Issues in Message.php (master) - Issues in master - maknz/slack - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Message.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Maknz\Slack;

use InvalidArgumentException;

class Message
{
    /**
     * Reference to the Slack client responsible for sending
     * the message.
     *
     * @var \Maknz\Slack\Client
     */
    protected $client;

    /**
     * The text to send with the message.
     *
     * @var string
     */
    protected $text;

    /**
     * The channel the message should be sent to.
     *
     * @var string
     */
    protected $channel;

    /**
     * The username the message should be sent as.
     *
     * @var string
     */
    protected $username;

    /**
     * The URL to the icon to use.
     *
     * @var string
     */
    protected $icon;

    /**
     * The type of icon we are using.
     *
     * @var enum
     */
    protected $iconType;

    /**
     * Whether the message text should be interpreted in Slack's
     * Markdown-like language.
     *
     * @var bool
     */
    protected $allow_markdown = true;

    /**
     * The attachment fields which should be formatted with
     * Slack's Markdown-like language.
     *
     * @var array
     */
    protected $markdown_in_attachments = [];

    /**
     * An array of attachments to send.
     *
     * @var array
     */
    protected $attachments = [];

    /**
     * @var string
     */
    const ICON_TYPE_URL = 'icon_url';

    /**
     * @var string
     */
    const ICON_TYPE_EMOJI = 'icon_emoji';

    /**
     * Instantiate a new Message.
     *
     * @param \Maknz\Slack\Client $client
     * @return void

     */
    public function __construct(Client $client)
    {
        $this->client = $client;
    }

    /**
     * Get the message text.
     *
     * @return string
     */
    public function getText()
    {
        return $this->text;
    }

    /**
     * Set the message text.
     *
     * @param string $text
     * @return $this
     */
    public function setText($text)
    {
        $this->text = $text;

        return $this;
    }

    /**
     * Get the channel we will post to.
     *
     * @return string
     */
    public function getChannel()
    {
        return $this->channel;
    }

    /**
     * Set the channel we will post to.
     *
     * @param string $channel
     * @return $this
     */
    public function setChannel($channel)
    {
        $this->channel = $channel;

        return $this;
    }

    /**
     * Get the username we will post as.
     *
     * @return string
     */
    public function getUsername()
    {
        return $this->username;
    }

    /**
     * Set the username we will post as.
     *
     * @param string $username
     * @return $this
     */
    public function setUsername($username)
    {
        $this->username = $username;

        return $this;
    }

    /**
     * Get the icon (either URL or emoji) we will post as.
     *
     * @return string
     */
    public function getIcon()
    {
        return $this->icon;
    }

    /**
     * Set the icon (either URL or emoji) we will post as.
     *
     * @param string $icon
     * @return $this
     */
    public function setIcon($icon)
    {
        if ($icon == null) {
            $this->icon = $this->iconType = null;

            return;
        }

        if (mb_substr($icon, 0, 1) == ':' && mb_substr($icon, mb_strlen($icon) - 1, 1) == ':') {
            $this->iconType = self::ICON_TYPE_EMOJI;

        } else {
            $this->iconType = self::ICON_TYPE_URL;

        }

        $this->icon = $icon;

        return $this;
    }

    /**
     * Get the icon type being used, if an icon is set.
     *
     * @return string
     */
    public function getIconType()
    {
        return $this->iconType;
    }

    /**
     * Get whether message text should be formatted with
     * Slack's Markdown-like language.
     *
     * @return bool
     */
    public function getAllowMarkdown()
    {
        return $this->allow_markdown;
    }

    /**
     * Set whether message text should be formatted with
     * Slack's Markdown-like language.
     *
     * @param bool $value
     * @return void
     */
    public function setAllowMarkdown($value)
    {
        $this->allow_markdown = (bool) $value;

        return $this;
    }

    /**
     * Enable Markdown formatting for the message.
     *
     * @return void
     */
    public function enableMarkdown()
    {
        $this->setAllowMarkdown(true);

        return $this;
    }

    /**
     * Disable Markdown formatting for the message.
     *
     * @return void
     */
    public function disableMarkdown()
    {
        $this->setAllowMarkdown(false);

        return $this;
    }

    /**
     * Get the attachment fields which should be formatted
     * in Slack's Markdown-like language.
     *
     * @return array
     */
    public function getMarkdownInAttachments()
    {
        return $this->markdown_in_attachments;
    }

    /**
     * Set the attachment fields which should be formatted
     * in Slack's Markdown-like language.
     *
     * @param array $fields
     * @return void
     */
    public function setMarkdownInAttachments(array $fields)
    {
        $this->markdown_in_attachments = $fields;

        return $this;
    }

    /**
     * Change the name of the user the post will be made as.
     *
     * @param string $username
     * @return $this
     */
    public function from($username)
    {
        $this->setUsername($username);

        return $this;
    }

    /**
     * Change the channel the post will be made to.
     *
     * @param string $channel
     * @return $this
     */
    public function to($channel)
    {
        $this->setChannel($channel);

        return $this;
    }

    /**
     * Chainable method for setting the icon.
     *
     * @param string $icon
     * @return $this
     */
    public function withIcon($icon)
    {
        $this->setIcon($icon);

        return $this;
    }

    /**
     * Add an attachment to the message.
     *
     * @param mixed $attachment
     * @return $this
     */
    public function attach($attachment)
    {
        if ($attachment instanceof Attachment) {
            $this->attachments[] = $attachment;

            return $this;
        } elseif (is_array($attachment)) {
            $attachmentObject = new Attachment($attachment);

            if (! isset($attachment['mrkdwn_in'])) {
                $attachmentObject->setMarkdownFields($this->getMarkdownInAttachments());
            }

            $this->attachments[] = $attachmentObject;

            return $this;
        }

        throw new InvalidArgumentException('Attachment must be an instance of Maknz\\Slack\\Attachment or a keyed array');
    }

    /**
     * Get the attachments for the message.
     *
     * @return array
     */
    public function getAttachments()
    {
        return $this->attachments;
    }

    /**
     * Set the attachments for the message.
     *
     * @param array $attachments
     * @return $this
     */
    public function setAttachments(array $attachments)
    {
        $this->clearAttachments();

        foreach ($attachments as $attachment) {
            $this->attach($attachment);
        }

        return $this;
    }

    /**
     * Remove all attachments for the message.
     *
     * @return $this
     */
    public function clearAttachments()
    {
        $this->attachments = [];

        return $this;
    }

    /**
     * Send the message.
     *
     * @param string $text The text to send
     * @return void
     */
    public function send($text = null)
    {
        if ($text) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $this->setText($text);
        }

        $this->client->sendMessage($this);

        return $this;
    }
}


GitHub Access Token became invalid

Issues (9)

Security Analysis no request data

src/Message.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			namespace Maknz\Slack;
4
5			use InvalidArgumentException;
6
7			class Message
8			{
9			/**
10			* Reference to the Slack client responsible for sending
11			* the message.
12			*
13			* @var \Maknz\Slack\Client
14			*/
15			protected $client;
16
17			/**
18			* The text to send with the message.
19			*
20			* @var string
21			*/
22			protected $text;
23
24			/**
25			* The channel the message should be sent to.
26			*
27			* @var string
28			*/
29			protected $channel;
30
31			/**
32			* The username the message should be sent as.
33			*
34			* @var string
35			*/
36			protected $username;
37
38			/**
39			* The URL to the icon to use.
40			*
41			* @var string
42			*/
43			protected $icon;
44
45			/**
46			* The type of icon we are using.
47			*
48			* @var enum
49			*/
50			protected $iconType;
51
52			/**
53			* Whether the message text should be interpreted in Slack's
54			* Markdown-like language.
55			*
56			* @var bool
57			*/
58			protected $allow_markdown = true;
59
60			/**
61			* The attachment fields which should be formatted with
62			* Slack's Markdown-like language.
63			*
64			* @var array
65			*/
66			protected $markdown_in_attachments = [];
67
68			/**
69			* An array of attachments to send.
70			*
71			* @var array
72			*/
73			protected $attachments = [];
74
75			/**
76			* @var string
77			*/
78			const ICON_TYPE_URL = 'icon_url';
79
80			/**
81			* @var string
82			*/
83			const ICON_TYPE_EMOJI = 'icon_emoji';
84
85			/**
86			* Instantiate a new Message.
87			*
88			* @param \Maknz\Slack\Client $client
89			* @return void
			0 ignored issues – show Comprehensibility Best Practice introduced 2015-12-21 05:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
90			*/
91			public function __construct(Client $client)
92			{
93			$this->client = $client;
94			}
95
96			/**
97			* Get the message text.
98			*
99			* @return string
100			*/
101			public function getText()
102			{
103			return $this->text;
104			}
105
106			/**
107			* Set the message text.
108			*
109			* @param string $text
110			* @return $this
111			*/
112			public function setText($text)
113			{
114			$this->text = $text;
115
116			return $this;
117			}
118
119			/**
120			* Get the channel we will post to.
121			*
122			* @return string
123			*/
124			public function getChannel()
125			{
126			return $this->channel;
127			}
128
129			/**
130			* Set the channel we will post to.
131			*
132			* @param string $channel
133			* @return $this
134			*/
135			public function setChannel($channel)
136			{
137			$this->channel = $channel;
138
139			return $this;
140			}
141
142			/**
143			* Get the username we will post as.
144			*
145			* @return string
146			*/
147			public function getUsername()
148			{
149			return $this->username;
150			}
151
152			/**
153			* Set the username we will post as.
154			*
155			* @param string $username
156			* @return $this
157			*/
158			public function setUsername($username)
159			{
160			$this->username = $username;
161
162			return $this;
163			}
164
165			/**
166			* Get the icon (either URL or emoji) we will post as.
167			*
168			* @return string
169			*/
170			public function getIcon()
171			{
172			return $this->icon;
173			}
174
175			/**
176			* Set the icon (either URL or emoji) we will post as.
177			*
178			* @param string $icon
179			* @return $this
180			*/
181			public function setIcon($icon)
182			{
183			if ($icon == null) {
184			$this->icon = $this->iconType = null;
185
186			return;
187			}
188
189			if (mb_substr($icon, 0, 1) == ':' && mb_substr($icon, mb_strlen($icon) - 1, 1) == ':') {
190			$this->iconType = self::ICON_TYPE_EMOJI;
			0 ignored issues – show Documentation Bug introduced 2015-12-21 05:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `self::ICON_TYPE_EMOJI` of type `string` is incompatible with the declared type `object<Maknz\Slack\enum>` of property `$iconType`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
191			} else {
192			$this->iconType = self::ICON_TYPE_URL;
			0 ignored issues – show Documentation Bug introduced 2015-12-21 05:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `self::ICON_TYPE_URL` of type `string` is incompatible with the declared type `object<Maknz\Slack\enum>` of property `$iconType`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
193			}
194
195			$this->icon = $icon;
196
197			return $this;
198			}
199
200			/**
201			* Get the icon type being used, if an icon is set.
202			*
203			* @return string
204			*/
205			public function getIconType()
206			{
207			return $this->iconType;
208			}
209
210			/**
211			* Get whether message text should be formatted with
212			* Slack's Markdown-like language.
213			*
214			* @return bool
215			*/
216			public function getAllowMarkdown()
217			{
218			return $this->allow_markdown;
219			}
220
221			/**
222			* Set whether message text should be formatted with
223			* Slack's Markdown-like language.
224			*
225			* @param bool $value
226			* @return void
227			*/
228			public function setAllowMarkdown($value)
229			{
230			$this->allow_markdown = (bool) $value;
231
232			return $this;
233			}
234
235			/**
236			* Enable Markdown formatting for the message.
237			*
238			* @return void
239			*/
240			public function enableMarkdown()
241			{
242			$this->setAllowMarkdown(true);
243
244			return $this;
245			}
246
247			/**
248			* Disable Markdown formatting for the message.
249			*
250			* @return void
251			*/
252			public function disableMarkdown()
253			{
254			$this->setAllowMarkdown(false);
255
256			return $this;
257			}
258
259			/**
260			* Get the attachment fields which should be formatted
261			* in Slack's Markdown-like language.
262			*
263			* @return array
264			*/
265			public function getMarkdownInAttachments()
266			{
267			return $this->markdown_in_attachments;
268			}
269
270			/**
271			* Set the attachment fields which should be formatted
272			* in Slack's Markdown-like language.
273			*
274			* @param array $fields
275			* @return void
276			*/
277			public function setMarkdownInAttachments(array $fields)
278			{
279			$this->markdown_in_attachments = $fields;
280
281			return $this;
282			}
283
284			/**
285			* Change the name of the user the post will be made as.
286			*
287			* @param string $username
288			* @return $this
289			*/
290			public function from($username)
291			{
292			$this->setUsername($username);
293
294			return $this;
295			}
296
297			/**
298			* Change the channel the post will be made to.
299			*
300			* @param string $channel
301			* @return $this
302			*/
303			public function to($channel)
304			{
305			$this->setChannel($channel);
306
307			return $this;
308			}
309
310			/**
311			* Chainable method for setting the icon.
312			*
313			* @param string $icon
314			* @return $this
315			*/
316			public function withIcon($icon)
317			{
318			$this->setIcon($icon);
319
320			return $this;
321			}
322
323			/**
324			* Add an attachment to the message.
325			*
326			* @param mixed $attachment
327			* @return $this
328			*/
329			public function attach($attachment)
330			{
331			if ($attachment instanceof Attachment) {
332			$this->attachments[] = $attachment;
333
334			return $this;
335			} elseif (is_array($attachment)) {
336			$attachmentObject = new Attachment($attachment);
337
338			if (! isset($attachment['mrkdwn_in'])) {
339			$attachmentObject->setMarkdownFields($this->getMarkdownInAttachments());
340			}
341
342			$this->attachments[] = $attachmentObject;
343
344			return $this;
345			}
346
347			throw new InvalidArgumentException('Attachment must be an instance of Maknz\\Slack\\Attachment or a keyed array');
348			}
349
350			/**
351			* Get the attachments for the message.
352			*
353			* @return array
354			*/
355			public function getAttachments()
356			{
357			return $this->attachments;
358			}
359
360			/**
361			* Set the attachments for the message.
362			*
363			* @param array $attachments
364			* @return $this
365			*/
366			public function setAttachments(array $attachments)
367			{
368			$this->clearAttachments();
369
370			foreach ($attachments as $attachment) {
371			$this->attach($attachment);
372			}
373
374			return $this;
375			}
376
377			/**
378			* Remove all attachments for the message.
379			*
380			* @return $this
381			*/
382			public function clearAttachments()
383			{
384			$this->attachments = [];
385
386			return $this;
387			}
388
389			/**
390			* Send the message.
391			*
392			* @param string $text The text to send
393			* @return void
394			*/
395			public function send($text = null)
396			{
397			if ($text) {
			0 ignored issues – show Bug Best Practice introduced 2016-05-28 04:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$text` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
398			$this->setText($text);
399			}
400
401			$this->client->sendMessage($this);
402
403			return $this;
404			}
405			}
406

maknz / slack

GitHub Access Token became invalid

Issues (9)

Security Analysis no request data

src/Message.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like