Issues in ReplyProducingMessageHandler.php (v1.ns) - Issues in v1.ns - tidal/PEIP - Measure and Improve Code Quality continuously with Scrutinizer

Issues (150)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/ABS/Handler/ReplyProducingMessageHandler.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace PEIP\ABS\Handler;

/*
 * This file is part of the PEIP package.
 * (c) 2009-2016 Timo Michna <timomichna/yahoo.de>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

/*
 * PEIP\ABS\Handler\ReplyProducingMessageHandler
 * Base class for all message handlers that can reply to a message
 * on an output-channel.
 *
 * @author Timo Michna <timomichna/yahoo.de>
 * @package PEIP
 * @subpackage handler
 * @extends \PEIP\ABS\Handler\MessageHandler
 * @implements \PEIP\INF\Handler\Handler, \PEIP\INF\Message\MessageBuilder
 */

use PEIP\Message\MessageBuilder;

abstract class ReplyProducingMessageHandler extends \PEIP\ABS\Handler\MessageHandler
{
    protected $outputChannel,
        $messageClass = '\PEIP\Message\GenericMessage',
        $replyChannelHeaders = ['REPLY_CHANNEL'];

    /**
     * Sets the output-channel for the message handler.
     * Delegates connecting of input-channel to protected method 'doSetOutputChannel',
     * which can be overwritten by extending classes.
     *
     * @see \PEIP\ABS\Handler\MessageHandler::doSetOutputChannel
     *
     * @param \PEIP\INF\Channel\Channel $outputChannel the output-channel
     *
     * @return \PEIP\ABS\Handler\MessageHandler $this;
     */
    public function setOutputChannel(\PEIP\INF\Channel\Channel $outputChannel)
    {
        $this->doSetOutputChannel($outputChannel);

        return $this;
    }

    /**
     * Connects the handler to the output-channel.
     *
     * @param \PEIP\INF\Channel\Channel $outputChannel the output-channel to connect the handler to
     *
     * @return
     */
    protected function doSetOutputChannel(\PEIP\INF\Channel\Channel $outputChannel)
    {
        $this->outputChannel = $outputChannel;
    }

    /**
     * Returns the output-channel for this handler.
     *
     * @return \PEIP\INF\Channel\Channel output-channel for this handler
     */
    public function getOutputChannel()
    {
        return $this->outputChannel;
    }

    /**
     * Resolves the output-channel for a message.
     * Returns default output-channel if no reply-channel is found in
     * the message headers.
     *
     * @see PEIP\ABS\Handler\ReplyProducingMessageHandler::resolveReplyChannel
     *
     * @param \PEIP\INF\Message\Message $message the message to resolve output-channel for
     *
     * @return \PEIP\INF\Channel\Channel the output-channel for the message
     */
    protected function doGetOutputChannel(\PEIP\INF\Message\Message $message)
    {
        $replyChannel = $this->resolveReplyChannel($message);

        return $replyChannel ? $replyChannel : $this->getOutputChannel();
    }

    /**
     * Resolves a reply-channel for a message.
     * Looks for a reply-channel header in the message (default: 'REPLY_CHANNEL')
     * and returns it�s value, if found.
     *
     * @param \PEIP\INF\Message\Message $message
     *
     * @return \PEIP\INF\Channel\Channel the reply-channel if found
     */
    protected function resolveReplyChannel(\PEIP\INF\Message\Message $message)
    {
        foreach ($this->replyChannelHeaders as $header) {
            if ($message->hasHeader($header)) {
                return $message->getHeader($header);
            }
        }
    }

    /**
     * Sends a reply-message on a appropriate channel.
     * Argument $content can be either a message (\PEIP\INF\Message\Message) or
     * the content/payload to create a new message for.
     *
     * @see PEIP\ABS\Handler\ReplyProducingMessageHandler::ensureMessage
     * @see PEIP\ABS\Handler\ReplyProducingMessageHandler::doGetOutputChannel
     *
     * @param mixed $content \PEIP\INF\Message\Message or content/payload for new message
     */
    protected function replyMessage($content)
    {
        $message = $this->ensureMessage($content);
        $this->doGetOutputChannel($message)->send($message);
    }

    /**
     * Ensures to return a valid \PEIP\INF\Message\Message instance.
     * If argument $message is not instance of \PEIP\INF\Message\Message, creates
     * a new message with $message as content/payload.
     *
     * @param mixed $message \PEIP\INF\Message\Message or content/payload for new message
     *
     * @return \PEIP\INF\Message\Message
     */
    protected function ensureMessage($message)
    {
        return ($message instanceof \PEIP\INF\Message\Message) ? $message : $this->buildMessage($message);
    }

    /**
     * Creates a new message instance with given content as content/payload.
     * Delegates creation of message to instance of MessageBuilder.
     *
     * @param mixed $content content/payload for the message
     *
     * @return \PEIP\INF\Message\Message
     *
     * @see MessageBuilder
     */
    protected function buildMessage($content)
    {
        return $this->getMessageBuilder()->setContent($content)->build();
    }

    /**
     * Returns the a instance of MessageBuilder for the registered message class
     * to create reply-messages from.
     *
     * @return MessageBuilder builder for the registered message class
     */
    protected function getMessageBuilder()
    {
        return isset($this->messageBuilder) && ($this->messageBuilder->getMessageClass() == $this->getMessageClass())
class MyClass { }

$x = new MyClass();
$x->foo = true;
            ? $this->messageBuilder
            : $this->messageBuilder = MessageBuilder::getInstance($this->messageClass);
    }

    /**
     * Sets the message-class to create reply-messages from.
     *
     * @param string $messageClass name of the message-class to create reply-messages from.
     *
     * @return ReplyProducingMessageHandler $this
     */
    public function setMessageClass($messageClass)
    {
        $this->messageClass = $messageClass;

        return $this;
    }

    /**
     * Returns the message-class to create reply-messages from.
     *
     * @return string name of the message-class to create reply-messages from.
     */
    public function getMessageClass()
    {
        return $this->messageClass;
    }

    /**
     * Adds the name of a message-header to look for a reply-channel.
     *
     * @param string $headerName name of a message-header to look for a reply-channel
     *
     * @return void
     */
    public function addReplyChannelHeader($headerName)
    {
        $this->replyChannelHeaders[] = $headerName;
    }

    /**
     * Sets all message-header names to look for a reply-channel.
     *
     * @param array $headerNames array of message-header names to look for a reply-channel
     *
     * @return ReplyProducingMessageHandler $this
     */
    public function setReplyChannelHeaders(array $headerNames)
    {
        $this->replyChannelHeaders = $headerNames;

        return $this;
    }

    /**
     * Returns all message-header names to look for a reply-channel.
     *
     * @return array array of message-header names to look for a reply-channel
     */
    public function getReplyChannelHeaders()
    {
        return $this->replyChannelHeaders;
    }

    /**
     * Does the message handling logic for the handler.
     * Implements abstract method of \PEIP\ABS\Handler\MessageHandler.
     * Delegates the handling of the message to abstract 'doReply'
     * method which must be implemented by extending classes.
     *
     * @param \PEIP\INF\Message\Message $message
     *
     * @return
     */
    protected function doHandle(\PEIP\INF\Message\Message $message)
    {
        return $this->doReply($message);
    }

    /**
     * Does the message replying logic for the handler.
     * Must be implemented by extending classes.
     *
     * @abstract
     *
     * @param \PEIP\INF\Message\Message $message the message to reply with
     */
    abstract protected function doReply(\PEIP\INF\Message\Message $message);
}


1			<?php
2
3			namespace PEIP\ABS\Handler;
4
5			/*
6			* This file is part of the PEIP package.
7			* (c) 2009-2016 Timo Michna <timomichna/yahoo.de>
8			*
9			* For the full copyright and license information, please view the LICENSE
10			* file that was distributed with this source code.
11			*/
12
13			/*
14			* PEIP\ABS\Handler\ReplyProducingMessageHandler
15			* Base class for all message handlers that can reply to a message
16			* on an output-channel.
17			*
18			* @author Timo Michna <timomichna/yahoo.de>
19			* @package PEIP
20			* @subpackage handler
21			* @extends \PEIP\ABS\Handler\MessageHandler
22			* @implements \PEIP\INF\Handler\Handler, \PEIP\INF\Message\MessageBuilder
23			*/
24
25			use PEIP\Message\MessageBuilder;
26
27			abstract class ReplyProducingMessageHandler extends \PEIP\ABS\Handler\MessageHandler
28			{
29			protected $outputChannel,
30			$messageClass = '\PEIP\Message\GenericMessage',
31			$replyChannelHeaders = ['REPLY_CHANNEL'];
32
33			/**
34			* Sets the output-channel for the message handler.
35			* Delegates connecting of input-channel to protected method 'doSetOutputChannel',
36			* which can be overwritten by extending classes.
37			*
38			* @see \PEIP\ABS\Handler\MessageHandler::doSetOutputChannel
39			*
40			* @param \PEIP\INF\Channel\Channel $outputChannel the output-channel
41			*
42			* @return \PEIP\ABS\Handler\MessageHandler $this;
43			*/
44			public function setOutputChannel(\PEIP\INF\Channel\Channel $outputChannel)
45			{
46			$this->doSetOutputChannel($outputChannel);
47
48			return $this;
49			}
50
51			/**
52			* Connects the handler to the output-channel.
53			*
54			* @param \PEIP\INF\Channel\Channel $outputChannel the output-channel to connect the handler to
55			*
56			* @return
57			*/
58			protected function doSetOutputChannel(\PEIP\INF\Channel\Channel $outputChannel)
59			{
60			$this->outputChannel = $outputChannel;
61			}
62
63			/**
64			* Returns the output-channel for this handler.
65			*
66			* @return \PEIP\INF\Channel\Channel output-channel for this handler
67			*/
68			public function getOutputChannel()
69			{
70			return $this->outputChannel;
71			}
72
73			/**
74			* Resolves the output-channel for a message.
75			* Returns default output-channel if no reply-channel is found in
76			* the message headers.
77			*
78			* @see PEIP\ABS\Handler\ReplyProducingMessageHandler::resolveReplyChannel
79			*
80			* @param \PEIP\INF\Message\Message $message the message to resolve output-channel for
81			*
82			* @return \PEIP\INF\Channel\Channel the output-channel for the message
83			*/
84			protected function doGetOutputChannel(\PEIP\INF\Message\Message $message)
85			{
86			$replyChannel = $this->resolveReplyChannel($message);
87
88			return $replyChannel ? $replyChannel : $this->getOutputChannel();
89			}
90
91			/**
92			* Resolves a reply-channel for a message.
93			* Looks for a reply-channel header in the message (default: 'REPLY_CHANNEL')
94			* and returns it�s value, if found.
95			*
96			* @param \PEIP\INF\Message\Message $message
97			*
98			* @return \PEIP\INF\Channel\Channel the reply-channel if found
99			*/
100			protected function resolveReplyChannel(\PEIP\INF\Message\Message $message)
101			{
102			foreach ($this->replyChannelHeaders as $header) {
103			if ($message->hasHeader($header)) {
104			return $message->getHeader($header);
105			}
106			}
107			}
108
109			/**
110			* Sends a reply-message on a appropriate channel.
111			* Argument $content can be either a message (\PEIP\INF\Message\Message) or
112			* the content/payload to create a new message for.
113			*
114			* @see PEIP\ABS\Handler\ReplyProducingMessageHandler::ensureMessage
115			* @see PEIP\ABS\Handler\ReplyProducingMessageHandler::doGetOutputChannel
116			*
117			* @param mixed $content \PEIP\INF\Message\Message or content/payload for new message
118			*/
119			protected function replyMessage($content)
120			{
121			$message = $this->ensureMessage($content);
122			$this->doGetOutputChannel($message)->send($message);
123			}
124
125			/**
126			* Ensures to return a valid \PEIP\INF\Message\Message instance.
127			* If argument $message is not instance of \PEIP\INF\Message\Message, creates
128			* a new message with $message as content/payload.
129			*
130			* @param mixed $message \PEIP\INF\Message\Message or content/payload for new message
131			*
132			* @return \PEIP\INF\Message\Message
133			*/
134			protected function ensureMessage($message)
135			{
136			return ($message instanceof \PEIP\INF\Message\Message) ? $message : $this->buildMessage($message);
137			}
138
139			/**
140			* Creates a new message instance with given content as content/payload.
141			* Delegates creation of message to instance of MessageBuilder.
142			*
143			* @param mixed $content content/payload for the message
144			*
145			* @return \PEIP\INF\Message\Message
146			*
147			* @see MessageBuilder
148			*/
149			protected function buildMessage($content)
150			{
151			return $this->getMessageBuilder()->setContent($content)->build();
152			}
153
154			/**
155			* Returns the a instance of MessageBuilder for the registered message class
156			* to create reply-messages from.
157			*
158			* @return MessageBuilder builder for the registered message class
159			*/
160			protected function getMessageBuilder()
161			{
162			return isset($this->messageBuilder) && ($this->messageBuilder->getMessageClass() == $this->getMessageClass())
			0 ignored issues – show Bug introduced 2016-06-27 00:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `messageBuilder` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
163			? $this->messageBuilder
164			: $this->messageBuilder = MessageBuilder::getInstance($this->messageClass);
165			}
166
167			/**
168			* Sets the message-class to create reply-messages from.
169			*
170			* @param string $messageClass name of the message-class to create reply-messages from.
171			*
172			* @return ReplyProducingMessageHandler $this
173			*/
174			public function setMessageClass($messageClass)
175			{
176			$this->messageClass = $messageClass;
177
178			return $this;
179			}
180
181			/**
182			* Returns the message-class to create reply-messages from.
183			*
184			* @return string name of the message-class to create reply-messages from.
185			*/
186			public function getMessageClass()
187			{
188			return $this->messageClass;
189			}
190
191			/**
192			* Adds the name of a message-header to look for a reply-channel.
193			*
194			* @param string $headerName name of a message-header to look for a reply-channel
195			*
196			* @return void
197			*/
198			public function addReplyChannelHeader($headerName)
199			{
200			$this->replyChannelHeaders[] = $headerName;
201			}
202
203			/**
204			* Sets all message-header names to look for a reply-channel.
205			*
206			* @param array $headerNames array of message-header names to look for a reply-channel
207			*
208			* @return ReplyProducingMessageHandler $this
209			*/
210			public function setReplyChannelHeaders(array $headerNames)
211			{
212			$this->replyChannelHeaders = $headerNames;
213
214			return $this;
215			}
216
217			/**
218			* Returns all message-header names to look for a reply-channel.
219			*
220			* @return array array of message-header names to look for a reply-channel
221			*/
222			public function getReplyChannelHeaders()
223			{
224			return $this->replyChannelHeaders;
225			}
226
227			/**
228			* Does the message handling logic for the handler.
229			* Implements abstract method of \PEIP\ABS\Handler\MessageHandler.
230			* Delegates the handling of the message to abstract 'doReply'
231			* method which must be implemented by extending classes.
232			*
233			* @param \PEIP\INF\Message\Message $message
234			*
235			* @return
236			*/
237			protected function doHandle(\PEIP\INF\Message\Message $message)
238			{
239			return $this->doReply($message);
240			}
241
242			/**
243			* Does the message replying logic for the handler.
244			* Must be implemented by extending classes.
245			*
246			* @abstract
247			*
248			* @param \PEIP\INF\Message\Message $message the message to reply with
249			*/
250			abstract protected function doReply(\PEIP\INF\Message\Message $message);
251			}
252

tidal / PEIP

Issues (150)

Security Analysis no request data

src/ABS/Handler/ReplyProducingMessageHandler.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like