Skip to content
This repository has been archived by the owner on Apr 30, 2023. It is now read-only.

[Bug]: Security errors in Facebook Magento 2 extension | V1.4.6 #136

Open
1 task done
jithavijayan opened this issue Feb 13, 2023 · 0 comments
Open
1 task done

[Bug]: Security errors in Facebook Magento 2 extension | V1.4.6 #136

jithavijayan opened this issue Feb 13, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@jithavijayan
Copy link

Contact Details

[email protected]

What happened?

Hello Team,

We have downloaded an extension from GitHub https://github.com/facebookincubator/facebook-for-magento2 version of 1.4.6 (via composer) to install in our Magento 2.4.4-p2 store. Before installing this extension, we did a security review using Magento coding standard tool and found lots of security errors.

Please find the attached security review report and let us know the ETA, and when can we expect this will fix in your extension.

Magento coding staging tool link: https://github.com/magento/magento-coding-standard
Command to do a security check: vendor/bin/phpcs --standard=Magento2 /magento-project-path/vendor/facebook --error-severity=10 --warning-severity=9 --ignore-annotations --report=csv --report-file=report/MyReport_facebook.csv

Please let us know if you need any other details.
MyReport.csv

Magento Version

2.4.4-p2

Plugin Version

2.4.6

Relevant log output

File,Line,Column,Type,Message,Source,Severity,Fixable
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/Setup/InstallSchema.php",1,1,error,"InstallSchema scripts are obsolete. Please use declarative schema approach in module's etc/db_schema.xml file",Magento2.Legacy.InstallUpgrade.ObsoleteInstallSchemaScript,10,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/Setup/UpgradeData.php",1,1,error,"UpgradeData scripts are obsolete. Please use data patches approach in module's Setup/Patch/Data dir",Magento2.Legacy.InstallUpgrade.ObsoleteUpgradeDataScript,10,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",14,14,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",19,16,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",20,17,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",21,24,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",24,24,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",25,31,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",34,54,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0

Code of Conduct

  • I agree to follow this project's Code of Conduct
@jithavijayan jithavijayan added the bug Something isn't working label Feb 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jithavijayan