Issues in NodeCollection.php (master) - Issues in master - thinktomorrow/vine - Measure and Improve Code Quality continuously with Scrutinizer

Issues (18)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/NodeCollection.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Vine;

use Vine\Commands\Shake;
use Vine\Commands\Flatten;
use Vine\Commands\Inflate;
use Vine\Commands\Remove;
use Vine\Commands\Slice;
use Vine\Queries\Find;

class NodeCollection implements \ArrayAccess, \Countable, \IteratorAggregate
{
    /**
     * @var Node[]
     */
    protected $nodes;

    public function __construct(Node ...$nodeCollection)
    {
        $this->nodes = $nodeCollection;
    }

    public function all()
    {
        return $this->nodes;
    }

    public function first()
    {
        if($this->isEmpty()) return null;

        return reset($this->nodes);
    }

    public function isEmpty(): bool
    {
        return empty($this->nodes);
    }

    /**
     * Add one / many nodes to this collection
     *
     * @param Node[] ...$nodes
     * @return $this
     */
    public function add(Node ...$nodes)
    {
        $this->nodes = array_merge($this->nodes, $nodes);


        return $this;
    }

    /**
     * Merge a collection into current one.
     *
     * @param NodeCollection $nodeCollection
     * @return $this
     */
    public function merge(self $nodeCollection)
    {
        $this->nodes = array_merge($this->nodes, $nodeCollection->all());

        return $this;
    }

    /**
     * Remove the child node
     *
     * Please note that all descendants of this
     * child node will be removed as well.
     *
     * @param Node $child
     * @return $this
     */
    public function remove(Node $child)
    {
        return (new Remove())($this,$child);
    }

    /**
     * Return flattened list of all nodes in this collection
     *
     * @return NodeCollection
     */
    public function flatten()
    {
        return (new Flatten())($this);
    }

    /**
     * Inflate a flattened collection back to its original structure
     *
     * @return NodeCollection
     */
    public function inflate()
    {
        return (new Inflate())($this);
    }

    /**
     * Slice one or more nodes out of the collection
     *
     * @param Node[] ...$nodes
     * @return mixed
     */
    public function slice(Node ...$nodes)
    {
        return (new Slice())($this, ...$nodes);
    }

    /**
     * Find many nodes by attribute value
     *
     * @param $key
     * @param array $values
     * @return NodeCollection
     */
    public function findMany($key, array $values): self
    {
        return (new Find)($this,$key,$values);
    }

    /**
     * Find specific node by attribute value
     *
     * @param $key
     * @param $value
     * @return Node|null
     */
    public function find($key, $value)
    {
        return (new Find)($this,$key,[$value])->first();
    }

    public function offsetExists($offset)
    {
        if(!is_string($offset) && !is_int($offset)) return false;

        return array_key_exists($offset, $this->nodes);
    }

    public function offsetGet($offset)
    {
        return $this->nodes[$offset];
    }

    public function offsetSet($offset, $value)
    {
        if(is_null($offset)) $this->nodes[] = $value;

        else $this->nodes[$offset] = $value;
    }

    public function offsetUnset($offset)
    {
        unset($this->nodes[$offset]);
    }

    public function count()
    {
        return count($this->nodes);
    }

    public function getIterator()
    {
        return new \ArrayIterator($this->nodes);
    }
}


1		<?php
2
3		namespace Vine;
4
5		use Vine\Commands\Shake;
6		use Vine\Commands\Flatten;
7		use Vine\Commands\Inflate;
8		use Vine\Commands\Remove;
9		use Vine\Commands\Slice;
10		use Vine\Queries\Find;
11
12		class NodeCollection implements \ArrayAccess, \Countable, \IteratorAggregate
13		{
14		/**
15		* @var Node[]
16		*/
17		protected $nodes;
18
19	174	public function __construct(Node ...$nodeCollection)
20		{
21	174	$this->nodes = $nodeCollection;
22	174	}
23
24	138	public function all()
25		{
26	138	return $this->nodes;
27		}
28
29	45	public function first()
30		{
31	45	if($this->isEmpty()) return null;
32
33	45	return reset($this->nodes);
34		}
35
36	90	public function isEmpty(): bool
37		{
38	90	return empty($this->nodes);
39		}
40
41		/**
42		* Add one / many nodes to this collection
43		*
44		* @param Node[] ...$nodes
45		* @return $this
46		*/
47	66	public function add(Node ...$nodes)
48		{
49	66	$this->nodes = array_merge($this->nodes, $nodes);
		0 ignored issues – show Documentation Bug introduced 2017-05-25 06:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `array_merge($this->nodes, $nodes)` of type `array<integer,object<Vin...ger,object<Vine\Node>>>` is incompatible with the declared type `array<integer,object<Vine\Node>>` of property `$nodes`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
50
51	66	return $this;
52		}
53
54		/**
55		* Merge a collection into current one.
56		*
57		* @param NodeCollection $nodeCollection
58		* @return $this
59		*/
60	126	public function merge(self $nodeCollection)
61		{
62	126	$this->nodes = array_merge($this->nodes, $nodeCollection->all());
63
64	126	return $this;
65		}
66
67		/**
68		* Remove the child node
69		*
70		* Please note that all descendants of this
71		* child node will be removed as well.
72		*
73		* @param Node $child
74		* @return $this
75		*/
76	36	public function remove(Node $child)
77		{
78	36	return (new Remove())($this,$child);
79		}
80
81		/**
82		* Return flattened list of all nodes in this collection
83		*
84		* @return NodeCollection
85		*/
86	6	public function flatten()
87		{
88	6	return (new Flatten())($this);
89		}
90
91		/**
92		* Inflate a flattened collection back to its original structure
93		*
94		* @return NodeCollection
95		*/
96	6	public function inflate()
97		{
98	6	return (new Inflate())($this);
99		}
100
101		/**
102		* Slice one or more nodes out of the collection
103		*
104		* @param Node[] ...$nodes
105		* @return mixed
106		*/
107	3	public function slice(Node ...$nodes)
108		{
109	3	return (new Slice())($this, ...$nodes);
110		}
111
112		/**
113		* Find many nodes by attribute value
114		*
115		* @param $key
116		* @param array $values
117		* @return NodeCollection
118		*/
119	3	public function findMany($key, array $values): self
120		{
121	3	return (new Find)($this,$key,$values);
122		}
123
124		/**
125		* Find specific node by attribute value
126		*
127		* @param $key
128		* @param $value
129		* @return Node\|null
130		*/
131	9	public function find($key, $value)
132		{
133	9	return (new Find)($this,$key,[$value])->first();
134		}
135
136	21	public function offsetExists($offset)
137		{
138	21	if(!is_string($offset) && !is_int($offset)) return false;
139
140	21	return array_key_exists($offset, $this->nodes);
141		}
142
143	33	public function offsetGet($offset)
144		{
145	33	return $this->nodes[$offset];
146		}
147
148	21	public function offsetSet($offset, $value)
149		{
150	21	if(is_null($offset)) $this->nodes[] = $value;
151
152	21	else $this->nodes[$offset] = $value;
153	21	}
154
155	39	public function offsetUnset($offset)
156		{
157	39	unset($this->nodes[$offset]);
158	39	}
159
160	66	public function count()
161		{
162	66	return count($this->nodes);
163		}
164
165	90	public function getIterator()
166		{
167	90	return new \ArrayIterator($this->nodes);
168		}
169		}
170

thinktomorrow / vine

Issues (18)

Security Analysis no request data

src/NodeCollection.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like