Issues in StringUtils.php (master) - Issues in master - webservices-nl/utils - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/StringUtils.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace WebservicesNl\Utils;

use Ddeboer\Transcoder\Transcoder;

/**
 * Class StringUtils.
 */
class StringUtils
{
    /**
     * @param string $filename
     * @param bool   $lowercase
     *
     * @throws \InvalidArgumentException
     *
     * @return string
     */
    public static function getFileExtension($filename, $lowercase = true)
    {
        if (false === is_string($filename)) {
            throw new \InvalidArgumentException(sprintf('Filename must be a string, %s given', gettype($filename)));
        }
        $extension = pathinfo($filename, PATHINFO_EXTENSION);

        return $lowercase ? strtolower($extension) : $extension;
    }

    /**
     * Determine if a string ends with a particular sequence.
     *
     * @param string $haystack
     * @param string $needle
     *
     * @throws \InvalidArgumentException
     *
     * @return bool
     */
    public static function stringEndsWith($haystack, $needle)
    {
        if (!is_string($haystack) || !is_string($needle)) {
            throw new \InvalidArgumentException('Not a string');
        }

        return (strrpos($haystack, $needle) + strlen($needle)) === strlen($haystack);
    }

    /**
     * Determine if a string starts with a particular sequence.
     *
     * @param string $haystack
     * @param string $needle
     *
     * @throws \InvalidArgumentException
     *
     * @return bool
     */
    public static function stringStartsWith($haystack, $needle)
    {
        if (!is_string($haystack) || !is_string($needle)) {
            throw new \InvalidArgumentException('Not a string');
        }

        return strpos($haystack, $needle) === 0;
    }

    /**
     * Remove the prefix from the provided string.
     *
     * @param string $haystack
     * @param string $prefix
     *
     * @throws \InvalidArgumentException
     *
     * @return string
     */
    public static function removePrefix($haystack, $prefix)
    {
        if (!is_string($haystack) || !is_string($prefix)) {
            throw new \InvalidArgumentException('Not a string');
        }

        if (strpos($haystack, $prefix) === 0) {
            $haystack = substr($haystack, strlen($prefix));
        }

        return $haystack;
    }

    /**
     * Convert strings with underscores into CamelCase (for getters and setters).
     *
     * @param string $string        The string to convert
     * @param bool   $firstCharCaps camelCase or CamelCase
     *
     * @throws \Ddeboer\Transcoder\Exception\UnsupportedEncodingException
     * @throws \Ddeboer\Transcoder\Exception\ExtensionMissingException
     * @throws \InvalidArgumentException
     *
     * @return string The converted string
     */
    public static function toCamelCase($string, $firstCharCaps = true)
    {
        if (!is_string($string)) {
            throw new \InvalidArgumentException('Not a string');
        }

        $transcoder = Transcoder::create();
        $string = $transcoder->transcode($string);

        if ($firstCharCaps === true) {
            $string = ucfirst($string);
        }

        return $string;
    }

    /**
     * Internal function for toUnderscore.
     *
     * @param string $word
     *
     * @throws \InvalidArgumentException
     *
     * @return string
     */
    private static function wordToUnderscored($word)

    {
        return strtolower(
            trim(
                preg_replace(
                    '~[^a-z^\d]+~i',
                    '_',
                    preg_replace(
                        '~([a-z\d+])([A-Z])~',
                        '\1_\2',
                        preg_replace('~([A-Z]+)([A-Z][a-z])~', '\1_\2', $word)
                    )
                ),
                '_'
            )
        );
    }

    /**
     * Converts a string to underscore version.
     * Also tries to filter out higher UTF-8 chars.
     *
     * @param string $string
     *
     * @throws \Ddeboer\Transcoder\Exception\UnsupportedEncodingException
     * @throws \Ddeboer\Transcoder\Exception\ExtensionMissingException
     * @throws \InvalidArgumentException
     *
     * @return string
     */
    public static function toUnderscore($string)
    {
        if (!is_string($string)) {
            throw new \InvalidArgumentException('Not a string');
        }

        $transCoder = Transcoder::create('ASCII');
        $string = $transCoder->transcode(trim($string));
        $words = explode(' ', $string);

        return implode('_', array_filter(array_map([static::class, 'wordToUnderscored'], $words)));
    }
}


1		<?php
2
3		namespace WebservicesNl\Utils;
4
5		use Ddeboer\Transcoder\Transcoder;
6
7		/**
8		* Class StringUtils.
9		*/
10		class StringUtils
11		{
12		/**
13		* @param string $filename
14		* @param bool $lowercase
15		*
16		* @throws \InvalidArgumentException
17		*
18		* @return string
19		*/
20	9	public static function getFileExtension($filename, $lowercase = true)
21		{
22	9	if (false === is_string($filename)) {
23	5	throw new \InvalidArgumentException(sprintf('Filename must be a string, %s given', gettype($filename)));
24		}
25	4	$extension = pathinfo($filename, PATHINFO_EXTENSION);
26
27	4	return $lowercase ? strtolower($extension) : $extension;
28		}
29
30		/**
31		* Determine if a string ends with a particular sequence.
32		*
33		* @param string $haystack
34		* @param string $needle
35		*
36		* @throws \InvalidArgumentException
37		*
38		* @return bool
39		*/
40	12	public static function stringEndsWith($haystack, $needle)
41		{
42	12	if (!is_string($haystack) \|\| !is_string($needle)) {
43	4	throw new \InvalidArgumentException('Not a string');
44		}
45
46	8	return (strrpos($haystack, $needle) + strlen($needle)) === strlen($haystack);
47		}
48
49		/**
50		* Determine if a string starts with a particular sequence.
51		*
52		* @param string $haystack
53		* @param string $needle
54		*
55		* @throws \InvalidArgumentException
56		*
57		* @return bool
58		*/
59	12	public static function stringStartsWith($haystack, $needle)
60		{
61	12	if (!is_string($haystack) \|\| !is_string($needle)) {
62	5	throw new \InvalidArgumentException('Not a string');
63		}
64
65	8	return strpos($haystack, $needle) === 0;
66		}
67
68		/**
69		* Remove the prefix from the provided string.
70		*
71		* @param string $haystack
72		* @param string $prefix
73		*
74		* @throws \InvalidArgumentException
75		*
76		* @return string
77		*/
78	12	public static function removePrefix($haystack, $prefix)
79		{
80	12	if (!is_string($haystack) \|\| !is_string($prefix)) {
81	4	throw new \InvalidArgumentException('Not a string');
82		}
83
84	8	if (strpos($haystack, $prefix) === 0) {
85	8	$haystack = substr($haystack, strlen($prefix));
86	8	}
87
88	8	return $haystack;
89		}
90
91		/**
92		* Convert strings with underscores into CamelCase (for getters and setters).
93		*
94		* @param string $string The string to convert
95		* @param bool $firstCharCaps camelCase or CamelCase
96		*
97		* @throws \Ddeboer\Transcoder\Exception\UnsupportedEncodingException
98		* @throws \Ddeboer\Transcoder\Exception\ExtensionMissingException
99		* @throws \InvalidArgumentException
100		*
101		* @return string The converted string
102		*/
103	12	public static function toCamelCase($string, $firstCharCaps = true)
104		{
105	12	if (!is_string($string)) {
106	4	throw new \InvalidArgumentException('Not a string');
107		}
108
109	8	$transcoder = Transcoder::create();
110	8	$string = $transcoder->transcode($string);
111
112	8	if ($firstCharCaps === true) {
113	8	$string = ucfirst($string);
114	8	}
115
116	8	return $string;
117		}
118
119		/**
120		* Internal function for toUnderscore.
121		*
122		* @param string $word
123		*
124		* @throws \InvalidArgumentException
125		*
126		* @return string
127		*/
128	17	private static function wordToUnderscored($word)
		0 ignored issues – show Unused Code introduced 2017-03-21 10:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method is not used, and could be removed. Loading history...
129		{
130	17	return strtolower(
131	17	trim(
132	17	preg_replace(
133	17	'~[^a-z^\d]+~i',
134	17	'_',
135	17	preg_replace(
136	17	'~([a-z\d+])([A-Z])~',
137	17	'\1_\2',
138	17	preg_replace('~([A-Z]+)([A-Z][a-z])~', '\1_\2', $word)
139	17	)
140	17	),
141		'_'
142	17	)
143	17	);
144		}
145
146		/**
147		* Converts a string to underscore version.
148		* Also tries to filter out higher UTF-8 chars.
149		*
150		* @param string $string
151		*
152		* @throws \Ddeboer\Transcoder\Exception\UnsupportedEncodingException
153		* @throws \Ddeboer\Transcoder\Exception\ExtensionMissingException
154		* @throws \InvalidArgumentException
155		*
156		* @return string
157		*/
158	22	public static function toUnderscore($string)
159		{
160	22	if (!is_string($string)) {
161	5	throw new \InvalidArgumentException('Not a string');
162		}
163
164	17	$transCoder = Transcoder::create('ASCII');
165	17	$string = $transCoder->transcode(trim($string));
166	17	$words = explode(' ', $string);
167
168	17	return implode('_', array_filter(array_map([static::class, 'wordToUnderscored'], $words)));
169		}
170		}
171

GitHub Access Token became invalid

Issues (3)

Security Analysis no request data

src/StringUtils.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

webservices-nl / utils

GitHub Access Token became invalid

Issues (3)

Security Analysis no request data

src/StringUtils.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like