Issues in Purchase.php (master) - Issues in master - nikhil-pandey/guitar-shop - Measure and Improve Code Quality continuously with Scrutinizer

Issues (64)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/Purchase.php (1 issue)

Labels

Compatibility 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace App;

use App\Events\NotificationWasCreated;
use Carbon\Carbon;
use Illuminate\Database\Eloquent;
use Illuminate\Support\Facades\DB;

/**
 * App\Purchase.
 *
 * @property int $id
 * @property int $supplier_id
 * @property int $make_id
 * @property int $quantity
 * @property float $price
 * @property \Carbon\Carbon $date_purchased
 * @property \Carbon\Carbon $delivery_date
 * @property \Carbon\Carbon $deleted_at
 * @property-read mixed $status
 * @property-read \Illuminate\Database\Eloquent\Collection|\App\Guitar[] $guitars
 * @property-read mixed $stored
 * @property-read mixed $pending_storage
 * @property-read mixed $sold
 * @property-read \App\Supplier $supplier
 * @property-read \App\Make $make
 * @property-read \Illuminate\Database\Eloquent\Collection|\App\Notification[] $notifications
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase whereId($value)
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase whereSupplierId($value)
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase whereMakeId($value)
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase whereQuantity($value)
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase wherePrice($value)
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase whereDatePurchased($value)
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase whereDeliveryDate($value)
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase whereDeletedAt($value)
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase delivered()
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase stored()
 * @method static \Illuminate\Database\Query\Builder|\App\Purchase pendingStorage()
 * @mixin \Eloquent
 */
class Purchase extends Eloquent\Model
{
    const UPCOMING = 'upcoming';
    const DELIVERED = 'delivered';
    const COMPLETED = 'completed';

    use Eloquent\SoftDeletes;

    /**
     * We do not want any timestamps.
     *
     * @var bool
     */
    public $timestamps = false;

    /**
     * The attributes that are not mass assignable.
     *
     * @var array
     */
    protected $guarded = [];

    /**
     * Date mutators.
     *
     * @var array
     */
    protected $dates = ['date_purchased', 'delivery_date', 'deleted_at'];

    /**
     * Default date format.
     *
     * @var string
     */
    protected $dateFormat = 'Y-m-d';

    public static function boot()
    {
        parent::boot();

        static::deleting(function (Purchase $purchase) {
            $purchase->guitars()->delete();
            $purchase->notifications()->delete();
        });
    }

    /**
     * Delivered Scope.
     *
     * @param $query
     *
     * @return Eloquent\Builder
     */
    public function scopeDelivered($query)
    {
        return $query->where('delivery_date', '<=', Carbon::today());
    }

    /**
     * Stored Scope.
     *
     * @param $query
     *
     * @return Eloquent\Builder
     */
    public function scopeStored($query)
    {
        return $query->has('guitars', '=', DB::raw('quantity'));
    }

    /**
     * Pending Storage scope.
     *
     * @param $query
     *
     * @return Eloquent\Builder
     */
    public function scopePendingStorage($query)
    {
        return $query->has('guitars', '<', DB::raw('quantity'));
    }

    /**
     * Get status attribute.
     *
     * @return string
     */
    public function getStatusAttribute()
    {
        if ($this->delivery_date->isFuture()) {
            return self::UPCOMING;
        }
        if (! $this->isPendingStorage()) {
            return self::COMPLETED;
        }

        return self::DELIVERED;
    }

    /**
     * Has Guitars Pending Storage?
     *
     * @return bool
     */
    public function isPendingStorage()
    {
        return $this->guitars()->count() < $this->quantity;
    }

    /**
     * Guitars bought.
     *
     * @return Eloquent\Relations\HasMany
     */
    public function guitars()
    {
        return $this->hasMany(Guitar::class);
    }

    /**
     * Storage attribute.
     *
     * @return int
     */
    public function getStoredAttribute()
    {
        return $this->guitars()->count();
    }

    /**
     * Pending Storage attribute.
     *
     * @return int
     */
    public function getPendingStorageAttribute()
    {
        return $this->quantity - $this->stored;
    }

    /**
     * Number of Guitars Sold.
     *
     * @return int
     */
    public function getSoldAttribute()
    {
        return $this->guitars()->sold()->count();
    }

    /**
     * Whether the purchase has arrived.
     *
     * @return bool
     */
    public function hasArrived()
    {
        return $this->isStatus(self::DELIVERED);
    }

    /**
     * Verify the status.
     *
     * @param $status
     *
     * @return bool
     */
    public function isStatus($status)
    {
        return $this->status == $status;
    }

    /**
     * Supplier from which guitars were bought.
     *
     * @return Eloquent\Relations\BelongsTo
     */
    public function supplier()
    {
        return $this->belongsTo(Supplier::class);
    }

    /**
     * Make of the guitars.
     *
     * @return Eloquent\Relations\BelongsTo
     */
    public function make()
    {
        return $this->belongsTo(Make::class);
    }

    /**
     * Notifications about the purchase.
     *
     * @return Eloquent\Relations\MorphMany
     */
    public function notifications()
    {
        return $this->morphMany(Notification::class, 'notifiable');
    }

    /**
     * Create a new notification.
     * @return Notification
     */
    public function makeNotification()
    {
        $notification = $this->notifications()->create([
            'icon'    => 'flight_land',
            'link'    => '/purchases/'.$this->id,
            'message' => "Purchase of {$this->quantity} {$this->make->name} has arrived from {$this->supplier->name}, {$this->supplier->location}.",
        ]);

        event(new NotificationWasCreated($notification));


        return $notification;
    }
}


GitHub Access Token became invalid

Issues (64)

Security Analysis not enabled

app/Purchase.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		namespace App;
4
5		use App\Events\NotificationWasCreated;
6		use Carbon\Carbon;
7		use Illuminate\Database\Eloquent;
8		use Illuminate\Support\Facades\DB;
9
10		/**
11		* App\Purchase.
12		*
13		* @property int $id
14		* @property int $supplier_id
15		* @property int $make_id
16		* @property int $quantity
17		* @property float $price
18		* @property \Carbon\Carbon $date_purchased
19		* @property \Carbon\Carbon $delivery_date
20		* @property \Carbon\Carbon $deleted_at
21		* @property-read mixed $status
22		* @property-read \Illuminate\Database\Eloquent\Collection\|\App\Guitar[] $guitars
23		* @property-read mixed $stored
24		* @property-read mixed $pending_storage
25		* @property-read mixed $sold
26		* @property-read \App\Supplier $supplier
27		* @property-read \App\Make $make
28		* @property-read \Illuminate\Database\Eloquent\Collection\|\App\Notification[] $notifications
29		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase whereId($value)
30		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase whereSupplierId($value)
31		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase whereMakeId($value)
32		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase whereQuantity($value)
33		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase wherePrice($value)
34		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase whereDatePurchased($value)
35		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase whereDeliveryDate($value)
36		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase whereDeletedAt($value)
37		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase delivered()
38		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase stored()
39		* @method static \Illuminate\Database\Query\Builder\|\App\Purchase pendingStorage()
40		* @mixin \Eloquent
41		*/
42		class Purchase extends Eloquent\Model
43		{
44		const UPCOMING = 'upcoming';
45		const DELIVERED = 'delivered';
46		const COMPLETED = 'completed';
47
48		use Eloquent\SoftDeletes;
49
50		/**
51		* We do not want any timestamps.
52		*
53		* @var bool
54		*/
55		public $timestamps = false;
56
57		/**
58		* The attributes that are not mass assignable.
59		*
60		* @var array
61		*/
62		protected $guarded = [];
63
64		/**
65		* Date mutators.
66		*
67		* @var array
68		*/
69		protected $dates = ['date_purchased', 'delivery_date', 'deleted_at'];
70
71		/**
72		* Default date format.
73		*
74		* @var string
75		*/
76		protected $dateFormat = 'Y-m-d';
77
78	10	public static function boot()
79		{
80	10	parent::boot();
81
82	10	static::deleting(function (Purchase $purchase) {
83	1	$purchase->guitars()->delete();
84	1	$purchase->notifications()->delete();
85	10	});
86	10	}
87
88		/**
89		* Delivered Scope.
90		*
91		* @param $query
92		*
93		* @return Eloquent\Builder
94		*/
95		public function scopeDelivered($query)
96		{
97		return $query->where('delivery_date', '<=', Carbon::today());
98		}
99
100		/**
101		* Stored Scope.
102		*
103		* @param $query
104		*
105		* @return Eloquent\Builder
106		*/
107		public function scopeStored($query)
108		{
109		return $query->has('guitars', '=', DB::raw('quantity'));
110		}
111
112		/**
113		* Pending Storage scope.
114		*
115		* @param $query
116		*
117		* @return Eloquent\Builder
118		*/
119		public function scopePendingStorage($query)
120		{
121		return $query->has('guitars', '<', DB::raw('quantity'));
122		}
123
124		/**
125		* Get status attribute.
126		*
127		* @return string
128		*/
129	2	public function getStatusAttribute()
130		{
131	2	if ($this->delivery_date->isFuture()) {
132	2	return self::UPCOMING;
133		}
134		if (! $this->isPendingStorage()) {
135		return self::COMPLETED;
136		}
137
138		return self::DELIVERED;
139		}
140
141		/**
142		* Has Guitars Pending Storage?
143		*
144		* @return bool
145		*/
146		public function isPendingStorage()
147		{
148		return $this->guitars()->count() < $this->quantity;
149		}
150
151		/**
152		* Guitars bought.
153		*
154		* @return Eloquent\Relations\HasMany
155		*/
156	2	public function guitars()
157		{
158	2	return $this->hasMany(Guitar::class);
159		}
160
161		/**
162		* Storage attribute.
163		*
164		* @return int
165		*/
166	1	public function getStoredAttribute()
167		{
168	1	return $this->guitars()->count();
169		}
170
171		/**
172		* Pending Storage attribute.
173		*
174		* @return int
175		*/
176		public function getPendingStorageAttribute()
177		{
178		return $this->quantity - $this->stored;
179		}
180
181		/**
182		* Number of Guitars Sold.
183		*
184		* @return int
185		*/
186	1	public function getSoldAttribute()
187		{
188	1	return $this->guitars()->sold()->count();
189		}
190
191		/**
192		* Whether the purchase has arrived.
193		*
194		* @return bool
195		*/
196	1	public function hasArrived()
197		{
198	1	return $this->isStatus(self::DELIVERED);
199		}
200
201		/**
202		* Verify the status.
203		*
204		* @param $status
205		*
206		* @return bool
207		*/
208	1	public function isStatus($status)
209		{
210	1	return $this->status == $status;
211		}
212
213		/**
214		* Supplier from which guitars were bought.
215		*
216		* @return Eloquent\Relations\BelongsTo
217		*/
218		public function supplier()
219		{
220		return $this->belongsTo(Supplier::class);
221		}
222
223		/**
224		* Make of the guitars.
225		*
226		* @return Eloquent\Relations\BelongsTo
227		*/
228	1	public function make()
229		{
230	1	return $this->belongsTo(Make::class);
231		}
232
233		/**
234		* Notifications about the purchase.
235		*
236		* @return Eloquent\Relations\MorphMany
237		*/
238	1	public function notifications()
239		{
240	1	return $this->morphMany(Notification::class, 'notifiable');
241		}
242
243		/**
244		* Create a new notification.
245		* @return Notification
246		*/
247		public function makeNotification()
248		{
249		$notification = $this->notifications()->create([
250		'icon' => 'flight_land',
251		'link' => '/purchases/'.$this->id,
252		'message' => "Purchase of {$this->quantity} {$this->make->name} has arrived from {$this->supplier->name}, {$this->supplier->location}.",
253		]);
254
255		event(new NotificationWasCreated($notification));
		0 ignored issues – show Compatibility introduced 2016-04-17 16:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$notification` of type `object<Illuminate\Database\Eloquent\Model>` is not a sub-type of `object<App\Notification>`. It seems like you assume a child class of the class `Illuminate\Database\Eloquent\Model` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
256
257		return $notification;
258		}
259		}
260

nikhil-pandey / guitar-shop

GitHub Access Token became invalid

Issues (64)

Security Analysis not enabled

app/Purchase.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like