Issues in Card.php (master) - Issues in master - laravel-notification-channels/hipchat - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Card.php (3 issues)

Labels

Duplication 3

Severity

Informational 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace NotificationChannels\HipChat;

use Closure;
use InvalidArgumentException;

class Card
{
    /**
     * An id that will help HipChat recognise the same card when it is sent multiple times.
     *
     * @var string
     */
    public $id;

    /**
     * The title of the card.
     * Valid length range: 1 - 500.
     *
     * @var string
     */
    public $title = '';

    /**
     * Style of the card.
     * Valid values: file, image, application, link, media.
     *
     * @var string
     */
    public $style = CardStyles::APPLICATION;

    /**
     * The description in the specific format.
     * Valid length range: 1 - 1000.
     *
     * @var string
     */
    public $content = '';

    /**
     * The format that can be html or text.
     *
     * @var string
     */
    public $format = 'text';

    /**
     * Application cards can be compact (1 to 2 lines) or medium (1 to 5 lines).
     *
     * @var string
     */
    public $cardFormat;

    /**
     * The url where the card will open.
     *
     * @var string
     */
    public $url = '';

    /**
     * The thumbnail url. Valid length range: 1 - 250.
     *
     * @var string
     */
    public $thumbnail;

    /**
     * The thumbnail url in retina. Valid length range: 1 - 250.
     *
     * @var string
     */
    public $thumbnail2;

    /**
     * The original width of the image.
     *
     * @var int
     */
    public $thumbnailWidth;

    /**
     * The original height of the image.
     *
     * @var int
     */
    public $thumbnailHeight;

    /**
     * Html for the activity to show in one line a summary of the action that happened.
     *
     * @var string
     */
    public $activity;

    /**
     * The activity icon url.
     *
     * @var string
     */
    public $activityIcon;

    /**
     * The activity icon url in retina.
     *
     * @var string
     */
    public $activityIcon2;

    /**
     * The icon url.
     *
     * @var string
     */
    public $icon;

    /**
     * The icon url in retina.
     *
     * @var string
     */
    public $icon2;

    /**
     * List of attributes to show below the card. Sample {label}:{value.icon} {value.label}.
     *
     * @var CardAttribute[]
     */
    public $attributes = [];

    /**
     * Create a new Card instance.
     *
     * @param string $title
     * @param string $id
     */
    public function __construct($title = '', $id = '')
    {
        $this->title($title);
        $this->id(str_empty($id) ? str_random() : $id);
    }

    /**
     * Create a new Card instance.
     *
     * @param string $title
     * @param string $id
     * @return static
     */
    public static function create($title = '', $id = '')
    {
        return new static($title, $id);
    }

    /**
     * Sets the title of the card.
     *
     * @param string $title
     * @return $this
     */
    public function title($title)
    {
        $this->title = trim($title);

        return $this;
    }

    /**
     * Sets the id of the card.
     *
     * @param $id
     * @return $this
     */
    public function id($id)
    {
        $this->id = trim($id);

        return $this;
    }

    /**
     * Sets the style of the card.
     *
     * @param $style
     * @return $this
     */
    public function style($style)
    {
        $this->style = $style;

        return $this;
    }

    /**
     * Sets the content of the card.
     *
     * @param $content
     * @return $this
     */
    public function content($content)
    {
        $this->content = trim($content);

        return $this;
    }

    /**
     * Sets the format to plain text and optionally the content.
     *
     * @param string $content
     * @return $this
     */
    public function text($content = '')
    {
        $this->format = 'text';

        if (! str_empty($content)) {
            $this->content($content);
        }

        return $this;
    }

    /**
     * Sets the format to html and optionally the content.
     *
     * @param string $content
     * @return $this
     */
    public function html($content = '')
    {
        $this->format = 'html';

        if (! str_empty($content)) {
            $this->content($content);
        }

        return $this;
    }

    /**
     * Sets the format of the card.
     *
     * @param $cardFormat
     * @return $this
     */
    public function cardFormat($cardFormat)
    {
        $this->cardFormat = trim($cardFormat);

        return $this;
    }

    /**
     * Sets the url of the card.
     *
     * @param $url
     * @return $this
     */
    public function url($url)
    {
        $this->url = trim($url);

        return $this;
    }

    /**
     * Sets the thumbnail of the card.
     *
     * @param string $icon
     * @param string|null $icon2
     * @param int|null $width
     * @param int|null $height
     * @return $this
     */
    public function thumbnail($icon, $icon2 = null, $width = null, $height = null)
    {
        $this->thumbnail = trim($icon);

        if (! str_empty($icon2)) {
            $this->thumbnail2 = trim($icon2);
        }

        if (! is_null($width)) {
            $this->thumbnailWidth = $width;
        }

        if (! is_null($height)) {
            $this->thumbnailHeight = $height;
        }

        return $this;
    }

    /**
     * Sets the activity of the card.
     *
     * @param string $html
     * @param string|null $icon
     * @param string|null $icon2
     * @return $this
     */
    public function activity($html, $icon = null, $icon2 = null)
    {
        $this->activity = trim($html);

        if (! str_empty($icon)) {
            $this->activityIcon = trim($icon);
        }

        if (! str_empty($icon2)) {
            $this->activityIcon2 = trim($icon2);
        }

        return $this;
    }

    /**
     * Sets the icon of the card.
     *
     * @param string $icon
     * @param string|null $icon2
     * @return $this
     */
    public function icon($icon, $icon2 = null)

    {
        $this->icon = trim($icon);

        if (! str_empty($icon2)) {
            $this->icon2 = trim($icon2);
        }

        return $this;
    }

    /**
     * Adds a CardAttribute to the card.
     *
     * @param CardAttribute|Closure $attribute
     * @return $this
     */
    public function addAttribute($attribute)

    {
        if ($attribute instanceof CardAttribute) {
            $this->attributes[] = $attribute;

            return $this;
        }

        if ($attribute instanceof Closure) {
            $attribute($new = new CardAttribute());
            $this->attributes[] = $new;

            return $this;
        }

        throw new InvalidArgumentException(
            'Invalid attribute type. Expected '.CardAttribute::class.' or '.Closure::class.'.'
        );
    }

    /**
     * Get an array representation of the Card.
     *
     * @return array
     */
    public function toArray()
    {
        $card = str_array_filter([
            'id' => $this->id,
            'style' => $this->style,
            'format' => $this->cardFormat,
            'title' => $this->title,
            'url' => $this->url,
        ]);

        if (! str_empty($this->content)) {
            $card['description'] = [
                'value' => $this->content,
                'format' => $this->format,
            ];
        }

        if (! str_empty($this->thumbnail)) {
            $card['thumbnail'] = str_array_filter([
                'url' => $this->thumbnail,
                'url@2x' => $this->thumbnail2,
                'width' => $this->thumbnailWidth,
                'height' => $this->thumbnailHeight,
            ]);
        }

        if (! str_empty($this->activity)) {
            $card['activity'] = str_array_filter([
                'html' => $this->activity,
                'icon' => str_array_filter([
                    'url' => $this->activityIcon,
                    'url@2x' => $this->activityIcon2,
                ]),
            ]);
        }

        if (! str_empty($this->icon)) {

            $card['icon'] = str_array_filter([
                'url' => $this->icon,
                'url@2x' => $this->icon2,
            ]);
        }

        if (! empty($this->attributes)) {
            $card['attributes'] = array_map(function (CardAttribute $attribute) {
                return $attribute->toArray();
            }, $this->attributes);
        }

        return $card;
    }
}


1			<?php
2
3			namespace NotificationChannels\HipChat;
4
5			use Closure;
6			use InvalidArgumentException;
7
8			class Card
9			{
10			/**
11			* An id that will help HipChat recognise the same card when it is sent multiple times.
12			*
13			* @var string
14			*/
15			public $id;
16
17			/**
18			* The title of the card.
19			* Valid length range: 1 - 500.
20			*
21			* @var string
22			*/
23			public $title = '';
24
25			/**
26			* Style of the card.
27			* Valid values: file, image, application, link, media.
28			*
29			* @var string
30			*/
31			public $style = CardStyles::APPLICATION;
32
33			/**
34			* The description in the specific format.
35			* Valid length range: 1 - 1000.
36			*
37			* @var string
38			*/
39			public $content = '';
40
41			/**
42			* The format that can be html or text.
43			*
44			* @var string
45			*/
46			public $format = 'text';
47
48			/**
49			* Application cards can be compact (1 to 2 lines) or medium (1 to 5 lines).
50			*
51			* @var string
52			*/
53			public $cardFormat;
54
55			/**
56			* The url where the card will open.
57			*
58			* @var string
59			*/
60			public $url = '';
61
62			/**
63			* The thumbnail url. Valid length range: 1 - 250.
64			*
65			* @var string
66			*/
67			public $thumbnail;
68
69			/**
70			* The thumbnail url in retina. Valid length range: 1 - 250.
71			*
72			* @var string
73			*/
74			public $thumbnail2;
75
76			/**
77			* The original width of the image.
78			*
79			* @var int
80			*/
81			public $thumbnailWidth;
82
83			/**
84			* The original height of the image.
85			*
86			* @var int
87			*/
88			public $thumbnailHeight;
89
90			/**
91			* Html for the activity to show in one line a summary of the action that happened.
92			*
93			* @var string
94			*/
95			public $activity;
96
97			/**
98			* The activity icon url.
99			*
100			* @var string
101			*/
102			public $activityIcon;
103
104			/**
105			* The activity icon url in retina.
106			*
107			* @var string
108			*/
109			public $activityIcon2;
110
111			/**
112			* The icon url.
113			*
114			* @var string
115			*/
116			public $icon;
117
118			/**
119			* The icon url in retina.
120			*
121			* @var string
122			*/
123			public $icon2;
124
125			/**
126			* List of attributes to show below the card. Sample {label}:{value.icon} {value.label}.
127			*
128			* @var CardAttribute[]
129			*/
130			public $attributes = [];
131
132			/**
133			* Create a new Card instance.
134			*
135			* @param string $title
136			* @param string $id
137			*/
138	23		public function __construct($title = '', $id = '')
139			{
140	23		$this->title($title);
141	23		$this->id(str_empty($id) ? str_random() : $id);
142	23		}
143
144			/**
145			* Create a new Card instance.
146			*
147			* @param string $title
148			* @param string $id
149			* @return static
150			*/
151	21		public static function create($title = '', $id = '')
152			{
153	21		return new static($title, $id);
154			}
155
156			/**
157			* Sets the title of the card.
158			*
159			* @param string $title
160			* @return $this
161			*/
162	23		public function title($title)
163			{
164	23		$this->title = trim($title);
165
166	23		return $this;
167			}
168
169			/**
170			* Sets the id of the card.
171			*
172			* @param $id
173			* @return $this
174			*/
175	23		public function id($id)
176			{
177	23		$this->id = trim($id);
178
179	23		return $this;
180			}
181
182			/**
183			* Sets the style of the card.
184			*
185			* @param $style
186			* @return $this
187			*/
188	4		public function style($style)
189			{
190	4		$this->style = $style;
191
192	4		return $this;
193			}
194
195			/**
196			* Sets the content of the card.
197			*
198			* @param $content
199			* @return $this
200			*/
201	9		public function content($content)
202			{
203	9		$this->content = trim($content);
204
205	9		return $this;
206			}
207
208			/**
209			* Sets the format to plain text and optionally the content.
210			*
211			* @param string $content
212			* @return $this
213			*/
214	6		public function text($content = '')
215			{
216	6		$this->format = 'text';
217
218	6		if (! str_empty($content)) {
219	5		$this->content($content);
220			}
221
222	6		return $this;
223			}
224
225			/**
226			* Sets the format to html and optionally the content.
227			*
228			* @param string $content
229			* @return $this
230			*/
231	2		public function html($content = '')
232			{
233	2		$this->format = 'html';
234
235	2		if (! str_empty($content)) {
236	1		$this->content($content);
237			}
238
239	2		return $this;
240			}
241
242			/**
243			* Sets the format of the card.
244			*
245			* @param $cardFormat
246			* @return $this
247			*/
248	2		public function cardFormat($cardFormat)
249			{
250	2		$this->cardFormat = trim($cardFormat);
251
252	2		return $this;
253			}
254
255			/**
256			* Sets the url of the card.
257			*
258			* @param $url
259			* @return $this
260			*/
261	2		public function url($url)
262			{
263	2		$this->url = trim($url);
264
265	2		return $this;
266			}
267
268			/**
269			* Sets the thumbnail of the card.
270			*
271			* @param string $icon
272			* @param string\|null $icon2
273			* @param int\|null $width
274			* @param int\|null $height
275			* @return $this
276			*/
277	2		public function thumbnail($icon, $icon2 = null, $width = null, $height = null)
278			{
279	2		$this->thumbnail = trim($icon);
280
281	2		if (! str_empty($icon2)) {
282	2		$this->thumbnail2 = trim($icon2);
283			}
284
285	2		if (! is_null($width)) {
286	2		$this->thumbnailWidth = $width;
287			}
288
289	2		if (! is_null($height)) {
290	2		$this->thumbnailHeight = $height;
291			}
292
293	2		return $this;
294			}
295
296			/**
297			* Sets the activity of the card.
298			*
299			* @param string $html
300			* @param string\|null $icon
301			* @param string\|null $icon2
302			* @return $this
303			*/
304	2		public function activity($html, $icon = null, $icon2 = null)
305			{
306	2		$this->activity = trim($html);
307
308	2		if (! str_empty($icon)) {
309	2		$this->activityIcon = trim($icon);
310			}
311
312	2		if (! str_empty($icon2)) {
313	2		$this->activityIcon2 = trim($icon2);
314			}
315
316	2		return $this;
317			}
318
319			/**
320			* Sets the icon of the card.
321			*
322			* @param string $icon
323			* @param string\|null $icon2
324			* @return $this
325			*/
326	1	View Code Duplication	public function icon($icon, $icon2 = null)
			0 ignored issues – show Duplication introduced 2017-09-02 11:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
327			{
328	1		$this->icon = trim($icon);
329
330	1		if (! str_empty($icon2)) {
331	1		$this->icon2 = trim($icon2);
332			}
333
334	1		return $this;
335			}
336
337			/**
338			* Adds a CardAttribute to the card.
339			*
340			* @param CardAttribute\|Closure $attribute
341			* @return $this
342			*/
343	3	View Code Duplication	public function addAttribute($attribute)
			0 ignored issues – show Duplication introduced 2017-09-02 11:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
344			{
345	3		if ($attribute instanceof CardAttribute) {
346	2		$this->attributes[] = $attribute;
347
348	2		return $this;
349			}
350
351	1		if ($attribute instanceof Closure) {
352	1		$attribute($new = new CardAttribute());
353	1		$this->attributes[] = $new;
354
355	1		return $this;
356			}
357
358			throw new InvalidArgumentException(
359			'Invalid attribute type. Expected '.CardAttribute::class.' or '.Closure::class.'.'
360			);
361			}
362
363			/**
364			* Get an array representation of the Card.
365			*
366			* @return array
367			*/
368	5		public function toArray()
369			{
370	5		$card = str_array_filter([
371	5		'id' => $this->id,
372	5		'style' => $this->style,
373	5		'format' => $this->cardFormat,
374	5		'title' => $this->title,
375	5		'url' => $this->url,
376			]);
377
378	5		if (! str_empty($this->content)) {
379	4		$card['description'] = [
380	4		'value' => $this->content,
381	4		'format' => $this->format,
382			];
383			}
384
385	5		if (! str_empty($this->thumbnail)) {
386	1		$card['thumbnail'] = str_array_filter([
387	1		'url' => $this->thumbnail,
388	1		'url@2x' => $this->thumbnail2,
389	1		'width' => $this->thumbnailWidth,
390	1		'height' => $this->thumbnailHeight,
391			]);
392			}
393
394	5		if (! str_empty($this->activity)) {
395	1		$card['activity'] = str_array_filter([
396	1		'html' => $this->activity,
397	1		'icon' => str_array_filter([
398	1		'url' => $this->activityIcon,
399	1		'url@2x' => $this->activityIcon2,
400			]),
401			]);
402			}
403
404	5	View Code Duplication	if (! str_empty($this->icon)) {
			0 ignored issues – show Duplication introduced 2018-07-06 17:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
405	1		$card['icon'] = str_array_filter([
406	1		'url' => $this->icon,
407	1		'url@2x' => $this->icon2,
408			]);
409			}
410
411	5		if (! empty($this->attributes)) {
412	1		$card['attributes'] = array_map(function (CardAttribute $attribute) {
413	1		return $attribute->toArray();
414	1		}, $this->attributes);
415			}
416
417			return $card;
418			}
419			}
420

laravel-notification-channels / hipchat

Issues (10)

Security Analysis no request data

src/Card.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like