facade / flare-client-php Goto Github PK

Hello,

i have this error when pass 1.6.0 to 1.6.1

PHP 7.3.27-9+ubuntu16.04

In Flare.php line 235:

Argument 1 passed to Facade\FlareClient\Flare::censorRequestBodyFields() mu
st be of the type array, null given, called in /var/www/XXXXX/vendo
r/facade/ignition/src/IgnitionServiceProvider.php on line 134

Hello! When any error occurs, displays "assert" the error instead of the actual error information, every time (See screenshot).
The problem is on version 1.9.1, on version 1.8.1 everything is fine

This link is invalid

"You can find the documentation of this package at the docs of Flare."

Hello, there!

As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.

Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu

Thanks in advance

1. The workflow run-tests.yml is referencing action shivammathur/setup-php using references v1. However this reference is missing the commit 7163319 which may contain fix to the vulnerability.

The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.

If you end up updating the reference, please let us know. We need the stats for the paper :-)

When I get an exception it crashes at the AddGitInformation middleware, resulting in me seeing another exception in the symfony error page instead.

If I uncomment that middleware, it works and I can then see my original exception.

This happens on a completely new laravel repository installed via composer create-project, I do not have any remotes for the repository yet as it hasn't been commited.

The workflow run-tests.yml is referencing action shivammathur/setup-php using references v1. However this reference is missing the commit 716331904ea2625d93a4f4f8f8c050d235845675 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

in method makeRequest code

$queryString = http_build_query([
            'key' => $this->apiToken,
            'secret' => $this->apiSecret,
]);
$fullUrl = "{$this->baseUrl}/{$url}?{$queryString}";

$fullUrl already used ?

but in method makeCurlRequest code

case 'get':
                curl_setopt($curlHandle, CURLOPT_URL, $fullUrl.'?'.http_build_query($arguments));
                break;

Also used ? Symbol

The & symbol should be used

like this

case 'get':
                curl_setopt($curlHandle, CURLOPT_URL, $fullUrl.'&'.http_build_query($arguments));
                break;

This bug will cause the parameter to be truncated

like this

127.0.0.1 - - [24/Apr/2021:21:17:10 +0800] "GET /?key=fMMEfczZUzmTZLhe&secret=CJvpDkSKYbhtDYEv?p1=p1v&p2=p2v HTTP/1.0" 200 72 "-" "Laravel/Flare API 1.0"
/*************************************************************************/
array:3 [
"key" => "fMMEfczZUzmTZLhe"
"secret" => "CJvpDkSKYbhtDYEv?p1=p1v"
"p2" => "p2v"
]

Finally, thank you for your hard work and hope it will become better

Are there any plans to add support for other PHP projects, specifically WordPress? One of the agencies that I work with has a few WordPress sites, and they're currently using Sentry to handle their error logs for Laravel, October CMS, & WordPress projects.

I've been playing around with ignition (working on a plugin for October CMS right now, https://github.com/rainlab/ignition-plugin) and have liked what I've seen, so I'm wondering if there are any plans to expand and add support for WordPress. If there are, we would most likely move away from Sentry and switch to using Flare to manage our error logs.

On my development i "disabled" the flare error reporting by removing the flare key but still every exception is transmitted to flareapp.io. This is not something I would expect as it is transmitting many data (source code, database values) I did not consent to.

Currently, it's not compatible with Laravel 9 and above (and other frameworks depending on the latest http-foundation) due to dependency set to the max version of 5.x currently in the composer.json.