Issues in VueTrustController.php (master) - Issues in master - bantenprov/vue-trust - Measure and Improve Code Quality continuously with Scrutinizer

Issues (14)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Http/Controllers/VueTrustController.php (11 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace Bantenprov\VueTrust\Http\Controllers;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Bantenprov\VueTrust\Facades\VueTrust;
use Bantenprov\VueTrust\Models\VueTrustModel;
use App\Role;
use App\Permission;

use Validator;

/**
 * The VueTrustController class.
 *
 * @package Bantenprov\VueTrust
 * @author  bantenprov <[email protected]>
 */
class VueTrustController extends Controller
{

    protected $role;
    protected $permission;
    
    

    //[Function] __construct
    public function __construct(Role $role, Permission $permission){
        
        $this->role         = $role;
        $this->permission   = $permission;

    }    

    public function demo()
    {
        return VueTrust::welcome();
    }

    //[Function] roleIndex
    public function roleIndex(Request $request){        


        $response = array();
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

        if (request()->has('sort')) {
            list($sortCol, $sortDir) = explode('|', request()->sort);

            $query = $this->role->orderBy($sortCol, $sortDir);
        } else {
            $query = $this->role->orderBy('id', 'asc');
        }

        if ($request->exists('filter')) {
            $query->where(function($q) use($request) {
                $value = "%{$request->filter}%";
                $q->where('name', 'like', $value)
                    ->orWhere('description', 'like', $value);
            });
        }

        $perPage = request()->has('per_page') ? (int) request()->per_page : null;
        $response = $query->paginate($perPage);                

        return response()->json($response);
    }

    //[Function] roleStore
    public function roleStore(Request $request){

        
        $response = array();
        $save = array();

        $validator = Validator::make($request->all(), [
            'name'          => 'required',
            'display_name'  => 'required',
            'description'   => 'required'
        ]);

        if($validator->fails()){
            $response['message']    = "failed add role";
            $response['status']     = false;
        }else{
            $response['message']    = "success add new role";
            $response['status']     = true;

            $save['name']           = $this->macineName($request->name);
            $save['display_name']   = title_case($request->display_name);
            $save['description']    = $request->description;

            $this->role->create($save);
        }
        
        return response()->json($response);
    }

    //[Function] roleShow
    public function roleShow($id, Request $request){

        $response = array();

        $role = $this->role->findOrFail($id);

        $response['status'] = true;
        $response['role']   = $role;
        
        return response()->json($response);
    }

    //[Function] roleEdit
    public function roleEdit($id, Request $request){

        $response = array();

        $role = $this->role->findOrFail($id);

        $response['status'] = true;
        $response['role']   = $role;
        
        return response()->json($response);
    }

    //[Function] roleUpdate
    public function roleUpdate($id, Request $request){

        $response = array();
        $save = array();
        $validator = Validator::make($request->all(), [
            'name'          => 'required',
            'display_name'  => 'required',
            'description'   => 'required'
        ]);

        if($validator->fails()){
            $response['message']    = "failed update role";
            $response['status']     = false;
        }else{

            $save['name']           = $this->macineName($request->name);
            $save['display_name']   = title_case($request->display_name);
            $save['description']    = $request->description; 

            $this->role->findOrFail($id)->update($save);

            $response['message']    = "success update role";
            $response['status']     = true;                       

        }
        
        return response()->json($response);
    }   
    
    //[Function] roleDestroy
    public function roleDestroy($id, Request $request){
        $response = array();

        $role = $this->role->findOrFail($id);

        $response['message']    = "success delete role [" . $role->name . "]";
        $response['status']     = true;

        $role->delete();
        
        return response()->json($response);
    }

    //[Function] permissionIndex
    public function permissionIndex(Request $request){

        $response = array();
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

        if (request()->has('sort')) {
            list($sortCol, $sortDir) = explode('|', request()->sort);

            $query = $this->permission->orderBy($sortCol, $sortDir);
        } else {
            $query = $this->permission->orderBy('id', 'asc');
        }

        if ($request->exists('filter')) {
            $query->where(function($q) use($request) {
                $value = "%{$request->filter}%";
                $q->where('name', 'like', $value)
                    ->orWhere('description', 'like', $value);
            });
        }

        $perPage = request()->has('per_page') ? (int) request()->per_page : null;
        $response = $query->paginate($perPage);                

        return response()->json($response);
    }

    //[Function] permissionStore
    public function permissionStore(Request $request){

        $response = array();
        $save = array();

        $validator = Validator::make($request->all(), [
            'name'          => 'required',
            'display_name'  => 'required',
            'description'   => 'required'
        ]);

        if($validator->fails()){
            $response['message']    = "failed add permission";
            $response['status']     = false;
        }else{
            $response['message']    = "success add new permission";
            $response['status']     = true;

            $save['name']           = $this->macineName($request->name);
            $save['display_name']   = title_case($request->display_name);
            $save['description']    = $request->description;

            $this->permission->create($save);
        }
        
        return response()->json($response);
    }

    //[Function] permissionShow
    public function permissionShow($id, Request $request){

        $response = array();

        $role = $this->permission->findOrFail($id);

        $response['status']       = true;
        $response['permission']   = $role;
        
        return response()->json($response);
    }

    //[Function] permissionEdit
    public function permissionEdit($id, Request $request){

        $response = array();

        $role = $this->permission->findOrFail($id);

        $response['status'] = true;
        $response['permission']   = $role;
        
        return response()->json($response);
    }

    //[Function] setPermission
    public function setPermission($id, Request $request){
        $response = array();

        $role = $this->role->findOrFail($id);
        $current_permissions = $role->permissions()->get();
        $permissions = $this->permission->all();
        
        foreach ($permissions as $permission) {

            array_set($permission, 'disable', false);

            foreach($current_permissions as $current_permision){
                if($permission->id == $current_permision->id){
                    
                    if($permission->id == $current_permision->id){
                        array_set($permission, 'disable', true);
                    }
                }else{
                    if($permission->id == $current_permision->id){
                        array_set($permission, 'disable', false);
                    }
                }
            }
        }
        

        $response['status']                 = true;
        $response['current_permissions']    = $current_permissions;
        $response['permissions']            = $permissions; 
        
        return response()->json($response);
    }

    //[Function] setPermissionStore
    public function setPermissionStore($id, Request $request){
        $response = array();

        $validator = Validator::make($request->all(), [
            'permission_id'          => 'required',
        ]);

        if($validator->fails()){
            $response['message']    = "failed add permission";
            $response['status']     = false;
        }else{
            $response['message']    = "success add new permission";
            $response['status']     = true;   

            $current_permissions = $this->role->findOrFail($id)->permissions()->get();   
            $save = $this->removeSamePermission($request->permission_id, $current_permissions);
            $this->role->findOrFail($id)->attachPermissions($save);
        }
        
        return response()->json($response);
    }

    //[Function] removePermissionFromRole
    public function removePermissionFromRole($id, Request $request){
        $response = array();

        $validator = Validator::make($request->all(), [
            'permission_id'          => 'required',
        ]);

        if($validator->fails()){
            $response['message']    = "failed remove permission";
            $response['status']     = false;
        }else{
            $response['message']    = "success remove new permission";
            $response['status']     = true;   
             
            $data = $request->permission_id;
            
            $this->role->findOrFail($id)->detachPermission($data);
        }
        
        return response()->json($response);
    }

    //[Function] removeSamePermission
    protected function removeSamePermission($array, $search){                
        
        foreach($search as $value1){   
            print_r("[".$value1->id."]");   
                
            $key = array_search($value1->id, $array);
            if(!empty($key)){
                unset($array[$key]);
            }                        
        }
        return $array;        
    }
    
    

    //[Function] macineName
    protected function macineName($text){
        
        $final = strtolower(str_replace(' ', '_', $text));

        return $final;

    }
    
    
}


1		<?php namespace Bantenprov\VueTrust\Http\Controllers;
2
3		use App\Http\Controllers\Controller;
4		use Illuminate\Http\Request;
5		use Bantenprov\VueTrust\Facades\VueTrust;
6		use Bantenprov\VueTrust\Models\VueTrustModel;
7		use App\Role;
8		use App\Permission;
9
10		use Validator;
11
12		/**
13		* The VueTrustController class.
14		*
15		* @package Bantenprov\VueTrust
16		* @author bantenprov <[email protected]>
17		*/
18		class VueTrustController extends Controller
19		{
20
21		protected $role;
22		protected $permission;
23
24
25
26		//[Function] __construct
27		public function __construct(Role $role, Permission $permission){
28
29		$this->role = $role;
30		$this->permission = $permission;
31
32		}
33
34		public function demo()
35		{
36		return VueTrust::welcome();
37		}
38
39		//[Function] roleIndex
40	View Code Duplication	public function roleIndex(Request $request){
		0 ignored issues – show Duplication introduced 2018-03-24 19:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
41
42		$response = array();
		0 ignored issues – show Unused Code introduced 2018-03-24 19:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$response` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
43
44		if (request()->has('sort')) {
45		list($sortCol, $sortDir) = explode('\|', request()->sort);
46
47		$query = $this->role->orderBy($sortCol, $sortDir);
48		} else {
49		$query = $this->role->orderBy('id', 'asc');
50		}
51
52		if ($request->exists('filter')) {
53		$query->where(function($q) use($request) {
54		$value = "%{$request->filter}%";
55		$q->where('name', 'like', $value)
56		->orWhere('description', 'like', $value);
57		});
58		}
59
60		$perPage = request()->has('per_page') ? (int) request()->per_page : null;
61		$response = $query->paginate($perPage);
62
63		return response()->json($response);
64		}
65
66		//[Function] roleStore
67	View Code Duplication	public function roleStore(Request $request){
		0 ignored issues – show Duplication introduced 2018-03-24 19:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
68
69		$response = array();
70		$save = array();
71
72		$validator = Validator::make($request->all(), [
73		'name' => 'required',
74		'display_name' => 'required',
75		'description' => 'required'
76		]);
77
78		if($validator->fails()){
79		$response['message'] = "failed add role";
80		$response['status'] = false;
81		}else{
82		$response['message'] = "success add new role";
83		$response['status'] = true;
84
85		$save['name'] = $this->macineName($request->name);
86		$save['display_name'] = title_case($request->display_name);
87		$save['description'] = $request->description;
88
89		$this->role->create($save);
90		}
91
92		return response()->json($response);
93		}
94
95		//[Function] roleShow
96	View Code Duplication	public function roleShow($id, Request $request){
		0 ignored issues – show Duplication introduced 2018-03-24 19:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
97		$response = array();
98
99		$role = $this->role->findOrFail($id);
100
101		$response['status'] = true;
102		$response['role'] = $role;
103
104		return response()->json($response);
105		}
106
107		//[Function] roleEdit
108	View Code Duplication	public function roleEdit($id, Request $request){
		0 ignored issues – show Duplication introduced 2018-03-24 19:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
109		$response = array();
110
111		$role = $this->role->findOrFail($id);
112
113		$response['status'] = true;
114		$response['role'] = $role;
115
116		return response()->json($response);
117		}
118
119		//[Function] roleUpdate
120	View Code Duplication	public function roleUpdate($id, Request $request){
		0 ignored issues – show Duplication introduced 2018-03-16 14:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
121		$response = array();
122		$save = array();
123		$validator = Validator::make($request->all(), [
124		'name' => 'required',
125		'display_name' => 'required',
126		'description' => 'required'
127		]);
128
129		if($validator->fails()){
130		$response['message'] = "failed update role";
131		$response['status'] = false;
132		}else{
133
134		$save['name'] = $this->macineName($request->name);
135		$save['display_name'] = title_case($request->display_name);
136		$save['description'] = $request->description;
137
138		$this->role->findOrFail($id)->update($save);
139
140		$response['message'] = "success update role";
141		$response['status'] = true;
142
143		}
144
145		return response()->json($response);
146		}
147
148		//[Function] roleDestroy
149		public function roleDestroy($id, Request $request){
150		$response = array();
151
152		$role = $this->role->findOrFail($id);
153
154		$response['message'] = "success delete role [" . $role->name . "]";
155		$response['status'] = true;
156
157		$role->delete();
158
159		return response()->json($response);
160		}
161
162		//[Function] permissionIndex
163	View Code Duplication	public function permissionIndex(Request $request){
		0 ignored issues – show Duplication introduced 2018-03-16 14:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
164		$response = array();
		0 ignored issues – show Unused Code introduced 2018-03-24 19:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$response` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
165
166		if (request()->has('sort')) {
167		list($sortCol, $sortDir) = explode('\|', request()->sort);
168
169		$query = $this->permission->orderBy($sortCol, $sortDir);
170		} else {
171		$query = $this->permission->orderBy('id', 'asc');
172		}
173
174		if ($request->exists('filter')) {
175		$query->where(function($q) use($request) {
176		$value = "%{$request->filter}%";
177		$q->where('name', 'like', $value)
178		->orWhere('description', 'like', $value);
179		});
180		}
181
182		$perPage = request()->has('per_page') ? (int) request()->per_page : null;
183		$response = $query->paginate($perPage);
184
185		return response()->json($response);
186		}
187
188		//[Function] permissionStore
189	View Code Duplication	public function permissionStore(Request $request){
		0 ignored issues – show Duplication introduced 2018-03-16 14:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
190		$response = array();
191		$save = array();
192
193		$validator = Validator::make($request->all(), [
194		'name' => 'required',
195		'display_name' => 'required',
196		'description' => 'required'
197		]);
198
199		if($validator->fails()){
200		$response['message'] = "failed add permission";
201		$response['status'] = false;
202		}else{
203		$response['message'] = "success add new permission";
204		$response['status'] = true;
205
206		$save['name'] = $this->macineName($request->name);
207		$save['display_name'] = title_case($request->display_name);
208		$save['description'] = $request->description;
209
210		$this->permission->create($save);
211		}
212
213		return response()->json($response);
214		}
215
216		//[Function] permissionShow
217	View Code Duplication	public function permissionShow($id, Request $request){
		0 ignored issues – show Duplication introduced 2018-03-16 14:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
218		$response = array();
219
220		$role = $this->permission->findOrFail($id);
221
222		$response['status'] = true;
223		$response['permission'] = $role;
224
225		return response()->json($response);
226		}
227
228		//[Function] permissionEdit
229	View Code Duplication	public function permissionEdit($id, Request $request){
		0 ignored issues – show Duplication introduced 2018-03-16 14:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
230		$response = array();
231
232		$role = $this->permission->findOrFail($id);
233
234		$response['status'] = true;
235		$response['permission'] = $role;
236
237		return response()->json($response);
238		}
239
240		//[Function] setPermission
241		public function setPermission($id, Request $request){
242		$response = array();
243
244		$role = $this->role->findOrFail($id);
245		$current_permissions = $role->permissions()->get();
246		$permissions = $this->permission->all();
247
248		foreach ($permissions as $permission) {
249
250		array_set($permission, 'disable', false);
251
252		foreach($current_permissions as $current_permision){
253		if($permission->id == $current_permision->id){
254
255		if($permission->id == $current_permision->id){
256		array_set($permission, 'disable', true);
257		}
258		}else{
259		if($permission->id == $current_permision->id){
260		array_set($permission, 'disable', false);
261		}
262		}
263		}
264		}
265
266
267		$response['status'] = true;
268		$response['current_permissions'] = $current_permissions;
269		$response['permissions'] = $permissions;
270
271		return response()->json($response);
272		}
273
274		//[Function] setPermissionStore
275		public function setPermissionStore($id, Request $request){
276		$response = array();
277
278		$validator = Validator::make($request->all(), [
279		'permission_id' => 'required',
280		]);
281
282		if($validator->fails()){
283		$response['message'] = "failed add permission";
284		$response['status'] = false;
285		}else{
286		$response['message'] = "success add new permission";
287		$response['status'] = true;
288
289		$current_permissions = $this->role->findOrFail($id)->permissions()->get();
290		$save = $this->removeSamePermission($request->permission_id, $current_permissions);
291		$this->role->findOrFail($id)->attachPermissions($save);
292		}
293
294		return response()->json($response);
295		}
296
297		//[Function] removePermissionFromRole
298		public function removePermissionFromRole($id, Request $request){
299		$response = array();
300
301		$validator = Validator::make($request->all(), [
302		'permission_id' => 'required',
303		]);
304
305		if($validator->fails()){
306		$response['message'] = "failed remove permission";
307		$response['status'] = false;
308		}else{
309		$response['message'] = "success remove new permission";
310		$response['status'] = true;
311
312		$data = $request->permission_id;
313
314		$this->role->findOrFail($id)->detachPermission($data);
315		}
316
317		return response()->json($response);
318		}
319
320		//[Function] removeSamePermission
321		protected function removeSamePermission($array, $search){
322
323		foreach($search as $value1){
324		print_r("[".$value1->id."]");
325
326		$key = array_search($value1->id, $array);
327		if(!empty($key)){
328		unset($array[$key]);
329		}
330		}
331		return $array;
332		}
333
334
335
336		//[Function] macineName
337		protected function macineName($text){
338
339		$final = strtolower(str_replace(' ', '_', $text));
340
341		return $final;
342
343		}
344
345
346		}
347

bantenprov / vue-trust

Issues (14)

Security Analysis no request data

src/Http/Controllers/VueTrustController.php (11 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like