Issues in Ticket.php (master) - Issues in master - matks/CustomerSupportBundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (12)

Security Analysis no request data

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Entity/Ticket.php (2 issues)

Labels

Severity

<?php

namespace Matks\Bundle\CustomerSupportBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Knp\DoctrineBehaviors\Model as ORMBehaviors;
use Symfony\Component\Validator\Constraints as Assert;
use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;

use Matks\Bundle\CustomerSupportBundle\Model\TicketInterface;
use Matks\Bundle\CustomerSupportBundle\Model\MessageInterface;
use Matks\Bundle\CustomerSupportBundle\Model\CategoryInterface;

use Doctrine\Common\Collections\ArrayCollection;
use LogicException;

/**
 * Ticket entity
 *
 * @ORM\Entity(repositoryClass="Matks\Bundle\CustomerSupportBundle\Repository\TicketRepository")
 * @ORM\Table(name="tickets")
 * @UniqueEntity(fields="reference", message="this reference already exists")
 *
 * @author Mathieu Ferment <[email protected]>
 */
class Ticket implements TicketInterface
{
    use ORMBehaviors\Timestampable\Timestampable;

    /**
     * @var int
     *
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    private $id;


    /**
     * @var CategoryInterface
     *
     * @ORM\ManyToOne(
     *      targetEntity="Matks\Bundle\CustomerSupportBundle\Model\CategoryInterface",
     *      inversedBy="tickets"
     * )
     * @Assert\Valid()
     */
    private $category;

    /**
     * @var string
     *
     * @ORM\Column(type="string", length=255)
     * @Assert\NotBlank()
     */
    private $status;

    /**
     * Ticket unique reference
     *
     * @var string
     *
     * @ORM\Column(type="string", length=255, unique=true)
     * @Assert\NotBlank()
     */
    private $reference;

    /**
     * @var MessageInterface[]
     *
     * @ORM\OneToMany(
     *     targetEntity="Matks\Bundle\CustomerSupportBundle\Model\MessageInterface",
     *     mappedBy="messages",
     *     cascade={"persist", "remove", "merge"}
     * )
     * @Assert\Valid()
     */
    private $messages;


    /**
     * Constructor
     *
     * @param string            $reference
     * @param CategoryInterface $category
     * @param MessageInterface  $message
     */
    public function __construct($reference, CategoryInterface $category, MessageInterface $message)
    {
        if (!$message->getAuthor()->isACustomer()) {
            throw new LogicException("Only customers can open a ticket");
        }

        $this->reference = $reference;
        $this->status    = TicketInterface::STATUS_NEW;
        $this->category  = $category;
        $this->messages  = new ArrayCollection();

        $this->messages->add($message);
    }

    /**
     * Answer to customer ticket
     *
     * @param MessageInterface
     */
    public function answer(MessageInterface $message)
    {
        if ($this->isClosed()) {
            throw new LogicException("Cannot answer a closed ticket");
        }

        if ($message->getAuthor()->isACustomer()) {
            throw new LogicException("Only company users can answer a ticket");
        }

        $this->messages->add($message);

        $this->status = TicketInterface::STATUS_ANSWERED;
    }

    /**
     * Add new customer message to a ticket
     *
     * @param MessageInterface
     */
    public function reopen(MessageInterface $message)
    {
        if ($this->isClosed()) {
            throw new LogicException("Cannot reopen a closed ticket");
        }

        if (!$message->getAuthor()->isACustomer()) {
            throw new LogicException("Only customers can reopen a ticket");
        }

        $this->messages->add($message);

        $this->status = TicketInterface::STATUS_REOPENED;
    }

    /**
     * Close a ticket in order to prevent future answers
     */
    public function close()
    {
        $this->status = TicketInterface::STATUS_CLOSED;
    }

    /**
     * Change category
     *
     * @param CategoryInterface $category
     */
    public function changeCategory(CategoryInterface $category)
    {
        if (!$category->isActive()) {
            throw new LogicException("Cannot set new ticket category for an inactive category");
        }

        $this->category = $category;
    }

    /**
     * Get unique reference
     *
     * @return string
     */
    public function getReference()
    {
        return $this->reference;
    }

    /**
     * Get related category
     *
     * @return CategoryInterface
     */
    public function getCategory()
    {
        return $this->category;
    }

    /**
     * Get messages
     *
     * @return MessageInterface[]
     */
    public function getMessages()
    {
        return $this->messages;
    }

    /**
     * Get first message
     *
     * @return MessageInterface
     */
    public function getFirstMessage()
    {
        return $this->messages->first();
    }

    /**
     * Get last message
     *
     * @return MessageInterface
     */
    public function getLastMessage()
    {
        return $this->messages->last();
    }

    /**
     * Get status
     *
     * @return string
     */
    public function getStatus()
    {
        return $this->status;
    }

    /**
     * @return bool
     */
    public function isNew()
    {
        return TicketInterface::STATUS_NEW === $this->status;
    }

    /**
     * @return bool
     */
    public function isAnswered()
    {
        return TicketInterface::STATUS_ANSWERED === $this->status;
    }

    /**
     * @return bool
     */
    public function isReopened()
    {
        return TicketInterface::STATUS_REOPENED === $this->status;
    }

    /**
     * @return bool
     */
    public function isClosed()
    {
        return TicketInterface::STATUS_CLOSED === $this->status;
    }
}


1		<?php
2
3		namespace Matks\Bundle\CustomerSupportBundle\Entity;
4
5		use Doctrine\ORM\Mapping as ORM;
6		use Knp\DoctrineBehaviors\Model as ORMBehaviors;
7		use Symfony\Component\Validator\Constraints as Assert;
8		use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
9
10		use Matks\Bundle\CustomerSupportBundle\Model\TicketInterface;
11		use Matks\Bundle\CustomerSupportBundle\Model\MessageInterface;
12		use Matks\Bundle\CustomerSupportBundle\Model\CategoryInterface;
13
14		use Doctrine\Common\Collections\ArrayCollection;
15		use LogicException;
16
17		/**
18		* Ticket entity
19		*
20		* @ORM\Entity(repositoryClass="Matks\Bundle\CustomerSupportBundle\Repository\TicketRepository")
21		* @ORM\Table(name="tickets")
22		* @UniqueEntity(fields="reference", message="this reference already exists")
23		*
24		* @author Mathieu Ferment <[email protected]>
25		*/
26		class Ticket implements TicketInterface
27		{
28		use ORMBehaviors\Timestampable\Timestampable;
29
30		/**
31		* @var int
32		*
33		* @ORM\Id
34		* @ORM\Column(type="integer")
35		* @ORM\GeneratedValue(strategy="AUTO")
36		*/
37		private $id;
		0 ignored issues – show introduced 2018-01-04 16:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The private property `$id` is not used, and could be removed. Loading history...
38
39		/**
40		* @var CategoryInterface
41		*
42		* @ORM\ManyToOne(
43		* targetEntity="Matks\Bundle\CustomerSupportBundle\Model\CategoryInterface",
44		* inversedBy="tickets"
45		* )
46		* @Assert\Valid()
47		*/
48		private $category;
49
50		/**
51		* @var string
52		*
53		* @ORM\Column(type="string", length=255)
54		* @Assert\NotBlank()
55		*/
56		private $status;
57
58		/**
59		* Ticket unique reference
60		*
61		* @var string
62		*
63		* @ORM\Column(type="string", length=255, unique=true)
64		* @Assert\NotBlank()
65		*/
66		private $reference;
67
68		/**
69		* @var MessageInterface[]
70		*
71		* @ORM\OneToMany(
72		* targetEntity="Matks\Bundle\CustomerSupportBundle\Model\MessageInterface",
73		* mappedBy="messages",
74		* cascade={"persist", "remove", "merge"}
75		* )
76		* @Assert\Valid()
77		*/
78		private $messages;
79
80
81		/**
82		* Constructor
83		*
84		* @param string $reference
85		* @param CategoryInterface $category
86		* @param MessageInterface $message
87		*/
88	12	public function __construct($reference, CategoryInterface $category, MessageInterface $message)
89		{
90	12	if (!$message->getAuthor()->isACustomer()) {
91	1	throw new LogicException("Only customers can open a ticket");
92		}
93
94	11	$this->reference = $reference;
95	11	$this->status = TicketInterface::STATUS_NEW;
96	11	$this->category = $category;
97	11	$this->messages = new ArrayCollection();
		0 ignored issues – show Documentation Bug introduced 2018-01-04 16:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `new Doctrine\Common\Collections\ArrayCollection()` of type `Doctrine\Common\Collections\ArrayCollection` is incompatible with the declared type `Matks\Bundle\CustomerSup...odel\MessageInterface[]` of property `$messages`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
98	11	$this->messages->add($message);
99	11	}
100
101		/**
102		* Answer to customer ticket
103		*
104		* @param MessageInterface
105		*/
106	5	public function answer(MessageInterface $message)
107		{
108	5	if ($this->isClosed()) {
109	1	throw new LogicException("Cannot answer a closed ticket");
110		}
111
112	4	if ($message->getAuthor()->isACustomer()) {
113	1	throw new LogicException("Only company users can answer a ticket");
114		}
115
116	3	$this->messages->add($message);
117
118	3	$this->status = TicketInterface::STATUS_ANSWERED;
119	3	}
120
121		/**
122		* Add new customer message to a ticket
123		*
124		* @param MessageInterface
125		*/
126	3	public function reopen(MessageInterface $message)
127		{
128	3	if ($this->isClosed()) {
129	1	throw new LogicException("Cannot reopen a closed ticket");
130		}
131
132	2	if (!$message->getAuthor()->isACustomer()) {
133	1	throw new LogicException("Only customers can reopen a ticket");
134		}
135
136	1	$this->messages->add($message);
137
138	1	$this->status = TicketInterface::STATUS_REOPENED;
139	1	}
140
141		/**
142		* Close a ticket in order to prevent future answers
143		*/
144	3	public function close()
145		{
146	3	$this->status = TicketInterface::STATUS_CLOSED;
147	3	}
148
149		/**
150		* Change category
151		*
152		* @param CategoryInterface $category
153		*/
154	2	public function changeCategory(CategoryInterface $category)
155		{
156	2	if (!$category->isActive()) {
157	1	throw new LogicException("Cannot set new ticket category for an inactive category");
158		}
159
160	1	$this->category = $category;
161	1	}
162
163		/**
164		* Get unique reference
165		*
166		* @return string
167		*/
168	1	public function getReference()
169		{
170	1	return $this->reference;
171		}
172
173		/**
174		* Get related category
175		*
176		* @return CategoryInterface
177		*/
178	1	public function getCategory()
179		{
180	1	return $this->category;
181		}
182
183		/**
184		* Get messages
185		*
186		* @return MessageInterface[]
187		*/
188		public function getMessages()
189		{
190		return $this->messages;
191		}
192
193		/**
194		* Get first message
195		*
196		* @return MessageInterface
197		*/
198	3	public function getFirstMessage()
199		{
200	3	return $this->messages->first();
201		}
202
203		/**
204		* Get last message
205		*
206		* @return MessageInterface
207		*/
208	3	public function getLastMessage()
209		{
210	3	return $this->messages->last();
211		}
212
213		/**
214		* Get status
215		*
216		* @return string
217		*/
218	4	public function getStatus()
219		{
220	4	return $this->status;
221		}
222
223		/**
224		* @return bool
225		*/
226	1	public function isNew()
227		{
228	1	return TicketInterface::STATUS_NEW === $this->status;
229		}
230
231		/**
232		* @return bool
233		*/
234	1	public function isAnswered()
235		{
236	1	return TicketInterface::STATUS_ANSWERED === $this->status;
237		}
238
239		/**
240		* @return bool
241		*/
242	1	public function isReopened()
243		{
244	1	return TicketInterface::STATUS_REOPENED === $this->status;
245		}
246
247		/**
248		* @return bool
249		*/
250	7	public function isClosed()
251		{
252	7	return TicketInterface::STATUS_CLOSED === $this->status;
253		}
254		}
255

matks / CustomerSupportBundle

Issues (12)

Security Analysis no request data

Entity/Ticket.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like