feat: Laravel integration for gksh/bitmask #1

karkowg · 2026-01-12T03:50:51Z

The package provides:

A BitmaskCast for Eloquent models to seamlessly cast integer values to and from Bitmask objects.
Eloquent scopes (HasBitmaskScopes) for querying bitmask columns with various conditions (has flag, has all flags, has any flag, etc.).
A make:bitmask-flags Artisan command to generate bitmask enum classes.
A ValidBitmask validation rule to ensure input values conform to bitmask constraints, optionally tied to an enum.
Blade directives for conditional rendering based on bitmask flags.
Custom Blueprint macros for defining bitmask columns in migrations.
Comprehensive unit tests covering all functionalities.

Greptile Overview

Greptile Summary

This PR adds Laravel integration for the gksh/bitmask package, providing Eloquent casts, query scopes, validation rules, Blade directives, and migration helpers for working with bitmask fields.

Key Changes:

Added BitmaskCast for automatic casting between integers and Bitmask objects in Eloquent models
Implemented HasBitmaskScopes trait with query scopes for filtering records by bitmask flags
Created ValidBitmask validation rule with optional enum-based range checking
Added make:bitmask-flags Artisan command for generating bitmask enum classes
Registered Blade directives (@hasBitmaskFlag, @hasAnyBitmaskFlag, @hasAllBitmaskFlags)
Added Blueprint macros (tinyBitmask, smallBitmask, mediumBitmask, bitmask) for migrations
Comprehensive test coverage using Pest

Critical Issues Found:

SQL injection vulnerability in all HasBitmaskScopes methods - column names are interpolated without sanitization
laravel/prompts dependency is in require-dev but used in production code
array_sum() used instead of bitwise OR for combining bitmask values (works but semantically incorrect)

Confidence Score: 1/5

This PR has critical security vulnerabilities that must be fixed before merging
Score reflects multiple SQL injection vulnerabilities in HasBitmaskScopes trait that could allow attackers to execute arbitrary SQL queries. Additionally, incorrect dependency configuration will cause runtime errors in production environments.
Pay immediate attention to src/Concerns/HasBitmaskScopes.php (SQL injection) and composer.json (dependency misplacement)

Important Files Changed

File Analysis

Filename	Score	Overview
src/Concerns/HasBitmaskScopes.php	1/5	Critical SQL injection vulnerabilities in all scope methods - column names need sanitization. Also uses array_sum instead of bitwise OR.
composer.json	2/5	laravel/prompts incorrectly placed in require-dev instead of require - will cause runtime errors in production.
src/Casts/BitmaskCast.php	5/5	Clean implementation of Eloquent cast - properly handles null values and size parameters.
src/Commands/MakeBitmaskFlagsCommand.php	4/5	Well-structured command for generating bitmask enums - good validation and uses proper bit shifting syntax.
src/Rules/ValidBitmask.php	5/5	Solid validation rule - correctly uses bitwise OR for max value calculation, handles edge cases properly.
src/TransistorServiceProvider.php	5/5	Well-organized service provider - registers all features correctly with proper type hints and PHPStan annotations.

Sequence Diagram

sequenceDiagram
    participant App as Laravel Application
    participant SP as TransistorServiceProvider
    participant Model as Eloquent Model
    participant Cast as BitmaskCast
    participant Scope as HasBitmaskScopes
    participant DB as Database
    participant Bitmask as Bitmask Object

    Note over App,SP: Service Provider Registration
    App->>SP: boot()
    SP->>SP: registerCommands()
    SP->>SP: registerBladeDirectives()
    SP->>SP: registerValidationRules()
    SP->>SP: registerBlueprintMacros()

    Note over Model,Bitmask: Eloquent Cast (Retrieval)
    Model->>Cast: get(model, key, value, attributes)
    Cast->>Cast: Check if value is null
    Cast->>Cast: Convert to int
    Cast->>Bitmask: Create Bitmask instance based on size
    Bitmask-->>Model: Return Bitmask object

    Note over Model,Bitmask: Eloquent Cast (Storage)
    Model->>Cast: set(model, key, value, attributes)
    Cast->>Cast: Check value type
    alt value is Bitmask
        Cast->>Bitmask: value()
        Bitmask-->>Cast: Return integer
    else value is int
        Cast->>Cast: Cast to int
    end
    Cast-->>Model: Return integer for storage

    Note over Model,DB: Query Scopes
    App->>Model: whereHasBitmaskFlag('permissions', flag)
    Model->>Scope: scopeWhereHasBitmaskFlag(query, column, flag)
    Scope->>Scope: maskValue(flag)
    Scope->>DB: whereRaw("column & ? = ?", [value, value])
    DB-->>App: Return filtered results

_{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!}

The package provides: - A `BitmaskCast` for Eloquent models to seamlessly cast integer values to and from `Bitmask` objects. - Eloquent scopes (`HasBitmaskScopes`) for querying bitmask columns with various conditions (has flag, has all flags, has any flag, etc.). - A `make:bitmask-flags` Artisan command to generate bitmask enum classes. - A `ValidBitmask` validation rule to ensure input values conform to bitmask constraints, optionally tied to an enum. - Blade directives for conditional rendering based on bitmask flags. - Custom Blueprint macros for defining bitmask columns in migrations. - Comprehensive unit tests covering all functionalities.

karkowg · 2026-01-12T03:51:09Z

@greptile

greptile-apps

_{7 files reviewed, 6 comments}

_{Edit Code Review Agent Settings | Greptile}

greptile-apps · 2026-01-12T03:58:15Z