Issues in Option.php (master) - Issues in master - weew/console-arguments - Measure and Improve Code Quality continuously with Scrutinizer

Issues (12)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Weew/ConsoleArguments/Option.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Weew\ConsoleArguments;

use Weew\ConsoleArguments\Exceptions\InvalidOptionAliasException;
use Weew\ConsoleArguments\Exceptions\InvalidOptionNameException;
use Weew\ConsoleArguments\Exceptions\InvalidOptionValueException;

class Option implements IOption {
    /**
     * @var string
     */
    protected $name;

    /**
     * @var string
     */
    protected $alias;

    /**
     * @var int
     */
    protected $type;

    /**
     * @var string
     */
    protected $description;

    /**
     * @var mixed
     */
    protected $value;

    /**
     * @var mixed
     */
    protected $defaultValue;

    /**
     * @var IArgumentsParser
     */
    protected $argumentsParser;

    /**
     * Option constructor.
     *
     * @param int $type
     * @param string $name
     * @param string $alias
     */
    public function __construct(
        $type,
        $name = null,
        $alias = null
    ) {
        $this->argumentsParser = $this->createArgumentsParser();

        $this->setType($type);
        $this->setName($name);
        $this->setAlias($alias);
    }

    /**
     * @return string
     */
    public function getName() {
        return $this->name;
    }

    /**
     * @param string $name
     *
     * @return IOption
     *
     * @throws InvalidOptionNameException
     */
    public function setName($name) {
        if ($name !== null && ! $this->argumentsParser->isOptionName($name)) {
            throw new InvalidOptionNameException(s(
                'A option name must have this format: "--option", got: "%s"', $name
            ));
        }

        $this->name = $name;

        return $this;
    }

    /**
     * @return string
     */
    public function getAlias() {
        return $this->alias;
    }

    /**
     * @param string $alias
     *
     * @return IOption
     *
     * @throws InvalidOptionAliasException
     */
    public function setAlias($alias) {
        if ($alias !== null && ! $this->argumentsParser->isOptionAlias($alias)) {
            throw new InvalidOptionAliasException(s(
                'A option alias must have this format: "-f", got: "%s"', $alias
            ));
        }

        $this->alias = $alias;

        return $this;
    }

    /**
     * @return string
     */
    public function getNameOrAlias() {
        if ($this->getName() !== null) {
            return $this->getName();
        }

        return $this->getAlias();
    }

    /**
     * @return int
     */
    public function getType() {
        return $this->type;
    }

    /**
     * @param int $type
     *
     * @return IOption
     *
     * @see ArgumentType
     */
    public function setType($type) {
        $this->type = $type;

        return $this;
    }

    /**
     * @return string
     */
    public function getDescription() {
        return $this->description;
    }

    /**
     * @param string $description
     *
     * @return IOption
     */
    public function setDescription($description) {
        $this->description = $description;

        return $this;
    }

    /**
     * @return bool|int
     */
    public function getValue() {
        if ($this->value === null) {
            return $this->getDefaultValue();
        }

        return $this->value;
    }

    /**
     * @param bool|int $value
     *
     * @return IOption
     *
     * @throws InvalidOptionValueException
     */
    public function setValue($value) {
        if ($value !== null) {
            if ($this->isIncremental() && ! is_numeric($value)) {
                throw new InvalidOptionValueException(s(
                    'Trying to set a non numeric value "%s" on incremental option "%s".',
                    get_type($value),
                    $this->getNameOrAlias()
                ));
            }

            if ($this->isBoolean() && ! is_bool($value)) {
                throw new InvalidOptionValueException(s(
                    'Trying to set a non boolean value "%s" on boolean option "%s".',
                    get_type($value),
                    $this->getNameOrAlias()
                ));
            }

            if ($this->isSingle() && ! is_scalar($value)) {

                throw new InvalidOptionValueException(s(
                    'Trying to set a non scalar value "%s" on option "%s" ' .
                    'that expects one scalar value.',
                    get_type($value),
                    $this->getNameOrAlias()
                ));
            }

            if ($this->isMultiple() && ! is_array($value)) {

                throw new InvalidOptionValueException(s(
                    'Trying to set a non array value "%s" on option "%s" ' .
                    'that expects multiple values.',
                    get_type($value),
                    $this->getNameOrAlias()
                ));
            }
        }

        $this->value = $value;

        return $this;
    }

    /**
     * @return bool
     */
    public function hasValue() {
        return $this->value !== null;
    }

    /**
     * @return mixed
     */
    public function getDefaultValue() {
        if ($this->defaultValue !== null) {
            return $this->defaultValue;
        } else if ($this->isBoolean()) {
            return false;
        } else if ($this->isIncremental()) {
            return 0;
        } else if ($this->isMultiple()) {
            return [];
        }

        return null;
    }

    /**
     * @param mixed $defaultValue
     *
     * @return IOption
     */
    public function setDefaultValue($defaultValue) {
        $this->defaultValue = $defaultValue;

        return $this;
    }

    /**
     * @param $nameOrAlias
     *
     * @return bool
     */
    public function hasNameOrAlias($nameOrAlias) {
        return $this->getName() === $nameOrAlias ||
        $this->getAlias() === $nameOrAlias;
    }

    /**
     * @return bool
     */
    public function isRequired() {
        return $this->is(0x01);
    }

    /**
     * @return bool
     */
    public function isOptional() {
        return ! $this->isRequired();
    }

    /**
     * @return bool
     */
    public function isSingle() {
        return $this->is(OptionType::SINGLE)
            || $this->is(OptionType::SINGLE_OPTIONAL);
    }

    /**
     * @return bool
     */
    public function isMultiple() {
        return $this->is(OptionType::MULTIPLE)
            || $this->is(OptionType::MULTIPLE_OPTIONAL);
    }

    /**
     * @return bool
     */
    public function isBoolean() {
        return $this->is(OptionType::BOOLEAN);
    }

    /**
     * @return bool
     */
    public function isIncremental() {
        return $this->is(OptionType::INCREMENTAL);
    }

    /**
     * @param array $args
     * @param bool $strict
     *
     * @return array
     */
    public function parseArgs(array $args, $strict = true) {
        return $this->parseString(implode(' ', $args), $strict);
    }

    /**
     * @param array|null $argv
     * @param bool $strict
     *
     * @return array
     */
    public function parseArgv(array $argv = null, $strict = true) {

        if ( ! is_array($argv)) {
            global $argv;
function myFunction($a, $b) {
    // Do something
}
        }

        return $this->parseArgs(array_slice($argv, 1), $strict);
    }

    /**
     * @param $string
     * @param bool $strict
     *
     * @return array
     */
    public function parseString($string, $strict = true) {

        $parser = new ArgumentsParser();
        $matcher = new ArgumentsMatcher($parser);
        $args = $parser->parse($string);
        $args = $parser->group($args);

        return $matcher->matchOption($this, $args, $strict);
    }

    /**
     * @param $type
     *
     * @return bool
     */
    protected function is($type) {
        return ($this->getType() & $type) === $type;
    }

    /**
     * @return IArgumentsParser
     */
    protected function createArgumentsParser() {
        return new ArgumentsParser();
    }
}


Issues (12)

Security Analysis no request data

src/Weew/ConsoleArguments/Option.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1		<?php
2
3		namespace Weew\ConsoleArguments;
4
5		use Weew\ConsoleArguments\Exceptions\InvalidOptionAliasException;
6		use Weew\ConsoleArguments\Exceptions\InvalidOptionNameException;
7		use Weew\ConsoleArguments\Exceptions\InvalidOptionValueException;
8
9		class Option implements IOption {
10		/**
11		* @var string
12		*/
13		protected $name;
14
15		/**
16		* @var string
17		*/
18		protected $alias;
19
20		/**
21		* @var int
22		*/
23		protected $type;
24
25		/**
26		* @var string
27		*/
28		protected $description;
29
30		/**
31		* @var mixed
32		*/
33		protected $value;
34
35		/**
36		* @var mixed
37		*/
38		protected $defaultValue;
39
40		/**
41		* @var IArgumentsParser
42		*/
43		protected $argumentsParser;
44
45		/**
46		* Option constructor.
47		*
48		* @param int $type
49		* @param string $name
50		* @param string $alias
51		*/
52		public function __construct(
53		$type,
54		$name = null,
55		$alias = null
56		) {
57		$this->argumentsParser = $this->createArgumentsParser();
58
59		$this->setType($type);
60		$this->setName($name);
61		$this->setAlias($alias);
62		}
63
64		/**
65		* @return string
66		*/
67		public function getName() {
68		return $this->name;
69		}
70
71		/**
72		* @param string $name
73		*
74		* @return IOption
75		*
76		* @throws InvalidOptionNameException
77		*/
78		public function setName($name) {
79		if ($name !== null && ! $this->argumentsParser->isOptionName($name)) {
80		throw new InvalidOptionNameException(s(
81		'A option name must have this format: "--option", got: "%s"', $name
82		));
83		}
84
85		$this->name = $name;
86
87		return $this;
88		}
89
90		/**
91		* @return string
92		*/
93		public function getAlias() {
94		return $this->alias;
95		}
96
97		/**
98		* @param string $alias
99		*
100		* @return IOption
101		*
102		* @throws InvalidOptionAliasException
103		*/
104		public function setAlias($alias) {
105		if ($alias !== null && ! $this->argumentsParser->isOptionAlias($alias)) {
106		throw new InvalidOptionAliasException(s(
107		'A option alias must have this format: "-f", got: "%s"', $alias
108		));
109		}
110
111		$this->alias = $alias;
112
113		return $this;
114		}
115
116		/**
117		* @return string
118		*/
119		public function getNameOrAlias() {
120		if ($this->getName() !== null) {
121		return $this->getName();
122		}
123
124		return $this->getAlias();
125		}
126
127		/**
128		* @return int
129		*/
130		public function getType() {
131		return $this->type;
132		}
133
134		/**
135		* @param int $type
136		*
137		* @return IOption
138		*
139		* @see ArgumentType
140		*/
141		public function setType($type) {
142		$this->type = $type;
143
144		return $this;
145		}
146
147		/**
148		* @return string
149		*/
150		public function getDescription() {
151		return $this->description;
152		}
153
154		/**
155		* @param string $description
156		*
157		* @return IOption
158		*/
159		public function setDescription($description) {
160		$this->description = $description;
161
162		return $this;
163		}
164
165		/**
166		* @return bool\|int
167		*/
168		public function getValue() {
169		if ($this->value === null) {
170		return $this->getDefaultValue();
171		}
172
173		return $this->value;
174		}
175
176		/**
177		* @param bool\|int $value
178		*
179		* @return IOption
180		*
181		* @throws InvalidOptionValueException
182		*/
183		public function setValue($value) {
184		if ($value !== null) {
185		if ($this->isIncremental() && ! is_numeric($value)) {
186		throw new InvalidOptionValueException(s(
187		'Trying to set a non numeric value "%s" on incremental option "%s".',
188		get_type($value),
189		$this->getNameOrAlias()
190		));
191		}
192
193		if ($this->isBoolean() && ! is_bool($value)) {
194		throw new InvalidOptionValueException(s(
195		'Trying to set a non boolean value "%s" on boolean option "%s".',
196		get_type($value),
197		$this->getNameOrAlias()
198		));
199		}
200
201	View Code Duplication	if ($this->isSingle() && ! is_scalar($value)) {
		0 ignored issues – show Duplication introduced 2016-07-21 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
202		throw new InvalidOptionValueException(s(
203		'Trying to set a non scalar value "%s" on option "%s" ' .
204		'that expects one scalar value.',
205		get_type($value),
206		$this->getNameOrAlias()
207		));
208		}
209
210	View Code Duplication	if ($this->isMultiple() && ! is_array($value)) {
		0 ignored issues – show Duplication introduced 2016-07-21 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
211		throw new InvalidOptionValueException(s(
212		'Trying to set a non array value "%s" on option "%s" ' .
213		'that expects multiple values.',
214		get_type($value),
215		$this->getNameOrAlias()
216		));
217		}
218		}
219
220		$this->value = $value;
221
222		return $this;
223		}
224
225		/**
226		* @return bool
227		*/
228		public function hasValue() {
229		return $this->value !== null;
230		}
231
232		/**
233		* @return mixed
234		*/
235		public function getDefaultValue() {
236		if ($this->defaultValue !== null) {
237		return $this->defaultValue;
238		} else if ($this->isBoolean()) {
239		return false;
240		} else if ($this->isIncremental()) {
241		return 0;
242		} else if ($this->isMultiple()) {
243		return [];
244		}
245
246		return null;
247		}
248
249		/**
250		* @param mixed $defaultValue
251		*
252		* @return IOption
253		*/
254		public function setDefaultValue($defaultValue) {
255		$this->defaultValue = $defaultValue;
256
257		return $this;
258		}
259
260		/**
261		* @param $nameOrAlias
262		*
263		* @return bool
264		*/
265		public function hasNameOrAlias($nameOrAlias) {
266		return $this->getName() === $nameOrAlias \|\|
267		$this->getAlias() === $nameOrAlias;
268		}
269
270		/**
271		* @return bool
272		*/
273		public function isRequired() {
274		return $this->is(0x01);
275		}
276
277		/**
278		* @return bool
279		*/
280		public function isOptional() {
281		return ! $this->isRequired();
282		}
283
284		/**
285		* @return bool
286		*/
287		public function isSingle() {
288		return $this->is(OptionType::SINGLE)
289		\|\| $this->is(OptionType::SINGLE_OPTIONAL);
290		}
291
292		/**
293		* @return bool
294		*/
295		public function isMultiple() {
296		return $this->is(OptionType::MULTIPLE)
297		\|\| $this->is(OptionType::MULTIPLE_OPTIONAL);
298		}
299
300		/**
301		* @return bool
302		*/
303		public function isBoolean() {
304		return $this->is(OptionType::BOOLEAN);
305		}
306
307		/**
308		* @return bool
309		*/
310		public function isIncremental() {
311		return $this->is(OptionType::INCREMENTAL);
312		}
313
314		/**
315		* @param array $args
316		* @param bool $strict
317		*
318		* @return array
319		*/
320		public function parseArgs(array $args, $strict = true) {
321		return $this->parseString(implode(' ', $args), $strict);
322		}
323
324		/**
325		* @param array\|null $argv
326		* @param bool $strict
327		*
328		* @return array
329		*/
330	View Code Duplication	public function parseArgv(array $argv = null, $strict = true) {
		0 ignored issues – show Duplication introduced 2016-07-21 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
331		if ( ! is_array($argv)) {
332		global $argv;
		0 ignored issues – show Compatibility Best Practice introduced 2016-07-21 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
333		}
334
335		return $this->parseArgs(array_slice($argv, 1), $strict);
336		}
337
338		/**
339		* @param $string
340		* @param bool $strict
341		*
342		* @return array
343		*/
344	View Code Duplication	public function parseString($string, $strict = true) {
		0 ignored issues – show Duplication introduced 2016-07-21 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
345		$parser = new ArgumentsParser();
346		$matcher = new ArgumentsMatcher($parser);
347		$args = $parser->parse($string);
348		$args = $parser->group($args);
349
350		return $matcher->matchOption($this, $args, $strict);
351		}
352
353		/**
354		* @param $type
355		*
356		* @return bool
357		*/
358		protected function is($type) {
359		return ($this->getType() & $type) === $type;
360		}
361
362		/**
363		* @return IArgumentsParser
364		*/
365		protected function createArgumentsParser() {
366		return new ArgumentsParser();
367		}
368		}
369

weew / console-arguments

Issues (12)

Security Analysis no request data

src/Weew/ConsoleArguments/Option.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like