Issues in Stream.php (master) - Issues in master - twistofreality/dilmun - Measure and Improve Code Quality continuously with Scrutinizer

Issues (65)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Anshar/Http/Stream.php (25 issues)

Labels

Severity

Informational 25

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Subreality\Dilmun\Anshar\Http;

use Psr\Http\Message\StreamInterface;

/**
 * Class Stream
 * @package Subreality\Dilmun\Anshar\Http
 */
class Stream implements StreamInterface
{
    public function __construct($resource)
    {
        if (!is_resource($resource)) {
            throw new \InvalidArgumentException("Stream must be created with a resource");
        }
    }

    /**
     * Reads all data from the stream into a string, from the beginning to end.
     *
     * This method MUST attempt to seek to the beginning of the stream before
     * reading data and read the stream until the end is reached.
     *
     * Warning: This could attempt to load a large amount of data into memory.
     *
     * This method MUST NOT raise an exception in order to conform with PHP's
     * string casting operations.
     *
     * @see http://php.net/manual/en/language.oop5.magic.php#object.tostring
     * @return string

     */
    public function __toString()
    {
        // TODO: Implement __toString() method.

    }

    /**
     * Closes the stream and any underlying resources.
     *
     * @return void
     */
    public function close()
    {
        // TODO: Implement close() method.

    }

    /**
     * Separates any underlying resources from the stream.
     *
     * After the stream has been detached, the stream is in an unusable state.
     *
     * @return resource|null Underlying PHP stream, if any
     */
    public function detach()
    {
        // TODO: Implement detach() method.

    }

    /**
     * Get the size of the stream if known.
     *
     * @return int|null Returns the size in bytes if known, or null if unknown.
     */
    public function getSize()
    {
        // TODO: Implement getSize() method.

    }

    /**
     * Returns the current position of the file read/write pointer
     *
     * @return int Position of the file pointer

     * @throws \RuntimeException on error.
     */
    public function tell()
    {
        // TODO: Implement tell() method.

    }

    /**
     * Returns true if the stream is at the end of the stream.
     *
     * @return bool

     */
    public function eof()
    {
        // TODO: Implement eof() method.

    }

    /**
     * Returns whether or not the stream is seekable.
     *
     * @return bool

     */
    public function isSeekable()
    {
        // TODO: Implement isSeekable() method.

    }

    /**
     * Seek to a position in the stream.
     *
     * @link http://www.php.net/manual/en/function.fseek.php
     * @param int $offset Stream offset
     * @param int $whence Specifies how the cursor position will be calculated
     *     based on the seek offset. Valid values are identical to the built-in
     *     PHP $whence values for `fseek()`.  SEEK_SET: Set position equal to
     *     offset bytes SEEK_CUR: Set position to current location plus offset
     *     SEEK_END: Set position to end-of-stream plus offset.
     * @throws \RuntimeException on failure.
     */
    public function seek($offset, $whence = SEEK_SET)
    {
        // TODO: Implement seek() method.

    }

    /**
     * Seek to the beginning of the stream.
     *
     * If the stream is not seekable, this method will raise an exception;
     * otherwise, it will perform a seek(0).
     *
     * @see seek()
     * @link http://www.php.net/manual/en/function.fseek.php
     * @throws \RuntimeException on failure.
     */
    public function rewind()
    {
        // TODO: Implement rewind() method.

    }

    /**
     * Returns whether or not the stream is writable.
     *
     * @return bool

     */
    public function isWritable()
    {
        // TODO: Implement isWritable() method.

    }

    /**
     * Write data to the stream.
     *
     * @param string $string The string that is to be written.
     * @return int Returns the number of bytes written to the stream.

     * @throws \RuntimeException on failure.
     */
    public function write($string)
    {
        // TODO: Implement write() method.

    }

    /**
     * Returns whether or not the stream is readable.
     *
     * @return bool

     */
    public function isReadable()
    {
        // TODO: Implement isReadable() method.

    }

    /**
     * Read data from the stream.
     *
     * @param int $length Read up to $length bytes from the object and return
     *     them. Fewer than $length bytes may be returned if underlying stream
     *     call returns fewer bytes.
     * @return string Returns the data read from the stream, or an empty string

     *     if no bytes are available.
     * @throws \RuntimeException if an error occurs.
     */
    public function read($length)
    {
        // TODO: Implement read() method.

    }

    /**
     * Returns the remaining contents in a string
     *
     * @return string

     * @throws \RuntimeException if unable to read or an error occurs while
     *     reading.
     */
    public function getContents()
    {
        // TODO: Implement getContents() method.

    }

    /**
     * Get stream metadata as an associative array or retrieve a specific key.
     *
     * The keys returned are identical to the keys returned from PHP's
     * stream_get_meta_data() function.
     *
     * @link http://php.net/manual/en/function.stream-get-meta-data.php
     * @param string $key Specific metadata to retrieve.

     * @return array|mixed|null Returns an associative array if no key is
     *     provided. Returns a specific key value if a key is provided and the
     *     value is found, or null if the key is not found.
     */
    public function getMetadata($key = null)
    {
        // TODO: Implement getMetadata() method.

    }
}


1		<?php
2		namespace Subreality\Dilmun\Anshar\Http;
3
4		use Psr\Http\Message\StreamInterface;
5
6		/**
7		* Class Stream
8		* @package Subreality\Dilmun\Anshar\Http
9		*/
10		class Stream implements StreamInterface
11		{
12	1	public function __construct($resource)
13		{
14	1	if (!is_resource($resource)) {
15	1	throw new \InvalidArgumentException("Stream must be created with a resource");
16		}
17		}
18
19		/**
20		* Reads all data from the stream into a string, from the beginning to end.
21		*
22		* This method MUST attempt to seek to the beginning of the stream before
23		* reading data and read the stream until the end is reached.
24		*
25		* Warning: This could attempt to load a large amount of data into memory.
26		*
27		* This method MUST NOT raise an exception in order to conform with PHP's
28		* string casting operations.
29		*
30		* @see http://php.net/manual/en/language.oop5.magic.php#object.tostring
31		* @return string
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `string\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
32		*/
33		public function __toString()
34		{
35		// TODO: Implement __toString() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
36		}
37
38		/**
39		* Closes the stream and any underlying resources.
40		*
41		* @return void
42		*/
43		public function close()
44		{
45		// TODO: Implement close() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
46		}
47
48		/**
49		* Separates any underlying resources from the stream.
50		*
51		* After the stream has been detached, the stream is in an unusable state.
52		*
53		* @return resource\|null Underlying PHP stream, if any
54		*/
55		public function detach()
56		{
57		// TODO: Implement detach() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
58		}
59
60		/**
61		* Get the size of the stream if known.
62		*
63		* @return int\|null Returns the size in bytes if known, or null if unknown.
64		*/
65		public function getSize()
66		{
67		// TODO: Implement getSize() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
68		}
69
70		/**
71		* Returns the current position of the file read/write pointer
72		*
73		* @return int Position of the file pointer
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `integer\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
74		* @throws \RuntimeException on error.
75		*/
76		public function tell()
77		{
78		// TODO: Implement tell() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
79		}
80
81		/**
82		* Returns true if the stream is at the end of the stream.
83		*
84		* @return bool
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `boolean\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
85		*/
86		public function eof()
87		{
88		// TODO: Implement eof() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
89		}
90
91		/**
92		* Returns whether or not the stream is seekable.
93		*
94		* @return bool
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `boolean\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
95		*/
96		public function isSeekable()
97		{
98		// TODO: Implement isSeekable() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
99		}
100
101		/**
102		* Seek to a position in the stream.
103		*
104		* @link http://www.php.net/manual/en/function.fseek.php
105		* @param int $offset Stream offset
106		* @param int $whence Specifies how the cursor position will be calculated
107		* based on the seek offset. Valid values are identical to the built-in
108		* PHP $whence values for `fseek()`. SEEK_SET: Set position equal to
109		* offset bytes SEEK_CUR: Set position to current location plus offset
110		* SEEK_END: Set position to end-of-stream plus offset.
111		* @throws \RuntimeException on failure.
112		*/
113		public function seek($offset, $whence = SEEK_SET)
114		{
115		// TODO: Implement seek() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
116		}
117
118		/**
119		* Seek to the beginning of the stream.
120		*
121		* If the stream is not seekable, this method will raise an exception;
122		* otherwise, it will perform a seek(0).
123		*
124		* @see seek()
125		* @link http://www.php.net/manual/en/function.fseek.php
126		* @throws \RuntimeException on failure.
127		*/
128		public function rewind()
129		{
130		// TODO: Implement rewind() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
131		}
132
133		/**
134		* Returns whether or not the stream is writable.
135		*
136		* @return bool
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `boolean\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
137		*/
138		public function isWritable()
139		{
140		// TODO: Implement isWritable() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
141		}
142
143		/**
144		* Write data to the stream.
145		*
146		* @param string $string The string that is to be written.
147		* @return int Returns the number of bytes written to the stream.
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `integer\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
148		* @throws \RuntimeException on failure.
149		*/
150		public function write($string)
151		{
152		// TODO: Implement write() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
153		}
154
155		/**
156		* Returns whether or not the stream is readable.
157		*
158		* @return bool
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `boolean\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
159		*/
160		public function isReadable()
161		{
162		// TODO: Implement isReadable() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
163		}
164
165		/**
166		* Read data from the stream.
167		*
168		* @param int $length Read up to $length bytes from the object and return
169		* them. Fewer than $length bytes may be returned if underlying stream
170		* call returns fewer bytes.
171		* @return string Returns the data read from the stream, or an empty string
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `string\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
172		* if no bytes are available.
173		* @throws \RuntimeException if an error occurs.
174		*/
175		public function read($length)
176		{
177		// TODO: Implement read() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
178		}
179
180		/**
181		* Returns the remaining contents in a string
182		*
183		* @return string
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `string\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
184		* @throws \RuntimeException if unable to read or an error occurs while
185		* reading.
186		*/
187		public function getContents()
188		{
189		// TODO: Implement getContents() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
190		}
191
192		/**
193		* Get stream metadata as an associative array or retrieve a specific key.
194		*
195		* The keys returned are identical to the keys returned from PHP's
196		* stream_get_meta_data() function.
197		*
198		* @link http://php.net/manual/en/function.stream-get-meta-data.php
199		* @param string $key Specific metadata to retrieve.
		0 ignored issues – show Documentation introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$key` not be `string\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
200		* @return array\|mixed\|null Returns an associative array if no key is
201		* provided. Returns a specific key value if a key is provided and the
202		* value is found, or null if the key is not found.
203		*/
204		public function getMetadata($key = null)
205		{
206		// TODO: Implement getMetadata() method.
		0 ignored issues – show Coding Style Best Practice introduced 2017-03-29 01:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
207		}
208		}
209

twistofreality / dilmun

Issues (65)

Security Analysis no request data

src/Anshar/Http/Stream.php (25 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like