Issues in OrderLine.php (master) - Issues in master - loevgaard/altapay-php-sdk - Measure and Improve Code Quality continuously with Scrutinizer

Issues (43)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Payload/OrderLine.php (3 issues)

Labels

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Loevgaard\AltaPay\Payload;

use Assert\Assert;
use Loevgaard\AltaPay;
use Money\Money;

class OrderLine extends Payload implements OrderLineInterface
{
    const GOODS_TYPE_SHIPMENT = 'shipment';
    const GOODS_TYPE_HANDLING = 'handling';
    const GOODS_TYPE_ITEM = 'item';
    const GOODS_TYPE_REFUND = 'refund';

    /**
     * Used to create Money objects
     *
     * @var string
     */
    protected $currency;

    /**
     * @var string
     */
    protected $description;

    /**
     * @var string
     */
    protected $itemId;

    /**
     * @var float
     */
    protected $quantity;

    /**
     * @var int
     */
    protected $unitPrice;

    /**
     * @var float
     */
    protected $taxPercent;

    /**
     * @var int
     */
    protected $taxAmount;

    /**
     * @var string
     */
    protected $unitCode;

    /**
     * @var int
     */
    protected $discount;

    /**
     * @var string
     */
    protected $goodsType;

    /**
     * @var string
     */
    protected $imageUrl;

    public function __construct(string $description, string $itemId, float $quantity, Money $unitPrice)
    {
        $this->currency = $unitPrice->getCurrency()->getCode();

        $this->setDescription($description);
        $this->setItemId($itemId);
        $this->setQuantity($quantity);
        $this->setUnitPrice($unitPrice);
    }

    public function getPayload() : array
    {
        $this->validate();

        $payload = [
            'description' => $this->description,
            'itemId' => $this->itemId,
            'quantity' => $this->quantity,
            'unitPrice' => AltaPay\floatFromMoney($this->getUnitPrice()),
            'taxPercent' => $this->taxPercent,
            'taxAmount' => AltaPay\floatFromMoney($this->getTaxAmount()),
            'unitCode' => $this->unitCode,
            'discount' => AltaPay\floatFromMoney($this->getDiscount()),
            'goodsType' => $this->goodsType,
            'imageUrl' => $this->imageUrl,
        ];

        return static::simplePayload($payload);
    }

    public function validate()
    {
        Assert::that($this->description)->string();
        Assert::that($this->itemId)->string();
        Assert::that($this->quantity)->float();
        Assert::that($this->getUnitPrice())->isInstanceOf(Money::class);
        Assert::thatNullOr($this->taxPercent)->float();
        Assert::thatNullOr($this->getTaxAmount())->isInstanceOf(Money::class);
        Assert::thatNullOr($this->unitCode)->string();
        Assert::thatNullOr($this->getDiscount())->isInstanceOf(Money::class);
        Assert::thatNullOr($this->goodsType)->string()->inArray(static::getGoodsTypes());
        Assert::thatNullOr($this->imageUrl)->string();
    }

    /**
     * @return array
     */
    public static function getGoodsTypes() : array
    {
        return [
            self::GOODS_TYPE_HANDLING,
            self::GOODS_TYPE_ITEM,
            self::GOODS_TYPE_REFUND,
            self::GOODS_TYPE_SHIPMENT,
        ];
    }

    /**
     * @return string
     */
    public function getDescription() : string
    {
        return $this->description;
    }

    /**
     * @param string $description
     * @return OrderLine
     */
    public function setDescription(string $description) : self
    {
        $this->description = $description;
        return $this;
    }

    /**
     * @return string
     */
    public function getItemId() : string
    {
        return $this->itemId;
    }

    /**
     * @param string $itemId
     * @return OrderLine
     */
    public function setItemId(string $itemId) : self
    {
        $this->itemId = $itemId;
        return $this;
    }

    /**
     * @return float
     */
    public function getQuantity() : float
    {
        return $this->quantity;
    }

    /**
     * @param float $quantity
     * @return OrderLine
     */
    public function setQuantity(float $quantity) : self
    {
        $this->quantity = $quantity;
        return $this;
    }

    /**
     * @return Money
     */
    public function getUnitPrice() : ?Money
    {
        return AltaPay\createMoney((string)$this->currency, (int)$this->unitPrice);
    }

    /**
     * @param Money $unitPrice
     * @return OrderLine
     */
    public function setUnitPrice(Money $unitPrice) : self
    {
        if ($unitPrice->getCurrency()->getCode() !== $this->currency) {
            throw new \InvalidArgumentException('The $unitPrice does not have the same currency as this order line');
        }

        $this->unitPrice = $unitPrice->getAmount();
$answer = 42;

$correct = false;

$correct = (bool) $answer;
        return $this;
    }

    /**
     * @return float
     */
    public function getTaxPercent() : ?float
    {
        return $this->taxPercent;
    }

    /**
     * @param float $taxPercent
     * @return OrderLine
     */
    public function setTaxPercent(float $taxPercent) : self
    {
        $this->taxPercent = $taxPercent;
        return $this;
    }

    /**
     * @return Money
     */
    public function getTaxAmount() : ?Money
    {
        if (is_null($this->taxAmount)) {
            return null;
        }

        return AltaPay\createMoney((string)$this->currency, (int)$this->taxAmount);
    }

    /**
     * @param Money $taxAmount
     * @return OrderLine
     */
    public function setTaxAmount(Money $taxAmount) : self
    {
        if ($taxAmount->getCurrency()->getCode() !== $this->currency) {
            throw new \InvalidArgumentException('The $taxAmount does not have the same currency as this order line');
        }

        $this->taxAmount = $taxAmount->getAmount();
$answer = 42;

$correct = false;

$correct = (bool) $answer;
        return $this;
    }

    /**
     * @return string
     */
    public function getUnitCode() : ?string
    {
        return $this->unitCode;
    }

    /**
     * @param string $unitCode
     * @return OrderLine
     */
    public function setUnitCode(string $unitCode) : self
    {
        $this->unitCode = $unitCode;
        return $this;
    }

    /**
     * @return Money
     */
    public function getDiscount() : ?Money
    {
        if (is_null($this->discount)) {
            return null;
        }

        return AltaPay\createMoney((string)$this->currency, (int)$this->discount);
    }

    /**
     * @param Money $discount
     * @return OrderLine
     */
    public function setDiscount(Money $discount) : self
    {
        if ($discount->getCurrency()->getCode() !== $this->currency) {
            throw new \InvalidArgumentException('The $discount does not have the same currency as this order line');
        }

        $this->discount = $discount->getAmount();
$answer = 42;

$correct = false;

$correct = (bool) $answer;
        return $this;
    }

    /**
     * @return string
     */
    public function getGoodsType() : ?string
    {
        return $this->goodsType;
    }

    /**
     * @param string $goodsType
     * @return OrderLine
     */
    public function setGoodsType(string $goodsType) : self
    {
        $this->goodsType = $goodsType;
        return $this;
    }

    /**
     * @return string
     */
    public function getImageUrl() : ?string
    {
        return $this->imageUrl;
    }

    /**
     * @param string $imageUrl
     * @return OrderLine
     */
    public function setImageUrl(string $imageUrl) : self
    {
        $this->imageUrl = $imageUrl;
        return $this;
    }
}


1		<?php
2		namespace Loevgaard\AltaPay\Payload;
3
4		use Assert\Assert;
5		use Loevgaard\AltaPay;
6		use Money\Money;
7
8		class OrderLine extends Payload implements OrderLineInterface
9		{
10		const GOODS_TYPE_SHIPMENT = 'shipment';
11		const GOODS_TYPE_HANDLING = 'handling';
12		const GOODS_TYPE_ITEM = 'item';
13		const GOODS_TYPE_REFUND = 'refund';
14
15		/**
16		* Used to create Money objects
17		*
18		* @var string
19		*/
20		protected $currency;
21
22		/**
23		* @var string
24		*/
25		protected $description;
26
27		/**
28		* @var string
29		*/
30		protected $itemId;
31
32		/**
33		* @var float
34		*/
35		protected $quantity;
36
37		/**
38		* @var int
39		*/
40		protected $unitPrice;
41
42		/**
43		* @var float
44		*/
45		protected $taxPercent;
46
47		/**
48		* @var int
49		*/
50		protected $taxAmount;
51
52		/**
53		* @var string
54		*/
55		protected $unitCode;
56
57		/**
58		* @var int
59		*/
60		protected $discount;
61
62		/**
63		* @var string
64		*/
65		protected $goodsType;
66
67		/**
68		* @var string
69		*/
70		protected $imageUrl;
71
72	15	public function __construct(string $description, string $itemId, float $quantity, Money $unitPrice)
73		{
74	15	$this->currency = $unitPrice->getCurrency()->getCode();
75
76	15	$this->setDescription($description);
77	15	$this->setItemId($itemId);
78	15	$this->setQuantity($quantity);
79	15	$this->setUnitPrice($unitPrice);
80	15	}
81
82	3	public function getPayload() : array
83		{
84	3	$this->validate();
85
86		$payload = [
87	3	'description' => $this->description,
88	3	'itemId' => $this->itemId,
89	3	'quantity' => $this->quantity,
90	3	'unitPrice' => AltaPay\floatFromMoney($this->getUnitPrice()),
91	3	'taxPercent' => $this->taxPercent,
92	3	'taxAmount' => AltaPay\floatFromMoney($this->getTaxAmount()),
93	3	'unitCode' => $this->unitCode,
94	3	'discount' => AltaPay\floatFromMoney($this->getDiscount()),
95	3	'goodsType' => $this->goodsType,
96	3	'imageUrl' => $this->imageUrl,
97		];
98
99	3	return static::simplePayload($payload);
100		}
101
102	3	public function validate()
103		{
104	3	Assert::that($this->description)->string();
105	3	Assert::that($this->itemId)->string();
106	3	Assert::that($this->quantity)->float();
107	3	Assert::that($this->getUnitPrice())->isInstanceOf(Money::class);
108	3	Assert::thatNullOr($this->taxPercent)->float();
109	3	Assert::thatNullOr($this->getTaxAmount())->isInstanceOf(Money::class);
110	3	Assert::thatNullOr($this->unitCode)->string();
111	3	Assert::thatNullOr($this->getDiscount())->isInstanceOf(Money::class);
112	3	Assert::thatNullOr($this->goodsType)->string()->inArray(static::getGoodsTypes());
113	3	Assert::thatNullOr($this->imageUrl)->string();
114	3	}
115
116		/**
117		* @return array
118		*/
119	6	public static function getGoodsTypes() : array
120		{
121		return [
122	6	self::GOODS_TYPE_HANDLING,
123	6	self::GOODS_TYPE_ITEM,
124	6	self::GOODS_TYPE_REFUND,
125	6	self::GOODS_TYPE_SHIPMENT,
126		];
127		}
128
129		/**
130		* @return string
131		*/
132	3	public function getDescription() : string
133		{
134	3	return $this->description;
135		}
136
137		/**
138		* @param string $description
139		* @return OrderLine
140		*/
141	15	public function setDescription(string $description) : self
142		{
143	15	$this->description = $description;
144	15	return $this;
145		}
146
147		/**
148		* @return string
149		*/
150	3	public function getItemId() : string
151		{
152	3	return $this->itemId;
153		}
154
155		/**
156		* @param string $itemId
157		* @return OrderLine
158		*/
159	15	public function setItemId(string $itemId) : self
160		{
161	15	$this->itemId = $itemId;
162	15	return $this;
163		}
164
165		/**
166		* @return float
167		*/
168	3	public function getQuantity() : float
169		{
170	3	return $this->quantity;
171		}
172
173		/**
174		* @param float $quantity
175		* @return OrderLine
176		*/
177	15	public function setQuantity(float $quantity) : self
178		{
179	15	$this->quantity = $quantity;
180	15	return $this;
181		}
182
183		/**
184		* @return Money
185		*/
186	6	public function getUnitPrice() : ?Money
187		{
188	6	return AltaPay\createMoney((string)$this->currency, (int)$this->unitPrice);
189		}
190
191		/**
192		* @param Money $unitPrice
193		* @return OrderLine
194		*/
195	15	public function setUnitPrice(Money $unitPrice) : self
196		{
197	15	if ($unitPrice->getCurrency()->getCode() !== $this->currency) {
198		throw new \InvalidArgumentException('The $unitPrice does not have the same currency as this order line');
199		}
200
201	15	$this->unitPrice = $unitPrice->getAmount();
		0 ignored issues – show Documentation Bug introduced 2017-11-15 13:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$unitPrice` was declared of type `integer`, but `$unitPrice->getAmount()` is of type `string`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
202	15	return $this;
203		}
204
205		/**
206		* @return float
207		*/
208	3	public function getTaxPercent() : ?float
209		{
210	3	return $this->taxPercent;
211		}
212
213		/**
214		* @param float $taxPercent
215		* @return OrderLine
216		*/
217	3	public function setTaxPercent(float $taxPercent) : self
218		{
219	3	$this->taxPercent = $taxPercent;
220	3	return $this;
221		}
222
223		/**
224		* @return Money
225		*/
226	6	public function getTaxAmount() : ?Money
227		{
228	6	if (is_null($this->taxAmount)) {
229	3	return null;
230		}
231
232	6	return AltaPay\createMoney((string)$this->currency, (int)$this->taxAmount);
233		}
234
235		/**
236		* @param Money $taxAmount
237		* @return OrderLine
238		*/
239	6	public function setTaxAmount(Money $taxAmount) : self
240		{
241	6	if ($taxAmount->getCurrency()->getCode() !== $this->currency) {
242		throw new \InvalidArgumentException('The $taxAmount does not have the same currency as this order line');
243		}
244
245	6	$this->taxAmount = $taxAmount->getAmount();
		0 ignored issues – show Documentation Bug introduced 2017-11-15 13:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$taxAmount` was declared of type `integer`, but `$taxAmount->getAmount()` is of type `string`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
246	6	return $this;
247		}
248
249		/**
250		* @return string
251		*/
252	3	public function getUnitCode() : ?string
253		{
254	3	return $this->unitCode;
255		}
256
257		/**
258		* @param string $unitCode
259		* @return OrderLine
260		*/
261	6	public function setUnitCode(string $unitCode) : self
262		{
263	6	$this->unitCode = $unitCode;
264	6	return $this;
265		}
266
267		/**
268		* @return Money
269		*/
270	6	public function getDiscount() : ?Money
271		{
272	6	if (is_null($this->discount)) {
273	3	return null;
274		}
275
276	3	return AltaPay\createMoney((string)$this->currency, (int)$this->discount);
277		}
278
279		/**
280		* @param Money $discount
281		* @return OrderLine
282		*/
283	3	public function setDiscount(Money $discount) : self
284		{
285	3	if ($discount->getCurrency()->getCode() !== $this->currency) {
286		throw new \InvalidArgumentException('The $discount does not have the same currency as this order line');
287		}
288
289	3	$this->discount = $discount->getAmount();
		0 ignored issues – show Documentation Bug introduced 2017-11-15 13:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$discount` was declared of type `integer`, but `$discount->getAmount()` is of type `string`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
290	3	return $this;
291		}
292
293		/**
294		* @return string
295		*/
296	3	public function getGoodsType() : ?string
297		{
298	3	return $this->goodsType;
299		}
300
301		/**
302		* @param string $goodsType
303		* @return OrderLine
304		*/
305	6	public function setGoodsType(string $goodsType) : self
306		{
307	6	$this->goodsType = $goodsType;
308	6	return $this;
309		}
310
311		/**
312		* @return string
313		*/
314	3	public function getImageUrl() : ?string
315		{
316	3	return $this->imageUrl;
317		}
318
319		/**
320		* @param string $imageUrl
321		* @return OrderLine
322		*/
323	3	public function setImageUrl(string $imageUrl) : self
324		{
325	3	$this->imageUrl = $imageUrl;
326	3	return $this;
327		}
328		}
329

loevgaard / altapay-php-sdk

Issues (43)

Security Analysis not enabled

src/Payload/OrderLine.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like