V2PropertyContainer::__set() - Code Metrics - Inspection of "CODE-misc-41a51.59: Streamlined some code" - supernova-ws/SuperNova - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — work-fleets ( 867546...331178 )

by SuperNova.WS

created 2016-08-10 19:21 UTC

V2PropertyContainer::__set() A

↳ Parent: V2PropertyContainer

Complexity

Conditions	3
Paths	3

Size

Total Lines	9
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	12

Importance

Changes	5
Bugs	0	Features	1

Metric	Value
cc	3
eloc	7
c	5
b	0
f	1
nc	3
nop	2
dl	0
loc	9
ccs	0
cts	9
cp	0
crap	12
rs	9.6666

<?php

use \Common\ContainerMagic;
use \Common\IPropertyContainer;

class V2PropertyContainer extends ContainerMagic implements IPropertyContainer {

  /**
   * Property descriptions
   *
   * @var array[]
   */
  protected $properties = array();

  /**
   * Array of accessors - getters/setters/etc
   *
   * Getter is a callable like
   *    function () use ($that) {}
   *  or Pimple-like (P_CONTAINER_GETTER_PIMPLE)
   *    function ($this) {}
   *
   * Setter is a callable like
   *    function ($value) use ($that) {}
   *
   * Importer is a callable like
   *    function (&$row) use ($this) {}
   *
   * Exporter is a callable like
   *    function (&$row) use ($this) {}
   *
   * @var callable[][]
   */
  protected $accessors;

  public function setProperties($properties) {
    $this->properties = $properties;
  }

  // TODO - batch assign
  public function assignAccessor($varName, $type, $callable) {
    if (empty($callable)) {
      return;
    }

    if (is_callable($callable)) {
      $this->accessors[$type][$varName] = $callable;
    } else {
      throw new Exception('Error assigning callable in ' . get_called_class() . '! Callable typed [' . $type . '] is not a callable or not accessible in the scope');
    }
  }

  public function __set($name, $value) {
    if(is_callable($value)) {
      $this->accessors[$name][P_CONTAINER_GETTER_PIMPLE] = $value;
    } elseif (is_callable($this->accessors[$name][P_CONTAINER_SETTER])) {
      call_user_func($this->accessors[$name][P_CONTAINER_SETTER], $value);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
    } else {
      $this->values[$name] = $value;
    }
  }

  public function __get($name) {
    if (is_callable($this->accessors[$name][P_CONTAINER_GETTER_PIMPLE])) {
      return call_user_func($this->accessors[$name][P_CONTAINER_GETTER_PIMPLE], $this);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
    } elseif (is_callable($this->accessors[$name][P_CONTAINER_GETTER])) {
      return call_user_func($this->accessors[$name][P_CONTAINER_GETTER]);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
    } else {
      return $this->values[$name];
    }
  }

  public function __isset($name) {
    // TODO - or here already can isset($this->name) ????

    $value = $this->$name;
    return isset($value);
  }

  public function clearProperties() {
    foreach ($this->properties as $propertyName => $propertyData) {
      unset($this->values[$propertyName]);
    }
  }

}


Push — work-fleets ( 867546...331178 )

V2PropertyContainer::__set() A

Complexity

Size

Duplication

Code Coverage

Importance

1 path for user data to reach this point

General Strategies to prevent injection

1 path for user data to reach this point

General Strategies to prevent injection

1 path for user data to reach this point

General Strategies to prevent injection

1			<?php
2
3			use \Common\ContainerMagic;
4			use \Common\IPropertyContainer;
5
6			class V2PropertyContainer extends ContainerMagic implements IPropertyContainer {
7
8			/**
9			* Property descriptions
10			*
11			* @var array[]
12			*/
13			protected $properties = array();
14
15			/**
16			* Array of accessors - getters/setters/etc
17			*
18			* Getter is a callable like
19			* function () use ($that) {}
20			* or Pimple-like (P_CONTAINER_GETTER_PIMPLE)
21			* function ($this) {}
22			*
23			* Setter is a callable like
24			* function ($value) use ($that) {}
25			*
26			* Importer is a callable like
27			* function (&$row) use ($this) {}
28			*
29			* Exporter is a callable like
30			* function (&$row) use ($this) {}
31			*
32			* @var callable[][]
33			*/
34			protected $accessors;
35
36			public function setProperties($properties) {
37			$this->properties = $properties;
38			}
39
40			// TODO - batch assign
41			public function assignAccessor($varName, $type, $callable) {
42			if (empty($callable)) {
43			return;
44			}
45
46			if (is_callable($callable)) {
47			$this->accessors[$type][$varName] = $callable;
48			} else {
49			throw new Exception('Error assigning callable in ' . get_called_class() . '! Callable typed [' . $type . '] is not a callable or not accessible in the scope');
50			}
51			}
52
53			public function __set($name, $value) {
54			if(is_callable($value)) {
55			$this->accessors[$name][P_CONTAINER_GETTER_PIMPLE] = $value;
56			} elseif (is_callable($this->accessors[$name][P_CONTAINER_SETTER])) {
57			call_user_func($this->accessors[$name][P_CONTAINER_SETTER], $value);
			0 ignored issues – show Security Code Execution introduced 2016-08-10 19:27 UTC by Report Bug Copy Issue Report `$this->accessors[$name][P_CONTAINER_SETTER]` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_POST` in includes/general.php on line 258 sys_get_param() returns tainted data, and `$value` is assigned in includes/general.php on line 266 sys_get_param_id() returns tainted data, and BuddyContainer::$buddy_id is assigned in includes/classes/Buddy/BuddyContainer.php on line 81 Tainted property BuddyContainer::$buddy_id is read in includes/classes/Buddy/BuddyModel.php on line 237 `$cBuddy->buddy_id` is passed to V2PropertyContainer::__set() in includes/classes/Buddy/BuddyModel.php on line -1 V2PropertyContainer::$accessors is assigned in includes/classes/V2PropertyContainer.php on line 55 Tainted property V2PropertyContainer::$accessors is read in includes/classes/V2PropertyContainer.php on line 57 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
58			} else {
59			$this->values[$name] = $value;
60			}
61			}
62
63			public function __get($name) {
64			if (is_callable($this->accessors[$name][P_CONTAINER_GETTER_PIMPLE])) {
65			return call_user_func($this->accessors[$name][P_CONTAINER_GETTER_PIMPLE], $this);
			0 ignored issues – show Security Code Execution introduced 2016-08-10 19:27 UTC by Report Bug Copy Issue Report `$this->accessors[$name][...ONTAINER_GETTER_PIMPLE]` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_POST` in includes/general.php on line 258 sys_get_param() returns tainted data, and `$value` is assigned in includes/general.php on line 266 sys_get_param_id() returns tainted data, and BuddyContainer::$buddy_id is assigned in includes/classes/Buddy/BuddyContainer.php on line 81 Tainted property BuddyContainer::$buddy_id is read in includes/classes/Buddy/BuddyModel.php on line 237 `$cBuddy->buddy_id` is passed to V2PropertyContainer::__set() in includes/classes/Buddy/BuddyModel.php on line -1 V2PropertyContainer::$accessors is assigned in includes/classes/V2PropertyContainer.php on line 55 Tainted property V2PropertyContainer::$accessors is read in includes/classes/V2PropertyContainer.php on line 65 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
66			} elseif (is_callable($this->accessors[$name][P_CONTAINER_GETTER])) {
67			return call_user_func($this->accessors[$name][P_CONTAINER_GETTER]);
			0 ignored issues – show Security Code Execution introduced 2016-08-10 19:27 UTC by Report Bug Copy Issue Report `$this->accessors[$name][P_CONTAINER_GETTER]` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_POST` in includes/general.php on line 258 sys_get_param() returns tainted data, and `$value` is assigned in includes/general.php on line 266 sys_get_param_id() returns tainted data, and BuddyContainer::$buddy_id is assigned in includes/classes/Buddy/BuddyContainer.php on line 81 Tainted property BuddyContainer::$buddy_id is read in includes/classes/Buddy/BuddyModel.php on line 237 `$cBuddy->buddy_id` is passed to V2PropertyContainer::__set() in includes/classes/Buddy/BuddyModel.php on line -1 V2PropertyContainer::$accessors is assigned in includes/classes/V2PropertyContainer.php on line 55 Tainted property V2PropertyContainer::$accessors is read in includes/classes/V2PropertyContainer.php on line 67 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
68			} else {
69			return $this->values[$name];
70			}
71			}
72
73			public function __isset($name) {
74			// TODO - or here already can isset($this->name) ????
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-08-10 19:27 UTC by Report Bug Copy Issue Report `42%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
75			$value = $this->$name;
76			return isset($value);
77			}
78
79			public function clearProperties() {
80			foreach ($this->properties as $propertyName => $propertyData) {
81			unset($this->values[$propertyName]);
82			}
83			}
84
85			}
86

supernova-ws / SuperNova

Push — work-fleets ( 867546...331178 )

V2PropertyContainer::__set() A

Complexity

Size

Duplication

Code Coverage

Importance

1 path for user data to reach this point

General Strategies to prevent injection

1 path for user data to reach this point

General Strategies to prevent injection

1 path for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like