Issues in Flare.php (master) - Issues in master - laravelflare/flare - Measure and Improve Code Quality continuously with Scrutinizer

Issues (76)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Flare/Flare.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace LaravelFlare\Flare;

use Illuminate\Foundation\Application;

class Flare
{
    /**
     * The Flare version.
     *
     * @var string
     */
    const VERSION = '1.0';

    /**
     * Array of expected configuration keys
     * with the absolute bare-minimum defaults.
     * 
     * @var array
     */
    protected $configurationKeys = [
        'admin_title' => 'Laravel Flare',
        'admin_url' => 'admin',
        'admin_theme' => 'red',
        'admin' => [],
        'attributes' => [],
        'models' => [],
        'modules' => [],
        'widgets' => [],
        'permissions' => \LaravelFlare\Flare\Permissions\Permissions::class,
        'policies' => [],
        'show' => [
            'github' => true,
            'login' => true,
            'notifications' => true,
            'version' => true,
        ],
    ];

    /**
     * Array of Helper Methods.
     *
     * @var array
     */
    protected $helpers = [
        'admin' => \LaravelFlare\Flare\Admin\AdminManager::class,
        'permissions' => \LaravelFlare\Flare\Contracts\Permissions\Permissionable::class,
    ];

    /**
     * Application Instance.
     * 
     * @var \Illuminate\Foundation\Application
     */
    protected $app;

    /**
     * Flare Configuration.
     * 
     * @var array
     */
    protected $config;

    /**
     * The Title of the Admin Panel.
     * 
     * @var string
     */
    protected $adminTitle;

    /**
     * Safe Title of the Admin Panel.
     * 
     * @var string
     */
    protected $safeAdminTitle;

    /**
     * Relative Base URL of Admin Panel.
     * 
     * @var string
     */
    protected $relativeAdminUrl;

    /**
     * __construct.
     *
     * @param \Illuminate\Foundation\Application $app
     */
    public function __construct(Application $app)
    {
        $this->app = $app;

        $this->setLoadedConfig();
    }

    /**
     * Returns the Application Instance.
     * 
     * @return mixed
     */
    public function app()
    {
        return $this->app;
    }

    /**
     * Returns a Flare configuration value(s).
     * 
     * @param string $key
     * 
     * @return mixed
     */
    public function config($key)
    {
        return $this->getConfig($key);
    }

    /**
     * Returns a Flare configuration value(s), falling back 
     * to the defined bare-minimum configuration defaults 
     * if, for whatever reason the config is undefined.
     * 
     * @param string $key
     * 
     * @return mixed
     */
    public function getConfig($key)
    {
        if (array_key_exists($key, $this->config)) {
            return $this->config[$key];
        }

        return config('flare.'.$key);
    }

    /**
     * Allow setting of the Flare config at runtime.
     */
    public function setConfig()
    {
    }

    /**
     * Set the loaded config to the protected property.
     *
     * Defaults to the configuration provided in this file 
     * (the bare minimum) if no config is found available.
     */
    public function setLoadedConfig()
    {
        if (!config('flare.config')) {
            $this->config = $this->configurationKeys;

            return;
        }

        $this->config = config('flare.config');

    }

    /**
     * @return string
     * 
     * @deprecated 0.9 Use getAdminTitle() instead.
     */
    public function adminTitle()
    {
        return $this->getAdminTitle();
    }

    /**
     * Returns the defined Admin Title.
     *
     * @return string
     */
    public function getAdminTitle()
    {
        return $this->adminTitle ? $this->adminTitle : \Flare::config('admin_title');
    }

    /**
     * Sets the Admin Title.
     * 
     * @param mixed $title
     */
    public function setAdminTitle($title = null)
    {
        $this->adminTitle = $title;
    }

    /**
     * @return string
     * 
     * @deprecated 0.9 Use getSafeAdminTitle() instead.
     */
    public function safeAdminTitle()
    {
        return $this->getSafeAdminTitle();
    }

    /**
     * Returns the defined Admin Title, converted
     * to a safer format (for <title> tags etc.).
     * 
     * @return string
     */
    public function getSafeAdminTitle()
    {
        return $this->safeAdminTitle ? $this->adminTitle : strip_tags(\Flare::config('admin_title'));
    }

    /**
     * Sets the Safe Admin Title which is used 
     * in <title> tags etc.
     *
     * @param mixed $title
     */
    public function setSafeAdminTitle($title = null)
    {
        $this->safeAdminTitle = $title;
    }

    /**
     * Returns URL to a path in the Admin Panel, using the 
     * Admin URL defined in the Flare Config.
     * 
     * @param string $path
     * 
     * @return string
     */
    public function adminUrl($path = '')
    {
        return url($this->relativeAdminUrl($path));
    }

    /**
     * Returns URL to a path in the Admin Panel, using the 
     * Admin URL defined in the Flare Config.
     * 
     * @param string $path
     * 
     * @return string
     */
    public function relativeAdminUrl($path = '')
    {
        return rtrim($this->getRelativeAdminUrl().'/'.$path, '/');
    }

    /**
     * Returns URL to a path in the Admin Panel, using the 
     * Admin URL defined in the Flare Config.
     * 
     * @return string
     */
    public function getRelativeAdminUrl()
    {
        return $this->relativeAdminUrl ? $this->relativeAdminUrl : \Flare::config('admin_url');
    }

    /**
     * Set the Flare Relative Admin URL.
     *
     * If the provided path is null the relative path provided
     * with the getRelativeAdminUrl() method will return the
     * configuration file default (or the Flare fallbacks).
     * 
     * @param mixed $path
     */
    public function setRelativeAdminUrl($path = null)
    {
        $this->relativeAdminUrl = $path;
    }

    /**
     * Returns URL to a path in the Flare Documentation.
     * This is COMING SOON!
     * 
     * @param string $path
     * 
     * @return string
     */
    public function docsUrl($path = '')
    {
        return url('#'.$path);
    }

    /**
     * Takes a named route inside the Flare namespace
     * and returns the URL.
     * 
     * @return string
     */
    public function route()
    {
    }

    /**
     * Determines whether part of the Flare Admin Panel
     * should be displayed or not and returns true / false.
     * 
     * @param string $key
     * 
     * @return bool
     */
    public function show($key = false)
    {
        if (!$key) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            return false;
        }

        return $this->getShow($key);
    }

    /**
     * Determines whether part of the Flare Admin Panel
     * should be displayed or not and returns true / false.
     *
     * Accessor for getShow().
     * 
     * @param string $key
     * 
     * @return bool
     */
    public function getShow($key = false)
    {
        if (array_key_exists($key, $showConfig = $this->getConfig('show'))) {
            return $showConfig[$key];
        }
    }

    /**
     * Returns the current Flare Version.
     * 
     * @return string
     */
    public function version()
    {
        return self::VERSION;
    }

    /**
     * Returns the compatibility version of Flare to use.
     *
     * This will either return 'LTS' for Laravel installs of
     * the Long Term Support branch (5.1.x) or 'Edge' for all
     * other versions (including dev-master).
     * 
     * @return string
     */
    public function compatibility()
    {
        if (strpos($this->app->version(), '5.1.') !== false && strpos($this->app->version(), '(LTS)') !== false) {
            return 'LTS';
        }

        return 'Edge';
    }

    /**
     * Register a helper method.
     */
    public function registerHelper($helper, $class)
    {
        if (array_key_exists($helper, $this->helpers)) {
            throw new Exception("Helper method `$helper` has already been defined");
        }

        $this->helpers[$helper] = $class;
    }

    /**
     * Unregister a helper method.
     *
     * @param string $helper
     */
    public function unregisterHelper($helper)
    {
        unset($this->helpers[$helper]);
    }

    /**
     * Call a Helper Method.
     * 
     * @param string $method
     * @param mixed  $parameters
     * 
     * @return mixed
     */
    protected function callHelperMethod($method, $parameters)
    {
        return $this->app->make($this->helpers[$method], $parameters);

    }

    /**
     * Provide access to Helper Methods.
     *
     * This provides an extensible way of adding helper classes
     * which are registerable and available to adccess through
     * the Flare Facade.
     *
     * @param string $method
     * @param array  $parameters
     * 
     * @return mixed
     */
    public function __call($method, $parameters)
    {
        if (array_key_exists($method, $this->helpers)) {
            return $this->callHelperMethod($method, $parameters);
        }

        return call_user_func_array([$this, $method], $parameters);
    }
}


GitHub Access Token became invalid

Issues (76)

Security Analysis not enabled

src/Flare/Flare.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			namespace LaravelFlare\Flare;
4
5			use Illuminate\Foundation\Application;
6
7			class Flare
8			{
9			/**
10			* The Flare version.
11			*
12			* @var string
13			*/
14			const VERSION = '1.0';
15
16			/**
17			* Array of expected configuration keys
18			* with the absolute bare-minimum defaults.
19			*
20			* @var array
21			*/
22			protected $configurationKeys = [
23			'admin_title' => 'Laravel Flare',
24			'admin_url' => 'admin',
25			'admin_theme' => 'red',
26			'admin' => [],
27			'attributes' => [],
28			'models' => [],
29			'modules' => [],
30			'widgets' => [],
31			'permissions' => \LaravelFlare\Flare\Permissions\Permissions::class,
32			'policies' => [],
33			'show' => [
34			'github' => true,
35			'login' => true,
36			'notifications' => true,
37			'version' => true,
38			],
39			];
40
41			/**
42			* Array of Helper Methods.
43			*
44			* @var array
45			*/
46			protected $helpers = [
47			'admin' => \LaravelFlare\Flare\Admin\AdminManager::class,
48			'permissions' => \LaravelFlare\Flare\Contracts\Permissions\Permissionable::class,
49			];
50
51			/**
52			* Application Instance.
53			*
54			* @var \Illuminate\Foundation\Application
55			*/
56			protected $app;
57
58			/**
59			* Flare Configuration.
60			*
61			* @var array
62			*/
63			protected $config;
64
65			/**
66			* The Title of the Admin Panel.
67			*
68			* @var string
69			*/
70			protected $adminTitle;
71
72			/**
73			* Safe Title of the Admin Panel.
74			*
75			* @var string
76			*/
77			protected $safeAdminTitle;
78
79			/**
80			* Relative Base URL of Admin Panel.
81			*
82			* @var string
83			*/
84			protected $relativeAdminUrl;
85
86			/**
87			* __construct.
88			*
89			* @param \Illuminate\Foundation\Application $app
90			*/
91			public function __construct(Application $app)
92			{
93			$this->app = $app;
94
95			$this->setLoadedConfig();
96			}
97
98			/**
99			* Returns the Application Instance.
100			*
101			* @return mixed
102			*/
103			public function app()
104			{
105			return $this->app;
106			}
107
108			/**
109			* Returns a Flare configuration value(s).
110			*
111			* @param string $key
112			*
113			* @return mixed
114			*/
115			public function config($key)
116			{
117			return $this->getConfig($key);
118			}
119
120			/**
121			* Returns a Flare configuration value(s), falling back
122			* to the defined bare-minimum configuration defaults
123			* if, for whatever reason the config is undefined.
124			*
125			* @param string $key
126			*
127			* @return mixed
128			*/
129			public function getConfig($key)
130			{
131			if (array_key_exists($key, $this->config)) {
132			return $this->config[$key];
133			}
134
135			return config('flare.'.$key);
136			}
137
138			/**
139			* Allow setting of the Flare config at runtime.
140			*/
141			public function setConfig()
142			{
143			}
144
145			/**
146			* Set the loaded config to the protected property.
147			*
148			* Defaults to the configuration provided in this file
149			* (the bare minimum) if no config is found available.
150			*/
151			public function setLoadedConfig()
152			{
153			if (!config('flare.config')) {
154			$this->config = $this->configurationKeys;
155
156			return;
157			}
158
159			$this->config = config('flare.config');
			0 ignored issues – show Documentation Bug introduced 2016-02-02 23:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `config('flare.config')` of type `*` is incompatible with the declared type `array` of property `$config`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
160			}
161
162			/**
163			* @return string
164			*
165			* @deprecated 0.9 Use getAdminTitle() instead.
166			*/
167			public function adminTitle()
168			{
169			return $this->getAdminTitle();
170			}
171
172			/**
173			* Returns the defined Admin Title.
174			*
175			* @return string
176			*/
177			public function getAdminTitle()
178			{
179			return $this->adminTitle ? $this->adminTitle : \Flare::config('admin_title');
180			}
181
182			/**
183			* Sets the Admin Title.
184			*
185			* @param mixed $title
186			*/
187			public function setAdminTitle($title = null)
188			{
189			$this->adminTitle = $title;
190			}
191
192			/**
193			* @return string
194			*
195			* @deprecated 0.9 Use getSafeAdminTitle() instead.
196			*/
197			public function safeAdminTitle()
198			{
199			return $this->getSafeAdminTitle();
200			}
201
202			/**
203			* Returns the defined Admin Title, converted
204			* to a safer format (for <title> tags etc.).
205			*
206			* @return string
207			*/
208			public function getSafeAdminTitle()
209			{
210			return $this->safeAdminTitle ? $this->adminTitle : strip_tags(\Flare::config('admin_title'));
211			}
212
213			/**
214			* Sets the Safe Admin Title which is used
215			* in <title> tags etc.
216			*
217			* @param mixed $title
218			*/
219			public function setSafeAdminTitle($title = null)
220			{
221			$this->safeAdminTitle = $title;
222			}
223
224			/**
225			* Returns URL to a path in the Admin Panel, using the
226			* Admin URL defined in the Flare Config.
227			*
228			* @param string $path
229			*
230			* @return string
231			*/
232			public function adminUrl($path = '')
233			{
234			return url($this->relativeAdminUrl($path));
235			}
236
237			/**
238			* Returns URL to a path in the Admin Panel, using the
239			* Admin URL defined in the Flare Config.
240			*
241			* @param string $path
242			*
243			* @return string
244			*/
245			public function relativeAdminUrl($path = '')
246			{
247			return rtrim($this->getRelativeAdminUrl().'/'.$path, '/');
248			}
249
250			/**
251			* Returns URL to a path in the Admin Panel, using the
252			* Admin URL defined in the Flare Config.
253			*
254			* @return string
255			*/
256			public function getRelativeAdminUrl()
257			{
258			return $this->relativeAdminUrl ? $this->relativeAdminUrl : \Flare::config('admin_url');
259			}
260
261			/**
262			* Set the Flare Relative Admin URL.
263			*
264			* If the provided path is null the relative path provided
265			* with the getRelativeAdminUrl() method will return the
266			* configuration file default (or the Flare fallbacks).
267			*
268			* @param mixed $path
269			*/
270			public function setRelativeAdminUrl($path = null)
271			{
272			$this->relativeAdminUrl = $path;
273			}
274
275			/**
276			* Returns URL to a path in the Flare Documentation.
277			* This is COMING SOON!
278			*
279			* @param string $path
280			*
281			* @return string
282			*/
283			public function docsUrl($path = '')
284			{
285			return url('#'.$path);
286			}
287
288			/**
289			* Takes a named route inside the Flare namespace
290			* and returns the URL.
291			*
292			* @return string
293			*/
294			public function route()
295			{
296			}
297
298			/**
299			* Determines whether part of the Flare Admin Panel
300			* should be displayed or not and returns true / false.
301			*
302			* @param string $key
303			*
304			* @return bool
305			*/
306			public function show($key = false)
307			{
308			if (!$key) {
			0 ignored issues – show Bug Best Practice introduced 2016-02-02 23:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$key` of type `false\|string` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== false` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
309			return false;
310			}
311
312			return $this->getShow($key);
313			}
314
315			/**
316			* Determines whether part of the Flare Admin Panel
317			* should be displayed or not and returns true / false.
318			*
319			* Accessor for getShow().
320			*
321			* @param string $key
322			*
323			* @return bool
324			*/
325			public function getShow($key = false)
326			{
327			if (array_key_exists($key, $showConfig = $this->getConfig('show'))) {
328			return $showConfig[$key];
329			}
330			}
331
332			/**
333			* Returns the current Flare Version.
334			*
335			* @return string
336			*/
337			public function version()
338			{
339			return self::VERSION;
340			}
341
342			/**
343			* Returns the compatibility version of Flare to use.
344			*
345			* This will either return 'LTS' for Laravel installs of
346			* the Long Term Support branch (5.1.x) or 'Edge' for all
347			* other versions (including dev-master).
348			*
349			* @return string
350			*/
351			public function compatibility()
352			{
353			if (strpos($this->app->version(), '5.1.') !== false && strpos($this->app->version(), '(LTS)') !== false) {
354			return 'LTS';
355			}
356
357			return 'Edge';
358			}
359
360			/**
361			* Register a helper method.
362			*/
363			public function registerHelper($helper, $class)
364			{
365			if (array_key_exists($helper, $this->helpers)) {
366			throw new Exception("Helper method `$helper` has already been defined");
367			}
368
369			$this->helpers[$helper] = $class;
370			}
371
372			/**
373			* Unregister a helper method.
374			*
375			* @param string $helper
376			*/
377			public function unregisterHelper($helper)
378			{
379			unset($this->helpers[$helper]);
380			}
381
382			/**
383			* Call a Helper Method.
384			*
385			* @param string $method
386			* @param mixed $parameters
387			*
388			* @return mixed
389			*/
390			protected function callHelperMethod($method, $parameters)
391			{
392			return $this->app->make($this->helpers[$method], $parameters);
			0 ignored issues – show Unused Code introduced 2017-01-30 15:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Application::make()` has too many arguments starting with `$parameters`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
393			}
394
395			/**
396			* Provide access to Helper Methods.
397			*
398			* This provides an extensible way of adding helper classes
399			* which are registerable and available to adccess through
400			* the Flare Facade.
401			*
402			* @param string $method
403			* @param array $parameters
404			*
405			* @return mixed
406			*/
407			public function __call($method, $parameters)
408			{
409			if (array_key_exists($method, $this->helpers)) {
410			return $this->callHelperMethod($method, $parameters);
411			}
412
413			return call_user_func_array([$this, $method], $parameters);
414			}
415			}
416

laravelflare / flare

GitHub Access Token became invalid

Issues (76)

Security Analysis not enabled

src/Flare/Flare.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like