Issues in FacebookMessage.php (master) - Issues in master - laravel-notification-channels/facebook - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/FacebookMessage.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace NotificationChannels\Facebook;

use JsonSerializable;
use NotificationChannels\Facebook\Enums\AttachmentType;
use NotificationChannels\Facebook\Enums\MessagingType;
use NotificationChannels\Facebook\Enums\NotificationType;
use NotificationChannels\Facebook\Enums\RecipientType;
use NotificationChannels\Facebook\Exceptions\CouldNotCreateMessage;
use NotificationChannels\Facebook\Traits\HasButtons;

/**
 * Class FacebookMessage.
 */
class FacebookMessage implements JsonSerializable
{
    use HasButtons;

    /** @var string Recipient's ID. */
    public $recipient;

    /** @var string Recipient Type */
    public $recipientType = RecipientType::ID;

    /** @var string Notification Text. */
    public $text;

    /** @var string Notification Type */
    public $notificationType = NotificationType::REGULAR;

    /** @var string Messaging Type. Defaults to UPDATE */
    protected $messagingType = MessagingType::UPDATE;

    /** @var array Generic Template Cards (items) */
    public $cards = [];

    /** @var string Attachment Type. Defaults to File */
    public $attachmentType = AttachmentType::FILE;

    /** @var string Attachment URL */
    public $attachmentUrl;

    /** @var bool */
    protected $hasAttachment = false;

    /** @var bool */
    protected $hasText = false;

    /** @var string Message tag used with messaging type MESSAGE_TAG */
    protected $messageTag;

    /**
     * @param  string  $text
     *
     * @throws CouldNotCreateMessage
     * @return static
     */
    public static function create(string $text = ''): self
    {
        return new static($text);
    }

    /**
     * @param  string  $text
     *
     * @throws CouldNotCreateMessage
     */
    public function __construct(string $text = '')
    {
        if ($text !== '') {
            $this->text($text);
        }
    }

    /**
     * Recipient's PSID or Phone Number.
     *
     * The id must be an ID that was retrieved through the
     * Messenger entry points or through the Messenger webhooks.
     *
     * @param  string|array  $recipient  ID of recipient or Phone number of the recipient with the format
     *     +1(212)555-2368
     * @param  string        $type  Recipient Type: id, user_ref, phone_number, post_id, comment_id.
     *
     * @return $this
     */
    public function to($recipient, string $type = RecipientType::ID): self
    {
        if (is_array($recipient)) {
            [$type, $recipient] = $recipient;
        }

        $this->recipient = $recipient;
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}
        $this->recipientType = $type;

        return $this;
    }

    /**
     * Notification text.
     *
     * @param  string  $text
     *
     * @throws CouldNotCreateMessage
     *
     * @return $this
     */
    public function text(string $text): self
    {
        if (mb_strlen($text) > 320) {
            throw CouldNotCreateMessage::textTooLong();
        }

        $this->text = $text;
        $this->hasText = true;

        return $this;
    }

    /**
     * Add Attachment.
     *
     * @param  string  $attachmentType
     * @param  string  $url
     *
     * @throws CouldNotCreateMessage
     *
     * @return $this
     */
    public function attach(string $attachmentType, string $url): self
    {
        $attachmentTypes = [
            AttachmentType::FILE,
            AttachmentType::IMAGE,
            AttachmentType::VIDEO,
            AttachmentType::AUDIO,
        ];

        if (! in_array($attachmentType, $attachmentTypes, false)) {
            throw CouldNotCreateMessage::invalidAttachmentType();
        }

        if (blank($url)) {
            throw CouldNotCreateMessage::urlNotProvided();
        }

        $this->attachmentType = $attachmentType;
        $this->attachmentUrl = $url;
        $this->hasAttachment = true;

        return $this;
    }

    /**
     * Push notification type.
     *
     * @param  string  $notificationType  Possible values: REGULAR, SILENT_PUSH, NO_PUSH
     *
     * @throws CouldNotCreateMessage
     * @return $this
     */
    public function notificationType(string $notificationType): self
    {
        $notificationTypes = [
            NotificationType::REGULAR,
            NotificationType::SILENT_PUSH,
            NotificationType::NO_PUSH,
        ];

        if (! in_array($notificationType, $notificationTypes, false)) {
            throw CouldNotCreateMessage::invalidNotificationType();
        }

        $this->notificationType = $notificationType;

        return $this;
    }

    /**
     * Helper to set notification type as REGULAR.
     *
     * @return $this
     */
    public function isTypeRegular(): self
    {
        $this->notificationType = NotificationType::REGULAR;

        return $this;
    }

    /**
     * Helper to set notification type as SILENT_PUSH.
     *
     * @return $this
     */
    public function isTypeSilentPush(): self
    {
        $this->notificationType = NotificationType::SILENT_PUSH;

        return $this;
    }

    /**
     * Helper to set notification type as NO_PUSH.
     *
     * @return $this
     */
    public function isTypeNoPush(): self
    {
        $this->notificationType = NotificationType::NO_PUSH;

        return $this;
    }

    /**
     * Helper to set messaging type as RESPONSE.
     *
     * @return $this
     */
    public function isResponse(): self
    {
        $this->messagingType = MessagingType::RESPONSE;

        return $this;
    }

    /**
     * Helper to set messaging type as UPDATE.
     *
     * @return $this
     */
    public function isUpdate(): self
    {
        $this->messagingType = MessagingType::UPDATE;

        return $this;
    }

    /**
     * Helper to set messaging type as MESSAGE_TAG.
     *
     * @param $messageTag
     *
     * @return $this
     */
    public function isMessageTag($messageTag): self
    {
        $this->messagingType = MessagingType::MESSAGE_TAG;
        $this->messageTag = $messageTag;

        return $this;
    }

    /**
     * Add up to 10 cards to be displayed in a carousel.
     *
     * @param  array  $cards
     *
     * @throws CouldNotCreateMessage
     * @return $this
     */
    public function cards(array $cards): self
    {
        if (count($cards) > 10) {
            throw CouldNotCreateMessage::messageCardsLimitExceeded();
        }

        $this->cards = $cards;

        return $this;
    }

    /**
     * Determine if user id is not given.
     *
     * @return bool
     */
    public function toNotGiven(): bool
    {
        return ! isset($this->recipient);
    }

    /**
     * Convert the object into something JSON serializable.
     *
     * @throws CouldNotCreateMessage
     * @return mixed
     */
    public function jsonSerialize()
    {
        return $this->toArray();
    }

    /**
     * Returns message payload for JSON conversion.
     *
     * @throws CouldNotCreateMessage
     * @return array
     */
    public function toArray(): array
    {
        if ($this->hasAttachment) {
            return $this->attachmentMessageToArray();
        }

        if ($this->hasText) {
            // check if it has buttons
            if (count($this->buttons) > 0) {
                return $this->buttonMessageToArray();
            }

            return $this->textMessageToArray();
        }

        if (count($this->cards) > 0) {
            return $this->genericMessageToArray();
        }

        throw CouldNotCreateMessage::dataNotProvided();
    }

    /**
     * Returns message for simple text message.
     *
     * @return array
     */
    protected function textMessageToArray(): array
    {
        $message = [];
        $message['recipient'][$this->recipientType] = $this->recipient;
        $message['notification_type'] = $this->notificationType;
        $message['message']['text'] = $this->text;
        $message['messaging_type'] = $this->messagingType;

        if (filled($this->messageTag)) {
            $message['tag'] = $this->messageTag;
        }

        return $message;
    }

    /**
     * Returns message for attachment message.
     *
     * @return array
     */
    protected function attachmentMessageToArray(): array
    {
        $message = [];
        $message['recipient'][$this->recipientType] = $this->recipient;
        $message['notification_type'] = $this->notificationType;
        $message['message']['attachment']['type'] = $this->attachmentType;
        $message['message']['attachment']['payload']['url'] = $this->attachmentUrl;
        $message['messaging_type'] = $this->messagingType;

        if (filled($this->messageTag)) {
            $message['tag'] = $this->messageTag;
        }

        return $message;
    }

    /**
     * Returns message for Generic Template message.
     *
     * @return array
     */
    protected function genericMessageToArray(): array
    {
        $message = [];
        $message['recipient'][$this->recipientType] = $this->recipient;
        $message['notification_type'] = $this->notificationType;
        $message['message']['attachment']['type'] = 'template';
        $message['message']['attachment']['payload']['template_type'] = 'generic';
        $message['message']['attachment']['payload']['elements'] = $this->cards;
        $message['messaging_type'] = $this->messagingType;

        if (filled($this->messageTag)) {
            $message['tag'] = $this->messageTag;
        }

        return $message;
    }

    /**
     * Returns message for Button Template message.
     *
     * @return array
     */
    protected function buttonMessageToArray(): array
    {
        $message = [];
        $message['recipient'][$this->recipientType] = $this->recipient;
        $message['notification_type'] = $this->notificationType;
        $message['message']['attachment']['type'] = 'template';
        $message['message']['attachment']['payload']['template_type'] = 'button';
        $message['message']['attachment']['payload']['text'] = $this->text;
        $message['message']['attachment']['payload']['buttons'] = $this->buttons;
        $message['messaging_type'] = $this->messagingType;

        if (filled($this->messageTag)) {
            $message['tag'] = $this->messageTag;
        }

        return $message;
    }
}


GitHub Access Token became invalid

Issues (3)

Security Analysis no request data

src/FacebookMessage.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			namespace NotificationChannels\Facebook;
4
5			use JsonSerializable;
6			use NotificationChannels\Facebook\Enums\AttachmentType;
7			use NotificationChannels\Facebook\Enums\MessagingType;
8			use NotificationChannels\Facebook\Enums\NotificationType;
9			use NotificationChannels\Facebook\Enums\RecipientType;
10			use NotificationChannels\Facebook\Exceptions\CouldNotCreateMessage;
11			use NotificationChannels\Facebook\Traits\HasButtons;
12
13			/**
14			* Class FacebookMessage.
15			*/
16			class FacebookMessage implements JsonSerializable
17			{
18			use HasButtons;
19
20			/** @var string Recipient's ID. */
21			public $recipient;
22
23			/** @var string Recipient Type */
24			public $recipientType = RecipientType::ID;
25
26			/** @var string Notification Text. */
27			public $text;
28
29			/** @var string Notification Type */
30			public $notificationType = NotificationType::REGULAR;
31
32			/** @var string Messaging Type. Defaults to UPDATE */
33			protected $messagingType = MessagingType::UPDATE;
34
35			/** @var array Generic Template Cards (items) */
36			public $cards = [];
37
38			/** @var string Attachment Type. Defaults to File */
39			public $attachmentType = AttachmentType::FILE;
40
41			/** @var string Attachment URL */
42			public $attachmentUrl;
43
44			/** @var bool */
45			protected $hasAttachment = false;
46
47			/** @var bool */
48			protected $hasText = false;
49
50			/** @var string Message tag used with messaging type MESSAGE_TAG */
51			protected $messageTag;
52
53			/**
54			* @param string $text
55			*
56			* @throws CouldNotCreateMessage
57			* @return static
58			*/
59			public static function create(string $text = ''): self
60			{
61			return new static($text);
62			}
63
64			/**
65			* @param string $text
66			*
67			* @throws CouldNotCreateMessage
68			*/
69			public function __construct(string $text = '')
70			{
71			if ($text !== '') {
72			$this->text($text);
73			}
74			}
75
76			/**
77			* Recipient's PSID or Phone Number.
78			*
79			* The id must be an ID that was retrieved through the
80			* Messenger entry points or through the Messenger webhooks.
81			*
82			* @param string\|array $recipient ID of recipient or Phone number of the recipient with the format
83			* +1(212)555-2368
84			* @param string $type Recipient Type: id, user_ref, phone_number, post_id, comment_id.
85			*
86			* @return $this
87			*/
88			public function to($recipient, string $type = RecipientType::ID): self
89			{
90			if (is_array($recipient)) {
91			[$type, $recipient] = $recipient;
92			}
93
94			$this->recipient = $recipient;
			0 ignored issues – show Documentation Bug introduced 2019-10-10 15:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$recipient` can also be of type `array`. However, the property `$recipient` is declared as type `string`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
95			$this->recipientType = $type;
96
97			return $this;
98			}
99
100			/**
101			* Notification text.
102			*
103			* @param string $text
104			*
105			* @throws CouldNotCreateMessage
106			*
107			* @return $this
108			*/
109			public function text(string $text): self
110			{
111			if (mb_strlen($text) > 320) {
112			throw CouldNotCreateMessage::textTooLong();
113			}
114
115			$this->text = $text;
116			$this->hasText = true;
117
118			return $this;
119			}
120
121			/**
122			* Add Attachment.
123			*
124			* @param string $attachmentType
125			* @param string $url
126			*
127			* @throws CouldNotCreateMessage
128			*
129			* @return $this
130			*/
131			public function attach(string $attachmentType, string $url): self
132			{
133			$attachmentTypes = [
134			AttachmentType::FILE,
135			AttachmentType::IMAGE,
136			AttachmentType::VIDEO,
137			AttachmentType::AUDIO,
138			];
139
140			if (! in_array($attachmentType, $attachmentTypes, false)) {
141			throw CouldNotCreateMessage::invalidAttachmentType();
142			}
143
144			if (blank($url)) {
145			throw CouldNotCreateMessage::urlNotProvided();
146			}
147
148			$this->attachmentType = $attachmentType;
149			$this->attachmentUrl = $url;
150			$this->hasAttachment = true;
151
152			return $this;
153			}
154
155			/**
156			* Push notification type.
157			*
158			* @param string $notificationType Possible values: REGULAR, SILENT_PUSH, NO_PUSH
159			*
160			* @throws CouldNotCreateMessage
161			* @return $this
162			*/
163			public function notificationType(string $notificationType): self
164			{
165			$notificationTypes = [
166			NotificationType::REGULAR,
167			NotificationType::SILENT_PUSH,
168			NotificationType::NO_PUSH,
169			];
170
171			if (! in_array($notificationType, $notificationTypes, false)) {
172			throw CouldNotCreateMessage::invalidNotificationType();
173			}
174
175			$this->notificationType = $notificationType;
176
177			return $this;
178			}
179
180			/**
181			* Helper to set notification type as REGULAR.
182			*
183			* @return $this
184			*/
185			public function isTypeRegular(): self
186			{
187			$this->notificationType = NotificationType::REGULAR;
188
189			return $this;
190			}
191
192			/**
193			* Helper to set notification type as SILENT_PUSH.
194			*
195			* @return $this
196			*/
197			public function isTypeSilentPush(): self
198			{
199			$this->notificationType = NotificationType::SILENT_PUSH;
200
201			return $this;
202			}
203
204			/**
205			* Helper to set notification type as NO_PUSH.
206			*
207			* @return $this
208			*/
209			public function isTypeNoPush(): self
210			{
211			$this->notificationType = NotificationType::NO_PUSH;
212
213			return $this;
214			}
215
216			/**
217			* Helper to set messaging type as RESPONSE.
218			*
219			* @return $this
220			*/
221			public function isResponse(): self
222			{
223			$this->messagingType = MessagingType::RESPONSE;
224
225			return $this;
226			}
227
228			/**
229			* Helper to set messaging type as UPDATE.
230			*
231			* @return $this
232			*/
233			public function isUpdate(): self
234			{
235			$this->messagingType = MessagingType::UPDATE;
236
237			return $this;
238			}
239
240			/**
241			* Helper to set messaging type as MESSAGE_TAG.
242			*
243			* @param $messageTag
244			*
245			* @return $this
246			*/
247			public function isMessageTag($messageTag): self
248			{
249			$this->messagingType = MessagingType::MESSAGE_TAG;
250			$this->messageTag = $messageTag;
251
252			return $this;
253			}
254
255			/**
256			* Add up to 10 cards to be displayed in a carousel.
257			*
258			* @param array $cards
259			*
260			* @throws CouldNotCreateMessage
261			* @return $this
262			*/
263			public function cards(array $cards): self
264			{
265			if (count($cards) > 10) {
266			throw CouldNotCreateMessage::messageCardsLimitExceeded();
267			}
268
269			$this->cards = $cards;
270
271			return $this;
272			}
273
274			/**
275			* Determine if user id is not given.
276			*
277			* @return bool
278			*/
279			public function toNotGiven(): bool
280			{
281			return ! isset($this->recipient);
282			}
283
284			/**
285			* Convert the object into something JSON serializable.
286			*
287			* @throws CouldNotCreateMessage
288			* @return mixed
289			*/
290			public function jsonSerialize()
291			{
292			return $this->toArray();
293			}
294
295			/**
296			* Returns message payload for JSON conversion.
297			*
298			* @throws CouldNotCreateMessage
299			* @return array
300			*/
301			public function toArray(): array
302			{
303			if ($this->hasAttachment) {
304			return $this->attachmentMessageToArray();
305			}
306
307			if ($this->hasText) {
308			// check if it has buttons
309			if (count($this->buttons) > 0) {
310			return $this->buttonMessageToArray();
311			}
312
313			return $this->textMessageToArray();
314			}
315
316			if (count($this->cards) > 0) {
317			return $this->genericMessageToArray();
318			}
319
320			throw CouldNotCreateMessage::dataNotProvided();
321			}
322
323			/**
324			* Returns message for simple text message.
325			*
326			* @return array
327			*/
328			protected function textMessageToArray(): array
329			{
330			$message = [];
331			$message['recipient'][$this->recipientType] = $this->recipient;
332			$message['notification_type'] = $this->notificationType;
333			$message['message']['text'] = $this->text;
334			$message['messaging_type'] = $this->messagingType;
335
336			if (filled($this->messageTag)) {
337			$message['tag'] = $this->messageTag;
338			}
339
340			return $message;
341			}
342
343			/**
344			* Returns message for attachment message.
345			*
346			* @return array
347			*/
348			protected function attachmentMessageToArray(): array
349			{
350			$message = [];
351			$message['recipient'][$this->recipientType] = $this->recipient;
352			$message['notification_type'] = $this->notificationType;
353			$message['message']['attachment']['type'] = $this->attachmentType;
354			$message['message']['attachment']['payload']['url'] = $this->attachmentUrl;
355			$message['messaging_type'] = $this->messagingType;
356
357			if (filled($this->messageTag)) {
358			$message['tag'] = $this->messageTag;
359			}
360
361			return $message;
362			}
363
364			/**
365			* Returns message for Generic Template message.
366			*
367			* @return array
368			*/
369			protected function genericMessageToArray(): array
370			{
371			$message = [];
372			$message['recipient'][$this->recipientType] = $this->recipient;
373			$message['notification_type'] = $this->notificationType;
374			$message['message']['attachment']['type'] = 'template';
375			$message['message']['attachment']['payload']['template_type'] = 'generic';
376			$message['message']['attachment']['payload']['elements'] = $this->cards;
377			$message['messaging_type'] = $this->messagingType;
378
379			if (filled($this->messageTag)) {
380			$message['tag'] = $this->messageTag;
381			}
382
383			return $message;
384			}
385
386			/**
387			* Returns message for Button Template message.
388			*
389			* @return array
390			*/
391			protected function buttonMessageToArray(): array
392			{
393			$message = [];
394			$message['recipient'][$this->recipientType] = $this->recipient;
395			$message['notification_type'] = $this->notificationType;
396			$message['message']['attachment']['type'] = 'template';
397			$message['message']['attachment']['payload']['template_type'] = 'button';
398			$message['message']['attachment']['payload']['text'] = $this->text;
399			$message['message']['attachment']['payload']['buttons'] = $this->buttons;
400			$message['messaging_type'] = $this->messagingType;
401
402			if (filled($this->messageTag)) {
403			$message['tag'] = $this->messageTag;
404			}
405
406			return $message;
407			}
408			}
409

laravel-notification-channels / facebook

GitHub Access Token became invalid

Issues (3)

Security Analysis no request data

src/FacebookMessage.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like