Issues in AbstractRedisStore.php (master) - Issues in master - webmozart/key-value-store - Measure and Improve Code Quality continuously with Scrutinizer

Issues (40)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/AbstractRedisStore.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the webmozart/key-value-store package.
 *
 * (c) Bernhard Schussek <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Webmozart\KeyValueStore;

use Exception;
use Webmozart\KeyValueStore\Api\KeyValueStore;
use Webmozart\KeyValueStore\Api\NoSuchKeyException;
use Webmozart\KeyValueStore\Api\ReadException;
use Webmozart\KeyValueStore\Api\WriteException;
use Webmozart\KeyValueStore\Util\KeyUtil;
use Webmozart\KeyValueStore\Util\Serializer;

/**
 * An abstract Redis key-value store to support multiple Redis clients without code duplication.
 *
 * @since  1.0
 *
 * @author Bernhard Schussek <[email protected]>
 * @author Titouan Galopin <[email protected]>
 */
abstract class AbstractRedisStore implements KeyValueStore
{
    /**
     * Redis client.
     *
     * @var object
     */
    protected $client;

    /**
     * Return the value corresponding to "not found"
     * for the internal client.
     *
     * @return mixed
     */
    abstract protected function clientNotFoundValue();

    /**
     * Call the internal client method to fetch a key.
     * Don't have to catch the exceptions.
     *
     * @param string $key The key to fetch
     *
     * @return mixed The raw value
     */
    abstract protected function clientGet($key);

    /**
     * Call the internal client method to fetch multiple keys.
     * Don't have to catch the exceptions.
     *
     * @param array $keys The keys to fetch
     *
     * @return array The raw values
     */
    abstract protected function clientGetMultiple(array $keys);

    /**
     * Call the internal client method to set a value associated to a key.
     * Don't have to catch the exceptions.
     *
     * @param string $key
     * @param mixed  $value
     */
    abstract protected function clientSet($key, $value);

    /**
     * Call the internal client method to remove a key.
     * Don't have to catch the exceptions.
     *
     * @param string $key
     *
     * @return bool true if the removal worked, false otherwise
     */
    abstract protected function clientRemove($key);

    /**
     * Call the internal client method to check if a key exists.
     * Don't have to catch the exceptions.
     *
     * @param string $key
     *
     * @return bool
     */
    abstract protected function clientExists($key);

    /**
     * Call the internal client method to clear all the keys.
     * Don't have to catch the exceptions.
     */
    abstract protected function clientClear();

    /**
     * Call the internal client method to fetch all the keys.
     * Don't have to catch the exceptions.
     *
     * @return array The keys
     */
    abstract protected function clientKeys();

    /**
     * {@inheritdoc}
     */
    public function getMultiple(array $keys, $default = null)
    {
        KeyUtil::validateMultiple($keys);

        // Normalize indices of the array
        $keys = array_values($keys);
        $values = array();

        try {
            $serializedValues = $this->clientGetMultiple($keys);
        } catch (Exception $e) {
            throw ReadException::forException($e);
        }

        foreach ($serializedValues as $i => $serializedValue) {
            $values[$keys[$i]] = $this->clientNotFoundValue() === $serializedValue
                ? $default
                : Serializer::unserialize($serializedValue);
        }

        return $values;
    }

    /**
     * {@inheritdoc}
     */
    public function getMultipleOrFail(array $keys)
    {
        KeyUtil::validateMultiple($keys);

        // Normalize indices of the array
        $keys = array_values($keys);
        $values = array();
        $notFoundKeys = array();

        try {
            $serializedValues = $this->clientGetMultiple($keys);
        } catch (Exception $e) {
            throw ReadException::forException($e);
        }

        foreach ($serializedValues as $i => $serializedValue) {
            if ($this->clientNotFoundValue() === $serializedValue) {
                $notFoundKeys[] = $keys[$i];
            } elseif (0 === count($notFoundKeys)) {
                $values[$keys[$i]] = Serializer::unserialize($serializedValue);
            }
        }

        if (0 !== count($notFoundKeys)) {
            throw NoSuchKeyException::forKeys($notFoundKeys);
        }

        return $values;
    }

    /**
     * {@inheritdoc}
     */
    public function get($key, $default = null)

    {
        KeyUtil::validate($key);

        try {
            $serialized = $this->clientGet($key);
        } catch (Exception $e) {
            throw ReadException::forException($e);
        }

        if ($this->clientNotFoundValue() === $serialized) {
            return $default;
        }

        return Serializer::unserialize($serialized);
    }

    /**
     * {@inheritdoc}
     */
    public function getOrFail($key)

    {
        KeyUtil::validate($key);

        try {
            $serialized = $this->clientGet($key);
        } catch (Exception $e) {
            throw ReadException::forException($e);
        }

        if ($this->clientNotFoundValue() === $serialized) {
            throw NoSuchKeyException::forKey($key);
        }

        return Serializer::unserialize($serialized);
    }

    /**
     * {@inheritdoc}
     */
    public function set($key, $value)
    {
        KeyUtil::validate($key);

        $serialized = Serializer::serialize($value);

        try {
            $this->clientSet($key, $serialized);
        } catch (Exception $e) {
            throw WriteException::forException($e);
        }
    }

    /**
     * {@inheritdoc}
     */
    public function remove($key)
    {
        KeyUtil::validate($key);

        try {
            return (bool) $this->clientRemove($key);
        } catch (Exception $e) {
            throw WriteException::forException($e);
        }
    }

    /**
     * {@inheritdoc}
     */
    public function exists($key)
    {
        KeyUtil::validate($key);

        try {
            return $this->clientExists($key);
        } catch (Exception $e) {
            throw ReadException::forException($e);
        }
    }

    /**
     * {@inheritdoc}
     */
    public function clear()
    {
        try {
            $this->clientClear();
        } catch (Exception $e) {
            throw WriteException::forException($e);
        }
    }

    /**
     * {@inheritdoc}
     */
    public function keys()
    {
        try {
            return $this->clientKeys();
        } catch (Exception $e) {
            throw ReadException::forException($e);
        }
    }
}


1			<?php
2
3			/*
4			* This file is part of the webmozart/key-value-store package.
5			*
6			* (c) Bernhard Schussek <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			namespace Webmozart\KeyValueStore;
13
14			use Exception;
15			use Webmozart\KeyValueStore\Api\KeyValueStore;
16			use Webmozart\KeyValueStore\Api\NoSuchKeyException;
17			use Webmozart\KeyValueStore\Api\ReadException;
18			use Webmozart\KeyValueStore\Api\WriteException;
19			use Webmozart\KeyValueStore\Util\KeyUtil;
20			use Webmozart\KeyValueStore\Util\Serializer;
21
22			/**
23			* An abstract Redis key-value store to support multiple Redis clients without code duplication.
24			*
25			* @since 1.0
26			*
27			* @author Bernhard Schussek <[email protected]>
28			* @author Titouan Galopin <[email protected]>
29			*/
30			abstract class AbstractRedisStore implements KeyValueStore
31			{
32			/**
33			* Redis client.
34			*
35			* @var object
36			*/
37			protected $client;
38
39			/**
40			* Return the value corresponding to "not found"
41			* for the internal client.
42			*
43			* @return mixed
44			*/
45			abstract protected function clientNotFoundValue();
46
47			/**
48			* Call the internal client method to fetch a key.
49			* Don't have to catch the exceptions.
50			*
51			* @param string $key The key to fetch
52			*
53			* @return mixed The raw value
54			*/
55			abstract protected function clientGet($key);
56
57			/**
58			* Call the internal client method to fetch multiple keys.
59			* Don't have to catch the exceptions.
60			*
61			* @param array $keys The keys to fetch
62			*
63			* @return array The raw values
64			*/
65			abstract protected function clientGetMultiple(array $keys);
66
67			/**
68			* Call the internal client method to set a value associated to a key.
69			* Don't have to catch the exceptions.
70			*
71			* @param string $key
72			* @param mixed $value
73			*/
74			abstract protected function clientSet($key, $value);
75
76			/**
77			* Call the internal client method to remove a key.
78			* Don't have to catch the exceptions.
79			*
80			* @param string $key
81			*
82			* @return bool true if the removal worked, false otherwise
83			*/
84			abstract protected function clientRemove($key);
85
86			/**
87			* Call the internal client method to check if a key exists.
88			* Don't have to catch the exceptions.
89			*
90			* @param string $key
91			*
92			* @return bool
93			*/
94			abstract protected function clientExists($key);
95
96			/**
97			* Call the internal client method to clear all the keys.
98			* Don't have to catch the exceptions.
99			*/
100			abstract protected function clientClear();
101
102			/**
103			* Call the internal client method to fetch all the keys.
104			* Don't have to catch the exceptions.
105			*
106			* @return array The keys
107			*/
108			abstract protected function clientKeys();
109
110			/**
111			* {@inheritdoc}
112			*/
113	12		public function getMultiple(array $keys, $default = null)
114			{
115	12		KeyUtil::validateMultiple($keys);
116
117			// Normalize indices of the array
118	8		$keys = array_values($keys);
119	8		$values = array();
120
121			try {
122	8		$serializedValues = $this->clientGetMultiple($keys);
123	2		} catch (Exception $e) {
124	2		throw ReadException::forException($e);
125			}
126
127	6		foreach ($serializedValues as $i => $serializedValue) {
128	6		$values[$keys[$i]] = $this->clientNotFoundValue() === $serializedValue
129	2		? $default
130	6		: Serializer::unserialize($serializedValue);
131			}
132
133	4		return $values;
134			}
135
136			/**
137			* {@inheritdoc}
138			*/
139	64		public function getMultipleOrFail(array $keys)
140			{
141	64		KeyUtil::validateMultiple($keys);
142
143			// Normalize indices of the array
144	60		$keys = array_values($keys);
145	60		$values = array();
146	60		$notFoundKeys = array();
147
148			try {
149	60		$serializedValues = $this->clientGetMultiple($keys);
150	2		} catch (Exception $e) {
151	2		throw ReadException::forException($e);
152			}
153
154	58		foreach ($serializedValues as $i => $serializedValue) {
155	58		if ($this->clientNotFoundValue() === $serializedValue) {
156	2		$notFoundKeys[] = $keys[$i];
157	58		} elseif (0 === count($notFoundKeys)) {
158	58		$values[$keys[$i]] = Serializer::unserialize($serializedValue);
159			}
160			}
161
162	56		if (0 !== count($notFoundKeys)) {
163	2		throw NoSuchKeyException::forKeys($notFoundKeys);
164			}
165
166	54		return $values;
167			}
168
169			/**
170			* {@inheritdoc}
171			*/
172	14	View Code Duplication	public function get($key, $default = null)
			0 ignored issues – show Duplication introduced 2015-12-28 16:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
173			{
174	14		KeyUtil::validate($key);
175
176			try {
177	10		$serialized = $this->clientGet($key);
178	2		} catch (Exception $e) {
179	2		throw ReadException::forException($e);
180			}
181
182	8		if ($this->clientNotFoundValue() === $serialized) {
183	2		return $default;
184			}
185
186	6		return Serializer::unserialize($serialized);
187			}
188
189			/**
190			* {@inheritdoc}
191			*/
192	64	View Code Duplication	public function getOrFail($key)
			0 ignored issues – show Duplication introduced 2015-12-28 16:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
193			{
194	64		KeyUtil::validate($key);
195
196			try {
197	60		$serialized = $this->clientGet($key);
198	2		} catch (Exception $e) {
199	2		throw ReadException::forException($e);
200			}
201
202	58		if ($this->clientNotFoundValue() === $serialized) {
203	2		throw NoSuchKeyException::forKey($key);
204			}
205
206	56		return Serializer::unserialize($serialized);
207			}
208
209			/**
210			* {@inheritdoc}
211			*/
212	116		public function set($key, $value)
213			{
214	116		KeyUtil::validate($key);
215
216	112		$serialized = Serializer::serialize($value);
217
218			try {
219	108		$this->clientSet($key, $serialized);
220	2		} catch (Exception $e) {
221	2		throw WriteException::forException($e);
222			}
223	106		}
224
225			/**
226			* {@inheritdoc}
227			*/
228	20		public function remove($key)
229			{
230	20		KeyUtil::validate($key);
231
232			try {
233	16		return (bool) $this->clientRemove($key);
234	2		} catch (Exception $e) {
235	2		throw WriteException::forException($e);
236			}
237			}
238
239			/**
240			* {@inheritdoc}
241			*/
242	62		public function exists($key)
243			{
244	62		KeyUtil::validate($key);
245
246			try {
247	58		return $this->clientExists($key);
248	2		} catch (Exception $e) {
249	2		throw ReadException::forException($e);
250			}
251			}
252
253			/**
254			* {@inheritdoc}
255			*/
256	164		public function clear()
257			{
258			try {
259	164		$this->clientClear();
260	2		} catch (Exception $e) {
261	2		throw WriteException::forException($e);
262			}
263	164		}
264
265			/**
266			* {@inheritdoc}
267			*/
268	8		public function keys()
269			{
270			try {
271	8		return $this->clientKeys();
272	2		} catch (Exception $e) {
273	2		throw ReadException::forException($e);
274			}
275			}
276			}
277

webmozart / key-value-store

Issues (40)

Security Analysis no request data

src/AbstractRedisStore.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like