Issues in HipChatMessage.php (master) - Issues in master - laravel-notification-channels/hipchat - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/HipChatMessage.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace NotificationChannels\HipChat;

use Closure;
use InvalidArgumentException;

class HipChatMessage
{
    /**
     * The HipChat room identifier.
     *
     * @var string
     */
    public $room = '';

    /**
     * A label to be shown in addition to the sender's name.
     *
     * @var string
     */
    public $from = '';

    /**
     * The format of the notification (text, html).
     *
     * @var string
     */
    public $format = 'text';

    /**
     * Should a message trigger a user notification in a HipChat client.
     *
     * @var bool
     */
    public $notify = false;

    /**
     * The "level" of the notification (info, success, error).
     *
     * @var string
     */
    public $level = 'info';

    /**
     * The color of the notification (yellow, green, red, purple, gray, random).
     *
     * @var string
     */
    public $color = 'gray';

    /**
     * The text content of the message.
     *
     * @var string
     */
    public $content = '';

    /**
     * An instance of Card object.
     *
     * @var Card
     */
    public $card;

    /**
     * The message id to to attach this notification to, for example if this notification is
     * in response to a particular message. For supported clients, this will display the
     * notification in the context of the referenced message specified by attach_to parameter.
     * If this is not possible to attach the notification, it will be rendered as an unattached
     * notification. The message must be in the same room as that the notification is sent to.
     *
     * @var string
     */
    public $attachTo;

    /**
     * Create a new instance of HipChatMessage.
     *
     * @param string $content
     * @return static
     */
    public static function create($content = '')
    {
        return new static($content);
    }

    /**
     * Create a new instance of HipChatMessage.
     *
     * @param $content
     */
    public function __construct($content = '')
    {
        $this->content($content);
    }

    /**
     * Set the HipChat room to send message to.
     *
     * @param int|string $room
     * @return $this
     */
    public function room($room)
    {
        $this->room = $room;
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}

        return $this;
    }

    /**
     * Indicate that the notification gives general information.
     *
     * @return $this
     */
    public function info()
    {
        $this->level = 'info';
        $this->color = 'gray';

        return $this;
    }

    /**
     * Indicate that the notification gives information about a successful operation.
     *
     * @return $this
     */
    public function success()
    {
        $this->level = 'success';
        $this->color = 'green';

        return $this;
    }

    /**
     * Indicate that the notification gives information about an error.
     *
     * @return $this
     */
    public function error()
    {
        $this->level = 'error';
        $this->color = 'red';

        return $this;
    }

    /**
     * Set the from label of the HipChat message.
     *
     * @param  string  $from
     * @return $this
     */
    public function from($from)
    {
        $this->from = trim($from);

        return $this;
    }

    /**
     * Set HTML format and optionally the content.
     *
     * @param string $content
     * @return $this
     */
    public function html($content = '')
    {
        $this->format = 'html';

        if (! str_empty($content)) {
            $this->content($content);
        }

        return $this;
    }

    /**
     * Set text format and optionally the content.
     *
     * @param string $content
     * @return $this
     */
    public function text($content = '')
    {
        $this->format = 'text';

        if (! str_empty($content)) {
            $this->content($content);
        }

        return $this;
    }

    /**
     * Should a message trigger a user notification in a HipChat client.
     *
     * @param  bool  $notify
     * @return $this
     */
    public function notify($notify = true)
    {
        $this->notify = $notify;

        return $this;
    }

    /**
     * Set the content of the message.
     * Allowed HTML tags: a, b, i, strong, em, br, img, pre, code, lists, tables.
     *
     * @param  string  $content
     * @return $this
     */
    public function content($content)
    {
        $this->content = trim($content);

        return $this;
    }

    /**
     * Set the color for the message.
     * Allowed values: yellow, green, red, purple, gray, random.
     *
     * @param $color
     * @return string
     */
    public function color($color)
    {
        $this->color = $color;

        return $this;
    }

    /**
     * Sets the Card.
     *
     * @param Card|Closure|null $card
     * @return $this
     */
    public function card($card)

    {
        if ($card instanceof Card) {
            $this->card = $card;

            return $this;
        }

        if ($card instanceof Closure) {
            $card($new = new Card());
            $this->card = $new;

            return $this;
        }

        throw new InvalidArgumentException(
            'Invalid Card type. Expected '.Card::class.' or '.Closure::class.'.'
        );
    }

    /**
     * Sets the id of the "parent" message to attach this notification to.
     *
     * @param $id
     * @return $this
     */
    public function attachTo($id)
    {
        $this->attachTo = trim($id);

        return $this;
    }

    /**
     * Get an array representation of the HipChatMessage.
     *
     * @return array
     */
    public function toArray()
    {
        $message = str_array_filter([
            'from' => $this->from,
            'message_format' => $this->format,
            'color' => $this->color,
            'notify' => $this->notify,
            'message' => $this->content,
            'attach_to' => $this->attachTo,
        ]);

        if (! is_null($this->card)) {
            $message['card'] = $this->card->toArray();
        }

        return $message;
    }
}


1			<?php
2
3			namespace NotificationChannels\HipChat;
4
5			use Closure;
6			use InvalidArgumentException;
7
8			class HipChatMessage
9			{
10			/**
11			* The HipChat room identifier.
12			*
13			* @var string
14			*/
15			public $room = '';
16
17			/**
18			* A label to be shown in addition to the sender's name.
19			*
20			* @var string
21			*/
22			public $from = '';
23
24			/**
25			* The format of the notification (text, html).
26			*
27			* @var string
28			*/
29			public $format = 'text';
30
31			/**
32			* Should a message trigger a user notification in a HipChat client.
33			*
34			* @var bool
35			*/
36			public $notify = false;
37
38			/**
39			* The "level" of the notification (info, success, error).
40			*
41			* @var string
42			*/
43			public $level = 'info';
44
45			/**
46			* The color of the notification (yellow, green, red, purple, gray, random).
47			*
48			* @var string
49			*/
50			public $color = 'gray';
51
52			/**
53			* The text content of the message.
54			*
55			* @var string
56			*/
57			public $content = '';
58
59			/**
60			* An instance of Card object.
61			*
62			* @var Card
63			*/
64			public $card;
65
66			/**
67			* The message id to to attach this notification to, for example if this notification is
68			* in response to a particular message. For supported clients, this will display the
69			* notification in the context of the referenced message specified by attach_to parameter.
70			* If this is not possible to attach the notification, it will be rendered as an unattached
71			* notification. The message must be in the same room as that the notification is sent to.
72			*
73			* @var string
74			*/
75			public $attachTo;
76
77			/**
78			* Create a new instance of HipChatMessage.
79			*
80			* @param string $content
81			* @return static
82			*/
83	22		public static function create($content = '')
84			{
85	22		return new static($content);
86			}
87
88			/**
89			* Create a new instance of HipChatMessage.
90			*
91			* @param $content
92			*/
93	25		public function __construct($content = '')
94			{
95	25		$this->content($content);
96	25		}
97
98			/**
99			* Set the HipChat room to send message to.
100			*
101			* @param int\|string $room
102			* @return $this
103			*/
104	1		public function room($room)
105			{
106	1		$this->room = $room;
			0 ignored issues – show Documentation Bug introduced 2016-08-22 20:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$room` can also be of type `integer`. However, the property `$room` is declared as type `string`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
107
108	1		return $this;
109			}
110
111			/**
112			* Indicate that the notification gives general information.
113			*
114			* @return $this
115			*/
116	1		public function info()
117			{
118	1		$this->level = 'info';
119	1		$this->color = 'gray';
120
121	1		return $this;
122			}
123
124			/**
125			* Indicate that the notification gives information about a successful operation.
126			*
127			* @return $this
128			*/
129	1		public function success()
130			{
131	1		$this->level = 'success';
132	1		$this->color = 'green';
133
134	1		return $this;
135			}
136
137			/**
138			* Indicate that the notification gives information about an error.
139			*
140			* @return $this
141			*/
142	2		public function error()
143			{
144	2		$this->level = 'error';
145	2		$this->color = 'red';
146
147	2		return $this;
148			}
149
150			/**
151			* Set the from label of the HipChat message.
152			*
153			* @param string $from
154			* @return $this
155			*/
156	3		public function from($from)
157			{
158	3		$this->from = trim($from);
159
160	3		return $this;
161			}
162
163			/**
164			* Set HTML format and optionally the content.
165			*
166			* @param string $content
167			* @return $this
168			*/
169	3		public function html($content = '')
170			{
171	3		$this->format = 'html';
172
173	3		if (! str_empty($content)) {
174	2		$this->content($content);
175			}
176
177	3		return $this;
178			}
179
180			/**
181			* Set text format and optionally the content.
182			*
183			* @param string $content
184			* @return $this
185			*/
186	3		public function text($content = '')
187			{
188	3		$this->format = 'text';
189
190	3		if (! str_empty($content)) {
191	2		$this->content($content);
192			}
193
194	3		return $this;
195			}
196
197			/**
198			* Should a message trigger a user notification in a HipChat client.
199			*
200			* @param bool $notify
201			* @return $this
202			*/
203	2		public function notify($notify = true)
204			{
205	2		$this->notify = $notify;
206
207	2		return $this;
208			}
209
210			/**
211			* Set the content of the message.
212			* Allowed HTML tags: a, b, i, strong, em, br, img, pre, code, lists, tables.
213			*
214			* @param string $content
215			* @return $this
216			*/
217	25		public function content($content)
218			{
219	25		$this->content = trim($content);
220
221	25		return $this;
222			}
223
224			/**
225			* Set the color for the message.
226			* Allowed values: yellow, green, red, purple, gray, random.
227			*
228			* @param $color
229			* @return string
230			*/
231	1		public function color($color)
232			{
233	1		$this->color = $color;
234
235	1		return $this;
236			}
237
238			/**
239			* Sets the Card.
240			*
241			* @param Card\|Closure\|null $card
242			* @return $this
243			*/
244	3	View Code Duplication	public function card($card)
			0 ignored issues – show Duplication introduced 2017-09-02 11:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
245			{
246	3		if ($card instanceof Card) {
247	2		$this->card = $card;
248
249	2		return $this;
250			}
251
252	1		if ($card instanceof Closure) {
253	1		$card($new = new Card());
254	1		$this->card = $new;
255
256	1		return $this;
257			}
258
259			throw new InvalidArgumentException(
260			'Invalid Card type. Expected '.Card::class.' or '.Closure::class.'.'
261			);
262			}
263
264			/**
265			* Sets the id of the "parent" message to attach this notification to.
266			*
267			* @param $id
268			* @return $this
269			*/
270	3		public function attachTo($id)
271			{
272	3		$this->attachTo = trim($id);
273
274	3		return $this;
275			}
276
277			/**
278			* Get an array representation of the HipChatMessage.
279			*
280			* @return array
281			*/
282	4		public function toArray()
283			{
284	4		$message = str_array_filter([
285	4		'from' => $this->from,
286	4		'message_format' => $this->format,
287	4		'color' => $this->color,
288	4		'notify' => $this->notify,
289	4		'message' => $this->content,
290	4		'attach_to' => $this->attachTo,
291			]);
292
293	4		if (! is_null($this->card)) {
294	1		$message['card'] = $this->card->toArray();
295			}
296
297	4		return $message;
298			}
299			}
300

laravel-notification-channels / hipchat

Issues (10)

Security Analysis no request data

src/HipChatMessage.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like