Issues in DeliveryReport.php (master) - Issues in master - loevgaard/linkmobility-php-sdk - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Webhook/DeliveryReport.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php declare(strict_types=1);
namespace Loevgaard\Linkmobility\Webhook;

use Loevgaard\Linkmobility\Exception\InvalidDateTimeFormatException;
use Psr\Http\Message\RequestInterface;

class DeliveryReport
{
    /**
     * The message is received
     */
    const STATUS_RECEIVED = 'received';

    /**
     * The message is rejected by the SMSC. (Please see the list of status codes for an explanation)
     */
    const STATUS_REJECTED = 'rejected';

    /**
     * The message was not delivered and will try to get sent again at another time
     */
    const STATUS_BUFFERED = 'buffered';

    /**
     * The validity period has expired, the message wasn't delivered
     */
    const STATUS_EXPIRED = 'expired';

    /**
     * The HTTP request made by Linkmobility
     *
     * @var RequestInterface
     */
    protected $request;

    /**
     * @var string
     */
    protected $status;

    /**
     * @var string
     */
    protected $reason;

    /**
     * @var \DateTimeImmutable
     */
    protected $receiveTime;

    /**
     * @var string
     */
    protected $messageId;

    /**
     * @var string
     */
    protected $to;

    /**
     * @see https://linkmobility.atlassian.net/wiki/spaces/COOL/pages/26017824/Delivery+report
     *
     * @var int
     */
    protected $statusCode;

    /**
     * @var string
     */
    protected $returnData;

    /**
     * @var \DateTimeImmutable
     */
    protected $logDate;

    /**
     * @var int
     */
    protected $mcc;

    /**
     * @var int
     */
    protected $mnc;

    /**
     * @var int
     */
    protected $batchId;

    /**
     * @var int
     */
    protected $pushPrice;

    /**
     * DeliveryReport constructor.
     * @param RequestInterface $request
     * @throws InvalidDateTimeFormatException
     */
    public function __construct(RequestInterface $request)
    {
        $this->request = $request;

        parse_str($this->request->getUri()->getQuery(), $query);

        // strings are just assigned if set
        $this->status = $query['status'] ?? null;
        $this->reason = $query['reason'] ?? null;
        $this->messageId = $query['msgid'] ?? null;
        $this->to = $query['to'] ?? null;
        $this->returnData = $query['returndata'] ?? null;

        if (isset($query['receivetime'])) {

            $this->receiveTime = \DateTimeImmutable::createFromFormat('U', $query['receivetime']);
            if ($this->receiveTime === false) {
                throw new InvalidDateTimeFormatException(
                    'The format of `receivetime` is wrong. Value given: '.$query['receivetime']
                );
            }
        }

        if (isset($query['statuscode'])) {
            $this->statusCode = (int)$query['statuscode'];
        }

        if (isset($query['logdate'])) {

            $this->logDate = \DateTimeImmutable::createFromFormat('Y_m_d', $query['logdate']);
            if ($this->logDate === false) {
                throw new InvalidDateTimeFormatException('The format of `logdate` is wrong. Value given: '.$query['logdate']);
            }
        }

        if (isset($query['mcc'])) {
            $this->mcc = (int)$query['mcc'];
        }

        if (isset($query['mnc'])) {
            $this->mnc = (int)$query['mnc'];
        }

        if (isset($query['batchid'])) {
            $this->batchId = (int)$query['batchid'];
        }

        if (isset($query['push_price'])) {
            $this->pushPrice = (int)$query['push_price'];
        }
    }

    /**
     * Returns true if the respective message was received by the recipient
     *
     * @return bool
     */
    public function isReceived() : bool
    {
        return $this->status === static::STATUS_RECEIVED;
    }

    /**
     * Returns true if the respective message was rejected
     *
     * @return bool
     */
    public function isRejected() : bool
    {
        return $this->status === static::STATUS_REJECTED;
    }

    /**
     * Returns true if the respective message is buffered
     *
     * @return bool
     */
    public function isBuffered() : bool
    {
        return $this->status === static::STATUS_BUFFERED;
    }

    /**
     * Returns true if the respective message has expired
     *
     * @return bool
     */
    public function isExpired() : bool
    {
        return $this->status === static::STATUS_EXPIRED;
    }

    /**
     * @return RequestInterface
     */
    public function getRequest(): RequestInterface
    {
        return $this->request;
    }

    /**
     * @return string
     */
    public function getStatus(): string
    {
        return $this->status;
    }

    /**
     * @return string
     */
    public function getReason(): string
    {
        return $this->reason;
    }

    /**
     * @return \DateTimeImmutable
     */
    public function getReceiveTime(): \DateTimeImmutable
    {
        return $this->receiveTime;
    }

    /**
     * @return string
     */
    public function getMessageId(): string
    {
        return $this->messageId;
    }

    /**
     * @return string
     */
    public function getTo(): string
    {
        return $this->to;
    }

    /**
     * @return int
     */
    public function getStatusCode(): int
    {
        return $this->statusCode;
    }

    /**
     * @return string
     */
    public function getReturnData(): string
    {
        return $this->returnData;
    }

    /**
     * @return \DateTimeImmutable
     */
    public function getLogDate(): \DateTimeImmutable
    {
        return $this->logDate;
    }

    /**
     * @return int
     */
    public function getMcc(): int
    {
        return $this->mcc;
    }

    /**
     * @return int
     */
    public function getMnc(): int
    {
        return $this->mnc;
    }

    /**
     * @return int
     */
    public function getBatchId(): int
    {
        return $this->batchId;
    }

    /**
     * @return int
     */
    public function getPushPrice(): int
    {
        return $this->pushPrice;
    }
}


1			<?php declare(strict_types=1);
2			namespace Loevgaard\Linkmobility\Webhook;
3
4			use Loevgaard\Linkmobility\Exception\InvalidDateTimeFormatException;
5			use Psr\Http\Message\RequestInterface;
6
7			class DeliveryReport
8			{
9			/**
10			* The message is received
11			*/
12			const STATUS_RECEIVED = 'received';
13
14			/**
15			* The message is rejected by the SMSC. (Please see the list of status codes for an explanation)
16			*/
17			const STATUS_REJECTED = 'rejected';
18
19			/**
20			* The message was not delivered and will try to get sent again at another time
21			*/
22			const STATUS_BUFFERED = 'buffered';
23
24			/**
25			* The validity period has expired, the message wasn't delivered
26			*/
27			const STATUS_EXPIRED = 'expired';
28
29			/**
30			* The HTTP request made by Linkmobility
31			*
32			* @var RequestInterface
33			*/
34			protected $request;
35
36			/**
37			* @var string
38			*/
39			protected $status;
40
41			/**
42			* @var string
43			*/
44			protected $reason;
45
46			/**
47			* @var \DateTimeImmutable
48			*/
49			protected $receiveTime;
50
51			/**
52			* @var string
53			*/
54			protected $messageId;
55
56			/**
57			* @var string
58			*/
59			protected $to;
60
61			/**
62			* @see https://linkmobility.atlassian.net/wiki/spaces/COOL/pages/26017824/Delivery+report
63			*
64			* @var int
65			*/
66			protected $statusCode;
67
68			/**
69			* @var string
70			*/
71			protected $returnData;
72
73			/**
74			* @var \DateTimeImmutable
75			*/
76			protected $logDate;
77
78			/**
79			* @var int
80			*/
81			protected $mcc;
82
83			/**
84			* @var int
85			*/
86			protected $mnc;
87
88			/**
89			* @var int
90			*/
91			protected $batchId;
92
93			/**
94			* @var int
95			*/
96			protected $pushPrice;
97
98			/**
99			* DeliveryReport constructor.
100			* @param RequestInterface $request
101			* @throws InvalidDateTimeFormatException
102			*/
103	3		public function __construct(RequestInterface $request)
104			{
105	3		$this->request = $request;
106
107	3		parse_str($this->request->getUri()->getQuery(), $query);
108
109			// strings are just assigned if set
110	3		$this->status = $query['status'] ?? null;
111	3		$this->reason = $query['reason'] ?? null;
112	3		$this->messageId = $query['msgid'] ?? null;
113	3		$this->to = $query['to'] ?? null;
114	3		$this->returnData = $query['returndata'] ?? null;
115
116	3	View Code Duplication	if (isset($query['receivetime'])) {
			0 ignored issues – show Duplication introduced 2017-08-21 18:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
117	3		$this->receiveTime = \DateTimeImmutable::createFromFormat('U', $query['receivetime']);
118	3		if ($this->receiveTime === false) {
119	1		throw new InvalidDateTimeFormatException(
120	1		'The format of `receivetime` is wrong. Value given: '.$query['receivetime']
121			);
122			}
123			}
124
125	2		if (isset($query['statuscode'])) {
126	2		$this->statusCode = (int)$query['statuscode'];
127			}
128
129	2	View Code Duplication	if (isset($query['logdate'])) {
			0 ignored issues – show Duplication introduced 2017-08-21 18:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
130	2		$this->logDate = \DateTimeImmutable::createFromFormat('Y_m_d', $query['logdate']);
131	2		if ($this->logDate === false) {
132	1		throw new InvalidDateTimeFormatException('The format of `logdate` is wrong. Value given: '.$query['logdate']);
133			}
134			}
135
136	1		if (isset($query['mcc'])) {
137	1		$this->mcc = (int)$query['mcc'];
138			}
139
140	1		if (isset($query['mnc'])) {
141	1		$this->mnc = (int)$query['mnc'];
142			}
143
144	1		if (isset($query['batchid'])) {
145	1		$this->batchId = (int)$query['batchid'];
146			}
147
148	1		if (isset($query['push_price'])) {
149	1		$this->pushPrice = (int)$query['push_price'];
150			}
151	1		}
152
153			/**
154			* Returns true if the respective message was received by the recipient
155			*
156			* @return bool
157			*/
158	1		public function isReceived() : bool
159			{
160	1		return $this->status === static::STATUS_RECEIVED;
161			}
162
163			/**
164			* Returns true if the respective message was rejected
165			*
166			* @return bool
167			*/
168	1		public function isRejected() : bool
169			{
170	1		return $this->status === static::STATUS_REJECTED;
171			}
172
173			/**
174			* Returns true if the respective message is buffered
175			*
176			* @return bool
177			*/
178	1		public function isBuffered() : bool
179			{
180	1		return $this->status === static::STATUS_BUFFERED;
181			}
182
183			/**
184			* Returns true if the respective message has expired
185			*
186			* @return bool
187			*/
188	1		public function isExpired() : bool
189			{
190	1		return $this->status === static::STATUS_EXPIRED;
191			}
192
193			/**
194			* @return RequestInterface
195			*/
196	1		public function getRequest(): RequestInterface
197			{
198	1		return $this->request;
199			}
200
201			/**
202			* @return string
203			*/
204	1		public function getStatus(): string
205			{
206	1		return $this->status;
207			}
208
209			/**
210			* @return string
211			*/
212	1		public function getReason(): string
213			{
214	1		return $this->reason;
215			}
216
217			/**
218			* @return \DateTimeImmutable
219			*/
220	1		public function getReceiveTime(): \DateTimeImmutable
221			{
222	1		return $this->receiveTime;
223			}
224
225			/**
226			* @return string
227			*/
228	1		public function getMessageId(): string
229			{
230	1		return $this->messageId;
231			}
232
233			/**
234			* @return string
235			*/
236	1		public function getTo(): string
237			{
238	1		return $this->to;
239			}
240
241			/**
242			* @return int
243			*/
244	1		public function getStatusCode(): int
245			{
246	1		return $this->statusCode;
247			}
248
249			/**
250			* @return string
251			*/
252	1		public function getReturnData(): string
253			{
254	1		return $this->returnData;
255			}
256
257			/**
258			* @return \DateTimeImmutable
259			*/
260	1		public function getLogDate(): \DateTimeImmutable
261			{
262	1		return $this->logDate;
263			}
264
265			/**
266			* @return int
267			*/
268	1		public function getMcc(): int
269			{
270	1		return $this->mcc;
271			}
272
273			/**
274			* @return int
275			*/
276	1		public function getMnc(): int
277			{
278	1		return $this->mnc;
279			}
280
281			/**
282			* @return int
283			*/
284	1		public function getBatchId(): int
285			{
286	1		return $this->batchId;
287			}
288
289			/**
290			* @return int
291			*/
292	1		public function getPushPrice(): int
293			{
294	1		return $this->pushPrice;
295			}
296			}
297

loevgaard / linkmobility-php-sdk

Issues (10)

Security Analysis not enabled

src/Webhook/DeliveryReport.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like