Issues in MercadoPago.php (master) - Issues in master - fedeisas/mercadopago-sdk-php - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/MercadoPago.php (10 issues)

Labels

Duplication 10

Severity

Informational 10

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace MercadoPago;

use MercadoPago\Exceptions\MercadoPagoException;
use MercadoPago\Http\Client;
use MercadoPago\Http\Response;
use RuntimeException;

class MercadoPago
{
    const VERSION = '0.5.2';

    /**
     * @var string|null
     */
    protected $clientId = null;

    /**
     * @var string|null
     */
    protected $clientSecret = null;

    /**
     * @var string|null
     */
    protected $accessToken = null;

    /**
     * @var bool
     */
    protected $sandbox = false;

    /**
     * @var Client
     */
    protected $client;

    /**
     * MercadoPago constructor.
     * @param Client $client
     */
    public function __construct(Client $client)
    {
        $this->client = $client;
    }

    /**
     * Get Http Client.
     * @return Client
     */
    public function getClient()
    {
        return $this->client;
    }

    /**
     * Enable sandbox mode.
     * @return void
     */
    public function enableSandboxMode()
    {
        $this->sandbox = true;
    }

    /**
     * Disable sandbox mode.
     * @return void
     */
    public function disableSandboxMode()
    {
        $this->sandbox = false;
    }

    /**
     * Get current access token. If not set, it will use credentials to request one.
     * @return string|null
     * @throws MercadoPagoException If server response is not successful.
     * @throws RuntimeException If Client ID or Client Secret are not set.
     */
    public function getAccessToken()
    {
        if (!is_null($this->accessToken)) {
            return $this->accessToken;
        } else {
            if (empty($this->clientId) || empty($this->clientSecret)) {
                throw new RuntimeException('Client ID and Client Secret are required to request a new access token.');
            }

            $data = [
                'client_id' => $this->clientId,
                'client_secret' => $this->clientSecret,
                'grant_type' => 'client_credentials'
            ];

            $response = $this->client->post(
                '/oauth/token',
                $data,
                ['form' => true]
            );

            if ($response->getStatusCode() !== 200) {
                throw new MercadoPagoException($response->get('message'), $response->getStatusCode());
            }

            $this->accessToken = $response->get('access_token');

            return $this->accessToken;
        }
    }

    /**
     * Set an access token.
     * @param mixed $accessToken
     */
    public function setAccessToken($accessToken = null)
    {
        $this->accessToken = $accessToken;
    }

    /**
     * @param mixed $clientId
     * @param mixed $clientSecret
     */
    public function setCredentials($clientId = null, $clientSecret = null)
    {
        $this->clientId = $clientId;
        $this->clientSecret = $clientSecret;
    }

    /**
     * Get information for specific authorized payment.
     * @param int $id
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function getAuthorizedPayment($id)

    {
        $response = $this->client->get(
            '/authorized_payments/' . $id,
            [],
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Refund accredited payment.
     * @param int $id
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function refundPayment($id)

    {
        $response = $this->client->put(
            '/collections/' . $id,
            [
                'status' => 'refunded',
            ],
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Cancel pending payment
     * @param int $id
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function cancelPayment($id)

    {
        $response = $this->client->put(
            '/collections/' . $id,
            [
                'status' => 'cancelled',
            ],
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Cancel preapproval payment.
     * @param int $id
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function cancelPreapprovalPayment($id)

    {
        $response = $this->client->put(
            '/preapproval/' . $id,
            [
                'status' => 'cancelled',
            ],
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Search payments according to filters, with pagination.
     * @param array $filters
     * @param int $offset
     * @param int $limit
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function searchPayments(array $filters = [], $offset = 0, $limit = 10)
    {
        $response = $this->client->get(
            ($this->sandbox ? '/sandbox' : '') . '/collections/search',
            $filters + compact('limit', 'offset'),
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Create a checkout preference.
     * @param array $preference
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function createPreference($preference)

    {
        $response = $this->client->post(
            '/checkout/preferences',
            $preference,
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Update a checkout preference.
     * @param string $id
     * @param array $preference
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function updatePreference($id, $preference)

    {
        $response = $this->client->put(
            '/checkout/preferences/' . $id,
            $preference,
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Get a checkout preference.
     * @param string $id
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function getPreference($id)

    {
        $response = $this->client->get(
            '/checkout/preferences/' . $id,
            [],
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Create a preapproval payment.
     * @param array $preapprovalPayment
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function createPreapprovalPayment($preapprovalPayment)

    {
        $response = $this->client->post(
            '/preapproval',
            $preapprovalPayment,
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Get a preapproval payment.
     * @param int $id
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function getPreapprovalPayment($id)

    {
        $response = $this->client->get(
            '/preapproval/' . $id,
            [],
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * Update a preapproval payment.
     * @param int $id
     * @param array $payment
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    public function updatePreapprovalPayment($id, array $payment = [])

    {
        $response = $this->client->put(
            '/preapproval/' . $id,
            $payment,
            ['access_token' => $this->getAccessToken()]
        );

        return $this->handleResponse($response);
    }

    /**
     * @param Response $response
     * @return array
     * @throws MercadoPagoException If request failed.
     */
    private function handleResponse(Response $response)
    {
        if ($response->isError()) {
            throw new MercadoPagoException($response->getError(), $response->getStatusCode());
        }

        return $response->getData();
    }
}


1			<?php
2
3			namespace MercadoPago;
4
5			use MercadoPago\Exceptions\MercadoPagoException;
6			use MercadoPago\Http\Client;
7			use MercadoPago\Http\Response;
8			use RuntimeException;
9
10			class MercadoPago
11			{
12			const VERSION = '0.5.2';
13
14			/**
15			* @var string\|null
16			*/
17			protected $clientId = null;
18
19			/**
20			* @var string\|null
21			*/
22			protected $clientSecret = null;
23
24			/**
25			* @var string\|null
26			*/
27			protected $accessToken = null;
28
29			/**
30			* @var bool
31			*/
32			protected $sandbox = false;
33
34			/**
35			* @var Client
36			*/
37			protected $client;
38
39			/**
40			* MercadoPago constructor.
41			* @param Client $client
42			*/
43	78		public function __construct(Client $client)
44			{
45	78		$this->client = $client;
46	78		}
47
48			/**
49			* Get Http Client.
50			* @return Client
51			*/
52	6		public function getClient()
53			{
54	6		return $this->client;
55			}
56
57			/**
58			* Enable sandbox mode.
59			* @return void
60			*/
61	3		public function enableSandboxMode()
62			{
63	3		$this->sandbox = true;
64	3		}
65
66			/**
67			* Disable sandbox mode.
68			* @return void
69			*/
70	3		public function disableSandboxMode()
71			{
72	3		$this->sandbox = false;
73	3		}
74
75			/**
76			* Get current access token. If not set, it will use credentials to request one.
77			* @return string\|null
78			* @throws MercadoPagoException If server response is not successful.
79			* @throws RuntimeException If Client ID or Client Secret are not set.
80			*/
81	66		public function getAccessToken()
82			{
83	66		if (!is_null($this->accessToken)) {
84	51		return $this->accessToken;
85			} else {
86	15		if (empty($this->clientId) \|\| empty($this->clientSecret)) {
87	3		throw new RuntimeException('Client ID and Client Secret are required to request a new access token.');
88			}
89
90			$data = [
91	12		'client_id' => $this->clientId,
92	12		'client_secret' => $this->clientSecret,
93	12		'grant_type' => 'client_credentials'
94			];
95
96	12		$response = $this->client->post(
97	12		'/oauth/token',
98			$data,
99	12		['form' => true]
100			);
101
102	12		if ($response->getStatusCode() !== 200) {
103	6		throw new MercadoPagoException($response->get('message'), $response->getStatusCode());
104			}
105
106	6		$this->accessToken = $response->get('access_token');
107
108	6		return $this->accessToken;
109			}
110			}
111
112			/**
113			* Set an access token.
114			* @param mixed $accessToken
115			*/
116	51		public function setAccessToken($accessToken = null)
117			{
118	51		$this->accessToken = $accessToken;
119	51		}
120
121			/**
122			* @param mixed $clientId
123			* @param mixed $clientSecret
124			*/
125	12		public function setCredentials($clientId = null, $clientSecret = null)
126			{
127	12		$this->clientId = $clientId;
128	12		$this->clientSecret = $clientSecret;
129	12		}
130
131			/**
132			* Get information for specific authorized payment.
133			* @param int $id
134			* @return array
135			* @throws MercadoPagoException If request failed.
136			*/
137	3	View Code Duplication	public function getAuthorizedPayment($id)
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
138			{
139	3		$response = $this->client->get(
140	3		'/authorized_payments/' . $id,
141	3		[],
142	3		['access_token' => $this->getAccessToken()]
143			);
144
145	3		return $this->handleResponse($response);
146			}
147
148			/**
149			* Refund accredited payment.
150			* @param int $id
151			* @return array
152			* @throws MercadoPagoException If request failed.
153			*/
154	3	View Code Duplication	public function refundPayment($id)
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
155			{
156	3		$response = $this->client->put(
157	3		'/collections/' . $id,
158			[
159	3		'status' => 'refunded',
160			],
161	3		['access_token' => $this->getAccessToken()]
162			);
163
164	3		return $this->handleResponse($response);
165			}
166
167			/**
168			* Cancel pending payment
169			* @param int $id
170			* @return array
171			* @throws MercadoPagoException If request failed.
172			*/
173	3	View Code Duplication	public function cancelPayment($id)
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
174			{
175	3		$response = $this->client->put(
176	3		'/collections/' . $id,
177			[
178	3		'status' => 'cancelled',
179			],
180	3		['access_token' => $this->getAccessToken()]
181			);
182
183	3		return $this->handleResponse($response);
184			}
185
186			/**
187			* Cancel preapproval payment.
188			* @param int $id
189			* @return array
190			* @throws MercadoPagoException If request failed.
191			*/
192	3	View Code Duplication	public function cancelPreapprovalPayment($id)
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
193			{
194	3		$response = $this->client->put(
195	3		'/preapproval/' . $id,
196			[
197	3		'status' => 'cancelled',
198			],
199	3		['access_token' => $this->getAccessToken()]
200			);
201
202	3		return $this->handleResponse($response);
203			}
204
205			/**
206			* Search payments according to filters, with pagination.
207			* @param array $filters
208			* @param int $offset
209			* @param int $limit
210			* @return array
211			* @throws MercadoPagoException If request failed.
212			*/
213	9		public function searchPayments(array $filters = [], $offset = 0, $limit = 10)
214			{
215	9		$response = $this->client->get(
216	9		($this->sandbox ? '/sandbox' : '') . '/collections/search',
217	9		$filters + compact('limit', 'offset'),
218	9		['access_token' => $this->getAccessToken()]
219			);
220
221	9		return $this->handleResponse($response);
222			}
223
224			/**
225			* Create a checkout preference.
226			* @param array $preference
227			* @return array
228			* @throws MercadoPagoException If request failed.
229			*/
230	12	View Code Duplication	public function createPreference($preference)
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
231			{
232	12		$response = $this->client->post(
233	12		'/checkout/preferences',
234			$preference,
235	12		['access_token' => $this->getAccessToken()]
236			);
237
238	12		return $this->handleResponse($response);
239			}
240
241			/**
242			* Update a checkout preference.
243			* @param string $id
244			* @param array $preference
245			* @return array
246			* @throws MercadoPagoException If request failed.
247			*/
248	3	View Code Duplication	public function updatePreference($id, $preference)
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
249			{
250	3		$response = $this->client->put(
251	3		'/checkout/preferences/' . $id,
252			$preference,
253	3		['access_token' => $this->getAccessToken()]
254			);
255
256	3		return $this->handleResponse($response);
257			}
258
259			/**
260			* Get a checkout preference.
261			* @param string $id
262			* @return array
263			* @throws MercadoPagoException If request failed.
264			*/
265	6	View Code Duplication	public function getPreference($id)
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
266			{
267	6		$response = $this->client->get(
268	6		'/checkout/preferences/' . $id,
269	6		[],
270	6		['access_token' => $this->getAccessToken()]
271			);
272
273	6		return $this->handleResponse($response);
274			}
275
276			/**
277			* Create a preapproval payment.
278			* @param array $preapprovalPayment
279			* @return array
280			* @throws MercadoPagoException If request failed.
281			*/
282	3	View Code Duplication	public function createPreapprovalPayment($preapprovalPayment)
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
283			{
284	3		$response = $this->client->post(
285	3		'/preapproval',
286			$preapprovalPayment,
287	3		['access_token' => $this->getAccessToken()]
288			);
289
290	3		return $this->handleResponse($response);
291			}
292
293			/**
294			* Get a preapproval payment.
295			* @param int $id
296			* @return array
297			* @throws MercadoPagoException If request failed.
298			*/
299	3	View Code Duplication	public function getPreapprovalPayment($id)
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
300			{
301	3		$response = $this->client->get(
302	3		'/preapproval/' . $id,
303	3		[],
304	3		['access_token' => $this->getAccessToken()]
305			);
306
307	3		return $this->handleResponse($response);
308			}
309
310			/**
311			* Update a preapproval payment.
312			* @param int $id
313			* @param array $payment
314			* @return array
315			* @throws MercadoPagoException If request failed.
316			*/
317	3	View Code Duplication	public function updatePreapprovalPayment($id, array $payment = [])
			0 ignored issues – show Duplication introduced 2017-06-22 22:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
318			{
319	3		$response = $this->client->put(
320	3		'/preapproval/' . $id,
321			$payment,
322	3		['access_token' => $this->getAccessToken()]
323			);
324
325	3		return $this->handleResponse($response);
326			}
327
328			/**
329			* @param Response $response
330			* @return array
331			* @throws MercadoPagoException If request failed.
332			*/
333	51		private function handleResponse(Response $response)
334			{
335	51		if ($response->isError()) {
336	12		throw new MercadoPagoException($response->getError(), $response->getStatusCode());
337			}
338
339	39		return $response->getData();
340			}
341			}
342

fedeisas / mercadopago-sdk-php

Issues (10)

Security Analysis no request data

src/MercadoPago.php (10 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like