Issues in DoctrineProvider.php (master) - Issues in master - uecode/qpush-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (34)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Provider/DoctrineProvider.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Copyright Talisman Innovations Ltd. (2016). All rights reserved
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * @package     qpush-bundle
 * @copyright   Talisman Innovations Ltd. (2016)
 * @license     Apache License, Version 2.0
 */

namespace Uecode\Bundle\QPushBundle\Provider;

use Doctrine\Common\Cache\Cache;
use Monolog\Logger;
use Uecode\Bundle\QPushBundle\Message\Message;
use Uecode\Bundle\QPushBundle\Entity\DoctrineMessage;

class DoctrineProvider extends AbstractProvider
{

    const DEFAULT_PERIOD = 300;

    protected $em;
    protected $repository;
    protected static $entityName = 'Uecode\Bundle\QPushBundle\Entity\DoctrineMessage';

    /**
     * Constructor for Provider classes
     *
     * @param string $name    Name of the Queue the provider is for
     * @param array  $options An array of configuration options for the Queue
     * @param mixed  $client  A Queue Client for the provider
     * @param Cache  $cache   An instance of Doctrine\Common\Cache\Cache
     * @param Logger $logger  An instance of Symfony\Bridge\Mongolog\Logger
     */
    public function __construct($name, array $options, $client, Cache $cache, Logger $logger)
    {
        $this->name = $name;
        $this->options = $options;
        $this->cache = $cache;
        $this->logger = $logger;
        $this->em = $client;
        $this->repository = $this->em->getRepository(self::$entityName);
    }

    /**
     * Returns the name of the Queue that this Provider is for
     *
     * @return string
     */
    public function getName()
    {
        return $this->name;
    }

    /**
     * Returns the Queue Provider name
     *
     * @return string
     */
    public function getProvider()
    {
        return 'Doctrine';
    }

    /**
     * Returns the Provider's Configuration Options
     *
     * @return array
     */
    public function getOptions()
    {
        return $this->options;
    }

    /**
     * Returns the Cache service
     *
     * @return Cache
     */
    public function getCache()
    {
        return $this->cache;
    }

    /**
     * Returns the Logger service
     *
     * @return Logger
     */
    public function getLogger()
    {
        return $this->logger;
    }

    /**
     * Get repository
     * 
     * @return array
     */
    public function getRepository()
    {
        if (!$this->repository) {
            return;
        }

        return $this->repository;
    }

    /**
     * Creates the Queue
     * Checks to see if the underlying table has been created or not
     * 
     * @return bool
     */
    public function create()
    {
        $sm = $this->em->getConnection()->getSchemaManager();
        $table = $this->em->getClassMetadata(self::$entityName)->getTableName();

        return $sm->tablesExist(array($table));
    }

    /**
     * Publishes a message to the Queue
     *
     * This method should return a string MessageId or Response
     *
     * @param array $message The message to queue
     * @param array $options An array of options that override the queue defaults
     *
     * @return string
     */
    public function publish(array $message, array $options = [])
    {
        if (!$this->em) {
            return '';
        }

        $doctrineMessage = new DoctrineMessage();
        $doctrineMessage->setQueue($this->name)
                ->setDelivered(false)
                ->setMessage($message)
                ->setLength(strlen(serialize($message)));

        $this->em->persist($doctrineMessage);
        $this->em->flush();

        return (string) $doctrineMessage->getId();
    }

    /**
     * Polls the Queue for Messages
     *
     * Depending on the Provider, this method may keep the connection open for
     * a configurable amount of time, to allow for long polling.  In most cases,
     * this method is not meant to be used to long poll indefinitely, but should
     * return in reasonable amount of time
     *
     * @param  array $options An array of options that override the queue defaults
     *
     * @return array
     */
    public function receive(array $options = [])
    {
        if (!$this->em) {
            return [];
        }

        $doctrineMessages = $this->repository->findBy(
                array('delivered' => false, 'queue' => $this->name), array('id' => 'ASC')
        );

        $messages = [];
        foreach ($doctrineMessages as $doctrineMessage) {
            $messages[] = new Message($doctrineMessage->getId(), $doctrineMessage->getMessage(), []);
            $doctrineMessage->setDelivered(true);
        }
        $this->em->flush();

        return $messages;
    }

    /**
     * Deletes the Queue Message
     *
     * @param mixed $id A message identifier or resource
     */
    public function delete($id)
    {
        $doctrineMessage = $this->repository->findById($id);
        $doctrineMessage->setDelivered(true);
        $this->em->flush();

        return true;
    }

    /**
     * Destroys a Queue and clears any Queue related Cache
     *
     * @return bool
     */
    public function destroy()
    {
        $qb = $this->repository->createQueryBuilder('dm');
        $qb->delete();
        $qb->where('dm.queue = :queue');
        $qb->setParameter('queue', $this->name);
        $qb->getQuery()->execute();

        return true;
    }

    /**
     * Returns a specific message
     * 
     * @param integer $id
     * 
     * @return Message
     */
    public function getById($id)
    {
        return $this->repository->find($id);
    }

    /**
     * Returns a query of the message queue
     * 
     * @param array $data ['field'=>'id', 'search'=>'text', 'to'=>date, from=>date]
     * @return Query
     * 
     */
    public function findBy($data)
    {
        $qb = $this->repository->createQueryBuilder('p');
        $qb->select('p');
        $qb->where('p.queue = :queue');
        $qb->setParameter('queue', $this->name);

        $field = (isset($data['field'])) ? $data['field'] : 'message';

        if (isset($data['search']) && $data['search'] !== null) {
            $qb->andWhere('p.' . $field . ' LIKE :contains');
            $qb->setParameter('contains', '%' . $data['search'] . '%');
        }

        if (isset($data['from']) && $data['from'] !== null && isset($data['to']) && $data['to'] !== null) {
            $qb->andWhere('p.created BETWEEN :from AND :to');
            $qb->setParameter('from', $data['from']);
            $qb->setParameter('to', $data['to']);
        } 

        return $qb->getQuery();
    }

    /*
     * Returns an array of times and messgae counts
     * @praram $data ['from' => date, 'to' => date, 'period' => seconds
     * @return ['time', 'count']
     */


    public function counts($data=null)
    {
        if (isset($data['period']) && $data['period'] !== null) {
            $period = $data['period'];
        } else {
            $period = self::DEFAULT_PERIOD;
        }
        $sql = 'SELECT from_unixtime(floor(unix_timestamp(created)/'
                . $period . ') * ' . $period . ') as time, 
            count(*) as count 
            FROM uecode_qpush_message
            where queue = "' . $this->name . '"';
        if (isset($data['from']) && $data['from'] !== null) {

            $sql = $sql . ' and created >= "' . $data['from'] . '"';
        }
        if (isset($data['to']) && $data['to'] !== null) {

            $sql = $sql . ' and created <= "' . $data['to'] . '"';
        }
        $sql = $sql . ' group by floor(unix_timestamp(created)/' . $period . ')';
        $sql = $sql . ' order by floor(unix_timestamp(created)/' . $period . ') ASC';
        $statement = $this->em->getConnection()->prepare($sql);
        $statement->execute();
        $results = $statement->fetchAll();
        
        return $results;
    }

}


1		<?php
2
3		/**
4		* Copyright Talisman Innovations Ltd. (2016). All rights reserved
5		*
6		* Licensed under the Apache License, Version 2.0 (the "License");
7		* you may not use this file except in compliance with the License.
8		* You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing, software
13		* distributed under the License is distributed on an "AS IS" BASIS,
14		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15		* See the License for the specific language governing permissions and
16		* limitations under the License.
17		*
18		* @package qpush-bundle
19		* @copyright Talisman Innovations Ltd. (2016)
20		* @license Apache License, Version 2.0
21		*/
22
23		namespace Uecode\Bundle\QPushBundle\Provider;
24
25		use Doctrine\Common\Cache\Cache;
26		use Monolog\Logger;
27		use Uecode\Bundle\QPushBundle\Message\Message;
28		use Uecode\Bundle\QPushBundle\Entity\DoctrineMessage;
29
30		class DoctrineProvider extends AbstractProvider
31		{
32
33		const DEFAULT_PERIOD = 300;
34
35		protected $em;
36		protected $repository;
37		protected static $entityName = 'Uecode\Bundle\QPushBundle\Entity\DoctrineMessage';
38
39		/**
40		* Constructor for Provider classes
41		*
42		* @param string $name Name of the Queue the provider is for
43		* @param array $options An array of configuration options for the Queue
44		* @param mixed $client A Queue Client for the provider
45		* @param Cache $cache An instance of Doctrine\Common\Cache\Cache
46		* @param Logger $logger An instance of Symfony\Bridge\Mongolog\Logger
47		*/
48		public function __construct($name, array $options, $client, Cache $cache, Logger $logger)
49		{
50		$this->name = $name;
51		$this->options = $options;
52		$this->cache = $cache;
53		$this->logger = $logger;
54		$this->em = $client;
55		$this->repository = $this->em->getRepository(self::$entityName);
56		}
57
58		/**
59		* Returns the name of the Queue that this Provider is for
60		*
61		* @return string
62		*/
63		public function getName()
64		{
65		return $this->name;
66		}
67
68		/**
69		* Returns the Queue Provider name
70		*
71		* @return string
72		*/
73		public function getProvider()
74		{
75		return 'Doctrine';
76		}
77
78		/**
79		* Returns the Provider's Configuration Options
80		*
81		* @return array
82		*/
83		public function getOptions()
84		{
85		return $this->options;
86		}
87
88		/**
89		* Returns the Cache service
90		*
91		* @return Cache
92		*/
93		public function getCache()
94		{
95		return $this->cache;
96		}
97
98		/**
99		* Returns the Logger service
100		*
101		* @return Logger
102		*/
103		public function getLogger()
104		{
105		return $this->logger;
106		}
107
108		/**
109		* Get repository
110		*
111		* @return array
112		*/
113		public function getRepository()
114		{
115		if (!$this->repository) {
116		return;
117		}
118
119		return $this->repository;
120		}
121
122		/**
123		* Creates the Queue
124		* Checks to see if the underlying table has been created or not
125		*
126		* @return bool
127		*/
128		public function create()
129		{
130		$sm = $this->em->getConnection()->getSchemaManager();
131		$table = $this->em->getClassMetadata(self::$entityName)->getTableName();
132
133		return $sm->tablesExist(array($table));
134		}
135
136		/**
137		* Publishes a message to the Queue
138		*
139		* This method should return a string MessageId or Response
140		*
141		* @param array $message The message to queue
142		* @param array $options An array of options that override the queue defaults
143		*
144		* @return string
145		*/
146		public function publish(array $message, array $options = [])
147		{
148		if (!$this->em) {
149		return '';
150		}
151
152		$doctrineMessage = new DoctrineMessage();
153		$doctrineMessage->setQueue($this->name)
154		->setDelivered(false)
155		->setMessage($message)
156		->setLength(strlen(serialize($message)));
157
158		$this->em->persist($doctrineMessage);
159		$this->em->flush();
160
161		return (string) $doctrineMessage->getId();
162		}
163
164		/**
165		* Polls the Queue for Messages
166		*
167		* Depending on the Provider, this method may keep the connection open for
168		* a configurable amount of time, to allow for long polling. In most cases,
169		* this method is not meant to be used to long poll indefinitely, but should
170		* return in reasonable amount of time
171		*
172		* @param array $options An array of options that override the queue defaults
173		*
174		* @return array
175		*/
176		public function receive(array $options = [])
177		{
178		if (!$this->em) {
179		return [];
180		}
181
182		$doctrineMessages = $this->repository->findBy(
183		array('delivered' => false, 'queue' => $this->name), array('id' => 'ASC')
184		);
185
186		$messages = [];
187		foreach ($doctrineMessages as $doctrineMessage) {
188		$messages[] = new Message($doctrineMessage->getId(), $doctrineMessage->getMessage(), []);
189		$doctrineMessage->setDelivered(true);
190		}
191		$this->em->flush();
192
193		return $messages;
194		}
195
196		/**
197		* Deletes the Queue Message
198		*
199		* @param mixed $id A message identifier or resource
200		*/
201		public function delete($id)
202		{
203		$doctrineMessage = $this->repository->findById($id);
204		$doctrineMessage->setDelivered(true);
205		$this->em->flush();
206
207		return true;
208		}
209
210		/**
211		* Destroys a Queue and clears any Queue related Cache
212		*
213		* @return bool
214		*/
215		public function destroy()
216		{
217		$qb = $this->repository->createQueryBuilder('dm');
218		$qb->delete();
219		$qb->where('dm.queue = :queue');
220		$qb->setParameter('queue', $this->name);
221		$qb->getQuery()->execute();
222
223		return true;
224		}
225
226		/**
227		* Returns a specific message
228		*
229		* @param integer $id
230		*
231		* @return Message
232		*/
233		public function getById($id)
234		{
235		return $this->repository->find($id);
236		}
237
238		/**
239		* Returns a query of the message queue
240		*
241		* @param array $data ['field'=>'id', 'search'=>'text', 'to'=>date, from=>date]
242		* @return Query
243		*
244		*/
245		public function findBy($data)
246		{
247		$qb = $this->repository->createQueryBuilder('p');
248		$qb->select('p');
249		$qb->where('p.queue = :queue');
250		$qb->setParameter('queue', $this->name);
251
252		$field = (isset($data['field'])) ? $data['field'] : 'message';
253
254		if (isset($data['search']) && $data['search'] !== null) {
255		$qb->andWhere('p.' . $field . ' LIKE :contains');
256		$qb->setParameter('contains', '%' . $data['search'] . '%');
257		}
258
259		if (isset($data['from']) && $data['from'] !== null && isset($data['to']) && $data['to'] !== null) {
260		$qb->andWhere('p.created BETWEEN :from AND :to');
261		$qb->setParameter('from', $data['from']);
262		$qb->setParameter('to', $data['to']);
263		}
264
265		return $qb->getQuery();
266		}
267
268		/*
269		* Returns an array of times and messgae counts
270		* @praram $data ['from' => date, 'to' => date, 'period' => seconds
271		* @return ['time', 'count']
272		*/
		0 ignored issues – show Documentation introduced 2016-11-16 15:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `'time',">['time',` could not be parsed: Unknown type name "[" at position 0. [(view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
273
274		public function counts($data=null)
275		{
276		if (isset($data['period']) && $data['period'] !== null) {
277		$period = $data['period'];
278		} else {
279		$period = self::DEFAULT_PERIOD;
280		}
281		$sql = 'SELECT from_unixtime(floor(unix_timestamp(created)/'
282		. $period . ') * ' . $period . ') as time,
283		count(*) as count
284		FROM uecode_qpush_message
285		where queue = "' . $this->name . '"';
286	View Code Duplication	if (isset($data['from']) && $data['from'] !== null) {
		0 ignored issues – show Duplication introduced 2016-09-14 11:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
287		$sql = $sql . ' and created >= "' . $data['from'] . '"';
288		}
289	View Code Duplication	if (isset($data['to']) && $data['to'] !== null) {
		0 ignored issues – show Duplication introduced 2016-09-14 11:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
290		$sql = $sql . ' and created <= "' . $data['to'] . '"';
291		}
292		$sql = $sql . ' group by floor(unix_timestamp(created)/' . $period . ')';
293		$sql = $sql . ' order by floor(unix_timestamp(created)/' . $period . ') ASC';
294		$statement = $this->em->getConnection()->prepare($sql);
295		$statement->execute();
296		$results = $statement->fetchAll();
297
298		return $results;
299		}
300
301		}
302

uecode / qpush-bundle

Issues (34)

Security Analysis not enabled

src/Provider/DoctrineProvider.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like