Issues in PriceFinder.php (develop) - Issues in develop - commercetools/commercetools-php-sdk - Measure and Improve Code Quality continuously with Scrutinizer

Issues (120)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Commons/Helper/PriceFinder.php (1 issue)

Severity

Unknown 1

<?php
/**
 * @author @ct-jensschulze <[email protected]>
 */

namespace Commercetools\Commons\Helper;

use Commercetools\Core\Model\Channel\ChannelReference;
use Commercetools\Core\Model\Common\Price;
use Commercetools\Core\Model\Common\PriceCollection;
use Commercetools\Core\Model\CustomerGroup\CustomerGroupReference;

/**
 * @deprecated Please use the price selection functionality of the platform
 * @link http://docs.commercetools.com/http-api-projects-products.html#price-selection
 */
class PriceFinder
{
    /**
     * @var string
     */
    private $currency;

    /**
     * @var string
     */
    private $country;

    /**
     * @var CustomerGroupReference
     */
    private $customerGroup;

    /**
     * @var ChannelReference
     */
    private $channel;

    /**
     * PriceFinder constructor.
     * @param string $currency
     * @param string $country
     * @param CustomerGroupReference $customerGroup
     * @param ChannelReference $channel
     */
    public function __construct(
        $currency,
        $country = null,
        CustomerGroupReference $customerGroup = null,
        ChannelReference $channel = null
    ) {
        $this->currency = $currency;
        $this->country = $country;
        $this->customerGroup = $customerGroup;
        $this->channel = $channel;
    }

    /**
     * @param PriceCollection $prices
     * @return Price
     */
    public function findPrice(PriceCollection $prices)
    {
        $currency = $this->currency;
        $country = $this->country;
        $customerGroup = $this->customerGroup;
        $channel = $this->channel;

        $prices = new \CallbackFilterIterator(
            $prices,
            function ($price) use ($currency, $country, $customerGroup, $channel) {
                if (!$this->priceHasCurrency($price, $currency)) {
                    return false;
                }
                if (!$this->priceHasNoDate($price) && !$this->priceHasValidDate($price, new \DateTime())) {
                    return false;
                }
                if (is_null($country)) {

                    if ($this->priceHas($price, 'country')) {
                        return false;
                    }
                } elseif (!$this->priceHasCountry($price, $country)) {
                    return false;
                }
                if (is_null($customerGroup)) {
                    if ($this->priceHas($price, 'customerGroup')) {
                        return false;
                    }
                } elseif (!$this->priceHasCustomerGroup($price, $customerGroup)) {
                    return false;
                }
                if (is_null($channel)) {
                    if ($this->priceHas($price, 'channel')) {
                        return false;
                    }
                } elseif (!$this->priceHasChannel($price, $channel)) {
                    return false;
                }
                return true;
            }
        );

        foreach ($prices as $price) {
            return $price;
        }
        return null;
    }

    /**
     * @param $prices
     * @param string $currency
     * @param string $country
     * @param CustomerGroupReference $customerGroup
     * @param ChannelReference $channel
     * @return Price|null
     */
    public static function findPriceFor(
        $prices,
        $currency,
        $country = null,
        CustomerGroupReference $customerGroup = null,
        ChannelReference $channel = null
    ) {
        $priceFinder = new static($currency, $country, $customerGroup, $channel);

        return $priceFinder->findPrice($prices);
    }

    /**
     * @param Price $price
     * @param string $currency
     * @return bool
     */
    private function priceHasCurrency(Price $price, $currency)
    {
        return !is_null($price->getValue()) && $price->getValue()->getCurrencyCode() == $currency;
    }

    /**
     * @param Price $price
     * @param string $country
     * @return bool
     */
    private function priceHasCountry(Price $price, $country)
    {
        return !is_null($price->getCountry()) && $price->getCountry() == $country;
    }

    /**
     * @param Price $price
     * @param CustomerGroupReference $customerGroup
     * @return bool
     */
    private function priceHasCustomerGroup(Price $price, CustomerGroupReference $customerGroup)
    {
        return !is_null($price->getCustomerGroup()) && $price->getCustomerGroup()->getId() == $customerGroup->getId();
    }

    /**
     * @param Price $price
     * @param ChannelReference $channel
     * @return bool
     */
    private function priceHasChannel(Price $price, ChannelReference $channel)
    {
        return !is_null($price->getChannel()) && $price->getChannel()->getId() == $channel->getId();
    }

    /**
     * @param Price $price
     * @param \DateTime $date
     * @return bool
     */
    private function priceHasValidDate(Price $price, \DateTime $date)
    {
        $tooEarly = !is_null($price->getValidFrom()) && $price->getValidFrom()->getDateTime() > $date;
        $tooLate = !is_null($price->getValidUntil()) && $price->getValidUntil()->getDateTime() < $date;
        return !$tooEarly && !$tooLate;
    }

    /**
     * @param Price $price
     * @return bool
     */
    private function priceHasNoDate(Price $price)
    {
        return is_null($price->getValidFrom()) && is_null($price->getValidUntil());
    }

    /**
     * @param Price $price
     * @param string $field
     * @return bool
     */
    private function priceHas(Price $price, $field)
    {
        return !is_null($price->get($field));
    }
}


1		<?php
2		/**
3		* @author @ct-jensschulze <[email protected]>
4		*/
5
6		namespace Commercetools\Commons\Helper;
7
8		use Commercetools\Core\Model\Channel\ChannelReference;
9		use Commercetools\Core\Model\Common\Price;
10		use Commercetools\Core\Model\Common\PriceCollection;
11		use Commercetools\Core\Model\CustomerGroup\CustomerGroupReference;
12
13		/**
14		* @deprecated Please use the price selection functionality of the platform
15		* @link http://docs.commercetools.com/http-api-projects-products.html#price-selection
16		*/
17		class PriceFinder
18		{
19		/**
20		* @var string
21		*/
22		private $currency;
23
24		/**
25		* @var string
26		*/
27		private $country;
28
29		/**
30		* @var CustomerGroupReference
31		*/
32		private $customerGroup;
33
34		/**
35		* @var ChannelReference
36		*/
37		private $channel;
38
39		/**
40		* PriceFinder constructor.
41		* @param string $currency
42		* @param string $country
43		* @param CustomerGroupReference $customerGroup
44		* @param ChannelReference $channel
45		*/
46	26	public function __construct(
47		$currency,
48		$country = null,
49		CustomerGroupReference $customerGroup = null,
50		ChannelReference $channel = null
51		) {
52	26	$this->currency = $currency;
53	26	$this->country = $country;
54	26	$this->customerGroup = $customerGroup;
55	26	$this->channel = $channel;
56	26	}
57
58		/**
59		* @param PriceCollection $prices
60		* @return Price
61		*/
62	26	public function findPrice(PriceCollection $prices)
63		{
64	26	$currency = $this->currency;
65	26	$country = $this->country;
66	26	$customerGroup = $this->customerGroup;
67	26	$channel = $this->channel;
68
69	26	$prices = new \CallbackFilterIterator(
70	26	$prices,
71	26	function ($price) use ($currency, $country, $customerGroup, $channel) {
72	26	if (!$this->priceHasCurrency($price, $currency)) {
73	17	return false;
74		}
75	26	if (!$this->priceHasNoDate($price) && !$this->priceHasValidDate($price, new \DateTime())) {
76		return false;
77		}
78	26	if (is_null($country)) {
		0 ignored issues – show introduced 2018-10-19 12:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `is_null($country)` is always `false`. Loading history...
79	6	if ($this->priceHas($price, 'country')) {
80	6	return false;
81		}
82	20	} elseif (!$this->priceHasCountry($price, $country)) {
83	17	return false;
84		}
85	26	if (is_null($customerGroup)) {
86	12	if ($this->priceHas($price, 'customerGroup')) {
87	12	return false;
88		}
89	14	} elseif (!$this->priceHasCustomerGroup($price, $customerGroup)) {
90	11	return false;
91		}
92	26	if (is_null($channel)) {
93	12	if ($this->priceHas($price, 'channel')) {
94	12	return false;
95		}
96	14	} elseif (!$this->priceHasChannel($price, $channel)) {
97	9	return false;
98		}
99	26	return true;
100	26	}
101		);
102
103	26	foreach ($prices as $price) {
104	26	return $price;
105		}
106		return null;
107		}
108
109		/**
110		* @param $prices
111		* @param string $currency
112		* @param string $country
113		* @param CustomerGroupReference $customerGroup
114		* @param ChannelReference $channel
115		* @return Price\|null
116		*/
117	26	public static function findPriceFor(
118		$prices,
119		$currency,
120		$country = null,
121		CustomerGroupReference $customerGroup = null,
122		ChannelReference $channel = null
123		) {
124	26	$priceFinder = new static($currency, $country, $customerGroup, $channel);
125
126	26	return $priceFinder->findPrice($prices);
127		}
128
129		/**
130		* @param Price $price
131		* @param string $currency
132		* @return bool
133		*/
134	26	private function priceHasCurrency(Price $price, $currency)
135		{
136	26	return !is_null($price->getValue()) && $price->getValue()->getCurrencyCode() == $currency;
137		}
138
139		/**
140		* @param Price $price
141		* @param string $country
142		* @return bool
143		*/
144	20	private function priceHasCountry(Price $price, $country)
145		{
146	20	return !is_null($price->getCountry()) && $price->getCountry() == $country;
147		}
148
149		/**
150		* @param Price $price
151		* @param CustomerGroupReference $customerGroup
152		* @return bool
153		*/
154	14	private function priceHasCustomerGroup(Price $price, CustomerGroupReference $customerGroup)
155		{
156	14	return !is_null($price->getCustomerGroup()) && $price->getCustomerGroup()->getId() == $customerGroup->getId();
157		}
158
159		/**
160		* @param Price $price
161		* @param ChannelReference $channel
162		* @return bool
163		*/
164	14	private function priceHasChannel(Price $price, ChannelReference $channel)
165		{
166	14	return !is_null($price->getChannel()) && $price->getChannel()->getId() == $channel->getId();
167		}
168
169		/**
170		* @param Price $price
171		* @param \DateTime $date
172		* @return bool
173		*/
174		private function priceHasValidDate(Price $price, \DateTime $date)
175		{
176		$tooEarly = !is_null($price->getValidFrom()) && $price->getValidFrom()->getDateTime() > $date;
177		$tooLate = !is_null($price->getValidUntil()) && $price->getValidUntil()->getDateTime() < $date;
178		return !$tooEarly && !$tooLate;
179		}
180
181		/**
182		* @param Price $price
183		* @return bool
184		*/
185	26	private function priceHasNoDate(Price $price)
186		{
187	26	return is_null($price->getValidFrom()) && is_null($price->getValidUntil());
188		}
189
190		/**
191		* @param Price $price
192		* @param string $field
193		* @return bool
194		*/
195	18	private function priceHas(Price $price, $field)
196		{
197	18	return !is_null($price->get($field));
198		}
199		}
200

commercetools / commercetools-php-sdk

Issues (120)

Security Analysis not enabled

src/Commons/Helper/PriceFinder.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like