HasPermissions::users() - Code Metrics - Inspection of "Merge pull request #47 from mostafamaklad/v1.6" - mostafamaklad/laravel-permission-mongodb - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 068002...f8d99a )

by Mostafa Abd El-Salam

created 2018-02-17 20:14 UTC

HasPermissions::users() A

↳ Parent: Project

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	2
CRAP Score	1

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	4
ccs	2
cts	2
cp	1
rs	10
cc	1
eloc	2
nc	1
nop	0
crap	1

<?php
declare(strict_types=1);

namespace Maklad\Permission\Traits;

use Illuminate\Support\Collection;
use Jenssegers\Mongodb\Eloquent\Model;
use Jenssegers\Mongodb\Relations\BelongsToMany;
use Maklad\Permission\Contracts\PermissionInterface as Permission;
use Maklad\Permission\Exceptions\GuardDoesNotMatch;
use Maklad\Permission\Helpers;
use Maklad\Permission\PermissionRegistrar;

/**
 * Trait HasPermissions
 * @package Maklad\Permission\Traits
 */
trait HasPermissions
{
    /**
     * A role may be given various permissions.
     * @return BelongsToMany
     */
    public function permissions(): BelongsToMany
    {
        return $this->belongsToMany(
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
            config('permission.models.permission'),
            config('permission.collection_names.role_has_permissions')
        );
    }

    /**
     * A role belongs to some users of the model associated with its guard.
     */
    public function users(): BelongsToMany
    {
        return $this->belongsToMany($this->helpers->getModelForGuard($this->attributes['guard_name']));
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }

    /**
     * Grant the given permission(s) to a role.
     *
     * @param string|array|Permission|\Illuminate\Support\Collection $permissions
     *
     * @return $this
     * @throws GuardDoesNotMatch
     */
    public function givePermissionTo(...$permissions)

    {
        $permissions = collect($permissions)
            ->flatten()
            ->map(function ($permission) {
                return $this->getStoredPermission($permission);
            })
            ->each(function ($permission) {
                $this->ensureModelSharesGuard($permission);
            })
            ->all();

        $this->permissions()->saveMany($permissions);

        $this->forgetCachedPermissions();

        return $this;
    }

    /**
     * Remove all current permissions and set the given ones.
     *
     * @param string|array|Permission|\Illuminate\Support\Collection $permissions
     *
     * @return $this
     * @throws GuardDoesNotMatch
     */
    public function syncPermissions(...$permissions)
    {
        $this->permissions()->sync([]);

        return $this->givePermissionTo($permissions);
    }

    /**
     * Revoke the given permission.
     *
     * @param string|array|Permission|\Illuminate\Support\Collection $permissions
     *
     * @return $this
     * @throws \Maklad\Permission\Exceptions\GuardDoesNotMatch
     */
    public function revokePermissionTo(...$permissions)

    {
        collect($permissions)
            ->flatten()
            ->map(function ($permission) {
                $permission = $this->getStoredPermission($permission);
                $this->permissions()->detach($permission);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

                return $permission;
            });

        $this->forgetCachedPermissions();

        return $this;
    }

    /**
     * @param string|Permission $permission
     *
     * @return Permission
     */
    protected function getStoredPermission($permission): Permission
    {
        if (\is_string($permission)) {
            return \app(Permission::class)->findByName($permission, $this->getDefaultGuardName());
        }

        return $permission;
    }

    /**
     * @param Model $roleOrPermission
     *
     * @throws GuardDoesNotMatch
     */
    protected function ensureModelSharesGuard(Model $roleOrPermission)
    {
        if (! $this->getGuardNames()->contains($roleOrPermission->guard_name)) {
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            $expected = $this->getGuardNames();
            $given    = $roleOrPermission->guard_name;
            $helpers  = new Helpers();

            throw new GuardDoesNotMatch($helpers->getGuardDoesNotMatchMessage($expected, $given));
        }
    }

    protected function getGuardNames(): Collection
    {
        if ($this->guard_name) {
            return collect($this->guard_name);
class MyClass { }

$x = new MyClass();
$x->foo = true;
        }

        return collect(config('auth.guards'))
            ->map(function ($guard) {
                return config("auth.providers.{$guard['provider']}.model");
            })
            ->filter(function ($model) {
                return \get_class($this) === $model;
            })
            ->keys();
    }

    protected function getDefaultGuardName(): string
    {
        $default = config('auth.defaults.guard');

        return $this->getGuardNames()->first() ?: $default;
    }

    /**
     * Forget the cached permissions.
     */
    public function forgetCachedPermissions()
    {
        app(PermissionRegistrar::class)->forgetCachedPermissions();
    }

    /**
     * Convert to Permission Models
     *
     * @param string|array|Collection $permissions
     *
     * @return Collection
     */
    private function convertToPermissionModels($permissions): Collection

    {
        if (\is_array($permissions)) {
            $permissions = collect($permissions);
        }

        if (! $permissions instanceof Collection) {
            $permissions = collect([$permissions]);
        }

        $permissions = $permissions->map(function ($permission) {
            return $this->getStoredPermission($permission);
        });

        return $permissions;
    }
}


1			<?php
2			declare(strict_types=1);
3
4			namespace Maklad\Permission\Traits;
5
6			use Illuminate\Support\Collection;
7			use Jenssegers\Mongodb\Eloquent\Model;
8			use Jenssegers\Mongodb\Relations\BelongsToMany;
9			use Maklad\Permission\Contracts\PermissionInterface as Permission;
10			use Maklad\Permission\Exceptions\GuardDoesNotMatch;
11			use Maklad\Permission\Helpers;
12			use Maklad\Permission\PermissionRegistrar;
13
14			/**
15			* Trait HasPermissions
16			* @package Maklad\Permission\Traits
17			*/
18			trait HasPermissions
19			{
20			/**
21			* A role may be given various permissions.
22			* @return BelongsToMany
23			*/
24	29		public function permissions(): BelongsToMany
25			{
26	29		return $this->belongsToMany(
			0 ignored issues – show Bug introduced 2018-02-17 19:48 UTC by Report Bug Copy Issue Report It seems like `belongsToMany()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
27	29		config('permission.models.permission'),
28	29		config('permission.collection_names.role_has_permissions')
29			);
30			}
31
32			/**
33			* A role belongs to some users of the model associated with its guard.
34			*/
35	2		public function users(): BelongsToMany
36			{
37	2		return $this->belongsToMany($this->helpers->getModelForGuard($this->attributes['guard_name']));
			0 ignored issues – show Bug introduced 2018-02-17 19:48 UTC by Report Bug Copy Issue Report The property `helpers` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history... Bug introduced 2018-02-17 19:48 UTC by Report Bug Copy Issue Report The property `attributes` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history... Bug introduced 2018-02-17 19:48 UTC by Report Bug Copy Issue Report It seems like `belongsToMany()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history... Security Code Execution introduced 2018-02-17 19:48 UTC by Report Bug Copy Issue Report `$this->helpers->getModel...tributes['guard_name'])` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 9 paths for user data to reach this point 1. Path: `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in ServerBag.php on line 62 `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in vendor/ServerBag.php on line 62 ParameterBag::$parameters is assigned in vendor/ServerBag.php on line 77 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Traits/HasPermissions.php on line 37 2. Path: Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in Request.php on line 314 Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$request` is passed to Request::__construct() in vendor/Request.php on line 2056 `$request` is passed to Request::initialize() in vendor/Request.php on line 255 `$request` is passed to ParameterBag::__construct() in vendor/Request.php on line 273 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Traits/HasPermissions.php on line 37 3. Path: Read from `$_SERVER,` and `$server` is assigned in Request.php on line 304 Read from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 304 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Traits/HasPermissions.php on line 37 4. Path: Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in Request.php on line 307 Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 307 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Traits/HasPermissions.php on line 37 5. Path: Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in Request.php on line 310 Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 310 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Traits/HasPermissions.php on line 37 6. Path: `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in Request.php on line 380 `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in vendor/Request.php on line 380 `$server` is assigned in vendor/Request.php on line 428 `$server` is assigned in vendor/Request.php on line 429 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 431 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Traits/HasPermissions.php on line 37 7. Path: `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 43 `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 43 `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `$values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 142 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 145 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1819 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1850 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Traits/HasPermissions.php on line 37 8. Path: `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 44 `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `$values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 142 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 145 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1819 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1850 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Traits/HasPermissions.php on line 37 9. Path: Read from `$_SERVER,` and `$server` is assigned in src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Read from `$_SERVER,` and `$server` is assigned in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Data is passed through array_replace() in vendor/Request.php on line 357 Data is passed through call_user_func() in vendor/Request.php on line 2047 `\Illuminate\Http\Request::create($uri, 'GET', array(), array(), array(), $server)` is passed to Container::instance() in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 31 Container::$instances is assigned in vendor/src/Illuminate/Container/Container.php on line 379 Tainted property Container::$instances is read in vendor/src/Illuminate/Container/Container.php on line 620 Container::resolve() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 586 Container::make() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 1195 Container::offsetGet() returns tainted data, and `$table` is assigned in vendor/src/Illuminate/Session/SessionManager.php on line 73 `$table` is passed to DatabaseSessionHandler::__construct() in vendor/src/Illuminate/Session/SessionManager.php on line 78 DatabaseSessionHandler::$table is assigned in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 64 Tainted property DatabaseSessionHandler::$table is read, and `$this->table` is passed to Connection::table() in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 279 `$table` is passed to Builder::from() in vendor/src/Illuminate/Database/Connection.php on line 265 Builder::$from is assigned in vendor/src/Illuminate/Database/Query/Builder.php on line 327 Tainted property Builder::$from is read, and `$query->from` is passed to Grammar::wrapTable() in vendor/src/Illuminate/Database/Query/Grammars/Grammar.php on line 783 `$this->tablePrefix . $table` is passed to Grammar::wrap() in vendor/src/Illuminate/Database/Grammar.php on line 36 `$value` is passed through explode(), and `explode('.', $value)` is passed to Grammar::wrapSegments() in vendor/src/Illuminate/Database/Grammar.php on line 62 `$segments` is passed to collect() in vendor/src/Illuminate/Database/Grammar.php on line 96 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Traits/HasPermissions.php on line 37 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
38			}
39
40			/**
41			* Grant the given permission(s) to a role.
42			*
43			* @param string\|array\|Permission\|\Illuminate\Support\Collection $permissions
44			*
45			* @return $this
46			* @throws GuardDoesNotMatch
47			*/
48	46	View Code Duplication	public function givePermissionTo(...$permissions)
			0 ignored issues – show Duplication introduced 2017-09-01 16:34 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
49			{
50	46		$permissions = collect($permissions)
51	46		->flatten()
52	46		->map(function ($permission) {
53	44		return $this->getStoredPermission($permission);
54	46		})
55	44		->each(function ($permission) {
56	42		$this->ensureModelSharesGuard($permission);
57	44		})
58	41		->all();
59
60	41		$this->permissions()->saveMany($permissions);
61
62	41		$this->forgetCachedPermissions();
63
64	41		return $this;
65			}
66
67			/**
68			* Remove all current permissions and set the given ones.
69			*
70			* @param string\|array\|Permission\|\Illuminate\Support\Collection $permissions
71			*
72			* @return $this
73			* @throws GuardDoesNotMatch
74			*/
75	4		public function syncPermissions(...$permissions)
76			{
77	4		$this->permissions()->sync([]);
78
79	4		return $this->givePermissionTo($permissions);
80			}
81
82			/**
83			* Revoke the given permission.
84			*
85			* @param string\|array\|Permission\|\Illuminate\Support\Collection $permissions
86			*
87			* @return $this
88			* @throws \Maklad\Permission\Exceptions\GuardDoesNotMatch
89			*/
90	6	View Code Duplication	public function revokePermissionTo(...$permissions)
			0 ignored issues – show Duplication introduced 2018-01-25 08:18 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
91			{
92	6		collect($permissions)
93	6		->flatten()
94	6		->map(function ($permission) {
95	6		$permission = $this->getStoredPermission($permission);
96	6		$this->permissions()->detach($permission);
			0 ignored issues – show Documentation introduced 2018-02-17 19:48 UTC by Report Bug Copy Issue Report `$permission` is of type `object<Maklad\Permission...ts\PermissionInterface>`, but the function expects a `array`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
97
98	6		return $permission;
99	6		});
100
101	6		$this->forgetCachedPermissions();
102
103	6		return $this;
104			}
105
106			/**
107			* @param string\|Permission $permission
108			*
109			* @return Permission
110			*/
111	45		protected function getStoredPermission($permission): Permission
112			{
113	45		if (\is_string($permission)) {
114	32		return \app(Permission::class)->findByName($permission, $this->getDefaultGuardName());
115			}
116
117	16		return $permission;
118			}
119
120			/**
121			* @param Model $roleOrPermission
122			*
123			* @throws GuardDoesNotMatch
124			*/
125	81		protected function ensureModelSharesGuard(Model $roleOrPermission)
126			{
127	81	View Code Duplication	if (! $this->getGuardNames()->contains($roleOrPermission->guard_name)) {
			0 ignored issues – show Security Code Execution introduced 2018-01-01 08:08 UTC by Report Bug Copy Issue Report `$roleOrPermission->guard_name` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 9 paths for user data to reach this point 1. Path: `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in ServerBag.php on line 62 `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in vendor/ServerBag.php on line 62 ParameterBag::$parameters is assigned in vendor/ServerBag.php on line 77 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 113 Collection::all() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 134 InteractsWithPivotTable::formatRecordsList() returns tainted data, and `$records` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 96 `$records` is passed to InteractsWithPivotTable::attachNew() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 112 `$attributes` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 155 `$attributes` is passed to InteractsWithPivotTable::updateExistingPivot() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 169 `$attributes` is passed to InteractsWithPivotTable::castAttributes() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 192 `$attributes` is passed to Model::fill() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 514 `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Model.php on line 223 `$value` is passed to HasAttributes::setAttribute() in vendor/src/Illuminate/Database/Eloquent/Model.php on line 230 HasAttributes::$attributes is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 546 Tainted property HasAttributes::$attributes is read in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 370 HasAttributes::getAttributeFromArray() returns tainted data, and `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 334 HasAttributes::getAttributeValue() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 313 HasAttributes::getAttribute() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Model.php on line 1375 Model::__get() returns tainted data in src/Traits/HasPermissions.php on line 127 2. Path: Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in Request.php on line 314 Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$request` is passed to Request::__construct() in vendor/Request.php on line 2056 `$request` is passed to Request::initialize() in vendor/Request.php on line 255 `$request` is passed to ParameterBag::__construct() in vendor/Request.php on line 273 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 113 Collection::all() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 134 InteractsWithPivotTable::formatRecordsList() returns tainted data, and `$records` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 96 `$records` is passed to InteractsWithPivotTable::attachNew() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 112 `$attributes` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 155 `$attributes` is passed to InteractsWithPivotTable::updateExistingPivot() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 169 `$attributes` is passed to InteractsWithPivotTable::castAttributes() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 192 `$attributes` is passed to Model::fill() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 514 `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Model.php on line 223 `$value` is passed to HasAttributes::setAttribute() in vendor/src/Illuminate/Database/Eloquent/Model.php on line 230 HasAttributes::$attributes is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 546 Tainted property HasAttributes::$attributes is read in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 370 HasAttributes::getAttributeFromArray() returns tainted data, and `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 334 HasAttributes::getAttributeValue() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 313 HasAttributes::getAttribute() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Model.php on line 1375 Model::__get() returns tainted data in src/Traits/HasPermissions.php on line 127 3. Path: Read from `$_SERVER,` and `$server` is assigned in Request.php on line 304 Read from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 304 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 113 Collection::all() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 134 InteractsWithPivotTable::formatRecordsList() returns tainted data, and `$records` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 96 `$records` is passed to InteractsWithPivotTable::attachNew() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 112 `$attributes` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 155 `$attributes` is passed to InteractsWithPivotTable::updateExistingPivot() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 169 `$attributes` is passed to InteractsWithPivotTable::castAttributes() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 192 `$attributes` is passed to Model::fill() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 514 `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Model.php on line 223 `$value` is passed to HasAttributes::setAttribute() in vendor/src/Illuminate/Database/Eloquent/Model.php on line 230 HasAttributes::$attributes is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 546 Tainted property HasAttributes::$attributes is read in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 370 HasAttributes::getAttributeFromArray() returns tainted data, and `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 334 HasAttributes::getAttributeValue() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 313 HasAttributes::getAttribute() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Model.php on line 1375 Model::__get() returns tainted data in src/Traits/HasPermissions.php on line 127 4. Path: Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in Request.php on line 307 Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 307 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 113 Collection::all() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 134 InteractsWithPivotTable::formatRecordsList() returns tainted data, and `$records` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 96 `$records` is passed to InteractsWithPivotTable::attachNew() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 112 `$attributes` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 155 `$attributes` is passed to InteractsWithPivotTable::updateExistingPivot() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 169 `$attributes` is passed to InteractsWithPivotTable::castAttributes() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 192 `$attributes` is passed to Model::fill() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 514 `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Model.php on line 223 `$value` is passed to HasAttributes::setAttribute() in vendor/src/Illuminate/Database/Eloquent/Model.php on line 230 HasAttributes::$attributes is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 546 Tainted property HasAttributes::$attributes is read in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 370 HasAttributes::getAttributeFromArray() returns tainted data, and `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 334 HasAttributes::getAttributeValue() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 313 HasAttributes::getAttribute() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Model.php on line 1375 Model::__get() returns tainted data in src/Traits/HasPermissions.php on line 127 5. Path: Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in Request.php on line 310 Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 310 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 113 Collection::all() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 134 InteractsWithPivotTable::formatRecordsList() returns tainted data, and `$records` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 96 `$records` is passed to InteractsWithPivotTable::attachNew() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 112 `$attributes` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 155 `$attributes` is passed to InteractsWithPivotTable::updateExistingPivot() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 169 `$attributes` is passed to InteractsWithPivotTable::castAttributes() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 192 `$attributes` is passed to Model::fill() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 514 `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Model.php on line 223 `$value` is passed to HasAttributes::setAttribute() in vendor/src/Illuminate/Database/Eloquent/Model.php on line 230 HasAttributes::$attributes is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 546 Tainted property HasAttributes::$attributes is read in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 370 HasAttributes::getAttributeFromArray() returns tainted data, and `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 334 HasAttributes::getAttributeValue() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 313 HasAttributes::getAttribute() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Model.php on line 1375 Model::__get() returns tainted data in src/Traits/HasPermissions.php on line 127 6. Path: `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in Request.php on line 380 `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in vendor/Request.php on line 380 `$server` is assigned in vendor/Request.php on line 428 `$server` is assigned in vendor/Request.php on line 429 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 431 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 113 Collection::all() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 134 InteractsWithPivotTable::formatRecordsList() returns tainted data, and `$records` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 96 `$records` is passed to InteractsWithPivotTable::attachNew() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 112 `$attributes` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 155 `$attributes` is passed to InteractsWithPivotTable::updateExistingPivot() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 169 `$attributes` is passed to InteractsWithPivotTable::castAttributes() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 192 `$attributes` is passed to Model::fill() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 514 `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Model.php on line 223 `$value` is passed to HasAttributes::setAttribute() in vendor/src/Illuminate/Database/Eloquent/Model.php on line 230 HasAttributes::$attributes is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 546 Tainted property HasAttributes::$attributes is read in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 370 HasAttributes::getAttributeFromArray() returns tainted data, and `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 334 HasAttributes::getAttributeValue() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 313 HasAttributes::getAttribute() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Model.php on line 1375 Model::__get() returns tainted data in src/Traits/HasPermissions.php on line 127 7. Path: `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 43 `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 43 `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `$values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 142 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 145 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1819 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1850 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 113 Collection::all() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 134 InteractsWithPivotTable::formatRecordsList() returns tainted data, and `$records` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 96 `$records` is passed to InteractsWithPivotTable::attachNew() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 112 `$attributes` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 155 `$attributes` is passed to InteractsWithPivotTable::updateExistingPivot() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 169 `$attributes` is passed to InteractsWithPivotTable::castAttributes() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 192 `$attributes` is passed to Model::fill() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 514 `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Model.php on line 223 `$value` is passed to HasAttributes::setAttribute() in vendor/src/Illuminate/Database/Eloquent/Model.php on line 230 HasAttributes::$attributes is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 546 Tainted property HasAttributes::$attributes is read in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 370 HasAttributes::getAttributeFromArray() returns tainted data, and `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 334 HasAttributes::getAttributeValue() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 313 HasAttributes::getAttribute() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Model.php on line 1375 Model::__get() returns tainted data in src/Traits/HasPermissions.php on line 127 8. Path: `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 44 `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `$values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 142 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 145 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1819 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1850 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 113 Collection::all() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 134 InteractsWithPivotTable::formatRecordsList() returns tainted data, and `$records` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 96 `$records` is passed to InteractsWithPivotTable::attachNew() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 112 `$attributes` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 155 `$attributes` is passed to InteractsWithPivotTable::updateExistingPivot() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 169 `$attributes` is passed to InteractsWithPivotTable::castAttributes() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 192 `$attributes` is passed to Model::fill() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 514 `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Model.php on line 223 `$value` is passed to HasAttributes::setAttribute() in vendor/src/Illuminate/Database/Eloquent/Model.php on line 230 HasAttributes::$attributes is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 546 Tainted property HasAttributes::$attributes is read in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 370 HasAttributes::getAttributeFromArray() returns tainted data, and `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 334 HasAttributes::getAttributeValue() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 313 HasAttributes::getAttribute() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Model.php on line 1375 Model::__get() returns tainted data in src/Traits/HasPermissions.php on line 127 9. Path: Read from `$_SERVER,` and `$server` is assigned in src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Read from `$_SERVER,` and `$server` is assigned in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Data is passed through array_replace() in vendor/Request.php on line 357 Data is passed through call_user_func() in vendor/Request.php on line 2047 `\Illuminate\Http\Request::create($uri, 'GET', array(), array(), array(), $server)` is passed to Container::instance() in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 31 Container::$instances is assigned in vendor/src/Illuminate/Container/Container.php on line 379 Tainted property Container::$instances is read in vendor/src/Illuminate/Container/Container.php on line 620 Container::resolve() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 586 Container::make() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 1195 Container::offsetGet() returns tainted data, and `$table` is assigned in vendor/src/Illuminate/Session/SessionManager.php on line 73 `$table` is passed to DatabaseSessionHandler::__construct() in vendor/src/Illuminate/Session/SessionManager.php on line 78 DatabaseSessionHandler::$table is assigned in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 64 Tainted property DatabaseSessionHandler::$table is read, and `$this->table` is passed to Connection::table() in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 279 `$table` is passed to Builder::from() in vendor/src/Illuminate/Database/Connection.php on line 265 Builder::$from is assigned in vendor/src/Illuminate/Database/Query/Builder.php on line 327 Tainted property Builder::$from is read, and `$query->from` is passed to Grammar::wrapTable() in vendor/src/Illuminate/Database/Query/Grammars/Grammar.php on line 783 `$this->tablePrefix . $table` is passed to Grammar::wrap() in vendor/src/Illuminate/Database/Grammar.php on line 36 `$value` is passed through explode(), and `explode('.', $value)` is passed to Grammar::wrapSegments() in vendor/src/Illuminate/Database/Grammar.php on line 62 `$segments` is passed to collect() in vendor/src/Illuminate/Database/Grammar.php on line 96 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 113 Collection::all() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 134 InteractsWithPivotTable::formatRecordsList() returns tainted data, and `$records` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 96 `$records` is passed to InteractsWithPivotTable::attachNew() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 112 `$attributes` is assigned in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 155 `$attributes` is passed to InteractsWithPivotTable::updateExistingPivot() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 169 `$attributes` is passed to InteractsWithPivotTable::castAttributes() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 192 `$attributes` is passed to Model::fill() in vendor/src/Illuminate/Database/Eloquent/Relations/Concerns/InteractsWithPivotTable.php on line 514 `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Model.php on line 223 `$value` is passed to HasAttributes::setAttribute() in vendor/src/Illuminate/Database/Eloquent/Model.php on line 230 HasAttributes::$attributes is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 546 Tainted property HasAttributes::$attributes is read in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 370 HasAttributes::getAttributeFromArray() returns tainted data, and `$value` is assigned in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 334 HasAttributes::getAttributeValue() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Concerns/HasAttributes.php on line 313 HasAttributes::getAttribute() returns tainted data in vendor/src/Illuminate/Database/Eloquent/Model.php on line 1375 Model::__get() returns tainted data in src/Traits/HasPermissions.php on line 127 Used in code-execution context Collection::contains() uses Collection::first() ($callback) in vendor/src/Illuminate/Support/Collection.php on line 223 Collection::first() uses Arr::first() ($callback) in vendor/src/Illuminate/Support/Collection.php on line 584 Arr::first() uses call_user_func() ($callback) in vendor/src/Illuminate/Support/Arr.php on line 175 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history... Duplication introduced 2017-09-06 20:24 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
128	5		$expected = $this->getGuardNames();
129	5		$given = $roleOrPermission->guard_name;
130	5		$helpers = new Helpers();
131
132	5		throw new GuardDoesNotMatch($helpers->getGuardDoesNotMatchMessage($expected, $given));
133			}
134	77		}
135
136	95		protected function getGuardNames(): Collection
137			{
138	95		if ($this->guard_name) {
139	33		return collect($this->guard_name);
			0 ignored issues – show Bug introduced 2017-09-01 16:42 UTC by Report Bug Copy Issue Report The property `guard_name` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
140			}
141
142	73		return collect(config('auth.guards'))
143	73		->map(function ($guard) {
144	73		return config("auth.providers.{$guard['provider']}.model");
145	73		})
146	73		->filter(function ($model) {
147	73		return \get_class($this) === $model;
148	73		})
149	73		->keys();
150			}
151
152	75		protected function getDefaultGuardName(): string
153			{
154	75		$default = config('auth.defaults.guard');
155
156	75		return $this->getGuardNames()->first() ?: $default;
157			}
158
159			/**
160			* Forget the cached permissions.
161			*/
162	78		public function forgetCachedPermissions()
163			{
164	78		app(PermissionRegistrar::class)->forgetCachedPermissions();
165	78		}
166
167			/**
168			* Convert to Permission Models
169			*
170			* @param string\|array\|Collection $permissions
171			*
172			* @return Collection
173			*/
174	7	View Code Duplication	private function convertToPermissionModels($permissions): Collection
			0 ignored issues – show Duplication introduced 2017-09-10 10:42 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
175			{
176	7		if (\is_array($permissions)) {
177	3		$permissions = collect($permissions);
178			}
179
180	7		if (! $permissions instanceof Collection) {
181	5		$permissions = collect([$permissions]);
182			}
183
184	7		$permissions = $permissions->map(function ($permission) {
185	7		return $this->getStoredPermission($permission);
186	7		});
187
188	6		return $permissions;
189			}
190			}
191

mostafamaklad / laravel-permission-mongodb

Push — master ( 068002...f8d99a )

HasPermissions::users() A

Complexity

Size

Duplication

Code Coverage

Importance

9 paths for user data to reach this point

General Strategies to prevent injection

9 paths for user data to reach this point

Used in code-execution context

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like