Issues in Excel.php (master) - Issues in master - symball/report - Measure and Improve Code Quality continuously with Scrutinizer

Issues (38)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Service/Excel.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the ReportBundle package
 *
 * (c) symball <http://simonball.me>
 *
 * For the full copyright and license information, please view the LICENSE file
 * that was distributed with this source code.
 */

namespace Symball\ReportBundle\Service;

use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\HttpFoundation\File\File;

/**
 * The Excel service handles the start and end of spreadsheet creation
 *
 * @author Simon Ball <simonball at simonball dot me>
 */
class Excel
{
    /* @var $excelFactoryNameSpace Namespace PHPExcel Factory IO */
    private $excelFactoryNameSpace;

    /* @var $excelObject PHPExcel */
    private $excelObject;


    private $numberOfSheets = 0;
    protected $currentSheetTitle;

    private $sheet;

    private $reportPath;

    private $outputFormat;

    /**
     *
     * @param string $defaultReportPath
     * @param string $excelFactoryNameSpace
     * @param string $outputFormat
     */
    public function __construct(
        $defaultReportPath = '',
        $excelFactoryNameSpace = '\PHPExcel_IOFactory',
        $outputFormat = 'Excel2007'
    ) {
        if ($defaultReportPath) {
            $this->setReportPath($defaultReportPath);
        }
        $this->excelFactoryNameSpace = $excelFactoryNameSpace;
        $this->setOutputFormat($outputFormat);
    }

    /**
     * Initiate a PHP Excel object
     *
     * @return $this
     */
    public function createExcelObject()
    {
        $this->excelObject = new \PHPExcel();

        return $this;
    }

    /**
     * Create a new sheet within the excel object and ready the service for it.
     * This in essence resets most things so make sure you have finished working
     * on your sheet before creating another.
     *
     * @param string $title The name of the sheet
     *
     * @return [type] [description]

     */
    public function newSheet($title = '')
    {
        if (!$this->excelObject) {
            $this->createExcelObject();
        }
        ++$this->numberOfSheets;

        // If there is already the default initiated sheet, create new sheet
        if ($this->numberOfSheets > 0) {
            $this->excelObject->createSheet($this->numberOfSheets);
        }

        // Has a title been set
        if (!$title) {
            $title = 'sheet-' . $this->numberOfSheets;
        }
        $this->setCurrentSheetTitle($title);

        $this->sheet = $this->excelObject->setActiveSheetIndex($this->numberOfSheets);
        $this->sheet->setTitle($title);

        return $this->sheet;
    }

    /**
     * Use the PHPExcel factory writer and output the current excel object in to
     * a file
     *
     * @param string $fileName
     * @param string $path
     * @param string $outputFormat
     * @return File
     * @throws \Exception When trying to use on the fly unsupported output format
     */
    public function save($fileName, $path = '', $outputFormat = '')
    {

        // If the user is trying to specify file format themself, check it is
        // usable
        if ($outputFormat) {
            if ($this->checkOutputFormat($outputFormat) === false) {
                throw new \Exception('Output format not supported: ' . $outputFormat);
            }
        } else {
            $outputFormat = $this->getOutputFormat();
        }

        $writer = call_user_func(
            $this->excelFactoryNameSpace . '::createWriter',
            $this->excelObject,
            $outputFormat
        );

        if (!$path) {
            $path = $this->reportPath;
        }

        $filePath = $path . '/' . $fileName;

        $writer->save($filePath);
        $file = new File($filePath);

        return $file;
    }

    /**
     * Set a file path where the saved report will be output to.
     *
     * @param string  $path
     * @param boolean $createPath
     * @throws \Exception
     */
    public function setReportPath($path, $createPath = true)
    {
        // TODO Remove reliance on concrete Symfony file class and use interface
        $fileSystem = new Filesystem();
        if (!$fileSystem->exists($path)) {
            if ($createPath) {
                $fileSystem->mkdir($path);
            } else {
                throw new \Exception('Report path does not exist: ' . $path);
            }
        }
        $this->reportPath = $path;
    }

    /**
     * Set the "excel type" that will PHPExcel will output
     * Excel2007 / Excel5 / Excel2003XML / SYLK / OOCalc / CSV / HTML.
     *
     * @param string $format [description]
     */
    public function setOutputFormat($format)
    {

        // TODO - After converting to facade, add check supported type function
        // Check that it is one of the accepted types
        if ($this->checkOutputFormat($format) === false) {
            throw new \Exception('Output format not supported: ' . $format);
        }

        $this->outputFormat = $format;
    }

    /**
     * @return string
     */
    public function getCurrentSheetTitle()
    {
        return $this->currentSheetTitle;
    }

    /**
     * @return integer
     */
    public function getNumberOfSheets()
    {
        return $this->numberOfSheets;
    }

    /**
     * @return \PHPExcel
     */
    public function getExcelObject()
    {
        return $this->excelObject;
    }

    /**
     * @return string
     */
    public function getReportPath()
    {
        return $this->reportPath;
    }

    /**
     * @return string
     */
    public function getOutputFormat()
    {
        return $this->outputFormat;
    }

    /**
     * Take a given format and check whether it is compatible with what PHPExcel
     * is able to export
     *
     * @param string $format
     * @return boolean|null
     */
    public function checkOutputFormat($format)
    {
        $supportedTypes = [
            'Excel2007',
            'Excel5',
            'Excel2003XML',
            'SYLK',
            'OOCalc',
            'CSV',
            'HTML',
        ];

        if (in_array($format, $supportedTypes)) {
            return true;
        }
    }

    /**
     * @param string $title
     */
    protected function setCurrentSheetTitle($title)
    {
        $this->currentSheetTitle = $title;
    }
}


1			<?php
2
3			/*
4			* This file is part of the ReportBundle package
5			*
6			* (c) symball <http://simonball.me>
7			*
8			* For the full copyright and license information, please view the LICENSE file
9			* that was distributed with this source code.
10			*/
11
12			namespace Symball\ReportBundle\Service;
13
14			use Symfony\Component\Filesystem\Filesystem;
15			use Symfony\Component\HttpFoundation\File\File;
16
17			/**
18			* The Excel service handles the start and end of spreadsheet creation
19			*
20			* @author Simon Ball <simonball at simonball dot me>
21			*/
22			class Excel
23			{
24			/* @var $excelFactoryNameSpace Namespace PHPExcel Factory IO */
25			private $excelFactoryNameSpace;
26
27			/* @var $excelObject PHPExcel */
28			private $excelObject;
29
30
31			private $numberOfSheets = 0;
32			protected $currentSheetTitle;
33
34			private $sheet;
35
36			private $reportPath;
37
38			private $outputFormat;
39
40			/**
41			*
42			* @param string $defaultReportPath
43			* @param string $excelFactoryNameSpace
44			* @param string $outputFormat
45			*/
46			public function __construct(
47			$defaultReportPath = '',
48			$excelFactoryNameSpace = '\PHPExcel_IOFactory',
49			$outputFormat = 'Excel2007'
50			) {
51			if ($defaultReportPath) {
52			$this->setReportPath($defaultReportPath);
53			}
54			$this->excelFactoryNameSpace = $excelFactoryNameSpace;
55			$this->setOutputFormat($outputFormat);
56			}
57
58			/**
59			* Initiate a PHP Excel object
60			*
61			* @return $this
62			*/
63			public function createExcelObject()
64			{
65			$this->excelObject = new \PHPExcel();
66
67			return $this;
68			}
69
70			/**
71			* Create a new sheet within the excel object and ready the service for it.
72			* This in essence resets most things so make sure you have finished working
73			* on your sheet before creating another.
74			*
75			* @param string $title The name of the sheet
76			*
77			* @return [type] [description]
			0 ignored issues – show Documentation introduced 2017-06-23 01:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `[type]` could not be parsed: Unknown type name "" at position 0. [(view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
78			*/
79			public function newSheet($title = '')
80			{
81			if (!$this->excelObject) {
82			$this->createExcelObject();
83			}
84			++$this->numberOfSheets;
85
86			// If there is already the default initiated sheet, create new sheet
87			if ($this->numberOfSheets > 0) {
88			$this->excelObject->createSheet($this->numberOfSheets);
89			}
90
91			// Has a title been set
92			if (!$title) {
93			$title = 'sheet-' . $this->numberOfSheets;
94			}
95			$this->setCurrentSheetTitle($title);
96
97			$this->sheet = $this->excelObject->setActiveSheetIndex($this->numberOfSheets);
98			$this->sheet->setTitle($title);
99
100			return $this->sheet;
101			}
102
103			/**
104			* Use the PHPExcel factory writer and output the current excel object in to
105			* a file
106			*
107			* @param string $fileName
108			* @param string $path
109			* @param string $outputFormat
110			* @return File
111			* @throws \Exception When trying to use on the fly unsupported output format
112			*/
113			public function save($fileName, $path = '', $outputFormat = '')
114			{
115
116			// If the user is trying to specify file format themself, check it is
117			// usable
118			if ($outputFormat) {
119			if ($this->checkOutputFormat($outputFormat) === false) {
120			throw new \Exception('Output format not supported: ' . $outputFormat);
121			}
122			} else {
123			$outputFormat = $this->getOutputFormat();
124			}
125
126			$writer = call_user_func(
127			$this->excelFactoryNameSpace . '::createWriter',
128			$this->excelObject,
129			$outputFormat
130			);
131
132			if (!$path) {
133			$path = $this->reportPath;
134			}
135
136			$filePath = $path . '/' . $fileName;
137
138			$writer->save($filePath);
139			$file = new File($filePath);
140
141			return $file;
142			}
143
144			/**
145			* Set a file path where the saved report will be output to.
146			*
147			* @param string $path
148			* @param boolean $createPath
149			* @throws \Exception
150			*/
151			public function setReportPath($path, $createPath = true)
152			{
153			// TODO Remove reliance on concrete Symfony file class and use interface
154			$fileSystem = new Filesystem();
155			if (!$fileSystem->exists($path)) {
156			if ($createPath) {
157			$fileSystem->mkdir($path);
158			} else {
159			throw new \Exception('Report path does not exist: ' . $path);
160			}
161			}
162			$this->reportPath = $path;
163			}
164
165			/**
166			* Set the "excel type" that will PHPExcel will output
167			* Excel2007 / Excel5 / Excel2003XML / SYLK / OOCalc / CSV / HTML.
168			*
169			* @param string $format [description]
170			*/
171			public function setOutputFormat($format)
172			{
173
174			// TODO - After converting to facade, add check supported type function
175			// Check that it is one of the accepted types
176			if ($this->checkOutputFormat($format) === false) {
177			throw new \Exception('Output format not supported: ' . $format);
178			}
179
180			$this->outputFormat = $format;
181			}
182
183			/**
184			* @return string
185			*/
186			public function getCurrentSheetTitle()
187			{
188			return $this->currentSheetTitle;
189			}
190
191			/**
192			* @return integer
193			*/
194			public function getNumberOfSheets()
195			{
196			return $this->numberOfSheets;
197			}
198
199			/**
200			* @return \PHPExcel
201			*/
202			public function getExcelObject()
203			{
204			return $this->excelObject;
205			}
206
207			/**
208			* @return string
209			*/
210			public function getReportPath()
211			{
212			return $this->reportPath;
213			}
214
215			/**
216			* @return string
217			*/
218			public function getOutputFormat()
219			{
220			return $this->outputFormat;
221			}
222
223			/**
224			* Take a given format and check whether it is compatible with what PHPExcel
225			* is able to export
226			*
227			* @param string $format
228			* @return boolean\|null
229			*/
230			public function checkOutputFormat($format)
231			{
232			$supportedTypes = [
233			'Excel2007',
234			'Excel5',
235			'Excel2003XML',
236			'SYLK',
237			'OOCalc',
238			'CSV',
239			'HTML',
240			];
241
242			if (in_array($format, $supportedTypes)) {
243			return true;
244			}
245			}
246
247			/**
248			* @param string $title
249			*/
250			protected function setCurrentSheetTitle($title)
251			{
252			$this->currentSheetTitle = $title;
253			}
254			}
255

symball / report

Issues (38)

Security Analysis no request data

Service/Excel.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like