Issues in EmailValidator.php (master) - Issues in master - unicodeveloper/laravel-email-validator - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/EmailValidator.php (3 issues)

Labels

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Unicodeveloper\EmailValidator;

use InvalidArgumentException;
use QuickEmailVerification\Client;
use Illuminate\Support\Facades\Config;

class EmailValidator
{
    /**
     * Various response messages based on verification status
     * @var array
     */
    public $serverResponses = [
        'invalid_email'       => 'Specified email has invalid email address syntax',
        'invalid_domain'      => 'Domain name does not exist',
        'rejected_email'      => 'SMTP server rejected email. Email does not exist',
        'accepted_email'      => 'SMTP server accepted email address',
        'no_connect'          => 'SMTP server connection failure',
        'timeout'             => 'Session time out occurred at SMTP server',
        'unavailable_smtp'    => 'SMTP server is not available to process request',
        'unexpected_error'    => 'An unexpected error has occurred',
        'no_mx_record'        => 'Could not get MX records for domain',
        'temporarily_blocked' => 'Email is temporarily greylisted',
        'exceeded_storage'    => 'SMTP server rejected email. Exceeded storage allocation'
    ];

    /**
     * Api Key for quickemailverficationservice
     * @var string
     */
    public $apiKey;

    /**
     *  Instance of QuickEmailVerification Client
     * @var object
     */
    public $client;

    /**
     * Response from the QuickEmailVerification Service
     * @var object
     */
    public $response;

    public function __construct()
    {
        $this->setApiKey();
        $this->setClient();
    }

    /**
     * Get apiKey from Config file
     * @return void
     */
    public function setApikey()
    {
        $this->apiKey = Config::get('emailValidator.apiKey');
    }

    /**
     * Instantiate QuickEmailVerification Client with api Key
     * @return void
     */
    public function setClient()
    {
        if(empty($this->apiKey))
        {
            throw new InvalidArgumentException('Api key can not be empty');
        }

        $this->client = new Client($this->apiKey);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
    }

    /**
     * Verifies email Address and returns an API Object response
     * @param  string $emailAddress
     * @return instance
     */
    public function verify($emailAddress)
    {
        $this->response = $this->client->quickemailverification()->verify($emailAddress);

        return $this;
    }

    /**
     * Returns an array with true/false and an appropriate message when doing the email verification
     * @return array
     * @throws \InvalidArgumentException
     */
    public function isValid()
    {
        $status = $this->response->body['result'];
        $reason = $this->response->body['reason'];

        switch($status):
            case 'valid':
                return [true, $this->getReason($reason)];
                break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
            case 'invalid':
            case 'unknown':
                return [false, $this->getReason($reason)];
                break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
            default:
                throw new InvalidArgumentException('Invalid Response');
        endSwitch;
    }

    /**
     * Get the reason whether the email is valid, invalid or unknown
     * @param  string $reason
     * @return string
     */
    public function getReason($reason)
    {
        return $this->serverResponses[$reason];
    }

    /**
     * Returns true or false if the email address uses a disposable domain
     * @return boolean
     */
    public function isDisposable()
    {
        return $this->response->body['disposable'];
    }

    /**
     * Returns true or false if the API request was successful
     * @return boolean
     */
    public function apiRequestStatus()
    {
        return $this->response->body['success'];
    }

    /**
     * Get the domain of the provided email address
     * @return string
     */
    public function getDomainName()
    {
        return $this->response->body['domain'];
    }

    /**
     * Get the local part of an email address
     * Example: [email protected] returns prosperotemuyiwa
     * @return string
     */
    public function getUser()
    {
        return $this->response->body['user'];
    }

    /**
     * Gets a normalized version of the email address
     * Example: [email protected] returns [email protected]
     * @return string
     */
    public function getEmailAddress()
    {
        return $this->response->body['email'];
    }

    /**
     * Returns true if the domain appears to accept all emails delivered to that domain
     * @return boolean
     */
    public function acceptEmailsDeliveredToDomain()
    {
        return $this->response->body['accept_all'];
    }

    /**
     * Returns true or false if email address is a role address
     * Example [email protected] , [email protected] will return true
     * @return boolean
     */
    public function isRole()
    {
        return $this->response->body['role'];
    }
}


1			<?php
2
3			namespace Unicodeveloper\EmailValidator;
4
5			use InvalidArgumentException;
6			use QuickEmailVerification\Client;
7			use Illuminate\Support\Facades\Config;
8
9			class EmailValidator
10			{
11			/**
12			* Various response messages based on verification status
13			* @var array
14			*/
15			public $serverResponses = [
16			'invalid_email' => 'Specified email has invalid email address syntax',
17			'invalid_domain' => 'Domain name does not exist',
18			'rejected_email' => 'SMTP server rejected email. Email does not exist',
19			'accepted_email' => 'SMTP server accepted email address',
20			'no_connect' => 'SMTP server connection failure',
21			'timeout' => 'Session time out occurred at SMTP server',
22			'unavailable_smtp' => 'SMTP server is not available to process request',
23			'unexpected_error' => 'An unexpected error has occurred',
24			'no_mx_record' => 'Could not get MX records for domain',
25			'temporarily_blocked' => 'Email is temporarily greylisted',
26			'exceeded_storage' => 'SMTP server rejected email. Exceeded storage allocation'
27			];
28
29			/**
30			* Api Key for quickemailverficationservice
31			* @var string
32			*/
33			public $apiKey;
34
35			/**
36			* Instance of QuickEmailVerification Client
37			* @var object
38			*/
39			public $client;
40
41			/**
42			* Response from the QuickEmailVerification Service
43			* @var object
44			*/
45			public $response;
46
47			public function __construct()
48			{
49			$this->setApiKey();
50			$this->setClient();
51			}
52
53			/**
54			* Get apiKey from Config file
55			* @return void
56			*/
57			public function setApikey()
58			{
59			$this->apiKey = Config::get('emailValidator.apiKey');
60			}
61
62			/**
63			* Instantiate QuickEmailVerification Client with api Key
64			* @return void
65			*/
66			public function setClient()
67			{
68			if(empty($this->apiKey))
69			{
70			throw new InvalidArgumentException('Api key can not be empty');
71			}
72
73			$this->client = new Client($this->apiKey);
			0 ignored issues – show Documentation introduced 2016-01-12 04:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this->apiKey` is of type `string`, but the function expects a `array`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
74			}
75
76			/**
77			* Verifies email Address and returns an API Object response
78			* @param string $emailAddress
79			* @return instance
80			*/
81			public function verify($emailAddress)
82			{
83			$this->response = $this->client->quickemailverification()->verify($emailAddress);
84
85			return $this;
86			}
87
88			/**
89			* Returns an array with true/false and an appropriate message when doing the email verification
90			* @return array
91			* @throws \InvalidArgumentException
92			*/
93			public function isValid()
94			{
95			$status = $this->response->body['result'];
96			$reason = $this->response->body['reason'];
97
98			switch($status):
99			case 'valid':
100			return [true, $this->getReason($reason)];
101			break;
			0 ignored issues – show Unused Code introduced 2016-01-12 04:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
102			case 'invalid':
103			case 'unknown':
104			return [false, $this->getReason($reason)];
105			break;
			0 ignored issues – show Unused Code introduced 2016-01-12 04:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
106			default:
107			throw new InvalidArgumentException('Invalid Response');
108			endSwitch;
109			}
110
111			/**
112			* Get the reason whether the email is valid, invalid or unknown
113			* @param string $reason
114			* @return string
115			*/
116			public function getReason($reason)
117			{
118			return $this->serverResponses[$reason];
119			}
120
121			/**
122			* Returns true or false if the email address uses a disposable domain
123			* @return boolean
124			*/
125			public function isDisposable()
126			{
127			return $this->response->body['disposable'];
128			}
129
130			/**
131			* Returns true or false if the API request was successful
132			* @return boolean
133			*/
134			public function apiRequestStatus()
135			{
136			return $this->response->body['success'];
137			}
138
139			/**
140			* Get the domain of the provided email address
141			* @return string
142			*/
143			public function getDomainName()
144			{
145			return $this->response->body['domain'];
146			}
147
148			/**
149			* Get the local part of an email address
150			* Example: [email protected] returns prosperotemuyiwa
151			* @return string
152			*/
153			public function getUser()
154			{
155			return $this->response->body['user'];
156			}
157
158			/**
159			* Gets a normalized version of the email address
160			* Example: [email protected] returns [email protected]
161			* @return string
162			*/
163			public function getEmailAddress()
164			{
165			return $this->response->body['email'];
166			}
167
168			/**
169			* Returns true if the domain appears to accept all emails delivered to that domain
170			* @return boolean
171			*/
172			public function acceptEmailsDeliveredToDomain()
173			{
174			return $this->response->body['accept_all'];
175			}
176
177			/**
178			* Returns true or false if email address is a role address
179			* Example [email protected] , [email protected] will return true
180			* @return boolean
181			*/
182			public function isRole()
183			{
184			return $this->response->body['role'];
185			}
186			}
187

unicodeveloper / laravel-email-validator

Issues (3)

Security Analysis no request data

src/EmailValidator.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like