Issues in Address.php (master) - Issues in master - bkuhl/simple-ups - Measure and Improve Code Quality continuously with Scrutinizer

Issues (43)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/SimpleUPS/Address.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace SimpleUPS;

use SimpleUPS\Api\InvalidParameterException;
use JsonSerializable;

/**
 * Information about an address
 * This class is used as a container throughout the library to pass addresses back
 * and forth between objects.
 * @since 1.0
 */
class Address extends \SimpleUPS\Model implements JsonSerializable
{

    /**
     * @var string
     */
    private $street;

    /**
     * @var string
     */
    private $city;

    /**
     * @var string
     */
    private $stateProvinceCode;

    /**
     * @var string
     */
    private $postalCode;

    /**
     * @var string
     */
    private $postalCodeExtended;

    /**
     * @var string
     */
    private $countryCode;

    /**
     * Set the street
     *
     * @param string $street
     *
     * @return Address
     */
    public function setStreet($street)
    {
        $this->street = (string)$street;
        return $this;
    }

    /**
     * Street name and number (when applicable)
     * @return string
     */
    public function getStreet()
    {
        return $this->street;
    }

    /**
     * Set the city
     * Must be between 1-40 characters
     *
     * @param string $city
     *
     * @throws \SimpleUPS\Api\InvalidParameterException
     * @return Address
     */
    public function setCity($city)

    {
        if (!$this->isResponse() && $city != null && strlen($city) > 40) {
            throw new InvalidParameterException('City must be between 1-40 characters');
        }

        $this->city = (string)$city;
        return $this;
    }

    /**
     * Get the city
     * @return string
     */
    public function getCity()
    {
        return $this->city;
    }

    /**
     * Set the state or province code
     * Must be 2 characters
     *
     * @param string $stateProvinceCode
     *
     * @throws \SimpleUPS\Api\InvalidParameterException
     * @return Address
     */
    public function setStateProvinceCode($stateProvinceCode)

    {
        if (!$this->isResponse() && $stateProvinceCode != null && strlen($stateProvinceCode) != 2)
            throw new InvalidParameterException('State/Province Code must be 2 characters');

        $this->stateProvinceCode = (string)$stateProvinceCode;
        return $this;
    }

    /**
     * Get the state or province
     * @return string
     */
    public function getStateProvinceCode()
    {
        return $this->stateProvinceCode;
    }

    /**
     * Set the postal code
     * Must be between 1-9 characters
     * @see setPostalCodeExtended
     *
     * @param string $postalCode
     *
     * @return Address
     * @throws \SimpleUPS\Api\InvalidParameterException
     */
    public function setPostalCode($postalCode)
    {
        if (!$this->isResponse() && $postalCode != null && (strlen($postalCode) < 1 || strlen($postalCode) > 9))
            throw new InvalidParameterException('Postal Code must be between 1-9 characters');

        if (!$this->isResponse() && strstr($postalCode, '-'))
            throw new InvalidParameterException(
                'Postal Code may not contain any special characters, use the extended postal code'
            );

        $this->postalCode = (string)$postalCode;
        return $this;
    }

    /**
     * Get the postal code
     * @see getPostalCodeExtended
     * @return string
     */
    public function getPostalCode()
    {
        return $this->postalCode;
    }

    /**
     * Set the extended postal code
     * @link http://en.wikipedia.org/wiki/ZIP_code#ZIP.2B4
     *
     * @param string $postalCodeExtended
     *
     * @return Address
     */
    public function setPostalCodeExtended($postalCodeExtended)
    {
        $this->postalCodeExtended = (string)$postalCodeExtended;
        return $this;
    }

    /**
     * The last segment of a zip code from the format xxxxx-xxxx
     * @link http://en.wikipedia.org/wiki/ZIP_code#ZIP.2B4
     * @return string
     */
    public function getPostalCodeExtended()
    {
        return $this->postalCodeExtended;
    }

    /**
     * Set the country
     * Must be 2 characters
     *
     * @param string $countryCode
     *
     * @return Address
     * @throws \SimpleUPS\Api\InvalidParameterException
     */
    public function setCountryCode($countryCode)

    {
        if (!$this->isResponse() && $countryCode != null && strlen($countryCode) != 2)
            throw new InvalidParameterException('Country Code must be 2 characters');

        $this->countryCode = (string)$countryCode;
        return $this;
    }

    /**
     * Get the country code
     * @return string
     */
    public function getCountryCode()
    {
        return $this->countryCode;
    }

    /**
     * Create an address from XML.  SimpleXMLElement passed must have immediate children like AddressLine1, City, etc.
     * @internal
     *
     * @param \SimpleXMLElement $xml
     *
     * @return \SimpleUPS\Address
     */
    public static function fromXml(\SimpleXMLElement $xml)
    {
        $address = new Address();
        $address->setIsResponse();

        //@todo Consider alternatives for what to do with Consignee
        if (isset($xml->AddressLine1)) {
            $street = $xml->AddressLine1;

            if (isset($xml->AddressLine2))
                $street .= ' ' . $xml->AddressLine2;
            if (isset($xml->AddressLine3))
                $street .= ' ' . $xml->AddressLine3;

            $address->setStreet(trim((string)$street));
        }

        if (isset($xml->City))
            $address->setCity($xml->City);

        if (isset($xml->StateProvinceCode))
            $address->setStateProvinceCode((string)$xml->StateProvinceCode);

        if (isset($xml->PostalCode))
            $address->setPostalCode((string)$xml->PostalCode);

        if (isset($xml->CountryCode))
            $address->setCountryCode((string)$xml->CountryCode);

        return $address;
    }

    /**
     * @return array
     */
    public function jsonSerialize()
    {
        return array(
            'street' => $this->getStreet(),
            'city' => $this->getCity(),
            'stateProvinceCode' => $this->getStateProvinceCode(),
            'postalCode' => $this->getPostalCode(),
            'postalCodeExtended' => $this->getPostalCodeExtended(),
            'countryCode' => $this->getCountryCode(),
        );
    }
}


1		<?php namespace SimpleUPS;
2
3		use SimpleUPS\Api\InvalidParameterException;
4		use JsonSerializable;
5
6		/**
7		* Information about an address
8		* This class is used as a container throughout the library to pass addresses back
9		* and forth between objects.
10		* @since 1.0
11		*/
12		class Address extends \SimpleUPS\Model implements JsonSerializable
13		{
14
15		/**
16		* @var string
17		*/
18		private $street;
19
20		/**
21		* @var string
22		*/
23		private $city;
24
25		/**
26		* @var string
27		*/
28		private $stateProvinceCode;
29
30		/**
31		* @var string
32		*/
33		private $postalCode;
34
35		/**
36		* @var string
37		*/
38		private $postalCodeExtended;
39
40		/**
41		* @var string
42		*/
43		private $countryCode;
44
45		/**
46		* Set the street
47		*
48		* @param string $street
49		*
50		* @return Address
51		*/
52		public function setStreet($street)
53		{
54		$this->street = (string)$street;
55		return $this;
56		}
57
58		/**
59		* Street name and number (when applicable)
60		* @return string
61		*/
62		public function getStreet()
63		{
64		return $this->street;
65		}
66
67		/**
68		* Set the city
69		* Must be between 1-40 characters
70		*
71		* @param string $city
72		*
73		* @throws \SimpleUPS\Api\InvalidParameterException
74		* @return Address
75		*/
76	View Code Duplication	public function setCity($city)
		0 ignored issues – show Duplication introduced 2016-05-31 16:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
77		{
78		if (!$this->isResponse() && $city != null && strlen($city) > 40) {
79		throw new InvalidParameterException('City must be between 1-40 characters');
80		}
81
82		$this->city = (string)$city;
83		return $this;
84		}
85
86		/**
87		* Get the city
88		* @return string
89		*/
90		public function getCity()
91		{
92		return $this->city;
93		}
94
95		/**
96		* Set the state or province code
97		* Must be 2 characters
98		*
99		* @param string $stateProvinceCode
100		*
101		* @throws \SimpleUPS\Api\InvalidParameterException
102		* @return Address
103		*/
104	View Code Duplication	public function setStateProvinceCode($stateProvinceCode)
		0 ignored issues – show Duplication introduced 2016-05-31 16:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
105		{
106		if (!$this->isResponse() && $stateProvinceCode != null && strlen($stateProvinceCode) != 2)
107		throw new InvalidParameterException('State/Province Code must be 2 characters');
108
109		$this->stateProvinceCode = (string)$stateProvinceCode;
110		return $this;
111		}
112
113		/**
114		* Get the state or province
115		* @return string
116		*/
117		public function getStateProvinceCode()
118		{
119		return $this->stateProvinceCode;
120		}
121
122		/**
123		* Set the postal code
124		* Must be between 1-9 characters
125		* @see setPostalCodeExtended
126		*
127		* @param string $postalCode
128		*
129		* @return Address
130		* @throws \SimpleUPS\Api\InvalidParameterException
131		*/
132		public function setPostalCode($postalCode)
133		{
134		if (!$this->isResponse() && $postalCode != null && (strlen($postalCode) < 1 \|\| strlen($postalCode) > 9))
135		throw new InvalidParameterException('Postal Code must be between 1-9 characters');
136
137		if (!$this->isResponse() && strstr($postalCode, '-'))
138		throw new InvalidParameterException(
139		'Postal Code may not contain any special characters, use the extended postal code'
140		);
141
142		$this->postalCode = (string)$postalCode;
143		return $this;
144		}
145
146		/**
147		* Get the postal code
148		* @see getPostalCodeExtended
149		* @return string
150		*/
151		public function getPostalCode()
152		{
153		return $this->postalCode;
154		}
155
156		/**
157		* Set the extended postal code
158		* @link http://en.wikipedia.org/wiki/ZIP_code#ZIP.2B4
159		*
160		* @param string $postalCodeExtended
161		*
162		* @return Address
163		*/
164		public function setPostalCodeExtended($postalCodeExtended)
165		{
166		$this->postalCodeExtended = (string)$postalCodeExtended;
167		return $this;
168		}
169
170		/**
171		* The last segment of a zip code from the format xxxxx-xxxx
172		* @link http://en.wikipedia.org/wiki/ZIP_code#ZIP.2B4
173		* @return string
174		*/
175		public function getPostalCodeExtended()
176		{
177		return $this->postalCodeExtended;
178		}
179
180		/**
181		* Set the country
182		* Must be 2 characters
183		*
184		* @param string $countryCode
185		*
186		* @return Address
187		* @throws \SimpleUPS\Api\InvalidParameterException
188		*/
189	View Code Duplication	public function setCountryCode($countryCode)
		0 ignored issues – show Duplication introduced 2016-05-31 16:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
190		{
191		if (!$this->isResponse() && $countryCode != null && strlen($countryCode) != 2)
192		throw new InvalidParameterException('Country Code must be 2 characters');
193
194		$this->countryCode = (string)$countryCode;
195		return $this;
196		}
197
198		/**
199		* Get the country code
200		* @return string
201		*/
202		public function getCountryCode()
203		{
204		return $this->countryCode;
205		}
206
207		/**
208		* Create an address from XML. SimpleXMLElement passed must have immediate children like AddressLine1, City, etc.
209		* @internal
210		*
211		* @param \SimpleXMLElement $xml
212		*
213		* @return \SimpleUPS\Address
214		*/
215		public static function fromXml(\SimpleXMLElement $xml)
216		{
217		$address = new Address();
218		$address->setIsResponse();
219
220		//@todo Consider alternatives for what to do with Consignee
221		if (isset($xml->AddressLine1)) {
222		$street = $xml->AddressLine1;
		0 ignored issues – show Bug introduced 2016-05-31 16:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `AddressLine1` does not seem to exist in `SimpleXMLElement`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
223		if (isset($xml->AddressLine2))
224		$street .= ' ' . $xml->AddressLine2;
225		if (isset($xml->AddressLine3))
226		$street .= ' ' . $xml->AddressLine3;
227
228		$address->setStreet(trim((string)$street));
229		}
230
231		if (isset($xml->City))
232		$address->setCity($xml->City);
233
234		if (isset($xml->StateProvinceCode))
235		$address->setStateProvinceCode((string)$xml->StateProvinceCode);
236
237		if (isset($xml->PostalCode))
238		$address->setPostalCode((string)$xml->PostalCode);
239
240		if (isset($xml->CountryCode))
241		$address->setCountryCode((string)$xml->CountryCode);
242
243		return $address;
244		}
245
246		/**
247		* @return array
248		*/
249		public function jsonSerialize()
250		{
251		return array(
252		'street' => $this->getStreet(),
253		'city' => $this->getCity(),
254		'stateProvinceCode' => $this->getStateProvinceCode(),
255		'postalCode' => $this->getPostalCode(),
256		'postalCodeExtended' => $this->getPostalCodeExtended(),
257		'countryCode' => $this->getCountryCode(),
258		);
259		}
260		}
261

bkuhl / simple-ups

Issues (43)

Security Analysis no request data

src/SimpleUPS/Address.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like