Issues in webpack.config.prod.js (master) - Issues in master - fooplugins/foogallery - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1881)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

gutenberg/config/webpack.config.prod.js (8 issues)

Labels

Backwards Compatibility 8

Severity

Major 8

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

/**
 * Webpack Configuration
 *
 * Working of a Webpack can be very simple or complex. This is an intenally simple
 * build configuration.
 *
 * Webpack basics — If you are new the Webpack here's all you need to know:
 *     1. Webpack is a module bundler. It bundles different JS modules together.
 *     2. It needs and entry point and an ouput to process file(s) and bundle them.
 *     3. By default it only understands common JavaScript but you can make it
 *        understand other formats by way of adding a Webpack loader.
 *     4. In the file below you will find an entry point, an ouput, and a babel-loader
 *        that tests all .js files excluding the ones in node_modules to process the
 *        ESNext and make it compatible with older browsers i.e. it converts the
 *        ESNext (new standards of JavaScript) into old JavaScript through a loader
 *        by Babel.
 *
 * TODO: Instructions.
 *
 * @since 1.0.0
 */

const paths = require( './paths' );

const webpack = require( 'webpack' );

const autoprefixer = require( 'autoprefixer' );

const ExtractTextPlugin = require( 'extract-text-webpack-plugin' );


// Source maps are resource heavy and can cause out of memory issue for large source files.
const shouldUseSourceMap = process.env.GENERATE_SOURCEMAP === 'true';


// Extract style.css for both editor and frontend styles.
const blocksCSSPlugin = new ExtractTextPlugin( {

	filename: './gutenberg/dist/blocks.style.build.css',
} );

// Extract editor.css for editor styles.
const editBlocksCSSPlugin = new ExtractTextPlugin( {

	filename: './gutenberg/dist/blocks.editor.build.css',
} );

// Configuration for the ExtractTextPlugin — DRY rule.
const extractConfig = {

	use: [
		// "postcss" loader applies autoprefixer to our CSS.
		{ loader: 'raw-loader' },
		{
			loader: 'postcss-loader',
			options: {
				ident: 'postcss',
				plugins: [
					autoprefixer( {
						browsers: [
							'>1%',
							'last 4 versions',
							'Firefox ESR',
							'not ie < 9', // React doesn't support IE8 anyway
						],
						flexbox: 'no-2009',
					} ),
				],
			},
		},
		// "sass" loader converst SCSS to CSS.
		{
			loader: 'sass-loader',
			options: {
				// Add common CSS file for variables and mixins.
				data: '@import "./gutenberg/src/common.scss";\n',
				outputStyle: 'compressed',
			},
		},
	],
};

// Export configuration.
module.exports = {
	entry: {
		'./gutenberg/dist/blocks.build': paths.pluginBlocksJs, // 'name' : 'path/file.ext'.
	},
	output: {
		// Add /* filename */ comments to generated require()s in the output.
		pathinfo: true,
		// The dist folder.
		path: paths.pluginDist,
		filename: '[name].js', // [name] = './dist/blocks.build' as defined above.
	},
	// You may want 'eval' instead if you prefer to see the compiled output in DevTools.
	devtool: shouldUseSourceMap ? 'source-map' : false,
	module: {
		rules: [
			{
				test: /\.(js|jsx|mjs)$/,
				exclude: /(node_modules|bower_components)/,
				use: {
					loader: 'babel-loader',
					options: {

						// This is a feature of `babel-loader` for webpack (not Babel itself).
						// It enables caching results in ./node_modules/.cache/babel-loader/
						// directory for faster rebuilds.
						cacheDirectory: true,
					},
				},
			},
			{
				test: /style\.s?css$/,
				exclude: /(node_modules|bower_components)/,
				use: blocksCSSPlugin.extract( extractConfig ),
			},
			{
				test: /editor\.s?css$/,
				exclude: /(node_modules|bower_components)/,
				use: editBlocksCSSPlugin.extract( extractConfig ),
			},
		],
	},
	// Add plugins.
	plugins: [
		blocksCSSPlugin,
		editBlocksCSSPlugin,
		// Minify the code.
		new webpack.optimize.UglifyJsPlugin( {
			compress: {
				warnings: false,
				// Disabled because of an issue with Uglify breaking seemingly valid code:
				// https://github.com/facebookincubator/create-react-app/issues/2376
				// Pending further investigation:
				// https://github.com/mishoo/UglifyJS2/issues/2011
				comparisons: false,
			},
			mangle: {
				safari10: true,
			},
			output: {
				comments: false,
				// Turned on because emoji and regex is not minified properly using default
				// https://github.com/facebookincubator/create-react-app/issues/2488
				ascii_only: true,
			},
			sourceMap: shouldUseSourceMap,
		} ),
	],
	stats: 'minimal',
	// stats: 'errors-only',
	// Add externals.
	externals: {
		react: 'React',
		'react-dom': 'ReactDOM',
		ga: 'ga', // Old Google Analytics.
		gtag: 'gtag', // New Google Analytics.
		jquery: 'jQuery', // import $ from 'jquery' // Use the WordPress version.
	},
};


GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

gutenberg/config/webpack.config.prod.js (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			/**
2			* Webpack Configuration
3			*
4			* Working of a Webpack can be very simple or complex. This is an intenally simple
5			* build configuration.
6			*
7			* Webpack basics — If you are new the Webpack here's all you need to know:
8			* 1. Webpack is a module bundler. It bundles different JS modules together.
9			* 2. It needs and entry point and an ouput to process file(s) and bundle them.
10			* 3. By default it only understands common JavaScript but you can make it
11			* understand other formats by way of adding a Webpack loader.
12			* 4. In the file below you will find an entry point, an ouput, and a babel-loader
13			* that tests all .js files excluding the ones in node_modules to process the
14			* ESNext and make it compatible with older browsers i.e. it converts the
15			* ESNext (new standards of JavaScript) into old JavaScript through a loader
16			* by Babel.
17			*
18			* TODO: Instructions.
19			*
20			* @since 1.0.0
21			*/
22
23			const paths = require( './paths' );
			0 ignored issues – show Backwards Compatibility introduced 2018-10-16 20:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this 'const' is available in ES6 (use 'esversion: 6') or Mozilla JS extensions (use moz). Loading history...
24			const webpack = require( 'webpack' );
			0 ignored issues – show Backwards Compatibility introduced 2018-10-16 20:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this 'const' is available in ES6 (use 'esversion: 6') or Mozilla JS extensions (use moz). Loading history...
25			const autoprefixer = require( 'autoprefixer' );
			0 ignored issues – show Backwards Compatibility introduced 2018-10-16 20:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this 'const' is available in ES6 (use 'esversion: 6') or Mozilla JS extensions (use moz). Loading history...
26			const ExtractTextPlugin = require( 'extract-text-webpack-plugin' );
			0 ignored issues – show Backwards Compatibility introduced 2018-10-16 20:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this 'const' is available in ES6 (use 'esversion: 6') or Mozilla JS extensions (use moz). Loading history...
27
28			// Source maps are resource heavy and can cause out of memory issue for large source files.
29			const shouldUseSourceMap = process.env.GENERATE_SOURCEMAP === 'true';
			0 ignored issues – show Backwards Compatibility introduced 2018-10-16 20:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this 'const' is available in ES6 (use 'esversion: 6') or Mozilla JS extensions (use moz). Loading history...
30
31			// Extract style.css for both editor and frontend styles.
32			const blocksCSSPlugin = new ExtractTextPlugin( {
			0 ignored issues – show Backwards Compatibility introduced 2018-10-16 20:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this 'const' is available in ES6 (use 'esversion: 6') or Mozilla JS extensions (use moz). Loading history...
33			filename: './gutenberg/dist/blocks.style.build.css',
34			} );
35
36			// Extract editor.css for editor styles.
37			const editBlocksCSSPlugin = new ExtractTextPlugin( {
			0 ignored issues – show Backwards Compatibility introduced 2018-10-16 20:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this 'const' is available in ES6 (use 'esversion: 6') or Mozilla JS extensions (use moz). Loading history...
38			filename: './gutenberg/dist/blocks.editor.build.css',
39			} );
40
41			// Configuration for the ExtractTextPlugin — DRY rule.
42			const extractConfig = {
			0 ignored issues – show Backwards Compatibility introduced 2018-10-16 20:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this 'const' is available in ES6 (use 'esversion: 6') or Mozilla JS extensions (use moz). Loading history...
43			use: [
44			// "postcss" loader applies autoprefixer to our CSS.
45			{ loader: 'raw-loader' },
46			{
47			loader: 'postcss-loader',
48			options: {
49			ident: 'postcss',
50			plugins: [
51			autoprefixer( {
52			browsers: [
53			'>1%',
54			'last 4 versions',
55			'Firefox ESR',
56			'not ie < 9', // React doesn't support IE8 anyway
57			],
58			flexbox: 'no-2009',
59			} ),
60			],
61			},
62			},
63			// "sass" loader converst SCSS to CSS.
64			{
65			loader: 'sass-loader',
66			options: {
67			// Add common CSS file for variables and mixins.
68			data: '@import "./gutenberg/src/common.scss";\n',
69			outputStyle: 'compressed',
70			},
71			},
72			],
73			};
74
75			// Export configuration.
76			module.exports = {
77			entry: {
78			'./gutenberg/dist/blocks.build': paths.pluginBlocksJs, // 'name' : 'path/file.ext'.
79			},
80			output: {
81			// Add /* filename */ comments to generated require()s in the output.
82			pathinfo: true,
83			// The dist folder.
84			path: paths.pluginDist,
85			filename: '[name].js', // [name] = './dist/blocks.build' as defined above.
86			},
87			// You may want 'eval' instead if you prefer to see the compiled output in DevTools.
88			devtool: shouldUseSourceMap ? 'source-map' : false,
89			module: {
90			rules: [
91			{
92			test: /\.(js\|jsx\|mjs)$/,
93			exclude: /(node_modules\|bower_components)/,
94			use: {
95			loader: 'babel-loader',
96			options: {
97
98			// This is a feature of `babel-loader` for webpack (not Babel itself).
99			// It enables caching results in ./node_modules/.cache/babel-loader/
100			// directory for faster rebuilds.
101			cacheDirectory: true,
102			},
103			},
104			},
105			{
106			test: /style\.s?css$/,
107			exclude: /(node_modules\|bower_components)/,
108			use: blocksCSSPlugin.extract( extractConfig ),
109			},
110			{
111			test: /editor\.s?css$/,
112			exclude: /(node_modules\|bower_components)/,
113			use: editBlocksCSSPlugin.extract( extractConfig ),
114			},
115			],
116			},
117			// Add plugins.
118			plugins: [
119			blocksCSSPlugin,
120			editBlocksCSSPlugin,
121			// Minify the code.
122			new webpack.optimize.UglifyJsPlugin( {
123			compress: {
124			warnings: false,
125			// Disabled because of an issue with Uglify breaking seemingly valid code:
126			// https://github.com/facebookincubator/create-react-app/issues/2376
127			// Pending further investigation:
128			// https://github.com/mishoo/UglifyJS2/issues/2011
129			comparisons: false,
130			},
131			mangle: {
132			safari10: true,
133			},
134			output: {
135			comments: false,
136			// Turned on because emoji and regex is not minified properly using default
137			// https://github.com/facebookincubator/create-react-app/issues/2488
138			ascii_only: true,
139			},
140			sourceMap: shouldUseSourceMap,
141			} ),
142			],
143			stats: 'minimal',
144			// stats: 'errors-only',
145			// Add externals.
146			externals: {
147			react: 'React',
148			'react-dom': 'ReactDOM',
149			ga: 'ga', // Old Google Analytics.
150			gtag: 'gtag', // New Google Analytics.
151			jquery: 'jQuery', // import $ from 'jquery' // Use the WordPress version.
152			},
153			};
154

fooplugins / foogallery

GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

gutenberg/config/webpack.config.prod.js (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like