Issues in PushoverMessage.php (master) - Issues in master - laravel-notification-channels/pushover - Measure and Improve Code Quality continuously with Scrutinizer

Issues (7)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/PushoverMessage.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace NotificationChannels\Pushover;

use Carbon\Carbon;
use NotificationChannels\Pushover\Exceptions\EmergencyNotificationRequiresRetryAndExpire;

class PushoverMessage
{
    /**
     * The text content of the message.
     *
     * @var string
     */
    public $content;

    /**
     * The format of the message.
     *
     * Either "plain", "html" or "monospace".
     *
     * @var string
     */
    public $format = self::FORMAT_PLAIN;

    /**
     * The (optional) title of the message.
     *
     * @var string
     */
    public $title;

    /**
     * The (optional) timestamp of the message.
     *
     * @var int
     */
    public $timestamp;

    /**
     * The (optional) priority of the message.
     *
     * @var int
     */
    public $priority;

    /**
     * The (optional) timeout between retries when sending a message
     * with an emergency priority. The timeout is in seconds.
     *
     * @var int
     */
    public $retry;

    /**
     * The (optional) expire time of a message with an emergency priority.
     * The expire time is in seconds.
     *
     * @var int
     */
    public $expire;

    /**
     * The (optional) supplementary url of the message.
     *
     * @var string
     */
    public $url;

    /**
     * The (optional) supplementary url title of the message.
     *
     * @var string
     */
    public $urlTitle;

    /**
     * The (optional) sound of the message.
     *
     * @var string
     */
    public $sound;

    /**
     * Message formats.
     */
    const FORMAT_PLAIN = 0;
    const FORMAT_HTML = 1;
    const FORMAT_MONOSPACE = 2;

    /**
     * Message priorities.
     */
    const LOWEST_PRIORITY = -2;
    const LOW_PRIORITY = -1;
    const NORMAL_PRIORITY = 0;
    const HIGH_PRIORITY = 1;
    const EMERGENCY_PRIORITY = 2;

    /**
     * @param  string $content
     *
     * @return static
     */
    public static function create($content = '')
    {
        return new static($content);
    }

    /**
     * @param  string  $content
     */
    public function __construct($content = '')
    {
        $this->content = $content;
    }

    /**
     * Set the content of the Pushover message.
     *
     * @param  string  $content
     * @return $this
     */
    public function content($content)
    {
        $this->content = $content;

        return $this;
    }

    /**
     * Set the formatting type to plain text.
     *
     * @return $this
     */
    public function plain()
    {
        $this->format = static::FORMAT_PLAIN;
$answer = 42;

$correct = false;

$correct = (bool) $answer;

        return $this;
    }

    /**
     * Set the formatting type to HTML.
     *
     * @return $this
     */
    public function html()
    {
        $this->format = static::FORMAT_HTML;
$answer = 42;

$correct = false;

$correct = (bool) $answer;

        return $this;
    }

    /**
     * Set the formatting type to monospace.
     *
     * @return $this
     */
    public function monospace()
    {
        $this->format = self::FORMAT_MONOSPACE;
$answer = 42;

$correct = false;

$correct = (bool) $answer;

        return $this;
    }

    /**
     * Set the title of the Pushover message.
     *
     * @param  string  $title
     * @return $this
     */
    public function title($title)
    {
        $this->title = $title;

        return $this;
    }

    /**
     * Set the time of the Pushover message.
     *
     * @param  Carbon|int  $time
     * @return $this
     */
    public function time($time)
    {
        if ($time instanceof Carbon) {
            $time = $time->timestamp;
        }

        $this->timestamp = $time;

        return $this;
    }

    /**
     * Set a supplementary url for the Pushover message.
     *
     * @param  string $url
     * @param  string $title
     * @return $this
     */
    public function url($url, $title = null)
    {
        $this->url = $url;
        $this->urlTitle = $title;

        return $this;
    }

    /**
     * Set the sound of the Pushover message.
     *
     * @param  string  $sound
     * @return $this
     */
    public function sound($sound)
    {
        $this->sound = $sound;

        return $this;
    }

    /**
     * Set the priority of the Pushover message.
     * Retry and expire are mandatory when setting the priority to emergency.
     *
     * @param  int  $priority
     * @param  int  $retryTimeout
     * @param  int  $expireAfter
     * @return $this
     */
    public function priority($priority, $retryTimeout = null, $expireAfter = null)
    {
        $this->noEmergencyWithoutRetryOrExpire($priority, $retryTimeout, $expireAfter);

        $this->priority = $priority;
        $this->retry = $retryTimeout;
        $this->expire = $expireAfter;

        return $this;
    }

    /**
     * Set the priority of the Pushover message to the lowest priority.
     *
     * @return $this
     */
    public function lowestPriority()
    {
        return $this->priority(self::LOWEST_PRIORITY);
    }

    /**
     * Set the priority of the Pushover message to low.
     *
     * @return $this
     */
    public function lowPriority()
    {
        return $this->priority(self::LOW_PRIORITY);
    }

    /**
     * Set the priority of the Pushover message to normal.
     *
     * @return $this
     */
    public function normalPriority()
    {
        return $this->priority(self::NORMAL_PRIORITY);
    }

    /**
     * Set the priority of the Pushover message to high.
     *
     * @return $this
     */
    public function highPriority()
    {
        return $this->priority(self::HIGH_PRIORITY);
    }

    /**
     * Set the priority of the Pushover message to emergency.
     * Retry and expire are mandatory when setting the priority to emergency.
     *
     * @param  int  $retryTimeout
     * @param  int  $expireAfter
     * @return $this
     */
    public function emergencyPriority($retryTimeout, $expireAfter)
    {
        return $this->priority(self::EMERGENCY_PRIORITY, $retryTimeout, $expireAfter);
    }

    /**
     * Array representation of Pushover Message.
     *
     * @return array
     */
    public function toArray()
    {
        return [
            'message' => $this->content,
            'title' => $this->title,
            'timestamp' => $this->timestamp,
            'priority' => $this->priority,
            'url' => $this->url,
            'url_title' => $this->urlTitle,
            'sound' => $this->sound,
            'retry' => $this->retry,
            'expire' => $this->expire,
            'html' => $this->format === static::FORMAT_HTML,

            'monospace' => $this->format === static::FORMAT_MONOSPACE,

        ];
    }

    /**
     * Ensure an emergency message has an retry and expiry time.
     *
     * @param  int  $priority
     * @param  int  $retry
     * @param  int  $expire
     * @throws EmergencyNotificationRequiresRetryAndExpire
     */
    protected function noEmergencyWithoutRetryOrExpire($priority, $retry, $expire)
    {
        if ($priority == self::EMERGENCY_PRIORITY && (! isset($retry) || ! isset($expire))) {
            throw new EmergencyNotificationRequiresRetryAndExpire();
        }
    }
}


1		<?php
2
3		namespace NotificationChannels\Pushover;
4
5		use Carbon\Carbon;
6		use NotificationChannels\Pushover\Exceptions\EmergencyNotificationRequiresRetryAndExpire;
7
8		class PushoverMessage
9		{
10		/**
11		* The text content of the message.
12		*
13		* @var string
14		*/
15		public $content;
16
17		/**
18		* The format of the message.
19		*
20		* Either "plain", "html" or "monospace".
21		*
22		* @var string
23		*/
24		public $format = self::FORMAT_PLAIN;
25
26		/**
27		* The (optional) title of the message.
28		*
29		* @var string
30		*/
31		public $title;
32
33		/**
34		* The (optional) timestamp of the message.
35		*
36		* @var int
37		*/
38		public $timestamp;
39
40		/**
41		* The (optional) priority of the message.
42		*
43		* @var int
44		*/
45		public $priority;
46
47		/**
48		* The (optional) timeout between retries when sending a message
49		* with an emergency priority. The timeout is in seconds.
50		*
51		* @var int
52		*/
53		public $retry;
54
55		/**
56		* The (optional) expire time of a message with an emergency priority.
57		* The expire time is in seconds.
58		*
59		* @var int
60		*/
61		public $expire;
62
63		/**
64		* The (optional) supplementary url of the message.
65		*
66		* @var string
67		*/
68		public $url;
69
70		/**
71		* The (optional) supplementary url title of the message.
72		*
73		* @var string
74		*/
75		public $urlTitle;
76
77		/**
78		* The (optional) sound of the message.
79		*
80		* @var string
81		*/
82		public $sound;
83
84		/**
85		* Message formats.
86		*/
87		const FORMAT_PLAIN = 0;
88		const FORMAT_HTML = 1;
89		const FORMAT_MONOSPACE = 2;
90
91		/**
92		* Message priorities.
93		*/
94		const LOWEST_PRIORITY = -2;
95		const LOW_PRIORITY = -1;
96		const NORMAL_PRIORITY = 0;
97		const HIGH_PRIORITY = 1;
98		const EMERGENCY_PRIORITY = 2;
99
100		/**
101		* @param string $content
102		*
103		* @return static
104		*/
105	2	public static function create($content = '')
106		{
107	2	return new static($content);
108		}
109
110		/**
111		* @param string $content
112		*/
113	23	public function __construct($content = '')
114		{
115	23	$this->content = $content;
116	23	}
117
118		/**
119		* Set the content of the Pushover message.
120		*
121		* @param string $content
122		* @return $this
123		*/
124	1	public function content($content)
125		{
126	1	$this->content = $content;
127
128	1	return $this;
129		}
130
131		/**
132		* Set the formatting type to plain text.
133		*
134		* @return $this
135		*/
136	1	public function plain()
137		{
138	1	$this->format = static::FORMAT_PLAIN;
		0 ignored issues – show Documentation Bug introduced 2020-09-13 19:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$format` was declared of type `string`, but `static::FORMAT_PLAIN` is of type `integer`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
139
140	1	return $this;
141		}
142
143		/**
144		* Set the formatting type to HTML.
145		*
146		* @return $this
147		*/
148	2	public function html()
149		{
150	2	$this->format = static::FORMAT_HTML;
		0 ignored issues – show Documentation Bug introduced 2020-09-13 19:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$format` was declared of type `string`, but `static::FORMAT_HTML` is of type `integer`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
151
152	2	return $this;
153		}
154
155		/**
156		* Set the formatting type to monospace.
157		*
158		* @return $this
159		*/
160	1	public function monospace()
161		{
162	1	$this->format = self::FORMAT_MONOSPACE;
		0 ignored issues – show Documentation Bug introduced 2020-09-13 19:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$format` was declared of type `string`, but `self::FORMAT_MONOSPACE` is of type `integer`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
163
164	1	return $this;
165		}
166
167		/**
168		* Set the title of the Pushover message.
169		*
170		* @param string $title
171		* @return $this
172		*/
173	3	public function title($title)
174		{
175	3	$this->title = $title;
176
177	3	return $this;
178		}
179
180		/**
181		* Set the time of the Pushover message.
182		*
183		* @param Carbon\|int $time
184		* @return $this
185		*/
186	4	public function time($time)
187		{
188	4	if ($time instanceof Carbon) {
189	1	$time = $time->timestamp;
190		}
191
192	4	$this->timestamp = $time;
193
194	4	return $this;
195		}
196
197		/**
198		* Set a supplementary url for the Pushover message.
199		*
200		* @param string $url
201		* @param string $title
202		* @return $this
203		*/
204	4	public function url($url, $title = null)
205		{
206	4	$this->url = $url;
207	4	$this->urlTitle = $title;
208
209	4	return $this;
210		}
211
212		/**
213		* Set the sound of the Pushover message.
214		*
215		* @param string $sound
216		* @return $this
217		*/
218	3	public function sound($sound)
219		{
220	3	$this->sound = $sound;
221
222	3	return $this;
223		}
224
225		/**
226		* Set the priority of the Pushover message.
227		* Retry and expire are mandatory when setting the priority to emergency.
228		*
229		* @param int $priority
230		* @param int $retryTimeout
231		* @param int $expireAfter
232		* @return $this
233		*/
234	10	public function priority($priority, $retryTimeout = null, $expireAfter = null)
235		{
236	10	$this->noEmergencyWithoutRetryOrExpire($priority, $retryTimeout, $expireAfter);
237
238	9	$this->priority = $priority;
239	9	$this->retry = $retryTimeout;
240	9	$this->expire = $expireAfter;
241
242	9	return $this;
243		}
244
245		/**
246		* Set the priority of the Pushover message to the lowest priority.
247		*
248		* @return $this
249		*/
250	1	public function lowestPriority()
251		{
252	1	return $this->priority(self::LOWEST_PRIORITY);
253		}
254
255		/**
256		* Set the priority of the Pushover message to low.
257		*
258		* @return $this
259		*/
260	1	public function lowPriority()
261		{
262	1	return $this->priority(self::LOW_PRIORITY);
263		}
264
265		/**
266		* Set the priority of the Pushover message to normal.
267		*
268		* @return $this
269		*/
270	1	public function normalPriority()
271		{
272	1	return $this->priority(self::NORMAL_PRIORITY);
273		}
274
275		/**
276		* Set the priority of the Pushover message to high.
277		*
278		* @return $this
279		*/
280	1	public function highPriority()
281		{
282	1	return $this->priority(self::HIGH_PRIORITY);
283		}
284
285		/**
286		* Set the priority of the Pushover message to emergency.
287		* Retry and expire are mandatory when setting the priority to emergency.
288		*
289		* @param int $retryTimeout
290		* @param int $expireAfter
291		* @return $this
292		*/
293	3	public function emergencyPriority($retryTimeout, $expireAfter)
294		{
295	3	return $this->priority(self::EMERGENCY_PRIORITY, $retryTimeout, $expireAfter);
296		}
297
298		/**
299		* Array representation of Pushover Message.
300		*
301		* @return array
302		*/
303	2	public function toArray()
304		{
305		return [
306	2	'message' => $this->content,
307	2	'title' => $this->title,
308	2	'timestamp' => $this->timestamp,
309	2	'priority' => $this->priority,
310	2	'url' => $this->url,
311	2	'url_title' => $this->urlTitle,
312	2	'sound' => $this->sound,
313	2	'retry' => $this->retry,
314	2	'expire' => $this->expire,
315	2	'html' => $this->format === static::FORMAT_HTML,
		0 ignored issues – show Unused Code Bug introduced 2020-09-13 19:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The strict comparison `===` seems to always evaluate to `false` as the types of `$this->format` (`string`) and `static::FORMAT_HTML` (`integer`) can never be identical. Maybe you want to use a loose comparison `==` instead? Loading history...
316	2	'monospace' => $this->format === static::FORMAT_MONOSPACE,
		0 ignored issues – show Unused Code Bug introduced 2020-09-13 19:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The strict comparison `===` seems to always evaluate to `false` as the types of `$this->format` (`string`) and `static::FORMAT_MONOSPACE` (`integer`) can never be identical. Maybe you want to use a loose comparison `==` instead? Loading history...
317		];
318		}
319
320		/**
321		* Ensure an emergency message has an retry and expiry time.
322		*
323		* @param int $priority
324		* @param int $retry
325		* @param int $expire
326		* @throws EmergencyNotificationRequiresRetryAndExpire
327		*/
328	10	protected function noEmergencyWithoutRetryOrExpire($priority, $retry, $expire)
329		{
330	10	if ($priority == self::EMERGENCY_PRIORITY && (! isset($retry) \|\| ! isset($expire))) {
331	1	throw new EmergencyNotificationRequiresRetryAndExpire();
332		}
333	9	}
334		}
335

laravel-notification-channels / pushover

Issues (7)

Security Analysis no request data

src/PushoverMessage.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like