Issues in Event.php (master) - Issues in master - spatie/laravel-google-calendar - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Event.php (1 issue)

Labels

Documentation 1

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Spatie\GoogleCalendar;

use Carbon\Carbon;
use Carbon\CarbonInterface;
use DateTime;
use Google_Service_Calendar_Event;
use Google_Service_Calendar_EventDateTime;
use Google_Service_Calendar_EventSource;
use Illuminate\Support\Arr;
use Illuminate\Support\Collection;
use Illuminate\Support\Str;

class Event
{
    /** @var \Google_Service_Calendar_Event */
    public $googleEvent;

    /** @var string */
    protected $calendarId;

    /** @var array */
    protected $attendees;

    public function __construct()
    {
        $this->attendees = [];
        $this->googleEvent = new Google_Service_Calendar_Event;
    }

    /**
     * @param \Google_Service_Calendar_Event $googleEvent
     * @param $calendarId
     *
     * @return static
     */
    public static function createFromGoogleCalendarEvent(Google_Service_Calendar_Event $googleEvent, $calendarId)
    {
        $event = new static;

        $event->googleEvent = $googleEvent;
        $event->calendarId = $calendarId;

        return $event;
    }

    /**
     * @param array $properties
     * @param string|null $calendarId
     *
     * @return mixed
     */
    public static function create(array $properties, string $calendarId = null, $optParams = [])
    {
        $event = new static;

        $event->calendarId = static::getGoogleCalendar($calendarId)->getCalendarId();

        foreach ($properties as $name => $value) {
            $event->$name = $value;
        }

        return $event->save('insertEvent', $optParams);
    }

    public static function quickCreate(string $text)
    {
        $event = new static;

        $event->calendarId = static::getGoogleCalendar()->getCalendarId();

        return $event->quickSave($text);
    }

    public static function get(CarbonInterface $startDateTime = null, CarbonInterface $endDateTime = null, array $queryParameters = [], string $calendarId = null): Collection
    {
        $googleCalendar = static::getGoogleCalendar($calendarId);

        $googleEvents = $googleCalendar->listEvents($startDateTime, $endDateTime, $queryParameters);

        $googleEventsList = $googleEvents->getItems();

        while ($googleEvents->getNextPageToken()) {
            $queryParameters['pageToken'] = $googleEvents->getNextPageToken();

            $googleEvents = $googleCalendar->listEvents($startDateTime, $endDateTime, $queryParameters);

            $googleEventsList = array_merge($googleEventsList, $googleEvents->getItems());
        }

        $useUserOrder = isset($queryParameters['orderBy']);

        return collect($googleEventsList)
            ->map(function (Google_Service_Calendar_Event $event) use ($calendarId) {
                return static::createFromGoogleCalendarEvent($event, $calendarId);
            })
            ->sortBy(function (self $event, $index) use ($useUserOrder) {
                if ($useUserOrder) {
                    return $index;
                }

                return $event->sortDate;
            })
            ->values();
    }

    public static function find($eventId, string $calendarId = null): self
    {
        $googleCalendar = static::getGoogleCalendar($calendarId);

        $googleEvent = $googleCalendar->getEvent($eventId);

        return static::createFromGoogleCalendarEvent($googleEvent, $calendarId);
    }

    public function __get($name)
    {
        $name = $this->getFieldName($name);

        if ($name === 'sortDate') {
            return $this->getSortDate();
        }

        if ($name === 'source') {
            return [
                'title' => $this->googleEvent->getSource()->title,
                'url' => $this->googleEvent->getSource()->url,
            ];
        }

        $value = Arr::get($this->googleEvent, $name);

        if (in_array($name, ['start.date', 'end.date']) && $value) {
            $value = Carbon::createFromFormat('Y-m-d', $value)->startOfDay();
        }

        if (in_array($name, ['start.dateTime', 'end.dateTime']) && $value) {
            $value = Carbon::createFromFormat(DateTime::RFC3339, $value);
        }

        return $value;
    }

    public function __set($name, $value)
    {
        $name = $this->getFieldName($name);

        if (in_array($name, ['start.date', 'end.date', 'start.dateTime', 'end.dateTime'])) {
            $this->setDateProperty($name, $value);

            return;
        }

        if ($name == 'source') {
            $this->setSourceProperty($value);

            return;
        }

        Arr::set($this->googleEvent, $name, $value);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
    }

    public function exists(): bool
    {
        return $this->id != '';
    }

    public function isAllDayEvent(): bool
    {
        return is_null($this->googleEvent['start']['dateTime']);
    }

    public function save(string $method = null, $optParams = []): self
    {
        $method = $method ?? ($this->exists() ? 'updateEvent' : 'insertEvent');

        $googleCalendar = $this->getGoogleCalendar($this->calendarId);

        $this->googleEvent->setAttendees($this->attendees);

        $googleEvent = $googleCalendar->$method($this, $optParams);

        return static::createFromGoogleCalendarEvent($googleEvent, $googleCalendar->getCalendarId());
    }

    public function quickSave(string $text): self
    {
        $googleCalendar = $this->getGoogleCalendar($this->calendarId);

        $googleEvent = $googleCalendar->insertEventFromText($text);

        return static::createFromGoogleCalendarEvent($googleEvent, $googleCalendar->getCalendarId());
    }

    public function update(array $attributes, $optParams = []): self
    {
        foreach ($attributes as $name => $value) {
            $this->$name = $value;
        }

        return $this->save('updateEvent', $optParams);
    }

    public function delete(string $eventId = null)
    {
        $this->getGoogleCalendar($this->calendarId)->deleteEvent($eventId ?? $this->id);
    }

    public function addAttendee(array $attendees)
    {
        $this->attendees[] = $attendees;
    }

    public function getSortDate(): string
    {
        if ($this->startDate) {
            return $this->startDate;
        }

        if ($this->startDateTime) {
            return $this->startDateTime;
        }

        return '';
    }

    public function getCalendarId(): string
    {
        return $this->calendarId;
    }

    protected static function getGoogleCalendar(string $calendarId = null): GoogleCalendar
    {
        $calendarId = $calendarId ?? config('google-calendar.calendar_id');

        return GoogleCalendarFactory::createForCalendarId($calendarId);
    }

    protected function setDateProperty(string $name, CarbonInterface $date)
    {
        $eventDateTime = new Google_Service_Calendar_EventDateTime;

        if (in_array($name, ['start.date', 'end.date'])) {
            $eventDateTime->setDate($date->format('Y-m-d'));
            $eventDateTime->setTimezone($date->getTimezone());
        }

        if (in_array($name, ['start.dateTime', 'end.dateTime'])) {
            $eventDateTime->setDateTime($date->format(DateTime::RFC3339));
            $eventDateTime->setTimezone($date->getTimezone());
        }

        if (Str::startsWith($name, 'start')) {
            $this->googleEvent->setStart($eventDateTime);
        }

        if (Str::startsWith($name, 'end')) {
            $this->googleEvent->setEnd($eventDateTime);
        }
    }

    protected function setSourceProperty(array $value)
    {
        $source = new Google_Service_Calendar_EventSource([
            'title' => $value['title'],
            'url' => $value['url'],
        ]);

        $this->googleEvent->setSource($source);
    }

    protected function getFieldName(string $name): string
    {
        return [
            'name' => 'summary',
            'description' => 'description',
            'startDate' => 'start.date',
            'endDate' => 'end.date',
            'startDateTime' => 'start.dateTime',
            'endDateTime' => 'end.dateTime',
        ][$name] ?? $name;
    }
}


1			<?php
2
3			namespace Spatie\GoogleCalendar;
4
5			use Carbon\Carbon;
6			use Carbon\CarbonInterface;
7			use DateTime;
8			use Google_Service_Calendar_Event;
9			use Google_Service_Calendar_EventDateTime;
10			use Google_Service_Calendar_EventSource;
11			use Illuminate\Support\Arr;
12			use Illuminate\Support\Collection;
13			use Illuminate\Support\Str;
14
15			class Event
16			{
17			/** @var \Google_Service_Calendar_Event */
18			public $googleEvent;
19
20			/** @var string */
21			protected $calendarId;
22
23			/** @var array */
24			protected $attendees;
25
26			public function __construct()
27			{
28			$this->attendees = [];
29			$this->googleEvent = new Google_Service_Calendar_Event;
30			}
31
32			/**
33			* @param \Google_Service_Calendar_Event $googleEvent
34			* @param $calendarId
35			*
36			* @return static
37			*/
38			public static function createFromGoogleCalendarEvent(Google_Service_Calendar_Event $googleEvent, $calendarId)
39			{
40			$event = new static;
41
42			$event->googleEvent = $googleEvent;
43			$event->calendarId = $calendarId;
44
45			return $event;
46			}
47
48			/**
49			* @param array $properties
50			* @param string\|null $calendarId
51			*
52			* @return mixed
53			*/
54			public static function create(array $properties, string $calendarId = null, $optParams = [])
55			{
56			$event = new static;
57
58			$event->calendarId = static::getGoogleCalendar($calendarId)->getCalendarId();
59
60			foreach ($properties as $name => $value) {
61			$event->$name = $value;
62			}
63
64			return $event->save('insertEvent', $optParams);
65			}
66
67			public static function quickCreate(string $text)
68			{
69			$event = new static;
70
71			$event->calendarId = static::getGoogleCalendar()->getCalendarId();
72
73			return $event->quickSave($text);
74			}
75
76			public static function get(CarbonInterface $startDateTime = null, CarbonInterface $endDateTime = null, array $queryParameters = [], string $calendarId = null): Collection
77			{
78			$googleCalendar = static::getGoogleCalendar($calendarId);
79
80			$googleEvents = $googleCalendar->listEvents($startDateTime, $endDateTime, $queryParameters);
81
82			$googleEventsList = $googleEvents->getItems();
83
84			while ($googleEvents->getNextPageToken()) {
85			$queryParameters['pageToken'] = $googleEvents->getNextPageToken();
86
87			$googleEvents = $googleCalendar->listEvents($startDateTime, $endDateTime, $queryParameters);
88
89			$googleEventsList = array_merge($googleEventsList, $googleEvents->getItems());
90			}
91
92			$useUserOrder = isset($queryParameters['orderBy']);
93
94			return collect($googleEventsList)
95			->map(function (Google_Service_Calendar_Event $event) use ($calendarId) {
96			return static::createFromGoogleCalendarEvent($event, $calendarId);
97			})
98			->sortBy(function (self $event, $index) use ($useUserOrder) {
99			if ($useUserOrder) {
100			return $index;
101			}
102
103			return $event->sortDate;
104			})
105			->values();
106			}
107
108			public static function find($eventId, string $calendarId = null): self
109			{
110			$googleCalendar = static::getGoogleCalendar($calendarId);
111
112			$googleEvent = $googleCalendar->getEvent($eventId);
113
114			return static::createFromGoogleCalendarEvent($googleEvent, $calendarId);
115			}
116
117			public function __get($name)
118			{
119			$name = $this->getFieldName($name);
120
121			if ($name === 'sortDate') {
122			return $this->getSortDate();
123			}
124
125			if ($name === 'source') {
126			return [
127			'title' => $this->googleEvent->getSource()->title,
128			'url' => $this->googleEvent->getSource()->url,
129			];
130			}
131
132			$value = Arr::get($this->googleEvent, $name);
133
134			if (in_array($name, ['start.date', 'end.date']) && $value) {
135			$value = Carbon::createFromFormat('Y-m-d', $value)->startOfDay();
136			}
137
138			if (in_array($name, ['start.dateTime', 'end.dateTime']) && $value) {
139			$value = Carbon::createFromFormat(DateTime::RFC3339, $value);
140			}
141
142			return $value;
143			}
144
145			public function __set($name, $value)
146			{
147			$name = $this->getFieldName($name);
148
149			if (in_array($name, ['start.date', 'end.date', 'start.dateTime', 'end.dateTime'])) {
150			$this->setDateProperty($name, $value);
151
152			return;
153			}
154
155			if ($name == 'source') {
156			$this->setSourceProperty($value);
157
158			return;
159			}
160
161			Arr::set($this->googleEvent, $name, $value);
			0 ignored issues – show Documentation introduced 2016-05-10 21:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this->googleEvent` is of type `object<Google_Service_Calendar_Event>`, but the function expects a `array`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
162			}
163
164			public function exists(): bool
165			{
166			return $this->id != '';
167			}
168
169			public function isAllDayEvent(): bool
170			{
171			return is_null($this->googleEvent['start']['dateTime']);
172			}
173
174			public function save(string $method = null, $optParams = []): self
175			{
176			$method = $method ?? ($this->exists() ? 'updateEvent' : 'insertEvent');
177
178			$googleCalendar = $this->getGoogleCalendar($this->calendarId);
179
180			$this->googleEvent->setAttendees($this->attendees);
181
182			$googleEvent = $googleCalendar->$method($this, $optParams);
183
184			return static::createFromGoogleCalendarEvent($googleEvent, $googleCalendar->getCalendarId());
185			}
186
187			public function quickSave(string $text): self
188			{
189			$googleCalendar = $this->getGoogleCalendar($this->calendarId);
190
191			$googleEvent = $googleCalendar->insertEventFromText($text);
192
193			return static::createFromGoogleCalendarEvent($googleEvent, $googleCalendar->getCalendarId());
194			}
195
196			public function update(array $attributes, $optParams = []): self
197			{
198			foreach ($attributes as $name => $value) {
199			$this->$name = $value;
200			}
201
202			return $this->save('updateEvent', $optParams);
203			}
204
205			public function delete(string $eventId = null)
206			{
207			$this->getGoogleCalendar($this->calendarId)->deleteEvent($eventId ?? $this->id);
208			}
209
210			public function addAttendee(array $attendees)
211			{
212			$this->attendees[] = $attendees;
213			}
214
215			public function getSortDate(): string
216			{
217			if ($this->startDate) {
218			return $this->startDate;
219			}
220
221			if ($this->startDateTime) {
222			return $this->startDateTime;
223			}
224
225			return '';
226			}
227
228			public function getCalendarId(): string
229			{
230			return $this->calendarId;
231			}
232
233			protected static function getGoogleCalendar(string $calendarId = null): GoogleCalendar
234			{
235			$calendarId = $calendarId ?? config('google-calendar.calendar_id');
236
237			return GoogleCalendarFactory::createForCalendarId($calendarId);
238			}
239
240			protected function setDateProperty(string $name, CarbonInterface $date)
241			{
242			$eventDateTime = new Google_Service_Calendar_EventDateTime;
243
244			if (in_array($name, ['start.date', 'end.date'])) {
245			$eventDateTime->setDate($date->format('Y-m-d'));
246			$eventDateTime->setTimezone($date->getTimezone());
247			}
248
249			if (in_array($name, ['start.dateTime', 'end.dateTime'])) {
250			$eventDateTime->setDateTime($date->format(DateTime::RFC3339));
251			$eventDateTime->setTimezone($date->getTimezone());
252			}
253
254			if (Str::startsWith($name, 'start')) {
255			$this->googleEvent->setStart($eventDateTime);
256			}
257
258			if (Str::startsWith($name, 'end')) {
259			$this->googleEvent->setEnd($eventDateTime);
260			}
261			}
262
263			protected function setSourceProperty(array $value)
264			{
265			$source = new Google_Service_Calendar_EventSource([
266			'title' => $value['title'],
267			'url' => $value['url'],
268			]);
269
270			$this->googleEvent->setSource($source);
271			}
272
273			protected function getFieldName(string $name): string
274			{
275			return [
276			'name' => 'summary',
277			'description' => 'description',
278			'startDate' => 'start.date',
279			'endDate' => 'end.date',
280			'startDateTime' => 'start.dateTime',
281			'endDateTime' => 'end.dateTime',
282			][$name] ?? $name;
283			}
284			}
285

spatie / laravel-google-calendar

Issues (10)

Security Analysis no request data

src/Event.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like