Issues in Deal.php (master) - Issues in master - padosoft/laravel-affiliate-network - Measure and Improve Code Quality continuously with Scrutinizer

Issues (315)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Deal.php (5 issues)

Labels

Severity

Minor 5

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Padosoft\AffiliateNetwork;

/**
 * Class Deal
 * @package Padosoft\AffiliateNetwork
 */
class Deal
{
    /**
     * @var int
     */
    public $merchant_ID = 0;

    /**
     * @var string
     */
    public $merchant_name = '';

    /**
     * @var int
     */
    public $network_ID = 0;

    /**
     * @var int
     */
    public $type = 0;

    /**
     * @var string
     */
    public $code = '';

    /**
     * @var string
     */
    public $url = '';

    /**
     * @var \DateTime
     */
    public $start_date;

    /**
     * @var \DateTime
     */
    public $end_date;

    /**
     * @var \DateTime
     */
    public $update_date;

    /**
     * @var \DateTime
     */
    public $publish_start_date;

    /**
     * @var \DateTime
     */
    public $publish_end_date;

    /**
     * @var integer
     */
    public $deal_ID = 0;

    /**
     * @var string
     */
    public $currency_initial  = '';

    /**
     * @var string
     */
    public $language = '';

    /**
     * @var string
     */
    public $logo_path = '';

    /**
     * @var string
     */
    public $name = '';

    /**
     * @var string
     */
    public $short_description = '';

    /**
     * @var string
     */
    public $description = '';

    /**
     * @var string
     */
    public $information = '';

    /**
     * @var string
     */
    public $deal_type = '';

    /**
     * @var string
     */
    public $default_track_uri = '';

    /**
     * @var string
     */
    public $discount_amount='';

    /**
     * @var boolean
     */
    public $is_percentage = false;

    /**
     * @var string
     */
    public $minimum_order_value='';

    /**
     * @var boolean
     */
    public $is_exclusive = false;

    /**
     * @var boolean
     */
    public $is_site_specific = false;

    /**
     * @var string
     */
    public $landing_url = '';

    /**
     * @var string
     */
    public $ppv = '';

    /**
     * @var string
     */
    public $ppc = '';

    public function __construct() {
        $this->publish_end_date = $this->publish_start_date = $this->update_date = $this->end_date = $this->start_date = \DateTime::createFromFormat('Y-m-d','2000-01-01 00:00:00');
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}
    }

    /**
     * @method createInstance
     * @return obj istance
     */
    public static function createInstance()
    {
        $obj = null;
        try {
            $obj = new Deal();
        } catch (\Exception $e) {
            throw new \Exception('Error creating instance Deal - ' . $e->getMessage());
        }
        return $obj;
    }

    /**
     * Move data from array to class by associative array source => destination
     * (skip invalid or empty fields)
     * @param array $source
     * @param array $association
     */
    public function setValues(array $source, array $association) {
        foreach ($association as $src => $dest) {
            if (array_key_exists($src, $source) && isset($this->$dest)) {
                if (strpos($dest, 'date') !== false) {
                    $this->$dest = $this->convertDate($source[$src]);
                }
                elseif (strpos($dest, 'is_') !== false) {
                    $this->$dest = $this->convertBool($source[$src]);

                }
                else {
                    $this->$dest = $source[$src];
                }
            }
            else {
                // Missing field .. ignore
            }
        }
    }

    public function convertDate($source) {
        // Try to convert any possible date format
        $date = \DateTime::createFromFormat(\DateTime::ISO8601, $source);
        if ($date === false) {
            $date = \DateTime::createFromFormat("Y-m-d\TH:i:s.uO", $source);
        }
        if ($date === false) {
            $date = \DateTime::createFromFormat("Y-m-d\TH:i:s", substr($source,0,19));
        }
        if ($date === false) {
            $date = \DateTime::createFromFormat("d/m/Y H:i:s", $source);
        }
        if ($date === false) {
            $date = \DateTime::createFromFormat('d/m/Y',$source);
        }
        if ($date === false) {
            $date = \DateTime::createFromFormat('Y-m-d',$source);
        }
        if ($date === false) {
            $date = \DateTime::createFromFormat('Y-m-d H:i:s',$source);
        }
        if ($date === false) {
            $date = \DateTime::createFromFormat('Y-m-d',substr($source,0,10));
        }
        if ($date === false) {
            $date = \DateTime::createFromFormat('d.m.Y', $source);
        }
        if ($date === false) {
            $date = \DateTime::createFromFormat('Y-m-d H:i:s','2000-01-01 00:00:00');
        }
        return $date;
    }

    public function convertBool($source) {
        // Try to convert source to boolean
        $source = strtolower($source);
        if ($source == 'yes' || $source == 'true' || $source == '1' || $source == 'oui') {
            $value = true;
        }
        else {
            $value = false;
        }
        return $value;
    }
}


1			<?php
2
3			namespace Padosoft\AffiliateNetwork;
4
5			/**
6			* Class Deal
7			* @package Padosoft\AffiliateNetwork
8			*/
9			class Deal
10			{
11			/**
12			* @var int
13			*/
14			public $merchant_ID = 0;
15
16			/**
17			* @var string
18			*/
19			public $merchant_name = '';
20
21			/**
22			* @var int
23			*/
24			public $network_ID = 0;
25
26			/**
27			* @var int
28			*/
29			public $type = 0;
30
31			/**
32			* @var string
33			*/
34			public $code = '';
35
36			/**
37			* @var string
38			*/
39			public $url = '';
40
41			/**
42			* @var \DateTime
43			*/
44			public $start_date;
45
46			/**
47			* @var \DateTime
48			*/
49			public $end_date;
50
51			/**
52			* @var \DateTime
53			*/
54			public $update_date;
55
56			/**
57			* @var \DateTime
58			*/
59			public $publish_start_date;
60
61			/**
62			* @var \DateTime
63			*/
64			public $publish_end_date;
65
66			/**
67			* @var integer
68			*/
69			public $deal_ID = 0;
70
71			/**
72			* @var string
73			*/
74			public $currency_initial = '';
75
76			/**
77			* @var string
78			*/
79			public $language = '';
80
81			/**
82			* @var string
83			*/
84			public $logo_path = '';
85
86			/**
87			* @var string
88			*/
89			public $name = '';
90
91			/**
92			* @var string
93			*/
94			public $short_description = '';
95
96			/**
97			* @var string
98			*/
99			public $description = '';
100
101			/**
102			* @var string
103			*/
104			public $information = '';
105
106			/**
107			* @var string
108			*/
109			public $deal_type = '';
110
111			/**
112			* @var string
113			*/
114			public $default_track_uri = '';
115
116			/**
117			* @var string
118			*/
119			public $discount_amount='';
120
121			/**
122			* @var boolean
123			*/
124			public $is_percentage = false;
125
126			/**
127			* @var string
128			*/
129			public $minimum_order_value='';
130
131			/**
132			* @var boolean
133			*/
134			public $is_exclusive = false;
135
136			/**
137			* @var boolean
138			*/
139			public $is_site_specific = false;
140
141			/**
142			* @var string
143			*/
144			public $landing_url = '';
145
146			/**
147			* @var string
148			*/
149			public $ppv = '';
150
151			/**
152			* @var string
153			*/
154			public $ppc = '';
155
156			public function __construct() {
157			$this->publish_end_date = $this->publish_start_date = $this->update_date = $this->end_date = $this->start_date = \DateTime::createFromFormat('Y-m-d','2000-01-01 00:00:00');
			0 ignored issues – show Documentation Bug introduced 2017-09-21 10:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\DateTime::createFromFor... '2000-01-01 00:00:00')` can also be of type `false`. However, the property `$start_date` is declared as type `object<DateTime>`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id / public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history... Documentation Bug introduced 2017-09-21 10:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->start_date = \Dat... '2000-01-01 00:00:00')` can also be of type `false`. However, the property `$end_date` is declared as type `object<DateTime>`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /* @var Id $id / public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history... Documentation Bug introduced 2017-09-21 10:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->end_date = $this-... '2000-01-01 00:00:00')` can also be of type `false`. However, the property `$update_date` is declared as type `object<DateTime>`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /* @var Id $id / public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history... Documentation Bug introduced 2017-09-21 10:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->update_date = $th... '2000-01-01 00:00:00')` can also be of type `false`. However, the property `$publish_start_date` is declared as type `object<DateTime>`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /* @var Id $id / public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history... Documentation Bug introduced 2017-09-21 10:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->publish_start_dat... '2000-01-01 00:00:00')` can also be of type `false`. However, the property `$publish_end_date` is declared as type `object<DateTime>`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /* @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
158			}
159
160			/**
161			* @method createInstance
162			* @return obj istance
163			*/
164			public static function createInstance()
165			{
166			$obj = null;
167			try {
168			$obj = new Deal();
169			} catch (\Exception $e) {
170			throw new \Exception('Error creating instance Deal - ' . $e->getMessage());
171			}
172			return $obj;
173			}
174
175			/**
176			* Move data from array to class by associative array source => destination
177			* (skip invalid or empty fields)
178			* @param array $source
179			* @param array $association
180			*/
181			public function setValues(array $source, array $association) {
182			foreach ($association as $src => $dest) {
183			if (array_key_exists($src, $source) && isset($this->$dest)) {
184			if (strpos($dest, 'date') !== false) {
185			$this->$dest = $this->convertDate($source[$src]);
186			}
187			elseif (strpos($dest, 'is_') !== false) {
188			$this->$dest = $this->convertBool($source[$src]);
189
190			}
191			else {
192			$this->$dest = $source[$src];
193			}
194			}
195			else {
196			// Missing field .. ignore
197			}
198			}
199			}
200
201			public function convertDate($source) {
202			// Try to convert any possible date format
203			$date = \DateTime::createFromFormat(\DateTime::ISO8601, $source);
204			if ($date === false) {
205			$date = \DateTime::createFromFormat("Y-m-d\TH:i:s.uO", $source);
206			}
207			if ($date === false) {
208			$date = \DateTime::createFromFormat("Y-m-d\TH:i:s", substr($source,0,19));
209			}
210			if ($date === false) {
211			$date = \DateTime::createFromFormat("d/m/Y H:i:s", $source);
212			}
213			if ($date === false) {
214			$date = \DateTime::createFromFormat('d/m/Y',$source);
215			}
216			if ($date === false) {
217			$date = \DateTime::createFromFormat('Y-m-d',$source);
218			}
219			if ($date === false) {
220			$date = \DateTime::createFromFormat('Y-m-d H:i:s',$source);
221			}
222			if ($date === false) {
223			$date = \DateTime::createFromFormat('Y-m-d',substr($source,0,10));
224			}
225			if ($date === false) {
226			$date = \DateTime::createFromFormat('d.m.Y', $source);
227			}
228			if ($date === false) {
229			$date = \DateTime::createFromFormat('Y-m-d H:i:s','2000-01-01 00:00:00');
230			}
231			return $date;
232			}
233
234			public function convertBool($source) {
235			// Try to convert source to boolean
236			$source = strtolower($source);
237			if ($source == 'yes' \|\| $source == 'true' \|\| $source == '1' \|\| $source == 'oui') {
238			$value = true;
239			}
240			else {
241			$value = false;
242			}
243			return $value;
244			}
245			}
246

padosoft / laravel-affiliate-network

Issues (315)

Security Analysis no request data

src/Deal.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like