[Bug]: Security errors in Facebook Magento 2 extension | V1.4.6 #136
Description
Contact Details
What happened?
Hello Team,
We have downloaded an extension from GitHub https://github.com/facebookincubator/facebook-for-magento2 version of 1.4.6 (via composer) to install in our Magento 2.4.4-p2 store. Before installing this extension, we did a security review using Magento coding standard tool and found lots of security errors.
Please find the attached security review report and let us know the ETA, and when can we expect this will fix in your extension.
Magento coding staging tool link: https://github.com/magento/magento-coding-standard
Command to do a security check: vendor/bin/phpcs --standard=Magento2 /magento-project-path/vendor/facebook --error-severity=10 --warning-severity=9 --ignore-annotations --report=csv --report-file=report/MyReport_facebook.csv
Please let us know if you need any other details.
MyReport.csv
Magento Version
2.4.4-p2
Plugin Version
2.4.6
Relevant log output
File,Line,Column,Type,Message,Source,Severity,Fixable
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/Setup/InstallSchema.php",1,1,error,"InstallSchema scripts are obsolete. Please use declarative schema approach in module's etc/db_schema.xml file",Magento2.Legacy.InstallUpgrade.ObsoleteInstallSchemaScript,10,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/Setup/UpgradeData.php",1,1,error,"UpgradeData scripts are obsolete. Please use data patches approach in module's Setup/Patch/Data dir",Magento2.Legacy.InstallUpgrade.ObsoleteUpgradeDataScript,10,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",14,14,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",19,16,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",20,17,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",21,24,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",24,24,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",25,31,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0
"/Applications/MAMP/htdocs/positec-upgrade/vendor/facebook/facebook-for-magento2/view/frontend/templates/pixel/head.phtml",34,54,warning,"Unescaped output detected.",Magento2.Security.XssTemplate.FoundUnescaped,9,0Code of Conduct
- I agree to follow this project's Code of Conduct