Issues in Request.php (master) - Issues in master - stefandoorn/3dbinpacking-php-api - Measure and Improve Code Quality continuously with Scrutinizer

Issues (21)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Entity/Request.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace BinPacking3d\Entity;

use BinPacking3d\EntityInterface;
use BinPacking3d\Exception\CriticalException;

/**
 * Class Request
 * @package BinPacking3d\Entity
 */
class Request implements EntityInterface
{

    /**
     * @var
     */
    private $username;
    /**
     * @var
     */
    private $apiKey;

    /**
     * @var array
     */
    private $bins = array();

    /**
     * @var array
     */
    private $items = array();

    /**
     * @return array
     * @throws \Exception
     */
    public function render()
    {
        $this->validate();

        // Render bins
        $bins = [];
        foreach ($this->yieldBins() as $bin) {
            $bins[] = $bin->render();
        }

        // Render items
        $items = [];
        foreach ($this->yieldItems() as $item) {
            $items[] = $item->render();
        }

        return [
            'username' => $this->getUsername(),
            'api_key' => $this->getApiKey(),
            'bins' => $bins,
            'items' => $items,
        ];
    }

    /**
     * @return bool
     * @throws \Exception
     */
    public function validate()
    {
        if ($this->getUsername() === null || $this->getApiKey() === null || empty($this->bins) || empty($this->items)) {
            throw new CriticalException('Not all required variables entered for rendering.');
        }

        return true;
    }

    /**
     * @return mixed
     */
    public function getUsername()
    {
        return $this->username;
    }

    /**
     * @param mixed $username
     * @return Request
     */
    public function setUsername($username)
    {
        $this->username = $username;

        return $this;
    }

    /**
     * @return mixed
     */
    public function getApiKey()
    {
        return $this->apiKey;
    }

    /**
     * @param mixed $apiKey
     * @return Request
     */
    public function setApiKey($apiKey)
    {
        $this->apiKey = $apiKey;

        return $this;
    }

    /**
     * @return \Generator
     */
    private function yieldBins()
    {
        foreach ($this->bins as $bin) {
            yield $bin;
        }
    }

    /**
     * @return \Generator
     */
    private function yieldItems()
    {
        foreach ($this->items as $item) {
            yield $item;
        }
    }

    /**
     * @param $identifier
     * @return mixed
     */
    public function getItem($identifier)
    {
        return $this->items[$identifier];
    }

    /**
     * @param $identifier
     * @return mixed
     */
    public function getBin($identifier)
    {
        return $this->bins[$identifier];
    }

    /**
     * @param Item $item
     * @return $this
     */
    public function addItem(Item $item)

    {
        // Check for unique identifier
        if (array_key_exists($item->getItemIdentifier(), $this->items)) {
            throw new CriticalException('Identifier already exists');
        }

        // Check if we can validate it
        if (!$item->validate()) {
            throw new CriticalException('Cannot validate item settings, item: ' . print_r($item->render(), true));
        }

        // Add to store
        $this->items[$item->getItemIdentifier()] = $item;

        return $this;
    }

    /**
     * @param Bin $bin
     * @return $this
     */
    public function addBin(Bin $bin)

    {
        // Check for unique identifier
        if (array_key_exists($bin->getIdentifier(), $this->bins)) {
            throw new CriticalException('Identifier already exists');
        }

        // Check if we can validate it
        if (!$bin->validate()) {
            throw new CriticalException('Cannot validate bin settings, bin: ' . print_r($bin->render(), true));
        }

        // Add to store
        $this->bins[$bin->getIdentifier()] = $bin;

        return $this;
    }

    /**
     * @return array
     */
    public function getBins()
    {
        return $this->bins;
    }

    /**
     * @param array $bins
     * @return Request
     */
    public function setBins($bins)
    {
        $this->bins = $bins;

        return $this;
    }

    /**
     * @return array
     */
    public function getItems()
    {
        return $this->items;
    }

    /**
     * @param array $items
     * @return Request
     */
    public function setItems($items)
    {
        $this->items = $items;

        return $this;
    }

}


1		<?php namespace BinPacking3d\Entity;
2
3		use BinPacking3d\EntityInterface;
4		use BinPacking3d\Exception\CriticalException;
5
6		/**
7		* Class Request
8		* @package BinPacking3d\Entity
9		*/
10		class Request implements EntityInterface
11		{
12
13		/**
14		* @var
15		*/
16		private $username;
17		/**
18		* @var
19		*/
20		private $apiKey;
21
22		/**
23		* @var array
24		*/
25		private $bins = array();
26
27		/**
28		* @var array
29		*/
30		private $items = array();
31
32		/**
33		* @return array
34		* @throws \Exception
35		*/
36		public function render()
37		{
38		$this->validate();
39
40		// Render bins
41		$bins = [];
42		foreach ($this->yieldBins() as $bin) {
43		$bins[] = $bin->render();
44		}
45
46		// Render items
47		$items = [];
48		foreach ($this->yieldItems() as $item) {
49		$items[] = $item->render();
50		}
51
52		return [
53		'username' => $this->getUsername(),
54		'api_key' => $this->getApiKey(),
55		'bins' => $bins,
56		'items' => $items,
57		];
58		}
59
60		/**
61		* @return bool
62		* @throws \Exception
63		*/
64		public function validate()
65		{
66		if ($this->getUsername() === null \|\| $this->getApiKey() === null \|\| empty($this->bins) \|\| empty($this->items)) {
67		throw new CriticalException('Not all required variables entered for rendering.');
68		}
69
70		return true;
71		}
72
73		/**
74		* @return mixed
75		*/
76		public function getUsername()
77		{
78		return $this->username;
79		}
80
81		/**
82		* @param mixed $username
83		* @return Request
84		*/
85		public function setUsername($username)
86		{
87		$this->username = $username;
88
89		return $this;
90		}
91
92		/**
93		* @return mixed
94		*/
95		public function getApiKey()
96		{
97		return $this->apiKey;
98		}
99
100		/**
101		* @param mixed $apiKey
102		* @return Request
103		*/
104		public function setApiKey($apiKey)
105		{
106		$this->apiKey = $apiKey;
107
108		return $this;
109		}
110
111		/**
112		* @return \Generator
113		*/
114		private function yieldBins()
115		{
116		foreach ($this->bins as $bin) {
117		yield $bin;
118		}
119		}
120
121		/**
122		* @return \Generator
123		*/
124		private function yieldItems()
125		{
126		foreach ($this->items as $item) {
127		yield $item;
128		}
129		}
130
131		/**
132		* @param $identifier
133		* @return mixed
134		*/
135		public function getItem($identifier)
136		{
137		return $this->items[$identifier];
138		}
139
140		/**
141		* @param $identifier
142		* @return mixed
143		*/
144		public function getBin($identifier)
145		{
146		return $this->bins[$identifier];
147		}
148
149		/**
150		* @param Item $item
151		* @return $this
152		*/
153	View Code Duplication	public function addItem(Item $item)
		0 ignored issues – show Duplication introduced 2017-10-04 07:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
154		{
155		// Check for unique identifier
156		if (array_key_exists($item->getItemIdentifier(), $this->items)) {
157		throw new CriticalException('Identifier already exists');
158		}
159
160		// Check if we can validate it
161		if (!$item->validate()) {
162		throw new CriticalException('Cannot validate item settings, item: ' . print_r($item->render(), true));
163		}
164
165		// Add to store
166		$this->items[$item->getItemIdentifier()] = $item;
167
168		return $this;
169		}
170
171		/**
172		* @param Bin $bin
173		* @return $this
174		*/
175	View Code Duplication	public function addBin(Bin $bin)
		0 ignored issues – show Duplication introduced 2017-10-04 07:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
176		{
177		// Check for unique identifier
178		if (array_key_exists($bin->getIdentifier(), $this->bins)) {
179		throw new CriticalException('Identifier already exists');
180		}
181
182		// Check if we can validate it
183		if (!$bin->validate()) {
184		throw new CriticalException('Cannot validate bin settings, bin: ' . print_r($bin->render(), true));
185		}
186
187		// Add to store
188		$this->bins[$bin->getIdentifier()] = $bin;
189
190		return $this;
191		}
192
193		/**
194		* @return array
195		*/
196		public function getBins()
197		{
198		return $this->bins;
199		}
200
201		/**
202		* @param array $bins
203		* @return Request
204		*/
205		public function setBins($bins)
206		{
207		$this->bins = $bins;
208
209		return $this;
210		}
211
212		/**
213		* @return array
214		*/
215		public function getItems()
216		{
217		return $this->items;
218		}
219
220		/**
221		* @param array $items
222		* @return Request
223		*/
224		public function setItems($items)
225		{
226		$this->items = $items;
227
228		return $this;
229		}
230
231		}
232

stefandoorn / 3dbinpacking-php-api

Issues (21)

Security Analysis no request data

src/Entity/Request.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like