This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace NFePHP\Esfinge; |
||
4 | |||
5 | use InvalidArgumentException; |
||
6 | use NFePHP\Esfinge\Soap\CurlSoap; |
||
7 | use NFePHP\Esfinge\Files\FileFolders; |
||
8 | |||
9 | class Base |
||
10 | { |
||
11 | |||
12 | protected $errors; |
||
13 | /** |
||
14 | * tpAmb |
||
15 | * @var int |
||
16 | */ |
||
17 | protected $tpAmb = 2; |
||
18 | /** |
||
19 | * ambiente |
||
20 | * @var string |
||
21 | */ |
||
22 | protected $ambiente = 'homologacao'; |
||
23 | /** |
||
24 | * Diretorio para gravar arquivos de LOG |
||
25 | * @var string |
||
26 | */ |
||
27 | protected $pathFiles = ''; |
||
28 | /** |
||
29 | * aConfig |
||
30 | * @var array |
||
31 | */ |
||
32 | protected $aConfig = array(); |
||
33 | /** |
||
34 | * aProxy |
||
35 | * @var array |
||
36 | */ |
||
37 | protected $aProxy = array(); |
||
38 | /** |
||
39 | * soapTimeout |
||
40 | * @var int |
||
41 | */ |
||
42 | protected $soapTimeout = 10; |
||
43 | /** |
||
44 | * oSoap |
||
45 | * @var Object Class |
||
46 | */ |
||
47 | protected $oSoap; |
||
48 | /** |
||
49 | * soapDebug |
||
50 | * @var string |
||
51 | */ |
||
52 | protected $soapDebug = ''; |
||
53 | /** |
||
54 | * Header da mensagem SOAP |
||
55 | * @var string |
||
56 | */ |
||
57 | protected $header; |
||
58 | /** |
||
59 | * Nome do usuário do sistema |
||
60 | * @var string |
||
61 | */ |
||
62 | protected $username; |
||
63 | /** |
||
64 | * Password do usuário do sistema |
||
65 | * @var string |
||
66 | */ |
||
67 | protected $password; |
||
68 | /** |
||
69 | * Código da Unidade Gestora conforme informado pelo serviço listar |
||
70 | * da tabela unidades gestoras |
||
71 | * @var string |
||
72 | */ |
||
73 | protected $codigoUnidadeGestora; |
||
74 | |||
75 | /** |
||
76 | * Contrutor |
||
77 | * @param string $configJson |
||
78 | */ |
||
79 | 6 | public function __construct($configJson = '', $debug = false) |
|
80 | { |
||
81 | 6 | if (empty($configJson)) { |
|
82 | 3 | throw new InvalidArgumentException('A configuração deve ser passada.'); |
|
83 | } |
||
84 | 3 | $config = $configJson; |
|
85 | 3 | if (is_file($configJson)) { |
|
86 | $config = file_get_contents($configJson); |
||
87 | } |
||
88 | 3 | $this->aConfig = json_decode($config, true); |
|
0 ignored issues
–
show
|
|||
89 | 3 | $this->username = $this->aConfig['username']; |
|
90 | 3 | $this->password = $this->aConfig['password']; |
|
91 | 3 | $this->codigoUnidadeGestora = $this->aConfig['codigoUnidadeGestora']; |
|
92 | 3 | $this->aProxy = $this->aConfig['aProxyConf']; |
|
93 | 3 | $this->setAmbiente($this->aConfig['tpAmb']); |
|
94 | 3 | $this->pathFiles = $this->aConfig['pathFiles']; |
|
95 | 3 | $this->loadSoapClass($debug); |
|
96 | 3 | $this->buildSoapHeader(); |
|
97 | 3 | } |
|
98 | |||
99 | /** |
||
100 | * Seta o ambiente de trabalho |
||
101 | * 1 - Produção |
||
102 | * 2 - Homologação |
||
103 | * @param int $tpAmb |
||
104 | */ |
||
105 | 6 | public function setAmbiente($tpAmb = 2) |
|
106 | { |
||
107 | 6 | if ($tpAmb == 1) { |
|
108 | 3 | $this->tpAmb = 1; |
|
109 | 3 | $this->ambiente = 'producao'; |
|
110 | 2 | } else { |
|
111 | 6 | $this->tpAmb = 2; |
|
112 | 6 | $this->ambiente = 'homologacao'; |
|
113 | //sobrescreve a senha que é diferente no ambiente de teste |
||
114 | 6 | $this->password = '123456'; |
|
115 | } |
||
116 | 6 | } |
|
117 | |||
118 | /** |
||
119 | * Retorna o tpAmb |
||
120 | * @return int |
||
121 | */ |
||
122 | 9 | public function getAmbiente() |
|
123 | { |
||
124 | 9 | return $this->tpAmb; |
|
125 | } |
||
126 | |||
127 | /** |
||
128 | * setSoapTimeOut |
||
129 | * Seta um valor para timeout |
||
130 | * |
||
131 | * @param integer $segundos |
||
132 | */ |
||
133 | 6 | public function setSoapTimeOut($segundos = 10) |
|
134 | { |
||
135 | 6 | if (! empty($segundos) && is_numeric($segundos)) { |
|
136 | 3 | $this->soapTimeout = $segundos; |
|
0 ignored issues
–
show
It seems like
$segundos can also be of type double or string . However, the property $soapTimeout is declared as type integer . Maybe add an additional type check?
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable Either this assignment is in error or a type check should be added for that assignment. class Id
{
public $id;
public function __construct($id)
{
$this->id = $id;
}
}
class Account
{
/** @var Id $id */
public $id;
}
$account_id = false;
if (starsAreRight()) {
$account_id = new Id(42);
}
$account = new Account();
if ($account instanceof Id)
{
$account->id = $account_id;
}
Loading history...
|
|||
137 | 3 | $this->loadSoapClass(); |
|
138 | 2 | } |
|
139 | 6 | } |
|
140 | |||
141 | /** |
||
142 | * getSoapTimeOut |
||
143 | * Retorna o valor de timeout defido |
||
144 | * |
||
145 | * @return integer |
||
146 | */ |
||
147 | 6 | public function getSoapTimeOut() |
|
148 | { |
||
149 | 6 | return $this->soapTimeout; |
|
150 | } |
||
151 | |||
152 | /** |
||
153 | * Monta as tags com base na chave e no valor do array |
||
154 | * @param array $data |
||
155 | * @return string |
||
156 | */ |
||
157 | protected function addTag($data) |
||
158 | { |
||
159 | $ret = ''; |
||
160 | foreach ($data as $key => $value) { |
||
161 | if (! empty($value)) { |
||
162 | $ret .= "<$key>$value</$key>"; |
||
163 | } |
||
164 | } |
||
165 | return $ret; |
||
166 | } |
||
167 | |||
168 | /** |
||
169 | * Monta o conjunto de Body na função enviar |
||
170 | * @param string $key |
||
171 | * @param array $data |
||
172 | * @return string |
||
173 | */ |
||
174 | protected function buildEnviarB($key, $data) |
||
175 | { |
||
176 | if (count($data) > 5000) { |
||
177 | throw new InvalidArgumentException('O limite de 5000 dados foi ultrapassado.'); |
||
178 | } |
||
179 | $msg = ""; |
||
180 | foreach ($data as $field) { |
||
181 | $msg .= "<$key>"; |
||
182 | $msg .= $this->addTag($field); |
||
183 | $msg .= "</$key>"; |
||
184 | } |
||
185 | $msg .= '</svc:enviar>'; |
||
186 | return $msg; |
||
187 | } |
||
188 | |||
189 | /** |
||
190 | * Monta o conjunto Body da função Listar |
||
191 | * @param string $pagina |
||
192 | * @param array $filtros |
||
193 | * @return string |
||
194 | */ |
||
195 | protected function buildListarB($pagina = '', $filtros = []) |
||
196 | { |
||
197 | $msg = '<PAGINA>'.$pagina.'</PAGINA>'; |
||
198 | if (! empty($filtros)) { |
||
199 | foreach ($filtros as $filtro) { |
||
200 | $f = '<filtros>'; |
||
201 | $f .= $this->addTag($filtro); |
||
202 | $f .= '</filtros>'; |
||
203 | $msg .= $f; |
||
204 | }; |
||
205 | } |
||
206 | $msg .= '</svc:listar>'; |
||
207 | return $msg; |
||
208 | } |
||
209 | |||
210 | /** |
||
211 | * Monta a primeira parte de todas mensagens |
||
212 | * @param string $namespace |
||
213 | * @return string |
||
214 | */ |
||
215 | protected function buildMsgH($tipo, $namespace) |
||
0 ignored issues
–
show
|
|||
216 | { |
||
217 | $key = 'svc:enviar'; |
||
218 | $codug = ''; |
||
219 | if ($tipo == 'L') { |
||
220 | $key = 'svc:listar'; |
||
221 | $codug = "<codigoUg>$this->codigoUnidadeGestora</codigoUg>"; |
||
222 | } |
||
223 | $msg = "<$key>"; |
||
224 | $msg .= $codug; |
||
225 | $msg .= "<chaveToken>$this->tokenid</chaveToken>"; |
||
0 ignored issues
–
show
The property
tokenid does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
Loading history...
|
|||
226 | $msg .= "<competencia>$this->competencia</competencia>"; |
||
0 ignored issues
–
show
The property
competencia does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
Loading history...
|
|||
227 | return $msg; |
||
228 | } |
||
229 | |||
230 | /** |
||
231 | * Monta o corpo de todas as mensagens |
||
232 | * @param string $tipo |
||
233 | * @param array $data |
||
234 | * @param string $key |
||
235 | * @return string |
||
236 | */ |
||
237 | protected function buildMsgB($tipo, $data, $key = '') |
||
238 | { |
||
239 | if ($tipo == 'L') { |
||
240 | //numerico pagina |
||
241 | $pagina = $data['pagina']; |
||
242 | //array filtros []['','','',''] |
||
243 | $filtros = $data['filtros']; |
||
244 | $msg = $this->buildListarB($pagina, $filtros); |
||
245 | } elseif ($tipo == 'E') { |
||
246 | $msg = $this->buildEnviarB($key, $data); |
||
247 | } |
||
248 | return $msg; |
||
0 ignored issues
–
show
The variable
$msg does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
249 | } |
||
250 | |||
251 | /** |
||
252 | * Constroi o header da mensagem SOAP |
||
253 | */ |
||
254 | 3 | protected function buildSoapHeader() |
|
255 | { |
||
256 | 3 | $this->header = "<wsse:Security " |
|
257 | . "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">" |
||
258 | 2 | . "<wsse:UsernameToken " |
|
259 | 2 | . "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" |
|
260 | 2 | . "<wsse:Username>" |
|
261 | 3 | . $this->username |
|
262 | 3 | . "</wsse:Username><wsse:Password " |
|
263 | 3 | . "Type=\"http://docs.oasis-open.org/wss/2004/01/" |
|
264 | 3 | . "oasis-200401-wss-username-token-profile-1.0#PasswordText\">" |
|
265 | 3 | . $this->password |
|
266 | 3 | . "</wsse:Password>" |
|
267 | 3 | . "</wsse:UsernameToken>" |
|
268 | 3 | . "</wsse:Security>"; |
|
269 | 3 | } |
|
270 | |||
271 | /** |
||
272 | * Envia a mensagem para o webservice |
||
273 | * @param string $uri |
||
274 | * @param string $namespace |
||
275 | * @param array $data |
||
276 | * @param string $method |
||
277 | * @param string $met |
||
278 | * @param string $retorno usado apenas para unit testes onde não desejamos acessar o SOAP |
||
279 | * @return string |
||
280 | */ |
||
281 | protected function envia($uri, $namespace, $data, $method, $met, $retorno = '') |
||
282 | { |
||
283 | if ($namespace !== 'http://token.ws.tce.sc.gov.br/') { |
||
284 | //constroi a mensagem |
||
285 | $body = $this->buildMsgH($method, $namespace); |
||
286 | $body .= $this->buildMsgB($method, $data, substr($met, 0, strlen($met)-1)); |
||
287 | } else { |
||
288 | $body = $data; |
||
289 | } |
||
290 | if (empty($retorno)) { |
||
291 | //envia pelo curl |
||
292 | $retorno = $this->oSoap->send($uri, $namespace, $this->header, $body, $met); |
||
293 | } |
||
294 | //processa o retorno |
||
295 | if ($method == 'L') { |
||
296 | $tag = 'listar'; |
||
297 | } elseif ($method == 'E') { |
||
298 | $tag = 'enviar'; |
||
299 | } else { |
||
300 | $tag = $met; |
||
301 | } |
||
302 | $resp = Response::readReturn($tag, $retorno); |
||
303 | return $resp; |
||
304 | } |
||
305 | |||
306 | /** |
||
307 | * Carrega a classe SOAP e os certificados |
||
308 | */ |
||
309 | 9 | protected function loadSoapClass($debug = false) |
|
310 | { |
||
311 | 9 | $pathlog = $this->pathFiles.DIRECTORY_SEPARATOR.$this->ambiente; |
|
312 | 9 | $this->oSoap = null; |
|
313 | 9 | $soap = new CurlSoap( |
|
314 | 9 | $pathlog, |
|
315 | 9 | $this->soapTimeout, |
|
316 | 9 | $this->aProxy, |
|
317 | 3 | $debug |
|
318 | 6 | ); |
|
319 | 9 | $this->oSoap = $soap; |
|
320 | 9 | } |
|
321 | } |
||
322 |
Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property.
Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..