Issues in Client.php (1.1) - Issues in 1.1 - thecodingmachine/oo-amqp-client - Measure and Improve Code Quality continuously with Scrutinizer

Issues (16)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Client.php (2 issues)

Labels

Severity

David Négrier 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Mouf\AmqpClient;

use PhpAmqpLib\Connection\AbstractConnection;
use PhpAmqpLib\Connection\AMQPSocketConnection;
use PhpAmqpLib\Connection\AMQPStreamConnection;
use PhpAmqpLib\Channel\AMQPChannel;
use Mouf\AmqpClient\Exception\ConnectionException;
use PhpAmqpLib\Exception\AMQPIOException;

class Client
{
    /**
     * RabbitMq host.
     *
     * @var string
     */
    private $host;

    /**
     * RabbitMq port.
     *
     * @var string
     */
    private $port;

    /**
     * RabbitMq user.
     *
     * @var string
     */
    private $user;

    /**
     * RabbitMq password.
     *
     * @var string
     */
    private $password;

    /**
     * It's for QOS prefetch-size http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
     *
     * @var int
     */
    private $prefetchSize = null;

    /**
     * It's for QOS prefetch-count http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
     *
     * @var int
     */
    private $prefetchCount = null;

    /**
     * It's for QOS global http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
     *
     * @var int
     */
    private $aGlobal = null;

    /**
     * RabbitMq connection.
     *
     * @var AbstractConnection
     */
    private $connection = null;

    /**
     * RabbitMq channel.
     *
     * @var \AMQPChannel
     */
    private $channel = null;

    /**
     * List of RabbitMq object.
     *
     * @var RabbitMqObjectInterface[]
     */
    private $rabbitMqObjects = [];

    /**
     * RabbitMq virtual host
     *
     * @var string
     */
    private $vhost;

    /**
     * RabbitMq insist
     *
     * @var bool
     */
    private $insist;

    /**
     * RabbitMq login method
     *
     * @var string
     */
    private $login_method;

    /**
     * RabbitMq login response
     *
     * @var null
     */
    private $login_response;

    /**
     * RabbitMq locale
     *
     * @var string
     */
    private $locale;

    /**
     * RabbitMq connection timeout
     *
     * @var float
     */
    private $connection_timeout;

    /**
     * RabbitMq read write timeout
     *
     * @var float
     */
    private $read_write_timeout;

    /**
     * RabbitMq context
     *
     * @var null
     */
    private $context;

    /**
     * RabbitMq keep a live
     *
     * @var bool
     */
    private $keepalive;

    /**
     * RabbitMq heartbeat
     *
     * @var int
     */
    private $heartbeat;

    /**
     * Client constructor.
     * @param $host
     * @param $port
     * @param $user
     * @param $password
     * @param string $vhost
     * @param bool $insist
     * @param string $login_method
     * @param null $login_response
     * @param string $locale
     * @param float $connection_timeout
     * @param float $read_write_timeout
     * @param null $context
     * @param bool $keepalive
     * @param int $heartbeat
     */
    public function __construct(
        $host,
        $port,
        $user,
        $password,
        $vhost = '/',
        $insist = false,
        $login_method = 'AMQPLAIN',
        $login_response = null,
        $locale = 'en_US',
        $connection_timeout = 3.0,
        $read_write_timeout = 3.0,
        $context = null,
        $keepalive = false,
        $heartbeat = 0)
    {
        $this->host = $host;
        $this->port = ($port !== null) ? $port : 5672;
        $this->user = $user;
        $this->password = $password;
        $this->vhost = $vhost;
        $this->insist = $insist;
        $this->login_method = $login_method;
        $this->login_response = $login_response;
        $this->locale = $locale;
        $this->connection_timeout = $connection_timeout;
        $this->read_write_timeout = $read_write_timeout;
        $this->context = $context;
        $this->keepalive = $keepalive;
        $this->heartbeat = $heartbeat;
    }

    /**
     * Get prefetch size for QOS.
     */
    public function getPrefetchSize()
    {
        return $this->prefetchSize;
    }

    /**
     * Set prefetch size
     * It's for QOS prefetch-size http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
     *
     * @param int $prefetchSize
     * @return Client
     */
    public function setPrefetchSize($prefetchSize)
    {
        $this->prefetchSize = $prefetchSize;

        return $this;
    }

    /**
     * Get prefetch count for QOS.
     */
    public function getPrefetchCount()
    {
        return $this->prefetchCount;
    }

    /**
     * Set prefetch size
     * It's for QOS prefetch-size http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
     *
     * @param int $prefetchCount
     * @return Client
     */
    public function setPrefetchCount($prefetchCount)
    {
        $this->prefetchCount = $prefetchCount;

        return $this;
    }

    /**
     * Get a global for QOS.
     */
    public function getAGlobal()
    {
        return $this->aGlobal;
    }

    /**
     * Set global
     * It's for QOS prefetch-size http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
     *
     * @param int $aGlobal
     * @return Client
     */
    public function setAGlobal($aGlobal)
    {
        $this->aGlobal = $aGlobal;

        return $this;
    }

    /**
     * Set RabbitMq object.
     *
     * @param RabbitMqObjectInterface[] $rabbitMqObjects
     */
    public function setRabbitMqObjects(array $rabbitMqObjects)
    {
        $this->rabbitMqObjects = $rabbitMqObjects;
    }

    public function register(RabbitMqObjectInterface $object)
    {
        if (!in_array($object, $this->rabbitMqObjects, true)) {
            $this->rabbitMqObjects[] = $object;
        }
    }

    /**
     * Connection to the RabbitMq service with AMQPStreamConnection.
     *
     * @return AMQPChannel
     * @throws ConnectionException
     * @throws \ErrorException
     */
    public function getChannel()
    {
        if (!$this->connection) {
            try {
                if (function_exists('socket_create')) {
                    $this->connection = new AMQPStreamConnection(
                        $this->host,
                        $this->port,
                        $this->user,
                        $this->password,
                        $this->vhost,
                        $this->insist,
                        $this->login_method,
                        $this->login_response,
                        $this->locale,
                        $this->connection_timeout,
                        $this->read_write_timeout,
                        $this->context,
                        $this->keepalive ,
                        $this->heartbeat
                    );
                } else {
                    $this->connection = new AMQPStreamConnection(
                        $this->host,
                        $this->port,
                        $this->user,
                        $this->password,
                        $this->vhost,
                        $this->insist,
                        $this->login_method,
                        $this->login_response,
                        $this->locale,
                        $this->connection_timeout,
                        $this->read_write_timeout,
                        $this->context,
                        $this->keepalive ,
                        $this->heartbeat
                    );
                }
            } catch (\ErrorException $e) {
                /* We are trying to catch the exception when the connection if refused */
                if (preg_match("/.*unable to connect.*Connection refused.*/", $e->__toString())) {
                    throw new ConnectionException("Cannot create the connection", 404, $e);
                }
                throw $e;
            } catch (AMQPIOException $e) {
                throw new ConnectionException("Cannot create the connection", 404, $e);
            }
            $this->channel = $this->connection->channel();

            if ($this->prefetchSize !== null || $this->prefetchCount !== null || $this->aGlobal !== null) {
                $this->channel->basic_qos($this->prefetchSize, $this->prefetchCount, $this->aGlobal);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
            }

            foreach ($this->rabbitMqObjects as $rabbitMqObject) {
                $rabbitMqObject->init($this->channel);
            }
        }

        return $this->channel;

    }

    /**
     * Returns the list of registered queues.
     *
     * @return QueueInterface[]
     */
    public function getQueues()
    {
        return array_filter($this->rabbitMqObjects, function (RabbitMqObjectInterface $object) {
            return $object instanceof QueueInterface;
        });
    }
}


1			<?php
2
3			namespace Mouf\AmqpClient;
4
5			use PhpAmqpLib\Connection\AbstractConnection;
6			use PhpAmqpLib\Connection\AMQPSocketConnection;
7			use PhpAmqpLib\Connection\AMQPStreamConnection;
8			use PhpAmqpLib\Channel\AMQPChannel;
9			use Mouf\AmqpClient\Exception\ConnectionException;
10			use PhpAmqpLib\Exception\AMQPIOException;
11
12			class Client
13			{
14			/**
15			* RabbitMq host.
16			*
17			* @var string
18			*/
19			private $host;
20
21			/**
22			* RabbitMq port.
23			*
24			* @var string
25			*/
26			private $port;
27
28			/**
29			* RabbitMq user.
30			*
31			* @var string
32			*/
33			private $user;
34
35			/**
36			* RabbitMq password.
37			*
38			* @var string
39			*/
40			private $password;
41
42			/**
43			* It's for QOS prefetch-size http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
44			*
45			* @var int
46			*/
47			private $prefetchSize = null;
48
49			/**
50			* It's for QOS prefetch-count http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
51			*
52			* @var int
53			*/
54			private $prefetchCount = null;
55
56			/**
57			* It's for QOS global http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
58			*
59			* @var int
60			*/
61			private $aGlobal = null;
62
63			/**
64			* RabbitMq connection.
65			*
66			* @var AbstractConnection
67			*/
68			private $connection = null;
69
70			/**
71			* RabbitMq channel.
72			*
73			* @var \AMQPChannel
74			*/
75			private $channel = null;
76
77			/**
78			* List of RabbitMq object.
79			*
80			* @var RabbitMqObjectInterface[]
81			*/
82			private $rabbitMqObjects = [];
83
84			/**
85			* RabbitMq virtual host
86			*
87			* @var string
88			*/
89			private $vhost;
90
91			/**
92			* RabbitMq insist
93			*
94			* @var bool
95			*/
96			private $insist;
97
98			/**
99			* RabbitMq login method
100			*
101			* @var string
102			*/
103			private $login_method;
104
105			/**
106			* RabbitMq login response
107			*
108			* @var null
109			*/
110			private $login_response;
111
112			/**
113			* RabbitMq locale
114			*
115			* @var string
116			*/
117			private $locale;
118
119			/**
120			* RabbitMq connection timeout
121			*
122			* @var float
123			*/
124			private $connection_timeout;
125
126			/**
127			* RabbitMq read write timeout
128			*
129			* @var float
130			*/
131			private $read_write_timeout;
132
133			/**
134			* RabbitMq context
135			*
136			* @var null
137			*/
138			private $context;
139
140			/**
141			* RabbitMq keep a live
142			*
143			* @var bool
144			*/
145			private $keepalive;
146
147			/**
148			* RabbitMq heartbeat
149			*
150			* @var int
151			*/
152			private $heartbeat;
153
154			/**
155			* Client constructor.
156			* @param $host
157			* @param $port
158			* @param $user
159			* @param $password
160			* @param string $vhost
161			* @param bool $insist
162			* @param string $login_method
163			* @param null $login_response
164			* @param string $locale
165			* @param float $connection_timeout
166			* @param float $read_write_timeout
167			* @param null $context
168			* @param bool $keepalive
169			* @param int $heartbeat
170			*/
171			public function __construct(
172			$host,
173			$port,
174			$user,
175			$password,
176			$vhost = '/',
177			$insist = false,
178			$login_method = 'AMQPLAIN',
179			$login_response = null,
180			$locale = 'en_US',
181			$connection_timeout = 3.0,
182			$read_write_timeout = 3.0,
183			$context = null,
184			$keepalive = false,
185			$heartbeat = 0)
186			{
187			$this->host = $host;
188			$this->port = ($port !== null) ? $port : 5672;
189			$this->user = $user;
190			$this->password = $password;
191			$this->vhost = $vhost;
192			$this->insist = $insist;
193			$this->login_method = $login_method;
194			$this->login_response = $login_response;
195			$this->locale = $locale;
196			$this->connection_timeout = $connection_timeout;
197			$this->read_write_timeout = $read_write_timeout;
198			$this->context = $context;
199			$this->keepalive = $keepalive;
200			$this->heartbeat = $heartbeat;
201			}
202
203			/**
204			* Get prefetch size for QOS.
205			*/
206			public function getPrefetchSize()
207			{
208			return $this->prefetchSize;
209			}
210
211			/**
212			* Set prefetch size
213			* It's for QOS prefetch-size http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
214			*
215			* @param int $prefetchSize
216			* @return Client
217			*/
218			public function setPrefetchSize($prefetchSize)
219			{
220			$this->prefetchSize = $prefetchSize;
221
222			return $this;
223			}
224
225			/**
226			* Get prefetch count for QOS.
227			*/
228			public function getPrefetchCount()
229			{
230			return $this->prefetchCount;
231			}
232
233			/**
234			* Set prefetch size
235			* It's for QOS prefetch-size http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
236			*
237			* @param int $prefetchCount
238			* @return Client
239			*/
240			public function setPrefetchCount($prefetchCount)
241			{
242			$this->prefetchCount = $prefetchCount;
243
244			return $this;
245			}
246
247			/**
248			* Get a global for QOS.
249			*/
250			public function getAGlobal()
251			{
252			return $this->aGlobal;
253			}
254
255			/**
256			* Set global
257			* It's for QOS prefetch-size http://www.rabbitmq.com/amqp-0-9-1-reference.html#basic.qos.
258			*
259			* @param int $aGlobal
260			* @return Client
261			*/
262			public function setAGlobal($aGlobal)
263			{
264			$this->aGlobal = $aGlobal;
265
266			return $this;
267			}
268
269			/**
270			* Set RabbitMq object.
271			*
272			* @param RabbitMqObjectInterface[] $rabbitMqObjects
273			*/
274			public function setRabbitMqObjects(array $rabbitMqObjects)
275			{
276			$this->rabbitMqObjects = $rabbitMqObjects;
277			}
278
279			public function register(RabbitMqObjectInterface $object)
280			{
281			if (!in_array($object, $this->rabbitMqObjects, true)) {
282			$this->rabbitMqObjects[] = $object;
283			}
284			}
285
286			/**
287			* Connection to the RabbitMq service with AMQPStreamConnection.
288			*
289			* @return AMQPChannel
290			* @throws ConnectionException
291			* @throws \ErrorException
292			*/
293			public function getChannel()
294			{
295			if (!$this->connection) {
296			try {
297			if (function_exists('socket_create')) {
298			$this->connection = new AMQPStreamConnection(
299			$this->host,
300			$this->port,
301			$this->user,
302			$this->password,
303			$this->vhost,
304			$this->insist,
305			$this->login_method,
306			$this->login_response,
307			$this->locale,
308			$this->connection_timeout,
309			$this->read_write_timeout,
310			$this->context,
311			$this->keepalive ,
312			$this->heartbeat
313			);
314			} else {
315			$this->connection = new AMQPStreamConnection(
316			$this->host,
317			$this->port,
318			$this->user,
319			$this->password,
320			$this->vhost,
321			$this->insist,
322			$this->login_method,
323			$this->login_response,
324			$this->locale,
325			$this->connection_timeout,
326			$this->read_write_timeout,
327			$this->context,
328			$this->keepalive ,
329			$this->heartbeat
330			);
331			}
332			} catch (\ErrorException $e) {
333			/* We are trying to catch the exception when the connection if refused */
334			if (preg_match("/.unable to connect.Connection refused.*/", $e->__toString())) {
335			throw new ConnectionException("Cannot create the connection", 404, $e);
336			}
337			throw $e;
338			} catch (AMQPIOException $e) {
339			throw new ConnectionException("Cannot create the connection", 404, $e);
340			}
341			$this->channel = $this->connection->channel();
342
343			if ($this->prefetchSize !== null \|\| $this->prefetchCount !== null \|\| $this->aGlobal !== null) {
344			$this->channel->basic_qos($this->prefetchSize, $this->prefetchCount, $this->aGlobal);
			0 ignored issues – show Documentation introduced 2016-07-07 16:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this->aGlobal` is of type `integer`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
345			}
346
347			foreach ($this->rabbitMqObjects as $rabbitMqObject) {
348			$rabbitMqObject->init($this->channel);
349			}
350			}
351
352			return $this->channel;
			0 ignored issues – show Bug Compatibility introduced 2016-07-07 13:54 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->channel;` of type `PhpAmqpLib\Channel\AMQPChannel\|AMQPChannel` adds the type `AMQPChannel` to the return on line 352 which is incompatible with the return type documented by `Mouf\AmqpClient\Client::getChannel` of type `PhpAmqpLib\Channel\AMQPChannel`. Loading history...
353			}
354
355			/**
356			* Returns the list of registered queues.
357			*
358			* @return QueueInterface[]
359			*/
360			public function getQueues()
361			{
362			return array_filter($this->rabbitMqObjects, function (RabbitMqObjectInterface $object) {
363			return $object instanceof QueueInterface;
364			});
365			}
366			}
367

thecodingmachine / oo-amqp-client

Issues (16)

Security Analysis no request data

src/Client.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like