Issues in DiffFinder.php (master) - Issues in master - templesofcode/codesanity - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/TemplesOfCode/CodeSanity/DiffFinder.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace TemplesOfCode\CodeSanity;

use Doctrine\Common\Collections\ArrayCollection;
use TemplesOfCode\CodeSanity\Location\LocalLocation;
use TemplesOfCode\CodeSanity\Location\RemoteLocation;

/**
 * Class DiffFinder
 * @package TemplesOfCode\CodeSanity
 */
class DiffFinder
{
    /**
     * @var string
     */
    protected static $localLocationPattern=<<<PATTERN
/(\/[A-Za-z0-9_\-\.]+)*\/?/
PATTERN;

    /**
     * todo: it'll do for now, but evolve it.
     * @var string
     */
    protected static $remoteLocationPattern = <<<REGEXP
/^\w+@([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|(\w+|\.)+)+\:(\/[A-Za-z0-9_\-\.]+)+\/?$/
REGEXP;

    /**
     * @var Location
     */
    protected $sourceOfTruth;

    /**
     * @var ArrayCollection
     */
    protected $targetLocations;

    /**
     * DiffFinder constructor.
     *
     * @param string|null $sourceLocation
     * @param ArrayCollection|null $targets
     */
    public function __construct($sourceLocation = null, ArrayCollection $targets = null)
    {

        $this->targetLocations = new ArrayCollection();
        if (!is_null($sourceLocation)) {
            $this->resolveSourceLocation($sourceLocation);
        }

        if (!is_null($targets) && !$targets->isEmpty()) {
            $this->resolveTargetLocations($targets);
        }
    }

    /**
     * @return ArrayCollection
     */
    public function getTargetLocations()
    {
        return $this->targetLocations;
    }

    /**
     * @param Location $targetLocation
     * @return $this
     */
    public function addTargetLocation(Location $targetLocation)
    {
        /**
         * @var bool $targetLocationPresents
         */
        $targetLocationPresent = $this
            ->targetLocations
            ->contains($targetLocation)
        ;

        if (!$targetLocationPresent) {
            $this->targetLocations->add($targetLocation);
        }

        return $this;
    }

    /**
     * @param Location $targetLocation
     * @return $this
     */
    public function removeTargetLocation(Location $targetLocation)
    {
        /**
         * @var bool $targetLocationPresent
         */
        $targetLocationPresent = $this
            ->targetLocations
            ->contains($targetLocation)
        ;

        if ($targetLocationPresent) {
            $this->targetLocations->removeElement($targetLocation);
        }

        return $this;
    }

    /**
     * @return Location
     */
    public function getSourceOfTruth()
    {
        return $this->sourceOfTruth;
    }

    /**
     * @param Location $sourceOfTruth
     * @return DiffFinder
     */
    public function setSourceOfTruth(Location $sourceOfTruth)
    {
        $this->sourceOfTruth = $sourceOfTruth;
        return $this;
    }

    /**
     * @return bool
     */
    protected function validateResources()
    {
        /**
         * @var bool $validSourceOfTruth
         */
        $validSourceOfTruth = $this->sourceOfTruth->isValid();
        if (!$validSourceOfTruth) {
            return false;
        }

        if ($this->targetLocations->isEmpty()) {
            return false;
        }

        /**
         * @var bool $validTargetLocations
         */
        $validTargetLocations = true;
        foreach ($this->targetLocations->toArray() as $location) {
            /**
             * @var Location $location
             */

            /**
             * @var bool $validTargetLocations
             */
            $validTargetLocations = $validTargetLocations && $location->isValid();
            if (!$validTargetLocations) {
                break;
            }
        }

        return $validTargetLocations;
    }

    /**
     * @return ArrayCollection
     * @throws \Exception
     */
    public function find()
    {
        /**
         * @var bool $resourcesValidated
         */
        $resourcesValidated = $this->validateResources();
        if (!$resourcesValidated) {
            throw new \Exception("Resources needed to find differences not complete");
        }

        $targetRosters = new ArrayCollection();
        foreach ($this->targetLocations as $location) {
            /**
             * @var Location $location
             */

            /**
             * @var Roster $targetRoster
             */
            $targetRoster = $location->buildRoster();
            $targetRosters->add($targetRoster);
        }

        /**
         * @var Roster $sotRoster
         */
        $sotRoster = $this->sourceOfTruth->buildRoster();

        $differences = $this->compareAllRosters($sotRoster, $targetRosters);
        return $differences;
    }

    /**
     * @param Roster $sotRoster
     * @param ArrayCollection $targetRosters
     * @return ArrayCollection
     */
    private function compareAllRosters(Roster $sotRoster, ArrayCollection $targetRosters)
    {
        $differences = new ArrayCollection();

        foreach ($targetRosters as $roster) {
            /**
             * @var ArrayCollection $differenceSet
             */
            $differenceSet = $this->compareRosters($sotRoster, $roster);
            if ($differenceSet->count()) {
                $differences->add($differenceSet);
            }
        }

        return $differences;
    }

    /**
     * @param Roster $sotRoster
     * @param Roster $targetRoster
     * @return ArrayCollection
     */
    private function compareRosters(Roster $sotRoster, Roster $targetRoster)
    {
        $differenceSet = new ArrayCollection();

        $processedItems = new ArrayCollection();

        foreach ($sotRoster->getRosterItems()->toArray() as  $fileName => $rosterItem) {

            $fileName = (string)$fileName;

            /**
             * @var RosterItem $rosterItem
             */

            if (!$targetRoster->getRosterItems()->containsKey($fileName)) {
                /**
                 * Target roster missing the source of truth roster item.
                 */
                $difference = new DiffItem();
                $difference->setSotRosterItem($rosterItem);
                $differenceSet->set($fileName, $difference);
                continue;
            }

            /**
             * @var RosterItem $targetItem
             */
            $targetItem = $targetRoster->getRosterItems()->get($fileName);

            /**
             * @var string $targetFilename
             */
            $targetFilename = $targetItem->getRelativeFileName();

            $processedItems->add($targetFilename);

            if ($rosterItem->getHash() == $targetItem->getHash()) {
                continue;
            }

            /**
             * Items differ
             */
            $difference = new DiffItem();
            $difference->setSotRosterItem($rosterItem);
            $difference->setTargetRosterItem($targetItem);
            $differenceSet->set($fileName, $difference);
        }

        /**
         * Find the items missing from source of truth.
         */
        foreach ($targetRoster->getRosterItems()->toArray() as $fileName => $rosterItem) {

            $fileName = (string)$fileName;
            if ($processedItems->contains($fileName)) {
                /**
                 * Already dealt with in previous loop
                 */
                continue;
            }

            /**
             * Source of truth roster missing the target roster item.
             */
            $difference = new DiffItem();
            $difference->setTargetRosterItem($rosterItem);
            $differenceSet->set($fileName, $difference);
        }

        return $differenceSet;
    }


    /**
     * @param string|null $source
     * @return bool
     */
    protected function resolveSourceLocation($source = null)
    {
        /**
         * @var Location $location
         */
        $location = $this->resolveLocation($source);

        if (!is_null($location)) {
            $this->setSourceOfTruth($location);
        }

        return true;
    }

    /**
     * @param ArrayCollection|null $targets
     * @return bool
     */
    protected function resolveTargetLocations(ArrayCollection  $targets = null)
    {
        foreach ($targets as $target) {
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
            /**
             * @var string $target
             * @var Location $location
             */
            $location = $this->resolveLocation($target);
            $this->addTargetLocation($location);
        }

        return true;
    }

    /**
     * @param string $location
     * @return  Location|null
     */
    protected function resolveLocation($location)
    {
        $resolvedLocation = null;

        $matches = array();
        if (preg_match(self::$remoteLocationPattern, $location, $matches)) {

            /**
             * @var array $boom1
             */
            $boom1 = explode('@', $location);

            /**
             * @var string $username
             */
            $username = $boom1[0];

            $boom2 = explode(':', $boom1[1]);


            /**
             * @var string $host
             */
            $host = $boom2[0];

            /**
             * @var string $directory
             */
            $directory = $boom2[1];

            /**
             * @var RemoteLocation $resolvedLocation
             */
            $resolvedLocation = $this->buildRemoteLocation($username, $host, $directory);
        }
        else if (preg_match(self::$localLocationPattern, $location)) {
            /**
             * @var LocalLocation $resolvedLocation
             */
            $resolvedLocation = $this->buildLocalLocation($location);
        }

        return $resolvedLocation;
    }

    /**
     *
     * todo: can this be static?
     *
     * @param string $username
     * @param string $host
     * @param string $directory
     * @return RemoteLocation
     */
    protected function buildRemoteLocation($username, $host, $directory)
    {
        $location = new RemoteLocation($directory);
        $options = array(
            'executable' => 'ssh',
            'host' => $host,
            'port' => 22,
            'username' => $username,
        );
        $connection = new RemoteConnection($options);
        $location->setRemoteConnection($connection);
        return $location;

    }

    /**
     * todo: can this be static?
     *
     * @param string $location
     * @return LocalLocation
     */
    protected function buildLocalLocation($location)
    {
        $location = new LocalLocation($location);
        return $location;
    }
}


1		<?php
2
3		namespace TemplesOfCode\CodeSanity;
4
5		use Doctrine\Common\Collections\ArrayCollection;
6		use TemplesOfCode\CodeSanity\Location\LocalLocation;
7		use TemplesOfCode\CodeSanity\Location\RemoteLocation;
8
9		/**
10		* Class DiffFinder
11		* @package TemplesOfCode\CodeSanity
12		*/
13		class DiffFinder
14		{
15		/**
16		* @var string
17		*/
18		protected static $localLocationPattern=<<<PATTERN
19		/(\/[A-Za-z0-9_\-\.]+)*\/?/
20		PATTERN;
21
22		/**
23		* todo: it'll do for now, but evolve it.
24		* @var string
25		*/
26		protected static $remoteLocationPattern = <<<REGEXP
27		/^\w+@([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\|(\w+\|\.)+)+\:(\/[A-Za-z0-9_\-\.]+)+\/?$/
28		REGEXP;
29
30		/**
31		* @var Location
32		*/
33		protected $sourceOfTruth;
34
35		/**
36		* @var ArrayCollection
37		*/
38		protected $targetLocations;
39
40		/**
41		* DiffFinder constructor.
42		*
43		* @param string\|null $sourceLocation
44		* @param ArrayCollection\|null $targets
45		*/
46	12	public function __construct($sourceLocation = null, ArrayCollection $targets = null)
47		{
48
49	12	$this->targetLocations = new ArrayCollection();
50	12	if (!is_null($sourceLocation)) {
51	1	$this->resolveSourceLocation($sourceLocation);
52	1	}
53
54	12	if (!is_null($targets) && !$targets->isEmpty()) {
55	1	$this->resolveTargetLocations($targets);
56	1	}
57	12	}
58
59		/**
60		* @return ArrayCollection
61		*/
62	3	public function getTargetLocations()
63		{
64	3	return $this->targetLocations;
65		}
66
67		/**
68		* @param Location $targetLocation
69		* @return $this
70		*/
71	10	public function addTargetLocation(Location $targetLocation)
72		{
73		/**
74		* @var bool $targetLocationPresents
75		*/
76	10	$targetLocationPresent = $this
77		->targetLocations
78	10	->contains($targetLocation)
79	10	;
80
81	10	if (!$targetLocationPresent) {
82	10	$this->targetLocations->add($targetLocation);
83	10	}
84
85	10	return $this;
86		}
87
88		/**
89		* @param Location $targetLocation
90		* @return $this
91		*/
92	2	public function removeTargetLocation(Location $targetLocation)
93		{
94		/**
95		* @var bool $targetLocationPresent
96		*/
97	2	$targetLocationPresent = $this
98		->targetLocations
99	2	->contains($targetLocation)
100	2	;
101
102	2	if ($targetLocationPresent) {
103	2	$this->targetLocations->removeElement($targetLocation);
104	2	}
105
106	2	return $this;
107		}
108
109		/**
110		* @return Location
111		*/
112	2	public function getSourceOfTruth()
113		{
114	2	return $this->sourceOfTruth;
115		}
116
117		/**
118		* @param Location $sourceOfTruth
119		* @return DiffFinder
120		*/
121	10	public function setSourceOfTruth(Location $sourceOfTruth)
122		{
123	10	$this->sourceOfTruth = $sourceOfTruth;
124	10	return $this;
125		}
126
127		/**
128		* @return bool
129		*/
130	1	protected function validateResources()
131		{
132		/**
133		* @var bool $validSourceOfTruth
134		*/
135	1	$validSourceOfTruth = $this->sourceOfTruth->isValid();
136	1	if (!$validSourceOfTruth) {
137	1	return false;
138		}
139
140	1	if ($this->targetLocations->isEmpty()) {
141	1	return false;
142		}
143
144		/**
145		* @var bool $validTargetLocations
146		*/
147	1	$validTargetLocations = true;
148	1	foreach ($this->targetLocations->toArray() as $location) {
149		/**
150		* @var Location $location
151		*/
152
153		/**
154		* @var bool $validTargetLocations
155		*/
156	1	$validTargetLocations = $validTargetLocations && $location->isValid();
157	1	if (!$validTargetLocations) {
158	1	break;
159	1	}
160	1	}
161
162	1	return $validTargetLocations;
163		}
164
165		/**
166		* @return ArrayCollection
167		* @throws \Exception
168		*/
169	8	public function find()
170		{
171		/**
172		* @var bool $resourcesValidated
173		*/
174	8	$resourcesValidated = $this->validateResources();
175	8	if (!$resourcesValidated) {
176	1	throw new \Exception("Resources needed to find differences not complete");
177		}
178
179	7	$targetRosters = new ArrayCollection();
180	7	foreach ($this->targetLocations as $location) {
181		/**
182		* @var Location $location
183		*/
184
185		/**
186		* @var Roster $targetRoster
187		*/
188	7	$targetRoster = $location->buildRoster();
189	7	$targetRosters->add($targetRoster);
190	7	}
191
192		/**
193		* @var Roster $sotRoster
194		*/
195	7	$sotRoster = $this->sourceOfTruth->buildRoster();
196
197	7	$differences = $this->compareAllRosters($sotRoster, $targetRosters);
198	7	return $differences;
199		}
200
201		/**
202		* @param Roster $sotRoster
203		* @param ArrayCollection $targetRosters
204		* @return ArrayCollection
205		*/
206	7	private function compareAllRosters(Roster $sotRoster, ArrayCollection $targetRosters)
207		{
208	7	$differences = new ArrayCollection();
209
210	7	foreach ($targetRosters as $roster) {
211		/**
212		* @var ArrayCollection $differenceSet
213		*/
214	7	$differenceSet = $this->compareRosters($sotRoster, $roster);
215	7	if ($differenceSet->count()) {
216	6	$differences->add($differenceSet);
217	6	}
218	7	}
219
220	7	return $differences;
221		}
222
223		/**
224		* @param Roster $sotRoster
225		* @param Roster $targetRoster
226		* @return ArrayCollection
227		*/
228	7	private function compareRosters(Roster $sotRoster, Roster $targetRoster)
229		{
230	7	$differenceSet = new ArrayCollection();
231
232	7	$processedItems = new ArrayCollection();
233
234	7	foreach ($sotRoster->getRosterItems()->toArray() as $fileName => $rosterItem) {
235
236	7	$fileName = (string)$fileName;
237
238		/**
239		* @var RosterItem $rosterItem
240		*/
241
242	7	if (!$targetRoster->getRosterItems()->containsKey($fileName)) {
243		/**
244		* Target roster missing the source of truth roster item.
245		*/
246	4	$difference = new DiffItem();
247	4	$difference->setSotRosterItem($rosterItem);
248	4	$differenceSet->set($fileName, $difference);
249	4	continue;
250		}
251
252		/**
253		* @var RosterItem $targetItem
254		*/
255	7	$targetItem = $targetRoster->getRosterItems()->get($fileName);
256
257		/**
258		* @var string $targetFilename
259		*/
260	7	$targetFilename = $targetItem->getRelativeFileName();
261
262	7	$processedItems->add($targetFilename);
263
264	7	if ($rosterItem->getHash() == $targetItem->getHash()) {
265	7	continue;
266		}
267
268		/**
269		* Items differ
270		*/
271	4	$difference = new DiffItem();
272	4	$difference->setSotRosterItem($rosterItem);
273	4	$difference->setTargetRosterItem($targetItem);
274	4	$differenceSet->set($fileName, $difference);
275	7	}
276
277		/**
278		* Find the items missing from source of truth.
279		*/
280	7	foreach ($targetRoster->getRosterItems()->toArray() as $fileName => $rosterItem) {
281
282	7	$fileName = (string)$fileName;
283	7	if ($processedItems->contains($fileName)) {
284		/**
285		* Already dealt with in previous loop
286		*/
287	7	continue;
288		}
289
290		/**
291		* Source of truth roster missing the target roster item.
292		*/
293	4	$difference = new DiffItem();
294	4	$difference->setTargetRosterItem($rosterItem);
295	4	$differenceSet->set($fileName, $difference);
296	7	}
297
298	7	return $differenceSet;
299		}
300
301
302		/**
303		* @param string\|null $source
304		* @return bool
305		*/
306	1	protected function resolveSourceLocation($source = null)
307		{
308		/**
309		* @var Location $location
310		*/
311	1	$location = $this->resolveLocation($source);
312
313	1	if (!is_null($location)) {
314	1	$this->setSourceOfTruth($location);
315	1	}
316
317	1	return true;
318		}
319
320		/**
321		* @param ArrayCollection\|null $targets
322		* @return bool
323		*/
324	1	protected function resolveTargetLocations(ArrayCollection $targets = null)
325		{
326	1	foreach ($targets as $target) {
		0 ignored issues – show Bug introduced 2016-09-06 06:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$targets` of type `null\|object<Doctrine\Com...ctions\ArrayCollection>` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
327		/**
328		* @var string $target
329		* @var Location $location
330		*/
331	1	$location = $this->resolveLocation($target);
332	1	$this->addTargetLocation($location);
333	1	}
334
335	1	return true;
336		}
337
338		/**
339		* @param string $location
340		* @return Location\|null
341		*/
342	1	protected function resolveLocation($location)
343		{
344	1	$resolvedLocation = null;
345
346	1	$matches = array();
347	1	if (preg_match(self::$remoteLocationPattern, $location, $matches)) {
348
349		/**
350		* @var array $boom1
351		*/
352	1	$boom1 = explode('@', $location);
353
354		/**
355		* @var string $username
356		*/
357	1	$username = $boom1[0];
358
359	1	$boom2 = explode(':', $boom1[1]);
360
361
362		/**
363		* @var string $host
364		*/
365	1	$host = $boom2[0];
366
367		/**
368		* @var string $directory
369		*/
370	1	$directory = $boom2[1];
371
372		/**
373		* @var RemoteLocation $resolvedLocation
374		*/
375	1	$resolvedLocation = $this->buildRemoteLocation($username, $host, $directory);
376	1	}
377	1	else if (preg_match(self::$localLocationPattern, $location)) {
378		/**
379		* @var LocalLocation $resolvedLocation
380		*/
381	1	$resolvedLocation = $this->buildLocalLocation($location);
382	1	}
383
384	1	return $resolvedLocation;
385		}
386
387		/**
388		*
389		* todo: can this be static?
390		*
391		* @param string $username
392		* @param string $host
393		* @param string $directory
394		* @return RemoteLocation
395		*/
396	1	protected function buildRemoteLocation($username, $host, $directory)
397		{
398	1	$location = new RemoteLocation($directory);
399		$options = array(
400	1	'executable' => 'ssh',
401	1	'host' => $host,
402	1	'port' => 22,
403	1	'username' => $username,
404	1	);
405	1	$connection = new RemoteConnection($options);
406	1	$location->setRemoteConnection($connection);
407	1	return $location;
408
409		}
410
411		/**
412		* todo: can this be static?
413		*
414		* @param string $location
415		* @return LocalLocation
416		*/
417	1	protected function buildLocalLocation($location)
418		{
419	1	$location = new LocalLocation($location);
420	1	return $location;
421		}
422		}
423

templesofcode / codesanity

Issues (1)

Security Analysis no request data

src/TemplesOfCode/CodeSanity/DiffFinder.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like