zachleigh /
laravel-property-bag
| Conditions | 3 |
| Paths | 4 |
| Total Lines | 16 |
| Code Lines | 9 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
| Metric | Value |
|---|---|
| dl | 0 |
| loc | 16 |
| rs | 9.4285 |
| c | 0 |
| b | 0 |
| f | 0 |
| cc | 3 |
| eloc | 9 |
| nc | 4 |
| nop | 0 |
| 1 | <?php |
||
| 2 | |||
| 3 | namespace LaravelPropertyBag\Settings; |
||
| 4 | |||
| 5 | use LaravelPropertyBag\Helpers\NameResolver; |
||
| 6 | use LaravelPropertyBag\Exceptions\ResourceNotFound; |
||
| 7 | |||
| 8 | trait HasSettings |
||
| 9 | { |
||
| 10 | /** |
||
| 11 | * Instance of Settings. |
||
| 12 | * |
||
| 13 | * @var LaravelPropertyBag\Settings\Settings |
||
| 14 | */ |
||
| 15 | protected $settings = null; |
||
| 16 | |||
| 17 | /** |
||
| 18 | * A resource has many settings in a property bag. |
||
| 19 | * |
||
| 20 | * @return \Illuminate\Database\Eloquent\Relations\MorphMany |
||
| 21 | */ |
||
| 22 | public function propertyBag() |
||
| 23 | { |
||
| 24 | return $this->morphMany(PropertyBag::class, 'resource'); |
||
|
0 ignored issues
–
show
|
|||
| 25 | } |
||
| 26 | |||
| 27 | /** |
||
| 28 | * If passed is string, get settings class for the resource or return value |
||
| 29 | * for given key. If passed is array, set the key value pair. |
||
| 30 | * |
||
| 31 | * @param string|array $passed |
||
| 32 | * |
||
| 33 | * @return LaravelPropertyBag\Settings\Settings|mixed |
||
| 34 | */ |
||
| 35 | public function settings($passed = null) |
||
| 36 | { |
||
| 37 | if (is_array($passed)) { |
||
| 38 | return $this->setSettings($passed); |
||
| 39 | } elseif (!is_null($passed)) { |
||
| 40 | $settings = $this->getSettingsInstance(); |
||
| 41 | |||
| 42 | return $settings->get($passed); |
||
| 43 | } |
||
| 44 | |||
| 45 | return $this->getSettingsInstance(); |
||
| 46 | } |
||
| 47 | |||
| 48 | /** |
||
| 49 | * Get settings off this or create new instance. |
||
| 50 | * |
||
| 51 | * @return LaravelPropertyBag\Settings\Settings |
||
| 52 | */ |
||
| 53 | protected function getSettingsInstance() |
||
| 54 | { |
||
| 55 | if (isset($this->settings)) { |
||
| 56 | return $this->settings; |
||
| 57 | } |
||
| 58 | |||
| 59 | $settingsConfig = $this->getSettingsConfig(); |
||
| 60 | |||
| 61 | return $this->settings = new Settings($settingsConfig, $this); |
||
|
0 ignored issues
–
show
It seems like
new \LaravelPropertyBag\...$settingsConfig, $this) of type object<LaravelPropertyBag\Settings\Settings> is incompatible with the declared type object<LaravelPropertyBa...yBag\Settings\Settings> of property $settings.
Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..  Loading history...
|
|||
| 62 | } |
||
| 63 | |||
| 64 | /** |
||
| 65 | * Get the settings class name. |
||
| 66 | * |
||
| 67 | * @throws ResourceNotFound |
||
| 68 | * |
||
| 69 | * @return LaravelPropertyBag\Settings\ResourceConfig |
||
| 70 | */ |
||
| 71 | protected function getSettingsConfig() |
||
| 72 | { |
||
| 73 | if (isset($this->settingsConfig)) { |
||
| 74 | $fullNamespace = $this->settingsConfig; |
||
|
0 ignored issues
–
show
The property
settingsConfig does not seem to exist. Did you mean settings?
An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
|
|||
| 75 | } else { |
||
| 76 | $className = $this->getShortClassName(); |
||
| 77 | |||
| 78 | $fullNamespace = NameResolver::makeConfigFileName($className); |
||
| 79 | } |
||
| 80 | |||
| 81 | if (class_exists($fullNamespace)) { |
||
| 82 | return new $fullNamespace($this); |
||
| 83 | } |
||
| 84 | |||
| 85 | throw ResourceNotFound::resourceConfigNotFound($fullNamespace); |
||
| 86 | } |
||
| 87 | |||
| 88 | /** |
||
| 89 | * Get the short name of the model. |
||
| 90 | * |
||
| 91 | * @return string |
||
| 92 | */ |
||
| 93 | protected function getShortClassName() |
||
| 94 | { |
||
| 95 | $reflection = new \ReflectionClass($this); |
||
| 96 | |||
| 97 | return $reflection->getShortName(); |
||
| 98 | } |
||
| 99 | |||
| 100 | /** |
||
| 101 | * Set settings. |
||
| 102 | * |
||
| 103 | * @param array $attributes |
||
| 104 | * |
||
| 105 | * @return LaravelPropertyBag\Settings\Settings |
||
| 106 | */ |
||
| 107 | public function setSettings(array $attributes) |
||
| 108 | { |
||
| 109 | return $this->settings()->set($attributes); |
||
| 110 | } |
||
| 111 | |||
| 112 | /** |
||
| 113 | * Set all allowed settings by Request. |
||
| 114 | * |
||
| 115 | * @return LaravelPropertyBag\Settings\Settings |
||
| 116 | */ |
||
| 117 | public function setSettingsByRequest() |
||
| 118 | { |
||
| 119 | $allAllowedSettings = array_keys($this->allSettings()->toArray()); |
||
| 120 | return $this->settings()->set(request()->only($allAllowedSettings)); |
||
|
0 ignored issues
–
show
$allAllowedSettings can contain request data and is used in file inclusion context(s) leading to a potential security vulnerability.
9 paths for user data to reach this point
1. Path:
$this->parameters['HTTP_AUTHORIZATION'] seems to return tainted data, and $authorizationHeader is assigned
in ServerBag.php on line 62
2. Path:
Read from
$_POST, and $_POST is passed to Request::createRequestFromFactory()
in Request.php on line 281
4. Path:
Fetching key
HTTP_CONTENT_LENGTH from $_SERVER, and $server is assigned
in Request.php on line 274
5. Path:
Fetching key
HTTP_CONTENT_TYPE from $_SERVER, and $server is assigned
in Request.php on line 277
6. Path:
$server['HTTP_HOST'] seems to return tainted data, and $server is assigned
in Request.php on line 347
7. Path:
$this->parameters['PHP_AUTH_USER'] seems to return tainted data, and $headers is assigned
in ServerBag.php on line 43
8. Path:
$this->parameters['PHP_AUTH_PW'] seems to return tainted data, and $headers is assigned
in ServerBag.php on line 44
9. Path:
Read from
$_SERVER
in src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 19
Used in path-read context
General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
$allAllowedSettings can contain request data and is used in file manipulation context(s) leading to a potential security vulnerability.
9 paths for user data to reach this point
1. Path:
$this->parameters['HTTP_AUTHORIZATION'] seems to return tainted data, and $authorizationHeader is assigned
in ServerBag.php on line 62
2. Path:
Read from
$_POST, and $_POST is passed to Request::createRequestFromFactory()
in Request.php on line 281
4. Path:
Fetching key
HTTP_CONTENT_LENGTH from $_SERVER, and $server is assigned
in Request.php on line 274
5. Path:
Fetching key
HTTP_CONTENT_TYPE from $_SERVER, and $server is assigned
in Request.php on line 277
6. Path:
$server['HTTP_HOST'] seems to return tainted data, and $server is assigned
in Request.php on line 347
7. Path:
$this->parameters['PHP_AUTH_USER'] seems to return tainted data, and $headers is assigned
in ServerBag.php on line 43
8. Path:
$this->parameters['PHP_AUTH_PW'] seems to return tainted data, and $headers is assigned
in ServerBag.php on line 44
9. Path:
Read from
$_SERVER
in src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 19
Used in path-write context
General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
$allAllowedSettings can contain request data and is used in unserialized context(s) leading to a potential security vulnerability.
9 paths for user data to reach this point
1. Path:
$this->parameters['HTTP_AUTHORIZATION'] seems to return tainted data, and $authorizationHeader is assigned
in ServerBag.php on line 62
2. Path:
Read from
$_POST, and $_POST is passed to Request::createRequestFromFactory()
in Request.php on line 281
4. Path:
Fetching key
HTTP_CONTENT_LENGTH from $_SERVER, and $server is assigned
in Request.php on line 274
5. Path:
Fetching key
HTTP_CONTENT_TYPE from $_SERVER, and $server is assigned
in Request.php on line 277
6. Path:
$server['HTTP_HOST'] seems to return tainted data, and $server is assigned
in Request.php on line 347
7. Path:
$this->parameters['PHP_AUTH_USER'] seems to return tainted data, and $headers is assigned
in ServerBag.php on line 43
8. Path:
$this->parameters['PHP_AUTH_PW'] seems to return tainted data, and $headers is assigned
in ServerBag.php on line 44
9. Path:
Read from
$_SERVER
in src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 19
Used in unserialized context
Preventing Object Injection Attacks
If you pass raw user-data to
We recommend to not pass user data to such a function. In case of General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
$allAllowedSettings can contain request data and is used in code execution context(s) leading to a potential security vulnerability.
9 paths for user data to reach this point
1. Path:
$this->parameters['HTTP_AUTHORIZATION'] seems to return tainted data, and $authorizationHeader is assigned
in ServerBag.php on line 62
2. Path:
Read from
$_POST, and $_POST is passed to Request::createRequestFromFactory()
in Request.php on line 281
4. Path:
Fetching key
HTTP_CONTENT_LENGTH from $_SERVER, and $server is assigned
in Request.php on line 274
5. Path:
Fetching key
HTTP_CONTENT_TYPE from $_SERVER, and $server is assigned
in Request.php on line 277
6. Path:
$server['HTTP_HOST'] seems to return tainted data, and $server is assigned
in Request.php on line 347
7. Path:
$this->parameters['PHP_AUTH_USER'] seems to return tainted data, and $headers is assigned
in ServerBag.php on line 43
8. Path:
$this->parameters['PHP_AUTH_PW'] seems to return tainted data, and $headers is assigned
in ServerBag.php on line 44
9. Path:
Read from
$_SERVER
in src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 19
Used in code-execution context
General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
|
|||
| 121 | } |
||
| 122 | |||
| 123 | /** |
||
| 124 | * Get all settings. |
||
| 125 | * |
||
| 126 | * @return \Illuminate\Support\Collection |
||
| 127 | */ |
||
| 128 | public function allSettings() |
||
| 129 | { |
||
| 130 | return $this->settings()->all(); |
||
| 131 | } |
||
| 132 | |||
| 133 | /** |
||
| 134 | * Get all default settings or default setting for single key if given. |
||
| 135 | * |
||
| 136 | * @param string $key |
||
| 137 | * |
||
| 138 | * @return \Illuminate\Support\Collection|mixed |
||
| 139 | */ |
||
| 140 | public function defaultSetting($key = null) |
||
| 141 | { |
||
| 142 | if (!is_null($key)) { |
||
| 143 | return $this->settings()->getDefault($key); |
||
| 144 | } |
||
| 145 | |||
| 146 | return $this->settings()->allDefaults(); |
||
| 147 | } |
||
| 148 | |||
| 149 | /** |
||
| 150 | * Get all allowed settings or allowed settings for single ke if given. |
||
| 151 | * |
||
| 152 | * @param string $key |
||
| 153 | * |
||
| 154 | * @return \Illuminate\Support\Collection |
||
| 155 | */ |
||
| 156 | public function allowedSetting($key = null) |
||
| 157 | { |
||
| 158 | if (!is_null($key)) { |
||
| 159 | return $this->settings()->getAllowed($key); |
||
| 160 | } |
||
| 161 | |||
| 162 | return $this->settings()->allAllowed(); |
||
| 163 | } |
||
| 164 | } |
||
| 165 |
This check looks for methods that are used by a trait but not required by it.
To illustrate, let’s look at the following code example
The trait
Idableprovides a methodequalsIdthat in turn relies on the methodgetId(). If this method does not exist on a class mixing in this trait, the method will fail.Adding the
getId()as an abstract method to the trait will make sure it is available.