Issues in DomainRecord.php (master) - Issues in master - weezqyd/vultr-php - Measure and Improve Code Quality continuously with Scrutinizer

Issues (64)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Api/DomainRecord.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 *   This file is part of the Vultr PHP library.
 *
 *   (c) Albert Leitato <[email protected]>
 *
 *   For the full copyright and license information, please view the LICENSE
 *   file that was distributed with this source code.
 */
namespace Vultr\Api;

use Vultr\Entity\DomainRecord as DomainRecordEntity;
use Vultr\Exceptions\HttpException;
use Vultr\Exceptions\InvalidRecordException;

/**
 * @author Albert Leitato <[email protected]>
 */
class DomainRecord extends AbstractApi
{
    /**
     * List all the records associated with a particular domain.
     *
     * @param string $domain Domain to list records for
     *
     * @return DomainRecordEntity
     */
    public function list($domain)
    {
        $domainRecords = $this->adapter->get(\sprintf('%s/dns/records?domain=%s', $this->endpoint, $domain));

        return $this->handleResponse($domainRecords, DomainRecordEntity::class, true);

    }

    /**
     * Add a DNS record.
     *
     * @param string $domain   Domain name to add record to
     * @param string $type     Type (A, AAAA, MX, etc) of record
     * @param string $name     Name (subdomain) of record
     * @param string $data     Data for this record
     * @param int    $priority (only required for MX and SRV) Priority of this record (omit the priority from the data)
     * @param int    $ttl      TTL of this record
     *
     * @throws HttpException|InvalidRecordException
     */
    public function create($domain, $type, $name, $data, $priority = null, $ttl = null)
    {
        switch ($type = \strtoupper($type)) {
            case 'A':
            case 'AAAA':
            case 'CNAME':
            case 'TXT':
                $content = compact('type', 'data', 'name');
                break;

            case 'NS':
                $content = compact('type', 'data');
                break;

            case 'SRV':
            case 'MX':
                $content = compact('type', 'data', 'name', 'priority');
                break;

            default:
                throw new InvalidRecordException('The domain record type is invalid.');
        }
        $content['domain'] = $domain;
        if (null !== $ttl) {
            $content['ttl'] = $ttl;
        }

        return $this->adapter->post(sprintf('%s/dns/create_record', $this->endpoint), http_build_query($content));
    }

    /**
     * @param string      $domain   Domain name to update record
     * @param int         $recordId ID of record to update
     * @param string|null $name     Name (subdomain) of record
     * @param string|null $data     Data for this record
     * @param int|null    $priority Priority of this record
     * @param int|null    $ttl      TTL of this record
     *
     * @throws HttpException
     *
     * @return DomainRecordEntity
     */
    public function update($domain, $recordId, $name = null, $data = null, $priority = null, $ttl = null)
    {
        $content = \compact('name', 'data', 'priority', 'ttl', 'domain');
        $content = \array_filter($content, function ($val) {
            return $val !== null;
        });
        $content['RECORDID'] = $recordId;

        $this->adapter->post(\sprintf('%s/dns/update_record', $this->endpoint), http_build_query($content));
    }

    /**
     * Delete an individual DNS record.
     *
     * @param string $domain   Domain name to delete record from
     * @param int    $recordId ID of record to delete
     *
     * @throws HttpException
     */
    public function delete($domain, $recordId)
    {
        $data = [
            'domain'   => $domain,
            'RECORDID' => $recordId,
        ];
        $this->adapter->post(\sprintf('%s/dns/delete_record', $this->endpoint), http_build_query($data));
    }
}


1			<?php
2			/*
3			* This file is part of the Vultr PHP library.
4			*
5			* (c) Albert Leitato <[email protected]>
6			*
7			* For the full copyright and license information, please view the LICENSE
8			* file that was distributed with this source code.
9			*/
10			namespace Vultr\Api;
11
12			use Vultr\Entity\DomainRecord as DomainRecordEntity;
13			use Vultr\Exceptions\HttpException;
14			use Vultr\Exceptions\InvalidRecordException;
15
16			/**
17			* @author Albert Leitato <[email protected]>
18			*/
19			class DomainRecord extends AbstractApi
20			{
21			/**
22			* List all the records associated with a particular domain.
23			*
24			* @param string $domain Domain to list records for
25			*
26			* @return DomainRecordEntity
27			*/
28			public function list($domain)
29			{
30			$domainRecords = $this->adapter->get(\sprintf('%s/dns/records?domain=%s', $this->endpoint, $domain));
31
32			return $this->handleResponse($domainRecords, DomainRecordEntity::class, true);
			0 ignored issues – show Bug Compatibility introduced 2017-05-27 11:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->handleResponse($d...inRecord::class, true);` of type `array\|object` adds the type `array` to the return on line 32 which is incompatible with the return type documented by `Vultr\Api\DomainRecord::list` of type `Vultr\Entity\DomainRecord`. Loading history...
33			}
34
35			/**
36			* Add a DNS record.
37			*
38			* @param string $domain Domain name to add record to
39			* @param string $type Type (A, AAAA, MX, etc) of record
40			* @param string $name Name (subdomain) of record
41			* @param string $data Data for this record
42			* @param int $priority (only required for MX and SRV) Priority of this record (omit the priority from the data)
43			* @param int $ttl TTL of this record
44			*
45			* @throws HttpException\|InvalidRecordException
46			*/
47			public function create($domain, $type, $name, $data, $priority = null, $ttl = null)
48			{
49			switch ($type = \strtoupper($type)) {
50			case 'A':
51			case 'AAAA':
52			case 'CNAME':
53			case 'TXT':
54			$content = compact('type', 'data', 'name');
55			break;
56
57			case 'NS':
58			$content = compact('type', 'data');
59			break;
60
61			case 'SRV':
62			case 'MX':
63			$content = compact('type', 'data', 'name', 'priority');
64			break;
65
66			default:
67			throw new InvalidRecordException('The domain record type is invalid.');
68			}
69			$content['domain'] = $domain;
70			if (null !== $ttl) {
71			$content['ttl'] = $ttl;
72			}
73
74			return $this->adapter->post(sprintf('%s/dns/create_record', $this->endpoint), http_build_query($content));
75			}
76
77			/**
78			* @param string $domain Domain name to update record
79			* @param int $recordId ID of record to update
80			* @param string\|null $name Name (subdomain) of record
81			* @param string\|null $data Data for this record
82			* @param int\|null $priority Priority of this record
83			* @param int\|null $ttl TTL of this record
84			*
85			* @throws HttpException
86			*
87			* @return DomainRecordEntity
88			*/
89			public function update($domain, $recordId, $name = null, $data = null, $priority = null, $ttl = null)
90			{
91			$content = \compact('name', 'data', 'priority', 'ttl', 'domain');
92			$content = \array_filter($content, function ($val) {
93			return $val !== null;
94			});
95			$content['RECORDID'] = $recordId;
96
97			$this->adapter->post(\sprintf('%s/dns/update_record', $this->endpoint), http_build_query($content));
98			}
99
100			/**
101			* Delete an individual DNS record.
102			*
103			* @param string $domain Domain name to delete record from
104			* @param int $recordId ID of record to delete
105			*
106			* @throws HttpException
107			*/
108			public function delete($domain, $recordId)
109			{
110			$data = [
111			'domain' => $domain,
112			'RECORDID' => $recordId,
113			];
114			$this->adapter->post(\sprintf('%s/dns/delete_record', $this->endpoint), http_build_query($data));
115			}
116			}
117

weezqyd / vultr-php

Issues (64)

Security Analysis no request data

src/Api/DomainRecord.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like