Issues in ViewMakeCommand.php (master) - Issues in master - JunaidQadirB/cray - Measure and Improve Code Quality continuously with Scrutinizer

Issues (28)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Console/Commands/ViewMakeCommand.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace JunaidQadirB\Cray\Console\Commands;


use Config;
use Illuminate\Support\Str;
use JunaidQadirB\Cray\Console\Contracts\GeneratorCommand;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputOption;

class ViewMakeCommand extends GeneratorCommand
{
    /**
     * The console command name.
     *
     * @var string
     */
    protected $name = 'cray:view';

    /**
     * The console command description.
     *
     * @var string
     */
    protected $description = 'Create a new View';

    /**
     * The type of class being generated.
     *
     * @var string
     */
    protected $type = 'Model';

    private $fileName = 'index';

    /**
     * Execute the console command.
     *
     * @return void
     */
    public function handle()
    {

        /*  if (parent::handle() === false && ! $this->option('force')) {
              return;
          }*/
        if (!$this->option('index') && !$this->option('create') && !$this->option('edit') && !$this->option('show') && !$this->option('all')) {
            $this->input->setOption('all', true);
        }
        $this->createView();

    }

    /**
     * Create a view for the model.
     *
     * @return void
     */
    protected function createView()
    {
        $path = $this->createViewDirectory();

        if ($this->option('all')) {
            $this->buildView('index', $path);
            $this->buildView('create', $path);
            $this->buildView('edit', $path);
            $this->buildView('show', $path);
            $this->createDeleteView($path);

        } else {
            if ($this->option('index') || $this->option('all')) {

                $this->input->setOption('index', true);
                $this->buildView('index', $path);
                $this->createDeleteView($path);
            }

            if ($this->option('create') || $this->option('all')) {

                $this->input->setOption('create', true);
                $this->buildView('create', $path);
            }

            if ($this->option('edit') || $this->option('all')) {

                $this->input->setOption('edit', true);
                $this->buildView('edit', $path);
            }

            if ($this->option('show') || $this->option('all')) {

                $this->input->setOption('show', true);
                $this->buildView('show', $path);
            }
        }

    }

    /**
     *
     */
    protected function createViewDirectory()
    {
        $name = Str::studly(class_basename($this->argument('name')));

        $viewDirSlug = Str::slug(Str::plural(str_to_words($name), 2));
        $viewPath = Config::get('view.paths')[0];
        $dir = $this->option('dir');

        $path = $viewPath . '/' . $viewDirSlug;

        if ($dir) {
            $path = $viewPath . '/' . $dir . '/' . $viewDirSlug;
        }

        if (!file_exists($path)) {
            mkdir($path, 0777, true);
        }

        return $path;
    }

    protected function buildView($type, $path)
    {
        $name = Str::studly(class_basename($this->argument('name')));

        $this->fileName = $type;
        $stub = $this->files->get($this->getStub());
        $viewLabel = Str::plural(str_to_words($name), 2);
        $viewName = Str::camel($viewLabel);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        $stub = $this->replacePlaceholders($stub, $name, $path);

        $target = $path . '/' . $type . '.blade.php';
        if($type=='delete'){
            $target = $path . '/modals/' . $type . '.blade.php';
        }
        $displayPath = str_replace(resource_path(), '/resources', $target);
        if (file_exists($target) && !$this->option('force')) {
            $this->error("File already exists. Cannot overwrite {$displayPath}.");
        } else {
            file_put_contents($target, $stub);
            $this->info("View created successfully in {$displayPath}");
        }
        if ($type == 'create' || $type == 'edit') {
            /**
             * Create the _form partial form the stub
             */
            $formPartial = $path . '/_form.blade.php';
            $formPartialDisplayPath = str_replace(resource_path(), '/resources', $formPartial);
            $formStub = $this->files->get($this->getStub('_form'));

            if (file_exists($formPartial) && !$this->option('force')) {
//            $this->error("File already exists. Cannot overwrite {$formPartialDisplayPath}.");
            } else {
                file_put_contents($formPartial, $formStub);
                $this->info("View created successfully in {$formPartialDisplayPath}");
            }
        }
    }

    /**
     * Get the stub file for the generator.
     *
     * @param null|string $fileName
     * @return string
     */
    protected function getStub($fileName = null)
    {
        if (isset($fileName)) {
            $this->fileName = $fileName;
        }
        $stubsPath = "stubs/view/{$this->fileName}.stub";
        $stubs = $this->option('stubs');

        if ($stubs) {
            $stubsPath = $stubs . '/' . $this->fileName . ".stub";
        }
        return resource_path($stubsPath);
    }

    /**
     * Replace all placeholders
     *
     * @param $stub
     * @param $name
     * @param null $path
     *
     * @return mixed
     */
    protected function replacePlaceholders($stub, $name, $path = null)
    {
        $viewDir = str_replace(resource_path('views/'), '', $path);
        $viewDir = str_replace('/', '.', $viewDir);

        $modelSlug = Str::slug(Str::plural(str_to_words($name), 2));

        $viewLabel = str_to_words($name);
        $viewLabelPlural = Str::plural(str_to_words($name));
        $viewName = Str::camel($name);

        $replace = array_merge([], [
            '$label$' => $viewLabel,
            '$labelPlural$' => $viewLabelPlural,
            '$name$' => $viewName,
            '$modelSlug$' => $modelSlug,
            '$model$' => $name,
            '$rows$' => '$' . Str::camel(Str::plural($name, 2)),
            '$row$' => '$' . Str::camel(Str::singular($name)),
            '$routeBase$' => $viewDir,
            '$viewDir$' => $viewDir,
        ]);

        return str_replace(
            array_keys($replace), array_values($replace), $stub
        );
    }

    protected function createDeleteView($path)
    {
        if (!file_exists($path . '/modals')) {
            mkdir($path . '/modals');
        }

        $this->buildView('delete', $path);
    }

    /**
     * Get the default namespace for the class.
     *
     * @param string $rootNamespace
     *
     * @return string
     */
    protected function getDefaultNamespace($rootNamespace)
    {
        return $rootNamespace;
    }

    protected function getArguments()
    {
        return [
            ['name', InputArgument::REQUIRED, 'The name of the model'],
        ];
    }

    /**
     * Get the console command options.
     *
     * @return array
     */
    protected function getOptions()

    {
        return [
            [
                'all',
                'a',
                InputOption::VALUE_NONE,
                'Generate an index, create, and an edit view for the model',
            ],

            ['index', 'i', InputOption::VALUE_NONE, 'Create a only the index view for the model'],

            ['create', 'c', InputOption::VALUE_NONE, 'Create only the create view for the model'],

            ['edit', 'e', InputOption::VALUE_NONE, 'Create only the edit view for the model'],

            ['show', 's', InputOption::VALUE_NONE, 'Create only the show view for the model'],

            ['force', 'f', InputOption::VALUE_NONE, 'Create the file even if the file already exists.'],

            ['dir', 'd', InputOption::VALUE_OPTIONAL, 'Create the file inside this directory within the view.'],

            ['stubs', 'b', InputOption::VALUE_OPTIONAL, 'Use stubs from the specified directory.'],
        ];
    }
}


1		<?php
2
3		namespace JunaidQadirB\Cray\Console\Commands;
4
5
6		use Config;
7		use Illuminate\Support\Str;
8		use JunaidQadirB\Cray\Console\Contracts\GeneratorCommand;
9		use Symfony\Component\Console\Input\InputArgument;
10		use Symfony\Component\Console\Input\InputOption;
11
12		class ViewMakeCommand extends GeneratorCommand
13		{
14		/**
15		* The console command name.
16		*
17		* @var string
18		*/
19		protected $name = 'cray:view';
20
21		/**
22		* The console command description.
23		*
24		* @var string
25		*/
26		protected $description = 'Create a new View';
27
28		/**
29		* The type of class being generated.
30		*
31		* @var string
32		*/
33		protected $type = 'Model';
34
35		private $fileName = 'index';
36
37		/**
38		* Execute the console command.
39		*
40		* @return void
41		*/
42		public function handle()
43		{
44
45		/* if (parent::handle() === false && ! $this->option('force')) {
46		return;
47		}*/
48		if (!$this->option('index') && !$this->option('create') && !$this->option('edit') && !$this->option('show') && !$this->option('all')) {
49		$this->input->setOption('all', true);
50		}
51		$this->createView();
52
53		}
54
55		/**
56		* Create a view for the model.
57		*
58		* @return void
59		*/
60		protected function createView()
61		{
62		$path = $this->createViewDirectory();
63
64		if ($this->option('all')) {
65		$this->buildView('index', $path);
66		$this->buildView('create', $path);
67		$this->buildView('edit', $path);
68		$this->buildView('show', $path);
69		$this->createDeleteView($path);
70
71		} else {
72	View Code Duplication	if ($this->option('index') \|\| $this->option('all')) {
		0 ignored issues – show Duplication introduced 2020-07-04 19:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
73		$this->input->setOption('index', true);
74		$this->buildView('index', $path);
75		$this->createDeleteView($path);
76		}
77
78	View Code Duplication	if ($this->option('create') \|\| $this->option('all')) {
		0 ignored issues – show Duplication introduced 2020-07-04 19:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
79		$this->input->setOption('create', true);
80		$this->buildView('create', $path);
81		}
82
83	View Code Duplication	if ($this->option('edit') \|\| $this->option('all')) {
		0 ignored issues – show Duplication introduced 2020-07-04 19:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
84		$this->input->setOption('edit', true);
85		$this->buildView('edit', $path);
86		}
87
88	View Code Duplication	if ($this->option('show') \|\| $this->option('all')) {
		0 ignored issues – show Duplication introduced 2020-07-04 19:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
89		$this->input->setOption('show', true);
90		$this->buildView('show', $path);
91		}
92		}
93
94		}
95
96		/**
97		*
98		*/
99		protected function createViewDirectory()
100		{
101		$name = Str::studly(class_basename($this->argument('name')));
		0 ignored issues – show Bug introduced 2020-07-04 19:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->argument('name')` targeting `Illuminate\Console\Conce...ractsWithIO::argument()` can also be of type `array` or `null`; however, `class_basename()` does only seem to accept `string\|object`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
102		$viewDirSlug = Str::slug(Str::plural(str_to_words($name), 2));
103		$viewPath = Config::get('view.paths')[0];
104		$dir = $this->option('dir');
105
106		$path = $viewPath . '/' . $viewDirSlug;
107
108		if ($dir) {
109		$path = $viewPath . '/' . $dir . '/' . $viewDirSlug;
110		}
111
112		if (!file_exists($path)) {
113		mkdir($path, 0777, true);
114		}
115
116		return $path;
117		}
118
119		protected function buildView($type, $path)
120		{
121		$name = Str::studly(class_basename($this->argument('name')));
		0 ignored issues – show Bug introduced 2020-07-04 19:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->argument('name')` targeting `Illuminate\Console\Conce...ractsWithIO::argument()` can also be of type `array` or `null`; however, `class_basename()` does only seem to accept `string\|object`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
122		$this->fileName = $type;
123		$stub = $this->files->get($this->getStub());
124		$viewLabel = Str::plural(str_to_words($name), 2);
125		$viewName = Str::camel($viewLabel);
		0 ignored issues – show Unused Code introduced 2020-07-04 19:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$viewName` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
126		$stub = $this->replacePlaceholders($stub, $name, $path);
127
128		$target = $path . '/' . $type . '.blade.php';
129		if($type=='delete'){
130		$target = $path . '/modals/' . $type . '.blade.php';
131		}
132		$displayPath = str_replace(resource_path(), '/resources', $target);
133		if (file_exists($target) && !$this->option('force')) {
134		$this->error("File already exists. Cannot overwrite {$displayPath}.");
135		} else {
136		file_put_contents($target, $stub);
137		$this->info("View created successfully in {$displayPath}");
138		}
139		if ($type == 'create' \|\| $type == 'edit') {
140		/**
141		* Create the _form partial form the stub
142		*/
143		$formPartial = $path . '/_form.blade.php';
144		$formPartialDisplayPath = str_replace(resource_path(), '/resources', $formPartial);
145		$formStub = $this->files->get($this->getStub('_form'));
146
147		if (file_exists($formPartial) && !$this->option('force')) {
148		// $this->error("File already exists. Cannot overwrite {$formPartialDisplayPath}.");
149		} else {
150		file_put_contents($formPartial, $formStub);
151		$this->info("View created successfully in {$formPartialDisplayPath}");
152		}
153		}
154		}
155
156		/**
157		* Get the stub file for the generator.
158		*
159		* @param null\|string $fileName
160		* @return string
161		*/
162		protected function getStub($fileName = null)
163		{
164		if (isset($fileName)) {
165		$this->fileName = $fileName;
166		}
167		$stubsPath = "stubs/view/{$this->fileName}.stub";
168		$stubs = $this->option('stubs');
169
170		if ($stubs) {
171		$stubsPath = $stubs . '/' . $this->fileName . ".stub";
172		}
173		return resource_path($stubsPath);
174		}
175
176		/**
177		* Replace all placeholders
178		*
179		* @param $stub
180		* @param $name
181		* @param null $path
182		*
183		* @return mixed
184		*/
185		protected function replacePlaceholders($stub, $name, $path = null)
186		{
187		$viewDir = str_replace(resource_path('views/'), '', $path);
188		$viewDir = str_replace('/', '.', $viewDir);
189
190		$modelSlug = Str::slug(Str::plural(str_to_words($name), 2));
191
192		$viewLabel = str_to_words($name);
193		$viewLabelPlural = Str::plural(str_to_words($name));
194		$viewName = Str::camel($name);
195
196		$replace = array_merge([], [
197		'$label$' => $viewLabel,
198		'$labelPlural$' => $viewLabelPlural,
199		'$name$' => $viewName,
200		'$modelSlug$' => $modelSlug,
201		'$model$' => $name,
202		'$rows$' => '$' . Str::camel(Str::plural($name, 2)),
203		'$row$' => '$' . Str::camel(Str::singular($name)),
204		'$routeBase$' => $viewDir,
205		'$viewDir$' => $viewDir,
206		]);
207
208		return str_replace(
209		array_keys($replace), array_values($replace), $stub
210		);
211		}
212
213		protected function createDeleteView($path)
214		{
215		if (!file_exists($path . '/modals')) {
216		mkdir($path . '/modals');
217		}
218
219		$this->buildView('delete', $path);
220		}
221
222		/**
223		* Get the default namespace for the class.
224		*
225		* @param string $rootNamespace
226		*
227		* @return string
228		*/
229		protected function getDefaultNamespace($rootNamespace)
230		{
231		return $rootNamespace;
232		}
233
234		protected function getArguments()
235		{
236		return [
237		['name', InputArgument::REQUIRED, 'The name of the model'],
238		];
239		}
240
241		/**
242		* Get the console command options.
243		*
244		* @return array
245		*/
246	View Code Duplication	protected function getOptions()
		0 ignored issues – show Duplication introduced 2020-07-04 19:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
247		{
248		return [
249		[
250		'all',
251		'a',
252		InputOption::VALUE_NONE,
253		'Generate an index, create, and an edit view for the model',
254		],
255
256		['index', 'i', InputOption::VALUE_NONE, 'Create a only the index view for the model'],
257
258		['create', 'c', InputOption::VALUE_NONE, 'Create only the create view for the model'],
259
260		['edit', 'e', InputOption::VALUE_NONE, 'Create only the edit view for the model'],
261
262		['show', 's', InputOption::VALUE_NONE, 'Create only the show view for the model'],
263
264		['force', 'f', InputOption::VALUE_NONE, 'Create the file even if the file already exists.'],
265
266		['dir', 'd', InputOption::VALUE_OPTIONAL, 'Create the file inside this directory within the view.'],
267
268		['stubs', 'b', InputOption::VALUE_OPTIONAL, 'Use stubs from the specified directory.'],
269		];
270		}
271		}
272

JunaidQadirB / cray

Issues (28)

Security Analysis no request data

src/Console/Commands/ViewMakeCommand.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like