Issues in Validator.php (dev-master) - Issues in dev-master - vijinho/FFMVC - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Helpers/Validator.php (4 issues)

Labels

Duplication 4

Severity

Informational 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace FFMVC\Helpers;

/**
 * Validation Helper Class
 *
 * Add to composer.json:
 *    "wixel/gump": "dev-master"
 *
 * @package helpers
 * @author Vijay Mahrra <[email protected]>
 * @copyright (c) Copyright 2016 Vijay Mahrra
 * @license GPLv3 (http://www.gnu.org/licenses/gpl-3.0.html)
 * @url https://github.com/Wixel/GUMP
 */
class Validator extends \GUMP
{
    /**
     * Function to create and return previously created instance
     * Renamed from get_instance() to follow $f3 design pattern
     * as calling $this->get_instance() will ignore this class
     * and get a GUMP instance instead if this method did not exist
     *
     * @return Validator
     */
    public static function instance()
    {
        if (self::$instance === null) {
            self::$instance = new self();
        }

        return self::$instance;
    }

    /**
     * Perform data filtering against the provided ruleset.
     *
     * @param mixed $input
     * @param array optinal $ruleset ot use class ruleset
     * @return bool|array
     */
    public function filter(array $input, array $ruleset = [])
    {
        return empty($ruleset) ? parent::filter($input, $this->filter_rules) : parent::filter($input, $ruleset);
    }

    /**
     * Perform data validation against the provided ruleset.
     *
     * @param array $input
     * @param array optinal $ruleset ot use class ruleset
     * @return bool|array
     */
    public function validate(array $input, array $ruleset = [])
    {
        return empty($ruleset) ? parent::validate($input, $this->validation_rules) : parent::validate($input, $ruleset);
    }

    /**
     *  A custom filter named "lower".
     *
     *  The callback function receives two arguments:
     *  The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
     *
     * @param mixed $value
     * @param mixed $param
     * @return string
     */
    public function filter_lower($value, $param = null): string
    {
        return strtolower($value);
    }

    /**
     *  A custom filter named "upper".
     *
     *  The callback function receives two arguments:
     *  The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
     *
     * @param mixed $value
     * @param mixed $param
     * @return string
     */
    public function filter_upper($value, $param = null): string
    {
        return strtoupper($value);
    }

    /**
     * Strip whitespaces from the beginning of a string
     *
     * The callback function receives two arguments:
     * The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
     *
     * @param mixed $value
     * @param mixed $param
     * @return string
     * @link https://fatfreeframework.com/utf-unicode-string-manager#ltrim
     */
    public function filter_ltrim($value, $param = null): string
    {
        return \UTF::instance()->ltrim($value);
    }

    /**
     * Strip whitespaces from the end of a string
     *
     * The callback function receives two arguments:
     * The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
     *
     * @param mixed $value
     * @param mixed $param
     * @return string
     * @link https://fatfreeframework.com/utf-unicode-string-manager#rtrim
     */
    public function filter_rtrim($value, $param = null): string
    {
        return \UTF::instance()->rtrim($value);
    }

    /**
     * Strip whitespaces from the beginning and end of a string
     *
     * The callback function receives two arguments:
     * The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
     *
     * @param mixed $value
     * @param mixed $param
     * @return string
     * @link https://fatfreeframework.com/utf-unicode-string-manager#trim
     */
    public function filter_trim($value, $param = null): string
    {
        return \UTF::instance()->trim($value);
    }

    /**
     * Convert code points to Unicode symbols
     *
     * The callback function receives two arguments:
     * The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
     *
     * @param mixed $value
     * @param mixed $param
     * @return string
     * @link https://fatfreeframework.com/utf-unicode-string-manager#translate
     */
    public function filter_translate($value, $param = null): string
    {
        return \UTF::instance()->translate($value);
    }

    /**
     * Translate emoji tokens to Unicode font-supported symbols
     *
     * The callback function receives two arguments:
     * The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
     *
     * @param mixed $value
     * @param mixed $param
     * @return string
     * @link https://fatfreeframework.com/utf-unicode-string-manager#emojify
     */
    public function filter_emojify($value, $param = null): string
    {
        return \UTF::instance()->emojify($value);
    }

    /**
     * Convert input to a slug
     *
     * The callback function receives two arguments:
     * The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
     *
     * @param mixed $value
     * @param mixed $param
     * @return string
     * @link https://fatfreeframework.com/utf-unicode-string-manager#emojify
     */
    public function filter_slug($value, $param = null): string
    {
        return \Web::instance()->slug($value);
    }

    /**
     * Check whether the IP Address is Public
     *
     * Usage: '<index>' => 'valid_ip_public'
     *
     * @param string $field
     * @param array  $input
     * @param null|array $param
     *
     * @return null|array
     */
    public function validate_valid_ip_public(string $field, array $input, $param = null)

    {
        if (!isset($input[$field]) || empty($input[$field])) {
            return;
        }
        if (!\Audit::instance()->ispublic($input[$field])) {
            return array(
                'field' => $field,
                'value' => $input[$field],
                'rule' => __FUNCTION__,
                'param' => $param,
            );
        }
    }

    /**
     * Check whether the IP Address is NOT Public
     *
     * Usage: '<index>' => 'valid_ip_not_public'
     *
     * @param string $field
     * @param array  $input
     * @param null|array $param
     * @return null|array
     */
    public function validate_valid_ip_not_public(string $field, array $input, $param = null)

    {
        if (!isset($input[$field]) || empty($input[$field])) {
            return;
        }
        if (\Audit::instance()->ispublic($input[$field])) {
            return array(
                'field' => $field,
                'value' => $input[$field],
                'rule' => __FUNCTION__,
                'param' => $param,
            );
        }
    }

    /**
     * Check whether the IP Address is Reserved
     *
     * Usage: '<index>' => 'valid_ip_reserved'
     *
     * @param string $field
     * @param array  $input
     * @param null|array $param
     * @return null|array
     */
    public function validate_valid_ip_reserved(string $field, array $input, $param = null)

    {
        if (!isset($input[$field]) || empty($input[$field])) {
            return;
        }
        if (!\Audit::instance()->isreserved($input[$field])) {
            return array(
                'field' => $field,
                'value' => $input[$field],
                'rule' => __FUNCTION__,
                'param' => $param,
            );
        }
    }

    /**
     * Check whether the IP Address is Private or Reserved
     *
     * Usage: '<index>' => 'valid_ip_private'
     *
     * @param string $field
     * @param array  $input
     * @param null|array $param
     * @return null|array
     */
    public function validate_valid_ip_private(string $field, array $input, $param = null)

    {
        if (!isset($input[$field]) || empty($input[$field])) {
            return;
        }
        if (!\Audit::instance()->isprivate($input[$field])) {
            return array(
                'field' => $field,
                'value' => $input[$field],
                'rule' => __FUNCTION__,
                'param' => $param,
            );
        }
    }

}


1			<?php
2
3			namespace FFMVC\Helpers;
4
5			/**
6			* Validation Helper Class
7			*
8			* Add to composer.json:
9			* "wixel/gump": "dev-master"
10			*
11			* @package helpers
12			* @author Vijay Mahrra <[email protected]>
13			* @copyright (c) Copyright 2016 Vijay Mahrra
14			* @license GPLv3 (http://www.gnu.org/licenses/gpl-3.0.html)
15			* @url https://github.com/Wixel/GUMP
16			*/
17			class Validator extends \GUMP
18			{
19			/**
20			* Function to create and return previously created instance
21			* Renamed from get_instance() to follow $f3 design pattern
22			* as calling $this->get_instance() will ignore this class
23			* and get a GUMP instance instead if this method did not exist
24			*
25			* @return Validator
26			*/
27			public static function instance()
28			{
29			if (self::$instance === null) {
30			self::$instance = new self();
31			}
32
33			return self::$instance;
34			}
35
36			/**
37			* Perform data filtering against the provided ruleset.
38			*
39			* @param mixed $input
40			* @param array optinal $ruleset ot use class ruleset
41			* @return bool\|array
42			*/
43			public function filter(array $input, array $ruleset = [])
44			{
45			return empty($ruleset) ? parent::filter($input, $this->filter_rules) : parent::filter($input, $ruleset);
46			}
47
48			/**
49			* Perform data validation against the provided ruleset.
50			*
51			* @param array $input
52			* @param array optinal $ruleset ot use class ruleset
53			* @return bool\|array
54			*/
55			public function validate(array $input, array $ruleset = [])
56			{
57			return empty($ruleset) ? parent::validate($input, $this->validation_rules) : parent::validate($input, $ruleset);
58			}
59
60			/**
61			* A custom filter named "lower".
62			*
63			* The callback function receives two arguments:
64			* The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
65			*
66			* @param mixed $value
67			* @param mixed $param
68			* @return string
69			*/
70			public function filter_lower($value, $param = null): string
71			{
72			return strtolower($value);
73			}
74
75			/**
76			* A custom filter named "upper".
77			*
78			* The callback function receives two arguments:
79			* The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
80			*
81			* @param mixed $value
82			* @param mixed $param
83			* @return string
84			*/
85			public function filter_upper($value, $param = null): string
86			{
87			return strtoupper($value);
88			}
89
90			/**
91			* Strip whitespaces from the beginning of a string
92			*
93			* The callback function receives two arguments:
94			* The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
95			*
96			* @param mixed $value
97			* @param mixed $param
98			* @return string
99			* @link https://fatfreeframework.com/utf-unicode-string-manager#ltrim
100			*/
101			public function filter_ltrim($value, $param = null): string
102			{
103			return \UTF::instance()->ltrim($value);
104			}
105
106			/**
107			* Strip whitespaces from the end of a string
108			*
109			* The callback function receives two arguments:
110			* The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
111			*
112			* @param mixed $value
113			* @param mixed $param
114			* @return string
115			* @link https://fatfreeframework.com/utf-unicode-string-manager#rtrim
116			*/
117			public function filter_rtrim($value, $param = null): string
118			{
119			return \UTF::instance()->rtrim($value);
120			}
121
122			/**
123			* Strip whitespaces from the beginning and end of a string
124			*
125			* The callback function receives two arguments:
126			* The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
127			*
128			* @param mixed $value
129			* @param mixed $param
130			* @return string
131			* @link https://fatfreeframework.com/utf-unicode-string-manager#trim
132			*/
133			public function filter_trim($value, $param = null): string
134			{
135			return \UTF::instance()->trim($value);
136			}
137
138			/**
139			* Convert code points to Unicode symbols
140			*
141			* The callback function receives two arguments:
142			* The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
143			*
144			* @param mixed $value
145			* @param mixed $param
146			* @return string
147			* @link https://fatfreeframework.com/utf-unicode-string-manager#translate
148			*/
149			public function filter_translate($value, $param = null): string
150			{
151			return \UTF::instance()->translate($value);
152			}
153
154			/**
155			* Translate emoji tokens to Unicode font-supported symbols
156			*
157			* The callback function receives two arguments:
158			* The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
159			*
160			* @param mixed $value
161			* @param mixed $param
162			* @return string
163			* @link https://fatfreeframework.com/utf-unicode-string-manager#emojify
164			*/
165			public function filter_emojify($value, $param = null): string
166			{
167			return \UTF::instance()->emojify($value);
168			}
169
170			/**
171			* Convert input to a slug
172			*
173			* The callback function receives two arguments:
174			* The value to filter, and any parameters used in the filter rule. It should returned the filtered value.
175			*
176			* @param mixed $value
177			* @param mixed $param
178			* @return string
179			* @link https://fatfreeframework.com/utf-unicode-string-manager#emojify
180			*/
181			public function filter_slug($value, $param = null): string
182			{
183			return \Web::instance()->slug($value);
184			}
185
186			/**
187			* Check whether the IP Address is Public
188			*
189			* Usage: '<index>' => 'valid_ip_public'
190			*
191			* @param string $field
192			* @param array $input
193			* @param null\|array $param
194			*
195			* @return null\|array
196			*/
197			public function validate_valid_ip_public(string $field, array $input, $param = null)
			0 ignored issues – show Duplication introduced 2017-10-19 22:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
198			{
199			if (!isset($input[$field]) \|\| empty($input[$field])) {
200			return;
201			}
202			if (!\Audit::instance()->ispublic($input[$field])) {
203			return array(
204			'field' => $field,
205			'value' => $input[$field],
206			'rule' => __FUNCTION__,
207			'param' => $param,
208			);
209			}
210			}
211
212			/**
213			* Check whether the IP Address is NOT Public
214			*
215			* Usage: '<index>' => 'valid_ip_not_public'
216			*
217			* @param string $field
218			* @param array $input
219			* @param null\|array $param
220			* @return null\|array
221			*/
222			public function validate_valid_ip_not_public(string $field, array $input, $param = null)
			0 ignored issues – show Duplication introduced 2017-10-19 22:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
223			{
224			if (!isset($input[$field]) \|\| empty($input[$field])) {
225			return;
226			}
227			if (\Audit::instance()->ispublic($input[$field])) {
228			return array(
229			'field' => $field,
230			'value' => $input[$field],
231			'rule' => __FUNCTION__,
232			'param' => $param,
233			);
234			}
235			}
236
237			/**
238			* Check whether the IP Address is Reserved
239			*
240			* Usage: '<index>' => 'valid_ip_reserved'
241			*
242			* @param string $field
243			* @param array $input
244			* @param null\|array $param
245			* @return null\|array
246			*/
247			public function validate_valid_ip_reserved(string $field, array $input, $param = null)
			0 ignored issues – show Duplication introduced 2017-10-19 22:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
248			{
249			if (!isset($input[$field]) \|\| empty($input[$field])) {
250			return;
251			}
252			if (!\Audit::instance()->isreserved($input[$field])) {
253			return array(
254			'field' => $field,
255			'value' => $input[$field],
256			'rule' => __FUNCTION__,
257			'param' => $param,
258			);
259			}
260			}
261
262			/**
263			* Check whether the IP Address is Private or Reserved
264			*
265			* Usage: '<index>' => 'valid_ip_private'
266			*
267			* @param string $field
268			* @param array $input
269			* @param null\|array $param
270			* @return null\|array
271			*/
272			public function validate_valid_ip_private(string $field, array $input, $param = null)
			0 ignored issues – show Duplication introduced 2017-10-19 22:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
273			{
274			if (!isset($input[$field]) \|\| empty($input[$field])) {
275			return;
276			}
277			if (!\Audit::instance()->isprivate($input[$field])) {
278			return array(
279			'field' => $field,
280			'value' => $input[$field],
281			'rule' => __FUNCTION__,
282			'param' => $param,
283			);
284			}
285			}
286
287			}
288

vijinho / FFMVC

Issues (4)

Security Analysis no request data

src/Helpers/Validator.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like