Issues in Terminal.php (master) - Issues in master - unyx/nyx - Measure and Improve Code Quality continuously with Scrutinizer

Issues (308)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/console/Terminal.php (1 issue)

Labels

Documentation 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace nyx\console;

/**
 * Terminal
 *
 * @package     Nyx\Console
 * @version     0.1.0
 * @author      Michal Chojnacki <[email protected]>
 * @copyright   2012-2017 Nyx Dev Team
 * @link        https://github.com/unyx/nyx
 */
abstract class Terminal implements interfaces\Terminal
{
    /**
     * @var array   The Terminal's dimensions.
     */
    protected $dimensions;

    /**
     * Attempts to determine the Terminal's dimensions.
     *
     * @return  array   An array containing two keys - 'width' and 'height'. The values for those keys can be null
     *                  if the respective value could not be determined.
     */
    abstract protected function getDimensions() : ?array;

    /**
     * Creates a new Terminal instance.
     */
    public function __construct()
    {
        $this->flushDimensions();
    }

    /**
     * {@inheritDoc}
     */
    public function getWidth(int $default = 80) : int
    {
        if (isset($this->dimensions['width'])) {
            return $this->dimensions['width'];
        }

        // Environmental variables take priority and should be platform-agnostic.
        if ($width = trim(getenv('COLUMNS'))) {
            return $this->dimensions['width'] = (int) $width;
        }

        return $this->getDimensions()['width'] ?? $default;
    }

    /**
     * {@inheritDoc}
     */
    public function getHeight(int $default = 32) : int
    {
        if (isset($this->dimensions['height'])) {
            return $this->dimensions['height'];
        }

        // Environmental variables take priority and should be platform-agnostic.
        if ($height = trim(getenv('LINES'))) {
            return $this->dimensions['height'] = (int) $height;
        }

        return $this->getDimensions()['height'] ?? $default;
    }

    /**
     * Resets the cached dimensions of the underlying terminal.
     *
     * In usual execution flows the dimensions are unlikely to change. However, when running REPLs or long processes,
     * there is a likelihood of the Terminal's window dimensions to change. For those it makes sense to manually
     * flush the values before requesting them, when they are to be relied upon.
     *
     * @return  $this
     */
    public function flushDimensions() : Terminal
    {
        $this->dimensions = [
            'width'  => null,
            'height' => null
        ];

        return $this;
    }

    /**
     * Executes a system call and returns its output, while suppressing any error output.
     *
     * Requires proc_open() to be available on the platform.
     *
     * @param   string  $command    The command to execute.
     * @return  string              The output of the process or null if the process could not be executed.

     * @todo                        Use the Process component instead since we're relying on proc_open() anyways?
     */
    protected function execute(string $command) : ?string
    {
        // We require proc_open() to suppress error output.
        if (!function_exists('proc_open')) {
            return null;
        }

        // Define the file pointers we are going to utilize.
        $descriptors = [
            1 => ['pipe', 'w'],
            2 => ['pipe', 'w']
        ];

        // Execute the command with error suppression. Make sure we got a valid resource to work with.
        if (!is_resource($process = proc_open($command, $descriptors, $pipes, null, null, ['suppress_errors' => true]))) {
            return null;
        }

        $output = stream_get_contents($pipes[1]);

        // Close all open resource pointers.
        fclose($pipes[1]);
        fclose($pipes[2]);
        proc_close($process);

        return $output;
    }
}


1			<?php namespace nyx\console;
2
3			/**
4			* Terminal
5			*
6			* @package Nyx\Console
7			* @version 0.1.0
8			* @author Michal Chojnacki <[email protected]>
9			* @copyright 2012-2017 Nyx Dev Team
10			* @link https://github.com/unyx/nyx
11			*/
12			abstract class Terminal implements interfaces\Terminal
13			{
14			/**
15			* @var array The Terminal's dimensions.
16			*/
17			protected $dimensions;
18
19			/**
20			* Attempts to determine the Terminal's dimensions.
21			*
22			* @return array An array containing two keys - 'width' and 'height'. The values for those keys can be null
23			* if the respective value could not be determined.
24			*/
25			abstract protected function getDimensions() : ?array;
26
27			/**
28			* Creates a new Terminal instance.
29			*/
30			public function __construct()
31			{
32			$this->flushDimensions();
33			}
34
35			/**
36			* {@inheritDoc}
37			*/
38			public function getWidth(int $default = 80) : int
39			{
40			if (isset($this->dimensions['width'])) {
41			return $this->dimensions['width'];
42			}
43
44			// Environmental variables take priority and should be platform-agnostic.
45			if ($width = trim(getenv('COLUMNS'))) {
46			return $this->dimensions['width'] = (int) $width;
47			}
48
49			return $this->getDimensions()['width'] ?? $default;
50			}
51
52			/**
53			* {@inheritDoc}
54			*/
55			public function getHeight(int $default = 32) : int
56			{
57			if (isset($this->dimensions['height'])) {
58			return $this->dimensions['height'];
59			}
60
61			// Environmental variables take priority and should be platform-agnostic.
62			if ($height = trim(getenv('LINES'))) {
63			return $this->dimensions['height'] = (int) $height;
64			}
65
66			return $this->getDimensions()['height'] ?? $default;
67			}
68
69			/**
70			* Resets the cached dimensions of the underlying terminal.
71			*
72			* In usual execution flows the dimensions are unlikely to change. However, when running REPLs or long processes,
73			* there is a likelihood of the Terminal's window dimensions to change. For those it makes sense to manually
74			* flush the values before requesting them, when they are to be relied upon.
75			*
76			* @return $this
77			*/
78			public function flushDimensions() : Terminal
79			{
80			$this->dimensions = [
81			'width' => null,
82			'height' => null
83			];
84
85			return $this;
86			}
87
88			/**
89			* Executes a system call and returns its output, while suppressing any error output.
90			*
91			* Requires proc_open() to be available on the platform.
92			*
93			* @param string $command The command to execute.
94			* @return string The output of the process or null if the process could not be executed.
			0 ignored issues – show Documentation introduced 2017-02-07 11:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `null\|string`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
95			* @todo Use the Process component instead since we're relying on proc_open() anyways?
96			*/
97			protected function execute(string $command) : ?string
98			{
99			// We require proc_open() to suppress error output.
100			if (!function_exists('proc_open')) {
101			return null;
102			}
103
104			// Define the file pointers we are going to utilize.
105			$descriptors = [
106			1 => ['pipe', 'w'],
107			2 => ['pipe', 'w']
108			];
109
110			// Execute the command with error suppression. Make sure we got a valid resource to work with.
111			if (!is_resource($process = proc_open($command, $descriptors, $pipes, null, null, ['suppress_errors' => true]))) {
112			return null;
113			}
114
115			$output = stream_get_contents($pipes[1]);
116
117			// Close all open resource pointers.
118			fclose($pipes[1]);
119			fclose($pipes[2]);
120			proc_close($process);
121
122			return $output;
123			}
124			}
125

unyx / nyx

Issues (308)

Security Analysis not enabled

src/console/Terminal.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like