Issues in Handler.php (master) - Issues in master - unyx/nyx - Measure and Improve Code Quality continuously with Scrutinizer

Issues (308)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/diagnostics/debug/Handler.php (1 issue)

Labels

Documentation 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace nyx\diagnostics\debug;

// External dependencies
use nyx\events;

// Internal dependencies
use nyx\diagnostics\definitions;
use nyx\diagnostics;

/**
 * Abstract Handler
 *
 * Provides means for concrete Handlers to deal with Conditions and debug Events. Does not actually allow for
 * the implementation of a specific handler interface on its own as it does not implement either of the handle()
 * methods.
 *
 * @package     Nyx\Diagnostics\Debug
 * @version     0.1.0
 * @author      Michal Chojnacki <[email protected]>
 * @copyright   2012-2016 Nyx Dev Team
 * @link        http://docs.muyo.io/nyx/diagnostics/debug.html
 */
abstract class Handler implements events\interfaces\EmitterAware
{
    /**
     * The traits of a Handler instance.
     */
    use events\traits\EmitterAware;

    /**
     * @var Condition[]         An array of Condition instances that will be checked before handling the
     *                          Error/Exception or arrays containing 'matcher' and 'onMatch' keys with callables
     *                          as values. See {@see self::apply()} for more information.
     */
    private $conditions = [];

    /**
     * @var bool    Whether Conditions/Delegates are allowed to arbitrarily end script execution by returning
     *              definitions/Signals::QUIT.
     */
    private $allowQuit = true;

    /**
     * Applies a Condition to this Handler.
     *
     * @param   Condition|callable  $condition  Either a Condition instance or a 'matcher' callable accepting one
     *                                          two arguments - an Exception and a Handler instance, and
     *                                          returning true/false when the given Exception is a match or not.
     *                                          When a callable is given, the second argument to this method must
     *                                          also be given.
     * @param   callable            $onMatch    A callable containing the code that should be executed when the
     *                                          'matcher' callable given as first argument returns true. This
     *                                          argument is ignored when a concrete Condition instance is given
     *                                          as the first argument instead of a callable.
     * @return  $this
     * @throws  \InvalidArgumentException       When a callable is given as first argument but the second is
     *                                          missing or when neither a Condition instance nor a callable are
     *                                          given as the first argument.
     */
    public function apply($condition, callable $onMatch = null) : self
    {
         if (!is_callable($condition)) {
            if (!$condition instanceof Condition) {
                throw new \InvalidArgumentException('Expected a \nyx\diagnostics\Condition or a callable as first argument, got ['.diagnostics\Debug::getTypeName($condition).'] instead.');
            }

            $this->conditions[] = $condition;
        } else {
            // Both parameters are/should be callables.
            if (null === $onMatch) {
                throw new \InvalidArgumentException('A callable must be given as second parameter when the first is also a callable.');
            }

            $this->conditions[] = [
                'matcher' => $condition,
                'onMatch' => $onMatch
            ];
        }

        return $this;
    }

    /**
     * Sets whether Conditions/Delegates are allowed to arbitrarily end script execution by returning
     * definitions/Signals::QUIT.
     *
     * @param   bool    $bool   True to allow Conditions/Delegates to end script execution, false otherwise.
     */
    public function setAllowQuit(bool $bool)
    {
        $this->allowQuit = $bool;
    }

    /**
     * Checks whether Conditions/Delegates are allowed to arbitrarily end script execution by returning
     * definitions/Signals::QUIT.
     *
     * @return  bool    True when Conditions/Delegates are allowed to end script execution, false otherwise.
     */
    public function doesAllowQuit() : bool
    {
        return $this->allowQuit;
    }

    /**
     * Runs through the registered Conditions and invokes their callbacks when they match the given Exception.
     *
     * @param   \Exception  $exception  The Exception conditions should match
     * @return  bool                    True when any Condition returns the PREVENT signal, false otherwise.
     */
    protected function runConditions(\Exception $exception) : bool
    {
        $prevent = false;

        foreach ($this->conditions as $condition) {
            // We can call the methods on a Condition instance directly.
            if ($condition instanceof Condition) {
                if (true === $condition->matches($exception, $this)) {
                    $response = $condition->onMatch($exception, $this);
                } else {
                    continue;
                }
            }
            // Otherwise we're dealing with our little 'array' condition, ie. two callables. Run the match straight
            // away.
            elseif (true === call_user_func($condition['matcher'], $exception, $this)) {
                $response = call_user_func($condition['onMatch'], $exception, $this);
            } else {
                continue;
            }

            // Now let's check what onMatch() returned and see if it's a QUIT and we may exit.
            if (($response & definitions\Signals::QUIT) === definitions\Signals::QUIT && $this->allowQuit) {
                exit;
            }

            // Using the PREVENT signal on its own will not break the loop but we will need to pass it to the Handler
            // afterwards so it knows that it shouldn't proceed with its own code.
            if (($response & definitions\Signals::PREVENT) === definitions\Signals::PREVENT) {
                $prevent = true;
            }

            // QUIT includes STOP so this will catch both situations.
            if (($response & definitions\Signals::STOP) === definitions\Signals::STOP) {
                break;
            }
        }

        return $prevent;
    }

    /**
     * Helper method which emits a diagnostics\events\Debug event with the given name and the given initial
     * Exception and returns the Exception set in the Event after emission is done. All of it assuming an Emitter
     * is set for the Handler. False will be returned if that is not the case.
     *
     * @param   string          $name       The name of the Event to emit {@see definitions/Events}.
     * @param   \Throwable      $exception  The initial Exception to be passed to listeners.
     * @return  \Exception|null             Either an Exception when event emission occurred or null if no Emitter

     *                                      is set and therefore no events were emitted.
     */
    protected function emitDebugEvent($name, \Throwable $exception)
    {
        // Don't proceed when we've got no Emitter.
        if (null === $this->emitter) {
            return null;
        }

        $this->emitter->emit($name, $event = new Event($exception, $this));

        // Event Listeners may override the Exception. Need to account for that.
        return $event->getThrowable();
    }
}


1			<?php namespace nyx\diagnostics\debug;
2
3			// External dependencies
4			use nyx\events;
5
6			// Internal dependencies
7			use nyx\diagnostics\definitions;
8			use nyx\diagnostics;
9
10			/**
11			* Abstract Handler
12			*
13			* Provides means for concrete Handlers to deal with Conditions and debug Events. Does not actually allow for
14			* the implementation of a specific handler interface on its own as it does not implement either of the handle()
15			* methods.
16			*
17			* @package Nyx\Diagnostics\Debug
18			* @version 0.1.0
19			* @author Michal Chojnacki <[email protected]>
20			* @copyright 2012-2016 Nyx Dev Team
21			* @link http://docs.muyo.io/nyx/diagnostics/debug.html
22			*/
23			abstract class Handler implements events\interfaces\EmitterAware
24			{
25			/**
26			* The traits of a Handler instance.
27			*/
28			use events\traits\EmitterAware;
29
30			/**
31			* @var Condition[] An array of Condition instances that will be checked before handling the
32			* Error/Exception or arrays containing 'matcher' and 'onMatch' keys with callables
33			* as values. See {@see self::apply()} for more information.
34			*/
35			private $conditions = [];
36
37			/**
38			* @var bool Whether Conditions/Delegates are allowed to arbitrarily end script execution by returning
39			* definitions/Signals::QUIT.
40			*/
41			private $allowQuit = true;
42
43			/**
44			* Applies a Condition to this Handler.
45			*
46			* @param Condition\|callable $condition Either a Condition instance or a 'matcher' callable accepting one
47			* two arguments - an Exception and a Handler instance, and
48			* returning true/false when the given Exception is a match or not.
49			* When a callable is given, the second argument to this method must
50			* also be given.
51			* @param callable $onMatch A callable containing the code that should be executed when the
52			* 'matcher' callable given as first argument returns true. This
53			* argument is ignored when a concrete Condition instance is given
54			* as the first argument instead of a callable.
55			* @return $this
56			* @throws \InvalidArgumentException When a callable is given as first argument but the second is
57			* missing or when neither a Condition instance nor a callable are
58			* given as the first argument.
59			*/
60			public function apply($condition, callable $onMatch = null) : self
61			{
62			if (!is_callable($condition)) {
63			if (!$condition instanceof Condition) {
64			throw new \InvalidArgumentException('Expected a \nyx\diagnostics\Condition or a callable as first argument, got ['.diagnostics\Debug::getTypeName($condition).'] instead.');
65			}
66
67			$this->conditions[] = $condition;
68			} else {
69			// Both parameters are/should be callables.
70			if (null === $onMatch) {
71			throw new \InvalidArgumentException('A callable must be given as second parameter when the first is also a callable.');
72			}
73
74			$this->conditions[] = [
75			'matcher' => $condition,
76			'onMatch' => $onMatch
77			];
78			}
79
80			return $this;
81			}
82
83			/**
84			* Sets whether Conditions/Delegates are allowed to arbitrarily end script execution by returning
85			* definitions/Signals::QUIT.
86			*
87			* @param bool $bool True to allow Conditions/Delegates to end script execution, false otherwise.
88			*/
89			public function setAllowQuit(bool $bool)
90			{
91			$this->allowQuit = $bool;
92			}
93
94			/**
95			* Checks whether Conditions/Delegates are allowed to arbitrarily end script execution by returning
96			* definitions/Signals::QUIT.
97			*
98			* @return bool True when Conditions/Delegates are allowed to end script execution, false otherwise.
99			*/
100			public function doesAllowQuit() : bool
101			{
102			return $this->allowQuit;
103			}
104
105			/**
106			* Runs through the registered Conditions and invokes their callbacks when they match the given Exception.
107			*
108			* @param \Exception $exception The Exception conditions should match
109			* @return bool True when any Condition returns the PREVENT signal, false otherwise.
110			*/
111			protected function runConditions(\Exception $exception) : bool
112			{
113			$prevent = false;
114
115			foreach ($this->conditions as $condition) {
116			// We can call the methods on a Condition instance directly.
117			if ($condition instanceof Condition) {
118			if (true === $condition->matches($exception, $this)) {
119			$response = $condition->onMatch($exception, $this);
120			} else {
121			continue;
122			}
123			}
124			// Otherwise we're dealing with our little 'array' condition, ie. two callables. Run the match straight
125			// away.
126			elseif (true === call_user_func($condition['matcher'], $exception, $this)) {
127			$response = call_user_func($condition['onMatch'], $exception, $this);
128			} else {
129			continue;
130			}
131
132			// Now let's check what onMatch() returned and see if it's a QUIT and we may exit.
133			if (($response & definitions\Signals::QUIT) === definitions\Signals::QUIT && $this->allowQuit) {
134			exit;
135			}
136
137			// Using the PREVENT signal on its own will not break the loop but we will need to pass it to the Handler
138			// afterwards so it knows that it shouldn't proceed with its own code.
139			if (($response & definitions\Signals::PREVENT) === definitions\Signals::PREVENT) {
140			$prevent = true;
141			}
142
143			// QUIT includes STOP so this will catch both situations.
144			if (($response & definitions\Signals::STOP) === definitions\Signals::STOP) {
145			break;
146			}
147			}
148
149			return $prevent;
150			}
151
152			/**
153			* Helper method which emits a diagnostics\events\Debug event with the given name and the given initial
154			* Exception and returns the Exception set in the Event after emission is done. All of it assuming an Emitter
155			* is set for the Handler. False will be returned if that is not the case.
156			*
157			* @param string $name The name of the Event to emit {@see definitions/Events}.
158			* @param \Throwable $exception The initial Exception to be passed to listeners.
159			* @return \Exception\|null Either an Exception when event emission occurred or null if no Emitter
			0 ignored issues – show Documentation introduced 2017-02-07 11:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `null\|\Throwable`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
160			* is set and therefore no events were emitted.
161			*/
162			protected function emitDebugEvent($name, \Throwable $exception)
163			{
164			// Don't proceed when we've got no Emitter.
165			if (null === $this->emitter) {
166			return null;
167			}
168
169			$this->emitter->emit($name, $event = new Event($exception, $this));
170
171			// Event Listeners may override the Exception. Need to account for that.
172			return $event->getThrowable();
173			}
174			}
175

unyx / nyx

Issues (308)

Security Analysis not enabled

src/diagnostics/debug/Handler.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like