Issues in Document.php (master) - Issues in master - sausin/signere-sdk - Measure and Improve Code Quality continuously with Scrutinizer

Issues (33)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Document.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Sausin\Signere;

class Document extends BaseClass
{
    /** The URI of the action */
    const URI = 'https://api.signere.no/api/Document';

    /**
     * Returns the url to sign the document for the given Signeeref
     * or the first Signeeref if not SigneerefId is specified.
     *
     * @param  string      $documentId
     * @param  string|null $signeeRefId
     * @return object
     */
    public function getSignUrl(string $documentId, string $signeeRefId = null)
    {
        // make the URL for this request
        $url = sprintf(
            '%s/SignUrl?documentId=%s&signeeRefId=%s',
            $this->getBaseUrl(),
            $documentId,
            $signeeRefId
        );

        // get the headers for this request
        $headers = $this->headers->make('GET', $url);

        // get the response
        $response = $this->client->get($url, [
            'headers' => $headers,
        ]);

        // return the response
        return $response;
    }

    /**
     * Retrieves the document with the given ID.
     *
     * @param  string      $documentId
     * @return object
     */
    public function get(string $documentId)
    {
        // make the URL for this request
        $url = sprintf('%s/%s', $this->getBaseUrl(), $documentId);

        // get the headers for this request
        $headers = $this->headers->make('GET', $url);

        // get the response
        $response = $this->client->get($url, [
            'headers' => $headers,
        ]);

        // return the response
        return $response;
    }

    /**
     * Returns a temporary URL for viewing a signed
     * document in the BankID applet.
     *
     * @param  string      $documentId
     * @return object
     */
    public function getTemporaryUrl(string $documentId)
    {
        // make the URL for this request
        $url = sprintf(
            '%s/SignedDocument/TemporaryViewerUrl/%s',
            $this->getBaseUrl(),
            $documentId
        );

        // get the headers for this request
        $headers = $this->headers->make('GET', $url);

        // get the response
        $response = $this->client->get($url, [
            'headers' => $headers,
        ]);

        // return the response
        return $response;
    }

    /**
     * Retrieves a list of documents based on the given parameters.
     *
     * @param  string|null $jobId
     * @param  array       $params
     * @return object
     */
    public function getList(string $jobId = null, array $params = [])
    {
        // make the URL for this request
        $url = sprintf(
            '%s/?Status=%s&Fromdate=%s&JobId=%s&CreatedAfter=%s&ExternalCustomerRef=%s',
            $this->getBaseUrl(),
            isset($params['status']) ? $params['status'] : 'All',
            isset($params['from_date']) ? $params['from_date'] : null,
            $jobId,
            isset($params['created_after']) ? $params['created_after'] : null,
            isset($params['ext_cust_ref']) ? $params['ext_cust_ref'] : null
        );

        // get the headers for this request
        $headers = $this->headers->make('GET', $url);

        // get the response
        $response = $this->client->get($url, [
            'headers' => $headers,
        ]);

        // return the response
        return $response;
    }

    /**
     * Creates a new document to sign, and returns
     * a document response object.
     *
     * @param  array  $body
     * @return object
     */
    public function create(array $body)
    {
        // keys that are mandatory for this request
        $needKeys = [
            'Description',
            'FileContent',
            'FileMD5CheckSum',
            'FileName',
            'Language',
            'SigneeRefs',
            'SignJobId',
            'Title',
        ];

        // keys that need to be present in each signeeref
        $needSubKeys = [
            'SigneeRefId',
            'FirstName',
            'LastName',
            'Email',
        ];

        // if the body doesn't have needed fields, throw an exception
        $this->validateHasKeys($body, $needKeys);

        if (! is_array($body['SigneeRefs'])) {
            throw new UnexpectedValueException('SigneeRefs key in input should be an array');
        }

        foreach ($body['SigneeRefs'] as $ref) {
            if (! is_array($ref)) {
                throw new UnexpectedValueException('Each item in SigneeRefs should be an array');
            }

            // the SignreeRefs should have some fields
            $this->validateHasKeys($ref, $needSubKeys);
        }

        // make the URL for this request
        $url = $this->getBaseUrl();

        // get the headers for this request
        $headers = $this->headers->make('POST', $url, $body, true);

        // get the response
        $response = $this->client->post($url, [
            'headers' => $headers,
            'json' => $body,
        ]);

        // return the response
        return $response;
    }

    /**
     * Creates a new document to sign, and returns
     * a document response object.
     *
     * @param  array  $body
     * @return object
     */
    public function cancel(array $body)

    {
        // keys that are mandatory for this request
        $needKeys = ['CanceledDate', 'DocumentID', 'Signature'];

        // if the body doesn't have needed fields, throw an exception
        $this->validateHasKeys($body, $needKeys);

        // make the URL for this request
        $url = sprintf('%s/CancelDocument', $this->getBaseUrl());

        // get the headers for this request
        $headers = $this->headers->make('POST', $url, $body);

        // get the response
        $response = $this->client->post($url, [
            'headers' => $headers,
            'json' => $body,
        ]);

        // return the response
        return $response;
    }

    /**
     * Creates a new document to sign, and returns
     * a document response object.
     *
     * @param  array  $body
     * @return object
     */
    public function changeDeadline(array $body)

    {
        // keys that are mandatory for this request
        $needKeys = ['DocumentID', 'NewDeadline', 'ProviderID'];

        // if the body doesn't have needed fields, throw an exception
        $this->validateHasKeys($body, $needKeys);

        // make the URL for this request
        $url = sprintf('%s/ChangeDeadline', $this->getBaseUrl());

        // get the headers for this request
        $headers = $this->headers->make('PUT', $url, $body);

        // get the response
        $response = $this->client->put($url, [
            'headers' => $headers,
            'json' => $body,
        ]);

        // return the response
        return $response;
    }
}


1			<?php
2
3			namespace Sausin\Signere;
4
5			class Document extends BaseClass
6			{
7			/** The URI of the action */
8			const URI = 'https://api.signere.no/api/Document';
9
10			/**
11			* Returns the url to sign the document for the given Signeeref
12			* or the first Signeeref if not SigneerefId is specified.
13			*
14			* @param string $documentId
15			* @param string\|null $signeeRefId
16			* @return object
17			*/
18	1		public function getSignUrl(string $documentId, string $signeeRefId = null)
19			{
20			// make the URL for this request
21	1		$url = sprintf(
22	1		'%s/SignUrl?documentId=%s&signeeRefId=%s',
23	1		$this->getBaseUrl(),
24	1		$documentId,
25	1		$signeeRefId
26			);
27
28			// get the headers for this request
29	1		$headers = $this->headers->make('GET', $url);
30
31			// get the response
32	1		$response = $this->client->get($url, [
33	1		'headers' => $headers,
34			]);
35
36			// return the response
37	1		return $response;
38			}
39
40			/**
41			* Retrieves the document with the given ID.
42			*
43			* @param string $documentId
44			* @return object
45			*/
46	1		public function get(string $documentId)
47			{
48			// make the URL for this request
49	1		$url = sprintf('%s/%s', $this->getBaseUrl(), $documentId);
50
51			// get the headers for this request
52	1		$headers = $this->headers->make('GET', $url);
53
54			// get the response
55	1		$response = $this->client->get($url, [
56	1		'headers' => $headers,
57			]);
58
59			// return the response
60	1		return $response;
61			}
62
63			/**
64			* Returns a temporary URL for viewing a signed
65			* document in the BankID applet.
66			*
67			* @param string $documentId
68			* @return object
69			*/
70	1		public function getTemporaryUrl(string $documentId)
71			{
72			// make the URL for this request
73	1		$url = sprintf(
74	1		'%s/SignedDocument/TemporaryViewerUrl/%s',
75	1		$this->getBaseUrl(),
76	1		$documentId
77			);
78
79			// get the headers for this request
80	1		$headers = $this->headers->make('GET', $url);
81
82			// get the response
83	1		$response = $this->client->get($url, [
84	1		'headers' => $headers,
85			]);
86
87			// return the response
88	1		return $response;
89			}
90
91			/**
92			* Retrieves a list of documents based on the given parameters.
93			*
94			* @param string\|null $jobId
95			* @param array $params
96			* @return object
97			*/
98	1		public function getList(string $jobId = null, array $params = [])
99			{
100			// make the URL for this request
101	1		$url = sprintf(
102	1		'%s/?Status=%s&Fromdate=%s&JobId=%s&CreatedAfter=%s&ExternalCustomerRef=%s',
103	1		$this->getBaseUrl(),
104	1		isset($params['status']) ? $params['status'] : 'All',
105	1		isset($params['from_date']) ? $params['from_date'] : null,
106	1		$jobId,
107	1		isset($params['created_after']) ? $params['created_after'] : null,
108	1		isset($params['ext_cust_ref']) ? $params['ext_cust_ref'] : null
109			);
110
111			// get the headers for this request
112	1		$headers = $this->headers->make('GET', $url);
113
114			// get the response
115	1		$response = $this->client->get($url, [
116	1		'headers' => $headers,
117			]);
118
119			// return the response
120	1		return $response;
121			}
122
123			/**
124			* Creates a new document to sign, and returns
125			* a document response object.
126			*
127			* @param array $body
128			* @return object
129			*/
130	1		public function create(array $body)
131			{
132			// keys that are mandatory for this request
133			$needKeys = [
134	1		'Description',
135			'FileContent',
136			'FileMD5CheckSum',
137			'FileName',
138			'Language',
139			'SigneeRefs',
140			'SignJobId',
141			'Title',
142			];
143
144			// keys that need to be present in each signeeref
145			$needSubKeys = [
146	1		'SigneeRefId',
147			'FirstName',
148			'LastName',
149			'Email',
150			];
151
152			// if the body doesn't have needed fields, throw an exception
153	1		$this->validateHasKeys($body, $needKeys);
154
155	1		if (! is_array($body['SigneeRefs'])) {
156			throw new UnexpectedValueException('SigneeRefs key in input should be an array');
157			}
158
159	1		foreach ($body['SigneeRefs'] as $ref) {
160	1		if (! is_array($ref)) {
161			throw new UnexpectedValueException('Each item in SigneeRefs should be an array');
162			}
163
164			// the SignreeRefs should have some fields
165	1		$this->validateHasKeys($ref, $needSubKeys);
166			}
167
168			// make the URL for this request
169	1		$url = $this->getBaseUrl();
170
171			// get the headers for this request
172	1		$headers = $this->headers->make('POST', $url, $body, true);
173
174			// get the response
175	1		$response = $this->client->post($url, [
176	1		'headers' => $headers,
177	1		'json' => $body,
178			]);
179
180			// return the response
181	1		return $response;
182			}
183
184			/**
185			* Creates a new document to sign, and returns
186			* a document response object.
187			*
188			* @param array $body
189			* @return object
190			*/
191	1	View Code Duplication	public function cancel(array $body)
			0 ignored issues – show Duplication introduced 2017-08-24 21:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
192			{
193			// keys that are mandatory for this request
194	1		$needKeys = ['CanceledDate', 'DocumentID', 'Signature'];
195
196			// if the body doesn't have needed fields, throw an exception
197	1		$this->validateHasKeys($body, $needKeys);
198
199			// make the URL for this request
200	1		$url = sprintf('%s/CancelDocument', $this->getBaseUrl());
201
202			// get the headers for this request
203	1		$headers = $this->headers->make('POST', $url, $body);
204
205			// get the response
206	1		$response = $this->client->post($url, [
207	1		'headers' => $headers,
208	1		'json' => $body,
209			]);
210
211			// return the response
212	1		return $response;
213			}
214
215			/**
216			* Creates a new document to sign, and returns
217			* a document response object.
218			*
219			* @param array $body
220			* @return object
221			*/
222	1	View Code Duplication	public function changeDeadline(array $body)
			0 ignored issues – show Duplication introduced 2017-08-24 21:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
223			{
224			// keys that are mandatory for this request
225	1		$needKeys = ['DocumentID', 'NewDeadline', 'ProviderID'];
226
227			// if the body doesn't have needed fields, throw an exception
228	1		$this->validateHasKeys($body, $needKeys);
229
230			// make the URL for this request
231	1		$url = sprintf('%s/ChangeDeadline', $this->getBaseUrl());
232
233			// get the headers for this request
234	1		$headers = $this->headers->make('PUT', $url, $body);
235
236			// get the response
237	1		$response = $this->client->put($url, [
238	1		'headers' => $headers,
239	1		'json' => $body,
240			]);
241
242			// return the response
243	1		return $response;
244			}
245			}
246

sausin / signere-sdk

Issues (33)

Security Analysis not enabled

src/Document.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like