Issues in EventTrait.php (master) - Issues in master - shapintv/stripe - Measure and Improve Code Quality continuously with Scrutinizer

Issues (93)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Model/Event/EventTrait.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

/*
 * This software may be modified and distributed under the terms
 * of the MIT license. See the LICENSE file for details.
 */

namespace Shapin\Stripe\Model\Event;

use Shapin\Stripe\Exception\InvalidArgumentException;
use Shapin\Stripe\Model\Account\Account;
use Shapin\Stripe\Model\Balance\Balance;
use Shapin\Stripe\Model\BankAccount\BankAccount;
use Shapin\Stripe\Model\Card\Card;
use Shapin\Stripe\Model\Charge\Charge;
use Shapin\Stripe\Model\Coupon\Coupon;
use Shapin\Stripe\Model\Customer\Customer;
use Shapin\Stripe\Model\Discount\Discount;
use Shapin\Stripe\Model\Invoice\Invoice;
use Shapin\Stripe\Model\Invoice\LineItem as InvoiceItem;
use Shapin\Stripe\Model\LivemodeTrait;
use Shapin\Stripe\Model\MetadataCollection;
use Shapin\Stripe\Model\MetadataTrait;
use Shapin\Stripe\Model\Plan\Plan;
use Shapin\Stripe\Model\Product\Product;
use Shapin\Stripe\Model\Refund\Refund;
use Shapin\Stripe\Model\Source\Source;
use Shapin\Stripe\Model\Subscription\Subscription;
use Shapin\Stripe\Model\Transfer\Transfer;

trait EventTrait
{
    use LivemodeTrait;
    use MetadataTrait;

    /**
     * @var string
     */
    protected $id;

    /**
     * @var string
     */
    protected $apiVersion;

    /**
     * @var \DateTimeImmutable
     */
    protected $createdAt;

    /**
     * @var int
     */
    protected $pendingWebhooks;

    /**
     * @var ?Request
     */
    protected $request;

    /**
     * @var string
     */
    protected $type;

    /**
     * @var ?Account
     */
    private $account;

    /**
     * @var ?Balance
     */
    private $balance;

    /**
     * @var ?BankAccount
     */
    private $bankAccount;

    /**
     * @var ?Card
     */
    private $card;

    /**
     * @var ?Charge
     */
    private $charge;

    /**
     * @var ?Coupon
     */
    private $coupon;

    /**
     * @var ?Customer
     */
    private $customer;

    /**
     * @var ?Discount
     */
    private $discount;

    /**
     * @var ?Invoice
     */
    private $invoice;

    /**
     * @var ?InvoiceItem
     */
    private $invoiceItem;

    /**
     * @var ?Plan
     */
    protected $plan;

    /**
     * @var ?Product
     */
    protected $product;

    /**
     * @var ?Refund
     */
    protected $refund;

    /**
     * @var ?Source
     */
    protected $source;

    /**
     * @var ?Subscription
     */
    private $subscription;

    /**
     * @var ?Transfer
     */
    private $transfer;

    /**
     * @var array
     */
    private $previousAttributes;

    private function __construct()
    {
    }

    public static function createFromArray(array $data): self
    {
        $model = new self();
        $model->id = $data['id'];
        $model->apiVersion = $data['api_version'];
        $model->createdAt = new \DateTimeImmutable('@'.$data['created']);
        $model->live = (bool) $data['livemode'];
        $model->metadata = MetadataCollection::createFromArray($data['metadata'] ?? []);

        $model->pendingWebhooks = (int) $data['pending_webhooks'];
        $model->request = isset($data['request']) ? Request::createFromArray($data['request']) : null;
        $model->type = $data['type'];
        $model->previousAttributes = $data['data']['previous_attributes'] ?? [];

        if ('invoice.upcoming' === $data['type']) {
            return $model;
        }

        $object = $data['data']['object']['object'];
        switch ($object) {
            case 'account':
                $model->account = Account::createFromArray($data['data']['object']);
                break;
            case 'balance':
                $model->balance = Balance::createFromArray($data['data']['object']);
                break;
            case 'bank_account':
                $model->bankAccount = BankAccount::createFromArray($data['data']['object']);
                break;
            case 'card':
                $model->card = Card::createFromArray($data['data']['object']);
                break;
            case 'charge':
                $model->charge = Charge::createFromArray($data['data']['object']);
                break;
            case 'coupon':
                $model->coupon = Coupon::createFromArray($data['data']['object']);
                break;
            case 'customer':
                $model->customer = Customer::createFromArray($data['data']['object']);
                break;
            case 'discount':
                $model->discount = Discount::createFromArray($data['data']['object']);
                break;
            case 'invoice':
                $model->invoice = Invoice::createFromArray($data['data']['object']);
                break;
            case 'invoiceitem':
                $model->invoiceItem = InvoiceItem::createFromArray($data['data']['object']);
                break;
            case 'plan':
                $model->plan = Plan::createFromArray($data['data']['object']);
                break;
            case 'product':
                $model->product = Product::createFromArray($data['data']['object']);
                break;
            case 'refund':
                $model->refund = Refund::createFromArray($data['data']['object']);
                break;
            case 'source':
                $model->source = Source::createFromArray($data['data']['object']);
                break;
            case 'subscription':
                $model->subscription = Subscription::createFromArray($data['data']['object']);
                break;
            case 'transfer':
                $model->transfer = Transfer::createFromArray($data['data']['object']);
                break;
            default:
                throw new InvalidArgumentException("Unable to process event data: Unknown object $object");
        }

        return $model;
    }

    public function getId(): string
    {
        return $this->id;
    }

    public function getApiVersion(): string
    {
        return $this->apiVersion;
    }

    public function getCreatedAt(): \DateTimeImmutable
    {
        return $this->createdAt;
    }

    public function getPendingWebhooks(): int
    {
        return $this->pendingWebhooks;
    }

    public function getRequest(): ?Request
    {
        return $this->request;
    }

    public function getType(): string
    {
        return $this->type;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		/*
6		* This software may be modified and distributed under the terms
7		* of the MIT license. See the LICENSE file for details.
8		*/
9
10		namespace Shapin\Stripe\Model\Event;
11
12		use Shapin\Stripe\Exception\InvalidArgumentException;
13		use Shapin\Stripe\Model\Account\Account;
14		use Shapin\Stripe\Model\Balance\Balance;
15		use Shapin\Stripe\Model\BankAccount\BankAccount;
16		use Shapin\Stripe\Model\Card\Card;
17		use Shapin\Stripe\Model\Charge\Charge;
18		use Shapin\Stripe\Model\Coupon\Coupon;
19		use Shapin\Stripe\Model\Customer\Customer;
20		use Shapin\Stripe\Model\Discount\Discount;
21		use Shapin\Stripe\Model\Invoice\Invoice;
22		use Shapin\Stripe\Model\Invoice\LineItem as InvoiceItem;
23		use Shapin\Stripe\Model\LivemodeTrait;
24		use Shapin\Stripe\Model\MetadataCollection;
25		use Shapin\Stripe\Model\MetadataTrait;
26		use Shapin\Stripe\Model\Plan\Plan;
27		use Shapin\Stripe\Model\Product\Product;
28		use Shapin\Stripe\Model\Refund\Refund;
29		use Shapin\Stripe\Model\Source\Source;
30		use Shapin\Stripe\Model\Subscription\Subscription;
31		use Shapin\Stripe\Model\Transfer\Transfer;
32
33		trait EventTrait
34		{
35		use LivemodeTrait;
36		use MetadataTrait;
37
38		/**
39		* @var string
40		*/
41		protected $id;
42
43		/**
44		* @var string
45		*/
46		protected $apiVersion;
47
48		/**
49		* @var \DateTimeImmutable
50		*/
51		protected $createdAt;
52
53		/**
54		* @var int
55		*/
56		protected $pendingWebhooks;
57
58		/**
59		* @var ?Request
60		*/
61		protected $request;
62
63		/**
64		* @var string
65		*/
66		protected $type;
67
68		/**
69		* @var ?Account
70		*/
71		private $account;
72
73		/**
74		* @var ?Balance
75		*/
76		private $balance;
77
78		/**
79		* @var ?BankAccount
80		*/
81		private $bankAccount;
82
83		/**
84		* @var ?Card
85		*/
86		private $card;
87
88		/**
89		* @var ?Charge
90		*/
91		private $charge;
92
93		/**
94		* @var ?Coupon
95		*/
96		private $coupon;
97
98		/**
99		* @var ?Customer
100		*/
101		private $customer;
102
103		/**
104		* @var ?Discount
105		*/
106		private $discount;
107
108		/**
109		* @var ?Invoice
110		*/
111		private $invoice;
112
113		/**
114		* @var ?InvoiceItem
115		*/
116		private $invoiceItem;
117
118		/**
119		* @var ?Plan
120		*/
121		protected $plan;
122
123		/**
124		* @var ?Product
125		*/
126		protected $product;
127
128		/**
129		* @var ?Refund
130		*/
131		protected $refund;
132
133		/**
134		* @var ?Source
135		*/
136		protected $source;
137
138		/**
139		* @var ?Subscription
140		*/
141		private $subscription;
142
143		/**
144		* @var ?Transfer
145		*/
146		private $transfer;
147
148		/**
149		* @var array
150		*/
151		private $previousAttributes;
152
153	59	private function __construct()
154		{
155	59	}
156
157	59	public static function createFromArray(array $data): self
158		{
159	59	$model = new self();
160	59	$model->id = $data['id'];
161	59	$model->apiVersion = $data['api_version'];
162	59	$model->createdAt = new \DateTimeImmutable('@'.$data['created']);
163	59	$model->live = (bool) $data['livemode'];
164	59	$model->metadata = MetadataCollection::createFromArray($data['metadata'] ?? []);
		0 ignored issues – show Documentation Bug introduced 2019-02-06 10:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\Shapin\Stripe\Model\Met...'metadata'] ?? array())` of type `object<self>` is incompatible with the declared type `object<Shapin\Stripe\Model\MetadataCollection>` of property `$metadata`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
165	59	$model->pendingWebhooks = (int) $data['pending_webhooks'];
166	59	$model->request = isset($data['request']) ? Request::createFromArray($data['request']) : null;
167	59	$model->type = $data['type'];
168	59	$model->previousAttributes = $data['data']['previous_attributes'] ?? [];
169
170	59	if ('invoice.upcoming' === $data['type']) {
171	1	return $model;
172		}
173
174	58	$object = $data['data']['object']['object'];
175	58	switch ($object) {
176	58	case 'account':
177	1	$model->account = Account::createFromArray($data['data']['object']);
178	1	break;
179	57	case 'balance':
180	1	$model->balance = Balance::createFromArray($data['data']['object']);
181	1	break;
182	56	case 'bank_account':
183	4	$model->bankAccount = BankAccount::createFromArray($data['data']['object']);
184	4	break;
185	52	case 'card':
186	1	$model->card = Card::createFromArray($data['data']['object']);
187	1	break;
188	51	case 'charge':
189	7	$model->charge = Charge::createFromArray($data['data']['object']);
190	7	break;
191	44	case 'coupon':
192	3	$model->coupon = Coupon::createFromArray($data['data']['object']);
193	3	break;
194	41	case 'customer':
195	3	$model->customer = Customer::createFromArray($data['data']['object']);
196	3	break;
197	38	case 'discount':
198	3	$model->discount = Discount::createFromArray($data['data']['object']);
199	3	break;
200	35	case 'invoice':
201	9	$model->invoice = Invoice::createFromArray($data['data']['object']);
202	9	break;
203	26	case 'invoiceitem':
204	3	$model->invoiceItem = InvoiceItem::createFromArray($data['data']['object']);
205	3	break;
206	23	case 'plan':
207	3	$model->plan = Plan::createFromArray($data['data']['object']);
208	3	break;
209	20	case 'product':
210	3	$model->product = Product::createFromArray($data['data']['object']);
211	3	break;
212	17	case 'refund':
213	1	$model->refund = Refund::createFromArray($data['data']['object']);
214	1	break;
215	16	case 'source':
216	9	$model->source = Source::createFromArray($data['data']['object']);
217	9	break;
218	7	case 'subscription':
219	4	$model->subscription = Subscription::createFromArray($data['data']['object']);
220	4	break;
221	3	case 'transfer':
222	3	$model->transfer = Transfer::createFromArray($data['data']['object']);
223	3	break;
224		default:
225		throw new InvalidArgumentException("Unable to process event data: Unknown object $object");
226		}
227
228	58	return $model;
229		}
230
231		public function getId(): string
232		{
233		return $this->id;
234		}
235
236		public function getApiVersion(): string
237		{
238		return $this->apiVersion;
239		}
240
241		public function getCreatedAt(): \DateTimeImmutable
242		{
243		return $this->createdAt;
244		}
245
246		public function getPendingWebhooks(): int
247		{
248		return $this->pendingWebhooks;
249		}
250
251		public function getRequest(): ?Request
252		{
253		return $this->request;
254		}
255
256	59	public function getType(): string
257		{
258	59	return $this->type;
259		}
260		}
261

shapintv / stripe

Issues (93)

Security Analysis no request data

src/Model/Event/EventTrait.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like