Remove this hard-coded password. Open
const ENGINE_PARAMETER_PASSWORD = 'notifier.engine.GamaSmsIr.password';- Read upRead up
- Exclude checks
Because it is easy to extract strings from a compiled application, credentials should never be hard-coded. Do so, and they're almost guaranteed to end up in the hands of an attacker. This is particularly true for applications that are distributed.
Credentials should be stored outside of the code in a strongly-protected encrypted configuration file or database.
Noncompliant Code Example
$uname = "steve"; $password = "blue"; connect($uname, $password);
Compliant Solution
$uname = getEncryptedUser(); $password = getEncryptedPass(); connect($uname, $password);
See
- MITRE, CWE-798 - Use of Hard-coded Credentials
- MITRE, CWE-259 - Use of Hard-coded Password
- SANS Top 25 - Porous Defenses
- CERT, MSC03-J. - Never hard code sensitive information
- OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management
- Derived from FindSecBugs rule Hard Coded Password
Missing class import via use statement (line '76', column '23'). Open
$client = new GuzzleHttp\Client();- Read upRead up
- Exclude checks
MissingImport
Since: 2.7.0
Importing all external classes in a file through use statements makes them clearly visible.
Example
function make() {
return new \stdClass();
}Source http://phpmd.org/rules/cleancode.html#MissingImport
Missing class import via use statement (line '95', column '23'). Open
throw new Notifier_Exception_NotificationSend('Receiver is not determined to send notification SMS.');- Read upRead up
- Exclude checks
MissingImport
Since: 2.7.0
Importing all external classes in a file through use statements makes them clearly visible.
Example
function make() {
return new \stdClass();
}Source http://phpmd.org/rules/cleancode.html#MissingImport
Missing class import via use statement (line '82', column '23'). Open
throw new \Pluf\Exception($response->getBody()->getContents());- Read upRead up
- Exclude checks
MissingImport
Since: 2.7.0
Importing all external classes in a file through use statements makes them clearly visible.
Example
function make() {
return new \stdClass();
}Source http://phpmd.org/rules/cleancode.html#MissingImport
Avoid using static access to class 'Tenant_Service' in method 'initParameters'. Open
$username = Tenant_Service::setting(self::ENGINE_PARAMETER_USERNAME);- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Avoid using static access to class 'Tenant_Service' in method 'initParameters'. Open
$from = Tenant_Service::setting(self::ENGINE_PARAMETER_FROM);- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Avoid using static access to class 'Tenant_Service' in method 'initParameters'. Open
$template = Tenant_Service::setting(self::ENGINE_PARAMETER_TEMPLATE);- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Avoid using static access to class 'Tenant_Service' in method 'initParameters'. Open
$password = Tenant_Service::setting(self::ENGINE_PARAMETER_PASSWORD);- Read upRead up
- Exclude checks
StaticAccess
Since: 1.4.0
Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.
Example
class Foo
{
public function bar()
{
Bar::baz();
}
}Source https://phpmd.org/rules/cleancode.html#staticaccess
Each class must be in a namespace of at least one level (a top-level vendor name) Open
class Notifier_Engine_GamaSmsIr extends Notifier_Engine- Exclude checks
The class Notifier_Engine_GamaSmsIr is not named in CamelCase. Open
class Notifier_Engine_GamaSmsIr extends Notifier_Engine
{
const ENGINE_PARAMETER_USERNAME = 'notifier.engine.GamaSmsIr.username';
const ENGINE_PARAMETER_PASSWORD = 'notifier.engine.GamaSmsIr.password';
const ENGINE_PARAMETER_FROM = 'notifier.engine.GamaSmsIr.from';- Read upRead up
- Exclude checks
CamelCaseClassName
Since: 0.2
It is considered best practice to use the CamelCase notation to name classes.
Example
class class_name {
}Source
Line exceeds 120 characters; contains 138 characters Open
return 'This notifier sends SMS to notify an entity. This notifier uses the gamasms.ir (gamapayamak.com) panel to send messages.';- Exclude checks
Whitespace found at end of line Open
* The string [code] in the template will be replaced with the notification code. - Exclude checks
Opening brace should be on a new line Open
private function initParameters($data){- Exclude checks
Class name "Notifier_Engine_GamaSmsIr" is not in camel caps format Open
class Notifier_Engine_GamaSmsIr extends Notifier_Engine- Exclude checks
Whitespace found at end of line Open
* - Exclude checks