Permission::findOrCreate() - Code Metrics - Inspection of "Merge pull request #46 from mostafamaklad/v1.5" - mostafamaklad/laravel-permission-mongodb - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( d05514...4017c3 )

by Mostafa Abd El-Salam

created 2018-02-06 08:20 UTC

Permission::findOrCreate() A

↳ Parent: Project

Complexity

Conditions	2
Paths	2

Size

Total Lines	15
Code Lines	9

Duplication

Lines	15
Ratio	100 %

Code Coverage

Tests	9
CRAP Score	2

Importance

Changes

Metric	Value
dl	15
loc	15
ccs	9
cts	9
cp	1
rs	9.4285
c	0
b	0
f	0
cc	2
eloc	9
nc	2
nop	2
crap	2

<?php
declare(strict_types=1);

namespace Maklad\Permission\Models;

use Illuminate\Support\Collection;
use Jenssegers\Mongodb\Eloquent\Model;
use Jenssegers\Mongodb\Relations\BelongsToMany;
use Maklad\Permission\Contracts\PermissionInterface;
use Maklad\Permission\Exceptions\PermissionAlreadyExists;
use Maklad\Permission\Exceptions\PermissionDoesNotExist;
use Maklad\Permission\Helpers;
use Maklad\Permission\PermissionRegistrar;
use Maklad\Permission\Traits\RefreshesPermissionCache;

/**
 * Class Permission
 * @package Maklad\Permission\Models
 */
class Permission extends Model implements PermissionInterface
{
    use RefreshesPermissionCache;

    public $guarded = ['id'];
    protected $helpers;

    /**
     * Permission constructor.
     *
     * @param array $attributes
     */
    public function __construct(array $attributes = [])

    {
        $attributes['guard_name'] = $attributes['guard_name'] ?? \config('auth.defaults.guard');

        parent::__construct($attributes);

        $this->helpers = new Helpers();

        $this->setTable(\config('permission.collection_names.permissions'));
    }

    /**
     * Create new Permission
     *
     * @param array $attributes
     *
     * @return $this|\Illuminate\Database\Eloquent\Model
     * @throws \Maklad\Permission\Exceptions\PermissionAlreadyExists
     */
    public static function create(array $attributes = [])

    {
        $helpers                  = new Helpers();
        $attributes['guard_name'] = $attributes['guard_name'] ?? \config('auth.defaults.guard');

        if (static::getPermissions()->where('name', $attributes['name'])->where(
            'guard_name',
            $attributes['guard_name']
        )->first()) {
            $name      = (string) $attributes['name'];
            $guardName = (string) $attributes['guard_name'];
            throw new PermissionAlreadyExists($helpers->getPermissionAlreadyExistsMessage($name, $guardName));
        }

        if ($helpers->isNotLumen() && app()::VERSION < '5.4') {
            return parent::create($attributes);
        }

        return static::query()->create($attributes);
    }

    /**
     * Find or create permission by its name (and optionally guardName).
     *
     * @param string $name
     * @param string|null $guardName
     *
     * @return PermissionInterface
     * @throws \Maklad\Permission\Exceptions\PermissionAlreadyExists
     */
    public static function findOrCreate(string $name, $guardName = null): PermissionInterface

    {
        $guardName = $guardName ?? config('auth.defaults.guard');

        $permission = static::getPermissions()
                            ->where('name', $name)
                            ->where('guard_name', $guardName)
                            ->first();

        if (! $permission) {
            $permission = static::create(['name' => $name, 'guard_name' => $guardName]);
        }

        return $permission;
    }

    /**
     * A permission can be applied to roles.
     * @return BelongsToMany
     */
    public function roles(): BelongsToMany
    {
        return $this->belongsToMany(
            \config('permission.models.role'),
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            \config('permission.collection_names.role_has_permissions')
        );
    }

    /**
     * A permission belongs to some users of the model associated with its guard.
     * @return BelongsToMany
     */
    public function users(): BelongsToMany
    {
        return $this->belongsToMany($this->helpers->getModelForGuard($this->attributes['guard_name']));
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
    }

    /**
     * Find a permission by its name (and optionally guardName).
     *
     * @param string $name
     * @param string|null $guardName
     *
     * @return PermissionInterface
     * @throws PermissionDoesNotExist
     */
    public static function findByName(string $name, $guardName = null): PermissionInterface

    {
        $guardName = $guardName ?? \config('auth.defaults.guard');

        $permission = static::getPermissions()->where('name', $name)->where('guard_name', $guardName)->first();

        if (! $permission) {
            $helpers = new Helpers();
            throw new PermissionDoesNotExist($helpers->getPermissionDoesNotExistMessage($name, $guardName));
        }

        return $permission;
    }

    /**
     * Get the current cached permissions.
     * @return Collection
     */
    protected static function getPermissions(): Collection
    {
        return \app(PermissionRegistrar::class)->getPermissions();
    }
}


1			<?php
2			declare(strict_types=1);
3
4			namespace Maklad\Permission\Models;
5
6			use Illuminate\Support\Collection;
7			use Jenssegers\Mongodb\Eloquent\Model;
8			use Jenssegers\Mongodb\Relations\BelongsToMany;
9			use Maklad\Permission\Contracts\PermissionInterface;
10			use Maklad\Permission\Exceptions\PermissionAlreadyExists;
11			use Maklad\Permission\Exceptions\PermissionDoesNotExist;
12			use Maklad\Permission\Helpers;
13			use Maklad\Permission\PermissionRegistrar;
14			use Maklad\Permission\Traits\RefreshesPermissionCache;
15
16			/**
17			* Class Permission
18			* @package Maklad\Permission\Models
19			*/
20			class Permission extends Model implements PermissionInterface
21			{
22			use RefreshesPermissionCache;
23
24			public $guarded = ['id'];
25			protected $helpers;
26
27			/**
28			* Permission constructor.
29			*
30			* @param array $attributes
31			*/
32	119	View Code Duplication	public function __construct(array $attributes = [])
			0 ignored issues – show Duplication introduced 2017-09-01 16:34 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
33			{
34	119		$attributes['guard_name'] = $attributes['guard_name'] ?? \config('auth.defaults.guard');
35
36	119		parent::__construct($attributes);
37
38	119		$this->helpers = new Helpers();
39
40	119		$this->setTable(\config('permission.collection_names.permissions'));
41	119		}
42
43			/**
44			* Create new Permission
45			*
46			* @param array $attributes
47			*
48			* @return $this\|\Illuminate\Database\Eloquent\Model
49			* @throws \Maklad\Permission\Exceptions\PermissionAlreadyExists
50			*/
51	119	View Code Duplication	public static function create(array $attributes = [])
			0 ignored issues – show Duplication introduced 2017-09-01 16:34 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
52			{
53	119		$helpers = new Helpers();
54	119		$attributes['guard_name'] = $attributes['guard_name'] ?? \config('auth.defaults.guard');
55
56	119		if (static::getPermissions()->where('name', $attributes['name'])->where(
57	119		'guard_name',
58	119		$attributes['guard_name']
59	119		)->first()) {
60	1		$name = (string) $attributes['name'];
61	1		$guardName = (string) $attributes['guard_name'];
62	1		throw new PermissionAlreadyExists($helpers->getPermissionAlreadyExistsMessage($name, $guardName));
63			}
64
65	119		if ($helpers->isNotLumen() && app()::VERSION < '5.4') {
66			return parent::create($attributes);
67			}
68
69	119		return static::query()->create($attributes);
70			}
71
72			/**
73			* Find or create permission by its name (and optionally guardName).
74			*
75			* @param string $name
76			* @param string\|null $guardName
77			*
78			* @return PermissionInterface
79			* @throws \Maklad\Permission\Exceptions\PermissionAlreadyExists
80			*/
81	1	View Code Duplication	public static function findOrCreate(string $name, $guardName = null): PermissionInterface
			0 ignored issues – show Duplication introduced 2017-09-06 20:24 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
82			{
83	1		$guardName = $guardName ?? config('auth.defaults.guard');
84
85	1		$permission = static::getPermissions()
86	1		->where('name', $name)
87	1		->where('guard_name', $guardName)
88	1		->first();
89
90	1		if (! $permission) {
91	1		$permission = static::create(['name' => $name, 'guard_name' => $guardName]);
92			}
93
94	1		return $permission;
95			}
96
97			/**
98			* A permission can be applied to roles.
99			* @return BelongsToMany
100			*/
101	119		public function roles(): BelongsToMany
102			{
103	119		return $this->belongsToMany(
104	119		\config('permission.models.role'),
			0 ignored issues – show Security Code Execution introduced 2017-09-07 15:34 UTC by Report Bug Copy Issue Report `\config('permission.models.role')` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_SERVER,` and `$server` is assigned in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Data is passed through array_replace() in vendor/Request.php on line 357 Data is passed through call_user_func() in vendor/Request.php on line 2047 `\Illuminate\Http\Request::create($uri, 'GET', array(), array(), array(), $server)` is passed to Container::instance() in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 31 Container::$instances is assigned in vendor/src/Illuminate/Container/Container.php on line 379 Tainted property Container::$instances is read in vendor/src/Illuminate/Container/Container.php on line 620 Container::resolve() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 586 Container::make() returns tainted data in vendor/src/Illuminate/Foundation/helpers.php on line 110 app() returns tainted data in vendor/src/Illuminate/Foundation/helpers.php on line 265 config() returns tainted data in src/Models/Permission.php on line 104 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
105	119		\config('permission.collection_names.role_has_permissions')
106			);
107			}
108
109			/**
110			* A permission belongs to some users of the model associated with its guard.
111			* @return BelongsToMany
112			*/
113	2		public function users(): BelongsToMany
114			{
115	2		return $this->belongsToMany($this->helpers->getModelForGuard($this->attributes['guard_name']));
			0 ignored issues – show Security Code Execution introduced 2018-01-01 08:08 UTC by Report Bug Copy Issue Report `$this->helpers->getModel...tributes['guard_name'])` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 9 paths for user data to reach this point 1. Path: `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in ServerBag.php on line 62 `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in vendor/ServerBag.php on line 62 ParameterBag::$parameters is assigned in vendor/ServerBag.php on line 77 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Permission.php on line 115 2. Path: Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in Request.php on line 314 Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$request` is passed to Request::__construct() in vendor/Request.php on line 2056 `$request` is passed to Request::initialize() in vendor/Request.php on line 255 `$request` is passed to ParameterBag::__construct() in vendor/Request.php on line 273 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Permission.php on line 115 3. Path: Read from `$_SERVER,` and `$server` is assigned in Request.php on line 304 Read from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 304 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Permission.php on line 115 4. Path: Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in Request.php on line 307 Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 307 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Permission.php on line 115 5. Path: Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in Request.php on line 310 Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 310 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Permission.php on line 115 6. Path: `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in Request.php on line 380 `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in vendor/Request.php on line 380 `$server` is assigned in vendor/Request.php on line 428 `$server` is assigned in vendor/Request.php on line 429 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 431 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Permission.php on line 115 7. Path: `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 43 `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 43 `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `$values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 142 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 145 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1819 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1850 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Permission.php on line 115 8. Path: `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 44 `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `$values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 142 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 145 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1819 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1850 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Permission.php on line 115 9. Path: Read from `$_SERVER,` and `$server` is assigned in src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Read from `$_SERVER,` and `$server` is assigned in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Data is passed through array_replace() in vendor/Request.php on line 357 Data is passed through call_user_func() in vendor/Request.php on line 2047 `\Illuminate\Http\Request::create($uri, 'GET', array(), array(), array(), $server)` is passed to Container::instance() in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 31 Container::$instances is assigned in vendor/src/Illuminate/Container/Container.php on line 379 Tainted property Container::$instances is read in vendor/src/Illuminate/Container/Container.php on line 620 Container::resolve() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 586 Container::make() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 1195 Container::offsetGet() returns tainted data, and `$table` is assigned in vendor/src/Illuminate/Session/SessionManager.php on line 73 `$table` is passed to DatabaseSessionHandler::__construct() in vendor/src/Illuminate/Session/SessionManager.php on line 78 DatabaseSessionHandler::$table is assigned in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 64 Tainted property DatabaseSessionHandler::$table is read, and `$this->table` is passed to Connection::table() in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 279 `$table` is passed to Builder::from() in vendor/src/Illuminate/Database/Connection.php on line 265 Builder::$from is assigned in vendor/src/Illuminate/Database/Query/Builder.php on line 327 Tainted property Builder::$from is read, and `$query->from` is passed to Grammar::wrapTable() in vendor/src/Illuminate/Database/Query/Grammars/Grammar.php on line 783 `$this->tablePrefix . $table` is passed to Grammar::wrap() in vendor/src/Illuminate/Database/Grammar.php on line 36 `$value` is passed through explode(), and `explode('.', $value)` is passed to Grammar::wrapSegments() in vendor/src/Illuminate/Database/Grammar.php on line 62 `$segments` is passed to collect() in vendor/src/Illuminate/Database/Grammar.php on line 96 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Permission.php on line 115 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
116			}
117
118			/**
119			* Find a permission by its name (and optionally guardName).
120			*
121			* @param string $name
122			* @param string\|null $guardName
123			*
124			* @return PermissionInterface
125			* @throws PermissionDoesNotExist
126			*/
127	43	View Code Duplication	public static function findByName(string $name, $guardName = null): PermissionInterface
			0 ignored issues – show Duplication introduced 2017-09-06 20:24 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
128			{
129	43		$guardName = $guardName ?? \config('auth.defaults.guard');
130
131	43		$permission = static::getPermissions()->where('name', $name)->where('guard_name', $guardName)->first();
132
133	43		if (! $permission) {
134	7		$helpers = new Helpers();
135	7		throw new PermissionDoesNotExist($helpers->getPermissionDoesNotExistMessage($name, $guardName));
136			}
137
138	37		return $permission;
139			}
140
141			/**
142			* Get the current cached permissions.
143			* @return Collection
144			*/
145	119		protected static function getPermissions(): Collection
146			{
147	119		return \app(PermissionRegistrar::class)->getPermissions();
148			}
149			}
150

mostafamaklad / laravel-permission-mongodb

Push — master ( d05514...4017c3 )

Permission::findOrCreate() A

Complexity

Size

Duplication

Code Coverage

Importance

1 path for user data to reach this point

General Strategies to prevent injection

9 paths for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like