Issues in Client.php (master) - Issues in master - loevgaard/altapay-php-sdk - Measure and Improve Code Quality continuously with Scrutinizer

Issues (43)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Client/Client.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Loevgaard\AltaPay\Client;

use GuzzleHttp\Client as GuzzleClient;
use GuzzleHttp\ClientInterface as GuzzleClientInterface;
use GuzzleHttp\RequestOptions;
use Loevgaard\AltaPay\Payload\CaptureReservationInterface;
use Loevgaard\AltaPay\Payload\PaymentRequestInterface;
use Loevgaard\AltaPay\Payload\RefundCapturedReservationInterface;
use Loevgaard\AltaPay\Response\CaptureReservation as CaptureReservationResponse;
use Loevgaard\AltaPay\Response\GetTerminals as GetTerminalsResponse;
use Loevgaard\AltaPay\Response\PaymentRequest as PaymentRequestResponse;
use Loevgaard\AltaPay\Response\RefundCapturedReservation as RefundCapturedReservationResponse;
use Psr\Http\Message\ResponseInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;

class Client
{
    /**
     * @var GuzzleClientInterface
     */
    protected $client;

    /**
     * Your username for the AltaPay gateway
     *
     * @var string
     */
    private $username;

    /**
     * Your password for the AltaPay gateway
     *
     * @var string
     */
    private $password;

    /**
     * The URL for the gateway
     * The default value for this is the test gateway URL
     *
     * @var string
     */
    private $baseUrl;

    /**
     * @var array
     */
    private $defaultOptions;

    /**
     * @var ResponseInterface
     */
    private $lastResponse;

    public function __construct($username, $password, $baseUrl = 'https://testgateway.altapaysecure.com')
    {
        $this->username = $username;
        $this->password = $password;
        $this->baseUrl  = $baseUrl;
        $this->defaultOptions = [];
    }

    /**
     * @param PaymentRequestInterface $paymentRequest
     * @return PaymentRequestResponse
     */
    public function createPaymentRequest(PaymentRequestInterface $paymentRequest) : PaymentRequestResponse
    {
        $response = new PaymentRequestResponse($this->doRequest('post', '/merchant/API/createPaymentRequest', [
            'form_params' => $paymentRequest->getPayload()
        ]));
        return $response;
    }

    /**
     * @codeCoverageIgnore
     */
    public function testConnection()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function login()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function payments()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @param CaptureReservationInterface $captureReservation
     * @return CaptureReservationResponse
     */
    public function captureReservation(CaptureReservationInterface $captureReservation) : CaptureReservationResponse
    {
        return new CaptureReservationResponse($this->doRequest('get', '/merchant/API/captureReservation', [
            'query' => $captureReservation->getPayload()
        ]));
    }

    /**
     * @codeCoverageIgnore
     */
    public function releaseReservation()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }


    /**
     * @param RefundCapturedReservationInterface $refundCapturedReservation
     * @return RefundCapturedReservationResponse
     */
    public function refundCapturedReservation(RefundCapturedReservationInterface $refundCapturedReservation) : RefundCapturedReservationResponse
    {
        return new RefundCapturedReservationResponse($this->doRequest('get', '/merchant/API/refundCapturedReservation', [
            'query' => $refundCapturedReservation->getPayload()
        ]));
    }

    /**
     * @codeCoverageIgnore
     */
    public function setupSubscription()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function chargeSubscription()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function reserveSubscriptionCharge()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function updateOrder()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function fundingList()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function fundingDownload()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function getCustomReport()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function reservationOfFixedAmount()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function credit()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @return GetTerminalsResponse
     */
    public function getTerminals() : GetTerminalsResponse
    {
        return new GetTerminalsResponse($this->doRequest('get', '/merchant/API/getTerminals'));
    }

    /**
     * @codeCoverageIgnore
     */
    public function getInvoiceText()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function createInvoiceReservation()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function calculateSurcharge()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @codeCoverageIgnore
     */
    public function queryGiftCard()
    {
        // @todo Implement method
        throw new \RuntimeException('Method is not implemented');
    }

    /**
     * @param string $method
     * @param string $uri
     * @param array $options
     * @return ResponseInterface
     */
    public function doRequest($method, $uri, array $options = []) : ResponseInterface
    {
        $optionsResolver = new OptionsResolver();
        $this->configureOptions($optionsResolver);

        $url = $this->baseUrl . $uri;
        $options = $optionsResolver->resolve(array_replace($this->defaultOptions, $options));
        $this->lastResponse = $this->getClient()->request($method, $url, $options);

        return $this->lastResponse;
    }

    /**
     * @return GuzzleClientInterface
     */
    public function getClient()
    {
        if (!$this->client) {
            $this->client = new GuzzleClient();
        }
        return $this->client;
    }

    /**
     * @param GuzzleClientInterface $client
     * @return Client
     */
    public function setClient(GuzzleClientInterface $client)
    {
        $this->client = $client;
        return $this;
    }

    /**
     * @return array
     */
    public function getDefaultOptions() : array
    {
        return $this->defaultOptions;
    }

    /**
     * @param array $options
     * @return Client
     */
    public function setDefaultOptions(array $options) : self
    {
        $this->defaultOptions = $options;
        return $this;
    }

    protected function configureOptions(OptionsResolver $optionsResolver)
    {
        // add request options from Guzzle
        $reflection = new \ReflectionClass(RequestOptions::class);
        $optionsResolver->setDefined($reflection->getConstants());
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

        // set defaults
        $optionsResolver->setDefaults([
            'allow_redirects' => false,
            'cookies' => false,
            'timeout' => 60,
            'http_errors' => false,
            'auth' => [
                $this->username,
                $this->password
            ]
        ]);
    }
}


1		<?php
2		namespace Loevgaard\AltaPay\Client;
3
4		use GuzzleHttp\Client as GuzzleClient;
5		use GuzzleHttp\ClientInterface as GuzzleClientInterface;
6		use GuzzleHttp\RequestOptions;
7		use Loevgaard\AltaPay\Payload\CaptureReservationInterface;
8		use Loevgaard\AltaPay\Payload\PaymentRequestInterface;
9		use Loevgaard\AltaPay\Payload\RefundCapturedReservationInterface;
10		use Loevgaard\AltaPay\Response\CaptureReservation as CaptureReservationResponse;
11		use Loevgaard\AltaPay\Response\GetTerminals as GetTerminalsResponse;
12		use Loevgaard\AltaPay\Response\PaymentRequest as PaymentRequestResponse;
13		use Loevgaard\AltaPay\Response\RefundCapturedReservation as RefundCapturedReservationResponse;
14		use Psr\Http\Message\ResponseInterface;
15		use Symfony\Component\OptionsResolver\OptionsResolver;
16
17		class Client
18		{
19		/**
20		* @var GuzzleClientInterface
21		*/
22		protected $client;
23
24		/**
25		* Your username for the AltaPay gateway
26		*
27		* @var string
28		*/
29		private $username;
30
31		/**
32		* Your password for the AltaPay gateway
33		*
34		* @var string
35		*/
36		private $password;
37
38		/**
39		* The URL for the gateway
40		* The default value for this is the test gateway URL
41		*
42		* @var string
43		*/
44		private $baseUrl;
45
46		/**
47		* @var array
48		*/
49		private $defaultOptions;
50
51		/**
52		* @var ResponseInterface
53		*/
54		private $lastResponse;
55
56	18	public function __construct($username, $password, $baseUrl = 'https://testgateway.altapaysecure.com')
57		{
58	18	$this->username = $username;
59	18	$this->password = $password;
60	18	$this->baseUrl = $baseUrl;
61	18	$this->defaultOptions = [];
62	18	}
63
64		/**
65		* @param PaymentRequestInterface $paymentRequest
66		* @return PaymentRequestResponse
67		*/
68	3	public function createPaymentRequest(PaymentRequestInterface $paymentRequest) : PaymentRequestResponse
69		{
70	3	$response = new PaymentRequestResponse($this->doRequest('post', '/merchant/API/createPaymentRequest', [
71	3	'form_params' => $paymentRequest->getPayload()
72		]));
73	3	return $response;
74		}
75
76		/**
77		* @codeCoverageIgnore
78		*/
79		public function testConnection()
80		{
81		// @todo Implement method
82		throw new \RuntimeException('Method is not implemented');
83		}
84
85		/**
86		* @codeCoverageIgnore
87		*/
88		public function login()
89		{
90		// @todo Implement method
91		throw new \RuntimeException('Method is not implemented');
92		}
93
94		/**
95		* @codeCoverageIgnore
96		*/
97		public function payments()
98		{
99		// @todo Implement method
100		throw new \RuntimeException('Method is not implemented');
101		}
102
103		/**
104		* @param CaptureReservationInterface $captureReservation
105		* @return CaptureReservationResponse
106		*/
107	3	public function captureReservation(CaptureReservationInterface $captureReservation) : CaptureReservationResponse
108		{
109	3	return new CaptureReservationResponse($this->doRequest('get', '/merchant/API/captureReservation', [
110	3	'query' => $captureReservation->getPayload()
111		]));
112		}
113
114		/**
115		* @codeCoverageIgnore
116		*/
117		public function releaseReservation()
118		{
119		// @todo Implement method
120		throw new \RuntimeException('Method is not implemented');
121		}
122
123
124		/**
125		* @param RefundCapturedReservationInterface $refundCapturedReservation
126		* @return RefundCapturedReservationResponse
127		*/
128	3	public function refundCapturedReservation(RefundCapturedReservationInterface $refundCapturedReservation) : RefundCapturedReservationResponse
129		{
130	3	return new RefundCapturedReservationResponse($this->doRequest('get', '/merchant/API/refundCapturedReservation', [
131	3	'query' => $refundCapturedReservation->getPayload()
132		]));
133		}
134
135		/**
136		* @codeCoverageIgnore
137		*/
138		public function setupSubscription()
139		{
140		// @todo Implement method
141		throw new \RuntimeException('Method is not implemented');
142		}
143
144		/**
145		* @codeCoverageIgnore
146		*/
147		public function chargeSubscription()
148		{
149		// @todo Implement method
150		throw new \RuntimeException('Method is not implemented');
151		}
152
153		/**
154		* @codeCoverageIgnore
155		*/
156		public function reserveSubscriptionCharge()
157		{
158		// @todo Implement method
159		throw new \RuntimeException('Method is not implemented');
160		}
161
162		/**
163		* @codeCoverageIgnore
164		*/
165		public function updateOrder()
166		{
167		// @todo Implement method
168		throw new \RuntimeException('Method is not implemented');
169		}
170
171		/**
172		* @codeCoverageIgnore
173		*/
174		public function fundingList()
175		{
176		// @todo Implement method
177		throw new \RuntimeException('Method is not implemented');
178		}
179
180		/**
181		* @codeCoverageIgnore
182		*/
183		public function fundingDownload()
184		{
185		// @todo Implement method
186		throw new \RuntimeException('Method is not implemented');
187		}
188
189		/**
190		* @codeCoverageIgnore
191		*/
192		public function getCustomReport()
193		{
194		// @todo Implement method
195		throw new \RuntimeException('Method is not implemented');
196		}
197
198		/**
199		* @codeCoverageIgnore
200		*/
201		public function reservationOfFixedAmount()
202		{
203		// @todo Implement method
204		throw new \RuntimeException('Method is not implemented');
205		}
206
207		/**
208		* @codeCoverageIgnore
209		*/
210		public function credit()
211		{
212		// @todo Implement method
213		throw new \RuntimeException('Method is not implemented');
214		}
215
216		/**
217		* @return GetTerminalsResponse
218		*/
219	3	public function getTerminals() : GetTerminalsResponse
220		{
221	3	return new GetTerminalsResponse($this->doRequest('get', '/merchant/API/getTerminals'));
222		}
223
224		/**
225		* @codeCoverageIgnore
226		*/
227		public function getInvoiceText()
228		{
229		// @todo Implement method
230		throw new \RuntimeException('Method is not implemented');
231		}
232
233		/**
234		* @codeCoverageIgnore
235		*/
236		public function createInvoiceReservation()
237		{
238		// @todo Implement method
239		throw new \RuntimeException('Method is not implemented');
240		}
241
242		/**
243		* @codeCoverageIgnore
244		*/
245		public function calculateSurcharge()
246		{
247		// @todo Implement method
248		throw new \RuntimeException('Method is not implemented');
249		}
250
251		/**
252		* @codeCoverageIgnore
253		*/
254		public function queryGiftCard()
255		{
256		// @todo Implement method
257		throw new \RuntimeException('Method is not implemented');
258		}
259
260		/**
261		* @param string $method
262		* @param string $uri
263		* @param array $options
264		* @return ResponseInterface
265		*/
266	12	public function doRequest($method, $uri, array $options = []) : ResponseInterface
267		{
268	12	$optionsResolver = new OptionsResolver();
269	12	$this->configureOptions($optionsResolver);
270
271	12	$url = $this->baseUrl . $uri;
272	12	$options = $optionsResolver->resolve(array_replace($this->defaultOptions, $options));
273	12	$this->lastResponse = $this->getClient()->request($method, $url, $options);
274
275	12	return $this->lastResponse;
276		}
277
278		/**
279		* @return GuzzleClientInterface
280		*/
281	15	public function getClient()
282		{
283	15	if (!$this->client) {
284	3	$this->client = new GuzzleClient();
285		}
286	15	return $this->client;
287		}
288
289		/**
290		* @param GuzzleClientInterface $client
291		* @return Client
292		*/
293	12	public function setClient(GuzzleClientInterface $client)
294		{
295	12	$this->client = $client;
296	12	return $this;
297		}
298
299		/**
300		* @return array
301		*/
302	3	public function getDefaultOptions() : array
303		{
304	3	return $this->defaultOptions;
305		}
306
307		/**
308		* @param array $options
309		* @return Client
310		*/
311	3	public function setDefaultOptions(array $options) : self
312		{
313	3	$this->defaultOptions = $options;
314	3	return $this;
315		}
316
317	12	protected function configureOptions(OptionsResolver $optionsResolver)
318		{
319		// add request options from Guzzle
320	12	$reflection = new \ReflectionClass(RequestOptions::class);
321	12	$optionsResolver->setDefined($reflection->getConstants());
		0 ignored issues – show Documentation introduced 2017-10-10 11:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$reflection->getConstants()` is of type `array<string,integer\|double\|string\|boolean>`, but the function expects a `string\|array<integer,string>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
322
323		// set defaults
324	12	$optionsResolver->setDefaults([
325	12	'allow_redirects' => false,
326		'cookies' => false,
327	12	'timeout' => 60,
328		'http_errors' => false,
329		'auth' => [
330	12	$this->username,
331	12	$this->password
332		]
333		]);
334	12	}
335		}
336

loevgaard / altapay-php-sdk

Issues (43)

Security Analysis not enabled

src/Client/Client.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like