Issues in Source.php (master) - Issues in master - shapintv/stripe - Measure and Improve Code Quality continuously with Scrutinizer

Issues (93)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Model/Source/Source.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

/*
 * This software may be modified and distributed under the terms
 * of the MIT license. See the LICENSE file for details.
 */

namespace Shapin\Stripe\Model\Source;

use Money\Currency;
use Money\Money;
use Shapin\Stripe\Model\ContainsMetadata;
use Shapin\Stripe\Model\CreatableFromArray;
use Shapin\Stripe\Model\LivemodeTrait;
use Shapin\Stripe\Model\MetadataCollection;
use Shapin\Stripe\Model\MetadataTrait;

final class Source implements CreatableFromArray, ContainsMetadata
{
    const FLOW_CODE_VERIFICATION = 'code_verification';
    const FLOW_NONE = 'none';
    const FLOW_REDIRECT = 'redirect';
    const FLOW_RECEIVER = 'receiver';

    const NOTIFICATION_METHOD_EMAIL = 'email';
    const NOTIFICATION_METHOD_MANUAL = 'manual';
    const NOTIFICATION_METHOD_NONE = 'none';

    const REFUND_ATTRIBUTES_METHOD_EMAIL = 'email';
    const REFUND_ATTRIBUTES_METHOD_MANUAL = 'manual';

    const STATUS_CANCELED = 'canceled';
    const STATUS_CHARGEABLE = 'chargeable';
    const STATUS_CONSUMED = 'consumed';
    const STATUS_FAILED = 'failed';
    const STATUS_PENDING = 'pending';

    const TYPE_ACH_CREDIT_TRANSFER = 'ach_credit_transfer';
    const TYPE_ACH_DEBIT = 'ach_debit';
    const TYPE_ALIPAY = 'alipay';
    const TYPE_BANCONTACT = 'bancontact';
    const TYPE_CARD = 'card';
    const TYPE_CARD_PRESENT = 'card_present';
    const TYPE_EPS = 'eps';
    const TYPE_GIROPAY = 'giropay';
    const TYPE_IDEAL = 'ideal';
    const TYPE_MULTIBANCO = 'multibanco';
    const TYPE_P24 = 'p24';
    const TYPE_PAPER_CHECK = 'paper_check';
    const TYPE_SEPA_CREDIT_TRANSFER = 'sepa_credit_transfer';
    const TYPE_SEPA_DEBIT = 'sepa_debit';
    const TYPE_SOFORT = 'sofort';
    const TYPE_THREE_D_SECURE = 'three_d_secure';

    const USAGE_REUSABLE = 'reusable';
    const USAGE_SINGLE_USE = 'single_use';

    use LivemodeTrait;
    use MetadataTrait;

    /**
     * @var string
     */
    private $id;

    /**
     * @var ?AchCreditTransfer
     */
    private $achCreditTransfer;

    /**
     * @var ?Money
     */
    private $amount;

    /**
     * @var ?Card
     */
    private $card;

    /**
     * @var ?string
     */
    private $clientSecret;

    /**
     * @var ?CodeVerification
     */
    private $codeVerification;

    /**
     * @var ?\DateTimeImmutable
     */
    private $createdAt;

    /**
     * @var ?Currency
     */
    private $currency;

    /**
     * @var ?string
     */
    private $customer;

    /**
     * @var ?string
     */
    private $flow;

    /**
     * @var ?Owner
     */
    private $owner;

    /**
     * @var ?Receiver
     */
    private $receiver;

    /**
     * @var ?Redirect
     */
    private $redirect;

    /**
     * @var ?string
     */
    private $statementDescriptor;

    /**
     * @var ?string
     */
    private $status;

    /**
     * @var ?string
     */
    private $type;

    /**
     * @var ?string
     */
    private $usage;

    public static function createFromArray(array $data): self
    {
        $model = new self();

        if (isset($data['currency'])) {
            $currency = new Currency(strtoupper($data['currency']));
            $model->amount = isset($data['amount']) ? new Money($data['amount'], $currency) : null;
            $model->currency = $currency;
            if (isset($data['receiver'])) {
                $model->receiver = Receiver::createFromArray($data['receiver'], $currency);
            }
        }

        $model->id = $data['id'];
        if (isset($data['ach_credit_transfer'])) {
            $model->achCreditTransfer = AchCreditTransfer::createFromArray($data['ach_credit_transfer']);
        }
        if (isset($data['card'])) {
            $model->card = Card::createFromArray($data['card']);
        }
        $model->clientSecret = $data['client_secret'] ?? null;
        if (isset($data['code_verification'])) {
            $model->codeVerification = CodeVerification::createFromArray($data['code_verification']);
        }
        $model->createdAt = isset($data['created']) ? new \DateTimeImmutable('@'.$data['created']) : null;
        $model->customer = $data['customer'] ?? null;
        $model->flow = $data['flow'] ?? null;
        $model->live = $data['livemode'] ?? false;
        $model->metadata = MetadataCollection::createFromArray($data['metadata']);

        $model->owner = isset($data['owner']) ? Owner::createFromArray($data['owner']) : null;
        if (isset($data['redirect'])) {
            $model->redirect = Redirect::createFromArray($data['redirect']);
        }
        $model->statementDescriptor = $data['statement_descriptor'] ?? null;
        $model->status = $data['status'] ?? null;
        $model->type = $data['type'] ?? null;
        $model->usage = $data['usage'] ?? null;

        return $model;
    }

    public function isThreeDSecure(): bool
    {
        return self::TYPE_THREE_D_SECURE === $this->type;
    }

    public function isCanceled(): bool
    {
        return self::STATUS_CANCELED === $this->status;
    }

    public function isChargeable(): bool
    {
        return self::STATUS_CHARGEABLE === $this->status;
    }

    public function isConsumed(): bool
    {
        return self::STATUS_CONSUMED === $this->status;
    }

    public function isFailed(): bool
    {
        return self::STATUS_FAILED === $this->status;
    }

    public function isPending(): bool
    {
        return self::STATUS_PENDING === $this->status;
    }

    public function getId(): string
    {
        return $this->id;
    }

    public function getAchCreditTransfer(): ?AchCreditTransfer
    {
        return $this->achCreditTransfer;
    }

    public function getAmount(): ?Money
    {
        return $this->amount;
    }

    public function getCard(): ?Card
    {
        return $this->card;
    }

    public function getClientSecret(): ?string
    {
        return $this->clientSecret;
    }

    public function getCodeVerification(): ?CodeVerification
    {
        return $this->codeVerification;
    }

    public function getCreatedAt(): ?\DateTimeImmutable
    {
        return $this->createdAt;
    }

    public function getCurrency(): ?Currency
    {
        return $this->currency;
    }

    public function getCustomer(): ?string
    {
        return $this->customer;
    }

    public function getFlow(): ?string
    {
        return $this->flow;
    }

    public function getOwner(): ?Owner
    {
        return $this->owner;
    }

    public function getReceiver(): ?Receiver
    {
        return $this->receiver;
    }

    public function getRedirect(): ?Redirect
    {
        return $this->redirect;
    }

    public function getStatementDescriptor(): ?string
    {
        return $this->statementDescriptor;
    }

    public function getStatus(): ?string
    {
        return $this->status;
    }

    public function getType(): ?string
    {
        return $this->type;
    }

    public function getUsage(): ?string
    {
        return $this->usage;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		/*
6		* This software may be modified and distributed under the terms
7		* of the MIT license. See the LICENSE file for details.
8		*/
9
10		namespace Shapin\Stripe\Model\Source;
11
12		use Money\Currency;
13		use Money\Money;
14		use Shapin\Stripe\Model\ContainsMetadata;
15		use Shapin\Stripe\Model\CreatableFromArray;
16		use Shapin\Stripe\Model\LivemodeTrait;
17		use Shapin\Stripe\Model\MetadataCollection;
18		use Shapin\Stripe\Model\MetadataTrait;
19
20		final class Source implements CreatableFromArray, ContainsMetadata
21		{
22		const FLOW_CODE_VERIFICATION = 'code_verification';
23		const FLOW_NONE = 'none';
24		const FLOW_REDIRECT = 'redirect';
25		const FLOW_RECEIVER = 'receiver';
26
27		const NOTIFICATION_METHOD_EMAIL = 'email';
28		const NOTIFICATION_METHOD_MANUAL = 'manual';
29		const NOTIFICATION_METHOD_NONE = 'none';
30
31		const REFUND_ATTRIBUTES_METHOD_EMAIL = 'email';
32		const REFUND_ATTRIBUTES_METHOD_MANUAL = 'manual';
33
34		const STATUS_CANCELED = 'canceled';
35		const STATUS_CHARGEABLE = 'chargeable';
36		const STATUS_CONSUMED = 'consumed';
37		const STATUS_FAILED = 'failed';
38		const STATUS_PENDING = 'pending';
39
40		const TYPE_ACH_CREDIT_TRANSFER = 'ach_credit_transfer';
41		const TYPE_ACH_DEBIT = 'ach_debit';
42		const TYPE_ALIPAY = 'alipay';
43		const TYPE_BANCONTACT = 'bancontact';
44		const TYPE_CARD = 'card';
45		const TYPE_CARD_PRESENT = 'card_present';
46		const TYPE_EPS = 'eps';
47		const TYPE_GIROPAY = 'giropay';
48		const TYPE_IDEAL = 'ideal';
49		const TYPE_MULTIBANCO = 'multibanco';
50		const TYPE_P24 = 'p24';
51		const TYPE_PAPER_CHECK = 'paper_check';
52		const TYPE_SEPA_CREDIT_TRANSFER = 'sepa_credit_transfer';
53		const TYPE_SEPA_DEBIT = 'sepa_debit';
54		const TYPE_SOFORT = 'sofort';
55		const TYPE_THREE_D_SECURE = 'three_d_secure';
56
57		const USAGE_REUSABLE = 'reusable';
58		const USAGE_SINGLE_USE = 'single_use';
59
60		use LivemodeTrait;
61		use MetadataTrait;
62
63		/**
64		* @var string
65		*/
66		private $id;
67
68		/**
69		* @var ?AchCreditTransfer
70		*/
71		private $achCreditTransfer;
72
73		/**
74		* @var ?Money
75		*/
76		private $amount;
77
78		/**
79		* @var ?Card
80		*/
81		private $card;
82
83		/**
84		* @var ?string
85		*/
86		private $clientSecret;
87
88		/**
89		* @var ?CodeVerification
90		*/
91		private $codeVerification;
92
93		/**
94		* @var ?\DateTimeImmutable
95		*/
96		private $createdAt;
97
98		/**
99		* @var ?Currency
100		*/
101		private $currency;
102
103		/**
104		* @var ?string
105		*/
106		private $customer;
107
108		/**
109		* @var ?string
110		*/
111		private $flow;
112
113		/**
114		* @var ?Owner
115		*/
116		private $owner;
117
118		/**
119		* @var ?Receiver
120		*/
121		private $receiver;
122
123		/**
124		* @var ?Redirect
125		*/
126		private $redirect;
127
128		/**
129		* @var ?string
130		*/
131		private $statementDescriptor;
132
133		/**
134		* @var ?string
135		*/
136		private $status;
137
138		/**
139		* @var ?string
140		*/
141		private $type;
142
143		/**
144		* @var ?string
145		*/
146		private $usage;
147
148	14	public static function createFromArray(array $data): self
149		{
150	14	$model = new self();
151
152	14	if (isset($data['currency'])) {
153	10	$currency = new Currency(strtoupper($data['currency']));
154	10	$model->amount = isset($data['amount']) ? new Money($data['amount'], $currency) : null;
155	10	$model->currency = $currency;
156	10	if (isset($data['receiver'])) {
157	10	$model->receiver = Receiver::createFromArray($data['receiver'], $currency);
158		}
159		}
160
161	14	$model->id = $data['id'];
162	14	if (isset($data['ach_credit_transfer'])) {
163	10	$model->achCreditTransfer = AchCreditTransfer::createFromArray($data['ach_credit_transfer']);
164		}
165	14	if (isset($data['card'])) {
166	2	$model->card = Card::createFromArray($data['card']);
167		}
168	14	$model->clientSecret = $data['client_secret'] ?? null;
169	14	if (isset($data['code_verification'])) {
170		$model->codeVerification = CodeVerification::createFromArray($data['code_verification']);
171		}
172	14	$model->createdAt = isset($data['created']) ? new \DateTimeImmutable('@'.$data['created']) : null;
173	14	$model->customer = $data['customer'] ?? null;
174	14	$model->flow = $data['flow'] ?? null;
175	14	$model->live = $data['livemode'] ?? false;
176	14	$model->metadata = MetadataCollection::createFromArray($data['metadata']);
		0 ignored issues – show Documentation Bug introduced 2019-02-07 11:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\Shapin\Stripe\Model\Met...rray($data['metadata'])` of type `object<self>` is incompatible with the declared type `object<Shapin\Stripe\Model\MetadataCollection>` of property `$metadata`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
177	14	$model->owner = isset($data['owner']) ? Owner::createFromArray($data['owner']) : null;
178	14	if (isset($data['redirect'])) {
179		$model->redirect = Redirect::createFromArray($data['redirect']);
180		}
181	14	$model->statementDescriptor = $data['statement_descriptor'] ?? null;
182	14	$model->status = $data['status'] ?? null;
183	14	$model->type = $data['type'] ?? null;
184	14	$model->usage = $data['usage'] ?? null;
185
186	14	return $model;
187		}
188
189	1	public function isThreeDSecure(): bool
190		{
191	1	return self::TYPE_THREE_D_SECURE === $this->type;
192		}
193
194	1	public function isCanceled(): bool
195		{
196	1	return self::STATUS_CANCELED === $this->status;
197		}
198
199	1	public function isChargeable(): bool
200		{
201	1	return self::STATUS_CHARGEABLE === $this->status;
202		}
203
204	1	public function isConsumed(): bool
205		{
206	1	return self::STATUS_CONSUMED === $this->status;
207		}
208
209	1	public function isFailed(): bool
210		{
211	1	return self::STATUS_FAILED === $this->status;
212		}
213
214	1	public function isPending(): bool
215		{
216	1	return self::STATUS_PENDING === $this->status;
217		}
218
219	2	public function getId(): string
220		{
221	2	return $this->id;
222		}
223
224	2	public function getAchCreditTransfer(): ?AchCreditTransfer
225		{
226	2	return $this->achCreditTransfer;
227		}
228
229	2	public function getAmount(): ?Money
230		{
231	2	return $this->amount;
232		}
233
234	1	public function getCard(): ?Card
235		{
236	1	return $this->card;
237		}
238
239	2	public function getClientSecret(): ?string
240		{
241	2	return $this->clientSecret;
242		}
243
244	2	public function getCodeVerification(): ?CodeVerification
245		{
246	2	return $this->codeVerification;
247		}
248
249	2	public function getCreatedAt(): ?\DateTimeImmutable
250		{
251	2	return $this->createdAt;
252		}
253
254	2	public function getCurrency(): ?Currency
255		{
256	2	return $this->currency;
257		}
258
259	2	public function getCustomer(): ?string
260		{
261	2	return $this->customer;
262		}
263
264	2	public function getFlow(): ?string
265		{
266	2	return $this->flow;
267		}
268
269	2	public function getOwner(): ?Owner
270		{
271	2	return $this->owner;
272		}
273
274	2	public function getReceiver(): ?Receiver
275		{
276	2	return $this->receiver;
277		}
278
279	2	public function getRedirect(): ?Redirect
280		{
281	2	return $this->redirect;
282		}
283
284	2	public function getStatementDescriptor(): ?string
285		{
286	2	return $this->statementDescriptor;
287		}
288
289	2	public function getStatus(): ?string
290		{
291	2	return $this->status;
292		}
293
294	2	public function getType(): ?string
295		{
296	2	return $this->type;
297		}
298
299	2	public function getUsage(): ?string
300		{
301	2	return $this->usage;
302		}
303		}
304

shapintv / stripe

Issues (93)

Security Analysis no request data

src/Model/Source/Source.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like