Issues in LaravelConfigFile.php (master) - Issues in master - acacha/llum - Measure and Improve Code Quality continuously with Scrutinizer

Issues (20)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Traits/LaravelConfigFile.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Acacha\Llum\Traits;

use Illuminate\Contracts\Filesystem\FileNotFoundException;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;

/**
 * Class LaravelConfigFile.
 *
 * @property string $laravel_config_file
 * @property string $laravel_services_file
 * @property OutputInterface $output
 */
trait LaravelConfigFile
{
    /**
     * Avoids using bash using stubs instead to modify config/app.php file.
     *
     * @var bool
     */
    protected $noBash = false;

    /**
     * @param InputInterface  $input
     * @param OutputInterface $output
     */
    protected function initialize(InputInterface $input, OutputInterface $output)

    {
        parent::initialize($input, $output);
        if ($input->hasOption('no-bash')) {
            $this->noBash = $input->getOption('no-bash');
        }
    }

    /**
     * Check is --no-bash option is active.
     *
     * @return bool
     */
    private function isNoBashActive()
    {
        return $this->noBash;
    }

    /**
     * Add Laravel IDE Helper provider to config/app.php file.
     *
     * @return int|null
     */
    protected function addLaravelIdeHelperProvider()
    {
        return $this->addProvider('Barryvdh\LaravelIdeHelper\IdeHelperServiceProvider::class');
    }

    /**
     *  Add provider to config/app.php file.
     *
     * @param $provider
     *
     * @return int|null
     */
    private function addProvider($provider)
    {
        return $this->addTextIntoMountPoint('#llum_providers', $provider);
    }

    /**
     *  Add service from file to config/services.php file.
     *
     * @param $file
     *
     * @return int|null
     */
    private function addService($file, $outputFile = null)
    {
        $result = $this->addFileIntoMountPoint('#llum_services', $file, $outputFile);

        if ($result == 0) {

            $txtFile = ($outputFile == null) ? $this->laravel_services_file : $outputFile;
            $this->output->writeln('<info>File '.$txtFile.' updated.</info>');
        }

        return $result;
    }

    /**
     * Add alias to config/app.php file.
     *
     * @param string $alias
     *
     * @return int|null
     */
    private function addAlias($alias)
    {
        return $this->addTextIntoMountPoint('#llum_aliases', $alias);
    }

    /**
     * Insert text into file using mountpoint. Mountpoint is maintained at file.
     *
     * @param string $mountpoint
     * @param $textToAdd
     *
     * @return int|null
     */
    private function addTextIntoMountPoint($mountpoint, $textToAdd)
    {
        passthru(
            'sed -i \'s/.*'.$mountpoint.'.*/ \ \ \ \ \ \ \ '.$this->scapeSingleQuotes(preg_quote($textToAdd)).',\n \ \ \ \ \ \ \ '.$mountpoint.'/\' '.str_replace(" ", "\ ", $this->laravel_config_file), $error);

        return $error;
    }

    /**
     * Insert file into file using mountpoint.
     *
     * @param $mountpoint
     * @param $fileToInsert
     *
     * @return mixed
     */
    private function addFileIntoMountPoint($mountpoint, $fileToInsert, $outputFile = null)
    {
        if ($outputFile != null) {
            passthru(
                'sed -e \'/'.$mountpoint.'/r'.$fileToInsert.'\' '.
                    str_replace(" ", "\ ", $this->laravel_services_file).' > '.$outputFile, $error);
        } else {
            passthru(
                'sed -i \'/'.$mountpoint.'/r'.$fileToInsert.'\' '.str_replace(" ", "\ ", $this->laravel_services_file), $error);
        }

        return $error;
    }

    /**
     * scape single quotes for sed using \x27.
     *
     * @param string $str
     *
     * @return string
     */
    private function scapeSingleQuotes($str)
    {
        return str_replace("'", '\\x27', $str);
    }

    /**
     * Installs provider in laravel config/app.php file.
     *
     * @param $provider
     */
    protected function provider($provider)
    {
        if ($this->installConfigFile() == -1) {
            return;
        }
        $this->addProvider($provider);
    }

    /**
     * Add service/s from file to Laravel config/services.php.
     *
     * @param $file
     * @param null $outputFile
     * @throws FileNotFoundException
     */
    protected function service($file, $outputFile = null)
    {
        if (!file_exists($file)) throw new FileNotFoundException($file);
        if ($this->installConfigFile() == -1) {
            return;
        }
        $this->addService($file, $outputFile);
    }

    /**
     * Setup Laravel config file adding providers and aliases.
     *
     * @param $providers
     * @param $aliases
     *
     * @return int
     */
    private function setupLaravelConfigFile($providers, $aliases)
    {
        if ($this->installConfigFile() == -1) {
            return -1;
        }

        $this->addProviders($providers);

        $this->addAliases($aliases);
    }

    /**
     * Installs alias/facade in laravel config/app.php file.
     *
     * @param $aliasName
     * @param $aliasClass
     */
    protected function alias($aliasName, $aliasClass)
    {
        if ($this->installConfigFile() == -1) {
            return;
        }
        $this->addAlias("'".$aliasName."' => ".$aliasClass);
    }

    /**
     * Install /config/app.php file using bash script.
     */
    protected function installConfigFileWithBash()
    {
        passthru(str_replace(" ", "\ ", __DIR__).'/../bash_scripts/iluminar.sh '. str_replace(" ", "\ ", $this->laravel_config_file) .' '
            . str_replace(" ", "\ ", $this->laravel_services_file));
    }

    /**
     * Install /stubs/app.php into /config/app.php.
     */
    protected function installConfigFileWithStubs()
    {
        copy(__DIR__.'/stubs/app.php', $this->laravel_config_file);
        copy(__DIR__.'/stubs/services.php', $this->laravel_services_file);
    }

    /**
     * Check if Laravel config file exists.
     *
     * @return bool
     */
    protected function checkIfLaravelConfigFileExists()
    {
        return file_exists($this->laravel_config_file);
    }

    /**
     * Install llum custom config/app.php file.
     *
     * @return int
     */
    protected function installConfigFile()
    {
        if ($this->testLaravelConfigFileExists() == -1) {
            return;
        }

        $this->showWarningIfLaravelConfigAlreadySupportsLlum();

        if ($this->isNoBashActive()) {
            $this->installConfigFileWithStubs();
            $this->output->writeln('<info>File '.$this->laravel_config_file.' overwrited correctly with and stub.</info>');
        } else {
            $this->installConfigFileWithBash();
        }

        return 0;
    }

    /**
     * Test Laravel config file exists.
     *
     * @return int
     */
    private function testLaravelConfigFileExists()
    {
        if (!$this->checkIfLaravelConfigFileExists()) {
            $this->output->writeln('<error>File '.$this->laravel_config_file.' doesn\'t exists');

            return -1;
        }
    }

    /**
     * Show warning if Laravel config file already supports llum.
     *
     * @return int
     */
    private function showWarningIfLaravelConfigAlreadySupportsLlum()
    {
        if ($this->configAppFileAlreadyInstalled()) {
            $this->output->writeln('<info>File '.$this->laravel_config_file.' already supports llum.</info>');

            return 0;
        }
    }

    /**
     * Add providers to Laravel config file.
     *
     * @param $providers
     */
    protected function addProviders($providers)
    {
        foreach ($providers as $provider) {
            $this->output->writeln('<info>Adding '.$provider.' to Laravel config app.php file</info>');
            $this->addProvider($provider);
        }
    }

    /**
     * Add aliases to Laravel config file.
     *
     * @param $aliases
     */
    protected function addAliases($aliases)
    {
        if ($aliases == null) {
            return;
        }
        foreach ($aliases as $alias => $aliasClass) {
            $this->output->writeln('<info>Adding '.$aliasClass.' to Laravel config app.php file</info>');
            $this->addAlias("'$alias' => ".$aliasClass);
        }
    }

    /**
     * Check if config/app.php stub file is already installed.
     *
     * @return bool
     */
    protected function configAppFileAlreadyInstalled()
    {
        if (strpos(file_get_contents($this->laravel_config_file), '#llum_providers') !== false) {
            return true;
        }

        return false;
    }
}


1		<?php
2
3		namespace Acacha\Llum\Traits;
4
5		use Illuminate\Contracts\Filesystem\FileNotFoundException;
6		use Symfony\Component\Console\Input\InputInterface;
7		use Symfony\Component\Console\Output\OutputInterface;
8
9		/**
10		* Class LaravelConfigFile.
11		*
12		* @property string $laravel_config_file
13		* @property string $laravel_services_file
14		* @property OutputInterface $output
15		*/
16		trait LaravelConfigFile
17		{
18		/**
19		* Avoids using bash using stubs instead to modify config/app.php file.
20		*
21		* @var bool
22		*/
23		protected $noBash = false;
24
25		/**
26		* @param InputInterface $input
27		* @param OutputInterface $output
28		*/
29	View Code Duplication	protected function initialize(InputInterface $input, OutputInterface $output)
		0 ignored issues – show Duplication introduced 2018-03-12 11:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
30		{
31		parent::initialize($input, $output);
32		if ($input->hasOption('no-bash')) {
33		$this->noBash = $input->getOption('no-bash');
34		}
35		}
36
37		/**
38		* Check is --no-bash option is active.
39		*
40		* @return bool
41		*/
42		private function isNoBashActive()
43		{
44		return $this->noBash;
45		}
46
47		/**
48		* Add Laravel IDE Helper provider to config/app.php file.
49		*
50		* @return int\|null
51		*/
52		protected function addLaravelIdeHelperProvider()
53		{
54		return $this->addProvider('Barryvdh\LaravelIdeHelper\IdeHelperServiceProvider::class');
55		}
56
57		/**
58		* Add provider to config/app.php file.
59		*
60		* @param $provider
61		*
62		* @return int\|null
63		*/
64		private function addProvider($provider)
65		{
66		return $this->addTextIntoMountPoint('#llum_providers', $provider);
67		}
68
69		/**
70		* Add service from file to config/services.php file.
71		*
72		* @param $file
73		*
74		* @return int\|null
75		*/
76		private function addService($file, $outputFile = null)
77		{
78		$result = $this->addFileIntoMountPoint('#llum_services', $file, $outputFile);
79
80		if ($result == 0) {
		0 ignored issues – show Bug introduced 2016-03-18 11:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing `$result` of type `integer\|null` to `0`; this is ambiguous as not only `0 == 0` is true, but `null == 0` is true, too. Consider using a strict comparison `===`. Loading history...
81		$txtFile = ($outputFile == null) ? $this->laravel_services_file : $outputFile;
82		$this->output->writeln('<info>File '.$txtFile.' updated.</info>');
83		}
84
85		return $result;
86		}
87
88		/**
89		* Add alias to config/app.php file.
90		*
91		* @param string $alias
92		*
93		* @return int\|null
94		*/
95		private function addAlias($alias)
96		{
97		return $this->addTextIntoMountPoint('#llum_aliases', $alias);
98		}
99
100		/**
101		* Insert text into file using mountpoint. Mountpoint is maintained at file.
102		*
103		* @param string $mountpoint
104		* @param $textToAdd
105		*
106		* @return int\|null
107		*/
108		private function addTextIntoMountPoint($mountpoint, $textToAdd)
109		{
110		passthru(
111		'sed -i \'s/.'.$mountpoint.'./ \ \ \ \ \ \ \ '.$this->scapeSingleQuotes(preg_quote($textToAdd)).',\n \ \ \ \ \ \ \ '.$mountpoint.'/\' '.str_replace(" ", "\ ", $this->laravel_config_file), $error);
112
113		return $error;
114		}
115
116		/**
117		* Insert file into file using mountpoint.
118		*
119		* @param $mountpoint
120		* @param $fileToInsert
121		*
122		* @return mixed
123		*/
124		private function addFileIntoMountPoint($mountpoint, $fileToInsert, $outputFile = null)
125		{
126		if ($outputFile != null) {
127		passthru(
128		'sed -e \'/'.$mountpoint.'/r'.$fileToInsert.'\' '.
129		str_replace(" ", "\ ", $this->laravel_services_file).' > '.$outputFile, $error);
130		} else {
131		passthru(
132		'sed -i \'/'.$mountpoint.'/r'.$fileToInsert.'\' '.str_replace(" ", "\ ", $this->laravel_services_file), $error);
133		}
134
135		return $error;
136		}
137
138		/**
139		* scape single quotes for sed using \x27.
140		*
141		* @param string $str
142		*
143		* @return string
144		*/
145		private function scapeSingleQuotes($str)
146		{
147		return str_replace("'", '\\x27', $str);
148		}
149
150		/**
151		* Installs provider in laravel config/app.php file.
152		*
153		* @param $provider
154		*/
155		protected function provider($provider)
156		{
157		if ($this->installConfigFile() == -1) {
158		return;
159		}
160		$this->addProvider($provider);
161		}
162
163		/**
164		* Add service/s from file to Laravel config/services.php.
165		*
166		* @param $file
167		* @param null $outputFile
168		* @throws FileNotFoundException
169		*/
170		protected function service($file, $outputFile = null)
171		{
172		if (!file_exists($file)) throw new FileNotFoundException($file);
173		if ($this->installConfigFile() == -1) {
174		return;
175		}
176		$this->addService($file, $outputFile);
177		}
178
179		/**
180		* Setup Laravel config file adding providers and aliases.
181		*
182		* @param $providers
183		* @param $aliases
184		*
185		* @return int
186		*/
187		private function setupLaravelConfigFile($providers, $aliases)
188		{
189		if ($this->installConfigFile() == -1) {
190		return -1;
191		}
192
193		$this->addProviders($providers);
194
195		$this->addAliases($aliases);
196		}
197
198		/**
199		* Installs alias/facade in laravel config/app.php file.
200		*
201		* @param $aliasName
202		* @param $aliasClass
203		*/
204		protected function alias($aliasName, $aliasClass)
205		{
206		if ($this->installConfigFile() == -1) {
207		return;
208		}
209		$this->addAlias("'".$aliasName."' => ".$aliasClass);
210		}
211
212		/**
213		* Install /config/app.php file using bash script.
214		*/
215		protected function installConfigFileWithBash()
216		{
217		passthru(str_replace(" ", "\ ", __DIR__).'/../bash_scripts/iluminar.sh '. str_replace(" ", "\ ", $this->laravel_config_file) .' '
218		. str_replace(" ", "\ ", $this->laravel_services_file));
219		}
220
221		/**
222		* Install /stubs/app.php into /config/app.php.
223		*/
224		protected function installConfigFileWithStubs()
225		{
226		copy(__DIR__.'/stubs/app.php', $this->laravel_config_file);
227		copy(__DIR__.'/stubs/services.php', $this->laravel_services_file);
228		}
229
230		/**
231		* Check if Laravel config file exists.
232		*
233		* @return bool
234		*/
235		protected function checkIfLaravelConfigFileExists()
236		{
237		return file_exists($this->laravel_config_file);
238		}
239
240		/**
241		* Install llum custom config/app.php file.
242		*
243		* @return int
244		*/
245		protected function installConfigFile()
246		{
247		if ($this->testLaravelConfigFileExists() == -1) {
248		return;
249		}
250
251		$this->showWarningIfLaravelConfigAlreadySupportsLlum();
252
253		if ($this->isNoBashActive()) {
254		$this->installConfigFileWithStubs();
255		$this->output->writeln('<info>File '.$this->laravel_config_file.' overwrited correctly with and stub.</info>');
256		} else {
257		$this->installConfigFileWithBash();
258		}
259
260		return 0;
261		}
262
263		/**
264		* Test Laravel config file exists.
265		*
266		* @return int
267		*/
268		private function testLaravelConfigFileExists()
269		{
270		if (!$this->checkIfLaravelConfigFileExists()) {
271		$this->output->writeln('<error>File '.$this->laravel_config_file.' doesn\'t exists');
272
273		return -1;
274		}
275		}
276
277		/**
278		* Show warning if Laravel config file already supports llum.
279		*
280		* @return int
281		*/
282		private function showWarningIfLaravelConfigAlreadySupportsLlum()
283		{
284		if ($this->configAppFileAlreadyInstalled()) {
285		$this->output->writeln('<info>File '.$this->laravel_config_file.' already supports llum.</info>');
286
287		return 0;
288		}
289		}
290
291		/**
292		* Add providers to Laravel config file.
293		*
294		* @param $providers
295		*/
296		protected function addProviders($providers)
297		{
298		foreach ($providers as $provider) {
299		$this->output->writeln('<info>Adding '.$provider.' to Laravel config app.php file</info>');
300		$this->addProvider($provider);
301		}
302		}
303
304		/**
305		* Add aliases to Laravel config file.
306		*
307		* @param $aliases
308		*/
309		protected function addAliases($aliases)
310		{
311		if ($aliases == null) {
312		return;
313		}
314		foreach ($aliases as $alias => $aliasClass) {
315		$this->output->writeln('<info>Adding '.$aliasClass.' to Laravel config app.php file</info>');
316		$this->addAlias("'$alias' => ".$aliasClass);
317		}
318		}
319
320		/**
321		* Check if config/app.php stub file is already installed.
322		*
323		* @return bool
324		*/
325		protected function configAppFileAlreadyInstalled()
326		{
327		if (strpos(file_get_contents($this->laravel_config_file), '#llum_providers') !== false) {
328		return true;
329		}
330
331		return false;
332		}
333		}
334

acacha / llum

Issues (20)

Security Analysis no request data

src/Traits/LaravelConfigFile.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like