Issues in ArgumentsMatcher.php (master) - Issues in master - weew/console-arguments - Measure and Improve Code Quality continuously with Scrutinizer

Issues (12)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Weew/ConsoleArguments/ArgumentsMatcher.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Weew\ConsoleArguments;

use Weew\ConsoleArguments\Exceptions\AmbiguousCommandException;
use Weew\ConsoleArguments\Exceptions\CommandNotFoundException;
use Weew\ConsoleArguments\Exceptions\InvalidOptionValueException;
use Weew\ConsoleArguments\Exceptions\MissingArgumentValueException;
use Weew\ConsoleArguments\Exceptions\MissingCommandNameException;
use Weew\ConsoleArguments\Exceptions\MissingOptionValueException;
use Weew\ConsoleArguments\Exceptions\TooManyArgumentValuesException;
use Weew\ConsoleArguments\Exceptions\UnknownOptionException;

class ArgumentsMatcher implements IArgumentsMatcher {
    /**
     * @var IArgumentsParser
     */
    protected $argumentsParser;

    /**
     * ArgumentsMatcher constructor.
     *
     * @param IArgumentsParser $argumentsParser
     */
    public function __construct(IArgumentsParser $argumentsParser = null) {
        if ( ! $argumentsParser instanceof IArgumentsParser) {
            $argumentsParser = $this->createArgumentsParser();
        }

        $this->argumentsParser = $argumentsParser;
    }

    /**
     * @param array $args
     *
     * @return array
     * @throws MissingCommandNameException
     */
    public function matchCommandName(array $args) {
        $commandName = null;

        if (array_has($args, 'arguments')) {
            $commandName = (string) array_shift($args['arguments']);
        }

        if ( ! $commandName || str_starts_with($commandName, '-')) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            throw new MissingCommandNameException(
                'You must provide a valid command name.'
            );
        }

        return [$commandName, $args];
    }

    /**
     * @param array $commands
     * @param array $groupedArgs
     * @param bool $strict
     *
     * @return array[ICommand, array]

     * @throws AmbiguousCommandException
     * @throws CommandNotFoundException
     * @throws MissingCommandNameException
     * @throws TooManyArgumentValuesException
     * @throws UnknownOptionException
     */
    public function matchCommands(array $commands, array $groupedArgs, $strict = true) {
        list($commandName, $groupedArgs) = $this->matchCommandName($groupedArgs);
        $command = $this->findCommand($commands, $commandName);

        $groupedArgs = $this->matchCommand($command, $groupedArgs, $strict);

        return [$command, $groupedArgs];
    }

    /**
     * @param ICommand $command
     * @param array $groupedArgs
     * @param bool $strict
     *
     * @return array
     * @throws MissingArgumentValueException
     * @throws TooManyArgumentValuesException
     * @throws UnknownOptionException
     */
    public function matchCommand(ICommand $command, array $groupedArgs, $strict = true) {
        foreach ($command->getArguments() as $argument) {
            $groupedArgs = $this->matchArgument($argument, $groupedArgs, $strict);
        }

        $leftoverArgs = array_get($groupedArgs, 'arguments', []);

        if (is_array($leftoverArgs) && count($leftoverArgs) > 0 && $strict) {
            throw new TooManyArgumentValuesException(s(
                'Too many arguments, remove: %s.',
                implode(', ', $leftoverArgs)
            ));
        }

        $foundOptions = ['arguments', 'options'];

        foreach ($command->getOptions() as $option) {
            $groupedArgs = $this->matchOption($option, $groupedArgs, $strict);
            $foundOptions[] = $option->getNameOrAlias();
        }

        if ($strict) {
            foreach ($groupedArgs as $key => $arg) {
                if ( ! array_contains($foundOptions, $key)) {
                    throw new UnknownOptionException(s(
                        'Invalid option "%s".',
                        $key
                    ));
                }
            }
        }

        return $groupedArgs;
    }

    /**
     * @param ICommand[] $commands
     * @param $commandName
     *
     * @return ICommand
     * @throws AmbiguousCommandException
     * @throws CommandNotFoundException
     * @throws MissingCommandNameException
     */
    public function findCommand(array $commands, $commandName) {
        $matches = [];

        foreach ($commands as $command) {
            if ($this->compareCommandName($command->getName(), $commandName)) {
                $matches[] = $command;
            }
        }

        if (count($matches) === 1) {
            return $matches[0];
        } else if (count($matches) === 0) {
            throw new CommandNotFoundException(s(
                'Could not find a command that matches "%s".',
                $commandName
            ));
        } else {
            $qualifiedCommandNames = '';

            foreach ($matches as $command) {
                $qualifiedCommandNames .= "\n" . $command->getName();
            }

            throw new AmbiguousCommandException(s(
                'Please be more precise with the command name. ' .
                'There are several commands that qualify for "%s": %s',
                $commandName,
                $qualifiedCommandNames
            ));
        }
    }

    /**
     * @param string $commandName
     * @param string $search
     *
     * @return bool
     */
    public function compareCommandName($commandName, $search) {
        $commandName = preg_split('/(:|-|_)/', $commandName);
        $search = preg_split('/(:|-|_)/', $search);

        foreach ($search as $index => $searchPart) {
            $stringPart = array_get($commandName, $index);

            if ($stringPart === null) {
                return false;
            }

            if ( ! str_starts_with($stringPart, $searchPart)) {
                return false;
            }
        }

        return true;
    }

    /**
     * @param IArgument $argument
     * @param array $groupedArgs
     * @param bool $strict
     *
     * @return array
     * @throws MissingArgumentValueException
     */
    public function matchArgument(IArgument $argument, array $groupedArgs, $strict = true) {
        $arg = null;

        if (array_has($groupedArgs, 'arguments')) {
            if ($argument->isSingle()) {
                $arg = array_shift($groupedArgs['arguments']);
            } else if ($argument->isMultiple()) {
                $arg = array_get($groupedArgs, 'arguments');
                array_set($groupedArgs, 'arguments', []);
            }
        }

        if ($argument->isRequired() && $strict && ($arg === null || $arg === [])) {
            throw new MissingArgumentValueException(s(
                'Missing argument value "%s".', $argument->getName()
            ));
        }

        $argument->setValue($arg);

        return $groupedArgs;
    }

    /**
     * @param IOption $option
     * @param array $groupedArgs
     * @param bool $strict
     *
     * @return array
     * @throws InvalidOptionValueException
     * @throws MissingOptionValueException
     */
    public function matchOption(IOption $option, array $groupedArgs, $strict = true) {
        $groupedArgs = $this->argumentsParser
            ->mergeNameAndAlias($groupedArgs, $option->getName(), $option->getAlias());

        if ($option->isIncremental()) {
            $groupedArgs = $this->matchIncrementalOption($option, $groupedArgs, $strict);
        } else if ($option->isBoolean()) {
            $groupedArgs = $this->matchBooleanOption($option, $groupedArgs, $strict);
        } else {
            $groupedArgs = $this->matchRegularOption($option, $groupedArgs, $strict);
        }

        return $groupedArgs;
    }

    /**
     * @param IOption $option
     * @param array $groupedArgs
     * @param bool $strict
     *
     * @return array
     */
    protected function matchIncrementalOption(IOption $option, array $groupedArgs, $strict) {

        if (array_has($groupedArgs, $option->getNameOrAlias())) {
            $values = array_take($groupedArgs, $option->getNameOrAlias());
            $optionCount = array_get($groupedArgs, s('options.%s', $option->getNameOrAlias()), 0);
            $valueProvided = false;

            foreach ($values as $value) {
                if (is_numeric($value)) {
                    $option->setValue(intval($value));
                    $valueProvided = true;
                }
            }

            if ( ! $valueProvided) {
                $option->setValue($optionCount);
            }
        }

        return $groupedArgs;
    }

    /**
     * @param IOption $option
     * @param array $groupedArgs
     * @param bool $strict
     *
     * @return array
     * @throws InvalidOptionValueException
     */
    protected function matchBooleanOption(IOption $option, array $groupedArgs, $strict) {
        if (array_has($groupedArgs, $option->getNameOrAlias())) {
            $values = array_take($groupedArgs, $option->getNameOrAlias());

            if ($values === []) {
                $option->setValue(true);
            } else {
                $value = array_pop($values);

                if (array_contains([1, '1', true, 'true'], $value)) {
                    $option->setValue(true);
                } else if (array_contains([0, '0', false, 'false'], $value)) {
                    $option->setValue(false);
                } else if ($strict) {
                    throw new InvalidOptionValueException(s(
                        'Boolean option "%s" expects one of these values: 0, 1, true, false.',
                        $option->getNameOrAlias()
                    ));
                }
            }
        }

        return $groupedArgs;
    }

    /**
     * @param IOption $option
     * @param array $groupedArgs
     * @param bool $strict
     *
     * @return array
     * @throws MissingOptionValueException
     */
    protected function matchRegularOption(IOption $option, array $groupedArgs, $strict) {
        $isRequired = $option->isRequired();
        $hasValue = array_has($groupedArgs, $option->getNameOrAlias()) &&
            count(array_get($groupedArgs, $option->getNameOrAlias())) > 0;

        if ($isRequired && ! $hasValue && $strict) {
            throw new MissingOptionValueException(s(
                'Missing option value "%s".', $option->getNameOrAlias()
            ));
        }

        if (array_has($groupedArgs, $option->getNameOrAlias())) {
            $values = array_take($groupedArgs, $option->getNameOrAlias());

            if ($option->isSingle()) {
                $option->setValue(array_pop($values));
            } else if ($option->isMultiple()) {
                $option->setValue($values);
            }
        }

        return $groupedArgs;
    }

    /**
     * @return IArgumentsParser
     */
    protected function createArgumentsParser() {
        return new ArgumentsParser();
    }
}


1			<?php
2
3			namespace Weew\ConsoleArguments;
4
5			use Weew\ConsoleArguments\Exceptions\AmbiguousCommandException;
6			use Weew\ConsoleArguments\Exceptions\CommandNotFoundException;
7			use Weew\ConsoleArguments\Exceptions\InvalidOptionValueException;
8			use Weew\ConsoleArguments\Exceptions\MissingArgumentValueException;
9			use Weew\ConsoleArguments\Exceptions\MissingCommandNameException;
10			use Weew\ConsoleArguments\Exceptions\MissingOptionValueException;
11			use Weew\ConsoleArguments\Exceptions\TooManyArgumentValuesException;
12			use Weew\ConsoleArguments\Exceptions\UnknownOptionException;
13
14			class ArgumentsMatcher implements IArgumentsMatcher {
15			/**
16			* @var IArgumentsParser
17			*/
18			protected $argumentsParser;
19
20			/**
21			* ArgumentsMatcher constructor.
22			*
23			* @param IArgumentsParser $argumentsParser
24			*/
25			public function __construct(IArgumentsParser $argumentsParser = null) {
26			if ( ! $argumentsParser instanceof IArgumentsParser) {
27			$argumentsParser = $this->createArgumentsParser();
28			}
29
30			$this->argumentsParser = $argumentsParser;
31			}
32
33			/**
34			* @param array $args
35			*
36			* @return array
37			* @throws MissingCommandNameException
38			*/
39			public function matchCommandName(array $args) {
40			$commandName = null;
41
42			if (array_has($args, 'arguments')) {
43			$commandName = (string) array_shift($args['arguments']);
44			}
45
46			if ( ! $commandName \|\| str_starts_with($commandName, '-')) {
			0 ignored issues – show Bug Best Practice introduced 2016-07-21 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$commandName` of type `string\|null` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
47			throw new MissingCommandNameException(
48			'You must provide a valid command name.'
49			);
50			}
51
52			return [$commandName, $args];
53			}
54
55			/**
56			* @param array $commands
57			* @param array $groupedArgs
58			* @param bool $strict
59			*
60			* @return array[ICommand, array]
			0 ignored issues – show Documentation introduced 2016-07-21 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `array[ICommand,` could not be parsed: Expected "]" at position 2, but found "ICommand". (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
61			* @throws AmbiguousCommandException
62			* @throws CommandNotFoundException
63			* @throws MissingCommandNameException
64			* @throws TooManyArgumentValuesException
65			* @throws UnknownOptionException
66			*/
67			public function matchCommands(array $commands, array $groupedArgs, $strict = true) {
68			list($commandName, $groupedArgs) = $this->matchCommandName($groupedArgs);
69			$command = $this->findCommand($commands, $commandName);
70
71			$groupedArgs = $this->matchCommand($command, $groupedArgs, $strict);
72
73			return [$command, $groupedArgs];
74			}
75
76			/**
77			* @param ICommand $command
78			* @param array $groupedArgs
79			* @param bool $strict
80			*
81			* @return array
82			* @throws MissingArgumentValueException
83			* @throws TooManyArgumentValuesException
84			* @throws UnknownOptionException
85			*/
86			public function matchCommand(ICommand $command, array $groupedArgs, $strict = true) {
87			foreach ($command->getArguments() as $argument) {
88			$groupedArgs = $this->matchArgument($argument, $groupedArgs, $strict);
89			}
90
91			$leftoverArgs = array_get($groupedArgs, 'arguments', []);
92
93			if (is_array($leftoverArgs) && count($leftoverArgs) > 0 && $strict) {
94			throw new TooManyArgumentValuesException(s(
95			'Too many arguments, remove: %s.',
96			implode(', ', $leftoverArgs)
97			));
98			}
99
100			$foundOptions = ['arguments', 'options'];
101
102			foreach ($command->getOptions() as $option) {
103			$groupedArgs = $this->matchOption($option, $groupedArgs, $strict);
104			$foundOptions[] = $option->getNameOrAlias();
105			}
106
107			if ($strict) {
108			foreach ($groupedArgs as $key => $arg) {
109			if ( ! array_contains($foundOptions, $key)) {
110			throw new UnknownOptionException(s(
111			'Invalid option "%s".',
112			$key
113			));
114			}
115			}
116			}
117
118			return $groupedArgs;
119			}
120
121			/**
122			* @param ICommand[] $commands
123			* @param $commandName
124			*
125			* @return ICommand
126			* @throws AmbiguousCommandException
127			* @throws CommandNotFoundException
128			* @throws MissingCommandNameException
129			*/
130			public function findCommand(array $commands, $commandName) {
131			$matches = [];
132
133			foreach ($commands as $command) {
134			if ($this->compareCommandName($command->getName(), $commandName)) {
135			$matches[] = $command;
136			}
137			}
138
139			if (count($matches) === 1) {
140			return $matches[0];
141			} else if (count($matches) === 0) {
142			throw new CommandNotFoundException(s(
143			'Could not find a command that matches "%s".',
144			$commandName
145			));
146			} else {
147			$qualifiedCommandNames = '';
148
149			foreach ($matches as $command) {
150			$qualifiedCommandNames .= "\n" . $command->getName();
151			}
152
153			throw new AmbiguousCommandException(s(
154			'Please be more precise with the command name. ' .
155			'There are several commands that qualify for "%s": %s',
156			$commandName,
157			$qualifiedCommandNames
158			));
159			}
160			}
161
162			/**
163			* @param string $commandName
164			* @param string $search
165			*
166			* @return bool
167			*/
168			public function compareCommandName($commandName, $search) {
169			$commandName = preg_split('/(:\|-\|_)/', $commandName);
170			$search = preg_split('/(:\|-\|_)/', $search);
171
172			foreach ($search as $index => $searchPart) {
173			$stringPart = array_get($commandName, $index);
174
175			if ($stringPart === null) {
176			return false;
177			}
178
179			if ( ! str_starts_with($stringPart, $searchPart)) {
180			return false;
181			}
182			}
183
184			return true;
185			}
186
187			/**
188			* @param IArgument $argument
189			* @param array $groupedArgs
190			* @param bool $strict
191			*
192			* @return array
193			* @throws MissingArgumentValueException
194			*/
195			public function matchArgument(IArgument $argument, array $groupedArgs, $strict = true) {
196			$arg = null;
197
198			if (array_has($groupedArgs, 'arguments')) {
199			if ($argument->isSingle()) {
200			$arg = array_shift($groupedArgs['arguments']);
201			} else if ($argument->isMultiple()) {
202			$arg = array_get($groupedArgs, 'arguments');
203			array_set($groupedArgs, 'arguments', []);
204			}
205			}
206
207			if ($argument->isRequired() && $strict && ($arg === null \|\| $arg === [])) {
208			throw new MissingArgumentValueException(s(
209			'Missing argument value "%s".', $argument->getName()
210			));
211			}
212
213			$argument->setValue($arg);
214
215			return $groupedArgs;
216			}
217
218			/**
219			* @param IOption $option
220			* @param array $groupedArgs
221			* @param bool $strict
222			*
223			* @return array
224			* @throws InvalidOptionValueException
225			* @throws MissingOptionValueException
226			*/
227			public function matchOption(IOption $option, array $groupedArgs, $strict = true) {
228			$groupedArgs = $this->argumentsParser
229			->mergeNameAndAlias($groupedArgs, $option->getName(), $option->getAlias());
230
231			if ($option->isIncremental()) {
232			$groupedArgs = $this->matchIncrementalOption($option, $groupedArgs, $strict);
233			} else if ($option->isBoolean()) {
234			$groupedArgs = $this->matchBooleanOption($option, $groupedArgs, $strict);
235			} else {
236			$groupedArgs = $this->matchRegularOption($option, $groupedArgs, $strict);
237			}
238
239			return $groupedArgs;
240			}
241
242			/**
243			* @param IOption $option
244			* @param array $groupedArgs
245			* @param bool $strict
246			*
247			* @return array
248			*/
249			protected function matchIncrementalOption(IOption $option, array $groupedArgs, $strict) {
			0 ignored issues – show Unused Code introduced 2016-07-21 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$strict` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
250			if (array_has($groupedArgs, $option->getNameOrAlias())) {
251			$values = array_take($groupedArgs, $option->getNameOrAlias());
252			$optionCount = array_get($groupedArgs, s('options.%s', $option->getNameOrAlias()), 0);
253			$valueProvided = false;
254
255			foreach ($values as $value) {
256			if (is_numeric($value)) {
257			$option->setValue(intval($value));
258			$valueProvided = true;
259			}
260			}
261
262			if ( ! $valueProvided) {
263			$option->setValue($optionCount);
264			}
265			}
266
267			return $groupedArgs;
268			}
269
270			/**
271			* @param IOption $option
272			* @param array $groupedArgs
273			* @param bool $strict
274			*
275			* @return array
276			* @throws InvalidOptionValueException
277			*/
278			protected function matchBooleanOption(IOption $option, array $groupedArgs, $strict) {
279			if (array_has($groupedArgs, $option->getNameOrAlias())) {
280			$values = array_take($groupedArgs, $option->getNameOrAlias());
281
282			if ($values === []) {
283			$option->setValue(true);
284			} else {
285			$value = array_pop($values);
286
287			if (array_contains([1, '1', true, 'true'], $value)) {
288			$option->setValue(true);
289			} else if (array_contains([0, '0', false, 'false'], $value)) {
290			$option->setValue(false);
291			} else if ($strict) {
292			throw new InvalidOptionValueException(s(
293			'Boolean option "%s" expects one of these values: 0, 1, true, false.',
294			$option->getNameOrAlias()
295			));
296			}
297			}
298			}
299
300			return $groupedArgs;
301			}
302
303			/**
304			* @param IOption $option
305			* @param array $groupedArgs
306			* @param bool $strict
307			*
308			* @return array
309			* @throws MissingOptionValueException
310			*/
311			protected function matchRegularOption(IOption $option, array $groupedArgs, $strict) {
312			$isRequired = $option->isRequired();
313			$hasValue = array_has($groupedArgs, $option->getNameOrAlias()) &&
314			count(array_get($groupedArgs, $option->getNameOrAlias())) > 0;
315
316			if ($isRequired && ! $hasValue && $strict) {
317			throw new MissingOptionValueException(s(
318			'Missing option value "%s".', $option->getNameOrAlias()
319			));
320			}
321
322			if (array_has($groupedArgs, $option->getNameOrAlias())) {
323			$values = array_take($groupedArgs, $option->getNameOrAlias());
324
325			if ($option->isSingle()) {
326			$option->setValue(array_pop($values));
327			} else if ($option->isMultiple()) {
328			$option->setValue($values);
329			}
330			}
331
332			return $groupedArgs;
333			}
334
335			/**
336			* @return IArgumentsParser
337			*/
338			protected function createArgumentsParser() {
339			return new ArgumentsParser();
340			}
341			}
342

weew / console-arguments

Issues (12)

Security Analysis no request data

src/Weew/ConsoleArguments/ArgumentsMatcher.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like