Issues in Vindi.php (master) - Issues in master - vindi/vindi-php - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Vindi.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Ravan Scafi 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Vindi;

/**
 * Class Vindi
 *
 * @package Vindi
 */
class Vindi

{
    /**
     * The Environment variable name or argument for API URI.
     *
     * @var string
     */
    const VINDI_API_URI = 'VINDI_API_URI';

    /**
     * The Environment variable name or argument for API Key.
     *
     * @var string
     */
    const VINDI_API_KEY = 'VINDI_API_KEY';

    /**
     * API KEY to be set on instances
     *
     * @var string
     */
    private static $vindi_api_key;

    /**
     * URI to be set on instances
     * Ex.: https://sandbox-app.vindi.com.br/api/v1/
     *
     * @var string;
     */
    private static $vindi_api_uri;

    /**
     * This Package SDK Version.
     *
     * @var string
     */
    public static $sdkVersion = '1.2.0';

    /**
     * The Environment variable name for API Time Out.
     *
     * @var string
     */
    public static $apiTimeOutEnvVar = 'VINDI_API_TIME_OUT';

    /**
     * Vindi constructor.
     */
    private function __construct()
    {
    }

    /**
     * Set API KEY
     *
     * @param $vindi_api_key
     */
    public static function setApiKey($vindi_api_key)
    {
        if (null === self::$vindi_api_key) {
            self::$vindi_api_key = $vindi_api_key;
        }
    }

    /**
     * Set API URI
     *
     * @param $vindi_api_uri
     */
    public static function setApiUri($vindi_api_uri)
    {
        if (null === self::$vindi_api_uri) {
            self::$vindi_api_uri = $vindi_api_uri;
        }
    }

    /**
     * Get Vindi API URI from environment.
     *
     * @return string
     */
    public static function getApiUri()
    {
        if (null !== self::$vindi_api_uri) {
            return self::$vindi_api_uri;
        }

        if (!empty(getenv(static::VINDI_API_URI))) {
            return getenv(static::VINDI_API_URI);
        }

        return 'https://app.vindi.com.br/api/v1/';
    }

    /**
     * Get Vindi API Key from environment.
     *
     * @return string
     */
    public static function getApiKey()
    {
        if (null !== self::$vindi_api_key) {
            return self::$vindi_api_key;
        }

        return getenv(static::VINDI_API_KEY);
    }

    /**
     * Get Vindi API Time Out from environment.
     *
     * @return string
     */
    public static function getApiTimeOut()
    {
        if (empty(getenv(static::$apiTimeOutEnvVar))) {
            return 60;
        }
        return getenv(static::$apiTimeOutEnvVar);
    }

    /**
     * Get CA Bundle Path.
     *
     * @return string
     */
    public static function getCertPath()
    {
        return realpath(sprintf('%s/%s', dirname(__FILE__), '/../data/ssl/ca-bundle.crt'));
    }
}


1		<?php
2
3		namespace Vindi;
4
5		/**
6		* Class Vindi
7		*
8		* @package Vindi
9		*/
10		class Vindi
		0 ignored issues – show Coding Style introduced 2018-05-10 19:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this Since you have declared the constructor as private, maybe you should also declare the class as final. Loading history...
11		{
12		/**
13		* The Environment variable name or argument for API URI.
14		*
15		* @var string
16		*/
17		const VINDI_API_URI = 'VINDI_API_URI';
18
19		/**
20		* The Environment variable name or argument for API Key.
21		*
22		* @var string
23		*/
24		const VINDI_API_KEY = 'VINDI_API_KEY';
25
26		/**
27		* API KEY to be set on instances
28		*
29		* @var string
30		*/
31		private static $vindi_api_key;
32
33		/**
34		* URI to be set on instances
35		* Ex.: https://sandbox-app.vindi.com.br/api/v1/
36		*
37		* @var string;
38		*/
39		private static $vindi_api_uri;
40
41		/**
42		* This Package SDK Version.
43		*
44		* @var string
45		*/
46		public static $sdkVersion = '1.2.0';
47
48		/**
49		* The Environment variable name for API Time Out.
50		*
51		* @var string
52		*/
53		public static $apiTimeOutEnvVar = 'VINDI_API_TIME_OUT';
54
55		/**
56		* Vindi constructor.
57		*/
58		private function __construct()
59		{
60		}
61
62		/**
63		* Set API KEY
64		*
65		* @param $vindi_api_key
66		*/
67	2	public static function setApiKey($vindi_api_key)
68		{
69	2	if (null === self::$vindi_api_key) {
70	2	self::$vindi_api_key = $vindi_api_key;
71	2	}
72	2	}
73
74		/**
75		* Set API URI
76		*
77		* @param $vindi_api_uri
78		*/
79	2	public static function setApiUri($vindi_api_uri)
80		{
81	2	if (null === self::$vindi_api_uri) {
82	2	self::$vindi_api_uri = $vindi_api_uri;
83	2	}
84	2	}
85
86		/**
87		* Get Vindi API URI from environment.
88		*
89		* @return string
90		*/
91	464	public static function getApiUri()
92		{
93	464	if (null !== self::$vindi_api_uri) {
94	2	return self::$vindi_api_uri;
95		}
96
97	464	if (!empty(getenv(static::VINDI_API_URI))) {
98	2	return getenv(static::VINDI_API_URI);
99		}
100
101	464	return 'https://app.vindi.com.br/api/v1/';
102		}
103
104		/**
105		* Get Vindi API Key from environment.
106		*
107		* @return string
108		*/
109	464	public static function getApiKey()
110		{
111	464	if (null !== self::$vindi_api_key) {
112	2	return self::$vindi_api_key;
113		}
114
115	464	return getenv(static::VINDI_API_KEY);
116		}
117
118		/**
119		* Get Vindi API Time Out from environment.
120		*
121		* @return string
122		*/
123	464	public static function getApiTimeOut()
124		{
125	464	if (empty(getenv(static::$apiTimeOutEnvVar))) {
126	464	return 60;
127		}
128	2	return getenv(static::$apiTimeOutEnvVar);
129		}
130
131		/**
132		* Get CA Bundle Path.
133		*
134		* @return string
135		*/
136	464	public static function getCertPath()
137		{
138	464	return realpath(sprintf('%s/%s', dirname(__FILE__), '/../data/ssl/ca-bundle.crt'));
139		}
140		}
141

GitHub Access Token became invalid

Issues (2)

Security Analysis no request data

src/Vindi.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

vindi / vindi-php

GitHub Access Token became invalid

Issues (2)

Security Analysis no request data

src/Vindi.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like