Issues in Disqus.php (master) - Issues in master - ARCANEDEV/LaravelDisqus - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Disqus.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace Arcanedev\LaravelDisqus;

use Arcanedev\LaravelDisqus\Contracts\Disqus as DisqusContract;
use Illuminate\Support\Arr;
use Illuminate\Support\HtmlString;

/**
 * Class     Disqus
 *
 * @package  Arcanedev\LaravelDisqus
 * @author   ARCANEDEV <[email protected]>
 */
class Disqus implements DisqusContract
{
    /* -----------------------------------------------------------------
     |  Properties
     | -----------------------------------------------------------------
     */

    /**
     * The Username property.
     *
     * @var string
     */
    protected $username = '';

    /**
     * The Page URL property.
     *
     * @var string
     */
    protected $pageUrl = '';

    /**
     * The Page ID property.
     *
     * @var string
     */
    protected $pageId = '';

    /**
     * The Language property.
     *
     * @var string
     */
    protected $language;

    /**
     * Disqus enabled status.
     *
     * @var bool
     */
    protected $enabled = false;

    /* -----------------------------------------------------------------
     |  Constructor
     | -----------------------------------------------------------------
     */

    /**
     * Disqus constructor.
     *
     * @param  array  $options
     */
    public function __construct(array $options = [])
    {
        $this->setUsername(Arr::get($options, 'username', ''))
             ->setLanguage(Arr::get($options, 'language', null));
    }

    /* -----------------------------------------------------------------
     |  Getters & Setters
     | -----------------------------------------------------------------
     */

    /**
     * Get the disqus's username property.
     *
     * @return string
     */
    public function username()
    {
        return $this->username;
    }

    /**
     * Set the disqus's username property.
     *
     * @param  string  $username
     *
     * @return self
     */
    public function setUsername($username)
    {
        $this->username = $username;

        return $this;
    }

    /**
     * Get the Page URL.
     *
     * @return string
     */
    public function pageUrl()
    {
        return $this->pageUrl;
    }

    /**
     * Set the Page URL.
     *
     * @param  string  $pageUrl
     *
     * @return self
     */
    public function setPageUrl($pageUrl)
    {
        $this->pageUrl = $pageUrl;

        return $this;
    }

    /**
     * Get the Page ID.
     *
     * @return string
     */
    public function pageId()
    {
        return $this->pageId;
    }

    /**
     * Set the Page ID.
     *
     * @param  string  $pageId
     *
     * @return self
     */
    public function setPageId($pageId)
    {
        $this->pageId = $pageId;

        return $this;
    }

    /**
     * Get the language.
     *
     * @return string
     */
    public function language()
    {
        return $this->language;
    }

    /**
     * Set the language.
     *
     * @param  string  $language
     *
     * @return self
     */
    public function setLanguage($language)
    {
        $this->language = $language;

        return $this;
    }

    /**
     * Set the disqus's enabled property.
     *
     * @param  bool  $enabled
     *
     * @return self
     */
    public function setEnabled($enabled)
    {
        $this->enabled = (bool) $enabled;

        return $this;
    }

    /* -----------------------------------------------------------------
     |  Main Methods
     | -----------------------------------------------------------------
     */

    /**
     * Render the Disqus thread.
     *
     * @return \Illuminate\Support\HtmlString
     */
    public function render()
    {
        return $this->toHtml(
            $this->isEnabled() ? '<div id="disqus_thread"></div>' : ''
        );
    }

    /**
     * Generate Disqus js script.
     *
     * @return \Illuminate\Support\HtmlString
     */
    public function script()
    {
        return $this->toHtml(
            $this->isEnabled()
                ? view()->make('laravel-disqus::script', $this->getScriptParams())->render()
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
                : ''
        );
    }

    /**
     * Enable Disqus.
     *
     * @return self
     */
    public function enable()
    {
        return $this->setEnabled(true);
    }

    /**
     * Disable Disqus.
     *
     * @return self
     */
    public function disable()
    {
        return $this->setEnabled(false);
    }

    /**
     * Check if Disqus is enabled.
     *
     * @return bool
     */
    public function isEnabled()
    {
        return $this->enabled;
    }

    /* -----------------------------------------------------------------
     |  Other Methods
     | -----------------------------------------------------------------
     */

    /**
     * Convert the string content to Html Object.
     *
     * @param  string  $content
     *
     * @return \Illuminate\Support\HtmlString
     */
    protected function toHtml($content)
    {
        return new HtmlString($content);
    }

    /**
     * Get the script parameters.
     *
     * @return array
     */
    private function getScriptParams()
    {
        return [
            'pageUrl'  => $this->pageUrl(),
            'pageId'   => $this->pageId(),
            'username' => $this->username(),
            'language' => $this->language(),
        ];
    }
}


Issues (1)

Security Analysis not enabled

src/Disqus.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1		<?php namespace Arcanedev\LaravelDisqus;
2
3		use Arcanedev\LaravelDisqus\Contracts\Disqus as DisqusContract;
4		use Illuminate\Support\Arr;
5		use Illuminate\Support\HtmlString;
6
7		/**
8		* Class Disqus
9		*
10		* @package Arcanedev\LaravelDisqus
11		* @author ARCANEDEV <[email protected]>
12		*/
13		class Disqus implements DisqusContract
14		{
15		/* -----------------------------------------------------------------
16		\| Properties
17		\| -----------------------------------------------------------------
18		*/
19
20		/**
21		* The Username property.
22		*
23		* @var string
24		*/
25		protected $username = '';
26
27		/**
28		* The Page URL property.
29		*
30		* @var string
31		*/
32		protected $pageUrl = '';
33
34		/**
35		* The Page ID property.
36		*
37		* @var string
38		*/
39		protected $pageId = '';
40
41		/**
42		* The Language property.
43		*
44		* @var string
45		*/
46		protected $language;
47
48		/**
49		* Disqus enabled status.
50		*
51		* @var bool
52		*/
53		protected $enabled = false;
54
55		/* -----------------------------------------------------------------
56		\| Constructor
57		\| -----------------------------------------------------------------
58		*/
59
60		/**
61		* Disqus constructor.
62		*
63		* @param array $options
64		*/
65	30	public function __construct(array $options = [])
66		{
67	30	$this->setUsername(Arr::get($options, 'username', ''))
68	30	->setLanguage(Arr::get($options, 'language', null));
69	30	}
70
71		/* -----------------------------------------------------------------
72		\| Getters & Setters
73		\| -----------------------------------------------------------------
74		*/
75
76		/**
77		* Get the disqus's username property.
78		*
79		* @return string
80		*/
81	6	public function username()
82		{
83	6	return $this->username;
84		}
85
86		/**
87		* Set the disqus's username property.
88		*
89		* @param string $username
90		*
91		* @return self
92		*/
93	30	public function setUsername($username)
94		{
95	30	$this->username = $username;
96
97	30	return $this;
98		}
99
100		/**
101		* Get the Page URL.
102		*
103		* @return string
104		*/
105	9	public function pageUrl()
106		{
107	9	return $this->pageUrl;
108		}
109
110		/**
111		* Set the Page URL.
112		*
113		* @param string $pageUrl
114		*
115		* @return self
116		*/
117	9	public function setPageUrl($pageUrl)
118		{
119	9	$this->pageUrl = $pageUrl;
120
121	9	return $this;
122		}
123
124		/**
125		* Get the Page ID.
126		*
127		* @return string
128		*/
129	9	public function pageId()
130		{
131	9	return $this->pageId;
132		}
133
134		/**
135		* Set the Page ID.
136		*
137		* @param string $pageId
138		*
139		* @return self
140		*/
141	9	public function setPageId($pageId)
142		{
143	9	$this->pageId = $pageId;
144
145	9	return $this;
146		}
147
148		/**
149		* Get the language.
150		*
151		* @return string
152		*/
153	6	public function language()
154		{
155	6	return $this->language;
156		}
157
158		/**
159		* Set the language.
160		*
161		* @param string $language
162		*
163		* @return self
164		*/
165	30	public function setLanguage($language)
166		{
167	30	$this->language = $language;
168
169	30	return $this;
170		}
171
172		/**
173		* Set the disqus's enabled property.
174		*
175		* @param bool $enabled
176		*
177		* @return self
178		*/
179	30	public function setEnabled($enabled)
180		{
181	30	$this->enabled = (bool) $enabled;
182
183	30	return $this;
184		}
185
186		/* -----------------------------------------------------------------
187		\| Main Methods
188		\| -----------------------------------------------------------------
189		*/
190
191		/**
192		* Render the Disqus thread.
193		*
194		* @return \Illuminate\Support\HtmlString
195		*/
196	3	public function render()
197		{
198	3	return $this->toHtml(
199	3	$this->isEnabled() ? '<div id="disqus_thread"></div>' : ''
200		);
201		}
202
203		/**
204		* Generate Disqus js script.
205		*
206		* @return \Illuminate\Support\HtmlString
207		*/
208	3	public function script()
209		{
210	3	return $this->toHtml(
211	3	$this->isEnabled()
212	3	? view()->make('laravel-disqus::script', $this->getScriptParams())->render()
		0 ignored issues – show Bug introduced 2018-02-26 17:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `make` does only exist in `Illuminate\Contracts\View\Factory`, but not in `Illuminate\View\View`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
213	3	: ''
214		);
215		}
216
217		/**
218		* Enable Disqus.
219		*
220		* @return self
221		*/
222	12	public function enable()
223		{
224	12	return $this->setEnabled(true);
225		}
226
227		/**
228		* Disable Disqus.
229		*
230		* @return self
231		*/
232	3	public function disable()
233		{
234	3	return $this->setEnabled(false);
235		}
236
237		/**
238		* Check if Disqus is enabled.
239		*
240		* @return bool
241		*/
242	18	public function isEnabled()
243		{
244	18	return $this->enabled;
245		}
246
247		/* -----------------------------------------------------------------
248		\| Other Methods
249		\| -----------------------------------------------------------------
250		*/
251
252		/**
253		* Convert the string content to Html Object.
254		*
255		* @param string $content
256		*
257		* @return \Illuminate\Support\HtmlString
258		*/
259	6	protected function toHtml($content)
260		{
261	6	return new HtmlString($content);
262		}
263
264		/**
265		* Get the script parameters.
266		*
267		* @return array
268		*/
269	3	private function getScriptParams()
270		{
271		return [
272	3	'pageUrl' => $this->pageUrl(),
273	3	'pageId' => $this->pageId(),
274	3	'username' => $this->username(),
275	3	'language' => $this->language(),
276		];
277		}
278		}
279

ARCANEDEV / LaravelDisqus

Issues (1)

Security Analysis not enabled

src/Disqus.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like