \Countable
19			{
20			const STATE_SAVE = 0;
21			const STATE_REMOVE = 1;
22
23			/**
24			* @var \SplObjectStorage
25			*/
26			protected $pool;
27
28			public function __construct()
29			{
30			$this->pool = new \SplObjectStorage;
31			}
32
33			/**
34			* Check if document already watched
35			*
36			* @param Document $document
37			* @return bool
38			*/
39			public function contains(Document $document)
40			{
41			return $this->pool->contains($document);
42			}
43
44			/**
45			* Get count of documents in pool
46			* @return int
47			*/
48			public function count()
49			{
50			return $this->pool->count();
51			}
52
53			/**
54			* Add document to watching pool for save
55			*
56			* @param Document $document
57			* @return \Sokil\Mongo\Persistence
58			*/
59			public function persist(Document $document)
60			{
61			$this->pool->attach($document, self::STATE_SAVE);
62
63			return $this;
64			}
65
66			/**
67			* Add document to watching pool for remove
68			*
69			* @param Document $document
70			* @return \Sokil\Mongo\Persistence
71			*/
72			public function remove(Document $document)
73			{
74			$this->pool->attach($document, self::STATE_REMOVE);
75
76			return $this;
77			}
78
79			/**
80			* Send data to database
81			*
82			* @return \Sokil\Mongo\Persistence
83			*/
84			public function flush()
85			{
86			$insert = array();
87			$update = array();
88			$delete = array();
89
90			// fill batch objects
91			foreach ($this->pool as $document) {
92			/* @var $document \Sokil\Mongo\Document */
93
94			// collection
95			$collection = $document->getCollection();
96			$collectionName = $collection->getName();
97
98			// persisting
99			switch ($this->pool->offsetGet($document)) {
100			case self::STATE_SAVE:
101			if ($document->isStored()) {
102			if (!isset($update[$collectionName])) {
103			$update[$collectionName] = new \MongoUpdateBatch($collection->getMongoCollection());
104			}
105			$update[$collectionName]->add(array(
106			'q' => array(
107			'_id' => $document->getId(),
108			),
109			'u' => $document->getOperator()->toArray(),
110			));
111			} else {
112			if (!isset($insert[$collectionName])) {
113			$insert[$collectionName] = new \MongoInsertBatch($collection->getMongoCollection());
114			}
115			$insert[$collectionName]->add($document->toArray());
116			}
117			break;
118
119			case self::STATE_REMOVE:
120			// delete document form db
121			if ($document->isStored()) {
122			if (!isset($delete[$collectionName])) {
123			$delete[$collectionName] = new \MongoDeleteBatch($collection->getMongoCollection());
124			}
125			$delete[$collectionName]->add(array(
126			'q' => array(
127			'_id' => $document->getId(),
128			),
129			'limit' => 1,
130			));
131			}
132			// remove link form pool
133			$this->detach($document);
134			break;
135			}
136			}
137
138			// write operations
139			$writeOptions = array('w' => 1);
140
141			// execute batch insert operations
142			if ($insert) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-03 20:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$insert` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
143			foreach ($insert as $collectionName => $collectionInsert) {
144			$collectionInsert->execute($writeOptions);
145			}
146			}
147
148			// execute batch update operations
149			if ($update) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-03 20:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$update` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
150			foreach ($update as $collectionName => $collectionUpdate) {
151			$collectionUpdate->execute($writeOptions);
152			}
153			}
154
155			// execute batch delete operations
156			if ($delete) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-03 20:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$delete` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
157			foreach ($delete as $collectionName => $collectionDelete) {
158			$collectionDelete->execute($writeOptions);
159			}
160			}
161
162			return $this;
163			}
164
165			/**
166			* Stop watching document
167			*
168			* @param Document $document
169			* @return \Sokil\Mongo\Persistence
170			*/
171			public function detach(Document $document)
172			{
173			$this->pool->detach($document);
174
175			return $this;
176			}
177
178			/**
179			* Detach all documents from pool
180			* @return \Sokil\Mongo\Persistence
181			*/
182			public function clear()
183			{
184			$this->pool->removeAll($this->pool);
185
186			return $this;
187			}
188			}
189

GitHub Access Token became invalid

Issues (142)

Security Analysis no request data

src/Persistence.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

sokil / php-mongo

GitHub Access Token became invalid

Issues (142)

Security Analysis no request data

src/Persistence.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like