Issues in Getnet.php (master) - Issues in master - kolinalabs/GetnetSDK - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Getnet/API/Getnet.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Getnet\API;

/**
 * Class Getnet
 *
 * @package Getnet\API
 */
class Getnet
{
    /** @var */
    private $client_id;

    /** @var */
    private $client_secret;

    /** @var */
    private $environment;

    /** @var */
    private $authorizationToken;

    /** @var */
    private $keySession;

    /**
     * Getnet constructor.
     * @param $client_id
     * @param $client_secret
     * @param Environment|null $environment
     * @param null $keySession
     * @throws \Exception
     */
    public function __construct(
        $client_id,
        $client_secret,
        Environment $environment = null,
        $keySession = null
    ) {
        if (!$environment) {
            $environment = Environment::production();
        }

        $this->setClientId($client_id);
        $this->setClientSecret($client_secret);
        $this->setEnvironment($environment);
        $this->setKeySession($keySession);

        $request = new Request($this);

        return $request->auth($this);

    }

    /**
     * @return string
     */
    public function getClientId()
    {
        return $this->client_id;
    }

    /**
     * @param $client_id
     * @return $this
     */
    public function setClientId($client_id)
    {
        $this->client_id = (string)$client_id;

        return $this;
    }

    /**
     * @return string
     */
    public function getClientSecret()
    {
        return $this->client_secret;
    }

    /**
     * @param $client_secret
     * @return $this
     */
    public function setClientSecret($client_secret)
    {
        $this->client_secret = (string)$client_secret;

        return $this;
    }

    /**
     * @return Environment
     */
    public function getEnvironment()
    {
        return $this->environment;
    }

    /**
     * @param Environment $environment
     * @return $this
     */
    public function setEnvironment(Environment $environment)
    {
        $this->environment = $environment;

        return $this;
    }

    /**
     * @return string
     */
    public function getAuthorizationToken()
    {
        return $this->authorizationToken;
    }

    /**
     * @param $authorizationToken
     * @return $this
     */
    public function setAuthorizationToken($authorizationToken)
    {
        $this->authorizationToken = (string)$authorizationToken;

        return $this;
    }

    /**
     * @return string
     */
    public function getKeySession()
    {
        return $this->keySession;
    }

    /**
     * @param $keySession
     */
    public function setKeySession($keySession)
    {
        $this->keySession = (string)$keySession;
    }

    /**
     * @param Transaction $transaction
     * @return AuthorizeResponse|BaseResponse
     */
    public function authorize(Transaction $transaction)
    {
        try {
            $request = new Request($this);

            if ($transaction->getCredit()) {
                $response = $request->post($this, "/v1/payments/credit", $transaction->toJSON());
            } elseif ($transaction->getDebit()) {
                $response = $request->post($this, "/v1/payments/debit", $transaction->toJSON());
            } else {
                throw new \Exception("Error select credit or debit");
            }
        } catch (\Exception $e) {
            $error = new BaseResponse();
            $error->mapperJson(json_decode($e->getMessage(), true));

            return $error;
        }

        $authresponse = new AuthorizeResponse();
        $authresponse->mapperJson($response);

        return $authresponse;
    }

    /**
     * @param $payment_id
     * @return AuthorizeResponse|BaseResponse
     */
    public function authorizeConfirm($payment_id)
    {
        try {
            $request = new Request($this);
            $response = $request->post($this, "/v1/payments/credit/".$payment_id."/confirm", "");
        } catch (\Exception $e) {
            $error = new BaseResponse();
            $error->mapperJson(json_decode($e->getMessage(), true));

            return $error;
        }

        $authresponse = new AuthorizeResponse();
        $authresponse->mapperJson($response);

        return $authresponse;
    }

    /**
     * @param $payment_id
     * @param $payer_authentication_response
     * @return AuthorizeResponse|BaseResponse
     */
    public function authorizeConfirmDebit($payment_id, $payer_authentication_response)

    {
        try {
            $payer_authentication_response = ["payer_authentication_response" => $payer_authentication_response];
            $request = new Request($this);
            $response = $request->post($this, "/v1/payments/debit/".$payment_id."/authenticated/finalize", json_encode($payer_authentication_response));
        } catch (\Exception $e) {
            $error = new BaseResponse();
            $error->mapperJson(json_decode($e->getMessage(), true));

            return $error;
        }

        $authresponse = new AuthorizeResponse();
        $authresponse->mapperJson($response);

        return $authresponse;
    }

    /**
     * @param $payment_id
     * @param $amount_val
     * @return AuthorizeResponse|BaseResponse
     */
    public function authorizeCancel($payment_id, $amount_val)

    {
        $amount = ["amount" => $amount_val];

        try {
            $request = new Request($this);
            $response = $request->post($this, "/v1/payments/credit/".$payment_id."/cancel", json_encode($amount));
        } catch (\Exception $e) {
            $error = new BaseResponse();
            $error->mapperJson(json_decode($e->getMessage(), true));

            return $error;
        }

        $authresponse = new AuthorizeResponse();
        $authresponse->mapperJson($response);

        return $authresponse;
    }

    /**
     * @param Transaction $transaction
     * @return BaseResponse|BoletoResponse
     */
    public function boleto(Transaction $transaction)
    {
        try {
            $request = new Request($this);
            $response = $request->post($this, "/v1/payments/boleto", $transaction->toJSON());
        } catch (\Exception $e) {
            $error = new BaseResponse();
            $error->mapperJson(json_decode($e->getMessage(), true));

            return $error;
        }

        $boletoresponse = new BoletoResponse();
        $boletoresponse->mapperJson($response);
        $boletoresponse->setBaseUrl($request->getBaseUrl());
        $boletoresponse->generateLinks();

        return $boletoresponse;
    }

    /**
     * @param Card $card
     * @return BaseResponse|CardVerificationResponse
     */
    public function verifyCard(Card $card)
    {
        try {
            $request = new Request($this);
            $response = $request->post($this, "/v1/cards/verification", $card->toJSON());
        } catch (\Exception $e) {
            $error = new BaseResponse();
            $error->mapperJson(json_decode($e->getMessage(), true));

            return $error;
        }

        $cardVerificationResponse = new CardVerificationResponse();
        $cardVerificationResponse->mapperJson($response);

        return $cardVerificationResponse;
    }
}


1		<?php
2
3		namespace Getnet\API;
4
5		/**
6		* Class Getnet
7		*
8		* @package Getnet\API
9		*/
10		class Getnet
11		{
12		/** @var */
13		private $client_id;
14
15		/** @var */
16		private $client_secret;
17
18		/** @var */
19		private $environment;
20
21		/** @var */
22		private $authorizationToken;
23
24		/** @var */
25		private $keySession;
26
27		/**
28		* Getnet constructor.
29		* @param $client_id
30		* @param $client_secret
31		* @param Environment\|null $environment
32		* @param null $keySession
33		* @throws \Exception
34		*/
35		public function __construct(
36		$client_id,
37		$client_secret,
38		Environment $environment = null,
39		$keySession = null
40		) {
41		if (!$environment) {
42		$environment = Environment::production();
43		}
44
45		$this->setClientId($client_id);
46		$this->setClientSecret($client_secret);
47		$this->setEnvironment($environment);
48		$this->setKeySession($keySession);
49
50		$request = new Request($this);
51
52		return $request->auth($this);
		0 ignored issues – show Bug introduced 2018-12-05 19:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this Constructors do not have meaningful return values, anything that is returned from here is discarded. Are you sure this is correct? Loading history...
53		}
54
55		/**
56		* @return string
57		*/
58		public function getClientId()
59		{
60		return $this->client_id;
61		}
62
63		/**
64		* @param $client_id
65		* @return $this
66		*/
67		public function setClientId($client_id)
68		{
69		$this->client_id = (string)$client_id;
70
71		return $this;
72		}
73
74		/**
75		* @return string
76		*/
77		public function getClientSecret()
78		{
79		return $this->client_secret;
80		}
81
82		/**
83		* @param $client_secret
84		* @return $this
85		*/
86		public function setClientSecret($client_secret)
87		{
88		$this->client_secret = (string)$client_secret;
89
90		return $this;
91		}
92
93		/**
94		* @return Environment
95		*/
96		public function getEnvironment()
97		{
98		return $this->environment;
99		}
100
101		/**
102		* @param Environment $environment
103		* @return $this
104		*/
105		public function setEnvironment(Environment $environment)
106		{
107		$this->environment = $environment;
108
109		return $this;
110		}
111
112		/**
113		* @return string
114		*/
115		public function getAuthorizationToken()
116		{
117		return $this->authorizationToken;
118		}
119
120		/**
121		* @param $authorizationToken
122		* @return $this
123		*/
124		public function setAuthorizationToken($authorizationToken)
125		{
126		$this->authorizationToken = (string)$authorizationToken;
127
128		return $this;
129		}
130
131		/**
132		* @return string
133		*/
134		public function getKeySession()
135		{
136		return $this->keySession;
137		}
138
139		/**
140		* @param $keySession
141		*/
142		public function setKeySession($keySession)
143		{
144		$this->keySession = (string)$keySession;
145		}
146
147		/**
148		* @param Transaction $transaction
149		* @return AuthorizeResponse\|BaseResponse
150		*/
151		public function authorize(Transaction $transaction)
152		{
153		try {
154		$request = new Request($this);
155
156		if ($transaction->getCredit()) {
157		$response = $request->post($this, "/v1/payments/credit", $transaction->toJSON());
158		} elseif ($transaction->getDebit()) {
159		$response = $request->post($this, "/v1/payments/debit", $transaction->toJSON());
160		} else {
161		throw new \Exception("Error select credit or debit");
162		}
163		} catch (\Exception $e) {
164		$error = new BaseResponse();
165		$error->mapperJson(json_decode($e->getMessage(), true));
166
167		return $error;
168		}
169
170		$authresponse = new AuthorizeResponse();
171		$authresponse->mapperJson($response);
172
173		return $authresponse;
174		}
175
176		/**
177		* @param $payment_id
178		* @return AuthorizeResponse\|BaseResponse
179		*/
180		public function authorizeConfirm($payment_id)
181		{
182		try {
183		$request = new Request($this);
184		$response = $request->post($this, "/v1/payments/credit/".$payment_id."/confirm", "");
185		} catch (\Exception $e) {
186		$error = new BaseResponse();
187		$error->mapperJson(json_decode($e->getMessage(), true));
188
189		return $error;
190		}
191
192		$authresponse = new AuthorizeResponse();
193		$authresponse->mapperJson($response);
194
195		return $authresponse;
196		}
197
198		/**
199		* @param $payment_id
200		* @param $payer_authentication_response
201		* @return AuthorizeResponse\|BaseResponse
202		*/
203	View Code Duplication	public function authorizeConfirmDebit($payment_id, $payer_authentication_response)
		0 ignored issues – show Duplication introduced 2018-12-05 19:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
204		{
205		try {
206		$payer_authentication_response = ["payer_authentication_response" => $payer_authentication_response];
207		$request = new Request($this);
208		$response = $request->post($this, "/v1/payments/debit/".$payment_id."/authenticated/finalize", json_encode($payer_authentication_response));
209		} catch (\Exception $e) {
210		$error = new BaseResponse();
211		$error->mapperJson(json_decode($e->getMessage(), true));
212
213		return $error;
214		}
215
216		$authresponse = new AuthorizeResponse();
217		$authresponse->mapperJson($response);
218
219		return $authresponse;
220		}
221
222		/**
223		* @param $payment_id
224		* @param $amount_val
225		* @return AuthorizeResponse\|BaseResponse
226		*/
227	View Code Duplication	public function authorizeCancel($payment_id, $amount_val)
		0 ignored issues – show Duplication introduced 2018-12-05 19:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
228		{
229		$amount = ["amount" => $amount_val];
230
231		try {
232		$request = new Request($this);
233		$response = $request->post($this, "/v1/payments/credit/".$payment_id."/cancel", json_encode($amount));
234		} catch (\Exception $e) {
235		$error = new BaseResponse();
236		$error->mapperJson(json_decode($e->getMessage(), true));
237
238		return $error;
239		}
240
241		$authresponse = new AuthorizeResponse();
242		$authresponse->mapperJson($response);
243
244		return $authresponse;
245		}
246
247		/**
248		* @param Transaction $transaction
249		* @return BaseResponse\|BoletoResponse
250		*/
251		public function boleto(Transaction $transaction)
252		{
253		try {
254		$request = new Request($this);
255		$response = $request->post($this, "/v1/payments/boleto", $transaction->toJSON());
256		} catch (\Exception $e) {
257		$error = new BaseResponse();
258		$error->mapperJson(json_decode($e->getMessage(), true));
259
260		return $error;
261		}
262
263		$boletoresponse = new BoletoResponse();
264		$boletoresponse->mapperJson($response);
265		$boletoresponse->setBaseUrl($request->getBaseUrl());
266		$boletoresponse->generateLinks();
267
268		return $boletoresponse;
269		}
270
271		/**
272		* @param Card $card
273		* @return BaseResponse\|CardVerificationResponse
274		*/
275		public function verifyCard(Card $card)
276		{
277		try {
278		$request = new Request($this);
279		$response = $request->post($this, "/v1/cards/verification", $card->toJSON());
280		} catch (\Exception $e) {
281		$error = new BaseResponse();
282		$error->mapperJson(json_decode($e->getMessage(), true));
283
284		return $error;
285		}
286
287		$cardVerificationResponse = new CardVerificationResponse();
288		$cardVerificationResponse->mapperJson($response);
289
290		return $cardVerificationResponse;
291		}
292		}
293

kolinalabs / GetnetSDK

Issues (10)

Security Analysis no request data

src/Getnet/API/Getnet.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like