Issues in BaseApi.php (master) - Issues in master - tianye/WechatMpSDK - Measure and Improve Code Quality continuously with Scrutinizer

Issues (233)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/API/BaseApi.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Wechat\API;

use Wechat\Api;

class BaseApi
{
    protected $module; // 接口模块
    protected $className;
    protected $apitype;

    protected $AppId;
    protected $AppSecret;

    /**
     * 构造方法 根据类名设置 当前要访问的接口模块.
     *
     * @author Tian
     *
     * @date   2015-12-08
     */
    public function __construct()
    {
        $className = get_called_class();
        $className = explode('\\', $className);
        $className = end($className);
        $className = str_replace('Api', '', $className);
        $className = strtolower($className);

        $this->module    = $className;
        $this->className = $className;
        $this->apitype   = 'cgi-bin';
    }

    /**
     * 获取AppId
     *
     * @return string AppId
     */
    public static function getAppId()
    {
        return Api::getAppId();
    }

    /**
     * 获取AppSecret
     *
     * @return string AppSecret
     */
    public static function getAppSecret()
    {
        return Api::getAppSecret();
    }

    /**
     * get发送数据.
     *
     * @author Tian
     *
     * @date   2015-12-08
     *
     * @param string $node     接口节点
     * @param array  $queryStr 需要携带的查询字符串
     *
     * @return bool|array 接口返回的结果
     */
    final protected function _get($node, array $queryStr, $arsort = true)

    {
        if (!is_array($queryStr)) {
            $this->setError('参数必须为一个数组');

            return false;
        }

        $module  = $this->module;
        $apitype = $this->apitype;

        if ($this->module != $this->className) {
            $this->module = $this->className;
        }

        return Api::_get($module, $node, $queryStr, $arsort, $apitype);
    }

    /**
     * post发送数据.
     *
     * @author Tian
     *
     * @date   2015-12-08
     *
     * @param string $node       接口节点
     * @param array  $data       需要发送的数据
     * @param bool   $jsonEncode 是否转换为jsons数据
     *
     * @return bool|array 接口返回的结果
     */
    final protected function _post($node, array $data, $jsonEncode = true)

    {
        if (!is_array($data)) {
            $this->setError('参数必须为一个数组');

            return false;
        }

        $module  = $this->module;
        $apitype = $this->apitype;

        if ($this->module != $this->className) {
            $this->module = $this->className;
        }

        return Api::_post($module, $node, $data, $jsonEncode, $apitype);
    }

    /**
     * 设置错误信息.
     *
     * @author Tian
     *
     * @date   2015-12-08
     *
     * @param string $error 错误信息
     */
    final protected function setError($error)
    {
        Api::setError($error);
    }

    /**
     * 返回错误信息.
     *
     * @author Tian
     *
     * @date   2015-12-08
     *
     * @return string
     */
    final public function getError()
    {
        return Api::getError();
    }

    /**
     * 获取api原始返回值
     *
     * @return string
     */
    final public function getApiData()
    {
        return Api::getApiData();
    }

    /**
     * 缓存方法
     *
     * @param string $name    缓存名
     * @param string $value   缓存值 如果不输入值 则根据缓存名返回缓存值.
     * @param int    $expires 缓存过期时间 默认0 即永不超时. 单位秒
     *
     * @return bool|null|string
     */
    final public function cache($name, $value = '', $expires = 0)
    {
        return Api::cache($name, $value, $expires);
    }

    /**
     * 设置post操作的get参数.
     *
     * @param $name
     * @param $value
     */
    final public function setPostQueryStr($name, $value)
    {
        Api::setPostQueryStr($name, $value);
    }
}


1		<?php
2
3		namespace Wechat\API;
4
5		use Wechat\Api;
6
7		class BaseApi
8		{
9		protected $module; // 接口模块
10		protected $className;
11		protected $apitype;
12
13		protected $AppId;
14		protected $AppSecret;
15
16		/**
17		* 构造方法根据类名设置当前要访问的接口模块.
18		*
19		* @author Tian
20		*
21		* @date 2015-12-08
22		*/
23		public function __construct()
24		{
25		$className = get_called_class();
26		$className = explode('\\', $className);
27		$className = end($className);
28		$className = str_replace('Api', '', $className);
29		$className = strtolower($className);
30
31		$this->module = $className;
32		$this->className = $className;
33		$this->apitype = 'cgi-bin';
34		}
35
36		/**
37		* 获取AppId
38		*
39		* @return string AppId
40		*/
41		public static function getAppId()
42		{
43		return Api::getAppId();
44		}
45
46		/**
47		* 获取AppSecret
48		*
49		* @return string AppSecret
50		*/
51		public static function getAppSecret()
52		{
53		return Api::getAppSecret();
54		}
55
56		/**
57		* get发送数据.
58		*
59		* @author Tian
60		*
61		* @date 2015-12-08
62		*
63		* @param string $node 接口节点
64		* @param array $queryStr 需要携带的查询字符串
65		*
66		* @return bool\|array 接口返回的结果
67		*/
68	View Code Duplication	final protected function _get($node, array $queryStr, $arsort = true)
		0 ignored issues – show Duplication introduced 2017-08-29 08:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
69		{
70		if (!is_array($queryStr)) {
71		$this->setError('参数必须为一个数组');
72
73		return false;
74		}
75
76		$module = $this->module;
77		$apitype = $this->apitype;
78
79		if ($this->module != $this->className) {
80		$this->module = $this->className;
81		}
82
83		return Api::_get($module, $node, $queryStr, $arsort, $apitype);
84		}
85
86		/**
87		* post发送数据.
88		*
89		* @author Tian
90		*
91		* @date 2015-12-08
92		*
93		* @param string $node 接口节点
94		* @param array $data 需要发送的数据
95		* @param bool $jsonEncode 是否转换为jsons数据
96		*
97		* @return bool\|array 接口返回的结果
98		*/
99	View Code Duplication	final protected function _post($node, array $data, $jsonEncode = true)
		0 ignored issues – show Duplication introduced 2017-08-29 08:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
100		{
101		if (!is_array($data)) {
102		$this->setError('参数必须为一个数组');
103
104		return false;
105		}
106
107		$module = $this->module;
108		$apitype = $this->apitype;
109
110		if ($this->module != $this->className) {
111		$this->module = $this->className;
112		}
113
114		return Api::_post($module, $node, $data, $jsonEncode, $apitype);
115		}
116
117		/**
118		* 设置错误信息.
119		*
120		* @author Tian
121		*
122		* @date 2015-12-08
123		*
124		* @param string $error 错误信息
125		*/
126		final protected function setError($error)
127		{
128		Api::setError($error);
129		}
130
131		/**
132		* 返回错误信息.
133		*
134		* @author Tian
135		*
136		* @date 2015-12-08
137		*
138		* @return string
139		*/
140		final public function getError()
141		{
142		return Api::getError();
143		}
144
145		/**
146		* 获取api原始返回值
147		*
148		* @return string
149		*/
150		final public function getApiData()
151		{
152		return Api::getApiData();
153		}
154
155		/**
156		* 缓存方法
157		*
158		* @param string $name 缓存名
159		* @param string $value 缓存值如果不输入值则根据缓存名返回缓存值.
160		* @param int $expires 缓存过期时间默认0 即永不超时. 单位秒
161		*
162		* @return bool\|null\|string
163		*/
164		final public function cache($name, $value = '', $expires = 0)
165		{
166		return Api::cache($name, $value, $expires);
167		}
168
169		/**
170		* 设置post操作的get参数.
171		*
172		* @param $name
173		* @param $value
174		*/
175		final public function setPostQueryStr($name, $value)
176		{
177		Api::setPostQueryStr($name, $value);
178		}
179		}
180

tianye / WechatMpSDK

Issues (233)

Security Analysis not enabled

src/API/BaseApi.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like