Issues in Charge.php (master) - Issues in master - shapintv/stripe - Measure and Improve Code Quality continuously with Scrutinizer

Issues (93)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Model/Charge/Charge.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

/*
 * This software may be modified and distributed under the terms
 * of the MIT license. See the LICENSE file for details.
 */

namespace Shapin\Stripe\Model\Charge;

use Money\Currency;
use Money\Money;
use Shapin\Stripe\Model\Account\Account;
use Shapin\Stripe\Model\Card\Card;
use Shapin\Stripe\Model\ContainsMetadata;
use Shapin\Stripe\Model\CreatableFromArray;
use Shapin\Stripe\Model\LivemodeTrait;
use Shapin\Stripe\Model\MetadataCollection;
use Shapin\Stripe\Model\MetadataTrait;
use Shapin\Stripe\Model\Refund\RefundCollection;
use Shapin\Stripe\Model\Source\Source;

final class Charge implements CreatableFromArray, ContainsMetadata
{
    use LivemodeTrait;
    use MetadataTrait;

    const STATUS_FAILED = 'failed';
    const STATUS_PENDING = 'pending';
    const STATUS_SUCCEEDED = 'succeeded';

    /**
     * @var string
     */
    private $id;

    /**
     * @var Money
     */
    private $amount;

    /**
     * @var Money
     */
    private $amountRefunded;

    /**
     * @var string
     */
    private $application;

    /**
     * @var Money
     */
    private $applicationFee;

    /**
     * @var ?string
     */
    private $balanceTransaction;

    /**
     * @var bool
     */
    private $captured;

    /**
     * @var \DateTimeImmutable
     */
    private $createdAt;

    /**
     * @var Currency
     */
    private $currency;

    /**
     * @var string
     */
    private $customer;

    /**
     * @var string
     */
    private $description;

    /**
     * @var ?string
     */
    private $destination;

    /**
     * @var string
     */
    private $dispute;

    /**
     * @var string
     */
    private $failureCode;

    /**
     * @var string
     */
    private $failureMessage;

    /**
     * @var array
     */
    private $fraudDetails;

    /**
     * @var string
     */
    private $invoice;

    /**
     * @var string
     */
    private $onBehalfOf;

    /**
     * @var string
     */
    private $order;

    /**
     * @var ?Outcome
     */
    private $outcome;

    /**
     * @var bool
     */
    private $paid;

    /**
     * @var string
     */
    private $paymentIntent;

    /**
     * @var string
     */
    private $receiptEmail;

    /**
     * @var string
     */
    private $receiptNumber;

    /**
     * @var string
     */
    private $receiptUrl;

    /**
     * @var bool
     */
    private $refunded;

    /**
     * @var RefundCollection
     */
    private $refunds;

    /**
     * @var string
     */
    private $review;

    /**
     * @var array
     */
    private $shipping;

    /**
     * @var mixed
     */
    private $source;

    /**
     * @var string
     */
    private $sourceTransfer;

    /**
     * @var string
     */
    private $statementDescriptor;

    /**
     * @var string
     */
    private $status;

    /**
     * @var string
     */
    private $transfer;

    /**
     * @var string
     */
    private $transferGroup;

    private function __construct()
    {
    }

    public static function createFromArray(array $data): self
    {
        $currency = new Currency(strtoupper($data['currency']));

        // Most of the time, the source is a card
        // @see: https://stripe.com/docs/api/charges/object?lang=curl#charge_object-source
        $source = $data['source'] ?? null;
        if (\is_array($source) && isset($source['object'])) {
            if ('card' === $source['object']) {
                $source = Card::createFromArray($source);
            } elseif ('account' === $source['object']) {
                $source = Account::createFromArray($source);
            } elseif ('source' === $source['object']) {
                $source = Source::createFromArray($source);
            }
        }

        $model = new self();
        $model->id = $data['id'];
        $model->amount = new Money($data['amount'], $currency);
        $model->amountRefunded = new Money($data['amount_refunded'], $currency);
        $model->application = $data['application'];
        $model->applicationFee = null !== $data['application_fee'] ? new Money($data['application_fee'], $currency) : new Money(0, $currency);
        $model->balanceTransaction = $data['balance_transaction'];
        $model->captured = (bool) $data['captured'];
        $model->createdAt = new \DateTimeImmutable('@'.$data['created']);
        $model->currency = $currency;
        $model->customer = $data['customer'];
        $model->description = $data['description'];
        $model->destination = $data['destination'] ?? null;
        $model->dispute = $data['dispute'];
        $model->failureCode = $data['failure_code'];
        $model->failureMessage = $data['failure_message'];
        $model->fraudDetails = $data['fraud_details']; // TODO: It's a hash. Make something better than just keeping it as is.
        $model->invoice = $data['invoice'];
        $model->live = (bool) $data['livemode'];
        $model->metadata = MetadataCollection::createFromArray($data['metadata']);

        $model->onBehalfOf = $data['on_behalf_of'];
        $model->order = $data['order'];
        $model->outcome = null !== $data['outcome'] ? Outcome::createFromArray($data['outcome']) : null;
        $model->paid = (bool) $data['paid'];
        $model->paymentIntent = $data['payment_intent'];
        $model->receiptEmail = $data['receipt_email'];
        $model->receiptNumber = $data['receipt_number'];
        $model->receiptUrl = $data['receipt_url'] ?? null;
        $model->refunded = (bool) $data['refunded'];
        $model->refunds = RefundCollection::createFromArray($data['refunds']);

        $model->review = $data['review'];
        $model->shipping = $data['shipping']; // TODO: It's a hash. Make something better than just keeping it as is.
        $model->source = $source;
        $model->sourceTransfer = $data['source_transfer'];
        $model->statementDescriptor = $data['statement_descriptor'];
        $model->status = $data['status'];
        $model->transfer = $data['transfer'] ?? null;
        $model->transferGroup = $data['transfer_group'];

        return $model;
    }

    public function isFailed(): bool
    {
        return self::STATUS_FAILED === $this->status;
    }

    public function isSucceeded(): bool
    {
        return self::STATUS_SUCCEEDED === $this->status;
    }

    public function isPending(): bool
    {
        return self::STATUS_PENDING === $this->status;
    }

    public function getId(): string
    {
        return $this->id;
    }

    public function getAmount(): Money
    {
        return $this->amount;
    }

    public function getAmountRefunded(): Money
    {
        return $this->amountRefunded;
    }

    public function getApplication(): ?string
    {
        return $this->application;
    }

    public function getApplicationFee(): Money
    {
        return $this->applicationFee;
    }

    public function getBalanceTransaction(): ?string
    {
        return $this->balanceTransaction;
    }

    public function isCaptured(): bool
    {
        return $this->captured;
    }

    public function getCreatedAt(): \DateTimeImmutable
    {
        return $this->createdAt;
    }

    public function getCurrency(): Currency
    {
        return $this->currency;
    }

    public function getCustomer(): ?string
    {
        return $this->customer;
    }

    public function getDescription(): ?string
    {
        return $this->description;
    }

    public function getDestination(): ?string
    {
        return $this->destination;
    }

    public function getDispute(): ?string
    {
        return $this->dispute;
    }

    public function getFailureCode(): ?string
    {
        return $this->failureCode;
    }

    public function getFailureMessage(): ?string
    {
        return $this->failureMessage;
    }

    public function getFraudDetails(): array
    {
        return $this->fraudDetails;
    }

    public function getInvoice(): ?string
    {
        return $this->invoice;
    }

    public function getOnBehalfOf(): ?string
    {
        return $this->onBehalfOf;
    }

    public function getOrder(): ?string
    {
        return $this->order;
    }

    public function getOutcome(): ?Outcome
    {
        return $this->outcome;
    }

    public function isPaid(): bool
    {
        return $this->paid;
    }

    public function getPaymentIntent(): ?string
    {
        return $this->paymentIntent;
    }

    public function getReceiptEmail(): ?string
    {
        return $this->receiptEmail;
    }

    public function getReceiptNumber(): ?string
    {
        return $this->receiptNumber;
    }

    public function getReceiptUrl(): ?string
    {
        return $this->receiptUrl;
    }

    public function isRefunded(): bool
    {
        return $this->refunded;
    }

    public function getRefunds(): RefundCollection
    {
        return $this->refunds;
    }

    public function getReview(): ?string
    {
        return $this->review;
    }

    public function getShipping(): ?array
    {
        return $this->shipping;
    }

    public function getSource()
    {
        return $this->source;
    }

    public function getSourceTransfer(): ?string
    {
        return $this->sourceTransfer;
    }

    public function getStatementDescriptor(): ?string
    {
        return $this->statementDescriptor;
    }

    public function getStatus(): string
    {
        return $this->status;
    }

    public function getTransfer(): ?string
    {
        return $this->transfer;
    }

    public function getTransferGroup(): ?string
    {
        return $this->transferGroup;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		/*
6		* This software may be modified and distributed under the terms
7		* of the MIT license. See the LICENSE file for details.
8		*/
9
10		namespace Shapin\Stripe\Model\Charge;
11
12		use Money\Currency;
13		use Money\Money;
14		use Shapin\Stripe\Model\Account\Account;
15		use Shapin\Stripe\Model\Card\Card;
16		use Shapin\Stripe\Model\ContainsMetadata;
17		use Shapin\Stripe\Model\CreatableFromArray;
18		use Shapin\Stripe\Model\LivemodeTrait;
19		use Shapin\Stripe\Model\MetadataCollection;
20		use Shapin\Stripe\Model\MetadataTrait;
21		use Shapin\Stripe\Model\Refund\RefundCollection;
22		use Shapin\Stripe\Model\Source\Source;
23
24		final class Charge implements CreatableFromArray, ContainsMetadata
25		{
26		use LivemodeTrait;
27		use MetadataTrait;
28
29		const STATUS_FAILED = 'failed';
30		const STATUS_PENDING = 'pending';
31		const STATUS_SUCCEEDED = 'succeeded';
32
33		/**
34		* @var string
35		*/
36		private $id;
37
38		/**
39		* @var Money
40		*/
41		private $amount;
42
43		/**
44		* @var Money
45		*/
46		private $amountRefunded;
47
48		/**
49		* @var string
50		*/
51		private $application;
52
53		/**
54		* @var Money
55		*/
56		private $applicationFee;
57
58		/**
59		* @var ?string
60		*/
61		private $balanceTransaction;
62
63		/**
64		* @var bool
65		*/
66		private $captured;
67
68		/**
69		* @var \DateTimeImmutable
70		*/
71		private $createdAt;
72
73		/**
74		* @var Currency
75		*/
76		private $currency;
77
78		/**
79		* @var string
80		*/
81		private $customer;
82
83		/**
84		* @var string
85		*/
86		private $description;
87
88		/**
89		* @var ?string
90		*/
91		private $destination;
92
93		/**
94		* @var string
95		*/
96		private $dispute;
97
98		/**
99		* @var string
100		*/
101		private $failureCode;
102
103		/**
104		* @var string
105		*/
106		private $failureMessage;
107
108		/**
109		* @var array
110		*/
111		private $fraudDetails;
112
113		/**
114		* @var string
115		*/
116		private $invoice;
117
118		/**
119		* @var string
120		*/
121		private $onBehalfOf;
122
123		/**
124		* @var string
125		*/
126		private $order;
127
128		/**
129		* @var ?Outcome
130		*/
131		private $outcome;
132
133		/**
134		* @var bool
135		*/
136		private $paid;
137
138		/**
139		* @var string
140		*/
141		private $paymentIntent;
142
143		/**
144		* @var string
145		*/
146		private $receiptEmail;
147
148		/**
149		* @var string
150		*/
151		private $receiptNumber;
152
153		/**
154		* @var string
155		*/
156		private $receiptUrl;
157
158		/**
159		* @var bool
160		*/
161		private $refunded;
162
163		/**
164		* @var RefundCollection
165		*/
166		private $refunds;
167
168		/**
169		* @var string
170		*/
171		private $review;
172
173		/**
174		* @var array
175		*/
176		private $shipping;
177
178		/**
179		* @var mixed
180		*/
181		private $source;
182
183		/**
184		* @var string
185		*/
186		private $sourceTransfer;
187
188		/**
189		* @var string
190		*/
191		private $statementDescriptor;
192
193		/**
194		* @var string
195		*/
196		private $status;
197
198		/**
199		* @var string
200		*/
201		private $transfer;
202
203		/**
204		* @var string
205		*/
206		private $transferGroup;
207
208	12	private function __construct()
209		{
210	12	}
211
212	12	public static function createFromArray(array $data): self
213		{
214	12	$currency = new Currency(strtoupper($data['currency']));
215
216		// Most of the time, the source is a card
217		// @see: https://stripe.com/docs/api/charges/object?lang=curl#charge_object-source
218	12	$source = $data['source'] ?? null;
219	12	if (\is_array($source) && isset($source['object'])) {
220	8	if ('card' === $source['object']) {
221	7	$source = Card::createFromArray($source);
222	1	} elseif ('account' === $source['object']) {
223		$source = Account::createFromArray($source);
224	1	} elseif ('source' === $source['object']) {
225	1	$source = Source::createFromArray($source);
226		}
227		}
228
229	12	$model = new self();
230	12	$model->id = $data['id'];
231	12	$model->amount = new Money($data['amount'], $currency);
232	12	$model->amountRefunded = new Money($data['amount_refunded'], $currency);
233	12	$model->application = $data['application'];
234	12	$model->applicationFee = null !== $data['application_fee'] ? new Money($data['application_fee'], $currency) : new Money(0, $currency);
235	12	$model->balanceTransaction = $data['balance_transaction'];
236	12	$model->captured = (bool) $data['captured'];
237	12	$model->createdAt = new \DateTimeImmutable('@'.$data['created']);
238	12	$model->currency = $currency;
239	12	$model->customer = $data['customer'];
240	12	$model->description = $data['description'];
241	12	$model->destination = $data['destination'] ?? null;
242	12	$model->dispute = $data['dispute'];
243	12	$model->failureCode = $data['failure_code'];
244	12	$model->failureMessage = $data['failure_message'];
245	12	$model->fraudDetails = $data['fraud_details']; // TODO: It's a hash. Make something better than just keeping it as is.
246	12	$model->invoice = $data['invoice'];
247	12	$model->live = (bool) $data['livemode'];
248	12	$model->metadata = MetadataCollection::createFromArray($data['metadata']);
		0 ignored issues – show Documentation Bug introduced 2019-02-05 12:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\Shapin\Stripe\Model\Met...rray($data['metadata'])` of type `object<self>` is incompatible with the declared type `object<Shapin\Stripe\Model\MetadataCollection>` of property `$metadata`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
249	12	$model->onBehalfOf = $data['on_behalf_of'];
250	12	$model->order = $data['order'];
251	12	$model->outcome = null !== $data['outcome'] ? Outcome::createFromArray($data['outcome']) : null;
252	12	$model->paid = (bool) $data['paid'];
253	12	$model->paymentIntent = $data['payment_intent'];
254	12	$model->receiptEmail = $data['receipt_email'];
255	12	$model->receiptNumber = $data['receipt_number'];
256	12	$model->receiptUrl = $data['receipt_url'] ?? null;
257	12	$model->refunded = (bool) $data['refunded'];
258	12	$model->refunds = RefundCollection::createFromArray($data['refunds']);
		0 ignored issues – show Documentation Bug introduced 2019-02-05 12:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\Shapin\Stripe\Model\Ref...Array($data['refunds'])` of type `object<self>` is incompatible with the declared type `object<Shapin\Stripe\Mod...efund\RefundCollection>` of property `$refunds`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
259	12	$model->review = $data['review'];
260	12	$model->shipping = $data['shipping']; // TODO: It's a hash. Make something better than just keeping it as is.
261	12	$model->source = $source;
262	12	$model->sourceTransfer = $data['source_transfer'];
263	12	$model->statementDescriptor = $data['statement_descriptor'];
264	12	$model->status = $data['status'];
265	12	$model->transfer = $data['transfer'] ?? null;
266	12	$model->transferGroup = $data['transfer_group'];
267
268	12	return $model;
269		}
270
271	2	public function isFailed(): bool
272		{
273	2	return self::STATUS_FAILED === $this->status;
274		}
275
276	2	public function isSucceeded(): bool
277		{
278	2	return self::STATUS_SUCCEEDED === $this->status;
279		}
280
281	2	public function isPending(): bool
282		{
283	2	return self::STATUS_PENDING === $this->status;
284		}
285
286		public function getId(): string
287		{
288		return $this->id;
289		}
290
291	2	public function getAmount(): Money
292		{
293	2	return $this->amount;
294		}
295
296	2	public function getAmountRefunded(): Money
297		{
298	2	return $this->amountRefunded;
299		}
300
301	2	public function getApplication(): ?string
302		{
303	2	return $this->application;
304		}
305
306	2	public function getApplicationFee(): Money
307		{
308	2	return $this->applicationFee;
309		}
310
311	2	public function getBalanceTransaction(): ?string
312		{
313	2	return $this->balanceTransaction;
314		}
315
316	2	public function isCaptured(): bool
317		{
318	2	return $this->captured;
319		}
320
321	2	public function getCreatedAt(): \DateTimeImmutable
322		{
323	2	return $this->createdAt;
324		}
325
326	2	public function getCurrency(): Currency
327		{
328	2	return $this->currency;
329		}
330
331	2	public function getCustomer(): ?string
332		{
333	2	return $this->customer;
334		}
335
336	2	public function getDescription(): ?string
337		{
338	2	return $this->description;
339		}
340
341	2	public function getDestination(): ?string
342		{
343	2	return $this->destination;
344		}
345
346	2	public function getDispute(): ?string
347		{
348	2	return $this->dispute;
349		}
350
351	2	public function getFailureCode(): ?string
352		{
353	2	return $this->failureCode;
354		}
355
356	2	public function getFailureMessage(): ?string
357		{
358	2	return $this->failureMessage;
359		}
360
361	2	public function getFraudDetails(): array
362		{
363	2	return $this->fraudDetails;
364		}
365
366	2	public function getInvoice(): ?string
367		{
368	2	return $this->invoice;
369		}
370
371	2	public function getOnBehalfOf(): ?string
372		{
373	2	return $this->onBehalfOf;
374		}
375
376	2	public function getOrder(): ?string
377		{
378	2	return $this->order;
379		}
380
381	2	public function getOutcome(): ?Outcome
382		{
383	2	return $this->outcome;
384		}
385
386	2	public function isPaid(): bool
387		{
388	2	return $this->paid;
389		}
390
391	2	public function getPaymentIntent(): ?string
392		{
393	2	return $this->paymentIntent;
394		}
395
396	2	public function getReceiptEmail(): ?string
397		{
398	2	return $this->receiptEmail;
399		}
400
401	2	public function getReceiptNumber(): ?string
402		{
403	2	return $this->receiptNumber;
404		}
405
406	1	public function getReceiptUrl(): ?string
407		{
408	1	return $this->receiptUrl;
409		}
410
411	2	public function isRefunded(): bool
412		{
413	2	return $this->refunded;
414		}
415
416	2	public function getRefunds(): RefundCollection
417		{
418	2	return $this->refunds;
419		}
420
421	2	public function getReview(): ?string
422		{
423	2	return $this->review;
424		}
425
426	2	public function getShipping(): ?array
427		{
428	2	return $this->shipping;
429		}
430
431	2	public function getSource()
432		{
433	2	return $this->source;
434		}
435
436	2	public function getSourceTransfer(): ?string
437		{
438	2	return $this->sourceTransfer;
439		}
440
441	2	public function getStatementDescriptor(): ?string
442		{
443	2	return $this->statementDescriptor;
444		}
445
446	2	public function getStatus(): string
447		{
448	2	return $this->status;
449		}
450
451	2	public function getTransfer(): ?string
452		{
453	2	return $this->transfer;
454		}
455
456	2	public function getTransferGroup(): ?string
457		{
458	2	return $this->transferGroup;
459		}
460		}
461

shapintv / stripe

Issues (93)

Security Analysis no request data

src/Model/Charge/Charge.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like