Issues in AbstractPicoPlugin.php (master) - Issues in master - theshka/Pico - Measure and Improve Code Quality continuously with Scrutinizer

Issues (20)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/AbstractPicoPlugin.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Abstract class to extend from when implementing a Pico plugin
 *
 * @see PicoPluginInterface
 *
 * @author  Daniel Rudolf
 * @link    http://picocms.org
 * @license http://opensource.org/licenses/MIT
 * @version 1.0
 */
abstract class AbstractPicoPlugin implements PicoPluginInterface
{
    /**
     * Current instance of Pico
     *
     * @see PicoPluginInterface::getPico()
     * @var Pico
     */
    private $pico;

    /**
     * Boolean indicating if this plugin is enabled (true) or disabled (false)
     *
     * @see PicoPluginInterface::isEnabled()
     * @see PicoPluginInterface::setEnabled()
     * @var boolean
     */
    protected $enabled = true;

    /**
     * Boolean indicating if this plugin was ever enabled/disabled manually
     *
     * @see PicoPluginInterface::isStatusChanged()
     * @var boolean
     */
    protected $statusChanged = false;

    /**
     * List of plugins which this plugin depends on
     *
     * @see AbstractPicoPlugin::checkDependencies()
     * @see PicoPluginInterface::getDependencies()
     * @var string[]
     */
    protected $dependsOn = array();

    /**
     * List of plugin which depend on this plugin
     *
     * @see AbstractPicoPlugin::checkDependants()
     * @see PicoPluginInterface::getDependants()
     * @var object[]
     */
    private $dependants;

    /**
     * @see PicoPluginInterface::__construct()
     */
    public function __construct(Pico $pico)
    {
        $this->pico = $pico;
    }

    /**
     * @see PicoPluginInterface::handleEvent()
     */
    public function handleEvent($eventName, array $params)
    {
        // plugins can be enabled/disabled using the config
        if ($eventName === 'onConfigLoaded') {
            $pluginEnabled = $this->getConfig(get_called_class() . '.enabled');
            if ($pluginEnabled !== null) {
                $this->setEnabled($pluginEnabled);
            } else {
                $pluginConfig = $this->getConfig(get_called_class());
                if (is_array($pluginConfig) && isset($pluginConfig['enabled'])) {
                    $this->setEnabled($pluginConfig['enabled']);
                }
            }
        }

        if ($this->isEnabled() || ($eventName === 'onPluginsLoaded')) {
            if (method_exists($this, $eventName)) {
                call_user_func_array(array($this, $eventName), $params);
            }
        }
    }

    /**
     * @see PicoPluginInterface::setEnabled()
     */
    public function setEnabled($enabled, $recursive = true, $auto = false)
    {
        $this->statusChanged = (!$this->statusChanged) ? !$auto : true;
        $this->enabled = (bool) $enabled;

        if ($enabled) {
            $this->checkDependencies($recursive);
        } else {
            $this->checkDependants($recursive);
        }
    }

    /**
     * @see PicoPluginInterface::isEnabled()
     */
    public function isEnabled()
    {
        return $this->enabled;
    }

    /**
     * @see PicoPluginInterface::isStatusChanged()
     */
    public function isStatusChanged()
    {
        return $this->statusChanged;
    }

    /**
     * @see PicoPluginInterface::getPico()
     */
    public function getPico()
    {
        return $this->pico;
    }

    /**
     * Passes all not satisfiable method calls to Pico
     *
     * @see    Pico
     * @param  string $methodName name of the method to call
     * @param  array  $params     parameters to pass
     * @return mixed              return value of the called method
     */
    public function __call($methodName, array $params)
    {
        if (method_exists($this->getPico(), $methodName)) {
            return call_user_func_array(array($this->getPico(), $methodName), $params);
        }

        throw new BadMethodCallException(
            'Call to undefined method ' . get_class($this->getPico()) . '::' . $methodName . '() '
            . 'through ' . get_called_class() . '::__call()'
        );
    }

    /**
     * Enables all plugins which this plugin depends on
     *
     * @see    PicoPluginInterface::getDependencies()
     * @param  boolean $recursive enable required plugins automatically
     * @return void
     * @throws RuntimeException   thrown when a dependency fails
     */
    protected function checkDependencies($recursive)
    {
        foreach ($this->getDependencies() as $pluginName) {
            try {
                $plugin = $this->getPlugin($pluginName);
            } catch (RuntimeException $e) {
                throw new RuntimeException(
                    "Unable to enable plugin '" . get_called_class() . "':"
                    . "Required plugin '" . $pluginName . "' not found"
                );
            }

            // plugins which don't implement PicoPluginInterface are always enabled
            if (is_a($plugin, 'PicoPluginInterface') && !$plugin->isEnabled()) {
                if ($recursive) {
                    if (!$plugin->isStatusChanged()) {

                        $plugin->setEnabled(true, true, true);
                    } else {
                        throw new RuntimeException(
                            "Unable to enable plugin '" . get_called_class() . "':"
                            . "Required plugin '" . $pluginName . "' was disabled manually"
                        );
                    }
                } else {
                    throw new RuntimeException(
                        "Unable to enable plugin '" . get_called_class() . "':"
                        . "Required plugin '" . $pluginName . "' is disabled"
                    );
                }
            }
        }
    }

    /**
     * @see PicoPluginInterface::getDependencies()
     */
    public function getDependencies()
    {
        return (array) $this->dependsOn;
    }

    /**
     * Disables all plugins which depend on this plugin
     *
     * @see    PicoPluginInterface::getDependants()
     * @param  boolean $recursive disabled dependant plugins automatically
     * @return void
     * @throws RuntimeException   thrown when a dependency fails
     */
    protected function checkDependants($recursive)
    {
        $dependants = $this->getDependants();
        if (!empty($dependants)) {
            if ($recursive) {
                foreach ($this->getDependants() as $pluginName => $plugin) {
                    if ($plugin->isEnabled()) {

                        if (!$plugin->isStatusChanged()) {
                            $plugin->setEnabled(false, true, true);
                        } else {
                            throw new RuntimeException(
                                "Unable to disable plugin '" . get_called_class() . "': "
                                . "Required by manually enabled plugin '" . $pluginName . "'"
                            );
                        }
                    }
                }
            } else {
                $dependantsList = 'plugin' . ((count($dependants) > 1) ? 's' : '') . ' ';
                $dependantsList .= "'" . implode("', '", array_keys($dependants)) . "'";
                throw new RuntimeException(
                    "Unable to disable plugin '" . get_called_class() . "': "
                    . "Required by " . $dependantsList
                );
            }
        }
    }

    /**
     * @see PicoPluginInterface::getDependants()
     */
    public function getDependants()
    {
        if ($this->dependants === null) {
            $this->dependants = array();
            foreach ($this->getPlugins() as $pluginName => $plugin) {
                // only plugins which implement PicoPluginInterface support dependencies
                if (is_a($plugin, 'PicoPluginInterface')) {
                    $dependencies = $plugin->getDependencies();
                    if (in_array(get_called_class(), $dependencies)) {
                        $this->dependants[$pluginName] = $plugin;
                    }
                }
            }
        }

        return $this->dependants;
    }
}


1		<?php
2
3		/**
4		* Abstract class to extend from when implementing a Pico plugin
5		*
6		* @see PicoPluginInterface
7		*
8		* @author Daniel Rudolf
9		* @link http://picocms.org
10		* @license http://opensource.org/licenses/MIT
11		* @version 1.0
12		*/
13		abstract class AbstractPicoPlugin implements PicoPluginInterface
14		{
15		/**
16		* Current instance of Pico
17		*
18		* @see PicoPluginInterface::getPico()
19		* @var Pico
20		*/
21		private $pico;
22
23		/**
24		* Boolean indicating if this plugin is enabled (true) or disabled (false)
25		*
26		* @see PicoPluginInterface::isEnabled()
27		* @see PicoPluginInterface::setEnabled()
28		* @var boolean
29		*/
30		protected $enabled = true;
31
32		/**
33		* Boolean indicating if this plugin was ever enabled/disabled manually
34		*
35		* @see PicoPluginInterface::isStatusChanged()
36		* @var boolean
37		*/
38		protected $statusChanged = false;
39
40		/**
41		* List of plugins which this plugin depends on
42		*
43		* @see AbstractPicoPlugin::checkDependencies()
44		* @see PicoPluginInterface::getDependencies()
45		* @var string[]
46		*/
47		protected $dependsOn = array();
48
49		/**
50		* List of plugin which depend on this plugin
51		*
52		* @see AbstractPicoPlugin::checkDependants()
53		* @see PicoPluginInterface::getDependants()
54		* @var object[]
55		*/
56		private $dependants;
57
58		/**
59		* @see PicoPluginInterface::__construct()
60		*/
61		public function __construct(Pico $pico)
62		{
63		$this->pico = $pico;
64		}
65
66		/**
67		* @see PicoPluginInterface::handleEvent()
68		*/
69		public function handleEvent($eventName, array $params)
70		{
71		// plugins can be enabled/disabled using the config
72		if ($eventName === 'onConfigLoaded') {
73		$pluginEnabled = $this->getConfig(get_called_class() . '.enabled');
74		if ($pluginEnabled !== null) {
75		$this->setEnabled($pluginEnabled);
76		} else {
77		$pluginConfig = $this->getConfig(get_called_class());
78		if (is_array($pluginConfig) && isset($pluginConfig['enabled'])) {
79		$this->setEnabled($pluginConfig['enabled']);
80		}
81		}
82		}
83
84		if ($this->isEnabled() \|\| ($eventName === 'onPluginsLoaded')) {
85		if (method_exists($this, $eventName)) {
86		call_user_func_array(array($this, $eventName), $params);
87		}
88		}
89		}
90
91		/**
92		* @see PicoPluginInterface::setEnabled()
93		*/
94		public function setEnabled($enabled, $recursive = true, $auto = false)
95		{
96		$this->statusChanged = (!$this->statusChanged) ? !$auto : true;
97		$this->enabled = (bool) $enabled;
98
99		if ($enabled) {
100		$this->checkDependencies($recursive);
101		} else {
102		$this->checkDependants($recursive);
103		}
104		}
105
106		/**
107		* @see PicoPluginInterface::isEnabled()
108		*/
109		public function isEnabled()
110		{
111		return $this->enabled;
112		}
113
114		/**
115		* @see PicoPluginInterface::isStatusChanged()
116		*/
117		public function isStatusChanged()
118		{
119		return $this->statusChanged;
120		}
121
122		/**
123		* @see PicoPluginInterface::getPico()
124		*/
125		public function getPico()
126		{
127		return $this->pico;
128		}
129
130		/**
131		* Passes all not satisfiable method calls to Pico
132		*
133		* @see Pico
134		* @param string $methodName name of the method to call
135		* @param array $params parameters to pass
136		* @return mixed return value of the called method
137		*/
138		public function __call($methodName, array $params)
139		{
140		if (method_exists($this->getPico(), $methodName)) {
141		return call_user_func_array(array($this->getPico(), $methodName), $params);
142		}
143
144		throw new BadMethodCallException(
145		'Call to undefined method ' . get_class($this->getPico()) . '::' . $methodName . '() '
146		. 'through ' . get_called_class() . '::__call()'
147		);
148		}
149
150		/**
151		* Enables all plugins which this plugin depends on
152		*
153		* @see PicoPluginInterface::getDependencies()
154		* @param boolean $recursive enable required plugins automatically
155		* @return void
156		* @throws RuntimeException thrown when a dependency fails
157		*/
158		protected function checkDependencies($recursive)
159		{
160		foreach ($this->getDependencies() as $pluginName) {
161		try {
162		$plugin = $this->getPlugin($pluginName);
163		} catch (RuntimeException $e) {
164		throw new RuntimeException(
165		"Unable to enable plugin '" . get_called_class() . "':"
166		. "Required plugin '" . $pluginName . "' not found"
167		);
168		}
169
170		// plugins which don't implement PicoPluginInterface are always enabled
171		if (is_a($plugin, 'PicoPluginInterface') && !$plugin->isEnabled()) {
172		if ($recursive) {
173	View Code Duplication	if (!$plugin->isStatusChanged()) {
		0 ignored issues – show Duplication introduced 2015-11-23 19:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
174		$plugin->setEnabled(true, true, true);
175		} else {
176		throw new RuntimeException(
177		"Unable to enable plugin '" . get_called_class() . "':"
178		. "Required plugin '" . $pluginName . "' was disabled manually"
179		);
180		}
181		} else {
182		throw new RuntimeException(
183		"Unable to enable plugin '" . get_called_class() . "':"
184		. "Required plugin '" . $pluginName . "' is disabled"
185		);
186		}
187		}
188		}
189		}
190
191		/**
192		* @see PicoPluginInterface::getDependencies()
193		*/
194		public function getDependencies()
195		{
196		return (array) $this->dependsOn;
197		}
198
199		/**
200		* Disables all plugins which depend on this plugin
201		*
202		* @see PicoPluginInterface::getDependants()
203		* @param boolean $recursive disabled dependant plugins automatically
204		* @return void
205		* @throws RuntimeException thrown when a dependency fails
206		*/
207		protected function checkDependants($recursive)
208		{
209		$dependants = $this->getDependants();
210		if (!empty($dependants)) {
211		if ($recursive) {
212		foreach ($this->getDependants() as $pluginName => $plugin) {
213	View Code Duplication	if ($plugin->isEnabled()) {
		0 ignored issues – show Duplication introduced 2015-11-23 19:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
214		if (!$plugin->isStatusChanged()) {
215		$plugin->setEnabled(false, true, true);
216		} else {
217		throw new RuntimeException(
218		"Unable to disable plugin '" . get_called_class() . "': "
219		. "Required by manually enabled plugin '" . $pluginName . "'"
220		);
221		}
222		}
223		}
224		} else {
225		$dependantsList = 'plugin' . ((count($dependants) > 1) ? 's' : '') . ' ';
226		$dependantsList .= "'" . implode("', '", array_keys($dependants)) . "'";
227		throw new RuntimeException(
228		"Unable to disable plugin '" . get_called_class() . "': "
229		. "Required by " . $dependantsList
230		);
231		}
232		}
233		}
234
235		/**
236		* @see PicoPluginInterface::getDependants()
237		*/
238		public function getDependants()
239		{
240		if ($this->dependants === null) {
241		$this->dependants = array();
242		foreach ($this->getPlugins() as $pluginName => $plugin) {
243		// only plugins which implement PicoPluginInterface support dependencies
244		if (is_a($plugin, 'PicoPluginInterface')) {
245		$dependencies = $plugin->getDependencies();
246		if (in_array(get_called_class(), $dependencies)) {
247		$this->dependants[$pluginName] = $plugin;
248		}
249		}
250		}
251		}
252
253		return $this->dependants;
254		}
255		}
256

theshka / Pico

Issues (20)

Security Analysis not enabled

lib/AbstractPicoPlugin.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like