The composer.json file should be valid 2

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/composer.invalid_file

in composer.json, line 1
  1. {

    The property classmap-authoritative is not defined and the definition does not allow additional properties

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Guikingone
  2. "name": "symfony/framework-standard-edition",
  3. "license": "MIT",
  4. "type": "project",
  5. "description": "The \"Symfony Standard Edition\" distribution",
  6. "autoload": {
in composer.json, line 1
  1. {

    The property optimize-autoloader is not defined and the definition does not allow additional properties

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Guikingone
  2. "name": "symfony/framework-standard-edition",
  3. "license": "MIT",
  4. "type": "project",
  5. "description": "The \"Symfony Standard Edition\" distribution",
  6. "autoload": {

The response should be redirected after posting data to an action 9

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/symfony.controller.missing_redirect_after_post

  1. class AdminController extends Controller
  2. {
  3. /**
  4. * @return \Symfony\Component\HttpFoundation\Response
  5. */
  6. public function adminAction() : Response

    The adminAction() method allows POST requests, but does not redirect the user. It is a common best practice to call a redirect after a POST action.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guikingone
  7. {
  8. return $this->render(':Back:admin_index.html.twig');
  9. }
  10. /**
  1. }
  2. /**
  3. * @return \Symfony\Component\HttpFoundation\Response
  4. */
  5. public function tricksAction() : Response

    The tricksAction() method allows POST requests, but does not redirect the user. It is a common best practice to call a redirect after a POST action.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guikingone
  6. {
  7. $tricks = $this->get('app.tricks_manager')->getAllTricks();
  8. return $this->render(':Back:admin_tricks.html.twig', [
  9. 'tricks' => $tricks,
  1. }
  2. /**
  3. * @return \Symfony\Component\HttpFoundation\Response
  4. */
  5. public function usersAction() : Response

    The usersAction() method allows POST requests, but does not redirect the user. It is a common best practice to call a redirect after a POST action.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guikingone
  6. {
  7. $users = $this->get('user.user_manager')->getUsers();
  8. return $this->render(':Back:admin_users.html.twig', [
  9. 'users' => $users,
  1. * @throws OptimisticLockException
  2. * @throws InvalidOptionsException
  3. *
  4. * @return \Symfony\Component\HttpFoundation\Response
  5. */
  6. public function tricksDetailsAction(Request $request, string $name) : Response

    The tricksDetailsAction() method allows POST requests, but does not redirect the user. It is a common best practice to call a redirect after a POST action.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guikingone
  7. {
  8. $trick = $this->get('app.tricks_manager')->getTricksByName($name);
  9. $commentaryForm = $this->get('app.commentary_manager')->addCommentary($request);
  1. * @throws InvalidOptionsException
  2. * @throws LogicException
  3. *
  4. * @return \Symfony\Component\HttpFoundation\Response
  5. */
  6. public function tricksAddAction(Request $request) : Response

    The tricksAddAction() method allows POST requests, but does not redirect the user. It is a common best practice to call a redirect after a POST action.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guikingone
  7. {
  8. $tricks = $this->get('app.tricks_manager')->addTrick($request);
  9. return $this->render(':Home:tricks_add.html.twig', [
  10. 'tricks' => $tricks,
  1. * @throws \InvalidArgumentException
  2. * @throws InvalidOptionsException
  3. *
  4. * @return \Symfony\Component\HttpFoundation\Response
  5. */
  6. public function tricksUpdateAction(Request $request, $name) : Response

    The tricksUpdateAction() method allows POST requests, but does not redirect the user. It is a common best practice to call a redirect after a POST action.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guikingone
  7. {
  8. $tricks = $this->get('app.tricks_manager')->updateTricks($request, $name);
  9. return $this->render(':Back:tricks_update.html.twig', [
  10. 'tricks' => $tricks,
  1. * @throws InvalidOptionsException
  2. * @throws LogicException
  3. *
  4. * @return Response
  5. */
  6. public function registerAction(Request $request)

    The registerAction() method allows POST requests, but does not redirect the user. It is a common best practice to call a redirect after a POST action.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guikingone
  7. {
  8. $register = $this->get('user.security')->registerUser($request);
  9. return $this->render(':Security:register.html.twig', [
  10. 'register' => $register,
  1. }
  2. /**
  3. * @return Response
  4. */
  5. public function loginAction()

    The loginAction() method allows POST requests, but does not redirect the user. It is a common best practice to call a redirect after a POST action.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guikingone
  6. {
  7. $security = $this->get('user.security')->loginUser();
  8. return $this->render(':Security:login.html.twig', [
  9. 'error' => $security[0],
  1. * @throws InvalidOptionsException
  2. * @throws AccessDeniedException
  3. *
  4. * @return Response
  5. */
  6. public function forgotPasswordAction(Request $request)

    The forgotPasswordAction() method allows POST requests, but does not redirect the user. It is a common best practice to call a redirect after a POST action.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guikingone
  7. {
  8. $password = $this->get('user.security')->forgotPassword($request);
  9. return $this->render(':Security:forgot_password.html.twig', [
  10. 'password' => $password,

Code should not be duplicated 2

  • Minor
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/php.duplicated_code

  1. if ($form->isSubmitted() && $form->isValid()) {
  2. // Search if a equivalent resource has been created.
  3. $data = $form->getData();
  4. $trick = $this->doctrine->getRepository(Tricks::class)
  5. ->findOneBy([
  6. 'name' => $data->getName(),

    The next 30 lines appear both in src/AppBundle/Managers/ApiManagers/ApiTricksManager.php:192 and src/AppBundle/Managers/ApiManagers/ApiTricksManager.php:293.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guikingone
  7. ]);
  8. if ($trick) {
  9. return new JsonResponse(
  10. [
  1. * @throws ORMInvalidArgumentException
  2. * @throws OptimisticLockException
  3. *
  4. * @return JsonResponse
  5. */
  6. public function register()

    The next 38 lines appear both in src/UserBundle/Managers/Api/UserManager.php:236 and src/UserBundle/Services/Api/Security.php:127.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guikingone
  7. {
  8. $user = new User();
  9. // Init the workflow
  10. $this->workflow->apply($user, 'register_phase');

Unused method, property, variable or parameter

  • Minor
  • Deadcode

More information: https://insight.sensiolabs.com/what-we-analyse/php.unused_local_variable_or_private_member

  1. * @param JsonResponder $responder
  2. */
  3. public function __construct (
  4. EntityManager $doctrine,
  5. FormFactory $form,
  6. SerializerInterface $serializer,

    This serializer argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guikingone
  7. EventDispatcherInterface $dispatcher,
  8. Workflow $workflow,
  9. RequestStack $request,
  10. JsonResponder $responder
  11. ) {

Deprecated class found in service definition

  • Info
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/third_party.use_deprecated_service

The event_dispatcher service uses the Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher class, which has been deprecated in Symfony 3.3. Use the Symfony\Component\EventDispatcher\EventDispatcher class instead.

Time to fix: about 2 hours
Open Issue Permalink
Last edited by Guikingone

The composer.json file should not raise warnings

  • Info
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/composer.warning

Defining autoload.psr-4 with an empty namespace prefix is a bad idea for performance

Time to fix: about 1 hour
Open Issue Permalink
Last edited by Guikingone

.htaccess should be avoided 3

  • Info
  • Performance

More information: https://insight.sensiolabs.com/what-we-analyse/web.apache_config

A .htaccess file has been spotted. You should consider moving it to the server configuration to improve global performances.

Time to fix: about 1 hour
Open Issue Permalink
Last edited by Guikingone

A .htaccess file has been spotted. You should consider moving it to the server configuration to improve global performances.

Time to fix: about 1 hour
Open Issue Permalink
Last edited by Guikingone

A .htaccess file has been spotted. You should consider moving it to the server configuration to improve global performances.

Time to fix: about 1 hour
Open Issue Permalink
Last edited by Guikingone

Default favicon should be changed

  • Info
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/web.default_favicon

Default default HiDPI Symfony favicon found.


This reveals the backend engine of the application and makes it more vulnerable to attackers. Consider using a custom favicon instead - plus, your users will memorize your application more easily.

Time to fix: about 1 hour
Open Issue Permalink
Last edited by Guikingone
web.default_favicon