Issues in AbstractPart.php (master) - Issues in master - voku/purl - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Purl/AbstractPart.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the Purl package, a project by Jonathan H. Wage.
 *
 * (c) 2013 Jonathan H. Wage
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Purl;

/**
 * AbstractPart class is implemented by each part of a Url where necessary.
 *
 * @author      Jonathan H. Wage <[email protected]>
 * @implements  ArrayAccess
 */
abstract class AbstractPart implements \ArrayAccess
{
  /**
   * Flag for whether or not this part has been initialized.
   *
   * @var boolean
   */
  protected $initialized = false;

  /**
   * Array of data for this part.
   *
   * @var array
   */
  protected $data = [];

  /**
   * Array mapping part names to classes.
   *
   * @var array
   */
  protected $partClassMap = [];

  /**
   * Gets the data for this part. This method will initialize the part if it is not already initialized.
   *
   * @return array
   */
  public function getData(): array
  {
    $this->initialize();

    return $this->data;
  }

  /**
   * Sets the data for this part. This method will initialize the part if it is not already initialized.
   *
   * @param array $data
   *
   * @return $this
   */
  public function setData(array $data)
  {
    $this->initialize();
    $this->data = $data;

    foreach ($data as $key => $value) {
      if (empty($value) && $value !== '0') {
        unset($this->data[$key]);
      }
    }

    return $this;
  }

  /**
   * Check if this part has been initialized yet.
   *
   * @return boolean
   */
  public function isInitialized(): bool
  {
    return $this->initialized;
  }

  /**
   * Check if this part has data by key.
   *
   * @param string $key
   *
   * @return boolean
   */
  public function has($key): bool
  {
    $this->initialize();

    return isset($this->data[$key]);
  }

  /**
   * Gets data from this part by key.
   *
   * @param string $key
   *
   * @return mixed|null
   */
  public function get($key)
  {
    $this->initialize();

    return $this->data[$key] ?? null;
  }

  /**
   * Set data for this part by key.
   *
   * @param string $key
   * @param mixed  $value
   *
   * @return static
   */
  public function set($key, $value)
  {
    $this->initialize();
    $this->data[$key] = $value;

    return $this;
  }

  /**
   * Add data for this part.
   *
   * @param mixed $value
   *
   * @return $this
   */
  public function add($value)
  {
    $this->initialize();
    $this->data[] = $value;

    return $this;
  }

  /**
   * Remove data from this part by key.
   *
   * @param $key
   */
  public function remove($key)
  {
    $this->initialize();
    unset($this->data[$key]);
  }

  /** Property Overloading */

  /**
   * @param $key
   *
   * @return bool
   */
  public function __isset($key)
  {
    return $this->has($key);
  }

  /**
   * @param $key
   *
   * @return bool
   */
  public function __get($key)
  {
    return $this->get($key);
  }

  /**
   * @param $key
   * @param $value
   *
   * @return AbstractPart
   */
  public function __set($key, $value)
  {
    return $this->set($key, $value);
  }

  /**
   * @param $key
   */
  public function __unset($key)
  {
    return $this->remove($key);
  }

  /** ArrayAccess */

  /**
   * @param mixed $key
   *
   * @return bool
   */
  public function offsetExists($key): bool
  {
    $this->initialize();

    return isset($this->data[$key]);
  }

  /**
   * @param mixed $key
   *
   * @return bool
   */
  public function offsetGet($key): bool
  {
    return $this->get($key);
  }

  /**
   * @param mixed $key
   * @param mixed $value
   *
   * @return AbstractPart
   */
  public function offsetSet($key, $value): self
  {
    return $this->set($key, $value);
  }

  /**
   * @param mixed $key
   */
  public function offsetUnset($key)
  {
    return $this->remove($key);
  }

  protected function initialize()
  {
    if ($this->initialized === true) {
      return;
    }

    $this->initialized = true;

    $this->doInitialize();
  }

  /**
   * Prepare a part value.
   *
   * @param string        $key
   * @param string|static $value
   *
   * @return static
   */
  protected function preparePartValue($key, &$value)
  {
    if (!isset($this->partClassMap[$key])) {
      return $value;

    }

    $className = $this->partClassMap[$key];

    return !$value instanceof $className ? new $className($value) : $value;
  }

  /**
   * Convert the instance back in to string form from the internal parts.
   *
   * @return string
   */
  abstract public function __toString();

  /**
   * Each part that extends AbstractPart must implement an doInitialize() method.
   *
   * @return void
   */
  abstract protected function doInitialize();
}


1		<?php
2
3		/*
4		* This file is part of the Purl package, a project by Jonathan H. Wage.
5		*
6		* (c) 2013 Jonathan H. Wage
7		*
8		* For the full copyright and license information, please view the LICENSE
9		* file that was distributed with this source code.
10		*/
11
12		namespace Purl;
13
14		/**
15		* AbstractPart class is implemented by each part of a Url where necessary.
16		*
17		* @author Jonathan H. Wage <[email protected]>
18		* @implements ArrayAccess
19		*/
20		abstract class AbstractPart implements \ArrayAccess
21		{
22		/**
23		* Flag for whether or not this part has been initialized.
24		*
25		* @var boolean
26		*/
27		protected $initialized = false;
28
29		/**
30		* Array of data for this part.
31		*
32		* @var array
33		*/
34		protected $data = [];
35
36		/**
37		* Array mapping part names to classes.
38		*
39		* @var array
40		*/
41		protected $partClassMap = [];
42
43		/**
44		* Gets the data for this part. This method will initialize the part if it is not already initialized.
45		*
46		* @return array
47		*/
48	3	public function getData(): array
49		{
50	3	$this->initialize();
51
52	3	return $this->data;
53		}
54
55		/**
56		* Sets the data for this part. This method will initialize the part if it is not already initialized.
57		*
58		* @param array $data
59		*
60		* @return $this
61		*/
62	1	public function setData(array $data)
63		{
64	1	$this->initialize();
65	1	$this->data = $data;
66
67	1	foreach ($data as $key => $value) {
68	1	if (empty($value) && $value !== '0') {
69	1	unset($this->data[$key]);
70		}
71		}
72
73	1	return $this;
74		}
75
76		/**
77		* Check if this part has been initialized yet.
78		*
79		* @return boolean
80		*/
81		public function isInitialized(): bool
82		{
83		return $this->initialized;
84		}
85
86		/**
87		* Check if this part has data by key.
88		*
89		* @param string $key
90		*
91		* @return boolean
92		*/
93		public function has($key): bool
94		{
95		$this->initialize();
96
97		return isset($this->data[$key]);
98		}
99
100		/**
101		* Gets data from this part by key.
102		*
103		* @param string $key
104		*
105		* @return mixed\|null
106		*/
107	65	public function get($key)
108		{
109	65	$this->initialize();
110
111	65	return $this->data[$key] ?? null;
112		}
113
114		/**
115		* Set data for this part by key.
116		*
117		* @param string $key
118		* @param mixed $value
119		*
120		* @return static
121		*/
122	6	public function set($key, $value)
123		{
124	6	$this->initialize();
125	6	$this->data[$key] = $value;
126
127	6	return $this;
128		}
129
130		/**
131		* Add data for this part.
132		*
133		* @param mixed $value
134		*
135		* @return $this
136		*/
137	3	public function add($value)
138		{
139	3	$this->initialize();
140	3	$this->data[] = $value;
141
142	3	return $this;
143		}
144
145		/**
146		* Remove data from this part by key.
147		*
148		* @param $key
149		*/
150		public function remove($key)
151		{
152		$this->initialize();
153		unset($this->data[$key]);
154		}
155
156		/** Property Overloading */
157
158		/**
159		* @param $key
160		*
161		* @return bool
162		*/
163		public function __isset($key)
164		{
165		return $this->has($key);
166		}
167
168		/**
169		* @param $key
170		*
171		* @return bool
172		*/
173	65	public function __get($key)
174		{
175	65	return $this->get($key);
176		}
177
178		/**
179		* @param $key
180		* @param $value
181		*
182		* @return AbstractPart
183		*/
184	2	public function __set($key, $value)
185		{
186	2	return $this->set($key, $value);
187		}
188
189		/**
190		* @param $key
191		*/
192		public function __unset($key)
193		{
194		return $this->remove($key);
195		}
196
197		/** ArrayAccess */
198
199		/**
200		* @param mixed $key
201		*
202		* @return bool
203		*/
204		public function offsetExists($key): bool
205		{
206		$this->initialize();
207
208		return isset($this->data[$key]);
209		}
210
211		/**
212		* @param mixed $key
213		*
214		* @return bool
215		*/
216		public function offsetGet($key): bool
217		{
218		return $this->get($key);
219		}
220
221		/**
222		* @param mixed $key
223		* @param mixed $value
224		*
225		* @return AbstractPart
226		*/
227	1	public function offsetSet($key, $value): self
228		{
229	1	return $this->set($key, $value);
230		}
231
232		/**
233		* @param mixed $key
234		*/
235		public function offsetUnset($key)
236		{
237		return $this->remove($key);
238		}
239
240	73	protected function initialize()
241		{
242	73	if ($this->initialized === true) {
243	65	return;
244		}
245
246	73	$this->initialized = true;
247
248	73	$this->doInitialize();
249	73	}
250
251		/**
252		* Prepare a part value.
253		*
254		* @param string $key
255		* @param string\|static $value
256		*
257		* @return static
258		*/
259	65	protected function preparePartValue($key, &$value)
260		{
261	65	if (!isset($this->partClassMap[$key])) {
262	59	return $value;
		0 ignored issues – show Bug Compatibility introduced 2016-04-29 12:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $value;` of type `string\|Purl\AbstractPart` is incompatible with the return type documented by `Purl\AbstractPart::preparePartValue` of type `Purl\AbstractPart` as it can also be of type `string` which is not included in this return type. Loading history...
263		}
264
265	65	$className = $this->partClassMap[$key];
266
267	65	return !$value instanceof $className ? new $className($value) : $value;
268		}
269
270		/**
271		* Convert the instance back in to string form from the internal parts.
272		*
273		* @return string
274		*/
275		abstract public function __toString();
276
277		/**
278		* Each part that extends AbstractPart must implement an doInitialize() method.
279		*
280		* @return void
281		*/
282		abstract protected function doInitialize();
283		}
284

voku / purl

Issues (1)

Security Analysis not enabled

src/Purl/AbstractPart.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like