search

facebookarchive / facebook-for-magento2

* Pixel on all pages, which trigger events link, PageView, ViewContent, AddToCart, Initiatecheckout and Purchase.* In the background, Syncs the products from the merchants product catalog to Facebook Catalog.* Stores all the data, like pixel id, catalog id, business maanger id, on to the local database on the instance.
Other
46 stars 36 forks source link

[Bug]: Security errors in Facebook Magento 2 extension | V1.4.6 #136

Open jithavijayan opened 1 year ago

jithavijayan commented 1 year ago

Contact Details

jitha@corra.com

What happened?

Hello Team,

We have downloaded an extension from GitHub https://github.com/facebookincubator/facebook-for-magento2 version of 1.4.6 (via composer) to install in our Magento 2.4.4-p2 store. Before installing this extension, we did a security review using Magento coding standard tool and found lots of security errors.

Please find the attached security review report and let us know the ETA, and when can we expect this will fix in your extension.

Magento coding staging tool link: https://github.com/magento/magento-coding-standard Command to do a security check: vendor/bin/phpcs --standard=Magento2 /magento-project-path/vendor/facebook --error-severity=10 --warning-severity=9 --ignore-annotations --report=csv --report-file=report/MyReport_facebook.csv

Please let us know if you need any other details. MyReport.csv

Magento Version

2.4.4-p2

Plugin Version

2.4.6

Relevant log output

File,Line,Column,Type,Message,Source,Severity,Fixable
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/Setup/InstallSchema.php",1,1,error,"InstallSchema scripts are obsolete. Please use declarative schema approach in module's etc/db_schema.xml file",Magento2.Legacy.InstallUpgrade.ObsoleteInstallSchemaScript,10,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/Setup/UpgradeData.php",1,1,error,"UpgradeData scripts are obsolete. Please use data patches approach in module's Setup/Patch/Data dir",Magento2.Legacy.InstallUpgrade.ObsoleteUpgradeDataScript,10,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",14,14,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",19,16,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",20,17,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",21,24,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",24,24,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",25,31,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",34,54,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0

Code of Conduct