Issues in BaseItem.php (master) - Issues in master - FriendsOfApi/billogram - Measure and Improve Code Quality continuously with Scrutinizer

Issues (33)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Model/Item/BaseItem.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

namespace Billogram\Model\Item;

use Billogram\Model\CreatableFromArray;

/**
 * @author Ibrahim Hizeoui <[email protected]>
 */
abstract class BaseItem implements CreatableFromArray
{
    /**
     * @var string
     */
    protected $itemNo;

    /**
     * @var string
     */
    protected $title;

    /**
     * @var string
     */
    protected $description;

    /**
     * @var string
     */
    protected $price;

    /**
     * @var float
     */
    protected $vat;

    /**
     * @var string
     */
    protected $unit;

    /**
     * @var Bookkeeping
     */
    protected $bookkeeping;

    /**
     * @var \DateTime
     */
    protected $createdAt;

    /**
     * @var \DateTime
     */
    protected $updatedAt;

    /**
     * @return string
     */
    public function getItemNo()
    {
        return $this->itemNo;
    }

    /**
     * @param string $itemNo
     *
     * @return self
     */
    public function withItemNo(string $itemNo)
    {
        $new = clone $this;
        $new->itemNo = $itemNo;

        return $new;
    }

    /**
     * @return string
     */
    public function getTitle(): string
    {
        return $this->title;
    }

    /**
     * @param string $title
     *
     * @return self
     */
    public function withTitle(string $title)
    {
        $new = clone $this;
        $new->title = $title;

        return $new;
    }

    /**
     * @return string
     */
    public function getDescription(): string
    {
        return $this->description;
    }

    /**
     * @param string $description
     *
     * @return self
     */
    public function withDescription(string $description)
    {
        $new = clone $this;
        $new->description = $description;

        return $new;
    }

    /**
     * @return string
     */
    public function getPrice(): string
    {
        return $this->price;
    }

    /**
     * @param float $price
     *
     * @return self
     */
    public function withPrice(float $price)
    {
        $new = clone $this;
        $new->price = $price;
$answer = 42;

$correct = false;

$correct = (bool) $answer;

        return $new;
    }

    /**
     * @return float
     */
    public function getVat(): float
    {
        return $this->vat;
    }

    /**
     * @param float $vat
     *
     * @return self
     */
    public function withVat(float $vat)
    {
        $new = clone $this;
        $new->vat = $vat;

        return $new;
    }

    /**
     * @return string
     */
    public function getUnit(): string
    {
        return $this->unit;
    }

    /**
     * @param string $unit
     *
     * @return self
     */
    public function withUnit(string $unit)
    {
        $new = clone $this;
        $new->unit = $unit;

        return $new;
    }

    /**
     * @return Bookkeeping
     */
    public function getBookkeeping(): Bookkeeping
    {
        return $this->bookkeeping;
    }

    /**
     * @param Bookkeeping $bookkeeping
     *
     * @return self
     */
    public function withBookkeeping(Bookkeeping $bookkeeping)
    {
        $new = clone $this;
        $new->bookkeeping = $bookkeeping;

        return $new;
    }

    /**
     * @return \DateTime
     */
    public function getCreatedAt(): \DateTime
    {
        return $this->createdAt;
    }

    /**
     * @return \DateTime
     */
    public function getUpdatedAt(): \DateTime
    {
        return $this->updatedAt;
    }

    /**
     * @param \DateTime $createdAt
     */
    public function setCreatedAt(\DateTime $createdAt)
    {
        $this->createdAt = $createdAt;
    }

    /**
     * @param \DateTime $updatedAt
     */
    public function setUpdatedAt(\DateTime $updatedAt)
    {
        $this->updatedAt = $updatedAt;
    }

    /**
     * Create an API response object from the HTTP response from the API server.
     *
     * @return array
     */
    public function toArray()
    {
        $data = [];
        if (null !== $this->title) {
            $data['title'] = $this->title;
        }
        if (null !== $this->itemNo) {
            $data['item_no'] = $this->itemNo;
        }
        if (null !== $this->description) {
            $data['description'] = $this->description;
        }
        if (null !== $this->price) {
            $data['price'] = $this->price;
        }
        if (null !== $this->vat) {
            $data['vat'] = $this->vat;
        }
        if (null !== $this->unit) {
            $data['unit'] = $this->unit;
        }
        if (null !== $this->bookkeeping) {
            $data['bookkeeping'] = $this->bookkeeping->toArray();
        }

        return $data;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace Billogram\Model\Item;
6
7		use Billogram\Model\CreatableFromArray;
8
9		/**
10		* @author Ibrahim Hizeoui <[email protected]>
11		*/
12		abstract class BaseItem implements CreatableFromArray
13		{
14		/**
15		* @var string
16		*/
17		protected $itemNo;
18
19		/**
20		* @var string
21		*/
22		protected $title;
23
24		/**
25		* @var string
26		*/
27		protected $description;
28
29		/**
30		* @var string
31		*/
32		protected $price;
33
34		/**
35		* @var float
36		*/
37		protected $vat;
38
39		/**
40		* @var string
41		*/
42		protected $unit;
43
44		/**
45		* @var Bookkeeping
46		*/
47		protected $bookkeeping;
48
49		/**
50		* @var \DateTime
51		*/
52		protected $createdAt;
53
54		/**
55		* @var \DateTime
56		*/
57		protected $updatedAt;
58
59		/**
60		* @return string
61		*/
62		public function getItemNo()
63		{
64		return $this->itemNo;
65		}
66
67		/**
68		* @param string $itemNo
69		*
70		* @return self
71		*/
72	2	public function withItemNo(string $itemNo)
73		{
74	2	$new = clone $this;
75	2	$new->itemNo = $itemNo;
76
77	2	return $new;
78		}
79
80		/**
81		* @return string
82		*/
83		public function getTitle(): string
84		{
85		return $this->title;
86		}
87
88		/**
89		* @param string $title
90		*
91		* @return self
92		*/
93	2	public function withTitle(string $title)
94		{
95	2	$new = clone $this;
96	2	$new->title = $title;
97
98	2	return $new;
99		}
100
101		/**
102		* @return string
103		*/
104		public function getDescription(): string
105		{
106		return $this->description;
107		}
108
109		/**
110		* @param string $description
111		*
112		* @return self
113		*/
114	2	public function withDescription(string $description)
115		{
116	2	$new = clone $this;
117	2	$new->description = $description;
118
119	2	return $new;
120		}
121
122		/**
123		* @return string
124		*/
125		public function getPrice(): string
126		{
127		return $this->price;
128		}
129
130		/**
131		* @param float $price
132		*
133		* @return self
134		*/
135	2	public function withPrice(float $price)
136		{
137	2	$new = clone $this;
138	2	$new->price = $price;
		0 ignored issues – show Documentation Bug introduced 2017-08-01 13:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$price` was declared of type `string`, but `$price` is of type `double`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
139
140	2	return $new;
141		}
142
143		/**
144		* @return float
145		*/
146		public function getVat(): float
147		{
148		return $this->vat;
149		}
150
151		/**
152		* @param float $vat
153		*
154		* @return self
155		*/
156	2	public function withVat(float $vat)
157		{
158	2	$new = clone $this;
159	2	$new->vat = $vat;
160
161	2	return $new;
162		}
163
164		/**
165		* @return string
166		*/
167		public function getUnit(): string
168		{
169		return $this->unit;
170		}
171
172		/**
173		* @param string $unit
174		*
175		* @return self
176		*/
177	2	public function withUnit(string $unit)
178		{
179	2	$new = clone $this;
180	2	$new->unit = $unit;
181
182	2	return $new;
183		}
184
185		/**
186		* @return Bookkeeping
187		*/
188		public function getBookkeeping(): Bookkeeping
189		{
190		return $this->bookkeeping;
191		}
192
193		/**
194		* @param Bookkeeping $bookkeeping
195		*
196		* @return self
197		*/
198	5	public function withBookkeeping(Bookkeeping $bookkeeping)
199		{
200	5	$new = clone $this;
201	5	$new->bookkeeping = $bookkeeping;
202
203	5	return $new;
204		}
205
206		/**
207		* @return \DateTime
208		*/
209		public function getCreatedAt(): \DateTime
210		{
211		return $this->createdAt;
212		}
213
214		/**
215		* @return \DateTime
216		*/
217		public function getUpdatedAt(): \DateTime
218		{
219		return $this->updatedAt;
220		}
221
222		/**
223		* @param \DateTime $createdAt
224		*/
225		public function setCreatedAt(\DateTime $createdAt)
226		{
227		$this->createdAt = $createdAt;
228		}
229
230		/**
231		* @param \DateTime $updatedAt
232		*/
233		public function setUpdatedAt(\DateTime $updatedAt)
234		{
235		$this->updatedAt = $updatedAt;
236		}
237
238		/**
239		* Create an API response object from the HTTP response from the API server.
240		*
241		* @return array
242		*/
243	4	public function toArray()
244		{
245	4	$data = [];
246	4	if (null !== $this->title) {
247	2	$data['title'] = $this->title;
248		}
249	4	if (null !== $this->itemNo) {
250	2	$data['item_no'] = $this->itemNo;
251		}
252	4	if (null !== $this->description) {
253	2	$data['description'] = $this->description;
254		}
255	4	if (null !== $this->price) {
256	2	$data['price'] = $this->price;
257		}
258	4	if (null !== $this->vat) {
259	2	$data['vat'] = $this->vat;
260		}
261	4	if (null !== $this->unit) {
262	2	$data['unit'] = $this->unit;
263		}
264	4	if (null !== $this->bookkeeping) {
265	2	$data['bookkeeping'] = $this->bookkeeping->toArray();
266		}
267
268	4	return $data;
269		}
270		}
271

FriendsOfApi / billogram

Issues (33)

Security Analysis no request data

src/Model/Item/BaseItem.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like