Issues in FlockAttachment.php (master) - Issues in master - vrajroham/laravel-flock-notification - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/FlockAttachment.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace NotificationChannels\Flock;

use Closure;
use NotificationChannels\Flock\Exceptions\CouldNotSendNotification;

class FlockAttachment
{
    /**
     * A unique identifier for the attachment as provided by your app.
     *
     * @var string | null
     */
    public $id;

    /**
     * The title of the attachment.
     *
     * @var string
     */
    public $title;

    /**
     * A longer description of the attachment.
     *
     * @var string
     */
    public $description;

    /**
     * App id for the app that sent the attachment. Any value that your app provides for this attribute
     * will be overwritten with your app's actual id by Flock.
     *
     * @var string
     */
    public $appId;

    /**
     * A hex value (e.g. "#0ABE51") for the color bar.
     *
     * @var string
     */
    public $color;

    /**
     * Provides user visible views for the attachment. See below for more details.
     *
     * @var views
     */
    public $views;

    /**
     * The URL to open when user clicks an attachment, if no widget or FlockML is provided.
     * When generating a URL Preview this should always be set.
     *
     * @var string
     */
    public $url;

    /**
     * If true, the attachment can be forwarded. Default value is false.
     *
     * @var bool
     */
    public $forward = false;

    /**
     * An array of download objects. Note: As of now this array should contain at max one object.
     *
     * @var array
     */
    public $downloads;

    /**
     * An array of attachment buttons.
     *
     * @var array
     */
    public $buttons;

    /**
     * Set the id of attachment.
     *
     * @param   string  $id
     *
     * @return $this
     */
    public function id($id)
    {
        $this->id = $id;

        return $this;
    }

    /**
     * Set title of attachment.
     *
     * @param string $title
     *
     * @return $this
     */
    public function title($title)
    {
        $this->title = $title;

        return $this;
    }

    /**
     * Set description of attachment.
     * @param string $description
     *
     * @return $this
     */
    public function description($description)
    {
        $this->description = $description;

        return $this;
    }

    /**
     * Set application id for attachment.
     *
     * @param string $appId
     *
     * @return $this
     */
    public function appId($appId)
    {
        $this->appId = $appId;

        return $this;
    }

    /**
     * Set color of attachment.
     *
     * @param string $color
     *
     * @return $this
     */
    public function color($color)
    {
        $this->color = $color;

        return $this;
    }

    /**
     * Set forward option. Default false.
     *
     * @param bool $forward
     *
     * @return $this
     */
    public function forward($forward)
    {
        if (! is_bool($forward)) {
            throw CouldNotSendNotification::flockAttachmentForwardException('Forward field should be boolean.');
        }
        $this->forward = $forward;

        return $this;
    }

    /**
     * Set url for preview.
     *
     * @param string $url
     *
     * @return $this
     */
    public function url($url)
    {
        if (! filter_var($url, FILTER_VALIDATE_URL)) {
            throw CouldNotSendNotification::flockAttachmentUrlException('Invalid URL in attachment');
        }
        $this->url = $url;

        return $this;
    }

    /**
     * Define an view for the attachment.
     *
     * @param  \Closure  $callback
     * @return $this
     */
    public function views(Closure $callback)
    {
        $this->views = $view = new FlockAttachmentView;


        $callback($view);

        return $this;
    }

    /**
     * Define an downloads for the attachment.
     *
     * @param  array $files
     * @return $this
     */
    public function downloads($files)
    {
        foreach ($files as $key => $file) {
            if (! filter_var($file['src'], FILTER_VALIDATE_URL)) {
                throw CouldNotSendNotification::flockAttachmentDownloadException('Invalid source for attachment download.');
            }

            $this->downloads[] = $file;
        }

        return $this;
    }

    /**
     * Define an buttons for the attachment.
     *
     * @param  array    $buttons
     * @return $this
     */
    public function buttons($buttons)
    {
        foreach ($buttons as $key => $button) {
            if (! filter_var($button['icon'], FILTER_VALIDATE_URL)) {
                throw CouldNotSendNotification::flockAttachmentButtonException('Invalid Icon URL for attachment button.');
            }

            if (! isset($button['action']) || ! is_array($button['action'])) {
                throw CouldNotSendNotification::flockAttachmentButtonException('Attachment button action is required and needs to be an array');
            }

            if (! isset($button['action']['url']) || ! filter_var($button['action']['url'], FILTER_VALIDATE_URL)) {
                throw CouldNotSendNotification::flockAttachmentButtonException('Attachment button action url is invalid or missing.');
            }

            $this->buttons[] = $button;
        }

        return $this;
    }
}


1			<?php
2
3			namespace NotificationChannels\Flock;
4
5			use Closure;
6			use NotificationChannels\Flock\Exceptions\CouldNotSendNotification;
7
8			class FlockAttachment
9			{
10			/**
11			* A unique identifier for the attachment as provided by your app.
12			*
13			* @var string \| null
14			*/
15			public $id;
16
17			/**
18			* The title of the attachment.
19			*
20			* @var string
21			*/
22			public $title;
23
24			/**
25			* A longer description of the attachment.
26			*
27			* @var string
28			*/
29			public $description;
30
31			/**
32			* App id for the app that sent the attachment. Any value that your app provides for this attribute
33			* will be overwritten with your app's actual id by Flock.
34			*
35			* @var string
36			*/
37			public $appId;
38
39			/**
40			* A hex value (e.g. "#0ABE51") for the color bar.
41			*
42			* @var string
43			*/
44			public $color;
45
46			/**
47			* Provides user visible views for the attachment. See below for more details.
48			*
49			* @var views
50			*/
51			public $views;
52
53			/**
54			* The URL to open when user clicks an attachment, if no widget or FlockML is provided.
55			* When generating a URL Preview this should always be set.
56			*
57			* @var string
58			*/
59			public $url;
60
61			/**
62			* If true, the attachment can be forwarded. Default value is false.
63			*
64			* @var bool
65			*/
66			public $forward = false;
67
68			/**
69			* An array of download objects. Note: As of now this array should contain at max one object.
70			*
71			* @var array
72			*/
73			public $downloads;
74
75			/**
76			* An array of attachment buttons.
77			*
78			* @var array
79			*/
80			public $buttons;
81
82			/**
83			* Set the id of attachment.
84			*
85			* @param string $id
86			*
87			* @return $this
88			*/
89			public function id($id)
90			{
91			$this->id = $id;
92
93			return $this;
94			}
95
96			/**
97			* Set title of attachment.
98			*
99			* @param string $title
100			*
101			* @return $this
102			*/
103			public function title($title)
104			{
105			$this->title = $title;
106
107			return $this;
108			}
109
110			/**
111			* Set description of attachment.
112			* @param string $description
113			*
114			* @return $this
115			*/
116			public function description($description)
117			{
118			$this->description = $description;
119
120			return $this;
121			}
122
123			/**
124			* Set application id for attachment.
125			*
126			* @param string $appId
127			*
128			* @return $this
129			*/
130			public function appId($appId)
131			{
132			$this->appId = $appId;
133
134			return $this;
135			}
136
137			/**
138			* Set color of attachment.
139			*
140			* @param string $color
141			*
142			* @return $this
143			*/
144			public function color($color)
145			{
146			$this->color = $color;
147
148			return $this;
149			}
150
151			/**
152			* Set forward option. Default false.
153			*
154			* @param bool $forward
155			*
156			* @return $this
157			*/
158			public function forward($forward)
159			{
160			if (! is_bool($forward)) {
161			throw CouldNotSendNotification::flockAttachmentForwardException('Forward field should be boolean.');
162			}
163			$this->forward = $forward;
164
165			return $this;
166			}
167
168			/**
169			* Set url for preview.
170			*
171			* @param string $url
172			*
173			* @return $this
174			*/
175			public function url($url)
176			{
177			if (! filter_var($url, FILTER_VALIDATE_URL)) {
178			throw CouldNotSendNotification::flockAttachmentUrlException('Invalid URL in attachment');
179			}
180			$this->url = $url;
181
182			return $this;
183			}
184
185			/**
186			* Define an view for the attachment.
187			*
188			* @param \Closure $callback
189			* @return $this
190			*/
191			public function views(Closure $callback)
192			{
193			$this->views = $view = new FlockAttachmentView;
			0 ignored issues – show Documentation Bug introduced 2018-03-23 07:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$view = new \Notificatio...k\FlockAttachmentView()` of type `object<NotificationChann...ck\FlockAttachmentView>` is incompatible with the declared type `object<NotificationChannels\Flock\views>` of property `$views`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
194
195			$callback($view);
196
197			return $this;
198			}
199
200			/**
201			* Define an downloads for the attachment.
202			*
203			* @param array $files
204			* @return $this
205			*/
206			public function downloads($files)
207			{
208			foreach ($files as $key => $file) {
209			if (! filter_var($file['src'], FILTER_VALIDATE_URL)) {
210			throw CouldNotSendNotification::flockAttachmentDownloadException('Invalid source for attachment download.');
211			}
212
213			$this->downloads[] = $file;
214			}
215
216			return $this;
217			}
218
219			/**
220			* Define an buttons for the attachment.
221			*
222			* @param array $buttons
223			* @return $this
224			*/
225			public function buttons($buttons)
226			{
227			foreach ($buttons as $key => $button) {
228			if (! filter_var($button['icon'], FILTER_VALIDATE_URL)) {
229			throw CouldNotSendNotification::flockAttachmentButtonException('Invalid Icon URL for attachment button.');
230			}
231
232			if (! isset($button['action']) \|\| ! is_array($button['action'])) {
233			throw CouldNotSendNotification::flockAttachmentButtonException('Attachment button action is required and needs to be an array');
234			}
235
236			if (! isset($button['action']['url']) \|\| ! filter_var($button['action']['url'], FILTER_VALIDATE_URL)) {
237			throw CouldNotSendNotification::flockAttachmentButtonException('Attachment button action url is invalid or missing.');
238			}
239
240			$this->buttons[] = $button;
241			}
242
243			return $this;
244			}
245			}
246

vrajroham / laravel-flock-notification

Issues (10)

Security Analysis no request data

src/FlockAttachment.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like