Issues in UserAPI.php (master) - Issues in master - gorkalaucirica/HipchatAPIv2Client - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

API/UserAPI.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace GorkaLaucirica\HipchatAPIv2Client\API;

use GorkaLaucirica\HipchatAPIv2Client\Client;
use GorkaLaucirica\HipchatAPIv2Client\Model\User;
use GorkaLaucirica\HipchatAPIv2Client\Model\Message;

class UserAPI
{
    /** @var Client */
    protected $client;

    /**
     * Room api constructor
     *
     * @param Client $client that will be used to connect the server
     */
    public function __construct(Client $client)
    {
        $this->client = $client;
    }

    /**
     * List all users in the group
     * More info: https://www.hipchat.com/docs/apiv2/method/get_all_users
     *
     * @param array $parameters The following are accepted: start-index, max-results, include-guests, include-deleted
     *
     * @return array of Users
     */
    public function getAllUsers($parameters = array())
    {
        $response = $this->client->get('/v2/user', $parameters);

        $users = array();
        foreach ($response['items'] as $response) {
            $users[] = new User($response);
        }

        return $users;
    }

    /**
     * Gets user by id, email or mention name
     * More info: https://www.hipchat.com/docs/apiv2/method/view_user
     *
     * @param string $userId The id, email address, or mention name (beginning with an '@') of the user to view
     *
     * @return User
     */
    public function getUser($userId)
    {
        $response = $this->client->get(sprintf('/v2/user/%s', $userId));

        return new User($response);
    }

    /**
     * Creates a new user
     * More info: https://www.hipchat.com/docs/apiv2/method/create_user
     *
     * @param User   $user     User to be created
     * @param string $password User's password
     *
     * @return mixed
     */
    public function createUser(User $user, $password)
    {
        $request = $user->toJson();
        $request['password'] = $password;
        $response = $this->client->post('/v2/user', $request);

        return $response['id'];
    }

    /**
     * Update a user
     * More info: https://www.hipchat.com/docs/apiv2/method/update_user
     *
     * @param User $user User to be updated
     */
    public function updateUser(User $user)
    {
        $request = $user->toJson();
        $this->client->put(sprintf('/v2/user/%s', $user->getId()), $request);
    }

    /**
     * Delete a user.
     *
     * @param string $userId The id, email address, or mention name (beginning with an '@') of the user to delete
     */
    public function deleteUser($userId)
    {
        $this->client->delete(sprintf('/v2/user/%s', $userId));
    }

    /**
     * Sends a user a private message
     * More info: https://www.hipchat.com/docs/apiv2/method/private_message_user
     *
     * @param string $userId  The id, email address, or mention name (beginning with an '@') of the user to send a message to
     * @param mixed  $message The message to send as plain text
     */
    public function privateMessageUser($userId, $message)
    {
        if (is_string($message)) {
            $content = array('message' => $message);
        } else { // Assuming its a Message
            $content = $message->toJson();
        }
        $this->client->post(sprintf('/v2/user/%s/message', $userId), $content);
    }

    /**
     * Fetch latest chat history for the 1:1 chat with the user
     * More info: https://www.hipchat.com/docs/apiv2/method/view_recent_privatechat_history
     *
     * @param string $userId     The id, email address, or mention name (beginning with an '@') of the user
     * @param mixed  $parameters Optional parameters, check above documentation for more info
     *
     * @return array Message
     */
    public function getRecentPrivateChatHistory($userId, array $parameters = array())

    {
        $response = $this->client->get(
            sprintf('/v2/user/%s/history/latest', $userId),
            $parameters
        );

        $messages = array();
        foreach ($response['items'] as $response) {
            $messages[] = new Message($response);
        }

        return $messages;
    }

    /**
     * Fetch one specific message by id
     * More info: https://www.hipchat.com/docs/apiv2/method/get_privatechat_message
     *
     * @param string $user       The id, email address, or mention name (beginning with an '@') of the user
     * @param string $messageId  The id of the message to retrieve
     * @param array  $parameters Optional parameters, check above documentation for more info
     *
     * @return Message
     */
    public function getPrivateChatMessage($user, $messageId, array $parameters = array())

    {
        $response = $this->client->get(
            sprintf('/v2/user/%s/history/%s', $user, $messageId),
            $parameters
        );

        $message = new Message($response['message']);

        return $message;
    }

    /**
     * Gets a user photo
     * More info: https://www.hipchat.com/docs/apiv2/method/get_photo
     *
     * @param string $userId The id, email address, or mention name (beginning with an '@') of the user
     * @param string $size   The size to retrieve ("small" or "big")
     *
     * @return string
     */
    public function getPhoto($userId, $size)
    {
        $response = $this->client->get(
            sprintf('/v2/user/%s/photo/%s', $userId, $size)
        );

        return $response;
    }
}


1		<?php
2
3		namespace GorkaLaucirica\HipchatAPIv2Client\API;
4
5		use GorkaLaucirica\HipchatAPIv2Client\Client;
6		use GorkaLaucirica\HipchatAPIv2Client\Model\User;
7		use GorkaLaucirica\HipchatAPIv2Client\Model\Message;
8
9		class UserAPI
10		{
11		/** @var Client */
12		protected $client;
13
14		/**
15		* Room api constructor
16		*
17		* @param Client $client that will be used to connect the server
18		*/
19		public function __construct(Client $client)
20		{
21		$this->client = $client;
22		}
23
24		/**
25		* List all users in the group
26		* More info: https://www.hipchat.com/docs/apiv2/method/get_all_users
27		*
28		* @param array $parameters The following are accepted: start-index, max-results, include-guests, include-deleted
29		*
30		* @return array of Users
31		*/
32		public function getAllUsers($parameters = array())
33		{
34		$response = $this->client->get('/v2/user', $parameters);
35
36		$users = array();
37		foreach ($response['items'] as $response) {
38		$users[] = new User($response);
39		}
40
41		return $users;
42		}
43
44		/**
45		* Gets user by id, email or mention name
46		* More info: https://www.hipchat.com/docs/apiv2/method/view_user
47		*
48		* @param string $userId The id, email address, or mention name (beginning with an '@') of the user to view
49		*
50		* @return User
51		*/
52		public function getUser($userId)
53		{
54		$response = $this->client->get(sprintf('/v2/user/%s', $userId));
55
56		return new User($response);
57		}
58
59		/**
60		* Creates a new user
61		* More info: https://www.hipchat.com/docs/apiv2/method/create_user
62		*
63		* @param User $user User to be created
64		* @param string $password User's password
65		*
66		* @return mixed
67		*/
68		public function createUser(User $user, $password)
69		{
70		$request = $user->toJson();
71		$request['password'] = $password;
72		$response = $this->client->post('/v2/user', $request);
73
74		return $response['id'];
75		}
76
77		/**
78		* Update a user
79		* More info: https://www.hipchat.com/docs/apiv2/method/update_user
80		*
81		* @param User $user User to be updated
82		*/
83		public function updateUser(User $user)
84		{
85		$request = $user->toJson();
86		$this->client->put(sprintf('/v2/user/%s', $user->getId()), $request);
87		}
88
89		/**
90		* Delete a user.
91		*
92		* @param string $userId The id, email address, or mention name (beginning with an '@') of the user to delete
93		*/
94		public function deleteUser($userId)
95		{
96		$this->client->delete(sprintf('/v2/user/%s', $userId));
97		}
98
99		/**
100		* Sends a user a private message
101		* More info: https://www.hipchat.com/docs/apiv2/method/private_message_user
102		*
103		* @param string $userId The id, email address, or mention name (beginning with an '@') of the user to send a message to
104		* @param mixed $message The message to send as plain text
105		*/
106		public function privateMessageUser($userId, $message)
107		{
108		if (is_string($message)) {
109		$content = array('message' => $message);
110		} else { // Assuming its a Message
111		$content = $message->toJson();
112		}
113		$this->client->post(sprintf('/v2/user/%s/message', $userId), $content);
114		}
115
116		/**
117		* Fetch latest chat history for the 1:1 chat with the user
118		* More info: https://www.hipchat.com/docs/apiv2/method/view_recent_privatechat_history
119		*
120		* @param string $userId The id, email address, or mention name (beginning with an '@') of the user
121		* @param mixed $parameters Optional parameters, check above documentation for more info
122		*
123		* @return array Message
124		*/
125	View Code Duplication	public function getRecentPrivateChatHistory($userId, array $parameters = array())
		0 ignored issues – show Duplication introduced 2017-12-01 14:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
126		{
127		$response = $this->client->get(
128		sprintf('/v2/user/%s/history/latest', $userId),
129		$parameters
130		);
131
132		$messages = array();
133		foreach ($response['items'] as $response) {
134		$messages[] = new Message($response);
135		}
136
137		return $messages;
138		}
139
140		/**
141		* Fetch one specific message by id
142		* More info: https://www.hipchat.com/docs/apiv2/method/get_privatechat_message
143		*
144		* @param string $user The id, email address, or mention name (beginning with an '@') of the user
145		* @param string $messageId The id of the message to retrieve
146		* @param array $parameters Optional parameters, check above documentation for more info
147		*
148		* @return Message
149		*/
150	View Code Duplication	public function getPrivateChatMessage($user, $messageId, array $parameters = array())
		0 ignored issues – show Duplication introduced 2017-12-01 14:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
151		{
152		$response = $this->client->get(
153		sprintf('/v2/user/%s/history/%s', $user, $messageId),
154		$parameters
155		);
156
157		$message = new Message($response['message']);
158
159		return $message;
160		}
161
162		/**
163		* Gets a user photo
164		* More info: https://www.hipchat.com/docs/apiv2/method/get_photo
165		*
166		* @param string $userId The id, email address, or mention name (beginning with an '@') of the user
167		* @param string $size The size to retrieve ("small" or "big")
168		*
169		* @return string
170		*/
171		public function getPhoto($userId, $size)
172		{
173		$response = $this->client->get(
174		sprintf('/v2/user/%s/photo/%s', $userId, $size)
175		);
176
177		return $response;
178		}
179		}
180

gorkalaucirica / HipchatAPIv2Client

Issues (9)

Security Analysis no request data

API/UserAPI.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like