Issues in Client.php (master) - Issues in master - maknz/slack - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Client.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Maknz\Slack;

use GuzzleHttp\Client as Guzzle;
use RuntimeException;

class Client
{
    /**
     * The Slack incoming webhook endpoint.
     *
     * @var string
     */
    protected $endpoint;

    /**
     * The default channel to send messages to.
     *
     * @var string
     */
    protected $channel;

    /**
     * The default username to send messages as.
     *
     * @var string
     */
    protected $username;

    /**
     * The default icon to send messages with.
     *
     * @var string
     */
    protected $icon;

    /**
     * Whether to link names like @regan or leave
     * them as plain text.
     *
     * @var bool
     */
    protected $link_names = false;

    /**
     * Whether Slack should unfurl text-based URLs.
     *
     * @var bool
     */
    protected $unfurl_links = false;

    /**
     * Whether Slack should unfurl media URLs.
     *
     * @var bool
     */
    protected $unfurl_media = true;

    /**
     * Whether message text should be formatted with Slack's
     * Markdown-like language.
     *
     * @var bool
     */
    protected $allow_markdown = true;

    /**
     * The attachment fields which should be formatted with
     * Slack's Markdown-like language.
     *
     * @var array
     */
    protected $markdown_in_attachments = [];

    /**
     * The Guzzle HTTP client instance.
     *
     * @var \GuzzleHttp\Client
     */
    protected $guzzle;

    /**
     * Instantiate a new Client.
     *
     * @param string $endpoint
     * @param array $attributes
     * @return void

     */
    public function __construct($endpoint, array $attributes = [], Guzzle $guzzle = null)
    {
        $this->endpoint = $endpoint;

        if (isset($attributes['channel'])) {
            $this->setDefaultChannel($attributes['channel']);
        }

        if (isset($attributes['username'])) {
            $this->setDefaultUsername($attributes['username']);
        }

        if (isset($attributes['icon'])) {
            $this->setDefaultIcon($attributes['icon']);
        }

        if (isset($attributes['link_names'])) {
            $this->setLinkNames($attributes['link_names']);
        }

        if (isset($attributes['unfurl_links'])) {
            $this->setUnfurlLinks($attributes['unfurl_links']);
        }

        if (isset($attributes['unfurl_media'])) {
            $this->setUnfurlMedia($attributes['unfurl_media']);
        }

        if (isset($attributes['allow_markdown'])) {
            $this->setAllowMarkdown($attributes['allow_markdown']);
        }

        if (isset($attributes['markdown_in_attachments'])) {
            $this->setMarkdownInAttachments($attributes['markdown_in_attachments']);
        }

        $this->guzzle = $guzzle ?: new Guzzle;
    }

    /**
     * Pass any unhandled methods through to a new Message
     * instance.
     *
     * @param string $name The name of the method
     * @param array $arguments The method arguments
     * @return \Maknz\Slack\Message
     */
    public function __call($name, $arguments)
    {
        return call_user_func_array([$this->createMessage(), $name], $arguments);
    }

    /**
     * Get the Slack endpoint.
     *
     * @return string
     */
    public function getEndpoint()
    {
        return $this->endpoint;
    }

    /**
     * Set the Slack endpoint.
     *
     * @param string $endpoint
     * @return void
     */
    public function setEndpoint($endpoint)
    {
        $this->endpoint = $endpoint;
    }

    /**
     * Get the default channel messages will be created for.
     *
     * @return string
     */
    public function getDefaultChannel()
    {
        return $this->channel;
    }

    /**
     * Set the default channel messages will be created for.
     *
     * @param string $channel
     * @return void
     */
    public function setDefaultChannel($channel)
    {
        $this->channel = $channel;
    }

    /**
     * Get the default username messages will be created for.
     *
     * @return string
     */
    public function getDefaultUsername()
    {
        return $this->username;
    }

    /**
     * Set the default username messages will be created for.
     *
     * @param string $username
     * @return void
     */
    public function setDefaultUsername($username)
    {
        $this->username = $username;
    }

    /**
     * Get the default icon messages will be created with.
     *
     * @return string
     */
    public function getDefaultIcon()
    {
        return $this->icon;
    }

    /**
     * Set the default icon messages will be created with.
     *
     * @param string $icon
     * @return void
     */
    public function setDefaultIcon($icon)
    {
        $this->icon = $icon;
    }

    /**
     * Get whether messages sent will have names (like @regan)
     * will be converted into links.
     *
     * @return bool
     */
    public function getLinkNames()
    {
        return $this->link_names;
    }

    /**
     * Set whether messages sent will have names (like @regan)
     * will be converted into links.
     *
     * @param bool $value
     * @return void
     */
    public function setLinkNames($value)
    {
        $this->link_names = (bool) $value;
    }

    /**
     * Get whether text links should be unfurled.
     *
     * @return bool
     */
    public function getUnfurlLinks()
    {
        return $this->unfurl_links;
    }

    /**
     * Set whether text links should be unfurled.
     *
     * @param bool $value
     * @return void
     */
    public function setUnfurlLinks($value)
    {
        $this->unfurl_links = (bool) $value;
    }

    /**
     * Get whether media links should be unfurled.
     *
     * @return bool
     */
    public function getUnfurlMedia()
    {
        return $this->unfurl_media;
    }

    /**
     * Set whether media links should be unfurled.
     *
     * @param bool $value
     * @return void
     */
    public function setUnfurlMedia($value)
    {
        $this->unfurl_media = (bool) $value;
    }

    /**
     * Get whether message text should be formatted with
     * Slack's Markdown-like language.
     *
     * @return bool
     */
    public function getAllowMarkdown()
    {
        return $this->allow_markdown;
    }

    /**
     * Set whether message text should be formatted with
     * Slack's Markdown-like language.
     *
     * @param bool $value
     * @return void
     */
    public function setAllowMarkdown($value)
    {
        $this->allow_markdown = (bool) $value;
    }

    /**
     * Get the attachment fields which should be formatted
     * in Slack's Markdown-like language.
     *
     * @return array
     */
    public function getMarkdownInAttachments()
    {
        return $this->markdown_in_attachments;
    }

    /**
     * Set the attachment fields which should be formatted
     * in Slack's Markdown-like language.
     *
     * @param array $fields
     * @return void
     */
    public function setMarkdownInAttachments(array $fields)
    {
        $this->markdown_in_attachments = $fields;
    }

    /**
     * Create a new message with defaults.
     *
     * @return \Maknz\Slack\Message
     */
    public function createMessage()
    {
        $message = new Message($this);

        $message->setChannel($this->getDefaultChannel());

        $message->setUsername($this->getDefaultUsername());

        $message->setIcon($this->getDefaultIcon());

        $message->setAllowMarkdown($this->getAllowMarkdown());

        $message->setMarkdownInAttachments($this->getMarkdownInAttachments());

        return $message;
    }

    /**
     * Send a message.
     *
     * @param \Maknz\Slack\Message $message
     * @return void
     */
    public function sendMessage(Message $message)
    {
        $payload = $this->preparePayload($message);

        $encoded = json_encode($payload, JSON_UNESCAPED_UNICODE);

        if ($encoded === false) {
            throw new RuntimeException(sprintf('JSON encoding error %s: %s', json_last_error(), json_last_error_msg()));
        }

        $this->guzzle->post($this->endpoint, ['body' => $encoded]);
    }

    /**
     * Prepares the payload to be sent to the webhook.
     *
     * @param \Maknz\Slack\Message $message The message to send
     * @return array
     */
    public function preparePayload(Message $message)
    {
        $payload = [
            'text' => $message->getText(),
            'channel' => $message->getChannel(),
            'username' => $message->getUsername(),
            'link_names' => $this->getLinkNames() ? 1 : 0,
            'unfurl_links' => $this->getUnfurlLinks(),
            'unfurl_media' => $this->getUnfurlMedia(),
            'mrkdwn' => $message->getAllowMarkdown(),
        ];

        if ($icon = $message->getIcon()) {
            $payload[$message->getIconType()] = $icon;
        }

        $payload['attachments'] = $this->getAttachmentsAsArrays($message);

        return $payload;
    }

    /**
     * Get the attachments in array form.
     *
     * @param \Maknz\Slack\Message $message
     * @return array
     */
    protected function getAttachmentsAsArrays(Message $message)
    {
        $attachments = [];

        foreach ($message->getAttachments() as $attachment) {
            $attachments[] = $attachment->toArray();
        }

        return $attachments;
    }
}


GitHub Access Token became invalid

Issues (9)

Security Analysis no request data

src/Client.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			namespace Maknz\Slack;
4
5			use GuzzleHttp\Client as Guzzle;
6			use RuntimeException;
7
8			class Client
9			{
10			/**
11			* The Slack incoming webhook endpoint.
12			*
13			* @var string
14			*/
15			protected $endpoint;
16
17			/**
18			* The default channel to send messages to.
19			*
20			* @var string
21			*/
22			protected $channel;
23
24			/**
25			* The default username to send messages as.
26			*
27			* @var string
28			*/
29			protected $username;
30
31			/**
32			* The default icon to send messages with.
33			*
34			* @var string
35			*/
36			protected $icon;
37
38			/**
39			* Whether to link names like @regan or leave
40			* them as plain text.
41			*
42			* @var bool
43			*/
44			protected $link_names = false;
45
46			/**
47			* Whether Slack should unfurl text-based URLs.
48			*
49			* @var bool
50			*/
51			protected $unfurl_links = false;
52
53			/**
54			* Whether Slack should unfurl media URLs.
55			*
56			* @var bool
57			*/
58			protected $unfurl_media = true;
59
60			/**
61			* Whether message text should be formatted with Slack's
62			* Markdown-like language.
63			*
64			* @var bool
65			*/
66			protected $allow_markdown = true;
67
68			/**
69			* The attachment fields which should be formatted with
70			* Slack's Markdown-like language.
71			*
72			* @var array
73			*/
74			protected $markdown_in_attachments = [];
75
76			/**
77			* The Guzzle HTTP client instance.
78			*
79			* @var \GuzzleHttp\Client
80			*/
81			protected $guzzle;
82
83			/**
84			* Instantiate a new Client.
85			*
86			* @param string $endpoint
87			* @param array $attributes
88			* @return void
			0 ignored issues – show Comprehensibility Best Practice introduced 2015-12-21 05:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
89			*/
90			public function __construct($endpoint, array $attributes = [], Guzzle $guzzle = null)
91			{
92			$this->endpoint = $endpoint;
93
94			if (isset($attributes['channel'])) {
95			$this->setDefaultChannel($attributes['channel']);
96			}
97
98			if (isset($attributes['username'])) {
99			$this->setDefaultUsername($attributes['username']);
100			}
101
102			if (isset($attributes['icon'])) {
103			$this->setDefaultIcon($attributes['icon']);
104			}
105
106			if (isset($attributes['link_names'])) {
107			$this->setLinkNames($attributes['link_names']);
108			}
109
110			if (isset($attributes['unfurl_links'])) {
111			$this->setUnfurlLinks($attributes['unfurl_links']);
112			}
113
114			if (isset($attributes['unfurl_media'])) {
115			$this->setUnfurlMedia($attributes['unfurl_media']);
116			}
117
118			if (isset($attributes['allow_markdown'])) {
119			$this->setAllowMarkdown($attributes['allow_markdown']);
120			}
121
122			if (isset($attributes['markdown_in_attachments'])) {
123			$this->setMarkdownInAttachments($attributes['markdown_in_attachments']);
124			}
125
126			$this->guzzle = $guzzle ?: new Guzzle;
127			}
128
129			/**
130			* Pass any unhandled methods through to a new Message
131			* instance.
132			*
133			* @param string $name The name of the method
134			* @param array $arguments The method arguments
135			* @return \Maknz\Slack\Message
136			*/
137			public function __call($name, $arguments)
138			{
139			return call_user_func_array([$this->createMessage(), $name], $arguments);
140			}
141
142			/**
143			* Get the Slack endpoint.
144			*
145			* @return string
146			*/
147			public function getEndpoint()
148			{
149			return $this->endpoint;
150			}
151
152			/**
153			* Set the Slack endpoint.
154			*
155			* @param string $endpoint
156			* @return void
157			*/
158			public function setEndpoint($endpoint)
159			{
160			$this->endpoint = $endpoint;
161			}
162
163			/**
164			* Get the default channel messages will be created for.
165			*
166			* @return string
167			*/
168			public function getDefaultChannel()
169			{
170			return $this->channel;
171			}
172
173			/**
174			* Set the default channel messages will be created for.
175			*
176			* @param string $channel
177			* @return void
178			*/
179			public function setDefaultChannel($channel)
180			{
181			$this->channel = $channel;
182			}
183
184			/**
185			* Get the default username messages will be created for.
186			*
187			* @return string
188			*/
189			public function getDefaultUsername()
190			{
191			return $this->username;
192			}
193
194			/**
195			* Set the default username messages will be created for.
196			*
197			* @param string $username
198			* @return void
199			*/
200			public function setDefaultUsername($username)
201			{
202			$this->username = $username;
203			}
204
205			/**
206			* Get the default icon messages will be created with.
207			*
208			* @return string
209			*/
210			public function getDefaultIcon()
211			{
212			return $this->icon;
213			}
214
215			/**
216			* Set the default icon messages will be created with.
217			*
218			* @param string $icon
219			* @return void
220			*/
221			public function setDefaultIcon($icon)
222			{
223			$this->icon = $icon;
224			}
225
226			/**
227			* Get whether messages sent will have names (like @regan)
228			* will be converted into links.
229			*
230			* @return bool
231			*/
232			public function getLinkNames()
233			{
234			return $this->link_names;
235			}
236
237			/**
238			* Set whether messages sent will have names (like @regan)
239			* will be converted into links.
240			*
241			* @param bool $value
242			* @return void
243			*/
244			public function setLinkNames($value)
245			{
246			$this->link_names = (bool) $value;
247			}
248
249			/**
250			* Get whether text links should be unfurled.
251			*
252			* @return bool
253			*/
254			public function getUnfurlLinks()
255			{
256			return $this->unfurl_links;
257			}
258
259			/**
260			* Set whether text links should be unfurled.
261			*
262			* @param bool $value
263			* @return void
264			*/
265			public function setUnfurlLinks($value)
266			{
267			$this->unfurl_links = (bool) $value;
268			}
269
270			/**
271			* Get whether media links should be unfurled.
272			*
273			* @return bool
274			*/
275			public function getUnfurlMedia()
276			{
277			return $this->unfurl_media;
278			}
279
280			/**
281			* Set whether media links should be unfurled.
282			*
283			* @param bool $value
284			* @return void
285			*/
286			public function setUnfurlMedia($value)
287			{
288			$this->unfurl_media = (bool) $value;
289			}
290
291			/**
292			* Get whether message text should be formatted with
293			* Slack's Markdown-like language.
294			*
295			* @return bool
296			*/
297			public function getAllowMarkdown()
298			{
299			return $this->allow_markdown;
300			}
301
302			/**
303			* Set whether message text should be formatted with
304			* Slack's Markdown-like language.
305			*
306			* @param bool $value
307			* @return void
308			*/
309			public function setAllowMarkdown($value)
310			{
311			$this->allow_markdown = (bool) $value;
312			}
313
314			/**
315			* Get the attachment fields which should be formatted
316			* in Slack's Markdown-like language.
317			*
318			* @return array
319			*/
320			public function getMarkdownInAttachments()
321			{
322			return $this->markdown_in_attachments;
323			}
324
325			/**
326			* Set the attachment fields which should be formatted
327			* in Slack's Markdown-like language.
328			*
329			* @param array $fields
330			* @return void
331			*/
332			public function setMarkdownInAttachments(array $fields)
333			{
334			$this->markdown_in_attachments = $fields;
335			}
336
337			/**
338			* Create a new message with defaults.
339			*
340			* @return \Maknz\Slack\Message
341			*/
342			public function createMessage()
343			{
344			$message = new Message($this);
345
346			$message->setChannel($this->getDefaultChannel());
347
348			$message->setUsername($this->getDefaultUsername());
349
350			$message->setIcon($this->getDefaultIcon());
351
352			$message->setAllowMarkdown($this->getAllowMarkdown());
353
354			$message->setMarkdownInAttachments($this->getMarkdownInAttachments());
355
356			return $message;
357			}
358
359			/**
360			* Send a message.
361			*
362			* @param \Maknz\Slack\Message $message
363			* @return void
364			*/
365			public function sendMessage(Message $message)
366			{
367			$payload = $this->preparePayload($message);
368
369			$encoded = json_encode($payload, JSON_UNESCAPED_UNICODE);
370
371			if ($encoded === false) {
372			throw new RuntimeException(sprintf('JSON encoding error %s: %s', json_last_error(), json_last_error_msg()));
373			}
374
375			$this->guzzle->post($this->endpoint, ['body' => $encoded]);
376			}
377
378			/**
379			* Prepares the payload to be sent to the webhook.
380			*
381			* @param \Maknz\Slack\Message $message The message to send
382			* @return array
383			*/
384			public function preparePayload(Message $message)
385			{
386			$payload = [
387			'text' => $message->getText(),
388			'channel' => $message->getChannel(),
389			'username' => $message->getUsername(),
390			'link_names' => $this->getLinkNames() ? 1 : 0,
391			'unfurl_links' => $this->getUnfurlLinks(),
392			'unfurl_media' => $this->getUnfurlMedia(),
393			'mrkdwn' => $message->getAllowMarkdown(),
394			];
395
396			if ($icon = $message->getIcon()) {
397			$payload[$message->getIconType()] = $icon;
398			}
399
400			$payload['attachments'] = $this->getAttachmentsAsArrays($message);
401
402			return $payload;
403			}
404
405			/**
406			* Get the attachments in array form.
407			*
408			* @param \Maknz\Slack\Message $message
409			* @return array
410			*/
411			protected function getAttachmentsAsArrays(Message $message)
412			{
413			$attachments = [];
414
415			foreach ($message->getAttachments() as $attachment) {
416			$attachments[] = $attachment->toArray();
417			}
418
419			return $attachments;
420			}
421			}
422

maknz / slack

GitHub Access Token became invalid

Issues (9)

Security Analysis no request data

src/Client.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like