Issues in HttpResponse.php (master) - Issues in master - weew/http - Measure and Improve Code Quality continuously with Scrutinizer

Issues (16)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Weew/Http/HttpResponse.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Weew\Http;

use Weew\Http\Data\UrlEncodedData;

class HttpResponse implements IHttpResponse {
    /**
     * @var IHttpHeaders
     */
    protected $headers;

    /**
     * @var IHttpData
     */
    protected $data;

    /**
     * @var IContentTypeDataMatcher
     */
    protected $contentTypeDataMatcher;

    /**
     * @var ICookies
     */
    protected $cookies;

    /**
     * @var int
     */
    protected $statusCode;

    /**
     * @var null
     */
    protected $content;

    /**
     * @var string
     */
    protected $protocol = HttpProtocol::HTTP;

    /**
     * @var string
     */
    protected $version = HttpProtocol::CURRENT_VERSION;

    /**
     * @param int $statusCode
     * @param null $content
     * @param IHttpHeaders $headers
     */
    public function __construct(
        $statusCode = HttpStatusCode::OK,
        $content = null,
        IHttpHeaders $headers = null
    ) {
        if ($statusCode === null) {
            $statusCode = HttpStatusCode::OK;
        }

        if ( ! $headers instanceof IHttpHeaders) {
            $headers = $this->createHeaders();
        }

        $this->setStatusCode($statusCode);
        $this->setHeaders($headers);
        $this->setCookies($this->createCookies());
        $this->setContent($content);
        $this->setContentTypeDataMatcher($this->createContentTypeDataMatcher());

        $this->setDefaults();
    }

    /**
     * Use this method to transform a basic http response to its subclasses.
     *
     * @param IHttpResponse $httpResponse
     *
     * @return static
     */
    public static function create(IHttpResponse $httpResponse) {
        $customResponse = new static();
        $customResponse->extend($httpResponse);

        return $customResponse;
    }

    /**
     * Response headers are read only.
     *
     * @return IHttpHeaders
     */
    public function getHeaders() {
        return $this->headers;
    }

    /**
     * @param IHttpHeaders $headers
     */
    public function setHeaders(IHttpHeaders $headers) {
        $this->headers = $headers;
    }

    /**
     * @return IHttpData
     */
    public function getData() {
        if ( ! $this->data instanceof IHttpData) {
            $this->setData($this->createData());
        }

        return $this->data;
    }

    /**
     * @param IHttpData $data
     */
    public function setData(IHttpData $data) {
        $this->data = $data;
    }

    /**
     * @return IContentTypeDataMatcher
     */
    public function getContentTypeDataMatcher() {
        return $this->contentTypeDataMatcher;
    }

    /**
     * @param IContentTypeDataMatcher $contentTypeDataMatcher
     */
    public function setContentTypeDataMatcher(
        IContentTypeDataMatcher $contentTypeDataMatcher
    ) {
        $this->contentTypeDataMatcher = $contentTypeDataMatcher;
    }

    /**
     * @return int
     */
    public function getStatusCode() {
        return $this->statusCode;
    }

    /**
     * @see HttpStatusCodes
     *
     * @param $statusCode
     */
    public function setStatusCode($statusCode) {
        $this->statusCode = $statusCode;
    }

    /**
     * @return string
     */
    public function getStatusText() {
        return HttpStatusCode::getStatusText($this->getStatusCode());
    }

    /**
     * Send response.
     */
    public function send() {
        $this->getResponseBuilder()->build($this);
    }

    /**
     * @return mixed
     */
    public function getContent() {
        return $this->content;
    }

    /**
     * @return bool
     */
    public function hasContent() {
        return ! empty($this->content);
    }

    /**
     * @return string
     */
    public function getProtocol() {
        return $this->protocol;
    }

    /**
     * @param $protocol
     *
     * @see HttpProtocol
     */
    public function setProtocol($protocol) {
        $this->protocol = $protocol;
    }

    /**
     * @return string
     */
    public function getProtocolVersion() {
        return $this->version;
    }

    /**
     * @param $version
     *
     * @see HttpProtocol
     */
    public function setProtocolVersion($version) {
        $this->version = $version;
    }

    /**
     * @return ICookies
     */
    public function getCookies() {
        return $this->cookies;
    }

    /**
     * @param ICookies $cookies
     */
    public function setCookies(ICookies $cookies) {
        $this->cookies = $cookies;
    }

    /**
     * @param $content
     */
    public function setContent($content) {

        if (is_array($content) || is_object($content)) {
            $this->getData()->setData($content);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
        } else {
            $this->content = (string) $content;

        }
    }

    /**
     * @return bool
     */
    public function isSecure() {
        return $this->getProtocol() == HttpProtocol::HTTPS;
    }

    /**
     * @param string $contentType
     */
    public function setContentType($contentType) {
        $this->getHeaders()->set('content-type', $contentType);
    }

    /**
     * @return string
     */
    public function getContentType() {
        return $this->getHeaders()->find('content-type');
    }

    /**
     * Check if response status code is 2xx.
     *
     * @return bool
     */
    public function isOk() {
        return $this->getStatusCode() >= 200 && $this->getStatusCode() < 300;
    }

    /**
     * Check if response status code is 3xx.
     *
     * @return bool
     */
    public function isRedirect() {
        return $this->getStatusCode() >= 300 && $this->getStatusCode() < 400;
    }

    /**
     * Check if response status code is 4xx.
     *
     * @return bool
     */
    public function isClientError() {
        return $this->getStatusCode() >= 400 && $this->getStatusCode() < 500;
    }

    /**
     * Check if response status code is 5xx.
     *
     * @return bool
     */
    public function isServerError() {
        return $this->getStatusCode() >= 500 && $this->getStatusCode() < 600;
    }

    /**
     * Check if response status code is 4xx or 5xx.
     *
     * @return bool
     */
    public function isError() {
        return $this->isClientError() || $this->isServerError();
    }

    /**
     * Extend current response with another.
     *
     * @param IHttpResponse $response
     */
    public function extend(IHttpResponse $response) {
        $this->setHeaders(clone($response->getHeaders()));
        $this->setProtocol($response->getProtocol());
        $this->setProtocolVersion($response->getProtocolVersion());
        $this->setStatusCode($response->getStatusCode());
        $this->setContent($response->getContent());
        $this->setCookies(clone($response->getCookies()));

        $this->setDefaultContentType();
    }

    /**
     * @return array
     */
    public function toArray() {
        return [
            'protocol' => $this->getProtocol(),
            'version' => $this->getProtocolVersion(),
            'statusCode' => $this->getStatusCode(),
            'statusCodeText' => $this->getStatusText(),
            'headers' => $this->getHeaders()->toArray(),
            'content' => $this->getContent(),
        ];
    }

    /**
     * Use this as hook to extend your custom response.
     */
    protected function setDefaults() {
        if ($this->getContentType() === null) {
            $this->setDefaultContentType();
        }
    }

    /**
     * @return HttpHeaders
     */
    protected function createHeaders() {
        return new HttpHeaders();
    }

    /**
     * @return Cookies
     */
    protected function createCookies() {
        return new Cookies($this);
    }

    /**
     * @return IHttpResponseBuilder
     */
    protected function getResponseBuilder() {
        return new HttpResponseBuilder();
    }

    /**
     * Set the default content type of this response.
     */
    protected function setDefaultContentType() {}

    /**
     * @return UrlEncodedData
     */
    protected function createData() {
        $matcher = new ContentTypeDataMatcher();

        return $matcher->createDataForContentType($this, $this->getContentType());
    }

    /**
     * @return IContentTypeDataMatcher
     */
    protected function createContentTypeDataMatcher() {
        return new ContentTypeDataMatcher();
    }
}


1		<?php
2
3		namespace Weew\Http;
4
5		use Weew\Http\Data\UrlEncodedData;
6
7		class HttpResponse implements IHttpResponse {
8		/**
9		* @var IHttpHeaders
10		*/
11		protected $headers;
12
13		/**
14		* @var IHttpData
15		*/
16		protected $data;
17
18		/**
19		* @var IContentTypeDataMatcher
20		*/
21		protected $contentTypeDataMatcher;
22
23		/**
24		* @var ICookies
25		*/
26		protected $cookies;
27
28		/**
29		* @var int
30		*/
31		protected $statusCode;
32
33		/**
34		* @var null
35		*/
36		protected $content;
37
38		/**
39		* @var string
40		*/
41		protected $protocol = HttpProtocol::HTTP;
42
43		/**
44		* @var string
45		*/
46		protected $version = HttpProtocol::CURRENT_VERSION;
47
48		/**
49		* @param int $statusCode
50		* @param null $content
51		* @param IHttpHeaders $headers
52		*/
53		public function __construct(
54		$statusCode = HttpStatusCode::OK,
55		$content = null,
56		IHttpHeaders $headers = null
57		) {
58		if ($statusCode === null) {
59		$statusCode = HttpStatusCode::OK;
60		}
61
62		if ( ! $headers instanceof IHttpHeaders) {
63		$headers = $this->createHeaders();
64		}
65
66		$this->setStatusCode($statusCode);
67		$this->setHeaders($headers);
68		$this->setCookies($this->createCookies());
69		$this->setContent($content);
70		$this->setContentTypeDataMatcher($this->createContentTypeDataMatcher());
71
72		$this->setDefaults();
73		}
74
75		/**
76		* Use this method to transform a basic http response to its subclasses.
77		*
78		* @param IHttpResponse $httpResponse
79		*
80		* @return static
81		*/
82		public static function create(IHttpResponse $httpResponse) {
83		$customResponse = new static();
84		$customResponse->extend($httpResponse);
85
86		return $customResponse;
87		}
88
89		/**
90		* Response headers are read only.
91		*
92		* @return IHttpHeaders
93		*/
94		public function getHeaders() {
95		return $this->headers;
96		}
97
98		/**
99		* @param IHttpHeaders $headers
100		*/
101		public function setHeaders(IHttpHeaders $headers) {
102		$this->headers = $headers;
103		}
104
105		/**
106		* @return IHttpData
107		*/
108		public function getData() {
109		if ( ! $this->data instanceof IHttpData) {
110		$this->setData($this->createData());
111		}
112
113		return $this->data;
114		}
115
116		/**
117		* @param IHttpData $data
118		*/
119		public function setData(IHttpData $data) {
120		$this->data = $data;
121		}
122
123		/**
124		* @return IContentTypeDataMatcher
125		*/
126		public function getContentTypeDataMatcher() {
127		return $this->contentTypeDataMatcher;
128		}
129
130		/**
131		* @param IContentTypeDataMatcher $contentTypeDataMatcher
132		*/
133		public function setContentTypeDataMatcher(
134		IContentTypeDataMatcher $contentTypeDataMatcher
135		) {
136		$this->contentTypeDataMatcher = $contentTypeDataMatcher;
137		}
138
139		/**
140		* @return int
141		*/
142		public function getStatusCode() {
143		return $this->statusCode;
144		}
145
146		/**
147		* @see HttpStatusCodes
148		*
149		* @param $statusCode
150		*/
151		public function setStatusCode($statusCode) {
152		$this->statusCode = $statusCode;
153		}
154
155		/**
156		* @return string
157		*/
158		public function getStatusText() {
159		return HttpStatusCode::getStatusText($this->getStatusCode());
160		}
161
162		/**
163		* Send response.
164		*/
165		public function send() {
166		$this->getResponseBuilder()->build($this);
167		}
168
169		/**
170		* @return mixed
171		*/
172		public function getContent() {
173		return $this->content;
174		}
175
176		/**
177		* @return bool
178		*/
179		public function hasContent() {
180		return ! empty($this->content);
181		}
182
183		/**
184		* @return string
185		*/
186		public function getProtocol() {
187		return $this->protocol;
188		}
189
190		/**
191		* @param $protocol
192		*
193		* @see HttpProtocol
194		*/
195		public function setProtocol($protocol) {
196		$this->protocol = $protocol;
197		}
198
199		/**
200		* @return string
201		*/
202		public function getProtocolVersion() {
203		return $this->version;
204		}
205
206		/**
207		* @param $version
208		*
209		* @see HttpProtocol
210		*/
211		public function setProtocolVersion($version) {
212		$this->version = $version;
213		}
214
215		/**
216		* @return ICookies
217		*/
218		public function getCookies() {
219		return $this->cookies;
220		}
221
222		/**
223		* @param ICookies $cookies
224		*/
225		public function setCookies(ICookies $cookies) {
226		$this->cookies = $cookies;
227		}
228
229		/**
230		* @param $content
231		*/
232	View Code Duplication	public function setContent($content) {
		0 ignored issues – show Duplication introduced 2016-07-21 11:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
233		if (is_array($content) \|\| is_object($content)) {
234		$this->getData()->setData($content);
		0 ignored issues – show Bug introduced 2016-07-21 11:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$content` can also be of type `object`; however, `Weew\Http\IHttpData::setData()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
235		} else {
236		$this->content = (string) $content;
		0 ignored issues – show Documentation Bug introduced 2016-07-21 11:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `(string) $content` of type `string` is incompatible with the declared type `null` of property `$content`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
237		}
238		}
239
240		/**
241		* @return bool
242		*/
243		public function isSecure() {
244		return $this->getProtocol() == HttpProtocol::HTTPS;
245		}
246
247		/**
248		* @param string $contentType
249		*/
250		public function setContentType($contentType) {
251		$this->getHeaders()->set('content-type', $contentType);
252		}
253
254		/**
255		* @return string
256		*/
257		public function getContentType() {
258		return $this->getHeaders()->find('content-type');
259		}
260
261		/**
262		* Check if response status code is 2xx.
263		*
264		* @return bool
265		*/
266		public function isOk() {
267		return $this->getStatusCode() >= 200 && $this->getStatusCode() < 300;
268		}
269
270		/**
271		* Check if response status code is 3xx.
272		*
273		* @return bool
274		*/
275		public function isRedirect() {
276		return $this->getStatusCode() >= 300 && $this->getStatusCode() < 400;
277		}
278
279		/**
280		* Check if response status code is 4xx.
281		*
282		* @return bool
283		*/
284		public function isClientError() {
285		return $this->getStatusCode() >= 400 && $this->getStatusCode() < 500;
286		}
287
288		/**
289		* Check if response status code is 5xx.
290		*
291		* @return bool
292		*/
293		public function isServerError() {
294		return $this->getStatusCode() >= 500 && $this->getStatusCode() < 600;
295		}
296
297		/**
298		* Check if response status code is 4xx or 5xx.
299		*
300		* @return bool
301		*/
302		public function isError() {
303		return $this->isClientError() \|\| $this->isServerError();
304		}
305
306		/**
307		* Extend current response with another.
308		*
309		* @param IHttpResponse $response
310		*/
311		public function extend(IHttpResponse $response) {
312		$this->setHeaders(clone($response->getHeaders()));
313		$this->setProtocol($response->getProtocol());
314		$this->setProtocolVersion($response->getProtocolVersion());
315		$this->setStatusCode($response->getStatusCode());
316		$this->setContent($response->getContent());
317		$this->setCookies(clone($response->getCookies()));
318
319		$this->setDefaultContentType();
320		}
321
322		/**
323		* @return array
324		*/
325		public function toArray() {
326		return [
327		'protocol' => $this->getProtocol(),
328		'version' => $this->getProtocolVersion(),
329		'statusCode' => $this->getStatusCode(),
330		'statusCodeText' => $this->getStatusText(),
331		'headers' => $this->getHeaders()->toArray(),
332		'content' => $this->getContent(),
333		];
334		}
335
336		/**
337		* Use this as hook to extend your custom response.
338		*/
339		protected function setDefaults() {
340		if ($this->getContentType() === null) {
341		$this->setDefaultContentType();
342		}
343		}
344
345		/**
346		* @return HttpHeaders
347		*/
348		protected function createHeaders() {
349		return new HttpHeaders();
350		}
351
352		/**
353		* @return Cookies
354		*/
355		protected function createCookies() {
356		return new Cookies($this);
357		}
358
359		/**
360		* @return IHttpResponseBuilder
361		*/
362		protected function getResponseBuilder() {
363		return new HttpResponseBuilder();
364		}
365
366		/**
367		* Set the default content type of this response.
368		*/
369		protected function setDefaultContentType() {}
370
371		/**
372		* @return UrlEncodedData
373		*/
374		protected function createData() {
375		$matcher = new ContentTypeDataMatcher();
376
377		return $matcher->createDataForContentType($this, $this->getContentType());
378		}
379
380		/**
381		* @return IContentTypeDataMatcher
382		*/
383		protected function createContentTypeDataMatcher() {
384		return new ContentTypeDataMatcher();
385		}
386		}
387

weew / http

Issues (16)

Security Analysis not enabled

src/Weew/Http/HttpResponse.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like