Issues in Message.php (master) - Issues in master - ZsgsDesign/NOJ - Measure and Improve Code Quality continuously with Scrutinizer

Issues (563)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/Models/Eloquent/Message.php (5 issues)

Labels

Severity

<?php

namespace App\Models\Eloquent;

use App\Models\Eloquent\Messager\GlobalRankMessager;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\SoftDeletes;
use App\Models\Eloquent\Messager\UniversalMessager;
use App\Models\Eloquent\Messager\GroupMemberMessager;
use App\Models\Eloquent\Messager\SolutionStatusMessager;
use App\Models\Eloquent\Messager\HomeworkMessager;

class Message extends Model
{
    use SoftDeletes;

    protected $table = 'message';

    protected $with = ['sender_user', 'receiver_user'];

    public $levelMapping = [
        0 => 'default',
        1 => 'info',
        2 => 'warning',
        3 => 'danger',
        4 => 'question',
        5 => 'success',
    ];

    /**
     * @access public
     * @param array $config the config of the message. must including sender,receiver,title,content. //TODO:Can contain reply.
     * @return boolean the result.
     */
    public static function send($config)
    {
        if (filled($config['type'])) {
            switch (intval($config['type'])) {
                case 1:
                    // to a leader that member apply to join the group
                    return GroupMemberMessager::sendApplyJoinMessageToLeader($config);
                    break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}

                case 2:
                    // to a leader that member agree to join the group
                    return GroupMemberMessager::sendAgreedJoinMessageToLeader($config);
                    break;

                case 3:
                    // to a person that solution was passed
                    return SolutionStatusMessager::sendSolutionPassedMessageToUser($config);
                    break;

                case 4:
                    // to a person that solution was rejected
                    return SolutionStatusMessager::sendSolutionRejectedMessageToUser($config);
                    break;

                case 5:
                    // to a person that received new homework
                    return HomeworkMessager::sendNewHomeworkMessageToUser($config);
                    break;

                case 6:
                    // to a person that global rank in or out top 100
                    return GlobalRankMessager::sendRankInOutOneHundredMessageToUser($config);
                    break;

                case 7:
                    // to a person that got invited to a group
                    return GroupMemberMessager::sendInvitedMessageToUser($config);
                    break;

                default:
                    // unregistered type falls back to universal message sender
                    return UniversalMessager::sendUniversalMessage($config);
                    break;
            }
        }
        return UniversalMessager::sendUniversalMessage($config);
    }

    /**
     * to get a unread message liist of a user
     *
     * @access public
     * @param integer message receiver id
     * @return array the result.
     */
    public static function unread($uid)
    {
        return static::where([
            'receiver' => $uid,
            'unread' => true,
        ])->orderByDesc('created_at')->get()->all();
    }

    public static function listAll($userID)
    {
        return Message::where('receiver', $userID)->orderBy('unread', 'desc')->orderBy('updated_at', 'desc')->paginate(15);
    }

    public function read()
    {
        if ($this->unread) {
            $this->unread = false;
            $this->save();
        }
        return $this;
    }

    /**
     * to get a message's detail.
     *
     * @access public
     * @param integer uid
filter:
    dependency_paths: ["lib/*"]
     * @return integer result.
     */
    public static function allRead($uid)
    {
        return static::where('receiver', $uid)->update([
            'unread' => false
        ]);
    }

    /**
     * to remove a user's all read-ed message.
     *
     * @access public
     * @param integer uid
     * @return integer result.
     */
    public static function removeAllRead($uid)
    {
        return static::where([
            'receiver' => $uid,
            'unread' => false
        ])->delete();
    }

    /**
     * to soft delete the message
     *
     * @access public
     * @param integer|array the id of the message or the array with ids of the messages.
filter:
    dependency_paths: ["lib/*"]
     * @return bool result.
     */
    public static function remove($messages)
    {
        $del_count = 0;
        if (is_array($messages)) {
            foreach ($messages as $mid) {
                $message = static::find($mid);
                if (filled($message)) {
                    $message->delete();
                    $del_count++;
                }
            }
        } else {
            $message = static::find($messages);
            if (filled($message)) {
                $message->delete();
                $del_count++;
            }
        }
        return $del_count;

    }

    public function getLevelStringAttribute()
    {
        if (isset($this->levelMapping[$this->level])) {
            return $this->levelMapping[$this->level];
        } else {
            return $this->levelMapping[0];
        }
    }

    public function getContentAttribute($value)
    {
        if (filled($this->type)) {
            $data = json_decode($this->data, true);
            $data['receiver'] = $this->receiver_user;
            $data['sender'] = $this->sender_user;

            switch (intval($this->type)) {
                case 1:
                    // to a leader that member apply to join the group
                    return GroupMemberMessager::formatApplyJoinMessageToLeader($data);
                    break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}

                case 2:
                    // to a leader that member agree to join the group
                    return GroupMemberMessager::formatAgreedJoinMessageToLeader($data);
                    break;

                case 3:
                    // to a person that solution was passed
                    return SolutionStatusMessager::formatSolutionPassedMessageToUser($data);
                    break;

                case 4:
                    // to a person that solution was rejected
                    return SolutionStatusMessager::formatSolutionRejectedMessageToUser($data);
                    break;

                case 5:
                    // to a person that received new homework
                    return HomeworkMessager::formatNewHomeworkMessageToUser($data);
                    break;

                case 6:
                    // to a person that global rank in or out top 100
                    return GlobalRankMessager::formatRankInOutOneHundredMessageToUser($data);
                    break;

                case 7:
                    // to a person that got invited to a group
                    return GroupMemberMessager::formatInvitedMessageToUser($data);
                    break;

                default:
                    // unregistered type falls back to universal message formatter
                    return $value;
                    break;
            }

        } else {
            return $value;
        }
    }

    public function sender_user()
    {
        return $this->belongsTo('App\Models\Eloquent\User', 'sender', 'id');
    }

    public function receiver_user()
    {
        return $this->belongsTo('App\Models\Eloquent\User', 'receiver', 'id');
    }
}


1			<?php
2
3			namespace App\Models\Eloquent;
4
5			use App\Models\Eloquent\Messager\GlobalRankMessager;
6			use Illuminate\Database\Eloquent\Model;
7			use Illuminate\Database\Eloquent\SoftDeletes;
8			use App\Models\Eloquent\Messager\UniversalMessager;
9			use App\Models\Eloquent\Messager\GroupMemberMessager;
10			use App\Models\Eloquent\Messager\SolutionStatusMessager;
11			use App\Models\Eloquent\Messager\HomeworkMessager;
12
13			class Message extends Model
14			{
15			use SoftDeletes;
16
17			protected $table = 'message';
18
19			protected $with = ['sender_user', 'receiver_user'];
20
21			public $levelMapping = [
22			0 => 'default',
23			1 => 'info',
24			2 => 'warning',
25			3 => 'danger',
26			4 => 'question',
27			5 => 'success',
28			];
29
30			/**
31			* @access public
32			* @param array $config the config of the message. must including sender,receiver,title,content. //TODO:Can contain reply.
33			* @return boolean the result.
34			*/
35			public static function send($config)
36			{
37			if (filled($config['type'])) {
38			switch (intval($config['type'])) {
39			case 1:
40			// to a leader that member apply to join the group
41			return GroupMemberMessager::sendApplyJoinMessageToLeader($config);
42			break;
			0 ignored issues – show Unused Code introduced 2021-10-30 03:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
43
44			case 2:
45			// to a leader that member agree to join the group
46			return GroupMemberMessager::sendAgreedJoinMessageToLeader($config);
47			break;
48
49			case 3:
50			// to a person that solution was passed
51			return SolutionStatusMessager::sendSolutionPassedMessageToUser($config);
52			break;
53
54			case 4:
55			// to a person that solution was rejected
56			return SolutionStatusMessager::sendSolutionRejectedMessageToUser($config);
57			break;
58
59			case 5:
60			// to a person that received new homework
61			return HomeworkMessager::sendNewHomeworkMessageToUser($config);
62			break;
63
64			case 6:
65			// to a person that global rank in or out top 100
66			return GlobalRankMessager::sendRankInOutOneHundredMessageToUser($config);
67			break;
68
69			case 7:
70			// to a person that got invited to a group
71			return GroupMemberMessager::sendInvitedMessageToUser($config);
72			break;
73
74			default:
75			// unregistered type falls back to universal message sender
76			return UniversalMessager::sendUniversalMessage($config);
77			break;
78			}
79			}
80			return UniversalMessager::sendUniversalMessage($config);
81			}
82
83			/**
84			* to get a unread message liist of a user
85			*
86			* @access public
87			* @param integer message receiver id
88			* @return array the result.
89			*/
90			public static function unread($uid)
91			{
92			return static::where([
93			'receiver' => $uid,
94			'unread' => true,
95			])->orderByDesc('created_at')->get()->all();
96			}
97
98			public static function listAll($userID)
99			{
100			return Message::where('receiver', $userID)->orderBy('unread', 'desc')->orderBy('updated_at', 'desc')->paginate(15);
101			}
102
103			public function read()
104			{
105			if ($this->unread) {
106			$this->unread = false;
107			$this->save();
108			}
109			return $this;
110			}
111
112			/**
113			* to get a message's detail.
114			*
115			* @access public
116			* @param integer uid
			0 ignored issues – show Bug introduced 2019-08-20 17:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `App\Models\Eloquent\uid` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
117			* @return integer result.
118			*/
119			public static function allRead($uid)
120			{
121			return static::where('receiver', $uid)->update([
122			'unread' => false
123			]);
124			}
125
126			/**
127			* to remove a user's all read-ed message.
128			*
129			* @access public
130			* @param integer uid
131			* @return integer result.
132			*/
133			public static function removeAllRead($uid)
134			{
135			return static::where([
136			'receiver' => $uid,
137			'unread' => false
138			])->delete();
139			}
140
141			/**
142			* to soft delete the message
143			*
144			* @access public
145			* @param integer\|array the id of the message or the array with ids of the messages.
			0 ignored issues – show Bug introduced 2019-08-20 17:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `App\Models\Eloquent\the` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
146			* @return bool result.
147			*/
148			public static function remove($messages)
149			{
150			$del_count = 0;
151			if (is_array($messages)) {
152			foreach ($messages as $mid) {
153			$message = static::find($mid);
154			if (filled($message)) {
155			$message->delete();
156			$del_count++;
157			}
158			}
159			} else {
160			$message = static::find($messages);
161			if (filled($message)) {
162			$message->delete();
163			$del_count++;
164			}
165			}
166			return $del_count;
			0 ignored issues – show Bug Best Practice introduced 2020-04-30 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $del_count` returns the type `integer` which is incompatible with the documented return type `boolean`. Loading history...
167			}
168
169			public function getLevelStringAttribute()
170			{
171			if (isset($this->levelMapping[$this->level])) {
172			return $this->levelMapping[$this->level];
173			} else {
174			return $this->levelMapping[0];
175			}
176			}
177
178			public function getContentAttribute($value)
179			{
180			if (filled($this->type)) {
181			$data = json_decode($this->data, true);
182			$data['receiver'] = $this->receiver_user;
183			$data['sender'] = $this->sender_user;
184
185			switch (intval($this->type)) {
186			case 1:
187			// to a leader that member apply to join the group
188			return GroupMemberMessager::formatApplyJoinMessageToLeader($data);
189			break;
			0 ignored issues – show Unused Code introduced 2021-10-30 03:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
190
191			case 2:
192			// to a leader that member agree to join the group
193			return GroupMemberMessager::formatAgreedJoinMessageToLeader($data);
194			break;
195
196			case 3:
197			// to a person that solution was passed
198			return SolutionStatusMessager::formatSolutionPassedMessageToUser($data);
199			break;
200
201			case 4:
202			// to a person that solution was rejected
203			return SolutionStatusMessager::formatSolutionRejectedMessageToUser($data);
204			break;
205
206			case 5:
207			// to a person that received new homework
208			return HomeworkMessager::formatNewHomeworkMessageToUser($data);
209			break;
210
211			case 6:
212			// to a person that global rank in or out top 100
213			return GlobalRankMessager::formatRankInOutOneHundredMessageToUser($data);
214			break;
215
216			case 7:
217			// to a person that got invited to a group
218			return GroupMemberMessager::formatInvitedMessageToUser($data);
219			break;
220
221			default:
222			// unregistered type falls back to universal message formatter
223			return $value;
224			break;
225			}
226
227			} else {
228			return $value;
229			}
230			}
231
232			public function sender_user()
233			{
234			return $this->belongsTo('App\Models\Eloquent\User', 'sender', 'id');
235			}
236
237			public function receiver_user()
238			{
239			return $this->belongsTo('App\Models\Eloquent\User', 'receiver', 'id');
240			}
241			}
242

ZsgsDesign / NOJ

Issues (563)

Security Analysis not enabled

app/Models/Eloquent/Message.php (5 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like