Issues in HttpServer.php (master) - Issues in master - weew/http-server - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Weew/HttpServer/HttpServer.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Weew\HttpServer;

use Exception;
use Weew\Timer\ITimer;
use Weew\Timer\Timer;

class HttpServer implements IHttpServer {
    /**
     * @var string
     */
    protected $host;

    /**
     * @var int
     */
    protected $port;

    /**
     * @var string
     */
    protected $root;

    /**
     * @var float
     */
    protected $waitForServer;

    /**
     * @var bool
     */
    protected $enableOutput;

    /**
     * @var Commander
     */
    protected $commander;

    /**
     * @var Messenger
     */
    protected $messenger;

    /**
     * @var string
     */
    protected $logFile = '/dev/null';

    /**
     * @param $host
     * @param $port
     * @param $root
     * @param float $waitForServer
     * @param bool $enableOutput
     */
    public function __construct(
        $host, $port, $root,
        $waitForServer = 5.0,
        $enableOutput = false
    ) {
        $this->host = $host;
        $this->port = $port;
        $this->root = $root;
        $this->enableOutput = $enableOutput;
        $this->waitForServer = $waitForServer;

        $this->commander = $this->createCommander();
        $this->messenger = $this->createMessenger();
    }

    /**
     * Disable server output.
     */
    public function disableOutput() {
        $this->enableOutput = false;
    }

    /**
     * Enable server output.
     */
    public function enableOutput() {
        $this->enableOutput = true;
    }

    /**
     * File the server will be logging into.
     * Use /dev/null to disable logging
     * 
     * @param string $logFile
     */
    public function setLogFile($logFile) {
        $this->logFile = $logFile;
    }

    /**
     * Start server.
     */
    public function start() {
        if ($this->isRunning()) {
            $this->echoMessage(
                $this->messenger->getServerIsAlreadyRunningMessage(
                    date('r'), $this->host, $this->port, $this->getPid()
                )
            );
        } else {
            $this->startServer();
            $this->registerShutdownHandler();
            $this->waitForServerToStart();
        }
    }

    /**
     * Stop server.
     *
     * @throws Exception
     */
    public function stop() {
        if ($this->isRunning()) {
            $this->stopServer();
            $this->waitForServerToStop();
        } else {
            $this->echoMessage(
                $this->messenger->getServerIsNotRunningMessage(
                    date('r'), $this->host, $this->port
                )
            );
        }
    }

    /**
     * @return bool
     */
    public function isRunning() {

        $command = $this->commander
            ->getPidCommand($this->host, $this->port);
        exec($command, $output);

        return count($output) > 0;
    }

    /**
     * @param string $message
     */
    public function echoMessage($message = '') {
        if ( ! $this->enableOutput) {
            return;
        }

        if ($message) {
            $message = s('[HTTP SERVER] %s', $message);
        }

        echo PHP_EOL . $message . PHP_EOL;
    }

    /**
     * @return mixed
     */
    public function getPid() {

        $command = $this->commander
            ->getPidCommand($this->host, $this->port);
        exec($command, $output);

        return array_get($output, 0);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
    }

    /**
     * Start server.
     */
    protected function startServer() {
        $command = $this->commander
            ->getStartCommand($this->host, $this->port, $this->root, $this->logFile);
        exec($command, $output);

        $this->echoMessage($this->messenger->getStartMessage(
            date('r'), $this->host, $this->port, $this->getPid()
        ));
    }

    /**
     * Stop server.
     */
    protected function stopServer() {
        $pid = $this->getPid();
        $command = $this->commander->getStopCommand($pid);
        exec($command);

        $this->echoMessage(
            $this->messenger->getStopMessage(date('r'), $pid)
        );
    }

    /**
     * Fail-safe server shutdown.
     */
    protected function registerShutdownHandler() {
        register_shutdown_function([$this, 'stop']);
    }

    /**
     * @throws Exception
     */
    protected function waitForServerToStart() {

        if ($this->waitForServer > 0) {
            $timer = $this->createTimer();
            $timer->start();

            while ( ! $this->isRunning()) {
                if ($timer->getDuration() < $this->waitForServer) {
                    usleep(100000); // 0.1 second
                } else {
                    throw new Exception(
                        s('Could not start server after %d seconds.', $this->waitForServer)
                    );
                }
            }
        }
    }

    /**
     * @throws Exception
     */
    protected function waitForServerToStop() {

        if ($this->waitForServer > 0) {
            $timer = $this->createTimer();
            $timer->start();

            while ($this->isRunning()) {
                if ($timer->getDuration() < $this->waitForServer) {
                    usleep(100000); // 0.1 second
                } else {
                    throw new Exception(
                        s('Could not stop server after %d seconds.', $this->waitForServer)
                    );
                }
            }
        }
    }

    /**
     * @return ITimer
     */
    protected function createTimer() {
        return new Timer();
    }

    /**
     * @return Commander
     */
    protected function createCommander() {
        return new Commander();
    }

    /**
     * @return Messenger
     */
    protected function createMessenger() {
        return new Messenger();
    }
}


1		<?php
2
3		namespace Weew\HttpServer;
4
5		use Exception;
6		use Weew\Timer\ITimer;
7		use Weew\Timer\Timer;
8
9		class HttpServer implements IHttpServer {
10		/**
11		* @var string
12		*/
13		protected $host;
14
15		/**
16		* @var int
17		*/
18		protected $port;
19
20		/**
21		* @var string
22		*/
23		protected $root;
24
25		/**
26		* @var float
27		*/
28		protected $waitForServer;
29
30		/**
31		* @var bool
32		*/
33		protected $enableOutput;
34
35		/**
36		* @var Commander
37		*/
38		protected $commander;
39
40		/**
41		* @var Messenger
42		*/
43		protected $messenger;
44
45		/**
46		* @var string
47		*/
48		protected $logFile = '/dev/null';
49
50		/**
51		* @param $host
52		* @param $port
53		* @param $root
54		* @param float $waitForServer
55		* @param bool $enableOutput
56		*/
57		public function __construct(
58		$host, $port, $root,
59		$waitForServer = 5.0,
60		$enableOutput = false
61		) {
62		$this->host = $host;
63		$this->port = $port;
64		$this->root = $root;
65		$this->enableOutput = $enableOutput;
66		$this->waitForServer = $waitForServer;
67
68		$this->commander = $this->createCommander();
69		$this->messenger = $this->createMessenger();
70		}
71
72		/**
73		* Disable server output.
74		*/
75		public function disableOutput() {
76		$this->enableOutput = false;
77		}
78
79		/**
80		* Enable server output.
81		*/
82		public function enableOutput() {
83		$this->enableOutput = true;
84		}
85
86		/**
87		* File the server will be logging into.
88		* Use /dev/null to disable logging
89		*
90		* @param string $logFile
91		*/
92		public function setLogFile($logFile) {
93		$this->logFile = $logFile;
94		}
95
96		/**
97		* Start server.
98		*/
99		public function start() {
100		if ($this->isRunning()) {
101		$this->echoMessage(
102		$this->messenger->getServerIsAlreadyRunningMessage(
103		date('r'), $this->host, $this->port, $this->getPid()
104		)
105		);
106		} else {
107		$this->startServer();
108		$this->registerShutdownHandler();
109		$this->waitForServerToStart();
110		}
111		}
112
113		/**
114		* Stop server.
115		*
116		* @throws Exception
117		*/
118		public function stop() {
119		if ($this->isRunning()) {
120		$this->stopServer();
121		$this->waitForServerToStop();
122		} else {
123		$this->echoMessage(
124		$this->messenger->getServerIsNotRunningMessage(
125		date('r'), $this->host, $this->port
126		)
127		);
128		}
129		}
130
131		/**
132		* @return bool
133		*/
134	View Code Duplication	public function isRunning() {
		0 ignored issues – show Duplication introduced 2016-07-21 11:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
135		$command = $this->commander
136		->getPidCommand($this->host, $this->port);
137		exec($command, $output);
138
139		return count($output) > 0;
140		}
141
142		/**
143		* @param string $message
144		*/
145		public function echoMessage($message = '') {
146		if ( ! $this->enableOutput) {
147		return;
148		}
149
150		if ($message) {
151		$message = s('[HTTP SERVER] %s', $message);
152		}
153
154		echo PHP_EOL . $message . PHP_EOL;
155		}
156
157		/**
158		* @return mixed
159		*/
160	View Code Duplication	public function getPid() {
		0 ignored issues – show Duplication introduced 2016-07-21 11:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
161		$command = $this->commander
162		->getPidCommand($this->host, $this->port);
163		exec($command, $output);
164
165		return array_get($output, 0);
		0 ignored issues – show Bug introduced 2016-07-21 11:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$output` can also be of type `null`; however, `array_get()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
166		}
167
168		/**
169		* Start server.
170		*/
171		protected function startServer() {
172		$command = $this->commander
173		->getStartCommand($this->host, $this->port, $this->root, $this->logFile);
174		exec($command, $output);
175
176		$this->echoMessage($this->messenger->getStartMessage(
177		date('r'), $this->host, $this->port, $this->getPid()
178		));
179		}
180
181		/**
182		* Stop server.
183		*/
184		protected function stopServer() {
185		$pid = $this->getPid();
186		$command = $this->commander->getStopCommand($pid);
187		exec($command);
188
189		$this->echoMessage(
190		$this->messenger->getStopMessage(date('r'), $pid)
191		);
192		}
193
194		/**
195		* Fail-safe server shutdown.
196		*/
197		protected function registerShutdownHandler() {
198		register_shutdown_function([$this, 'stop']);
199		}
200
201		/**
202		* @throws Exception
203		*/
204	View Code Duplication	protected function waitForServerToStart() {
		0 ignored issues – show Duplication introduced 2016-07-21 11:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
205		if ($this->waitForServer > 0) {
206		$timer = $this->createTimer();
207		$timer->start();
208
209		while ( ! $this->isRunning()) {
210		if ($timer->getDuration() < $this->waitForServer) {
211		usleep(100000); // 0.1 second
212		} else {
213		throw new Exception(
214		s('Could not start server after %d seconds.', $this->waitForServer)
215		);
216		}
217		}
218		}
219		}
220
221		/**
222		* @throws Exception
223		*/
224	View Code Duplication	protected function waitForServerToStop() {
		0 ignored issues – show Duplication introduced 2016-07-21 11:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
225		if ($this->waitForServer > 0) {
226		$timer = $this->createTimer();
227		$timer->start();
228
229		while ($this->isRunning()) {
230		if ($timer->getDuration() < $this->waitForServer) {
231		usleep(100000); // 0.1 second
232		} else {
233		throw new Exception(
234		s('Could not stop server after %d seconds.', $this->waitForServer)
235		);
236		}
237		}
238		}
239		}
240
241		/**
242		* @return ITimer
243		*/
244		protected function createTimer() {
245		return new Timer();
246		}
247
248		/**
249		* @return Commander
250		*/
251		protected function createCommander() {
252		return new Commander();
253		}
254
255		/**
256		* @return Messenger
257		*/
258		protected function createMessenger() {
259		return new Messenger();
260		}
261		}
262

weew / http-server

Issues (5)

Security Analysis no request data

src/Weew/HttpServer/HttpServer.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like