Issues in ApprovalRO.jsx (master) - Issues in master - silverstripe/deploynaut - Measure and Improve Code Quality continuously with Scrutinizer

Issues (524)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

js/containers/ApprovalRO.jsx (7 issues)

Labels

Coding Style 4

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

const React = require("react");
const ReactRedux = require('react-redux');

const TextArea = require('../components/TextArea.jsx');
const ApproveRequest = require('./buttons/ApproveRequest.jsx');
const RejectRequest = require('./buttons/RejectRequest.jsx');
const Bypass = require('./buttons/Bypass.jsx');
const StatusBox = require('../components/StatusBox.jsx');
const LoadingBar = require('../components/LoadingBar.jsx');

const actions = require('../_actions.js');
const constants = require('../constants/deployment.js');

function getStateTitle(approvalState) {
	switch (approvalState) {
		case constants.APPROVAL_SUBMITTED:
			return 'Pending review by:';
		case constants.APPROVAL_REJECTED:
			return 'Rejected by:';
		case constants.APPROVAL_APPROVED:
			return 'Approved by:';
		case constants.APPROVAL_BYPASSED:
			return 'Approval has been bypassed';
		default:
			return '';
	}
}

function getStateDescription(approvalState) {
	switch (approvalState) {
		case constants.APPROVAL_SUBMITTED:
			return 'Send a request to deploy this release, once approved team members will have the ability to deploy this release. Only one request for approval can be sent at a time, although approval can also be granted by others with the same permission.';

		case constants.APPROVAL_REJECTED:
			return 'This deployment has been rejected.';
		case constants.APPROVAL_BYPASSED:
		case constants.APPROVAL_APPROVED:
			return 'Once approved team members will have the ability to deploy this release. Only one request for approval can be sent at a time, although approval can also be granted by others with the same permissions. e.g. Release managers.';

		default:
			return '';
	}
}

const ApprovalRO = React.createClass({

	getInitialState: function() {
		return {
			rejected_reason_open: this.props.approval_state === constants.APPROVAL_REJECTED
		};
	},

	getRemoveAction: function() {
		if (this.state.rejected_reason_open) {
			return null;
		}
		let extraClasses = "";
		if (this.props.approval_is_loading) {
			extraClasses = ' disabled';
		}
		const icon = this.props.approval_cancel_is_loading ? "fa fa-refresh fa-spin" : "fa fa-times-circle";
		const text = this.props.approval_cancel_is_loading ? 'Removing' : 'Remove';


		return (
			<a
				href={"javascript:void(0);"}

				className={"approval-action btn btn-link pull-right" + extraClasses}
				onClick={this.props.onCancel}
			>
				<i className={icon}></i>{text}
			</a>
		);
	},

	getRejectShowReasonAction: function() {
		return (
			<a href={"javascript:void(0);"} className="btn btn-wide btn-link" onClick={this.toggleRejectOpen}>

				Reject
			</a>
		);
	},

	getRejectHideReasonAction: function() {
		let extraClasses = "";
		// disabled mode, some other approval action is currently loading
		if (this.props.approval_is_loading) {
			extraClasses = ' disabled';
		}
		return (
			<a href={"javascript:void(0);"} className={"btn btn-wide btn-link" + extraClasses} onClick={this.toggleRejectOpen}>

				Cancel
			</a>
		);
	},

	toggleRejectOpen: function() {
		this.setState({
			rejected_reason_open: !this.state.rejected_reason_open
		});
	},

	render: function() {
		const props = this.props;

		let error = null;
		if (props.error) {
			error = (
				<div className="alert alert-danger">
					<div className="">
						{props.error}
					</div>
				</div>
			);
		}

		const stateTitle = getStateTitle(props.approval_state);
		const approver_name = props.approver ? props.approver.name : '';
		const approver_role = props.approver ? props.approver.role : '';

		let date = '';
		if (props.date_approved_nice) {
			date = props.date_approved_nice;
		} else if (props.date_requested_nice) {
			date = props.date_requested_nice;
		}

		let removeAction = null;
		let rejectAction = null;
		let rejectCancel = null;
		if (props.can_approve && props.approval_state === constants.APPROVAL_SUBMITTED) {
			removeAction = this.getRemoveAction();
			rejectAction = this.getRejectShowReasonAction();
			rejectCancel = this.getRejectHideReasonAction();
		}

		let mainActions = null;
		// if the reject input isn't triggered we show these actions
		if (!this.state.rejected_reason_open) {
			mainActions = (
				<div>
					<ApproveRequest /> {rejectAction}
				</div>
			);
		}

		return (
			<div className="section approval">
				<header id="2">Approval</header>
				<p>
					{getStateDescription(props.approval_state)}
				</p>
				<StatusBox type={props.approval_state}>
					<div>
						{removeAction}
						<div className={"state " + props.approval_state}>
							{stateTitle}
						</div>
					</div>
					<div>{approver_name} <small className="text-uppercase">{approver_role}</small> <small>{date}</small></div>

				</StatusBox>
				<LoadingBar show={props.is_loading} />
				{mainActions}
				<div className={this.state.rejected_reason_open ? "" : "hide"}>
					<label htmlFor="rejected_reason">Provide a reason why the deployment has been rejected</label>
					<TextArea
						id="rejected_reason"
						value={props.rejected_reason}
						rows="5"
						onChange={props.onRejectReasonChange}
						disabled={props.approval_state === constants.APPROVAL_REJECTED}
					/>
					<RejectRequest />
					{rejectCancel}
				</div>
				<div>
					<Bypass />
				</div>
				{error}
			</div>
		);
	}

});

const mapStateToProps = function(state) {
	const current = state.deployment.list[state.deployment.current_id] || {};
	const approver = state.environment.approvers[current.approver_id];

	return {
		approval_state: constants.getApprovalState(current.state, approver),
		approval_is_loading: state.approval.is_loading,
		approval_cancel_is_loading: state.approval.cancel_is_loading,
		date_requested_nice: current.date_requested_nice,
		date_approved_nice: current.date_approved_nice,
		approver: approver,
		can_approve: state.user.can_approve,
		rejected_reason: current.rejected_reason,
		error: state.approval.error,
		is_loading: state.deployment.is_loading
	};
};

const mapDispatchToProps = function(dispatch) {
	return {
		onApproverSelect: function(id) {
			dispatch(actions.setApprover(id));
		},
		onCancel: function() {
			dispatch(actions.cancelApprovalRequest());
		},
		onRejectReasonChange: function(e) {
			dispatch(actions.setRejectReason(e.target.value));
		}
	};
};

module.exports = ReactRedux.connect(mapStateToProps, mapDispatchToProps)(ApprovalRO);


1			const React = require("react");
2			const ReactRedux = require('react-redux');
3
4			const TextArea = require('../components/TextArea.jsx');
5			const ApproveRequest = require('./buttons/ApproveRequest.jsx');
6			const RejectRequest = require('./buttons/RejectRequest.jsx');
7			const Bypass = require('./buttons/Bypass.jsx');
8			const StatusBox = require('../components/StatusBox.jsx');
9			const LoadingBar = require('../components/LoadingBar.jsx');
10
11			const actions = require('../_actions.js');
12			const constants = require('../constants/deployment.js');
13
14			function getStateTitle(approvalState) {
15			switch (approvalState) {
16			case constants.APPROVAL_SUBMITTED:
17			return 'Pending review by:';
18			case constants.APPROVAL_REJECTED:
19			return 'Rejected by:';
20			case constants.APPROVAL_APPROVED:
21			return 'Approved by:';
22			case constants.APPROVAL_BYPASSED:
23			return 'Approval has been bypassed';
24			default:
25			return '';
26			}
27			}
28
29			function getStateDescription(approvalState) {
30			switch (approvalState) {
31			case constants.APPROVAL_SUBMITTED:
32			return 'Send a request to deploy this release, once approved team members will have the ability to deploy this release. Only one request for approval can be sent at a time, although approval can also be granted by others with the same permission.';
			0 ignored issues – show Coding Style introduced 2016-11-08 02:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this This line exceeds the maximum configured line length of 120. Loading history...
33			case constants.APPROVAL_REJECTED:
34			return 'This deployment has been rejected.';
35			case constants.APPROVAL_BYPASSED:
36			case constants.APPROVAL_APPROVED:
37			return 'Once approved team members will have the ability to deploy this release. Only one request for approval can be sent at a time, although approval can also be granted by others with the same permissions. e.g. Release managers.';
			0 ignored issues – show Coding Style introduced 2016-11-04 02:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this This line exceeds the maximum configured line length of 120. Loading history...
38			default:
39			return '';
40			}
41			}
42
43			const ApprovalRO = React.createClass({
44
45			getInitialState: function() {
46			return {
47			rejected_reason_open: this.props.approval_state === constants.APPROVAL_REJECTED
48			};
49			},
50
51			getRemoveAction: function() {
52			if (this.state.rejected_reason_open) {
53			return null;
54			}
55			let extraClasses = "";
56			if (this.props.approval_is_loading) {
57			extraClasses = ' disabled';
58			}
59			const icon = this.props.approval_cancel_is_loading ? "fa fa-refresh fa-spin" : "fa fa-times-circle";
60			const text = this.props.approval_cancel_is_loading ? 'Removing' : 'Remove';
61
62
63			return (
64			<a
65			href={"javascript:void(0);"}
			0 ignored issues – show introduced 2016-11-20 23:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this Script URL is a form of eval. Loading history...
66			className={"approval-action btn btn-link pull-right" + extraClasses}
67			onClick={this.props.onCancel}
68			>
69			<i className={icon}></i>{text}
70			</a>
71			);
72			},
73
74			getRejectShowReasonAction: function() {
75			return (
76			<a href={"javascript:void(0);"} className="btn btn-wide btn-link" onClick={this.toggleRejectOpen}>
			0 ignored issues – show introduced 2016-11-07 04:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this Script URL is a form of eval. Loading history...
77			Reject
78			</a>
79			);
80			},
81
82			getRejectHideReasonAction: function() {
83			let extraClasses = "";
84			// disabled mode, some other approval action is currently loading
85			if (this.props.approval_is_loading) {
86			extraClasses = ' disabled';
87			}
88			return (
89			<a href={"javascript:void(0);"} className={"btn btn-wide btn-link" + extraClasses} onClick={this.toggleRejectOpen}>
			0 ignored issues – show Coding Style introduced 2016-11-20 23:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this This line exceeds the maximum configured line length of 120. Loading history... introduced 2016-11-07 03:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this Script URL is a form of eval. Loading history...
90			Cancel
91			</a>
92			);
93			},
94
95			toggleRejectOpen: function() {
96			this.setState({
97			rejected_reason_open: !this.state.rejected_reason_open
98			});
99			},
100
101			render: function() {
102			const props = this.props;
103
104			let error = null;
105			if (props.error) {
106			error = (
107			<div className="alert alert-danger">
108			<div className="">
109			{props.error}
110			</div>
111			</div>
112			);
113			}
114
115			const stateTitle = getStateTitle(props.approval_state);
116			const approver_name = props.approver ? props.approver.name : '';
117			const approver_role = props.approver ? props.approver.role : '';
118
119			let date = '';
120			if (props.date_approved_nice) {
121			date = props.date_approved_nice;
122			} else if (props.date_requested_nice) {
123			date = props.date_requested_nice;
124			}
125
126			let removeAction = null;
127			let rejectAction = null;
128			let rejectCancel = null;
129			if (props.can_approve && props.approval_state === constants.APPROVAL_SUBMITTED) {
130			removeAction = this.getRemoveAction();
131			rejectAction = this.getRejectShowReasonAction();
132			rejectCancel = this.getRejectHideReasonAction();
133			}
134
135			let mainActions = null;
136			// if the reject input isn't triggered we show these actions
137			if (!this.state.rejected_reason_open) {
138			mainActions = (
139			<div>
140			<ApproveRequest /> {rejectAction}
141			</div>
142			);
143			}
144
145			return (
146			<div className="section approval">
147			<header id="2">Approval</header>
148			<p>
149			{getStateDescription(props.approval_state)}
150			</p>
151			<StatusBox type={props.approval_state}>
152			<div>
153			{removeAction}
154			<div className={"state " + props.approval_state}>
155			{stateTitle}
156			</div>
157			</div>
158			<div>{approver_name} <small className="text-uppercase">{approver_role}</small> <small>{date}</small></div>
			0 ignored issues – show Coding Style introduced 2016-11-07 04:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this This line exceeds the maximum configured line length of 120. Loading history...
159			</StatusBox>
160			<LoadingBar show={props.is_loading} />
161			{mainActions}
162			<div className={this.state.rejected_reason_open ? "" : "hide"}>
163			<label htmlFor="rejected_reason">Provide a reason why the deployment has been rejected</label>
164			<TextArea
165			id="rejected_reason"
166			value={props.rejected_reason}
167			rows="5"
168			onChange={props.onRejectReasonChange}
169			disabled={props.approval_state === constants.APPROVAL_REJECTED}
170			/>
171			<RejectRequest />
172			{rejectCancel}
173			</div>
174			<div>
175			<Bypass />
176			</div>
177			{error}
178			</div>
179			);
180			}
181
182			});
183
184			const mapStateToProps = function(state) {
185			const current = state.deployment.list[state.deployment.current_id] \|\| {};
186			const approver = state.environment.approvers[current.approver_id];
187
188			return {
189			approval_state: constants.getApprovalState(current.state, approver),
190			approval_is_loading: state.approval.is_loading,
191			approval_cancel_is_loading: state.approval.cancel_is_loading,
192			date_requested_nice: current.date_requested_nice,
193			date_approved_nice: current.date_approved_nice,
194			approver: approver,
195			can_approve: state.user.can_approve,
196			rejected_reason: current.rejected_reason,
197			error: state.approval.error,
198			is_loading: state.deployment.is_loading
199			};
200			};
201
202			const mapDispatchToProps = function(dispatch) {
203			return {
204			onApproverSelect: function(id) {
205			dispatch(actions.setApprover(id));
206			},
207			onCancel: function() {
208			dispatch(actions.cancelApprovalRequest());
209			},
210			onRejectReasonChange: function(e) {
211			dispatch(actions.setRejectReason(e.target.value));
212			}
213			};
214			};
215
216			module.exports = ReactRedux.connect(mapStateToProps, mapDispatchToProps)(ApprovalRO);
217

silverstripe / deploynaut

Issues (524)

Security Analysis not enabled

js/containers/ApprovalRO.jsx (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like