Issues in MakeModuleCommand.php (master) - Issues in master - caffeinated/modules - Measure and Improve Code Quality continuously with Scrutinizer

Issues (46)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Console/Generators/MakeModuleCommand.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Caffeinated\Modules\Console\Generators;

use Caffeinated\Modules\Modules;
use Illuminate\Console\Command;
use Illuminate\Filesystem\Filesystem;
use Illuminate\Support\Str;
use Symfony\Component\Console\Helper\ProgressBar;

class MakeModuleCommand extends Command
{
    /**
     * The name and signature of the console command.
     *
     * @var string
     */
    protected $signature = 'make:module
        {slug : The slug of the module}
        {--Q|quick : Skip the make:module wizard and use default values}';

    /**
     * The console command description.
     *
     * @var string
     */
    protected $description = 'Create a new Caffeinated module and bootstrap it';

    /**
     * Module folders to be created.
     *
     * @var array
     */
    protected $moduleFolders = [
        'Console/',
        'Database/',
        'Database/Migrations/',
        'Database/Seeds/',
        'Http/',
        'Http/Controllers/',
        'Http/Middleware/',
        'Http/Requests/',
        'Providers/',
        'Resources/',
        'Resources/Lang/',
        'Resources/Views/',
    ];

    /**
     * Module files to be created.
     *
     * @var array
     */
    protected $moduleFiles = [
        'Database/Seeds/{{namespace}}DatabaseSeeder.php',
        'Http/routes.php',
        'Providers/{{namespace}}ServiceProvider.php',
        'Providers/RouteServiceProvider.php',
        'module.json',
    ];

    /**
     * Module stubs used to populate defined files.
     *
     * @var array
     */
    protected $moduleStubs = [
        'seeder',
        'routes',
        'moduleserviceprovider',
        'routeserviceprovider',
        'manifest',
    ];

    /**
     * The modules instance.
     *
     * @var Modules
     */
    protected $module;

    /**
     * The filesystem instance.
     *
     * @var Filesystem
     */
    protected $files;

    /**
     * Array to store the configuration details.
     *
     * @var array
     */
    protected $container;

    /**
     * Create a new command instance.
     *
     * @param Filesystem $files
     * @param Modules    $module
     */
    public function __construct(Filesystem $files, Modules $module)
    {
        parent::__construct();

        $this->files  = $files;
        $this->module = $module;
    }

    /**
     * Execute the console command.
     *
     * @return mixed
     */
    public function fire()
    {
        $this->container['slug']        = Str::slug($this->argument('slug'));
        $this->container['name']        = Str::studly($this->container['slug']);
        $this->container['namespace']   = Str::studly($this->container['slug']);
        $this->container['version']     = '1.0';
        $this->container['description'] = 'This is the description for the '.$this->container['name'].' module.';
        $this->container['license']     = 'MIT';
        $this->container['author']      = ' ';

        if ($this->option('quick')) {
            return $this->generate();
        }

        $this->displayHeader('make_module_introduction');

        $this->stepOne();
    }

    /**
     * Step 1: Configure module manifest.
     *
     * @return mixed
     */
    private function stepOne()
    {
        $this->displayHeader('make_module_step_1');

        $this->container['name']        = $this->ask('Please enter the name of the module:', $this->container['name']);
        $this->container['slug']        = $this->ask('Please enter the slug for the module:', $this->container['slug']);
        $this->container['version']     = $this->ask('Please enter the module version:', $this->container['version']);
        $this->container['description'] = $this->ask('Please enter the description of the module:', $this->container['description']);
        $this->container['author']      = $this->ask('Please enter the author of the module:', $this->container['author']);
        $this->container['license']     = $this->ask('Please enter the module license:', $this->container['license']);

        $this->comment('You have provided the following manifest information:');
        $this->comment('Name:        '.$this->container['name']);
        $this->comment('Slug:        '.$this->container['slug']);
        $this->comment('Version:     '.$this->container['version']);
        $this->comment('Description: '.$this->container['description']);
        $this->comment('Author:      '.$this->container['author']);
        $this->comment('License:     '.$this->container['license']);

        if ($this->confirm('Do you wish to continue?')) {
            $this->comment('Thanks! That\'s all we need.');
            $this->comment('Now relax while your module is generated for you.');

            $this->generate();
        } else {
            return $this->stepOne();
        }

        return true;
    }

    /**
     * Generate the module.
     */
    protected function generate()
    {
        $steps = [
            'Generating folders...'      => 'generateFolders',
            'Generating .gitkeep...'     => 'generateGitkeep',
            'Generating files...'        => 'generateFiles',
            'Optimizing module cache...' => 'optimizeModules',
        ];

        $progress = new ProgressBar($this->output, count($steps));
        $progress->start();

        foreach ($steps as $message => $function) {
            $progress->setMessage($message);

            $this->$function();

            $progress->advance();
        }

        $progress->finish();

        $this->info("\nModule generated successfully.");
    }

    /**
     * Generate defined module folders.
     */
    protected function generateFolders()
    {
        if (!$this->files->isDirectory($this->module->getPath())) {
            $this->files->makeDirectory($this->module->getPath());
        }

        $this->files->makeDirectory($this->getModulePath($this->container['slug'], true));

        foreach ($this->moduleFolders as $folder) {
            $this->files->makeDirectory($this->getModulePath($this->container['slug']).$folder);
        }
    }

    /**
     * Generate defined module files.
     */
    protected function generateFiles()
    {
        foreach ($this->moduleFiles as $key => $file) {
            $file = $this->formatContent($file);

            $this->files->put($this->getDestinationFile($file), $this->getStubContent($key));
        }
    }

    /**
     * Generate .gitkeep files within generated folders.
     */
    protected function generateGitkeep()
    {
        $modulePath = $this->getModulePath($this->container['slug']);
        foreach ($this->moduleFolders as $folder) {
            $gitkeep = $modulePath.$folder.'/.gitkeep';
            $this->files->put($gitkeep, '');
        }
    }

    /**
     * Reset module cache of enabled and disabled modules.
     */
    protected function optimizeModules()
    {
        return $this->callSilent('module:optimize');
    }

    /**
     * Get the path to the module.
     *
     * @param string $slug
     *
     * @return string
     */
    protected function getModulePath($slug = null, $allowNotExists = false)
    {
        if ($slug) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            return $this->module->getModulePath($slug, $allowNotExists);

        }

        return $this->module->getPath();
    }

    /**
     * Get destination file.
     *
     * @param string $file
     *
     * @return string
     */
    protected function getDestinationFile($file)
    {
        return $this->getModulePath($this->container['slug']).$this->formatContent($file);
    }

    /**
     * Get stub content by key.
     *
     * @param int $key
     *
     * @return string
     */
    protected function getStubContent($key)
    {
        $stub    = $this->moduleStubs[$key];
        $laravel = app();

        if (
            version_compare($laravel::VERSION, '5.2.0', '<') and
            version_compare($laravel::VERSION, '5.1.0'. '>=')) {
            $stub = $stub.'_v5.1';
        }

        return $this->formatContent($this->files->get(__DIR__.'/../../../resources/stubs/'.$stub.'.stub'));
    }

    /**
     * Replace placeholder text with correct values.
     *
     * @return string
     */
    protected function formatContent($content)
    {
        return str_replace(
            ['{{slug}}', '{{name}}', '{{namespace}}', '{{version}}', '{{description}}', '{{author}}', '{{license}}', '{{path}}'],
            [$this->container['slug'], $this->container['name'], $this->container['namespace'], $this->container['version'], $this->container['description'], $this->container['author'], $this->container['license'], $this->module->getNamespace()],
            $content
        );
    }

    /**
     * Pull the given stub file contents and display them on screen.
     *
     * @param string $file
     * @param string $level
     *
     * @return mixed
     */
    protected function displayHeader($file = '', $level = 'info')
    {
        if(!empty(config('modules.custom_stubs'))){
            $stub = $this->files->get(config('modules.custom_stubs').'/console/'.$file.'.stub');
        }else{
            $stub = $this->files->get(__DIR__.'/../../../resources/stubs/console/'.$file.'.stub');
        }
        
        return $this->$level($stub);
    }
}


GitHub Access Token became invalid

Issues (46)

Security Analysis no request data

src/Console/Generators/MakeModuleCommand.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			namespace Caffeinated\Modules\Console\Generators;
4
5			use Caffeinated\Modules\Modules;
6			use Illuminate\Console\Command;
7			use Illuminate\Filesystem\Filesystem;
8			use Illuminate\Support\Str;
9			use Symfony\Component\Console\Helper\ProgressBar;
10
11			class MakeModuleCommand extends Command
12			{
13			/**
14			* The name and signature of the console command.
15			*
16			* @var string
17			*/
18			protected $signature = 'make:module
19			{slug : The slug of the module}
20			{--Q\|quick : Skip the make:module wizard and use default values}';
21
22			/**
23			* The console command description.
24			*
25			* @var string
26			*/
27			protected $description = 'Create a new Caffeinated module and bootstrap it';
28
29			/**
30			* Module folders to be created.
31			*
32			* @var array
33			*/
34			protected $moduleFolders = [
35			'Console/',
36			'Database/',
37			'Database/Migrations/',
38			'Database/Seeds/',
39			'Http/',
40			'Http/Controllers/',
41			'Http/Middleware/',
42			'Http/Requests/',
43			'Providers/',
44			'Resources/',
45			'Resources/Lang/',
46			'Resources/Views/',
47			];
48
49			/**
50			* Module files to be created.
51			*
52			* @var array
53			*/
54			protected $moduleFiles = [
55			'Database/Seeds/{{namespace}}DatabaseSeeder.php',
56			'Http/routes.php',
57			'Providers/{{namespace}}ServiceProvider.php',
58			'Providers/RouteServiceProvider.php',
59			'module.json',
60			];
61
62			/**
63			* Module stubs used to populate defined files.
64			*
65			* @var array
66			*/
67			protected $moduleStubs = [
68			'seeder',
69			'routes',
70			'moduleserviceprovider',
71			'routeserviceprovider',
72			'manifest',
73			];
74
75			/**
76			* The modules instance.
77			*
78			* @var Modules
79			*/
80			protected $module;
81
82			/**
83			* The filesystem instance.
84			*
85			* @var Filesystem
86			*/
87			protected $files;
88
89			/**
90			* Array to store the configuration details.
91			*
92			* @var array
93			*/
94			protected $container;
95
96			/**
97			* Create a new command instance.
98			*
99			* @param Filesystem $files
100			* @param Modules $module
101			*/
102			public function __construct(Filesystem $files, Modules $module)
103			{
104			parent::__construct();
105
106			$this->files = $files;
107			$this->module = $module;
108			}
109
110			/**
111			* Execute the console command.
112			*
113			* @return mixed
114			*/
115			public function fire()
116			{
117			$this->container['slug'] = Str::slug($this->argument('slug'));
118			$this->container['name'] = Str::studly($this->container['slug']);
119			$this->container['namespace'] = Str::studly($this->container['slug']);
120			$this->container['version'] = '1.0';
121			$this->container['description'] = 'This is the description for the '.$this->container['name'].' module.';
122			$this->container['license'] = 'MIT';
123			$this->container['author'] = ' ';
124
125			if ($this->option('quick')) {
126			return $this->generate();
127			}
128
129			$this->displayHeader('make_module_introduction');
130
131			$this->stepOne();
132			}
133
134			/**
135			* Step 1: Configure module manifest.
136			*
137			* @return mixed
138			*/
139			private function stepOne()
140			{
141			$this->displayHeader('make_module_step_1');
142
143			$this->container['name'] = $this->ask('Please enter the name of the module:', $this->container['name']);
144			$this->container['slug'] = $this->ask('Please enter the slug for the module:', $this->container['slug']);
145			$this->container['version'] = $this->ask('Please enter the module version:', $this->container['version']);
146			$this->container['description'] = $this->ask('Please enter the description of the module:', $this->container['description']);
147			$this->container['author'] = $this->ask('Please enter the author of the module:', $this->container['author']);
148			$this->container['license'] = $this->ask('Please enter the module license:', $this->container['license']);
149
150			$this->comment('You have provided the following manifest information:');
151			$this->comment('Name: '.$this->container['name']);
152			$this->comment('Slug: '.$this->container['slug']);
153			$this->comment('Version: '.$this->container['version']);
154			$this->comment('Description: '.$this->container['description']);
155			$this->comment('Author: '.$this->container['author']);
156			$this->comment('License: '.$this->container['license']);
157
158			if ($this->confirm('Do you wish to continue?')) {
159			$this->comment('Thanks! That\'s all we need.');
160			$this->comment('Now relax while your module is generated for you.');
161
162			$this->generate();
163			} else {
164			return $this->stepOne();
165			}
166
167			return true;
168			}
169
170			/**
171			* Generate the module.
172			*/
173			protected function generate()
174			{
175			$steps = [
176			'Generating folders...' => 'generateFolders',
177			'Generating .gitkeep...' => 'generateGitkeep',
178			'Generating files...' => 'generateFiles',
179			'Optimizing module cache...' => 'optimizeModules',
180			];
181
182			$progress = new ProgressBar($this->output, count($steps));
183			$progress->start();
184
185			foreach ($steps as $message => $function) {
186			$progress->setMessage($message);
187
188			$this->$function();
189
190			$progress->advance();
191			}
192
193			$progress->finish();
194
195			$this->info("\nModule generated successfully.");
196			}
197
198			/**
199			* Generate defined module folders.
200			*/
201			protected function generateFolders()
202			{
203			if (!$this->files->isDirectory($this->module->getPath())) {
204			$this->files->makeDirectory($this->module->getPath());
205			}
206
207			$this->files->makeDirectory($this->getModulePath($this->container['slug'], true));
208
209			foreach ($this->moduleFolders as $folder) {
210			$this->files->makeDirectory($this->getModulePath($this->container['slug']).$folder);
211			}
212			}
213
214			/**
215			* Generate defined module files.
216			*/
217			protected function generateFiles()
218			{
219			foreach ($this->moduleFiles as $key => $file) {
220			$file = $this->formatContent($file);
221
222			$this->files->put($this->getDestinationFile($file), $this->getStubContent($key));
223			}
224			}
225
226			/**
227			* Generate .gitkeep files within generated folders.
228			*/
229			protected function generateGitkeep()
230			{
231			$modulePath = $this->getModulePath($this->container['slug']);
232			foreach ($this->moduleFolders as $folder) {
233			$gitkeep = $modulePath.$folder.'/.gitkeep';
234			$this->files->put($gitkeep, '');
235			}
236			}
237
238			/**
239			* Reset module cache of enabled and disabled modules.
240			*/
241			protected function optimizeModules()
242			{
243			return $this->callSilent('module:optimize');
244			}
245
246			/**
247			* Get the path to the module.
248			*
249			* @param string $slug
250			*
251			* @return string
252			*/
253			protected function getModulePath($slug = null, $allowNotExists = false)
254			{
255			if ($slug) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-26 04:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$slug` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
256			return $this->module->getModulePath($slug, $allowNotExists);
			0 ignored issues – show Unused Code introduced 2015-12-26 04:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Modules::getModulePath()` has too many arguments starting with `$allowNotExists`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
257			}
258
259			return $this->module->getPath();
260			}
261
262			/**
263			* Get destination file.
264			*
265			* @param string $file
266			*
267			* @return string
268			*/
269			protected function getDestinationFile($file)
270			{
271			return $this->getModulePath($this->container['slug']).$this->formatContent($file);
272			}
273
274			/**
275			* Get stub content by key.
276			*
277			* @param int $key
278			*
279			* @return string
280			*/
281			protected function getStubContent($key)
282			{
283			$stub = $this->moduleStubs[$key];
284			$laravel = app();
285
286			if (
287			version_compare($laravel::VERSION, '5.2.0', '<') and
288			version_compare($laravel::VERSION, '5.1.0'. '>=')) {
289			$stub = $stub.'_v5.1';
290			}
291
292			return $this->formatContent($this->files->get(__DIR__.'/../../../resources/stubs/'.$stub.'.stub'));
293			}
294
295			/**
296			* Replace placeholder text with correct values.
297			*
298			* @return string
299			*/
300			protected function formatContent($content)
301			{
302			return str_replace(
303			['{{slug}}', '{{name}}', '{{namespace}}', '{{version}}', '{{description}}', '{{author}}', '{{license}}', '{{path}}'],
304			[$this->container['slug'], $this->container['name'], $this->container['namespace'], $this->container['version'], $this->container['description'], $this->container['author'], $this->container['license'], $this->module->getNamespace()],
305			$content
306			);
307			}
308
309			/**
310			* Pull the given stub file contents and display them on screen.
311			*
312			* @param string $file
313			* @param string $level
314			*
315			* @return mixed
316			*/
317			protected function displayHeader($file = '', $level = 'info')
318			{
319			if(!empty(config('modules.custom_stubs'))){
320			$stub = $this->files->get(config('modules.custom_stubs').'/console/'.$file.'.stub');
321			}else{
322			$stub = $this->files->get(__DIR__.'/../../../resources/stubs/console/'.$file.'.stub');
323			}
324
325			return $this->$level($stub);
326			}
327			}
328

caffeinated / modules

GitHub Access Token became invalid

Issues (46)

Security Analysis no request data

src/Console/Generators/MakeModuleCommand.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like