Issues in ShipmentEvent.php (master) - Issues in master - slince/shipment-tracking-foundation - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/ShipmentEvent.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Slince shipment tracker library
 * @author Tao <[email protected]>
 */
namespace Slince\ShipmentTracking\Foundation;

use Slince\ShipmentTracking\Foundation\Location\LocationInterface;

class ShipmentEvent implements \JsonSerializable
{
    /**
     * @var \DateTime
     * @deprecated
     */
    protected $date;

    /**
     * @var string
     */
    protected $description;

    /**
     * @var string|LocationInterface
     */
    protected $location;

    /**
     * @var string
     */
    protected $status;

    /**
     * @var \DateTime
     */
    protected $time;

    public function __construct(\DateTime $time = null, $description = null, $location = null)
    {
        $this->setTime($time);
function notNullable(stdClass $x) { }

// Unsafe
function withoutCheck(stdClass $x = null) {
    notNullable($x);
}

// Safe - Alternative 1: Adding Additional Type-Check
function withCheck(stdClass $x = null) {
    if ($x instanceof stdClass) {
        notNullable($x);
    }
}

// Safe - Alternative 2: Changing Parameter
function withNonNullableParam(stdClass $x) {
    notNullable($x);
}
        $this->description = $description;
        $this->location = $location;
    }

    /**
     * @return \DateTime
     * @deprecated
     */
    public function getDate()
    {
        return $this->date;

    }

    /**
     * @param \DateTime $date
     * @return ShipmentEvent
     * @deprecated
     */
    public function setDate($date)
    {
        if (!$date instanceof \DateTime) {
            $date = new \DateTime($date);
        }
        $this->setTime($date);
        return $this;
    }

    /**
     * @return \DateTime
     */
    public function getTime()
    {
        return $this->time;
    }

    /**
     * @param \DateTime $time
     * @return ShipmentEvent
     */
    public function setTime($time)
    {
        $this->time = $time;
        if ($time) {
            $this->date = $time->format('Y-m-d H:i:s');

        }
        return $this;
    }

    /**
     * @return string
     */
    public function getDescription()
    {
        return $this->description;
    }

    /**
     * @param string $description
     * @return ShipmentEvent
     */
    public function setDescription($description)
    {
        $this->description = $description;
        return $this;
    }

    /**
     * @return string|LocationInterface
     */
    public function getLocation()
    {
        return $this->location;
    }

    /**
     * @param string|LocationInterface $location
     * @return ShipmentEvent
     */
    public function setLocation($location)
    {
        $this->location = $location;
        return $this;
    }

    /**
     * @return string
     */
    public function getStatus()
    {
        return $this->status;
    }

    /**
     * @param string $status
     * @return ShipmentEvent
     */
    public function setStatus($status)
    {
        $this->status = $status;
        return $this;
    }

    /**
     * Creates an event from an array
     * @param array $data
     * @return static
     */
    public static function fromArray($data)
    {
        $event = new static();
        foreach ($data as $property => $value) {
            if (method_exists($event, $method = 'set' . ucfirst($property))) {
                $event->$method($value);
            }
        }
        return $event;
    }

    /**
     * Converts the event to array
     * @return array
     */
    public function toArray()
    {
        $methods = get_class_methods($this);
        $data = [];
        foreach ($methods as $method) {
            if (substr($method, 0, 3) == 'get') {
                $property = lcfirst(substr($method, 3));
                $data[$property] = $this->$method();
            } elseif (substr($method, 0, 2) == 'is') {
                $property = lcfirst(substr($method, 2));
                $data[$property] = $this->$method();
            }
        }
        return $data;
    }

    /**
     * {@inheritdoc}
     */
    public function jsonSerialize()
    {
        return $this->toArray();
    }
}


1			<?php
2			/**
3			* Slince shipment tracker library
4			* @author Tao <[email protected]>
5			*/
6			namespace Slince\ShipmentTracking\Foundation;
7
8			use Slince\ShipmentTracking\Foundation\Location\LocationInterface;
9
10			class ShipmentEvent implements \JsonSerializable
11			{
12			/**
13			* @var \DateTime
14			* @deprecated
15			*/
16			protected $date;
17
18			/**
19			* @var string
20			*/
21			protected $description;
22
23			/**
24			* @var string\|LocationInterface
25			*/
26			protected $location;
27
28			/**
29			* @var string
30			*/
31			protected $status;
32
33			/**
34			* @var \DateTime
35			*/
36			protected $time;
37
38			public function __construct(\DateTime $time = null, $description = null, $location = null)
39			{
40			$this->setTime($time);
			0 ignored issues – show Bug introduced 2017-10-31 09:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$time` defined by parameter `$time` on line `38` can be `null`; however, `Slince\ShipmentTracking\...hipmentEvent::setTime()` does not accept `null`, maybe add an additional type check? It seems like you allow that null is being passed for a parameter, however the function which is called does not seem to accept null. We recommend to add an additional type check (or disallow null for the parameter): function notNullable(stdClass $x) { } // Unsafe function withoutCheck(stdClass $x = null) { notNullable($x); } // Safe - Alternative 1: Adding Additional Type-Check function withCheck(stdClass $x = null) { if ($x instanceof stdClass) { notNullable($x); } } // Safe - Alternative 2: Changing Parameter function withNonNullableParam(stdClass $x) { notNullable($x); } Loading history...
41			$this->description = $description;
42			$this->location = $location;
43			}
44
45			/**
46			* @return \DateTime
47			* @deprecated
48			*/
49			public function getDate()
50			{
51			return $this->date;
			0 ignored issues – show Deprecated Code introduced 2017-10-31 09:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `Slince\ShipmentTracking\...on\ShipmentEvent::$date` has been deprecated. This property has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the property will be removed from the class and what other property to use instead. Loading history...
52			}
53
54			/**
55			* @param \DateTime $date
56			* @return ShipmentEvent
57			* @deprecated
58			*/
59			public function setDate($date)
60			{
61			if (!$date instanceof \DateTime) {
62			$date = new \DateTime($date);
63			}
64			$this->setTime($date);
65			return $this;
66			}
67
68			/**
69			* @return \DateTime
70			*/
71			public function getTime()
72			{
73			return $this->time;
74			}
75
76			/**
77			* @param \DateTime $time
78			* @return ShipmentEvent
79			*/
80			public function setTime($time)
81			{
82			$this->time = $time;
83			if ($time) {
84			$this->date = $time->format('Y-m-d H:i:s');
			0 ignored issues – show Documentation Bug introduced 2017-10-31 09:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$time->format('Y-m-d H:i:s')` of type `string` is incompatible with the declared type `object<DateTime>` of property `$date`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history... Deprecated Code introduced 2017-10-31 09:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `Slince\ShipmentTracking\...on\ShipmentEvent::$date` has been deprecated. This property has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the property will be removed from the class and what other property to use instead. Loading history...
85			}
86			return $this;
87			}
88
89			/**
90			* @return string
91			*/
92			public function getDescription()
93			{
94			return $this->description;
95			}
96
97			/**
98			* @param string $description
99			* @return ShipmentEvent
100			*/
101			public function setDescription($description)
102			{
103			$this->description = $description;
104			return $this;
105			}
106
107			/**
108			* @return string\|LocationInterface
109			*/
110			public function getLocation()
111			{
112			return $this->location;
113			}
114
115			/**
116			* @param string\|LocationInterface $location
117			* @return ShipmentEvent
118			*/
119			public function setLocation($location)
120			{
121			$this->location = $location;
122			return $this;
123			}
124
125			/**
126			* @return string
127			*/
128			public function getStatus()
129			{
130			return $this->status;
131			}
132
133			/**
134			* @param string $status
135			* @return ShipmentEvent
136			*/
137			public function setStatus($status)
138			{
139			$this->status = $status;
140			return $this;
141			}
142
143			/**
144			* Creates an event from an array
145			* @param array $data
146			* @return static
147			*/
148			public static function fromArray($data)
149			{
150			$event = new static();
151			foreach ($data as $property => $value) {
152			if (method_exists($event, $method = 'set' . ucfirst($property))) {
153			$event->$method($value);
154			}
155			}
156			return $event;
157			}
158
159			/**
160			* Converts the event to array
161			* @return array
162			*/
163			public function toArray()
164			{
165			$methods = get_class_methods($this);
166			$data = [];
167			foreach ($methods as $method) {
168			if (substr($method, 0, 3) == 'get') {
169			$property = lcfirst(substr($method, 3));
170			$data[$property] = $this->$method();
171			} elseif (substr($method, 0, 2) == 'is') {
172			$property = lcfirst(substr($method, 2));
173			$data[$property] = $this->$method();
174			}
175			}
176			return $data;
177			}
178
179			/**
180			* {@inheritdoc}
181			*/
182			public function jsonSerialize()
183			{
184			return $this->toArray();
185			}
186			}
187

slince / shipment-tracking-foundation

Issues (4)

Security Analysis no request data

src/ShipmentEvent.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like