GitHub Access Token became invalid

It seems like the GitHub access token used for retrieving details about this repository from GitHub became invalid. This might prevent certain types of inspections from being run (in particular, everything related to pull requests).
Please ask an admin of your repository to re-new the access token on this website.

Issues (519)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/Services/DeploymentService.php (3 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
/**
3
 * Pterodactyl - Panel
4
 * Copyright (c) 2015 - 2017 Dane Everitt <[email protected]>.
5
 *
6
 * Permission is hereby granted, free of charge, to any person obtaining a copy
7
 * of this software and associated documentation files (the "Software"), to deal
8
 * in the Software without restriction, including without limitation the rights
9
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10
 * copies of the Software, and to permit persons to whom the Software is
11
 * furnished to do so, subject to the following conditions:
12
 *
13
 * The above copyright notice and this permission notice shall be included in all
14
 * copies or substantial portions of the Software.
15
 *
16
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22
 * SOFTWARE.
23
 */
24
25
namespace Pterodactyl\Services;
26
27
use DB;
28
use Pterodactyl\Models\Node;
29
use Pterodactyl\Models\Server;
30
use Pterodactyl\Models\Location;
31
use Pterodactyl\Exceptions\AutoDeploymentException;
32
33
class DeploymentService
34
{
35
    /**
36
     * Eloquent model representing the allocation to use.
37
     *
38
     * @var \Pterodactyl\Models\Allocation
39
     */
40
    protected $allocation;
41
42
    /**
43
     * Amount of disk to be used by the server.
44
     *
45
     * @var int
46
     */
47
    protected $disk;
48
49
    /**
50
     * Amount of memory to be used by the sever.
51
     *
52
     * @var int
53
     */
54
    protected $memory;
55
56
    /**
57
     * Eloquent model representing the location to use.
58
     *
59
     * @var \Pterodactyl\Models\Location
60
     */
61
    protected $location;
62
63
    /**
64
     * Eloquent model representing the node to use.
65
     *
66
     * @var \Pterodactyl\Models\Node
67
     */
68
    protected $node;
69
70
    /**
71
     * Set the location to use when auto-deploying.
72
     *
73
     * @param  int|\Pterodactyl\Models\Location  $location
74
     * @return void
75
     */
76
    public function setLocation($location)
77
    {
78
        $this->location = ($location instanceof Location) ? $location : Location::with('nodes')->findOrFail($location);
0 ignored issues
show
The method findOrFail does only exist in Illuminate\Database\Eloquent\Builder, but not in Illuminate\Database\Eloquent\Model.

It seems like the method you are trying to call exists only in some of the possible types.

Let’s take a look at an example:

class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}

Available Fixes

  1. Add an additional type-check:

    /**
     * @param A|B $x
     */
    function someFunction($x)
    {
        $x->foo();
    
        if ($x instanceof B) {
            $x->bar();
        }
    }
    
  2. Only allow a single type to be passed if the variable comes from a parameter:

    function someFunction(B $x) { /** ... */ }
    
Loading history...
79
        if (! $this->location->relationLoaded('nodes')) {
80
            $this->location->load('nodes');
81
        }
82
83
        if (count($this->location->nodes) < 1) {
84
            throw new AutoDeploymentException('The location provided does not contain any nodes and cannot be used.');
85
        }
86
87
        return $this;
88
    }
89
90
    /**
91
     * Set the node to use when auto-deploying.
92
     *
93
     * @param  int|\Pterodactyl\Models\Node  $node
94
     * @return void
95
     */
96
    public function setNode($node)
97
    {
98
        $this->node = ($node instanceof Node) ? $node : Node::findOrFail($node);
99
        if (! $this->node->relationLoaded('allocations')) {
100
            $this->node->load('allocations');
101
        }
102
103
        $this->setLocation($this->node->location);
104
105
        return $this;
106
    }
107
108
    /**
109
     * Set the amount of disk space to be used by the new server.
110
     *
111
     * @param  int  $disk
112
     * @return void
113
     */
114
    public function setDisk(int $disk)
115
    {
116
        $this->disk = $disk;
117
118
        return $this;
119
    }
120
121
    /**
122
     * Set the amount of memory to be used by the new server.
123
     *
124
     * @param  int  $memory
125
     * @return void
126
     */
127
    public function setMemory(int $memory)
128
    {
129
        $this->memory = $memory;
130
131
        return $this;
132
    }
133
134
    /**
135
     * Return a random location model.
136
     *
137
     * @param  array  $exclude
138
     * @return void;
0 ignored issues
show
The doc-type void; could not be parsed: Expected "|" or "end of type", but got ";" at position 4. (view supported doc-types)

This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types.

Loading history...
139
     */
140
    protected function findLocation(array $exclude = [])
141
    {
142
        $location = Location::with('nodes')->whereNotIn('id', $exclude)->inRandomOrder()->first();
143
144
        if (! $location) {
145
            throw new AutoDeploymentException('Unable to locate a suitable location to select a node from.');
146
        }
147
148
        if (count($location->nodes) < 1) {
149
            return $this->findLocation(array_merge($exclude, [$location->id]));
150
        }
151
152
        $this->setLocation($location);
153
    }
154
155
    /**
156
     * Return a model instance of a random node.
157
     *
158
     * @return void;
0 ignored issues
show
The doc-type void; could not be parsed: Expected "|" or "end of type", but got ";" at position 4. (view supported doc-types)

This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types.

Loading history...
159
     */
160
    protected function findNode(array $exclude = [])
161
    {
162
        if (! $this->location) {
163
            $this->setLocation($this->findLocation());
164
        }
165
166
        $select = $this->location->nodes->whereNotIn('id', $exclude);
167
        if (count($select) < 1) {
168
            throw new AutoDeploymentException('Unable to find a suitable node within the assigned location with enough space.');
169
        }
170
171
        // Check usage, select new node if necessary
172
        $this->setNode($select->random());
173
        if (! $this->checkNodeUsage()) {
174
            return $this->findNode(array_merge($exclude, [$this->node()->id]));
175
        }
176
    }
177
178
    /**
179
     * Checks that a node's allocation limits will not be passed
180
     * with the assigned limits.
181
     *
182
     * @return bool
183
     */
184
    protected function checkNodeUsage()
185
    {
186
        if (! $this->disk && ! $this->memory) {
187
            return true;
188
        }
189
190
        $totals = Server::select(DB::raw('SUM(memory) as memory, SUM(disk) as disk'))->where('node_id', $this->node()->id)->first();
191
192
        if ($this->memory) {
193
            $limit = ($this->node()->memory * (1 + ($this->node()->memory_overallocate / 100)));
194
195
            if (($totals->memory + $this->memory) > $limit) {
196
                return false;
197
            }
198
        }
199
200
        if ($this->disk) {
201
            $limit = ($this->node()->disk * (1 + ($this->node()->disk_overallocate / 100)));
202
203
            if (($totals->disk + $this->disk) > $limit) {
204
                return false;
205
            }
206
        }
207
208
        return true;
209
    }
210
211
    /**
212
     * Return the assigned node for this auto-deployment.
213
     *
214
     * @return \Pterodactyl\Models\Node
215
     */
216
    public function node()
217
    {
218
        return $this->node;
219
    }
220
221
    /**
222
     * Return the assigned location for this auto-deployment.
223
     *
224
     * @return \Pterodactyl\Models\Location
225
     */
226
    public function location()
227
    {
228
        return $this->location;
229
    }
230
231
    /**
232
     * Return the assigned location for this auto-deployment.
233
     *
234
     * @return \Pterodactyl\Models\Allocation
235
     */
236
    public function allocation()
237
    {
238
        return $this->allocation;
239
    }
240
241
    /**
242
     * Select and return the node to be used by the auto-deployment system.
243
     *
244
     * @return void
245
     */
246
    public function select()
247
    {
248
        if (! $this->node) {
249
            $this->findNode();
250
        }
251
252
        // Set the Allocation
253
        $this->allocation = $this->node()->allocations->where('server_id', null)->random();
254
        if (! $this->allocation) {
255
            throw new AutoDeploymentException('Unable to find a suitable allocation to assign to this server.');
256
        }
257
    }
258
}
259