BookStackApp/BookStack

Pattern Findings

298 matches across 6 categories. Click a row to expand file-level details.

Hyper-Verbose Identifiers249 hits · 251 pts

Severity	File	Line	Snippet
LOW	app/Settings/AppSettingsStore.php	88	protected function destroyExistingSettingImage(string $settingKey): void
LOW	app/App/Providers/EventServiceProvider.php	49	protected function configureEmailVerification(): void
LOW	app/Access/LdapService.php	364	protected function extractGroupNamesFromLdapGroupDns(array $groupDNs): array
LOW	app/Access/LdapService.php	429	protected function extractGroupsFromSearchResponseEntry(array $ldapEntry): array
LOW	app/Access/SocialAuthService.php	56	public function handleRegistrationCallback(string $socialDriver, SocialUser $socialUser): SocialUser
LOW	app/Access/LoginService.php	95	protected function getLastLoginAttemptDetails(): array
LOW	app/Access/LoginService.php	118	protected function setLastLoginAttemptedForUser(User $user, string $method, bool $remember): void
LOW	app/Access/LoginService.php	145	public function awaitingEmailConfirmation(User $user): bool
LOW	app/Access/RegistrationService.php	28	public function ensureRegistrationAllowed()
LOW	app/Access/Saml2Service.php	202	protected function loadOneloginServiceProviderDetails(): array
LOW	app/Access/GroupSyncService.php	29	protected function externalIdMatchesGroupNames(string $externalId, array $groupNames): bool
LOW	app/Access/GroupSyncService.php	56	protected function matchGroupsToSystemsRoles(array $groupNames): Collection
LOW	app/Access/SocialDriverManager.php	51	public function isAutoConfirmEmailEnabled(string $driver): bool
LOW	app/Access/SocialDriverManager.php	79	public function getConfigureForRedirectCallback(string $driver): callable
LOW	app/Access/Oidc/OidcProviderSettings.php	114	protected function loadSettingsFromIssuerDiscovery(ClientInterface $httpClient): array
LOW	app/Access/Oidc/OidcService.php	176	protected function processAccessTokenCallback(OidcAccessToken $accessToken, OidcProviderSettings $settings): User
LOW	app/Access/Oidc/OidcJwtWithClaims.php	62	public function validateCommonTokenDetails(string $clientId): bool
LOW	app/Access/Oidc/OidcOAuthProvider.php	50	public function getResourceOwnerDetailsUrl(AccessToken $token): string
LOW	app/Access/Controllers/LoginController.php	166	protected function sendLoginAttemptExceptionResponse(LoginAttemptException $exception, Request $request)
LOW	app/Access/Controllers/LoginController.php	185	protected function updateIntendedFromPrevious(): void
LOW	app/Access/Controllers/HandlesPartialLogins.php	14	protected function currentOrLastAttemptedUser(): User
LOW	app/Access/Guards/LdapSessionGuard.php	108	protected function createNewFromLdapAndCreds(array $ldapUserDetails, array $credentials): User
LOW	app/Util/HtmlContentFilter.php	50	protected function filterOutScriptsFromDocument(HtmlDocument $doc): void
LOW	app/Util/HtmlContentFilter.php	88	protected function filterOutFormElementsFromDocument(HtmlDocument $doc): void
LOW	app/Util/HtmlContentFilter.php	115	protected function filterOutBadHtmlElementsFromDocument(HtmlDocument $doc): void
LOW	app/Util/HtmlContentFilter.php	122	protected function filterOutNonContentElementsFromDocument(HtmlDocument $doc): void
LOW	app/Util/HtmlContentFilter.php	173	public static function removeScriptsFromDocument(HtmlDocument $doc): void
LOW	app/Util/HtmlContentFilter.php	188	public static function removeScriptsFromHtmlString(string $html): string
LOW	app/Util/ConfiguredHtmlPurifier.php	42	protected function createCacheFolderIfNeeded(string $cachePath): void
LOW	app/Util/CspService.php	62	public function allowedIFrameHostsConfigured(): bool
LOW	app/References/ReferenceFetcher.php	35	public function getReferenceCountToEntity(Entity $entity): int
LOW	app/References/CrossLinkParser.php	87	public static function createWithEntityResolvers(): self
LOW	app/References/ReferenceStore.php	76	protected function dropReferencesFromEntities(array $entities): void
LOW	app/References/ReferenceUpdater.php	35	public function changeReferencesUsingContext(ReferenceChangeContext $context): void
LOW	app/References/ReferenceUpdater.php	101	protected function updateReferencesWithinEntity(Entity $entity, string $oldLink, string $newLink): void
LOW	app/References/ReferenceUpdater.php	112	protected function updateReferencesWithinDescription(Entity&HasDescriptionInterface $entity, string $oldLink, string
LOW	app/References/ReferenceUpdater.php	120	protected function updateReferencesWithinPage(Page $page, string $oldLink, string $newLink): void
LOW	app/Activity/Tools/WebhookFormatter.php	71	public function addDefaultModelFormatters(): void
LOW	…ity/Notifications/Handlers/BaseNotificationHandler.php	19	protected function sendNotificationToUserIds(string $notification, array $userIds, User $initiator, string\|Loggable
LOW	…cations/Handlers/CommentMentionNotificationHandler.php	77	protected function getPreviouslyNotifiedUserIds(Comment $comment): array
LOW	app/Uploads/ImageStorage.php	32	public function usingSecureRestrictedImages(): bool
LOW	app/Uploads/ImageStorageDisk.php	100	public function destroyAllMatchingNameFromPath(string $path): void
LOW	app/Uploads/UserAvatars.php	45	public function assignToUserFromExistingData(User $user, string $imageData, string $extension): void
LOW	app/Uploads/UserAvatars.php	123	protected function createAvatarImageFromData(User $user, string $imageData, string $extension): Image
LOW	app/Uploads/AttachmentService.php	21	public function streamAttachmentFromStorage(Attachment $attachment)
LOW	app/Uploads/AttachmentService.php	105	public function updateFileOrderWithinPage(array $attachmentOrder, string $pageId)
LOW	app/Uploads/ImageResizer.php	32	public function loadGalleryThumbnailsForMany(iterable $images, bool $shouldCreate = false): void
LOW	app/Uploads/ImageResizer.php	42	public function loadGalleryThumbnailsForImage(Image $image, bool $shouldCreate): void
LOW	app/Uploads/ImageResizer.php	161	protected function interventionFromImageData(string $imageData, ?string $fileType): InterventionImage
LOW	app/Uploads/ImageResizer.php	195	protected function orientImageToOriginalExif(InterventionImage $image, string $originalData): void
LOW	app/Uploads/FaviconHandler.php	51	public function restoreOriginalIfNotExists(): bool
LOW	app/Uploads/ImageService.php	118	public function replaceExistingFromUpload(string $path, string $type, UploadedFile $file): void
LOW	app/Uploads/ImageService.php	251	public function pathAccessibleInLocalSecure(string $imagePath): bool
LOW	app/Uploads/ImageService.php	314	protected function checkUserHasAccessToRelationOfImageAtPath(string $path): bool
LOW	app/Uploads/ImageService.php	339	protected function checkUserHasAccessToRelationOfImage(Image $image): bool
LOW	app/Uploads/ImageService.php	367	public function streamImageFromStorageResponse(string $imageType, string $path): StreamedResponse
LOW	app/Permissions/JointPermissionBuilder.php	121	protected function buildJointPermissionsForBooks(EloquentCollection $books, array $roles, bool $deleteOld = false):
LOW	app/Permissions/JointPermissionBuilder.php	145	protected function buildJointPermissionsForEntities(array $entities): void
LOW	app/Permissions/JointPermissionBuilder.php	157	protected function deleteManyJointPermissionsForEntities(array $entities): void
LOW	app/Permissions/JointPermissionBuilder.php	195	protected function createManyJointPermissions(array $originalEntities, array $roles): void
189 more matches not shown…

Over-Commented Block23 hits · 23 pts

Severity	File	Line	Snippet
LOW	jest.config.ts	41	// coveragePathIgnorePatterns: [
LOW	jest.config.ts	61
LOW	jest.config.ts	81	__DEV__: true,
LOW	jest.config.ts	121	// A preset that is used as a base for Jest's configuration
LOW	jest.config.ts	141
LOW	jest.config.ts	181	// "/node_modules/"
LOW	jest.config.ts	201	// "/node_modules/",
LOW	app/Config/oidc.php	41	// A false value force-disables RP-Initiated Logout.
LOW	app/Config/app.php	21	// Shows much more verbose error messages. Has potential to show
LOW	app/Config/app.php	41	// This setting is a string of characters which represent different available filters:
LOW	app/Config/app.php	61	// and used by BookStack in URL generation.
LOW	app/Config/app.php	81	// Space separated if multiple. BookStack host domain is auto-inferred, in addition to
LOW	app/Config/session.php	41	// When using the "apc" or "memcached" session drivers, you may specify a
LOW	app/Config/session.php	61	// your application but you are free to change this when necessary.
LOW	app/Config/session.php	81
LOW	app/Config/debugbar.php	21
LOW	app/Config/debugbar.php	121
LOW	app/Config/saml2.php	61	// SAML protocol binding to be used when returning the <Response>
LOW	app/Config/logging.php	21	// messages to the logs. The name specified in this option should match
LOW	app/Activity/Models/Comment.php	41	/**
LOW	resources/js/wysiwyg/ui/defaults/toolbars.ts	201
LOW	resources/js/wysiwyg/lexical/core/LexicalReconciler.ts	721	// We also want to make sure we clear them down, otherwise we
LOW	…xical/core/nodes/__tests__/unit/LexicalTabNode.test.ts	61	invariant($isRangeSelection(selection), 'isRangeSelection(selection)');

Fake / Example Data18 hits · 22 pts

Severity	File	Line	Snippet
LOW	app/Console/Commands/CreateAdminCommand.php	124	$details['email'] = 'admin@example.com';
LOW	tests/Auth/AuthTest.php	114	$this->post('/login', ['email' => 'admin@example.com', 'password' => 'cattreedog']);
LOW	tests/Auth/Saml2Test.php	99	'email' => 'user@example.com',
LOW	tests/Auth/Saml2Test.php	367	$this->assertDatabaseMissing('users', ['email' => 'user@example.com']);
LOW	tests/Auth/Saml2Test.php	406	'email' => 'user@example.com',
LOW	tests/Auth/Saml2Test.php	415	'email' => 'user@example.com',
LOW	tests/Auth/Saml2Test.php	501	* 0 => "user@example.com"
LOW	tests/Entity/PageContentFilteringTest.php	320	'<div>Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p>',
LOW	tests/Entity/PageContentFilteringTest.php	320	'<div>Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">Hello</p>',
LOW	tests/Entity/PageContentFilteringTest.php	321	'<div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div>',
LOW	tests/Entity/PageContentFilteringTest.php	321	'<div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div>',
LOW	tests/Entity/PageContentFilteringTest.php	322	'<div><div><div><div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div></div></di
LOW	tests/Entity/PageContentFilteringTest.php	322	'<div><div><div><div>Lorem ipsum dolor sit amet.<p onclick="console.log(\'test\')">Hello</p></div></div></di
LOW	tests/Entity/PageContentFilteringTest.php	323	'<div onclick="console.log(\'test\')">Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">He
LOW	tests/Entity/PageContentFilteringTest.php	323	'<div onclick="console.log(\'test\')">Lorem ipsum dolor sit amet.</div><p onclick="console.log(\'test\')">He
LOW	tests/Commands/CreateAdminCommandTest.php	207	'email' => 'admin@example.com',
LOW	dev/api/responses/shelves-read.json	70	"description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit.",
LOW	dev/api/responses/shelves-read.json	70	"description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit.",

AI Slop Vocabulary5 hits · 13 pts

Severity	File	Line	Snippet
MEDIUM	app/Config/logging.php	37	// you a variety of powerful log handlers / formatters to utilize.
MEDIUM	resources/js/wysiwyg/lexical/core/LexicalUpdates.ts	252	// We leverage editor._dirtyLeaves to track the new dirty leaves after the transforms
MEDIUM	…iwyg/lexical/core/__tests__/unit/LexicalEditor.test.ts	529	// Add transform makes everything dirty the first time (let's not leverage this here)
MEDIUM	public/libs/tinymce/tinymce.min.js	4	!function(){"use strict";var e=function(e){if(null===e)return"null";if(void 0===e)return"undefined";var t=typeof e;retur
MEDIUM	public/libs/tinymce/tinymce.min.js	4	!function(){"use strict";var e=function(e){if(null===e)return"null";if(void 0===e)return"undefined";var t=typeof e;retur

Hallucination Indicators1 hit · 10 pts

Severity	File	Line	Snippet
CRITICAL	public/libs/tinymce/themes/silver/theme.min.js	4	!function(){"use strict";const e=Object.getPrototypeOf,t=(e,t,o)=>{var n;return!!o(e,t.prototype)\|\|(null===(n=e.construc

Slop Phrases2 hits · 2 pts

Severity	File	Line	Snippet
LOW	…xical/core/__tests__/unit/LexicalSerialization.test.ts	110	const expectedStringifiedEditorState = `{"root":{"children":[{"children":[{"detail":0,"format":0,"mode":"normal","
LOW	…xical/core/__tests__/unit/LexicalSerialization.test.ts	119	`{"root":{"children":[{"children":[{"detail":0,"format":0,"mode":"normal","style":"","text":"Welcome to the play

Score History

Severity Breakdown

Pattern Findings