Issues in FinTs.php (master) - Issues in master - mschindler83/fints-hbci-php - Measure and Improve Code Quality continuously with Scrutinizer

Issues (38)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/Fhp/FinTs.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Fhp;

use Fhp\Adapter\AdapterInterface;
use Fhp\Adapter\Curl;
use Fhp\DataTypes\Kik;
use Fhp\DataTypes\Kti;
use Fhp\DataTypes\Ktv;
use Fhp\Dialog\Dialog;
use Fhp\Message\AbstractMessage;
use Fhp\Message\Message;
use Fhp\Model\SEPAAccount;
use Fhp\Response\GetAccounts;
use Fhp\Response\GetSaldo;
use Fhp\Response\GetSEPAAccounts;
use Fhp\Response\GetStatementOfAccount;
use Fhp\Segment\HKKAZ;
use Fhp\Segment\HKSAL;
use Fhp\Segment\HKSPA;
use Psr\Log\LoggerInterface;
use Psr\Log\NullLogger;

/**
 * Class FinTs.
 *
 * @package Fhp
 */
class FinTs
{
    const DEFAULT_COUNTRY_CODE = 280;

    /** @var LoggerInterface */
    protected $logger;
    /** @var  string */
    protected $server;
    /** @var int */
    protected $port;
    /** @var string */
    protected $bankCode;
    /** @var string */
    protected $username;
    /** @var string */
    protected $pin;
    /** @var  Connection */
    protected $connection;
    /** @var  AdapterInterface */
    protected $adapter;
    /** @var int */
    protected $systemId = 0;
    /** @var string */
    protected $bankName;

    /**
     * FinTs constructor.
     * @param string $server
     * @param int $port
     * @param string $bankCode
     * @param string $username
     * @param string $pin
     * @param LoggerInterface|null $logger
     */
    public function __construct(
        $server,
        $port,
        $bankCode,
        $username,
        $pin,
        LoggerInterface $logger = null
    ) {
        $this->server = $server;
        $this->port = $port;
        $this->logger = null == $logger ? new NullLogger() : $logger;

        // escaping of bank code not really needed here as it should
        // never have special chars. But we just do it to ensure
        // that the request will not get messed up and the user
        // can receive a valid error response from the HBCI server.
        $this->bankCode = $this->escapeString($bankCode);

        // Here, escaping is needed for usernames or pins with
        // HBCI special chars.
        $this->username = $this->escapeString($username);
        $this->pin = $this->escapeString($pin);

        $this->adapter = new Curl($this->server, $this->port);
        $this->connection = new Connection($this->adapter);
    }

    /**
     * Sets the adapter to use.
     *
     * @param AdapterInterface $adapter
     */
    public function setAdapter(AdapterInterface $adapter)
    {
        $this->adapter = $adapter;
        $this->connection = new Connection($this->adapter);
    }

    /**
     * Gets array of all accounts.
     *
     * @return Model\Account[]
     */
    public function getAccounts()
    {
        $dialog = $this->getDialog();
        $result = $dialog->syncDialog();
        $this->bankName = $dialog->getBankName();
        $accounts = new GetAccounts($result);

        return $accounts->getAccountsArray();
    }

    /**
     * Gets array of all SEPA Accounts.
     *
     * @return Model\SEPAAccount[]
     * @throws Adapter\Exception\AdapterException
     * @throws Adapter\Exception\CurlException
     */
    public function getSEPAAccounts()
    {
        $dialog = $this->getDialog();
        $dialog->syncDialog();
        $dialog->initDialog();

        $message = $this->getNewMessage(
            $dialog,
            array(new HKSPA(3)),
            array(AbstractMessage::OPT_PINTAN_MECH => $dialog->getSupportedPinTanMechanisms())
        );

        $result = $dialog->sendMessage($message);
        $dialog->endDialog();
        $sepaAccounts = new  GetSEPAAccounts($result->rawResponse);

        return $sepaAccounts->getSEPAAccountsArray();
    }

    /**
     * Gets the bank name.
     *
     * @return string
     */
    public function getBankName()
    {
        if (null == $this->bankName) {
            $this->getDialog()->syncDialog();
        }

        return $this->bankName;
    }

    /**
     * Gets statement of account.
     *
     * @param SEPAAccount $account
     * @param \DateTime $from
     * @param \DateTime $to
     * @return Model\StatementOfAccount\StatementOfAccount|null
     * @throws \Exception
     */
    public function getStatementOfAccount(SEPAAccount $account, \DateTime $from, \DateTime $to)
    {
        $responses = array();

        $this->logger->info('Start fetching statement of account results');
        $this->logger->info('Start date: ' . $from->format('Y-m-d'));
        $this->logger->info('End date  : ' . $to->format('Y-m-d'));

        $dialog = $this->getDialog();
        $dialog->syncDialog();
        $dialog->initDialog();

        $message = $this->createStateOfAccountMessage($dialog, $account, $from, $to, null);
        $response = $dialog->sendMessage($message);
        $touchdowns = $response->getTouchdowns($message);
        $soaResponse = new GetStatementOfAccount($response->rawResponse);
        $responses[] = $soaResponse->getRawMt940();

        $touchdownCounter = 1;
        while (isset($touchdowns[HKKAZ::NAME])) {
            $this->logger->info('Fetching more statement of account results (' . $touchdownCounter++ . ') ...');
            $message = $this->createStateOfAccountMessage(
                $dialog,
                $account,
                $from,
                $to,
                $touchdowns[HKKAZ::NAME]
            );

            $r = $dialog->sendMessage($message);
            $touchdowns = $r->getTouchDowns($message);
            $soaResponse = new GetStatementOfAccount($r->rawResponse);
            $responses[] = $soaResponse->getRawMt940();
        }

        $this->logger->info('Fetching of ' . $touchdownCounter . ' pages done.');
        $this->logger->debug('HKKAZ response:');

        $dialog->endDialog();

        return GetStatementOfAccount::createModelFromRawMt940(implode('', $responses));
    }

    /**
     * Helper method to create a "Statement of Account Message".
     *
     * @param Dialog $dialog
     * @param SEPAAccount $account
     * @param \DateTime $from
     * @param \DateTime $to
     * @param string|null $touchdown
     * @return Message
     * @throws \Exception
     */
    protected function createStateOfAccountMessage(
        Dialog $dialog,
        SepaAccount $account,
        \DateTime $from,
        \DateTime $to,
        $touchdown = null
    ) {
        // version 4, 5, 6, 7


        // version 5
        /*
            1 Segmentkopf                   DEG         M 1
            2 Kontoverbindung Auftraggeber  DEG ktv #   M 1
            3 Alle Konten                   DE  jn  #   M 1
            4 Von Datum                     DE dat  #   K 1
            5 Bis Datum                     DE dat  #   K 1
            6 Maximale Anzahl Einträge      DE num ..4  K 1 >0
            7 Aufsetzpunkt                  DE an ..35  K 1
         */

        // version 6
        /*
            1 Segmentkopf                   1 DEG           M 1
            2 Kontoverbindung Auftraggeber  2 DEG ktv #     M 1
            3 Alle Konten                   1 DE jn #       M 1
            4 Von Datum                     1 DE dat #      O 1
            5 Bis Datum                     1 DE dat #      O 1
            6 Maximale Anzahl Einträge      1 DE num ..4    C 1 >0
            7 Aufsetzpunkt                  1 DE an ..35    C 1
         */

        // version 7
        /*
            1 Segmentkopf                   1 DEG       M 1
            2 Kontoverbindung international 1 DEG kti # M 1
            3 Alle Konten                   1 DE jn #   M 1
            4 Von Datum                     1 DE dat #  O 1
            5 Bis Datum                     1 DE dat #  O 1
            6 Maximale Anzahl Einträge      1 DE num ..4 C 1 >0
            7 Aufsetzpunkt                  1 DE an ..35 C 1
         */

        switch ($dialog->getHkkazMaxVersion()) {
            case 4:
            case 5:
                $konto = new Deg();
                $konto->addDataElement($account->getAccountNumber());
                $konto->addDataElement($account->getSubAccount());
                $konto->addDataElement(static::DEFAULT_COUNTRY_CODE);
                $konto->addDataElement($account->getBlz());
                break;
            case 6:

                $konto = new Ktv(
                    $account->getAccountNumber(),
                    $account->getSubAccount(),
                    new Kik(280, $account->getBlz())
                );
                break;
            case 7:

                $konto = new Kti(
                    $account->getIban(),
                    $account->getBic(),
                    $account->getAccountNumber(),
                    $account->getSubAccount(),
                    new Kik(280, $account->getBlz())
                );
                break;
            default:
                throw new \Exception('Unsupported HKKAZ version: ' . $dialog->getHkkazMaxVersion());
        }

        $message = $this->getNewMessage(
            $dialog,
            array(
                new HKKAZ(
                    $dialog->getHkkazMaxVersion(),
                    3,
                    $konto,
                    HKKAZ::ALL_ACCOUNTS_N,
                    $from,
                    $to,
                    $touchdown
                )
            ),
            array(AbstractMessage::OPT_PINTAN_MECH => $dialog->getSupportedPinTanMechanisms())
        );

        return $message;
    }

    /**
     * Gets the saldo of given SEPAAccount.
     *
     * @param SEPAAccount $account
     * @return Model\Saldo|null
     * @throws Adapter\Exception\AdapterException
     * @throws Adapter\Exception\CurlException
     * @throws \Exception
     */
    public function getSaldo(SEPAAccount $account)
    {
        $dialog = $this->getDialog();
        $dialog->syncDialog();
        $dialog->initDialog();

        switch ((int) $dialog->getHksalMaxVersion()) {
            case 4:
            case 5:
                $hksalAccount = new Deg(
                    $account->getAccountNumber(),

                    $account->getSubAccount(),
                    static::DEFAULT_COUNTRY_CODE, $account->getBlz()
                );
                $hksalAccount->addDataElement($account->getAccountNumber());
                $hksalAccount->addDataElement($account->getSubAccount());
                $hksalAccount->addDataElement(static::DEFAULT_COUNTRY_CODE);
                $hksalAccount->addDataElement($account->getBlz());
                break;
            case 6:

                $hksalAccount = new Ktv(
                    $account->getAccountNumber(),
                    $account->getSubAccount(),
                    new Kik(280, $account->getBlz())
                );
                break;
            case 7:

                $hksalAccount = new Kti(
                    $account->getIban(),
                    $account->getBic(),
                    $account->getAccountNumber(),
                    $account->getSubAccount(),
                    new Kik(280, $account->getBlz())
                );
                break;
            default:
                throw new \Exception('Unsupported HKSAL version: ' . $dialog->getHksalMaxVersion());
        }

        $message = new Message(
            $this->bankCode,
            $this->username,
            $this->pin,
            $dialog->getSystemId(),
            $dialog->getDialogId(),
            $dialog->getMessageNumber(),
            array(
                new HKSAL($dialog->getHksalMaxVersion(), 3, $hksalAccount, HKSAL::ALL_ACCOUNTS_N)
            ),
            array(
                AbstractMessage::OPT_PINTAN_MECH => $dialog->getSupportedPinTanMechanisms()
            )
        );

        $response = $dialog->sendMessage($message);
        $response = new GetSaldo($response->rawResponse);

        return $response->getSaldoModel();
    }

    /**
     * Helper method to retrieve a pre configured message object.
     * Factory for poor people :)
     *
     * @param Dialog $dialog
     * @param array $segments
     * @param array $options
     * @return Message
     */
    protected function getNewMessage(Dialog $dialog, array $segments, array $options)
    {
        return new Message(
            $this->bankCode,
            $this->username,
            $this->pin,
            $dialog->getSystemId(),
            $dialog->getDialogId(),
            $dialog->getMessageNumber(),
            $segments,
            $options
        );
    }

    /**
     * Helper method to retrieve a pre configured dialog object.
     * Factory for poor people :)
     *
     * @return Dialog
     */
    protected function getDialog()
    {
        return new Dialog(
            $this->connection,
            $this->bankCode,
            $this->username,
            $this->pin,
            $this->systemId,
            $this->logger
        );
    }

    /**
     * Needed for escaping userdata.
     * HBCI escape char is "?"
     *
     * @param string $string
     * @return string
     */
    protected function escapeString($string)
    {
        return str_replace(
            array('?', '@', ':', '+', '\''),
            array('??', '?@', '?:', '?+', '?\''),
            $string
        );
    }
}


1			<?php
2
3			namespace Fhp;
4
5			use Fhp\Adapter\AdapterInterface;
6			use Fhp\Adapter\Curl;
7			use Fhp\DataTypes\Kik;
8			use Fhp\DataTypes\Kti;
9			use Fhp\DataTypes\Ktv;
10			use Fhp\Dialog\Dialog;
11			use Fhp\Message\AbstractMessage;
12			use Fhp\Message\Message;
13			use Fhp\Model\SEPAAccount;
14			use Fhp\Response\GetAccounts;
15			use Fhp\Response\GetSaldo;
16			use Fhp\Response\GetSEPAAccounts;
17			use Fhp\Response\GetStatementOfAccount;
18			use Fhp\Segment\HKKAZ;
19			use Fhp\Segment\HKSAL;
20			use Fhp\Segment\HKSPA;
21			use Psr\Log\LoggerInterface;
22			use Psr\Log\NullLogger;
23
24			/**
25			* Class FinTs.
26			*
27			* @package Fhp
28			*/
29			class FinTs
30			{
31			const DEFAULT_COUNTRY_CODE = 280;
32
33			/** @var LoggerInterface */
34			protected $logger;
35			/** @var string */
36			protected $server;
37			/** @var int */
38			protected $port;
39			/** @var string */
40			protected $bankCode;
41			/** @var string */
42			protected $username;
43			/** @var string */
44			protected $pin;
45			/** @var Connection */
46			protected $connection;
47			/** @var AdapterInterface */
48			protected $adapter;
49			/** @var int */
50			protected $systemId = 0;
51			/** @var string */
52			protected $bankName;
53
54			/**
55			* FinTs constructor.
56			* @param string $server
57			* @param int $port
58			* @param string $bankCode
59			* @param string $username
60			* @param string $pin
61			* @param LoggerInterface\|null $logger
62			*/
63			public function __construct(
64			$server,
65			$port,
66			$bankCode,
67			$username,
68			$pin,
69			LoggerInterface $logger = null
70			) {
71			$this->server = $server;
72			$this->port = $port;
73			$this->logger = null == $logger ? new NullLogger() : $logger;
74
75			// escaping of bank code not really needed here as it should
76			// never have special chars. But we just do it to ensure
77			// that the request will not get messed up and the user
78			// can receive a valid error response from the HBCI server.
79			$this->bankCode = $this->escapeString($bankCode);
80
81			// Here, escaping is needed for usernames or pins with
82			// HBCI special chars.
83			$this->username = $this->escapeString($username);
84			$this->pin = $this->escapeString($pin);
85
86			$this->adapter = new Curl($this->server, $this->port);
87			$this->connection = new Connection($this->adapter);
88			}
89
90			/**
91			* Sets the adapter to use.
92			*
93			* @param AdapterInterface $adapter
94			*/
95			public function setAdapter(AdapterInterface $adapter)
96			{
97			$this->adapter = $adapter;
98			$this->connection = new Connection($this->adapter);
99			}
100
101			/**
102			* Gets array of all accounts.
103			*
104			* @return Model\Account[]
105			*/
106			public function getAccounts()
107			{
108			$dialog = $this->getDialog();
109			$result = $dialog->syncDialog();
110			$this->bankName = $dialog->getBankName();
111			$accounts = new GetAccounts($result);
112
113			return $accounts->getAccountsArray();
114			}
115
116			/**
117			* Gets array of all SEPA Accounts.
118			*
119			* @return Model\SEPAAccount[]
120			* @throws Adapter\Exception\AdapterException
121			* @throws Adapter\Exception\CurlException
122			*/
123			public function getSEPAAccounts()
124			{
125			$dialog = $this->getDialog();
126			$dialog->syncDialog();
127			$dialog->initDialog();
128
129			$message = $this->getNewMessage(
130			$dialog,
131			array(new HKSPA(3)),
132			array(AbstractMessage::OPT_PINTAN_MECH => $dialog->getSupportedPinTanMechanisms())
133			);
134
135			$result = $dialog->sendMessage($message);
136			$dialog->endDialog();
137			$sepaAccounts = new GetSEPAAccounts($result->rawResponse);
138
139			return $sepaAccounts->getSEPAAccountsArray();
140			}
141
142			/**
143			* Gets the bank name.
144			*
145			* @return string
146			*/
147			public function getBankName()
148			{
149			if (null == $this->bankName) {
150			$this->getDialog()->syncDialog();
151			}
152
153			return $this->bankName;
154			}
155
156			/**
157			* Gets statement of account.
158			*
159			* @param SEPAAccount $account
160			* @param \DateTime $from
161			* @param \DateTime $to
162			* @return Model\StatementOfAccount\StatementOfAccount\|null
163			* @throws \Exception
164			*/
165			public function getStatementOfAccount(SEPAAccount $account, \DateTime $from, \DateTime $to)
166			{
167			$responses = array();
168
169			$this->logger->info('Start fetching statement of account results');
170			$this->logger->info('Start date: ' . $from->format('Y-m-d'));
171			$this->logger->info('End date : ' . $to->format('Y-m-d'));
172
173			$dialog = $this->getDialog();
174			$dialog->syncDialog();
175			$dialog->initDialog();
176
177			$message = $this->createStateOfAccountMessage($dialog, $account, $from, $to, null);
178			$response = $dialog->sendMessage($message);
179			$touchdowns = $response->getTouchdowns($message);
180			$soaResponse = new GetStatementOfAccount($response->rawResponse);
181			$responses[] = $soaResponse->getRawMt940();
182
183			$touchdownCounter = 1;
184			while (isset($touchdowns[HKKAZ::NAME])) {
185			$this->logger->info('Fetching more statement of account results (' . $touchdownCounter++ . ') ...');
186			$message = $this->createStateOfAccountMessage(
187			$dialog,
188			$account,
189			$from,
190			$to,
191			$touchdowns[HKKAZ::NAME]
192			);
193
194			$r = $dialog->sendMessage($message);
195			$touchdowns = $r->getTouchDowns($message);
196			$soaResponse = new GetStatementOfAccount($r->rawResponse);
197			$responses[] = $soaResponse->getRawMt940();
198			}
199
200			$this->logger->info('Fetching of ' . $touchdownCounter . ' pages done.');
201			$this->logger->debug('HKKAZ response:');
202
203			$dialog->endDialog();
204
205			return GetStatementOfAccount::createModelFromRawMt940(implode('', $responses));
206			}
207
208			/**
209			* Helper method to create a "Statement of Account Message".
210			*
211			* @param Dialog $dialog
212			* @param SEPAAccount $account
213			* @param \DateTime $from
214			* @param \DateTime $to
215			* @param string\|null $touchdown
216			* @return Message
217			* @throws \Exception
218			*/
219			protected function createStateOfAccountMessage(
220			Dialog $dialog,
221			SepaAccount $account,
222			\DateTime $from,
223			\DateTime $to,
224			$touchdown = null
225			) {
226			// version 4, 5, 6, 7
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-09-05 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this `54%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
227
228			// version 5
229			/*
230			1 Segmentkopf DEG M 1
231			2 Kontoverbindung Auftraggeber DEG ktv # M 1
232			3 Alle Konten DE jn # M 1
233			4 Von Datum DE dat # K 1
234			5 Bis Datum DE dat # K 1
235			6 Maximale Anzahl Einträge DE num ..4 K 1 >0
236			7 Aufsetzpunkt DE an ..35 K 1
237			*/
238
239			// version 6
240			/*
241			1 Segmentkopf 1 DEG M 1
242			2 Kontoverbindung Auftraggeber 2 DEG ktv # M 1
243			3 Alle Konten 1 DE jn # M 1
244			4 Von Datum 1 DE dat # O 1
245			5 Bis Datum 1 DE dat # O 1
246			6 Maximale Anzahl Einträge 1 DE num ..4 C 1 >0
247			7 Aufsetzpunkt 1 DE an ..35 C 1
248			*/
249
250			// version 7
251			/*
252			1 Segmentkopf 1 DEG M 1
253			2 Kontoverbindung international 1 DEG kti # M 1
254			3 Alle Konten 1 DE jn # M 1
255			4 Von Datum 1 DE dat # O 1
256			5 Bis Datum 1 DE dat # O 1
257			6 Maximale Anzahl Einträge 1 DE num ..4 C 1 >0
258			7 Aufsetzpunkt 1 DE an ..35 C 1
259			*/
260
261			switch ($dialog->getHkkazMaxVersion()) {
262			case 4:
263			case 5:
264			$konto = new Deg();
265			$konto->addDataElement($account->getAccountNumber());
266			$konto->addDataElement($account->getSubAccount());
267			$konto->addDataElement(static::DEFAULT_COUNTRY_CODE);
268			$konto->addDataElement($account->getBlz());
269			break;
270		View Code Duplication	case 6:
			0 ignored issues – show Duplication introduced 2016-09-05 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
271			$konto = new Ktv(
272			$account->getAccountNumber(),
273			$account->getSubAccount(),
274			new Kik(280, $account->getBlz())
275			);
276			break;
277		View Code Duplication	case 7:
			0 ignored issues – show Duplication introduced 2016-09-05 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
278			$konto = new Kti(
279			$account->getIban(),
280			$account->getBic(),
281			$account->getAccountNumber(),
282			$account->getSubAccount(),
283			new Kik(280, $account->getBlz())
284			);
285			break;
286			default:
287			throw new \Exception('Unsupported HKKAZ version: ' . $dialog->getHkkazMaxVersion());
288			}
289
290			$message = $this->getNewMessage(
291			$dialog,
292			array(
293			new HKKAZ(
294			$dialog->getHkkazMaxVersion(),
295			3,
296			$konto,
297			HKKAZ::ALL_ACCOUNTS_N,
298			$from,
299			$to,
300			$touchdown
301			)
302			),
303			array(AbstractMessage::OPT_PINTAN_MECH => $dialog->getSupportedPinTanMechanisms())
304			);
305
306			return $message;
307			}
308
309			/**
310			* Gets the saldo of given SEPAAccount.
311			*
312			* @param SEPAAccount $account
313			* @return Model\Saldo\|null
314			* @throws Adapter\Exception\AdapterException
315			* @throws Adapter\Exception\CurlException
316			* @throws \Exception
317			*/
318			public function getSaldo(SEPAAccount $account)
319			{
320			$dialog = $this->getDialog();
321			$dialog->syncDialog();
322			$dialog->initDialog();
323
324			switch ((int) $dialog->getHksalMaxVersion()) {
325			case 4:
326			case 5:
327			$hksalAccount = new Deg(
328			$account->getAccountNumber(),
			0 ignored issues – show Unused Code introduced 2016-09-05 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Deg::__construct()` has too many arguments starting with `$account->getAccountNumber()`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
329			$account->getSubAccount(),
330			static::DEFAULT_COUNTRY_CODE, $account->getBlz()
331			);
332			$hksalAccount->addDataElement($account->getAccountNumber());
333			$hksalAccount->addDataElement($account->getSubAccount());
334			$hksalAccount->addDataElement(static::DEFAULT_COUNTRY_CODE);
335			$hksalAccount->addDataElement($account->getBlz());
336			break;
337		View Code Duplication	case 6:
			0 ignored issues – show Duplication introduced 2016-09-05 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
338			$hksalAccount = new Ktv(
339			$account->getAccountNumber(),
340			$account->getSubAccount(),
341			new Kik(280, $account->getBlz())
342			);
343			break;
344		View Code Duplication	case 7:
			0 ignored issues – show Duplication introduced 2016-09-05 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
345			$hksalAccount = new Kti(
346			$account->getIban(),
347			$account->getBic(),
348			$account->getAccountNumber(),
349			$account->getSubAccount(),
350			new Kik(280, $account->getBlz())
351			);
352			break;
353			default:
354			throw new \Exception('Unsupported HKSAL version: ' . $dialog->getHksalMaxVersion());
355			}
356
357			$message = new Message(
358			$this->bankCode,
359			$this->username,
360			$this->pin,
361			$dialog->getSystemId(),
362			$dialog->getDialogId(),
363			$dialog->getMessageNumber(),
364			array(
365			new HKSAL($dialog->getHksalMaxVersion(), 3, $hksalAccount, HKSAL::ALL_ACCOUNTS_N)
366			),
367			array(
368			AbstractMessage::OPT_PINTAN_MECH => $dialog->getSupportedPinTanMechanisms()
369			)
370			);
371
372			$response = $dialog->sendMessage($message);
373			$response = new GetSaldo($response->rawResponse);
374
375			return $response->getSaldoModel();
376			}
377
378			/**
379			* Helper method to retrieve a pre configured message object.
380			* Factory for poor people :)
381			*
382			* @param Dialog $dialog
383			* @param array $segments
384			* @param array $options
385			* @return Message
386			*/
387			protected function getNewMessage(Dialog $dialog, array $segments, array $options)
388			{
389			return new Message(
390			$this->bankCode,
391			$this->username,
392			$this->pin,
393			$dialog->getSystemId(),
394			$dialog->getDialogId(),
395			$dialog->getMessageNumber(),
396			$segments,
397			$options
398			);
399			}
400
401			/**
402			* Helper method to retrieve a pre configured dialog object.
403			* Factory for poor people :)
404			*
405			* @return Dialog
406			*/
407			protected function getDialog()
408			{
409			return new Dialog(
410			$this->connection,
411			$this->bankCode,
412			$this->username,
413			$this->pin,
414			$this->systemId,
415			$this->logger
416			);
417			}
418
419			/**
420			* Needed for escaping userdata.
421			* HBCI escape char is "?"
422			*
423			* @param string $string
424			* @return string
425			*/
426	10		protected function escapeString($string)
427			{
428	10		return str_replace(
429	10		array('?', '@', ':', '+', '\''),
430	10		array('??', '?@', '?:', '?+', '?\''),
431			$string
432	10		);
433			}
434			}
435

mschindler83 / fints-hbci-php

Issues (38)

Security Analysis no request data

lib/Fhp/FinTs.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like