Issues in YamlDefinitionLoader.php (1.0) - Issues in 1.0 - thecodingmachine/yaml-definition-loader - Measure and Improve Code Quality continuously with Scrutinizer

Issues (8)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/YamlDefinitionLoader.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace TheCodingMachine\Definition;

use Assembly\FactoryCallDefinition;
use Assembly\ObjectDefinition;
use Assembly\ParameterDefinition;
use Assembly\Reference;
use Interop\Container\Definition\DefinitionInterface;
use Interop\Container\Definition\DefinitionProviderInterface;
use Symfony\Component\Yaml\Exception\ParseException;
use Symfony\Component\Yaml\Parser;
use TheCodingMachine\Definition\Exception\FileNotFoundException;
use TheCodingMachine\Definition\Exception\InvalidArgumentException;

class YamlDefinitionLoader implements DefinitionProviderInterface
{
    /**
     * The name of the YAML file to be loaded.
     *
     * @var string
     */
    private $fileName;

    public function __construct($fileName)
    {
        $this->fileName = $fileName;
    }

    /**
     * Returns the definition to register in the container.
     *
     * @return DefinitionInterface[]
     */
    public function getDefinitions()
    {
        $content = $this->loadFile($this->fileName);

        // empty file
        if (null === $content) {
            return [];
        }

        // imports
        $definitions = $this->parseImports($content);

        // parameters
        if (isset($content['parameters'])) {
            if (!is_array($content['parameters'])) {
                throw new InvalidArgumentException(sprintf('The "parameters" key should contain an array in %s. Check your YAML syntax.', $this->fileName));
            }

            foreach ($content['parameters'] as $key => $value) {
                $definitions[$key] = new ParameterDefinition($value);
                //$this->container->setParameter($key, $this->resolveServices($value));
            }
        }

        // services
        $serviceDefinitions = $this->parseDefinitions($content);
        $definitions = $definitions + $serviceDefinitions;

        return $definitions;
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
    }

    /**
     * Parses all imports.
     *
     * @param array $content
     * @param $content
     *
     * @return DefinitionInterface[]
     */
    private function parseImports($content)
    {
        if (!isset($content['imports'])) {
            return [];
        }

        if (!is_array($content['imports'])) {
            throw new InvalidArgumentException(sprintf('The "imports" key should contain an array in %s. Check your YAML syntax.', $this->fileName));
        }

        $additionalDefinitions = [];

        foreach ($content['imports'] as $import) {
            if (!is_array($import)) {
                throw new InvalidArgumentException(sprintf('The values in the "imports" key should be arrays in %s. Check your YAML syntax.', $this->fileName));
            }

            if (isset($import['ignore_errors'])) {
                throw new InvalidArgumentException(sprintf('The "ignore_errors" key is not supported in YamlDefinitionLoader. This is a Symfony specific syntax. Check your YAML syntax.', $this->fileName));
            }

            $importFileName = $import['resource'];

            if (strpos($importFileName, '/') !== 0) {
                $importFileName = dirname($this->fileName).'/'.$importFileName;
            }

            $yamlDefinitionLoader = new self($importFileName);
            $newDefinitions = $yamlDefinitionLoader->getDefinitions();

            $additionalDefinitions = $newDefinitions + $additionalDefinitions;
        }

        return $additionalDefinitions;
    }

    /**
     * Parses definitions.
     *
     * @param array $content
     *
     * @return DefinitionInterface[]
     */
    private function parseDefinitions($content)
    {
        if (!isset($content['services'])) {
            return [];
        }

        if (!is_array($content['services'])) {
            throw new InvalidArgumentException(sprintf('The "services" key should contain an array in %s. Check your YAML syntax.', $this->fileName));
        }

        $definitions = [];

        foreach ($content['services'] as $id => $service) {
            $definitions[$id] = $this->parseDefinition($id, $service);
        }

        return $definitions;
    }

    /**
     * Parses a definition.
     *
     * @param string $id
     * @param array  $service
     *
     * @return DefinitionInterface
     *
     * @throws InvalidArgumentException When tags are invalid
     */
    private function parseDefinition($id, $service)
    {
        if (is_string($service) && 0 === strpos($service, '@')) {
            return new Reference(substr($service, 1));
        }

        if (!is_array($service)) {
            throw new InvalidArgumentException(sprintf('A service definition must be an array or a string starting with "@" but %s found for service "%s" in %s. Check your YAML syntax.', gettype($service), $id, $this->fileName));
        }

        if (isset($service['alias'])) {
            if (isset($service['public'])) {
                throw new InvalidArgumentException('The "public" key is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
            }

            return new Reference($service['alias']);
        }

        if (isset($service['parent'])) {
            throw new InvalidArgumentException('Definition decorators via the "parent" key are not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        $definition = null;

        if (isset($service['class'])) {
            $definition = new ObjectDefinition($service['class']);

            if (isset($service['arguments'])) {
                $arguments = $this->resolveServices($service['arguments']);
                foreach ($arguments as $argument) {
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
                    $definition->addConstructorArgument($argument);
                }
            }

            if (isset($service['properties'])) {
                $properties = $this->resolveServices($service['properties']);
                foreach ($properties as $name => $property) {
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
                    $definition->addPropertyAssignment($name, $property);
                }
            }

            if (isset($service['calls'])) {
                if (!is_array($service['calls'])) {
                    throw new InvalidArgumentException(sprintf('Parameter "calls" must be an array for service "%s" in %s. Check your YAML syntax.', $id, $this->fileName));
                }

                foreach ($service['calls'] as $call) {
                    if (isset($call['method'])) {
                        $method = $call['method'];
                        $args = isset($call['arguments']) ? $this->resolveServices($call['arguments']) : array();
                    } else {
                        $method = $call[0];
                        $args = isset($call[1]) ? $this->resolveServices($call[1]) : array();
                    }

                    array_unshift($args, $method);
                    call_user_func_array([$definition, 'addMethodCall'], $args);
                }
            }
        }

        if (isset($service['factory'])) {
            if (is_string($service['factory'])) {
                if (strpos($service['factory'], ':') !== false && strpos($service['factory'], '::') === false) {
                    $parts = explode(':', $service['factory']);
                    $definition = new FactoryCallDefinition($this->resolveServices('@'.$parts[0]), $parts[1]);
                } elseif (strpos($service['factory'], ':') !== false && strpos($service['factory'], '::') !== false) {
                    $parts = explode('::', $service['factory']);
                    $definition = new FactoryCallDefinition($parts[0], $parts[1]);
                } else {
                    throw new InvalidArgumentException('A "factory" must be in the format "service_name:method_name" or "class_name::method_name".Got "'.$service['factory'].'"');
                }
            } else {
                $definition = new FactoryCallDefinition($this->resolveServices($service['factory'][0]), $service['factory'][1]);
            }

            if (isset($service['arguments'])) {
                $arguments = $this->resolveServices($service['arguments']);
                call_user_func_array([$definition, 'setArguments'], $arguments);
            }
        }

        if (isset($service['shared'])) {
            throw new InvalidArgumentException('The "shared" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['synthetic'])) {
            throw new InvalidArgumentException('The "synthetic" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['lazy'])) {
            throw new InvalidArgumentException('The "lazy" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['public'])) {
            // TODO: add support for private services => mapping to nested definitions
            throw new InvalidArgumentException('The "public" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['abstract'])) {
            throw new InvalidArgumentException('The "abstract" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (array_key_exists('deprecated', $service)) {
            throw new InvalidArgumentException('The "deprecated" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['file'])) {
            throw new InvalidArgumentException('The "file" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['configurator'])) {
            throw new InvalidArgumentException('The "configurator" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['tags'])) {
            throw new InvalidArgumentException('The "tags" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['decorates'])) {
            throw new InvalidArgumentException('The "decorates" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['autowire'])) {
            throw new InvalidArgumentException('The "autowire" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if (isset($service['autowiring_types'])) {
            throw new InvalidArgumentException('The "autowiring_types" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        }

        if ($definition === null) {
            throw new InvalidArgumentException(sprintf('Invalid service declaration for "%s" (in %s). You should specify at least a "class", "alias" or "factory" key.', $id, $this->fileName));
        }

        return $definition;
    }

    /**
     * Loads a YAML file.
     *
     * @param string $file
     *
     * @return array The file content
     *
     * @throws InvalidArgumentException when the given file is not a local file or when it does not exist
     */
    protected function loadFile($file)
    {
        if (!stream_is_local($file)) {
            throw new InvalidArgumentException(sprintf('This is not a local file "%s".', $file));
        }

        if (!is_readable($file)) {
            throw new FileNotFoundException(sprintf('The file "%s" does not exist or is not readable.', $file));
        }

        $yamlParser = new Parser();

        try {
            $configuration = $yamlParser->parse(file_get_contents($file));
        } catch (ParseException $e) {
            throw new InvalidArgumentException(sprintf('The file "%s" does not contain valid YAML.', $file), 0, $e);
        }

        return $this->validate($configuration, $file);
    }

    /**
     * Validates a YAML file.
     *
     * @param mixed  $content
     * @param string $file
     *
     * @return array
     *
     * @throws InvalidArgumentException When service file is not valid
     */
    private function validate($content, $file)
    {
        if (null === $content) {
            return $content;
        }

        if (!is_array($content)) {
            throw new InvalidArgumentException(sprintf('The service file "%s" is not valid. It should contain an array. Check your YAML syntax.', $file));
        }

        foreach ($content as $namespace => $data) {
            if (in_array($namespace, array('imports', 'parameters', 'services'))) {
                continue;
            }

            throw new InvalidArgumentException(sprintf(
                'Cannot load the configuration for file "%s". Unexpected "%s" key. Expecting one of "imports", "parameters", "services".',
                $file,
                $namespace
            ));
        }

        return $content;
    }

    /**
     * Resolves services.
     *
     * @param string|array $value
     *
     * @return array|string|Reference
     */
    private function resolveServices($value)
    {
        if (is_array($value)) {
            return array_map(array($this, 'resolveServices'), $value);
        } elseif (is_string($value) &&  0 === strpos($value, '@=')) {
            throw new InvalidArgumentException('Expressions (starting by "@=") are not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
        } elseif (is_string($value) &&  0 === strpos($value, '@')) {
            if (0 === strpos($value, '@@')) {
                return substr($value, 1);
            } elseif (0 === strpos($value, '@?')) {
                throw new InvalidArgumentException('Optional services (starting by "@?") are not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
            } else {
                $value = substr($value, 1);
                if ('=' === substr($value, -1)) {
                    throw new InvalidArgumentException('Non-strict services (ending with "=") are not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
                } else {
                }

                return new Reference($value);
            }
        } else {
            return $value;
        }
    }
}


1		<?php
2
3		namespace TheCodingMachine\Definition;
4
5		use Assembly\FactoryCallDefinition;
6		use Assembly\ObjectDefinition;
7		use Assembly\ParameterDefinition;
8		use Assembly\Reference;
9		use Interop\Container\Definition\DefinitionInterface;
10		use Interop\Container\Definition\DefinitionProviderInterface;
11		use Symfony\Component\Yaml\Exception\ParseException;
12		use Symfony\Component\Yaml\Parser;
13		use TheCodingMachine\Definition\Exception\FileNotFoundException;
14		use TheCodingMachine\Definition\Exception\InvalidArgumentException;
15
16		class YamlDefinitionLoader implements DefinitionProviderInterface
17		{
18		/**
19		* The name of the YAML file to be loaded.
20		*
21		* @var string
22		*/
23		private $fileName;
24
25		public function __construct($fileName)
26		{
27		$this->fileName = $fileName;
28		}
29
30		/**
31		* Returns the definition to register in the container.
32		*
33		* @return DefinitionInterface[]
34		*/
35		public function getDefinitions()
36		{
37		$content = $this->loadFile($this->fileName);
38
39		// empty file
40		if (null === $content) {
41		return [];
42		}
43
44		// imports
45		$definitions = $this->parseImports($content);
46
47		// parameters
48		if (isset($content['parameters'])) {
49		if (!is_array($content['parameters'])) {
50		throw new InvalidArgumentException(sprintf('The "parameters" key should contain an array in %s. Check your YAML syntax.', $this->fileName));
51		}
52
53		foreach ($content['parameters'] as $key => $value) {
54		$definitions[$key] = new ParameterDefinition($value);
55		//$this->container->setParameter($key, $this->resolveServices($value));
56		}
57		}
58
59		// services
60		$serviceDefinitions = $this->parseDefinitions($content);
61		$definitions = $definitions + $serviceDefinitions;
62
63		return $definitions;
		0 ignored issues – show Bug Best Practice introduced 2015-12-03 16:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type of `return $definitions;` (`array<,Interop\Containe...on\DefinitionInterface>`) is incompatible with the return type documented by `TheCodingMachine\Definit...nLoader::getDefinitions` of type `Interop\Container\Definition\DefinitionInterface[]`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { / ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
64		}
65
66		/**
67		* Parses all imports.
68		*
69		* @param array $content
70		* @param $content
71		*
72		* @return DefinitionInterface[]
73		*/
74		private function parseImports($content)
75		{
76		if (!isset($content['imports'])) {
77		return [];
78		}
79
80		if (!is_array($content['imports'])) {
81		throw new InvalidArgumentException(sprintf('The "imports" key should contain an array in %s. Check your YAML syntax.', $this->fileName));
82		}
83
84		$additionalDefinitions = [];
85
86		foreach ($content['imports'] as $import) {
87		if (!is_array($import)) {
88		throw new InvalidArgumentException(sprintf('The values in the "imports" key should be arrays in %s. Check your YAML syntax.', $this->fileName));
89		}
90
91		if (isset($import['ignore_errors'])) {
92		throw new InvalidArgumentException(sprintf('The "ignore_errors" key is not supported in YamlDefinitionLoader. This is a Symfony specific syntax. Check your YAML syntax.', $this->fileName));
93		}
94
95		$importFileName = $import['resource'];
96
97		if (strpos($importFileName, '/') !== 0) {
98		$importFileName = dirname($this->fileName).'/'.$importFileName;
99		}
100
101		$yamlDefinitionLoader = new self($importFileName);
102		$newDefinitions = $yamlDefinitionLoader->getDefinitions();
103
104		$additionalDefinitions = $newDefinitions + $additionalDefinitions;
105		}
106
107		return $additionalDefinitions;
108		}
109
110		/**
111		* Parses definitions.
112		*
113		* @param array $content
114		*
115		* @return DefinitionInterface[]
116		*/
117		private function parseDefinitions($content)
118		{
119		if (!isset($content['services'])) {
120		return [];
121		}
122
123		if (!is_array($content['services'])) {
124		throw new InvalidArgumentException(sprintf('The "services" key should contain an array in %s. Check your YAML syntax.', $this->fileName));
125		}
126
127		$definitions = [];
128
129		foreach ($content['services'] as $id => $service) {
130		$definitions[$id] = $this->parseDefinition($id, $service);
131		}
132
133		return $definitions;
134		}
135
136		/**
137		* Parses a definition.
138		*
139		* @param string $id
140		* @param array $service
141		*
142		* @return DefinitionInterface
143		*
144		* @throws InvalidArgumentException When tags are invalid
145		*/
146		private function parseDefinition($id, $service)
147		{
148		if (is_string($service) && 0 === strpos($service, '@')) {
149		return new Reference(substr($service, 1));
150		}
151
152	View Code Duplication	if (!is_array($service)) {
153		throw new InvalidArgumentException(sprintf('A service definition must be an array or a string starting with "@" but %s found for service "%s" in %s. Check your YAML syntax.', gettype($service), $id, $this->fileName));
154		}
155
156		if (isset($service['alias'])) {
157		if (isset($service['public'])) {
158		throw new InvalidArgumentException('The "public" key is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
159		}
160
161		return new Reference($service['alias']);
162		}
163
164		if (isset($service['parent'])) {
165		throw new InvalidArgumentException('Definition decorators via the "parent" key are not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
166		}
167
168		$definition = null;
169
170		if (isset($service['class'])) {
171		$definition = new ObjectDefinition($service['class']);
172
173		if (isset($service['arguments'])) {
174		$arguments = $this->resolveServices($service['arguments']);
175		foreach ($arguments as $argument) {
		0 ignored issues – show Bug introduced 2015-11-26 22:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$arguments` of type `array\|string\|object<Assembly\Reference>` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
176		$definition->addConstructorArgument($argument);
177		}
178		}
179
180		if (isset($service['properties'])) {
181		$properties = $this->resolveServices($service['properties']);
182		foreach ($properties as $name => $property) {
		0 ignored issues – show Bug introduced 2015-11-26 22:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$properties` of type `array\|string\|object<Assembly\Reference>` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
183		$definition->addPropertyAssignment($name, $property);
184		}
185		}
186
187		if (isset($service['calls'])) {
188	View Code Duplication	if (!is_array($service['calls'])) {
189		throw new InvalidArgumentException(sprintf('Parameter "calls" must be an array for service "%s" in %s. Check your YAML syntax.', $id, $this->fileName));
190		}
191
192		foreach ($service['calls'] as $call) {
193		if (isset($call['method'])) {
194		$method = $call['method'];
195		$args = isset($call['arguments']) ? $this->resolveServices($call['arguments']) : array();
196		} else {
197		$method = $call[0];
198		$args = isset($call[1]) ? $this->resolveServices($call[1]) : array();
199		}
200
201		array_unshift($args, $method);
202		call_user_func_array([$definition, 'addMethodCall'], $args);
203		}
204		}
205		}
206
207		if (isset($service['factory'])) {
208		if (is_string($service['factory'])) {
209		if (strpos($service['factory'], ':') !== false && strpos($service['factory'], '::') === false) {
210		$parts = explode(':', $service['factory']);
211		$definition = new FactoryCallDefinition($this->resolveServices('@'.$parts[0]), $parts[1]);
212		} elseif (strpos($service['factory'], ':') !== false && strpos($service['factory'], '::') !== false) {
213		$parts = explode('::', $service['factory']);
214		$definition = new FactoryCallDefinition($parts[0], $parts[1]);
215		} else {
216		throw new InvalidArgumentException('A "factory" must be in the format "service_name:method_name" or "class_name::method_name".Got "'.$service['factory'].'"');
217		}
218		} else {
219		$definition = new FactoryCallDefinition($this->resolveServices($service['factory'][0]), $service['factory'][1]);
220		}
221
222		if (isset($service['arguments'])) {
223		$arguments = $this->resolveServices($service['arguments']);
224		call_user_func_array([$definition, 'setArguments'], $arguments);
225		}
226		}
227
228		if (isset($service['shared'])) {
229		throw new InvalidArgumentException('The "shared" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
230		}
231
232		if (isset($service['synthetic'])) {
233		throw new InvalidArgumentException('The "synthetic" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
234		}
235
236		if (isset($service['lazy'])) {
237		throw new InvalidArgumentException('The "lazy" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
238		}
239
240		if (isset($service['public'])) {
241		// TODO: add support for private services => mapping to nested definitions
242		throw new InvalidArgumentException('The "public" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
243		}
244
245		if (isset($service['abstract'])) {
246		throw new InvalidArgumentException('The "abstract" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
247		}
248
249		if (array_key_exists('deprecated', $service)) {
250		throw new InvalidArgumentException('The "deprecated" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
251		}
252
253		if (isset($service['file'])) {
254		throw new InvalidArgumentException('The "file" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
255		}
256
257		if (isset($service['configurator'])) {
258		throw new InvalidArgumentException('The "configurator" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
259		}
260
261		if (isset($service['tags'])) {
262		throw new InvalidArgumentException('The "tags" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
263		}
264
265		if (isset($service['decorates'])) {
266		throw new InvalidArgumentException('The "decorates" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
267		}
268
269		if (isset($service['autowire'])) {
270		throw new InvalidArgumentException('The "autowire" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
271		}
272
273		if (isset($service['autowiring_types'])) {
274		throw new InvalidArgumentException('The "autowiring_types" key in instance definitions is not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
275		}
276
277		if ($definition === null) {
278		throw new InvalidArgumentException(sprintf('Invalid service declaration for "%s" (in %s). You should specify at least a "class", "alias" or "factory" key.', $id, $this->fileName));
279		}
280
281		return $definition;
282		}
283
284		/**
285		* Loads a YAML file.
286		*
287		* @param string $file
288		*
289		* @return array The file content
290		*
291		* @throws InvalidArgumentException when the given file is not a local file or when it does not exist
292		*/
293		protected function loadFile($file)
294		{
295		if (!stream_is_local($file)) {
296		throw new InvalidArgumentException(sprintf('This is not a local file "%s".', $file));
297		}
298
299		if (!is_readable($file)) {
300		throw new FileNotFoundException(sprintf('The file "%s" does not exist or is not readable.', $file));
301		}
302
303		$yamlParser = new Parser();
304
305		try {
306		$configuration = $yamlParser->parse(file_get_contents($file));
307		} catch (ParseException $e) {
308		throw new InvalidArgumentException(sprintf('The file "%s" does not contain valid YAML.', $file), 0, $e);
309		}
310
311		return $this->validate($configuration, $file);
312		}
313
314		/**
315		* Validates a YAML file.
316		*
317		* @param mixed $content
318		* @param string $file
319		*
320		* @return array
321		*
322		* @throws InvalidArgumentException When service file is not valid
323		*/
324		private function validate($content, $file)
325		{
326		if (null === $content) {
327		return $content;
328		}
329
330		if (!is_array($content)) {
331		throw new InvalidArgumentException(sprintf('The service file "%s" is not valid. It should contain an array. Check your YAML syntax.', $file));
332		}
333
334		foreach ($content as $namespace => $data) {
335		if (in_array($namespace, array('imports', 'parameters', 'services'))) {
336		continue;
337		}
338
339		throw new InvalidArgumentException(sprintf(
340		'Cannot load the configuration for file "%s". Unexpected "%s" key. Expecting one of "imports", "parameters", "services".',
341		$file,
342		$namespace
343		));
344		}
345
346		return $content;
347		}
348
349		/**
350		* Resolves services.
351		*
352		* @param string\|array $value
353		*
354		* @return array\|string\|Reference
355		*/
356		private function resolveServices($value)
357		{
358		if (is_array($value)) {
359		return array_map(array($this, 'resolveServices'), $value);
360		} elseif (is_string($value) && 0 === strpos($value, '@=')) {
361		throw new InvalidArgumentException('Expressions (starting by "@=") are not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
362		} elseif (is_string($value) && 0 === strpos($value, '@')) {
363		if (0 === strpos($value, '@@')) {
364		return substr($value, 1);
365		} elseif (0 === strpos($value, '@?')) {
366		throw new InvalidArgumentException('Optional services (starting by "@?") are not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
367		} else {
368		$value = substr($value, 1);
369		if ('=' === substr($value, -1)) {
370		throw new InvalidArgumentException('Non-strict services (ending with "=") are not supported by YamlDefinitionLoader. This is a Symfony specific feature.');
371		} else {
372		}
373
374		return new Reference($value);
375		}
376		} else {
377		return $value;
378		}
379		}
380		}
381

thecodingmachine / yaml-definition-loader

Issues (8)

Security Analysis no request data

src/YamlDefinitionLoader.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like