Git Product home page Git Product logo

kasirku's Introduction

Logo

Cashier Management System (KasirKu)

The Cashier Management System (KasirKu) is a website-based system with the Laravel 8 Framework. KasirKu functions to make things easier cashier management. This system takes the case of one of the building retail stores in Bengkulu.

Integration

Apart from using Laravel 8, this system also integrates the Framework Bootstrap as front-end. This system uses SQL database and in The development uses MySQL Workbench software.

User Features

  • Data Processing Management
  • Cashier Management
  • Recapitulation Management

System Features

  • Laravel 8
  • Using Eloquent from Laravel
  • Templates for headers and footers
  • Full CRUD integration
  • Authentication from Laravel
  • Pagination
  • Search Data
  • Automatic Cashier Logic
  • Automatic Transaction Notes
  • Export PDF

Optimization

N+1 Problems

Run Locally

Clone the project

  git clone https://github.com/paley777/kasirku.git

Go to the project directory

  cd kasirku

Install dependencies

  composer install

Delete Cache

  php artisan cache:clear

Generate Laravel Key

  php artisan key:generate

Make Storage Link

  php artisan storage:link

Migrate

   php artisan migrate

Start the server

   php artisan serve

Screenshots

App Screenshot

Suggestion

For suggestions and input on this system, please email [email protected]

kasirku's People

Contributors

mend-bolt-for-github[bot] avatar paley777 avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar

kasirku's Issues

guzzlehttp/guzzle-7.4.4: 2 vulnerabilities (highest severity is: 7.7)

Vulnerable Library - guzzlehttp/guzzle-7.4.4

Guzzle is a PHP HTTP client library

Library home page: https://api.github.com/repos/guzzle/guzzle/zipball/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

Found in HEAD commit: b76ec18efeb4868239f3c44640b44e589a6c38f6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (guzzlehttp/guzzle version) Remediation Available
CVE-2022-31091 High 7.7 guzzlehttp/guzzle-7.4.4 Direct 6.5.8,7.4.5
CVE-2022-31090 High 7.7 guzzlehttp/guzzle-7.4.4 Direct 6.5.8,7.4.5

Details

CVE-2022-31091

Vulnerable Library - guzzlehttp/guzzle-7.4.4

Guzzle is a PHP HTTP client library

Library home page: https://api.github.com/repos/guzzle/guzzle/zipball/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

Dependency Hierarchy:

  • guzzlehttp/guzzle-7.4.4 (Vulnerable Library)

Found in HEAD commit: b76ec18efeb4868239f3c44640b44e589a6c38f6

Found in base branch: main

Vulnerability Details

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.

Publish Date: 2022-06-27

URL: CVE-2022-31091

CVSS 3 Score Details (7.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091

Release Date: 2022-06-27

Fix Resolution: 6.5.8,7.4.5

Step up your Open Source Security Game with Mend here

CVE-2022-31090

Vulnerable Library - guzzlehttp/guzzle-7.4.4

Guzzle is a PHP HTTP client library

Library home page: https://api.github.com/repos/guzzle/guzzle/zipball/e3ff079b22820c2029d4c2a87796b6a0b8716ad8

Dependency Hierarchy:

  • guzzlehttp/guzzle-7.4.4 (Vulnerable Library)

Found in HEAD commit: b76ec18efeb4868239f3c44640b44e589a6c38f6

Found in base branch: main

Vulnerability Details

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPT_HTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the CURLOPT_HTTPAUTH option before continuing, stopping curl from appending the Authorization header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl.

Publish Date: 2022-06-27

URL: CVE-2022-31090

CVSS 3 Score Details (7.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-25mq-v84q-4j7r

Release Date: 2022-05-19

Fix Resolution: 6.5.8,7.4.5

Step up your Open Source Security Game with Mend here

barryvdh/laravel-dompdf-v1.0.2: 3 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - barryvdh/laravel-dompdf-v1.0.2

Found in HEAD commit: b76ec18efeb4868239f3c44640b44e589a6c38f6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (barryvdh/laravel-dompdf-v1.0.2 version) Remediation Available
CVE-2022-41343 High 7.5 dompdf/dompdf-v1.2.2 Transitive N/A*
CVE-2022-2400 Medium 5.3 dompdf/dompdf-v1.2.2 Transitive N/A*
CVE-2022-0085 Medium 5.3 dompdf/dompdf-v1.2.2 Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-41343

Vulnerable Library - dompdf/dompdf-v1.2.2

DOMPDF is a CSS 2.1 compliant HTML to PDF converter

Library home page: https://api.github.com/repos/dompdf/dompdf/zipball/5031045d9640b38cfc14aac9667470df09c9e090

Dependency Hierarchy:

  • barryvdh/laravel-dompdf-v1.0.2 (Root Library)
    • dompdf/dompdf-v1.2.2 (Vulnerable Library)

Found in HEAD commit: b76ec18efeb4868239f3c44640b44e589a6c38f6

Found in base branch: main

Vulnerability Details

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

Publish Date: 2022-09-25

URL: CVE-2022-41343

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-09-25

Fix Resolution: v2.0.1

Step up your Open Source Security Game with Mend here

CVE-2022-2400

Vulnerable Library - dompdf/dompdf-v1.2.2

DOMPDF is a CSS 2.1 compliant HTML to PDF converter

Library home page: https://api.github.com/repos/dompdf/dompdf/zipball/5031045d9640b38cfc14aac9667470df09c9e090

Dependency Hierarchy:

  • barryvdh/laravel-dompdf-v1.0.2 (Root Library)
    • dompdf/dompdf-v1.2.2 (Vulnerable Library)

Found in HEAD commit: b76ec18efeb4868239f3c44640b44e589a6c38f6

Found in base branch: main

Vulnerability Details

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

Publish Date: 2022-07-18

URL: CVE-2022-2400

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2400

Release Date: 2022-07-18

Fix Resolution: v2.0.0

Step up your Open Source Security Game with Mend here

CVE-2022-0085

Vulnerable Library - dompdf/dompdf-v1.2.2

DOMPDF is a CSS 2.1 compliant HTML to PDF converter

Library home page: https://api.github.com/repos/dompdf/dompdf/zipball/5031045d9640b38cfc14aac9667470df09c9e090

Dependency Hierarchy:

  • barryvdh/laravel-dompdf-v1.0.2 (Root Library)
    • dompdf/dompdf-v1.2.2 (Vulnerable Library)

Found in HEAD commit: b76ec18efeb4868239f3c44640b44e589a6c38f6

Found in base branch: main

Vulnerability Details

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

Publish Date: 2022-06-28

URL: CVE-2022-0085

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/73dbcc78-5ba9-492f-9133-13bbc9f31236/

Release Date: 2022-06-28

Fix Resolution: v2.0.0

Step up your Open Source Security Game with Mend here

Jinja2-3.0.3-py3-none-any.whl: 1 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - Jinja2-3.0.3-py3-none-any.whl

A very fast and expressive template engine.

Library home page: https://files.pythonhosted.org/packages/20/9a/e5d9ec41927401e41aea8af6d16e78b5e612bca4699d417f646a9610a076/Jinja2-3.0.3-py3-none-any.whl

Path to dependency file: /vendor/mockery/mockery/docs/requirements.txt

Path to vulnerable library: /vendor/mockery/mockery/docs/requirements.txt

Found in HEAD commit: 49c70159ce2cc62016e087882a21a8d8a99e639d

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Jinja2 version) Remediation Possible**
CVE-2024-22195 Medium 6.1 Jinja2-3.0.3-py3-none-any.whl Direct jinja2 - 3.1.3

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-22195

Vulnerable Library - Jinja2-3.0.3-py3-none-any.whl

A very fast and expressive template engine.

Library home page: https://files.pythonhosted.org/packages/20/9a/e5d9ec41927401e41aea8af6d16e78b5e612bca4699d417f646a9610a076/Jinja2-3.0.3-py3-none-any.whl

Path to dependency file: /vendor/mockery/mockery/docs/requirements.txt

Path to vulnerable library: /vendor/mockery/mockery/docs/requirements.txt

Dependency Hierarchy:

  • Jinja2-3.0.3-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 49c70159ce2cc62016e087882a21a8d8a99e639d

Found in base branch: main

Vulnerability Details

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja xmlattr filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

Publish Date: 2024-01-11

URL: CVE-2024-22195

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-h5c8-rqwp-cp95

Release Date: 2024-01-11

Fix Resolution: jinja2 - 3.1.3

Step up your Open Source Security Game with Mend here

laravel/framework-v9.17.0: 1 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - laravel/framework-v9.17.0

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/091e287678ac723c591509ca6374e4ded4a99b1c

Found in HEAD commit: fa728b01d50d18d25710532813c0cb9768636695

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2022-30778 High 9.8 laravel/framework-v9.17.0 Direct N/A

Details

CVE-2022-30778

Vulnerable Library - laravel/framework-v9.17.0

The Laravel Framework.

Library home page: https://api.github.com/repos/laravel/framework/zipball/091e287678ac723c591509ca6374e4ded4a99b1c

Dependency Hierarchy:

  • laravel/framework-v9.17.0 (Vulnerable Library)

Found in HEAD commit: fa728b01d50d18d25710532813c0cb9768636695

Found in base branch: main

Vulnerability Details

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDispatcher.php.

Publish Date: 2022-05-16

URL: CVE-2022-30778

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.