Issues in BaseApp.php (master) - Issues in master - starweb/starlit-app - Measure and Improve Code Quality continuously with Scrutinizer

Issues (19)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/BaseApp.php (4 issues)

Labels

Unused Code 4

Severity

Minor 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php declare(strict_types=1);
/**
 * Starlit App.
 *
 * @copyright Copyright (c) 2016 Starweb AB
 * @license   BSD 3-Clause
 */

namespace Starlit\App;

use Starlit\App\Container\Container;
use Starlit\App\Provider\BootableServiceProviderInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Exception\ResourceNotFoundException;
use Starlit\App\Provider\ServiceProviderInterface;
use Starlit\App\Provider\StandardServiceProvider;
use Starlit\App\Provider\ErrorServiceProvider;

class BaseApp extends Container
{
    /**
     * @const string
     */
    const CHARSET = 'UTF-8';

    /**
     * @var Config
     */
    protected $config;

    /**
     * @var string
     */
    protected $environment;

    /**
     * @var ServiceProviderInterface[]
     */
    protected $providers = [];

    /**
     * @var bool
     */
    protected $booted = false;

    /**
     * @var bool
     */
    protected $isCli = false;

    /**
     * Constructor.
     *
     * @param array|Config $config
     * @param string       $environment Defaults to "production"
     */
    public function __construct(array $config = [], string $environment = 'production')
    {
        if ($config instanceof Config) {
            $this->config = $config;
        } else {
            $this->config = new Config($config);
        }

        $this->environment = $environment;

        $this->init();
    }

    /**
     * Initializes the application object.

     * Override and put initialization code that should always be run as early as
     * possible here, but make sure no objects are actually instanced here, because then
     * mock objects can't be injected in their place. Place object instance code in
     * the preHandle method.
     */
    protected function init(): void
    {
        $this->isCli = (PHP_SAPI === 'cli');

        if ($this->config->has('phpSettings')) {
            $this->setPhpSettings($this->config->get('phpSettings'));
        }

        $this->registerProviders();
    }

    protected function registerProviders(): void
    {
        $this->register(new ErrorServiceProvider());
        $this->register(new StandardServiceProvider());
    }

    public function register(ServiceProviderInterface $provider): void
    {
        $this->providers[] = $provider;

        $provider->register($this);
    }

    protected function setPhpSettings(array $phpSettings, string $prefix = ''): void
    {
        foreach ($phpSettings as $key => $val) {
            $key = $prefix . $key;
            if (\is_scalar($val)) {
                \ini_set($key, $val);
            } elseif (\is_array($val)) {
                $this->setPhpSettings($val, $key . '.'); // Set sub setting with a recursive call
            }
        }
    }

    /**
     * Boot the application and its service providers.
     *
     * This is normally called by handle(). If requests are not handled
     * this method will have to called manually to boot.
     */
    public function boot(): void
    {
        if ($this->booted) {
            return;
        }

        foreach ($this->providers as $provider) {
            if ($provider instanceof BootableServiceProviderInterface) {
                $provider->boot($this);
            }
        }

        $this->booted = true;
    }

    /**
     * Pre handle method meant to be overridden in descendant classes (optional).
     *
     * This method is called before an request is handled. Object instance code should be
     * place here and not in init() (more info about this at init()).
     *
     * @param Request $request
     * @return Response|null
     */
    protected function preHandle(Request $request): ?Response

    {
        return null;
    }

    /**
     * Post route method meant to be overridden in descendant classes (optional).
     * This method is called before an request is dispatched  but after it's routed. This means that  we know
     * it's a valid route and have access to the route attributes at this stage.
     *
     * @param Request $request
     * @return Response|null
     */
    protected function postRoute(Request $request): ?Response

    {
        return null;
    }

    /**
     * Handles an http request and returns a response.
     *
     * @param Request $request
     * @return Response
     */
    public function handle(Request $request): Response
    {
        $this->alias('request', Request::class);
        $this->set(Request::class, $request);

        $this->boot();

        if (($preHandleResponse = $this->preHandle($request))) {
            return $preHandleResponse;
        }

        try {
            $controller = $this->get(RouterInterface::class)->route($request);

            if (($postRouteResponse = $this->postRoute($request))) {
                return $postRouteResponse;
            }

            $response = $controller->dispatch();
        } catch (ResourceNotFoundException $e) {
            $response = $this->getNoRouteResponse($request);
        }

        $this->postHandle($request);

        return $response;
    }

    protected function getNoRouteResponse(Request $request): Response

    {
        return new Response('Not Found', 404);
    }

    /**
     * Post handle method meant to be overridden in descendant classes (optional).
     * This method is called after an request has been handled but before
     * the response is returned from the handle method.
     *
     * @param Request $request
     */
    protected function postHandle(Request $request): void

    {
    }

    public function getConfig(): Config
    {
        return $this->config;
    }

    public function isCli(): bool
    {
        return $this->isCli;
    }

    public function getRequest(): ?Request
    {
        return $this->has(Request::class) ? $this->get(Request::class) : null;
    }

    public function getEnvironment(): string
    {
        return $this->environment;
    }
}


GitHub Access Token became invalid

Issues (19)

Security Analysis not enabled

src/BaseApp.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php declare(strict_types=1);
2		/**
3		* Starlit App.
4		*
5		* @copyright Copyright (c) 2016 Starweb AB
6		* @license BSD 3-Clause
7		*/
8
9		namespace Starlit\App;
10
11		use Starlit\App\Container\Container;
12		use Starlit\App\Provider\BootableServiceProviderInterface;
13		use Symfony\Component\HttpFoundation\Request;
14		use Symfony\Component\HttpFoundation\Response;
15		use Symfony\Component\Routing\Exception\ResourceNotFoundException;
16		use Starlit\App\Provider\ServiceProviderInterface;
17		use Starlit\App\Provider\StandardServiceProvider;
18		use Starlit\App\Provider\ErrorServiceProvider;
19
20		class BaseApp extends Container
21		{
22		/**
23		* @const string
24		*/
25		const CHARSET = 'UTF-8';
26
27		/**
28		* @var Config
29		*/
30		protected $config;
31
32		/**
33		* @var string
34		*/
35		protected $environment;
36
37		/**
38		* @var ServiceProviderInterface[]
39		*/
40		protected $providers = [];
41
42		/**
43		* @var bool
44		*/
45		protected $booted = false;
46
47		/**
48		* @var bool
49		*/
50		protected $isCli = false;
51
52		/**
53		* Constructor.
54		*
55		* @param array\|Config $config
56		* @param string $environment Defaults to "production"
57		*/
58	22	public function __construct(array $config = [], string $environment = 'production')
59		{
60	22	if ($config instanceof Config) {
61		$this->config = $config;
62		} else {
63	22	$this->config = new Config($config);
64		}
65
66	22	$this->environment = $environment;
67
68	22	$this->init();
69	22	}
70
71		/**
72		* Initializes the application object.
73
74		* Override and put initialization code that should always be run as early as
75		* possible here, but make sure no objects are actually instanced here, because then
76		* mock objects can't be injected in their place. Place object instance code in
77		* the preHandle method.
78		*/
79	22	protected function init(): void
80		{
81	22	$this->isCli = (PHP_SAPI === 'cli');
82
83	22	if ($this->config->has('phpSettings')) {
84	22	$this->setPhpSettings($this->config->get('phpSettings'));
85		}
86
87	22	$this->registerProviders();
88	22	}
89
90	22	protected function registerProviders(): void
91		{
92	22	$this->register(new ErrorServiceProvider());
93	22	$this->register(new StandardServiceProvider());
94	22	}
95
96	22	public function register(ServiceProviderInterface $provider): void
97		{
98	22	$this->providers[] = $provider;
99
100	22	$provider->register($this);
101	22	}
102
103	22	protected function setPhpSettings(array $phpSettings, string $prefix = ''): void
104		{
105	22	foreach ($phpSettings as $key => $val) {
106	22	$key = $prefix . $key;
107	22	if (\is_scalar($val)) {
108	22	\ini_set($key, $val);
109	22	} elseif (\is_array($val)) {
110	22	$this->setPhpSettings($val, $key . '.'); // Set sub setting with a recursive call
111		}
112		}
113	22	}
114
115		/**
116		* Boot the application and its service providers.
117		*
118		* This is normally called by handle(). If requests are not handled
119		* this method will have to called manually to boot.
120		*/
121	6	public function boot(): void
122		{
123	6	if ($this->booted) {
124	1	return;
125		}
126
127	6	foreach ($this->providers as $provider) {
128	6	if ($provider instanceof BootableServiceProviderInterface) {
129	2	$provider->boot($this);
130		}
131		}
132
133	6	$this->booted = true;
134	6	}
135
136		/**
137		* Pre handle method meant to be overridden in descendant classes (optional).
138		*
139		* This method is called before an request is handled. Object instance code should be
140		* place here and not in init() (more info about this at init()).
141		*
142		* @param Request $request
143		* @return Response\|null
144		*/
145	3	protected function preHandle(Request $request): ?Response
		0 ignored issues – show Unused Code introduced 2019-04-11 08:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$request` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
146		{
147	3	return null;
148		}
149
150		/**
151		* Post route method meant to be overridden in descendant classes (optional).
152		* This method is called before an request is dispatched but after it's routed. This means that we know
153		* it's a valid route and have access to the route attributes at this stage.
154		*
155		* @param Request $request
156		* @return Response\|null
157		*/
158	1	protected function postRoute(Request $request): ?Response
		0 ignored issues – show Unused Code introduced 2019-04-11 08:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$request` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
159		{
160	1	return null;
161		}
162
163		/**
164		* Handles an http request and returns a response.
165		*
166		* @param Request $request
167		* @return Response
168		*/
169	4	public function handle(Request $request): Response
170		{
171	4	$this->alias('request', Request::class);
172	4	$this->set(Request::class, $request);
173
174	4	$this->boot();
175
176	4	if (($preHandleResponse = $this->preHandle($request))) {
177	1	return $preHandleResponse;
178		}
179
180		try {
181	3	$controller = $this->get(RouterInterface::class)->route($request);
182
183	2	if (($postRouteResponse = $this->postRoute($request))) {
184	1	return $postRouteResponse;
185		}
186
187	1	$response = $controller->dispatch();
188	1	} catch (ResourceNotFoundException $e) {
189	1	$response = $this->getNoRouteResponse($request);
190		}
191
192	2	$this->postHandle($request);
193
194	2	return $response;
195		}
196
197	1	protected function getNoRouteResponse(Request $request): Response
		0 ignored issues – show Unused Code introduced 2019-04-11 08:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$request` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
198		{
199	1	return new Response('Not Found', 404);
200		}
201
202		/**
203		* Post handle method meant to be overridden in descendant classes (optional).
204		* This method is called after an request has been handled but before
205		* the response is returned from the handle method.
206		*
207		* @param Request $request
208		*/
209	2	protected function postHandle(Request $request): void
		0 ignored issues – show Unused Code introduced 2019-04-11 08:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$request` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
210		{
211	2	}
212
213	22	public function getConfig(): Config
214		{
215	22	return $this->config;
216		}
217
218	22	public function isCli(): bool
219		{
220	22	return $this->isCli;
221		}
222
223	1	public function getRequest(): ?Request
224		{
225	1	return $this->has(Request::class) ? $this->get(Request::class) : null;
226		}
227
228	1	public function getEnvironment(): string
229		{
230	1	return $this->environment;
231		}
232		}
233

starweb / starlit-app

GitHub Access Token became invalid

Issues (19)

Security Analysis not enabled

src/BaseApp.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like