Issues in Prize.php (develop) - Issues in develop - gregorybesson/PlaygroundGame - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1039)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Entity/Prize.php (7 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace PlaygroundGame\Entity;

use Doctrine\ORM\Mapping as ORM;
use Doctrine\ORM\Mapping\HasLifecycleCallbacks;
use Doctrine\ORM\Mapping\PrePersist;
use Doctrine\ORM\Mapping\PreUpdate;
use Zend\InputFilter\InputFilter;
use Zend\InputFilter\Factory as InputFactory;
use Zend\InputFilter\InputFilterInterface;

/**
 * @ORM\Entity @HasLifecycleCallbacks
 * @ORM\Table(name="game_prize")
 */
class Prize implements \JsonSerializable
{
    protected $inputFilter;

    /**
     * @ORM\Id
     * @ORM\Column(type="integer");
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @ORM\ManyToOne(targetEntity="Game", inversedBy="prizes")
     *
     **/
    protected $game;

    /**
     * @ORM\Column(type="string", length=255, nullable=false)
     */
    protected $title;

    /**
     * @ORM\Column(type="string", length=255, nullable=false)
     */
    protected $identifier;

    /**
     * @ORM\ManyToOne(targetEntity="PrizeCategory")
     * @ORM\JoinColumn(name="prize_category_id", referencedColumnName="id")
     **/
    protected $prizeCategory;

    /**
     * @ORM\Column(name="prize_content",type="text", nullable=true)
     */
    protected $prizeContent;

    /**
     * The points you win when you grab this prize
     * @ORM\Column(type="integer", nullable=true)
     */
    protected $points = 0;

    /**
     * @ORM\Column(type="integer", nullable=false)
     */
    protected $qty = 0;

    /**
     * @ORM\Column(name="unit_price", type="float", nullable=false)
     */
    protected $unitPrice = 0;

    /**
     * @ORM\Column(type="string", length=10, nullable=true)
     */
    protected $currency;

    /**
     * @ORM\Column(name="created_at", type="datetime")
     */
    protected $createdAt;

    /**
     * @ORM\Column(name="updated_at", type="datetime")
     */
    protected $updatedAt;

    /**
     * @ORM\Column(type="string", length=255, nullable=true)
     */
    protected $picture;

    /** @PrePersist */
    public function createChrono()
    {
        $this->createdAt = new \DateTime("now");
        $this->updatedAt = new \DateTime("now");
    }

    /** @PreUpdate */
    public function updateChrono()
    {
        $this->updatedAt = new \DateTime("now");
    }

    /**
     * @return the $id
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * @param field_type $id
     */
    public function setId($id)
    {
        $this->id = $id;

        return $this;
    }

    /**
     * @return the unknown_type
     */
    public function getGame()
    {
        return $this->game;
    }

    /**
     * @param unknown_type $game
     */
    public function setGame($game)
    {
        $this->game = $game;

        return $this;
    }

    /**
     * @return the $title
     */
    public function getTitle()
    {
        return $this->title;
    }

    /**
     * @param field_type $title
     */
    public function setTitle($title)
    {
        $this->title = $title;

        return $this;
    }

    /**
     * @return the $identifier
     */
    public function getIdentifier()
    {
        return $this->identifier;
    }

    /**
     * @param field_type $identifier
     */
    public function setIdentifier($identifier)
    {
        $this->identifier = $identifier;

        return $this;
    }

    /**
     * @return the $prizeCategory
     */
    public function getPrizeCategory()
    {
        return $this->prizeCategory;
    }

    /**
     * @param unknown $prizeCategory
     */
    public function setPrizeCategory($prizeCategory)
    {
        $this->prizeCategory = $prizeCategory;

        return $this;
    }

    /**
     * @return the $prizeContent
     */
    public function getPrizeContent()
    {
        return $this->prizeContent;
    }

    /**
     */
    public function setPrizeContent($prizeContent)
    {
        $this->prizeContent = $prizeContent;

        return $this;
    }

    /**
     * @return integer unknown_type
     */
    public function getPoints()
    {
        return $this->points;
    }

    /**
     * @param unknown_type $points
     */
    public function setPoints($points)
    {
        $this->points = $points;


        return $this;
    }

    /**
     * @return integer $qty
     */
    public function getQty()
    {
        return $this->qty;
    }

    /**
     * @param number $qty
     */
    public function setQty($qty)
    {
        $this->qty = $qty;
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}

        return $this;
    }

    /**
     * @return integer $unitPrice
     */
    public function getUnitPrice()
    {
        return $this->unitPrice;
    }

    /**
     * @param number $unitPrice
     */
    public function setUnitPrice($unitPrice)
    {
        $this->unitPrice = $unitPrice;
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}

        return $this;
    }

    /**
     * @return the $currency
     */
    public function getCurrency()
    {
        return $this->currency;
    }

    /**
     * @param field_type $currency
     */
    public function setCurrency($currency)
    {
        $this->currency = $currency;

        return $this;
    }

    /**
     * @return \DateTime $created_at
     */
    public function getCreatedAt()
    {
        return $this->createdAt;
    }

    /**
     * @param \DateTime $createdAt
     */
    public function setCreatedAt($createdAt)
    {
        $this->createdAt = $createdAt;

        return $this;
    }

    /**
     * @return \DateTime $updatedAt
     */
    public function getUpdatedAt()
    {
        return $this->updatedAt;
    }

    /**
     * @param \DateTime $updatedAt
     */
    public function setUpdatedAt($updatedAt)
    {
        $this->updatedAt = $updatedAt;

        return $this;
    }

    /**
     * @return the $picture
     */
    public function getPicture()
    {
        return $this->picture;
    }

    /**
     * @param field_type $picture
     */
    public function setPicture($picture)
    {
        $this->picture = $picture;

        return $this;
    }

    /**
     * Convert the object to an array.
     *
     * @return array
     */
    public function getArrayCopy()
    {
        $obj_vars = get_object_vars($this);

        return $obj_vars;
    }

    /**
    * Convert the object to json.
    *
    * @return array
    */
    public function jsonSerialize()
    {
        return $this->getArrayCopy();
    }

    /**
     * Populate from an array.
     *
     * @param array $data
     */
    public function populate($data = array())
    {
        if (isset($data['prizeContent']) && $data['prizeContent'] !== null) {
            $this->prizeContent = $data['prizeContent'];
        }

        if (isset($data['title']) && $data['title'] !== null) {

            $this->title = $data['title'];
        }

        if (isset($data['qty']) && $data['qty'] !== null) {

            $this->qty = $data['qty'];
        }

        if (isset($data['identifier']) && $data['identifier'] !== null) {

            $this->identifier = $data['identifier'];
        }

        if (isset($data['unitPrice']) && $data['unitPrice'] !== null) {
            $this->unitPrice = $data['unitPrice'];
        }

        if (isset($data['currency']) && $data['currency'] !== null) {
            $this->currency = $data['currency'];
        }

        if (isset($data['picture']) && $data['picture'] !== null) {
            $this->picture = $data['picture'];
        }
    }

    /**
     * @return InputFilter $inputFilter
     */
    public function getInputFilter()

    {
        if (!$this->inputFilter) {
            $inputFilter = new InputFilter();
            $factory = new InputFactory();

            $inputFilter->add($factory->createInput(array(
                'name' => 'identifier',
                'required' => true,
                'filters' => array(
                    array(
                        'name' => 'StripTags'
                    ),
                    array(
                        'name' => 'StringTrim'
                    ),
                    array(
                        'name' => 'PlaygroundCore\Filter\Slugify'
                    )
                ),
                'validators' => array(
                    array(
                        'name' => 'StringLength',
                        'options' => array(
                            'encoding' => 'UTF-8',
                            'min' => 3,
                            'max' => 255
                        )
                    )
                )
            )));

            $this->inputFilter = $inputFilter;
        }

        return $this->inputFilter;
    }

    /**
     * @param InputFilterInterface $inputFilter
     */
    public function setInputFilter(InputFilterInterface $inputFilter)
    {
        throw new \Exception("Not used");
    }
}


1		<?php
2		namespace PlaygroundGame\Entity;
3
4		use Doctrine\ORM\Mapping as ORM;
5		use Doctrine\ORM\Mapping\HasLifecycleCallbacks;
6		use Doctrine\ORM\Mapping\PrePersist;
7		use Doctrine\ORM\Mapping\PreUpdate;
8		use Zend\InputFilter\InputFilter;
9		use Zend\InputFilter\Factory as InputFactory;
10		use Zend\InputFilter\InputFilterInterface;
11
12		/**
13		* @ORM\Entity @HasLifecycleCallbacks
14		* @ORM\Table(name="game_prize")
15		*/
16		class Prize implements \JsonSerializable
17		{
18		protected $inputFilter;
19
20		/**
21		* @ORM\Id
22		* @ORM\Column(type="integer");
23		* @ORM\GeneratedValue(strategy="AUTO")
24		*/
25		protected $id;
26
27		/**
28		* @ORM\ManyToOne(targetEntity="Game", inversedBy="prizes")
29		*
30		**/
31		protected $game;
32
33		/**
34		* @ORM\Column(type="string", length=255, nullable=false)
35		*/
36		protected $title;
37
38		/**
39		* @ORM\Column(type="string", length=255, nullable=false)
40		*/
41		protected $identifier;
42
43		/**
44		* @ORM\ManyToOne(targetEntity="PrizeCategory")
45		* @ORM\JoinColumn(name="prize_category_id", referencedColumnName="id")
46		**/
47		protected $prizeCategory;
48
49		/**
50		* @ORM\Column(name="prize_content",type="text", nullable=true)
51		*/
52		protected $prizeContent;
53
54		/**
55		* The points you win when you grab this prize
56		* @ORM\Column(type="integer", nullable=true)
57		*/
58		protected $points = 0;
59
60		/**
61		* @ORM\Column(type="integer", nullable=false)
62		*/
63		protected $qty = 0;
64
65		/**
66		* @ORM\Column(name="unit_price", type="float", nullable=false)
67		*/
68		protected $unitPrice = 0;
69
70		/**
71		* @ORM\Column(type="string", length=10, nullable=true)
72		*/
73		protected $currency;
74
75		/**
76		* @ORM\Column(name="created_at", type="datetime")
77		*/
78		protected $createdAt;
79
80		/**
81		* @ORM\Column(name="updated_at", type="datetime")
82		*/
83		protected $updatedAt;
84
85		/**
86		* @ORM\Column(type="string", length=255, nullable=true)
87		*/
88		protected $picture;
89
90		/** @PrePersist */
91		public function createChrono()
92		{
93		$this->createdAt = new \DateTime("now");
94		$this->updatedAt = new \DateTime("now");
95		}
96
97		/** @PreUpdate */
98		public function updateChrono()
99		{
100		$this->updatedAt = new \DateTime("now");
101		}
102
103		/**
104		* @return the $id
105		*/
106		public function getId()
107		{
108		return $this->id;
109		}
110
111		/**
112		* @param field_type $id
113		*/
114		public function setId($id)
115		{
116		$this->id = $id;
117
118		return $this;
119		}
120
121		/**
122		* @return the unknown_type
123		*/
124		public function getGame()
125		{
126		return $this->game;
127		}
128
129		/**
130		* @param unknown_type $game
131		*/
132		public function setGame($game)
133		{
134		$this->game = $game;
135
136		return $this;
137		}
138
139		/**
140		* @return the $title
141		*/
142		public function getTitle()
143		{
144		return $this->title;
145		}
146
147		/**
148		* @param field_type $title
149		*/
150		public function setTitle($title)
151		{
152		$this->title = $title;
153
154		return $this;
155		}
156
157		/**
158		* @return the $identifier
159		*/
160		public function getIdentifier()
161		{
162		return $this->identifier;
163		}
164
165		/**
166		* @param field_type $identifier
167		*/
168		public function setIdentifier($identifier)
169		{
170		$this->identifier = $identifier;
171
172		return $this;
173		}
174
175		/**
176		* @return the $prizeCategory
177		*/
178		public function getPrizeCategory()
179		{
180		return $this->prizeCategory;
181		}
182
183		/**
184		* @param unknown $prizeCategory
185		*/
186		public function setPrizeCategory($prizeCategory)
187		{
188		$this->prizeCategory = $prizeCategory;
189
190		return $this;
191		}
192
193		/**
194		* @return the $prizeContent
195		*/
196		public function getPrizeContent()
197		{
198		return $this->prizeContent;
199		}
200
201		/**
202		*/
203		public function setPrizeContent($prizeContent)
204		{
205		$this->prizeContent = $prizeContent;
206
207		return $this;
208		}
209
210		/**
211		* @return integer unknown_type
212		*/
213		public function getPoints()
214		{
215		return $this->points;
216		}
217
218		/**
219		* @param unknown_type $points
220		*/
221		public function setPoints($points)
222		{
223		$this->points = $points;
		0 ignored issues – show Documentation Bug introduced 2019-05-11 06:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$points` of type `object<PlaygroundGame\Entity\unknown_type>` is incompatible with the declared type `integer` of property `$points`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
224
225		return $this;
226		}
227
228		/**
229		* @return integer $qty
230		*/
231		public function getQty()
232		{
233		return $this->qty;
234		}
235
236		/**
237		* @param number $qty
238		*/
239		public function setQty($qty)
240		{
241		$this->qty = $qty;
		0 ignored issues – show Documentation Bug introduced 2015-11-21 00:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$qty` can also be of type `double`. However, the property `$qty` is declared as type `integer`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
242
243		return $this;
244		}
245
246		/**
247		* @return integer $unitPrice
248		*/
249		public function getUnitPrice()
250		{
251		return $this->unitPrice;
252		}
253
254		/**
255		* @param number $unitPrice
256		*/
257		public function setUnitPrice($unitPrice)
258		{
259		$this->unitPrice = $unitPrice;
		0 ignored issues – show Documentation Bug introduced 2015-11-21 00:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$unitPrice` can also be of type `double`. However, the property `$unitPrice` is declared as type `integer`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
260
261		return $this;
262		}
263
264		/**
265		* @return the $currency
266		*/
267		public function getCurrency()
268		{
269		return $this->currency;
270		}
271
272		/**
273		* @param field_type $currency
274		*/
275		public function setCurrency($currency)
276		{
277		$this->currency = $currency;
278
279		return $this;
280		}
281
282		/**
283		* @return \DateTime $created_at
284		*/
285		public function getCreatedAt()
286		{
287		return $this->createdAt;
288		}
289
290		/**
291		* @param \DateTime $createdAt
292		*/
293		public function setCreatedAt($createdAt)
294		{
295		$this->createdAt = $createdAt;
296
297		return $this;
298		}
299
300		/**
301		* @return \DateTime $updatedAt
302		*/
303		public function getUpdatedAt()
304		{
305		return $this->updatedAt;
306		}
307
308		/**
309		* @param \DateTime $updatedAt
310		*/
311		public function setUpdatedAt($updatedAt)
312		{
313		$this->updatedAt = $updatedAt;
314
315		return $this;
316		}
317
318		/**
319		* @return the $picture
320		*/
321		public function getPicture()
322		{
323		return $this->picture;
324		}
325
326		/**
327		* @param field_type $picture
328		*/
329		public function setPicture($picture)
330		{
331		$this->picture = $picture;
332
333		return $this;
334		}
335
336		/**
337		* Convert the object to an array.
338		*
339		* @return array
340		*/
341		public function getArrayCopy()
342		{
343		$obj_vars = get_object_vars($this);
344
345		return $obj_vars;
346		}
347
348		/**
349		* Convert the object to json.
350		*
351		* @return array
352		*/
353		public function jsonSerialize()
354		{
355		return $this->getArrayCopy();
356		}
357
358		/**
359		* Populate from an array.
360		*
361		* @param array $data
362		*/
363		public function populate($data = array())
364		{
365		if (isset($data['prizeContent']) && $data['prizeContent'] !== null) {
366		$this->prizeContent = $data['prizeContent'];
367		}
368
369	View Code Duplication	if (isset($data['title']) && $data['title'] !== null) {
		0 ignored issues – show Duplication introduced 2015-11-21 00:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
370		$this->title = $data['title'];
371		}
372
373	View Code Duplication	if (isset($data['qty']) && $data['qty'] !== null) {
		0 ignored issues – show Duplication introduced 2015-11-21 00:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
374		$this->qty = $data['qty'];
375		}
376
377	View Code Duplication	if (isset($data['identifier']) && $data['identifier'] !== null) {
		0 ignored issues – show Duplication introduced 2015-11-21 00:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
378		$this->identifier = $data['identifier'];
379		}
380
381		if (isset($data['unitPrice']) && $data['unitPrice'] !== null) {
382		$this->unitPrice = $data['unitPrice'];
383		}
384
385		if (isset($data['currency']) && $data['currency'] !== null) {
386		$this->currency = $data['currency'];
387		}
388
389		if (isset($data['picture']) && $data['picture'] !== null) {
390		$this->picture = $data['picture'];
391		}
392		}
393
394		/**
395		* @return InputFilter $inputFilter
396		*/
397	View Code Duplication	public function getInputFilter()
		0 ignored issues – show Duplication introduced 2018-03-03 12:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
398		{
399		if (!$this->inputFilter) {
400		$inputFilter = new InputFilter();
401		$factory = new InputFactory();
402
403		$inputFilter->add($factory->createInput(array(
404		'name' => 'identifier',
405		'required' => true,
406		'filters' => array(
407		array(
408		'name' => 'StripTags'
409		),
410		array(
411		'name' => 'StringTrim'
412		),
413		array(
414		'name' => 'PlaygroundCore\Filter\Slugify'
415		)
416		),
417		'validators' => array(
418		array(
419		'name' => 'StringLength',
420		'options' => array(
421		'encoding' => 'UTF-8',
422		'min' => 3,
423		'max' => 255
424		)
425		)
426		)
427		)));
428
429		$this->inputFilter = $inputFilter;
430		}
431
432		return $this->inputFilter;
433		}
434
435		/**
436		* @param InputFilterInterface $inputFilter
437		*/
438		public function setInputFilter(InputFilterInterface $inputFilter)
439		{
440		throw new \Exception("Not used");
441		}
442		}
443

gregorybesson / PlaygroundGame

Issues (1039)

Security Analysis not enabled

src/Entity/Prize.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like