Issues in Connection.php (master) - Issues in master - webdcg/redis - Measure and Improve Code Quality continuously with Scrutinizer

Issues (37)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Traits/Connection.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Webdcg\Redis\Traits;

trait Connection
{
    /**
     * Connects to a Redis instance.
     *
     * @param  string       $host           can be a host, or the path to a unix domain socket. Starting from
     *                                       version 5.0.0 it is possible to specify
     * @param  int|int      $port           optional defaults to 6379
     * @param  float|int    $timeout        value in seconds (optional, default is 0 meaning unlimited)
     * @param  null         $reserved       should be NULL if retry_interval is specified
     * @param  int|int      $retry_interval value in milliseconds (optional)
     * @param  float|int    $read_timeout   value in seconds (optional, default is 0 meaning unlimited)
     *
     * @return bool     true on success, false on error
     *
     * @throws RedisException
     */
    public function connect(
        string $host = '127.0.0.1',
        int $port = 6379,
        float $timeout = 0.0,
        $reserved = null,
        int $retry_interval = 0,
        float $read_timeout = 0
    ): bool {
        return $this->redis->connect($host, $port, $timeout, $reserved, $retry_interval, $read_timeout);
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }

    /**
     * Connects to a Redis instance.
     *
     * @param  string       $host           can be a host, or the path to a unix domain socket. Starting from
     *                                       version 5.0.0 it is possible to specify
     * @param  int|int      $port           optional defaults to 6379
     * @param  float|int    $timeout        value in seconds (optional, default is 0 meaning unlimited)
     * @param  null         $reserved       should be NULL if retry_interval is specified
     * @param  int|int      $retry_interval value in milliseconds (optional)
     * @param  float|int    $read_timeout   value in seconds (optional, default is 0 meaning unlimited)
     *
     * @return bool     true on success, false on error
     *
     * @throws RedisException
     */
    public function open(
        string $host = '127.0.0.1',
        int $port = 6379,
        float $timeout = 0.0,
        $reserved = null,
        int $retry_interval = 0,
        float $read_timeout = 0
    ): bool {
        return $this->connect($host, $port, $timeout, $reserved, $retry_interval, $read_timeout);
    }

    /**
     * Connects to a Redis instance or reuse a connection already established with pconnect/popen.
     *
     * The connection will not be closed on end of request until the php process ends. So be prepared for too many
     * open FD's errors (specially on redis server side) when using persistent connections on many servers
     * connecting to one redis server.
     *
     * Also more than one persistent connection can be made identified by either host + port + timeout or
     * host + persistent_id or unix socket + timeout.
     *
     * Starting from version 4.2.1, it became possible to use connection pooling by setting INI variable
     * redis.pconnect.pooling_enabled to 1.
     *
     * This feature is not available in threaded versions. pconnect and popen then working like their non
     * persistent equivalents.
     *
     * @param  string       $host           can be a host, or the path to a unix domain socket. Starting from version
     *                                      5.0.0 it is possible to specify
     * @param  int|int      $port           optional defaults to 6379
     * @param  float|int    $timeout        value in seconds (optional, default is 0 meaning unlimited)
     * @param  string       $persistent_id  identity for the requested persistent connection
     * @param  int|int      $retry_interval value in milliseconds (optional)
     * @param  float|int    $read_timeout   value in seconds (optional, default is 0 meaning unlimited)
     *
     * @return bool     true on success, false on error
     *
     * @throws RedisException
     */
    public function pconnect(
        string $host,
        int $port,
        float $timeout,
        string $persistent_id,
        ?int $retry_interval = 0,
        ?float $read_timeout = 0
    ): bool {
        return $this->redis->pconnect($host, $port, $timeout, $persistent_id, $retry_interval, $read_timeout);
    }

    /**
     * Connects to a Redis instance or reuse a connection already established with pconnect/popen.
     *
     * The connection will not be closed on end of request until the php process ends. So be prepared for too many
     * open FD's errors (specially on redis server side) when using persistent connections on many servers
     * connecting to one redis server.
     *
     * Also more than one persistent connection can be made identified by either host + port + timeout or
     * host + persistent_id or unix socket + timeout.
     *
     * Starting from version 4.2.1, it became possible to use connection pooling by setting INI variable
     * redis.pconnect.pooling_enabled to 1.
     *
     * This feature is not available in threaded versions. pconnect and popen then working like their non
     * persistent equivalents.
     *
     * @param  string       $host           can be a host, or the path to a unix domain socket. Starting from version
     *                                      5.0.0 it is possible to specify
     * @param  int|int      $port           optional defaults to 6379
     * @param  float|int    $timeout        value in seconds (optional, default is 0 meaning unlimited)
     * @param  string       $persistent_id  identity for the requested persistent connection
     * @param  int|int      $retry_interval value in milliseconds (optional)
     * @param  float|int    $read_timeout   value in seconds (optional, default is 0 meaning unlimited)
     *
     * @return bool     true on success, false on error
     *
     * @throws RedisException
     */
    public function popen(
        string $host,
        int $port,
        float $timeout,
        string $persistent_id,
        ?int $retry_interval = 0,
        ?float $read_timeout = 0
    ): bool {
        return $this->pconnect($host, $port, $timeout, $persistent_id, $retry_interval, $read_timeout);
    }

    /**
     * Authenticate the connection using a password. Warning: The password is sent in plain-text over the network.
     *
     * @param  string $password
     *
     * @return bool     true if the connection is authenticated, false otherwise.
     */
    public function auth(string $password): bool
    {
        return $this->redis->auth($password);
    }

    /**
     * Change the selected database for the current connection.
     *
     * @param  int    $db   the database number to switch to (0 - 15).
     *
     * @return bool     true in case of success, false in case of failure.
     */
    public function select(int $db): bool
    {
        return $this->redis->select($db);
    }

    /**
     * Swap one Redis database with another atomically.
     *
     * @param  int    $db1  Database to Switch From  (valid 0 - 15)
     * @param  int    $db2  Database to Switch To  (valid 0 - 15)
     *
     * @return bool     true in case of success, false in case of failure.
     */
    public function swapdb(int $db1, int $db2): bool
    {
        return $this->redis->swapdb($db1, $db2);
    }

    /**
     * Disconnects from the Redis instance.
     *
     * Note: Closing a persistent connection requires PhpRedis >= 4.2.0.
     *
     * @return bool     TRUE on success, FALSE on failure.
     */
    public function close(): bool
    {
        return $this->redis->close();
    }

    /**
     * Set client option.
     *
     * @param string $name
     * @param string $value
     *
     * @return bool     true on success, false on error.
     */
    public function setOption(string $name, string $value): bool
    {
        return $this->redis->setOption($name, $value);
    }

    /**
     * Get client option.
     *
     * @param  string $name
     *
     * @return string
     */
    public function getOption(string $name): string
    {
        return $this->redis->getOption($name);
    }

    /**
     * Check the current connection status.
     *
     * Note: Prior to PhpRedis 5.0.0 this command simply returned the string +PONG.
     *
     * @param  string|null $message
     *
     * @return Mixed: This method returns true on success, or the passed string if called with an argument.

     */
    public function ping(?string $message = null)
    {
        return $message ? $this->redis->ping($message) : $this->redis->ping();
    }

    /**
     * Sends a string to Redis, which replies with the same string.
     *
     * @param  string $message The message to send.
     *
     * @return string the same message.
     */
    public function echo(string $message): string
    {
        return $this->redis->echo($message);
    }
}


1			<?php
2
3			namespace Webdcg\Redis\Traits;
4
5			trait Connection
6			{
7			/**
8			* Connects to a Redis instance.
9			*
10			* @param string $host can be a host, or the path to a unix domain socket. Starting from
11			* version 5.0.0 it is possible to specify
12			* @param int\|int $port optional defaults to 6379
13			* @param float\|int $timeout value in seconds (optional, default is 0 meaning unlimited)
14			* @param null $reserved should be NULL if retry_interval is specified
15			* @param int\|int $retry_interval value in milliseconds (optional)
16			* @param float\|int $read_timeout value in seconds (optional, default is 0 meaning unlimited)
17			*
18			* @return bool true on success, false on error
19			*
20			* @throws RedisException
21			*/
22			public function connect(
23			string $host = '127.0.0.1',
24			int $port = 6379,
25			float $timeout = 0.0,
26			$reserved = null,
27			int $retry_interval = 0,
28			float $read_timeout = 0
29			): bool {
30			return $this->redis->connect($host, $port, $timeout, $reserved, $retry_interval, $read_timeout);
			0 ignored issues – show Bug introduced 2020-01-10 19:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `redis` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
31			}
32
33			/**
34			* Connects to a Redis instance.
35			*
36			* @param string $host can be a host, or the path to a unix domain socket. Starting from
37			* version 5.0.0 it is possible to specify
38			* @param int\|int $port optional defaults to 6379
39			* @param float\|int $timeout value in seconds (optional, default is 0 meaning unlimited)
40			* @param null $reserved should be NULL if retry_interval is specified
41			* @param int\|int $retry_interval value in milliseconds (optional)
42			* @param float\|int $read_timeout value in seconds (optional, default is 0 meaning unlimited)
43			*
44			* @return bool true on success, false on error
45			*
46			* @throws RedisException
47			*/
48			public function open(
49			string $host = '127.0.0.1',
50			int $port = 6379,
51			float $timeout = 0.0,
52			$reserved = null,
53			int $retry_interval = 0,
54			float $read_timeout = 0
55			): bool {
56			return $this->connect($host, $port, $timeout, $reserved, $retry_interval, $read_timeout);
57			}
58
59			/**
60			* Connects to a Redis instance or reuse a connection already established with pconnect/popen.
61			*
62			* The connection will not be closed on end of request until the php process ends. So be prepared for too many
63			* open FD's errors (specially on redis server side) when using persistent connections on many servers
64			* connecting to one redis server.
65			*
66			* Also more than one persistent connection can be made identified by either host + port + timeout or
67			* host + persistent_id or unix socket + timeout.
68			*
69			* Starting from version 4.2.1, it became possible to use connection pooling by setting INI variable
70			* redis.pconnect.pooling_enabled to 1.
71			*
72			* This feature is not available in threaded versions. pconnect and popen then working like their non
73			* persistent equivalents.
74			*
75			* @param string $host can be a host, or the path to a unix domain socket. Starting from version
76			* 5.0.0 it is possible to specify
77			* @param int\|int $port optional defaults to 6379
78			* @param float\|int $timeout value in seconds (optional, default is 0 meaning unlimited)
79			* @param string $persistent_id identity for the requested persistent connection
80			* @param int\|int $retry_interval value in milliseconds (optional)
81			* @param float\|int $read_timeout value in seconds (optional, default is 0 meaning unlimited)
82			*
83			* @return bool true on success, false on error
84			*
85			* @throws RedisException
86			*/
87			public function pconnect(
88			string $host,
89			int $port,
90			float $timeout,
91			string $persistent_id,
92			?int $retry_interval = 0,
93			?float $read_timeout = 0
94			): bool {
95			return $this->redis->pconnect($host, $port, $timeout, $persistent_id, $retry_interval, $read_timeout);
96			}
97
98			/**
99			* Connects to a Redis instance or reuse a connection already established with pconnect/popen.
100			*
101			* The connection will not be closed on end of request until the php process ends. So be prepared for too many
102			* open FD's errors (specially on redis server side) when using persistent connections on many servers
103			* connecting to one redis server.
104			*
105			* Also more than one persistent connection can be made identified by either host + port + timeout or
106			* host + persistent_id or unix socket + timeout.
107			*
108			* Starting from version 4.2.1, it became possible to use connection pooling by setting INI variable
109			* redis.pconnect.pooling_enabled to 1.
110			*
111			* This feature is not available in threaded versions. pconnect and popen then working like their non
112			* persistent equivalents.
113			*
114			* @param string $host can be a host, or the path to a unix domain socket. Starting from version
115			* 5.0.0 it is possible to specify
116			* @param int\|int $port optional defaults to 6379
117			* @param float\|int $timeout value in seconds (optional, default is 0 meaning unlimited)
118			* @param string $persistent_id identity for the requested persistent connection
119			* @param int\|int $retry_interval value in milliseconds (optional)
120			* @param float\|int $read_timeout value in seconds (optional, default is 0 meaning unlimited)
121			*
122			* @return bool true on success, false on error
123			*
124			* @throws RedisException
125			*/
126			public function popen(
127			string $host,
128			int $port,
129			float $timeout,
130			string $persistent_id,
131			?int $retry_interval = 0,
132			?float $read_timeout = 0
133			): bool {
134			return $this->pconnect($host, $port, $timeout, $persistent_id, $retry_interval, $read_timeout);
135			}
136
137			/**
138			* Authenticate the connection using a password. Warning: The password is sent in plain-text over the network.
139			*
140			* @param string $password
141			*
142			* @return bool true if the connection is authenticated, false otherwise.
143			*/
144			public function auth(string $password): bool
145			{
146			return $this->redis->auth($password);
147			}
148
149			/**
150			* Change the selected database for the current connection.
151			*
152			* @param int $db the database number to switch to (0 - 15).
153			*
154			* @return bool true in case of success, false in case of failure.
155			*/
156			public function select(int $db): bool
157			{
158			return $this->redis->select($db);
159			}
160
161			/**
162			* Swap one Redis database with another atomically.
163			*
164			* @param int $db1 Database to Switch From (valid 0 - 15)
165			* @param int $db2 Database to Switch To (valid 0 - 15)
166			*
167			* @return bool true in case of success, false in case of failure.
168			*/
169			public function swapdb(int $db1, int $db2): bool
170			{
171			return $this->redis->swapdb($db1, $db2);
172			}
173
174			/**
175			* Disconnects from the Redis instance.
176			*
177			* Note: Closing a persistent connection requires PhpRedis >= 4.2.0.
178			*
179			* @return bool TRUE on success, FALSE on failure.
180			*/
181			public function close(): bool
182			{
183			return $this->redis->close();
184			}
185
186			/**
187			* Set client option.
188			*
189			* @param string $name
190			* @param string $value
191			*
192			* @return bool true on success, false on error.
193			*/
194			public function setOption(string $name, string $value): bool
195			{
196			return $this->redis->setOption($name, $value);
197			}
198
199			/**
200			* Get client option.
201			*
202			* @param string $name
203			*
204			* @return string
205			*/
206			public function getOption(string $name): string
207			{
208			return $this->redis->getOption($name);
209			}
210
211			/**
212			* Check the current connection status.
213			*
214			* Note: Prior to PhpRedis 5.0.0 this command simply returned the string +PONG.
215			*
216			* @param string\|null $message
217			*
218			* @return Mixed: This method returns true on success, or the passed string if called with an argument.
			0 ignored issues – show Documentation introduced 2020-01-10 19:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `Mixed:` could not be parsed: Unknown type name "Mixed:" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
219			*/
220			public function ping(?string $message = null)
221			{
222			return $message ? $this->redis->ping($message) : $this->redis->ping();
223			}
224
225			/**
226			* Sends a string to Redis, which replies with the same string.
227			*
228			* @param string $message The message to send.
229			*
230			* @return string the same message.
231			*/
232			public function echo(string $message): string
233			{
234			return $this->redis->echo($message);
235			}
236			}
237

webdcg / redis

Issues (37)

Security Analysis no request data

src/Traits/Connection.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like