Issues in Money.php (master) - Issues in master - grahamsutton/moneyman - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Money.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Graham Sutton 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace MoneyMan;

use MoneyMan\Exception\AmountIsNotAnIntegerException;
use MoneyMan\Exception\CannotAddDifferentCurrenciesException;
use MoneyMan\Exception\CannotSubtractDifferentCurrenciesException;

/**
 * The Money Class
 *
 * This class represents a money entity which consists
 * of an amount and a currency code.
 *
 * @author Graham A. Sutton <[email protected]>
 */
class Money
{
    /**
     * The amount of the monetary unit.
     * @var int
     */
    private $amount;

    /**
     * The currency of the monetary unit.
     * @var \MoneyMan\Currency
     */
    private $currency;

    /**
     * Constructor
     *
     * Sets the immutable amount and currency.
     *
     * @param  int                 $amount
     * @param  \MoneyMan\Currency  $currency
     */
    public function __construct($amount, Currency $currency)
    {
        if (!is_int($amount)) {
            throw new AmountIsNotAnIntegerException(
                'Cannot set a non-integer value as an amount on a \MoneyMan\Money object.'
            );
        }

        $this->amount   = $amount;
        $this->currency = $currency;
    }

    /**
     * Get the currency of the monetary unit.
     *
     * @return \MoneyMan\Currency
     */
    public function getCurrency()
    {
        return $this->currency;
    }

    /**
     * Get the amount of the monetary unit.
     *
     * @return int
     */
    public function getAmount()
    {
        return $this->amount;
    }

    /**
     * Get the amount and currency code in a human
     * readable format.
     *
     * e.g. (new \MoneyMan\Money(800, new \MoneyMan\Currency('USD')))->getFormatted(); // => "$8.00"
     *
     * @param string $locale  The locale to format the output to.
     *
     * @return string
     */
    public function getFormatted($locale = 'en_US')
    {
        $formatter = new \NumberFormatter($locale, \NumberFormatter::CURRENCY);

        // Divide by 100 since formatCurrency accepts a float as first argument
        $money_string = $formatter->formatCurrency(
            $this->getAmount() / 100,
            $this->getCurrency()->getCode()
        );

        // Replace invisible characters with a space.
        return str_replace("\xC2\xA0", " ", $money_string);
    }

    /**
     * Adds two \MoneyMan\Money objects together by combining the amounts and
     * returning a new \MoneyMan\Money object.
     *
     * This method can only add two money objects of the same \MoneyMan\Currency
     * type.
     *
     * @param \MoneyMan\Money $money
     *
     * @return \MoneyMan\Money
     *
     * @throws \MoneyMan\Exception\CannotAddDifferentCurrenciesException
     */
    public function add(Money $money)

    {
        // Validate they are of the same currency.
        if (!$this->hasSameCurrencyAs($money)) {
            throw new CannotAddDifferentCurrenciesException(
                'To directly add two money objects together, they must be of the same currency.' .
                'Use \MoneyMan\Exchange::add(\MoneyMan\Money, \MoneyMan\Money) to add \MoneyMan\Money ' .
                'objects of different currencies.'
            );
        }

        $total_amount = $this->getAmount() + $money->getAmount();

        return new self(
            $total_amount,
            $this->getCurrency()
        );
    }

    /**
     * Subtracts the incoming \MoneyMan\Money object's amount from this object.
     *
     * This method can only add two money objects of the same \MoneyMan\Currency
     * type.
     *
     * @param \MoneyMan\Money $money
     *
     * @return \MoneyMan\Money
     *
     * @throws \MoneyMan\Exception\CannotSubtractDifferentCurrenciesException
     */
    public function subtract(Money $money)

    {
        // Validate they are of the same currency.
        if (!$this->hasSameCurrencyAs($money)) {
            throw new CannotSubtractDifferentCurrenciesException(
                'To directly subtract one money object from another, they must be of the same currency.' .
                'Use \MoneyMan\Exchange::subtract(\MoneyMan\Money, \MoneyMan\Money) to subtract \MoneyMan\Money ' .
                'objects of different currencies.'
            );
        }

        $total_amount = $this->getAmount() - $money->getAmount();

        return new self(
            $total_amount,
            $this->getCurrency()
        );
    }

    /**
     * Determine if this \MoneyMan\Money object has the same currency as another
     * \MoneyMan\Money object.
     *
     * @param \MoneyMan\Money $money The money object to compare against.
     *
     * @return bool
     */
    public function hasSameCurrencyAs(Money $money)
    {
        return $this->getCurrency()->equals($money->getCurrency());
    }
}


1			<?php
2
3			namespace MoneyMan;
4
5			use MoneyMan\Exception\AmountIsNotAnIntegerException;
6			use MoneyMan\Exception\CannotAddDifferentCurrenciesException;
7			use MoneyMan\Exception\CannotSubtractDifferentCurrenciesException;
8
9			/**
10			* The Money Class
11			*
12			* This class represents a money entity which consists
13			* of an amount and a currency code.
14			*
15			* @author Graham A. Sutton <[email protected]>
16			*/
17			class Money
18			{
19			/**
20			* The amount of the monetary unit.
21			* @var int
22			*/
23			private $amount;
24
25			/**
26			* The currency of the monetary unit.
27			* @var \MoneyMan\Currency
28			*/
29			private $currency;
30
31			/**
32			* Constructor
33			*
34			* Sets the immutable amount and currency.
35			*
36			* @param int $amount
37			* @param \MoneyMan\Currency $currency
38			*/
39	32		public function __construct($amount, Currency $currency)
40			{
41	32		if (!is_int($amount)) {
42	1		throw new AmountIsNotAnIntegerException(
43	1		'Cannot set a non-integer value as an amount on a \MoneyMan\Money object.'
44			);
45			}
46
47	31		$this->amount = $amount;
48	31		$this->currency = $currency;
49	31		}
50
51			/**
52			* Get the currency of the monetary unit.
53			*
54			* @return \MoneyMan\Currency
55			*/
56	30		public function getCurrency()
57			{
58	30		return $this->currency;
59			}
60
61			/**
62			* Get the amount of the monetary unit.
63			*
64			* @return int
65			*/
66	26		public function getAmount()
67			{
68	26		return $this->amount;
69			}
70
71			/**
72			* Get the amount and currency code in a human
73			* readable format.
74			*
75			* e.g. (new \MoneyMan\Money(800, new \MoneyMan\Currency('USD')))->getFormatted(); // => "$8.00"
76			*
77			* @param string $locale The locale to format the output to.
78			*
79			* @return string
80			*/
81	8		public function getFormatted($locale = 'en_US')
82			{
83	8		$formatter = new \NumberFormatter($locale, \NumberFormatter::CURRENCY);
84
85			// Divide by 100 since formatCurrency accepts a float as first argument
86	8		$money_string = $formatter->formatCurrency(
87	8		$this->getAmount() / 100,
88	8		$this->getCurrency()->getCode()
89			);
90
91			// Replace invisible characters with a space.
92	8		return str_replace("\xC2\xA0", " ", $money_string);
93			}
94
95			/**
96			* Adds two \MoneyMan\Money objects together by combining the amounts and
97			* returning a new \MoneyMan\Money object.
98			*
99			* This method can only add two money objects of the same \MoneyMan\Currency
100			* type.
101			*
102			* @param \MoneyMan\Money $money
103			*
104			* @return \MoneyMan\Money
105			*
106			* @throws \MoneyMan\Exception\CannotAddDifferentCurrenciesException
107			*/
108	7	View Code Duplication	public function add(Money $money)
			0 ignored issues – show Duplication introduced 2017-03-06 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
109			{
110			// Validate they are of the same currency.
111	7		if (!$this->hasSameCurrencyAs($money)) {
112	1		throw new CannotAddDifferentCurrenciesException(
113			'To directly add two money objects together, they must be of the same currency.' .
114			'Use \MoneyMan\Exchange::add(\MoneyMan\Money, \MoneyMan\Money) to add \MoneyMan\Money ' .
115	1		'objects of different currencies.'
116			);
117			}
118
119	6		$total_amount = $this->getAmount() + $money->getAmount();
120
121	6		return new self(
122			$total_amount,
123	6		$this->getCurrency()
124			);
125			}
126
127			/**
128			* Subtracts the incoming \MoneyMan\Money object's amount from this object.
129			*
130			* This method can only add two money objects of the same \MoneyMan\Currency
131			* type.
132			*
133			* @param \MoneyMan\Money $money
134			*
135			* @return \MoneyMan\Money
136			*
137			* @throws \MoneyMan\Exception\CannotSubtractDifferentCurrenciesException
138			*/
139	7	View Code Duplication	public function subtract(Money $money)
			0 ignored issues – show Duplication introduced 2017-03-06 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
140			{
141			// Validate they are of the same currency.
142	7		if (!$this->hasSameCurrencyAs($money)) {
143	1		throw new CannotSubtractDifferentCurrenciesException(
144			'To directly subtract one money object from another, they must be of the same currency.' .
145			'Use \MoneyMan\Exchange::subtract(\MoneyMan\Money, \MoneyMan\Money) to subtract \MoneyMan\Money ' .
146	1		'objects of different currencies.'
147			);
148			}
149
150	6		$total_amount = $this->getAmount() - $money->getAmount();
151
152	6		return new self(
153			$total_amount,
154	6		$this->getCurrency()
155			);
156			}
157
158			/**
159			* Determine if this \MoneyMan\Money object has the same currency as another
160			* \MoneyMan\Money object.
161			*
162			* @param \MoneyMan\Money $money The money object to compare against.
163			*
164			* @return bool
165			*/
166	16		public function hasSameCurrencyAs(Money $money)
167			{
168	16		return $this->getCurrency()->equals($money->getCurrency());
169			}
170			}
171

grahamsutton / moneyman

Issues (3)

Security Analysis no request data

src/Money.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like