Issues in TransactionService.php (master) - Issues in master - okaufmann/laravel-web-money-manager-ex - Measure and Improve Code Quality continuously with Scrutinizer

Issues (387)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/Services/TransactionService.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * laravel-money-manager-ex
 *
 * This File belongs to to Project laravel-money-manager-ex
 *
 * @author Oliver Kaufmann <[email protected]>
 * @version 1.0
 */

namespace App\Services;

use App\Models\Account;
use App\Models\Category;
use App\Models\Payee;
use App\Models\Transaction;
use App\Models\TransactionStatus;
use App\Models\TransactionType;
use App\Models\User;
use Carbon\Carbon;
use Illuminate\Http\UploadedFile;
use Illuminate\Support\Collection;

class TransactionService
{
    /**
     * Gets a transaction and set all related entities's ids if possible.
     *
     * @param $id
     *
     * @return Transaction
     */
    public function getTransaction(User $user, int $id)
    {
        $transaction = $user->transactions()->find($id);

        if (!$transaction) {
            return null;
        }

        $account = $user->accounts()->where('name', $transaction->account_name)->first();
        if ($account) {
            $transaction->account_id = $account->id;
        }
        $account = $user->accounts()->where('name', $transaction->to_account_name)->first();
        if ($account) {
            $transaction->to_account_id = $account->id;
        }

        $payee = $user->payees()->where('name', $transaction->payee_name)->first();
        if ($payee) {
            $transaction->payee_id = $payee->id;
        }

        $category = $user->categories()->where('name', $transaction->category_name)->first();
        if ($category) {
            $transaction->category_id = $category->id;
        }

        $category = $user->categories()->where('name', $transaction->sub_category_name)->first();

        if ($category) {
            $transaction->sub_category_id = $category->id;
        }

        return $transaction;
    }

    /**
     * Creates a new transaction and touch last used payee and payee's category.
     *
     * @param User       $user
     * @param Collection $data
     * @param array|null $files
     *
     * @return Transaction
     */
    public function createTransactionWithUsage(User $user, Collection $data, array $files = null)

    {
        $transaction = $this->createTransaction($user, $data, $files);

        $this->setPayeesLastUsedCategory($user, $data);
        $this->setPayeesLastUsedDate($user, $data);

        return $transaction;
    }

    /**
     * Creates a new transaction.
     *
     * @param User       $user
     * @param Collection $data
     * @param array|null $files
     *
     * @return Transaction
     */
    public function createTransaction(User $user, Collection $data, array $files = null, $jsonRequest = false)
    {
        $this->parseTransactionDate($data, $jsonRequest);

        $transaction = new Transaction($data->all());

        $this->setResolvedFieldValues($user, $data, $transaction);

        $user->transactions()->save($transaction);

        if ($files) {
            foreach ($files as $file) {
                $this->addAttachment($transaction, $file);
            }
        }

        return $transaction;
    }

    /**
     * Updates a existing transaction and touch last used payee and payee's category.
     *
     * @param User $user
     * @param $id
     * @param Collection $data
     * @param array|null $files
     *
     * @return mixed
     */
    public function updateTransactionWithUsage(User $user, $id, Collection $data, array $files = null)

    {
        $transaction = $this->updateTransaction($user, $id, $data, $files);

        $this->setPayeesLastUsedCategory($user, $data);
        $this->setPayeesLastUsedDate($user, $data);

        return $transaction;
    }

    public function updateTransaction(User $user, $id, Collection $data, array $files = null)
    {
        $this->parseTransactionDate($data);

        $transaction = $user->transactions()->findOrFail($id);

        $transaction->amount = $data->get('amount');
        $transaction->notes = $data->get('notes');
        $transaction->transaction_date = $data->get('transaction_date');

        $this->setResolvedFieldValues($user, $data, $transaction);

        $transaction->save();

        if ($files) {
            foreach ($files as $file) {
                $this->addAttachment($transaction, $file);
            }
        }

        return $transaction;
    }

    /**
     * @param $file string|UploadedFile
     * @param bool $keepOriginal
     */
    public function addAttachment(Transaction $transaction, $file, $keepOriginal = false)
    {
        if (is_string($file)) {
            $fileName = basename($file);
        } elseif ($file instanceof UploadedFile) {
            $fileName = $file->getFilename();
        } else {
            throw new \InvalidArgumentException('$file must be either a path or an UploadedFile!');
        }

        $fileName = 'Transaction_'.$transaction->id.'_'.$fileName;

        $media = $transaction->addMedia($file)
            ->usingFileName($fileName);

        if ($keepOriginal) {
            $media->preservingOriginal();
        }

        $media->toMediaCollection('attachments');
    }

    /**
     * @param Collection $data
     * @param $transaction
     *
     * @internal param TransactionRequest $request
     */
    private function setResolvedFieldValues(User $user, Collection $data, $transaction)
    {
        $type = TransactionType::findOrFail($data->get('transaction_type'));
        $transaction->type()->associate($type);

        $status = TransactionStatus::find($data->get('transaction_status'));
        if ($status) {
            $transaction->status()->associate($status);
        }

        $account = $user->accounts()->findOrFail($data->get('account'));
        $transaction->account_name = $account->name;

        $toaccount = $user->accounts()->find($data->get('to_account'));
        if ($toaccount) {
            $transaction->to_account_name = $toaccount->name;
        }

        $payee = $user->payees()->find($data->get('payee'));
        if ($payee) {
            $transaction->payee_name = $payee->name;
        }

        $category = $user->categories()->rootCategories()->findOrFail($data->get('category'));
        $transaction->category_name = $category->name;

        $subcategory = $user->categories()->subCategories()->find($data->get('subcategory'));
        if ($subcategory) {
            $transaction->sub_category_name = $subcategory->name;
        }
    }

    /**
     * @param Collection $data
     */
    private function setPayeesLastUsedCategory(User $user, Collection $data)
    {
        if ($data->get('subcategory')) {
            $lastCategory = $user->categories()->find($data->get('subcategory'));
        } else {
            $lastCategory = $user->categories()->find($data->get('category'));
        }

        if ($lastCategory) {
            $payee = $user->payees()->find($data->get('payee'));
            if ($payee) {
                $payee->lastCategoryUsed()->associate($lastCategory);
                $payee->save();
            }
        }
    }

    private function setPayeesLastUsedDate(User $user, Collection $data)
    {
        $payee = $user->payees()->find($data->get('payee'));

        if ($payee) {
            $payee->last_used_at = Carbon::now();
            $payee->save();
        }
    }

    private function parseTransactionDate($data, $jsonRequest = false)
    {
        $date = null;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        $transactionDate = $data->pull('transaction_date');

        if (!$transactionDate) {
            return;
        }

        $format = $jsonRequest ? Carbon::ATOM : locale_dateformat();

        $date = Carbon::createFromFormat($format, $transactionDate);
        $date->hour(0);
        $date->minute(0);
        $date->second(0);

        $data['transaction_date'] = $date;
    }
}


GitHub Access Token became invalid

Issues (387)

Security Analysis not enabled

app/Services/TransactionService.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2		/*
3		* laravel-money-manager-ex
4		*
5		* This File belongs to to Project laravel-money-manager-ex
6		*
7		* @author Oliver Kaufmann <[email protected]>
8		* @version 1.0
9		*/
10
11		namespace App\Services;
12
13		use App\Models\Account;
14		use App\Models\Category;
15		use App\Models\Payee;
16		use App\Models\Transaction;
17		use App\Models\TransactionStatus;
18		use App\Models\TransactionType;
19		use App\Models\User;
20		use Carbon\Carbon;
21		use Illuminate\Http\UploadedFile;
22		use Illuminate\Support\Collection;
23
24		class TransactionService
25		{
26		/**
27		* Gets a transaction and set all related entities's ids if possible.
28		*
29		* @param $id
30		*
31		* @return Transaction
32		*/
33		public function getTransaction(User $user, int $id)
34		{
35		$transaction = $user->transactions()->find($id);
36
37		if (!$transaction) {
38		return null;
39		}
40
41		$account = $user->accounts()->where('name', $transaction->account_name)->first();
42		if ($account) {
43		$transaction->account_id = $account->id;
44		}
45		$account = $user->accounts()->where('name', $transaction->to_account_name)->first();
46		if ($account) {
47		$transaction->to_account_id = $account->id;
48		}
49
50		$payee = $user->payees()->where('name', $transaction->payee_name)->first();
51		if ($payee) {
52		$transaction->payee_id = $payee->id;
53		}
54
55		$category = $user->categories()->where('name', $transaction->category_name)->first();
56		if ($category) {
57		$transaction->category_id = $category->id;
58		}
59
60		$category = $user->categories()->where('name', $transaction->sub_category_name)->first();
61
62		if ($category) {
63		$transaction->sub_category_id = $category->id;
64		}
65
66		return $transaction;
67		}
68
69		/**
70		* Creates a new transaction and touch last used payee and payee's category.
71		*
72		* @param User $user
73		* @param Collection $data
74		* @param array\|null $files
75		*
76		* @return Transaction
77		*/
78	View Code Duplication	public function createTransactionWithUsage(User $user, Collection $data, array $files = null)
		0 ignored issues – show Duplication introduced 2017-09-27 23:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
79		{
80		$transaction = $this->createTransaction($user, $data, $files);
81
82		$this->setPayeesLastUsedCategory($user, $data);
83		$this->setPayeesLastUsedDate($user, $data);
84
85		return $transaction;
86		}
87
88		/**
89		* Creates a new transaction.
90		*
91		* @param User $user
92		* @param Collection $data
93		* @param array\|null $files
94		*
95		* @return Transaction
96		*/
97		public function createTransaction(User $user, Collection $data, array $files = null, $jsonRequest = false)
98		{
99		$this->parseTransactionDate($data, $jsonRequest);
100
101		$transaction = new Transaction($data->all());
102
103		$this->setResolvedFieldValues($user, $data, $transaction);
104
105		$user->transactions()->save($transaction);
106
107		if ($files) {
108		foreach ($files as $file) {
109		$this->addAttachment($transaction, $file);
110		}
111		}
112
113		return $transaction;
114		}
115
116		/**
117		* Updates a existing transaction and touch last used payee and payee's category.
118		*
119		* @param User $user
120		* @param $id
121		* @param Collection $data
122		* @param array\|null $files
123		*
124		* @return mixed
125		*/
126	View Code Duplication	public function updateTransactionWithUsage(User $user, $id, Collection $data, array $files = null)
		0 ignored issues – show Duplication introduced 2017-09-27 23:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
127		{
128		$transaction = $this->updateTransaction($user, $id, $data, $files);
129
130		$this->setPayeesLastUsedCategory($user, $data);
131		$this->setPayeesLastUsedDate($user, $data);
132
133		return $transaction;
134		}
135
136		public function updateTransaction(User $user, $id, Collection $data, array $files = null)
137		{
138		$this->parseTransactionDate($data);
139
140		$transaction = $user->transactions()->findOrFail($id);
141
142		$transaction->amount = $data->get('amount');
143		$transaction->notes = $data->get('notes');
144		$transaction->transaction_date = $data->get('transaction_date');
145
146		$this->setResolvedFieldValues($user, $data, $transaction);
147
148		$transaction->save();
149
150		if ($files) {
151		foreach ($files as $file) {
152		$this->addAttachment($transaction, $file);
153		}
154		}
155
156		return $transaction;
157		}
158
159		/**
160		* @param $file string\|UploadedFile
161		* @param bool $keepOriginal
162		*/
163		public function addAttachment(Transaction $transaction, $file, $keepOriginal = false)
164		{
165		if (is_string($file)) {
166		$fileName = basename($file);
167		} elseif ($file instanceof UploadedFile) {
168		$fileName = $file->getFilename();
169		} else {
170		throw new \InvalidArgumentException('$file must be either a path or an UploadedFile!');
171		}
172
173		$fileName = 'Transaction_'.$transaction->id.'_'.$fileName;
174
175		$media = $transaction->addMedia($file)
176		->usingFileName($fileName);
177
178		if ($keepOriginal) {
179		$media->preservingOriginal();
180		}
181
182		$media->toMediaCollection('attachments');
183		}
184
185		/**
186		* @param Collection $data
187		* @param $transaction
188		*
189		* @internal param TransactionRequest $request
190		*/
191		private function setResolvedFieldValues(User $user, Collection $data, $transaction)
192		{
193		$type = TransactionType::findOrFail($data->get('transaction_type'));
194		$transaction->type()->associate($type);
195
196		$status = TransactionStatus::find($data->get('transaction_status'));
197		if ($status) {
198		$transaction->status()->associate($status);
199		}
200
201		$account = $user->accounts()->findOrFail($data->get('account'));
202		$transaction->account_name = $account->name;
203
204		$toaccount = $user->accounts()->find($data->get('to_account'));
205		if ($toaccount) {
206		$transaction->to_account_name = $toaccount->name;
207		}
208
209		$payee = $user->payees()->find($data->get('payee'));
210		if ($payee) {
211		$transaction->payee_name = $payee->name;
212		}
213
214		$category = $user->categories()->rootCategories()->findOrFail($data->get('category'));
215		$transaction->category_name = $category->name;
216
217		$subcategory = $user->categories()->subCategories()->find($data->get('subcategory'));
218		if ($subcategory) {
219		$transaction->sub_category_name = $subcategory->name;
220		}
221		}
222
223		/**
224		* @param Collection $data
225		*/
226		private function setPayeesLastUsedCategory(User $user, Collection $data)
227		{
228		if ($data->get('subcategory')) {
229		$lastCategory = $user->categories()->find($data->get('subcategory'));
230		} else {
231		$lastCategory = $user->categories()->find($data->get('category'));
232		}
233
234		if ($lastCategory) {
235		$payee = $user->payees()->find($data->get('payee'));
236		if ($payee) {
237		$payee->lastCategoryUsed()->associate($lastCategory);
238		$payee->save();
239		}
240		}
241		}
242
243		private function setPayeesLastUsedDate(User $user, Collection $data)
244		{
245		$payee = $user->payees()->find($data->get('payee'));
246
247		if ($payee) {
248		$payee->last_used_at = Carbon::now();
249		$payee->save();
250		}
251		}
252
253		private function parseTransactionDate($data, $jsonRequest = false)
254		{
255		$date = null;
		0 ignored issues – show Unused Code introduced 2017-09-27 23:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$date` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
256		$transactionDate = $data->pull('transaction_date');
257
258		if (!$transactionDate) {
259		return;
260		}
261
262		$format = $jsonRequest ? Carbon::ATOM : locale_dateformat();
263
264		$date = Carbon::createFromFormat($format, $transactionDate);
265		$date->hour(0);
266		$date->minute(0);
267		$date->second(0);
268
269		$data['transaction_date'] = $date;
270		}
271		}
272

okaufmann / laravel-web-money-manager-ex

GitHub Access Token became invalid

Issues (387)

Security Analysis not enabled

app/Services/TransactionService.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like