Issues in YahooWeatherAPI.php (master) - Issues in master - Th3Mouk/YahooWeatherAPI - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/YahooWeatherAPI.php (9 issues)

Labels

Severity

Jérémy Marodon 9

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * (c) Jérémy Marodon         <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Th3Mouk\YahooWeatherAPI;

use GuzzleHttp\Client;
use Th3Mouk\YahooWeatherAPI\Query\Query;

class YahooWeatherAPI implements YahooWeatherAPIInterface
{
    /**
     * @var Client Goutte client
     */
    protected $client;

    /**
     * @var array last response from API
     */
    protected $lastResponse;

    /**
     * @var string last woeid explicitly called
     */
    protected $woeid;

    /**
     * @var string last city name explicitly called
     */
    protected $city;

    /**
     * @var string the last url called
     */
    protected $yql;

    public function __construct()
    {
        $this->client = new Client();
    }

    /**
     * {@inheritdoc}
     */
    public function callApiWoeid($woeid = null, $unit = 'c')

    {
        if ($woeid === null && $this->woeid === null) {
            throw new \Exception('Please provide a woeid code', 400);
        }

        if ($woeid !== null) {
            $this->woeid = $woeid;
        }

        $this->yql = Query::URL_BASE.urlencode(sprintf(Query::WOEID_QUERY, $this->woeid, $unit));

        return $this->callApi();
    }

    /**
     * {@inheritdoc}
     */
    public function callApiCityName($city = null, $unit = 'c')

    {
        if ($city === null && $this->city === null) {
            throw new \Exception('Please provide a city\'s name', 400);
        }

        if ($city !== null) {
            $this->city = $city;
        }

        $this->yql = Query::URL_BASE.urlencode(sprintf(Query::CITY_NAME_QUERY, $this->city, $unit));

        return $this->callApi();
    }

    /**
     * {@inheritdoc}
     */
    public function callApi($yql = null)
    {
        if ($yql === null && empty($this->yql)) {
            throw new \Exception('Please provide a YQL request', 400);
        }

        if ($yql !== null) {
            $this->yql = $yql;
        }

        try {
            $headers = array(
                'verify' => false,
            );
            $response = $this->client->request('GET', $this->yql, $headers);
            $response = json_decode($response->getBody(), true);
            if (!isset($response['query']['results']['channel']['item']['condition'])) {
                $this->lastResponse = false;

            } else {
                $this->lastResponse = $response['query']['results']['channel'];
            }
        } catch (\Exception $e) {
            throw new \Exception("Something error happen, please check your request url whether it's correct.", 400);
        }

        return $this->lastResponse;
    }

    /**
     * Get lastResponse.
     *
     * @param bool $toJson choose format for the return value (array or json)
     *
     * @return array|string
     */
    public function getLastResponse($toJson = false)
    {
        return ($toJson) ? json_encode($this->lastResponse) : $this->lastResponse;
    }

    /**
     * Set lastResponse.
     *
     * @param array $data data from json_encode
     */
    public function setLastResponse($data)
    {
        $this->lastResponse = $data;
    }

    /**
     * Get current temperature.
     *
     * @param bool $withUnit return or not the unit
     *
     * @return string
     */
    public function getTemperature($withUnit = false)
    {
        if (!$this->lastResponse || !isset($this->lastResponse['item']['condition']['temp'])) {

            return '';
        }
        $return = $this->lastResponse['item']['condition']['temp'];
        if ($withUnit) {
            $return .= ' '.$this->lastResponse['units']['temperature'];
        }

        return $return;
    }

    /**
     * Get Location.
     *
     * @return string
     */
    public function getLocation()

    {
        if (!$this->lastResponse || !isset($this->lastResponse['location']['city'])) {

            return '';
        }

        return $this->lastResponse['location']['city'];
    }

    /**
     * get Forecast.
     *
     * @return array
     */
    public function getForecast()

    {
        if (!$this->lastResponse || !isset($this->lastResponse['item']['forecast'])) {

            return array();
        }

        return $this->lastResponse['item']['forecast'];
    }

    /**
     * get Wind.
     *
     * @param bool $withUnit return or not the unit
     *
     * @return array
     */
    public function getWind($withUnit = false)
    {
        if (!$this->lastResponse || !isset($this->lastResponse['wind']['speed'])) {

            return array();
        }

        $response = array(
            'chill' => $this->lastResponse['wind']['chill'],
            'direction' => $this->lastResponse['wind']['direction'],
            'speed' => $this->lastResponse['wind']['speed'],
        );

        if ($withUnit) {
            $response['speed'] .= ' '.$this->lastResponse['units']['speed'];
        }

        return $response;
    }

    /**
     * @param GoutteClient $client
     */
    public function setClient(Client $client)
    {
        $this->client = $client;
    }

    /**
     * @return string
     */
    public function getWoeid()
    {
        return $this->woeid;
    }

    /**
     * @return string
     */
    public function getCity()
    {
        return $this->city;
    }

    /**
     * @return string
     */
    public function getYql()
    {
        return $this->yql;
    }
}


1		<?php
2
3		/*
4		* (c) Jérémy Marodon <[email protected]>
5		*
6		* For the full copyright and license information, please view the LICENSE
7		* file that was distributed with this source code.
8		*/
9
10		namespace Th3Mouk\YahooWeatherAPI;
11
12		use GuzzleHttp\Client;
13		use Th3Mouk\YahooWeatherAPI\Query\Query;
14
15		class YahooWeatherAPI implements YahooWeatherAPIInterface
16		{
17		/**
18		* @var Client Goutte client
19		*/
20		protected $client;
21
22		/**
23		* @var array last response from API
24		*/
25		protected $lastResponse;
26
27		/**
28		* @var string last woeid explicitly called
29		*/
30		protected $woeid;
31
32		/**
33		* @var string last city name explicitly called
34		*/
35		protected $city;
36
37		/**
38		* @var string the last url called
39		*/
40		protected $yql;
41
42		public function __construct()
43		{
44		$this->client = new Client();
45		}
46
47		/**
48		* {@inheritdoc}
49		*/
50	View Code Duplication	public function callApiWoeid($woeid = null, $unit = 'c')
		0 ignored issues – show Duplication introduced 2018-05-28 19:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
51		{
52		if ($woeid === null && $this->woeid === null) {
53		throw new \Exception('Please provide a woeid code', 400);
54		}
55
56		if ($woeid !== null) {
57		$this->woeid = $woeid;
58		}
59
60		$this->yql = Query::URL_BASE.urlencode(sprintf(Query::WOEID_QUERY, $this->woeid, $unit));
61
62		return $this->callApi();
63		}
64
65		/**
66		* {@inheritdoc}
67		*/
68	View Code Duplication	public function callApiCityName($city = null, $unit = 'c')
		0 ignored issues – show Duplication introduced 2018-05-28 19:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
69		{
70		if ($city === null && $this->city === null) {
71		throw new \Exception('Please provide a city\'s name', 400);
72		}
73
74		if ($city !== null) {
75		$this->city = $city;
76		}
77
78		$this->yql = Query::URL_BASE.urlencode(sprintf(Query::CITY_NAME_QUERY, $this->city, $unit));
79
80		return $this->callApi();
81		}
82
83		/**
84		* {@inheritdoc}
85		*/
86		public function callApi($yql = null)
87		{
88		if ($yql === null && empty($this->yql)) {
89		throw new \Exception('Please provide a YQL request', 400);
90		}
91
92		if ($yql !== null) {
93		$this->yql = $yql;
94		}
95
96		try {
97		$headers = array(
98		'verify' => false,
99		);
100		$response = $this->client->request('GET', $this->yql, $headers);
101		$response = json_decode($response->getBody(), true);
102		if (!isset($response['query']['results']['channel']['item']['condition'])) {
103		$this->lastResponse = false;
		0 ignored issues – show Documentation Bug introduced 2016-06-19 22:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `false` of type `false` is incompatible with the declared type `array` of property `$lastResponse`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
104		} else {
105		$this->lastResponse = $response['query']['results']['channel'];
106		}
107		} catch (\Exception $e) {
108		throw new \Exception("Something error happen, please check your request url whether it's correct.", 400);
109		}
110
111		return $this->lastResponse;
112		}
113
114		/**
115		* Get lastResponse.
116		*
117		* @param bool $toJson choose format for the return value (array or json)
118		*
119		* @return array\|string
120		*/
121		public function getLastResponse($toJson = false)
122		{
123		return ($toJson) ? json_encode($this->lastResponse) : $this->lastResponse;
124		}
125
126		/**
127		* Set lastResponse.
128		*
129		* @param array $data data from json_encode
130		*/
131		public function setLastResponse($data)
132		{
133		$this->lastResponse = $data;
134		}
135
136		/**
137		* Get current temperature.
138		*
139		* @param bool $withUnit return or not the unit
140		*
141		* @return string
142		*/
143		public function getTemperature($withUnit = false)
144		{
145		if (!$this->lastResponse \|\| !isset($this->lastResponse['item']['condition']['temp'])) {
		0 ignored issues – show Bug Best Practice introduced 2016-06-19 22:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->lastResponse` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
146		return '';
147		}
148		$return = $this->lastResponse['item']['condition']['temp'];
149		if ($withUnit) {
150		$return .= ' '.$this->lastResponse['units']['temperature'];
151		}
152
153		return $return;
154		}
155
156		/**
157		* Get Location.
158		*
159		* @return string
160		*/
161	View Code Duplication	public function getLocation()
		0 ignored issues – show Duplication introduced 2018-05-28 19:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
162		{
163		if (!$this->lastResponse \|\| !isset($this->lastResponse['location']['city'])) {
		0 ignored issues – show Bug Best Practice introduced 2016-06-19 22:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->lastResponse` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
164		return '';
165		}
166
167		return $this->lastResponse['location']['city'];
168		}
169
170		/**
171		* get Forecast.
172		*
173		* @return array
174		*/
175	View Code Duplication	public function getForecast()
		0 ignored issues – show Duplication introduced 2018-05-28 19:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
176		{
177		if (!$this->lastResponse \|\| !isset($this->lastResponse['item']['forecast'])) {
		0 ignored issues – show Bug Best Practice introduced 2016-06-19 22:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->lastResponse` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
178		return array();
179		}
180
181		return $this->lastResponse['item']['forecast'];
182		}
183
184		/**
185		* get Wind.
186		*
187		* @param bool $withUnit return or not the unit
188		*
189		* @return array
190		*/
191		public function getWind($withUnit = false)
192		{
193		if (!$this->lastResponse \|\| !isset($this->lastResponse['wind']['speed'])) {
		0 ignored issues – show Bug Best Practice introduced 2016-06-19 22:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->lastResponse` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
194		return array();
195		}
196
197		$response = array(
198		'chill' => $this->lastResponse['wind']['chill'],
199		'direction' => $this->lastResponse['wind']['direction'],
200		'speed' => $this->lastResponse['wind']['speed'],
201		);
202
203		if ($withUnit) {
204		$response['speed'] .= ' '.$this->lastResponse['units']['speed'];
205		}
206
207		return $response;
208		}
209
210		/**
211		* @param GoutteClient $client
212		*/
213		public function setClient(Client $client)
214		{
215		$this->client = $client;
216		}
217
218		/**
219		* @return string
220		*/
221		public function getWoeid()
222		{
223		return $this->woeid;
224		}
225
226		/**
227		* @return string
228		*/
229		public function getCity()
230		{
231		return $this->city;
232		}
233
234		/**
235		* @return string
236		*/
237		public function getYql()
238		{
239		return $this->yql;
240		}
241		}
242

Th3Mouk / YahooWeatherAPI

Issues (9)

Security Analysis no request data

src/YahooWeatherAPI.php (9 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like