db_mysql - Code Metrics - Inspection of "Rid off V0DbChangeSetManager" - supernova-ws/SuperNova - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — work-fleets ( 77ad6e...489db6 )

by SuperNova.WS

created 2016-07-31 20:43 UTC

db_mysql D

↳ Parent: Project

Complexity

Total Complexity

102

Size/Duplication

Total Lines	613
Duplicated Lines	3.43 %

Coupling/Cohesion

Components	2
Dependencies	9

Test Coverage

Coverage

Importance

Changes	25
Bugs	0	Features	0

Metric	Value
c	25
b	0
f	0
dl	21
loc	613
rs	4.8198
ccs	0
cts	278
cp	0
wmc	102
lcom	2
cbo	9

45 Methods

Rating	Name	Duplication	Size	Complexity
A	doSelectFetch()	0	3	1
A	doStmtLockAll()	0	10	1
A	db_fetch_row()	0	3	1
A	__construct()	0	3	1
A	load_db_settings()	0	9	2
C	sn_db_connect()	0	29	8
A	driver_connect()	0	11	3
A	db_disconnect()	0	8	2
A	replaceTablePlaceholders()	0	10	3
A	logQuery()	0	11	2
B	queryTrace()	0	19	7
B	doquery()	0	30	4
A	doExecute()	0	13	3
A	doSelect()	0	3	1
A	doSelectIterator()	0	11	2
B	security_watch_user_queries()	0	21	7
C	security_query_check_bad_words()	0	57	18
B	db_get_table_list()	0	20	5
A	db_prepare()	7	7	1
A	db_sql_query()	7	7	1
A	db_fetch()	7	7	1
A	db_escape()	0	3	1
A	driver_disconnect()	0	3	1
A	db_error()	0	3	1
A	db_insert_id()	0	3	1
A	db_num_rows()	0	3	1
A	db_affected_rows()	0	3	1
A	db_get_client_info()	0	3	1
A	db_get_server_info()	0	3	1
A	db_get_host_info()	0	3	1
A	db_get_server_stat()	0	11	2
A	db_core_show_status()	0	13	3
A	mysql_get_table_list()	0	3	1
A	mysql_get_innodb_status()	0	3	1
A	getTransaction()	0	3	1
A	transactionCheck()	0	3	1
A	transactionStart()	0	3	1
A	transactionCommit()	0	3	1
A	transactionRollback()	0	3	1
A	doSelectFetchValue()	0	5	2
A	doInsert()	0	3	1
A	doReplace()	0	3	1
A	doUpdate()	0	3	1
A	doDelete()	0	3	1
A	doDeleteRow()	0	3	1

How to fix Duplicated Code Complexity

Duplicated Code

Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.

Common duplication problems, and corresponding solutions are:

If you have the same expression in different places: Extract expression to a method
If you have the same method in different sub-classes: Extract method, and pull up field to the parent class
If you have the same code in unrelated classes: Consider extracting the code to a new class, and injecting that class

Complex Class

Tip: Before tackling complexity, make sure that you eliminate any duplication first. This often can reduce the size of classes significantly.

Complex classes like db_mysql often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.

Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.

While breaking up the class, it is a good idea to analyze how other classes use db_mysql, and based on these observations, apply Extract Interface, too.

<?php

/**
 * Created by Gorlum 01.09.2015 15:58
 */
class db_mysql {
  const TRANSACTION_SERIALIZABLE = 'SERIALIZABLE';
  const TRANSACTION_REPEATABLE_READ = 'REPEATABLE READ';
  const TRANSACTION_READ_COMMITTED = 'READ COMMITTED';
  const TRANSACTION_READ_UNCOMMITTED = 'READ UNCOMMITTED';

  /**
   * Статус соеднения с MySQL
   *
   * @var bool
   */
  public $connected = false;
  /**
   * Префикс названий таблиц в БД
   *
   * @var string
   */
  public $db_prefix = '';
  /**
   * Список таблиц в БД
   *
   * @var array
   */
  public $table_list = array();

  /**
   * Настройки БД
   *
   * @var array
   */
  protected $dbsettings = array();
  /**
   * Драйвер для прямого обращения к MySQL
   *
   * @var db_mysql_v5 $driver
   */
  public $driver = null;

  /**
   * Общее время запросов
   *
   * @var float $time_mysql_total
   */
  public $time_mysql_total = 0.0;

  /**
   * Amount of queries on this DB
   *
   * @var int
   */
  public $queryCount = 0;

  public $isWatching = false;

  /**
   * @var \DBAL\DbTransaction $transaction
   */
  protected $transaction;

  /**
   * Should query check be skipped?
   *
   * Used for altering sheme of DB
   *
   * @var bool $skipQueryCheck
   */
  protected $skipQueryCheck = false;

  /**
   * db_mysql constructor.
   *
   * @param \Common\GlobalContainer $gc
   */
  public function __construct($gc) {

    $this->transaction = new \DBAL\DbTransaction($this);
  }

  public function load_db_settings($configFile = '') {
    $dbsettings = array();

    empty($configFile) ? $configFile = SN_ROOT_PHYSICAL . "config" . DOT_PHP_EX : false;

    require $configFile;

    $this->dbsettings = $dbsettings;
  }

  /**
   * @param null|array $external_db_settings
   *
   * @return bool
   */
  public function sn_db_connect($external_db_settings = null) {
    $this->db_disconnect();

    if (!empty($external_db_settings) && is_array($external_db_settings)) {
      $this->dbsettings = $external_db_settings;
    }

    if (empty($this->dbsettings)) {
      $this->load_db_settings(SN_ROOT_PHYSICAL . "config" . DOT_PHP_EX);
    }

    // TODO - фатальные (?) ошибки на каждом шагу. Хотя - скорее Эксепшны
    if (!empty($this->dbsettings)) {
      $driver_name = empty($this->dbsettings['sn_driver']) ? 'db_mysql_v5' : $this->dbsettings['sn_driver'];
      $this->driver = new $driver_name();
      $this->db_prefix = $this->dbsettings['prefix'];

      $this->connected = $this->connected || $this->driver_connect();

      if ($this->connected) {
        $this->table_list = $this->db_get_table_list();
        // TODO Проверка на пустоту
      }
    } else {
      $this->connected = false;
    }

    return $this->connected;
  }

  protected function driver_connect() {
    if (!is_object($this->driver)) {
      classSupernova::$debug->error_fatal('DB Error - No driver for MySQL found!');
    }

    if (!method_exists($this->driver, 'mysql_connect')) {
      classSupernova::$debug->error_fatal('DB Error - WRONG MySQL driver!');
    }

    return $this->driver->mysql_connect($this->dbsettings);
  }

  public function db_disconnect() {
    if ($this->connected) {
      $this->connected = !$this->driver_disconnect();
      $this->connected = false;
    }

    return !$this->connected;
  }

  /**
   * @param string $query
   *
   * @return mixed|string
   */
  public function replaceTablePlaceholders($query) {
    $sql = $query;
    if (strpos($sql, '{{') !== false) {
      foreach ($this->table_list as $tableName) {
        $sql = str_replace("{{{$tableName}}}", $this->db_prefix . $tableName, $sql);
      }
    }

    return $sql;
  }

  /**
   * @param $query
   */
  protected function logQuery($query) {
    if (!classSupernova::$config->debug) {
      return;
    }

    $this->queryCount++;
    $arr = debug_backtrace();
    $file = end(explode('/', $arr[0]['file']));

    $line = $arr[0]['line'];
    classSupernova::$debug->add("<tr><th>Query {$this->queryCount}: </th><th>$query</th><th>{$file} @ {$line}</th><th>&nbsp;</th></tr>");
  }


  /**
   * @return string
   */
  public function queryTrace() {
    if (!defined('DEBUG_SQL_COMMENT') || constant('DEBUG_SQL_ERROR') !== true) {
      return '';
    }

    $backtrace = debug_backtrace();
    $sql_comment = classSupernova::$debug->compact_backtrace($backtrace, defined('DEBUG_SQL_COMMENT_LONG'));

    if (defined('DEBUG_SQL_ERROR') && constant('DEBUG_SQL_ERROR') === true) {
      classSupernova::$debug->add_to_array($sql_comment);
    }

    $sql_commented = implode("\r\n", $sql_comment);
    if (defined('DEBUG_SQL_ONLINE') && constant('DEBUG_SQL_ONLINE') === true) {
      classSupernova::$debug->warning($sql_commented, 'SQL Debug', LOG_DEBUG_SQL);
    }

    return $sql_commented;
  }

  /**
   * @param string $query
   *
   * @return array|bool|mysqli_result|null
   * @internal param bool $skip_query_check
   *
   */
  protected function doquery($query) {
    if (!$this->connected) {
      $this->sn_db_connect();
    }

    $stringQuery = $query;
    $stringQuery = trim($stringQuery);
    // You can't do it - 'cause you can break commented statement with line-end comments
    // $stringQuery = preg_replace("/\s+/", ' ', $stringQuery);


    $this->security_watch_user_queries($stringQuery);
    $this->security_query_check_bad_words($stringQuery);
    $this->logQuery($stringQuery);

    $stringQuery = $this->replaceTablePlaceholders($stringQuery);

    $queryTrace = $this->queryTrace();

    $queryResult = null;
    try {
      $queryResult = $this->db_sql_query($stringQuery . DbSqlHelper::quoteComment($queryTrace));
      if (!$queryResult) {
        throw new Exception();
      }
    } catch (Exception $e) {
      classSupernova::$debug->error($this->db_error() . "<br />{$query}<br />", 'SQL Error');
    }

    return $queryResult;
  }


  // Just wrappers to distinguish query types
  /**
   * Executes non-data manipulation statements
   *
   * Can execute queries with check skip
   * Honor current state of query checking
   *
   * @param string $query
   * @param bool   $skip_query_check
   *
   * @return array|bool|mysqli_result|null
   */
  public function doExecute($query, $skip_query_check = false) {
    $prevState = false;
    if ($skip_query_check) {
      $prevState = $this->skipQueryCheck;
      $this->skipQueryCheck = true;
    }
    $result = $this->doquery($query);
    if ($skip_query_check) {
      $this->skipQueryCheck = $prevState;
    }

    return $result;
  }


  public function doSelect($query) {
    return $this->doExecute($query);
  }

  /**
   * @param string $query
   *
   * @return array|null
   */
  public function doSelectFetch($query) {
    return $this->db_fetch($this->doSelect($query));

  }

  /**
   * @param string $query
   *
   * @return mixed|null
   */
  public function doSelectFetchValue($query) {
    $row = $this->doSelectFetch($query);

    return is_array($row) ? reset($row) : null;
  }


  public function doInsert($query) {
    return $this->doExecute($query);
  }

  public function doReplace($query) {
    return $this->doExecute($query);
  }


  public function doUpdate($query) {
    return $this->doExecute($query);
  }


  public function doDelete($query) {
    return $this->doExecute($query);
  }

  public function doDeleteRow($query) {
    return $this->doExecute($query);
  }


  /**
   * Returns iterator to iterate through mysqli_result
   *
   * @param string $query
   *
   * return DbResultIterator
   *
   * @return DbEmptyIterator|DbMysqliResultIterator
   */
  public function doSelectIterator($query) {
    $queryResult = $this->doSelect($query);

    if ($queryResult instanceof mysqli_result) {
      $result = new DbMysqliResultIterator($queryResult);
    } else {
      $result = new DbEmptyIterator();
    }

    return $result;
  }

  /**
   * @param DbQueryConstructor $stmt
   * @param bool               $skip_query_check
   */
  public function doStmtLockAll($stmt, $skip_query_check = false) {
    $this->doExecute(
      $stmt
        ->select()
        ->field(1)
        ->setForUpdate()
        ->__toString(),
      $skip_query_check
    );
  }

  // TODO Заменить это на новый логгер
  protected function security_watch_user_queries($query) {
    global $user;

    if (
      !$this->isWatching // Not already watching
      && !empty(classSupernova::$config->game_watchlist_array) // There is some players in watchlist
      && in_array($user['id'], classSupernova::$config->game_watchlist_array) // Current player is in watchlist
      && !preg_match('/^(select|commit|rollback|start transaction)/i', $query) // Current query should be watched
    ) {
      $this->isWatching = true;
      $msg = "\$query = \"{$query}\"\n\r";
      if (!empty($_POST)) {
        $msg .= "\n\r" . dump($_POST, '$_POST');
      }
      if (!empty($_GET)) {
        $msg .= "\n\r" . dump($_GET, '$_GET');
      }
      classSupernova::$debug->warning($msg, "Watching user {$user['id']}", 399, array('base_dump' => true));
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
      $this->isWatching = false;
    }
  }


  public function security_query_check_bad_words($query) {
    if ($this->skipQueryCheck) {
      return;
    }

    global $user, $dm_change_legit, $mm_change_legit;

    switch (true) {
      case stripos($query, 'RUNCATE TABL') != false:

      case stripos($query, 'ROP TABL') != false:

      case stripos($query, 'ENAME TABL') != false:

      case stripos($query, 'REATE DATABAS') != false:

      case stripos($query, 'REATE TABL') != false:

      case stripos($query, 'ET PASSWOR') != false:

      case stripos($query, 'EOAD DAT') != false:

      case stripos($query, 'RPG_POINTS') != false && stripos(trim($query), 'UPDATE ') === 0 && !$dm_change_legit:

      case stripos($query, 'METAMATTER') != false && stripos(trim($query), 'UPDATE ') === 0 && !$mm_change_legit:

      case stripos($query, 'AUTHLEVEL') != false && $user['authlevel'] < 3 && stripos($query, 'SELECT') !== 0:

        $report = "Hacking attempt (" . date("d.m.Y H:i:s") . " - [" . time() . "]):\n";
        $report .= ">Database Inforamation\n";
        $report .= "\tID - " . $user['id'] . "\n";
        $report .= "\tUser - " . $user['username'] . "\n";
        $report .= "\tAuth level - " . $user['authlevel'] . "\n";
        $report .= "\tAdmin Notes - " . $user['adminNotes'] . "\n";
        $report .= "\tCurrent Planet - " . $user['current_planet'] . "\n";
        $report .= "\tUser IP - " . $user['user_lastip'] . "\n";
        $report .= "\tUser IP at Reg - " . $user['ip_at_reg'] . "\n";
        $report .= "\tUser Agent- " . $_SERVER['HTTP_USER_AGENT'] . "\n";
        $report .= "\tCurrent Page - " . $user['current_page'] . "\n";
        $report .= "\tRegister Time - " . $user['register_time'] . "\n";
        $report .= "\n";

        $report .= ">Query Information\n";
        $report .= "\tQuery - " . $query . "\n";
        $report .= "\n";

        $report .= ">\$_SERVER Information\n";
        $report .= "\tIP - " . $_SERVER['REMOTE_ADDR'] . "\n";
        $report .= "\tHost Name - " . $_SERVER['HTTP_HOST'] . "\n";
        $report .= "\tUser Agent - " . $_SERVER['HTTP_USER_AGENT'] . "\n";
        $report .= "\tRequest Method - " . $_SERVER['REQUEST_METHOD'] . "\n";
        $report .= "\tCame From - " . $_SERVER['HTTP_REFERER'] . "\n";
        $report .= "\tPage is - " . $_SERVER['SCRIPT_NAME'] . "\n";
        $report .= "\tUses Port - " . $_SERVER['REMOTE_PORT'] . "\n";
        $report .= "\tServer Protocol - " . $_SERVER['SERVER_PROTOCOL'] . "\n";

        $report .= "\n--------------------------------------------------------------------------------------------------\n";

        $fp = fopen(SN_ROOT_PHYSICAL . 'badqrys.txt', 'a');
        fwrite($fp, $report);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
        fclose($fp);

        $message = 'Привет, я не знаю то, что Вы пробовали сделать, но команда, которую Вы только послали базе данных, не выглядела очень дружественной и она была заблокированна.<br /><br />Ваш IP, и другие данные переданны администрации сервера. Удачи!.';
        die($message);
      break;
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
    }
  }

  /**
   * @param bool $prefixed_only
   *
   * @return array
   */
  public function db_get_table_list($prefixed_only = true) {
    $query = $this->mysql_get_table_list();

    $prefix_length = strlen($this->db_prefix);

    $tl = array();
    while ($row = $this->db_fetch($query)) {
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
      foreach ($row as $table_name) {
        if (strpos($table_name, $this->db_prefix) === 0) {
          $table_name = substr($table_name, $prefix_length);
        } elseif ($prefixed_only) {
          continue;
        }
        // $table_name = str_replace($db_prefix, '', $table_name);

        $tl[$table_name] = $table_name;
      }
    }

    return $tl;
  }

  /**
   * @param string $statement
   *
   * @return bool|mysqli_stmt
   */
  public function db_prepare($statement) {

    $microtime = microtime(true);
    $result = $this->driver->mysql_prepare($statement);
    $this->time_mysql_total += microtime(true) - $microtime;

    return $result;
  }


  /**
   * L1 perform the query
   *
   * @param $query_string
   *
   * @return bool|mysqli_result
   */
  public function db_sql_query($query_string) {

    $microtime = microtime(true);
    $result = $this->driver->mysql_query($query_string);
    $this->time_mysql_total += microtime(true) - $microtime;

    return $result;
  }

  /**
   * L1 fetch assoc array
   *
   * @param mysqli_result $query
   *
   * @return array|null
   */
  public function db_fetch(&$query) {

    $microtime = microtime(true);
    $result = $this->driver->mysql_fetch_assoc($query);
    $this->time_mysql_total += microtime(true) - $microtime;

    return $result;
  }

  public function db_fetch_row(&$query) {
    return $this->driver->mysql_fetch_row($query);
  }

  public function db_escape($unescaped_string) {
    return $this->driver->mysql_real_escape_string($unescaped_string);
  }

  public function driver_disconnect() {
    return $this->driver->mysql_close_link();
  }

  public function db_error() {
    return $this->driver->mysql_error();
  }

  public function db_insert_id() {
    return $this->driver->mysql_insert_id();
  }

  public function db_num_rows(&$result) {
    return $this->driver->mysql_num_rows($result);
  }

  public function db_affected_rows() {
    return $this->driver->mysql_affected_rows();
  }

  /**
   * @return string
   */
  public function db_get_client_info() {
    return $this->driver->mysql_get_client_info();
  }

  /**
   * @return string
   */
  public function db_get_server_info() {
    return $this->driver->mysql_get_server_info();
  }

  /**
   * @return string
   */
  public function db_get_host_info() {
    return $this->driver->mysql_get_host_info();
  }

  public function db_get_server_stat() {
    $result = array();

    $status = explode('  ', $this->driver->mysql_stat());
    foreach ($status as $value) {
      $row = explode(': ', $value);
      $result[$row[0]] = $row[1];
    }

    return $result;
  }

  /**
   * @return array
   * @throws Exception
   */
  public function db_core_show_status() {
    $result = array();

    $query = $this->db_sql_query('SHOW STATUS;');
    if (is_bool($query)) {
      throw new Exception('Result of SHOW STATUS command is boolean - which should never happen. Connection to DB is lost?');
    }
    while ($row = db_fetch($query)) {
      $result[$row['Variable_name']] = $row['Value'];
    }

    return $result;
  }

  public function mysql_get_table_list() {
    return $this->db_sql_query('SHOW TABLES;');
  }

  public function mysql_get_innodb_status() {
    return $this->db_sql_query('SHOW ENGINE INNODB STATUS;');
  }

  /**
   * @return \DBAL\DbTransaction
   */
  public function getTransaction() {
    return $this->transaction;
  }

  // Some wrappers to DbTransaction
  // Unused for now
  public function transactionCheck($status = null) {
    return $this->transaction->check($status);
  }

  public function transactionStart($level = '') {
    return $this->transaction->start($level);
  }

  public function transactionCommit() {
    return $this->transaction->commit();
  }

  public function transactionRollback() {
    return $this->transaction->rollback();
  }

}


Push — work-fleets ( 77ad6e...489db6 )

db_mysql D

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

45 Methods

How to fix Duplicated Code Complexity

Duplicated Code

Complex Class

7 paths for user data to reach this point

General Strategies to prevent injection

1			<?php
2
3			/**
4			* Created by Gorlum 01.09.2015 15:58
5			*/
6			class db_mysql {
7			const TRANSACTION_SERIALIZABLE = 'SERIALIZABLE';
8			const TRANSACTION_REPEATABLE_READ = 'REPEATABLE READ';
9			const TRANSACTION_READ_COMMITTED = 'READ COMMITTED';
10			const TRANSACTION_READ_UNCOMMITTED = 'READ UNCOMMITTED';
11
12			/**
13			* Статус соеднения с MySQL
14			*
15			* @var bool
16			*/
17			public $connected = false;
18			/**
19			* Префикс названий таблиц в БД
20			*
21			* @var string
22			*/
23			public $db_prefix = '';
24			/**
25			* Список таблиц в БД
26			*
27			* @var array
28			*/
29			public $table_list = array();
30
31			/**
32			* Настройки БД
33			*
34			* @var array
35			*/
36			protected $dbsettings = array();
37			/**
38			* Драйвер для прямого обращения к MySQL
39			*
40			* @var db_mysql_v5 $driver

supernova-ws / SuperNova

Push — work-fleets ( 77ad6e...489db6 )

db_mysql D

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

45 Methods

How to fix Duplicated Code Complexity

Duplicated Code

Complex Class

7 paths for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like