Issues in Reference.class.php (master) - Issues in master - Enalean/tuleap - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4873)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/common/reference/Reference.class.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
 * Copyright (c) Enalean, 2015. All Rights Reserved.
 *
 * This file is a part of Tuleap.
 *
 * Tuleap is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Tuleap is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * Reference class
 * Stores a reference as stored in the DB (with keyword, link, etc.)
 */
class Reference {
    
    /**
     * @var integer the ID as stored in the 'Reference' DB table.
     */
    var $id;
    /**
     * @var string the keyword to extract.
     */
    var $keyword;
    /**
     * @var string description of this reference
     */
    var $description;

    /**
     * Originally, the 'link' contains parameters (like $1, $2) that are later converted with replaceLink() 
     * @var string link pointed by this reference
     */
    var $link;

    /**
     * @var string is either 'S' for system references, or 'P' for project-defined references.
     */
    var $scope;

    /**
     * Service short name is useful to automate reference (de-)activation when (de-)activating a service.
     * @var string
     */
    var $service_short_name;
    
    /**
     * Nature of the referenced item.
     * List of available natures is ReferenceManager : getAvailableNatures()
     * @var string
     */
    var $nature;
    
    /**
     * @var bool
     */
    var $is_active;
    /**
     * @var integer
     */
    var $group_id;

    /**
     * This parameter is computed from the 'link' param.
     * @var integer when set
     */
    var $num_param=null;
    
    /**
     * Class constructor
     * The constructor only builds full objects; Only the 'myid' and 'mygroup_id' params may be set to 0 if unknown.
     */
    public function __construct($myid,$mykeyword,$mydescription,$mylink,$myscope,$myservice_short_name,$nature,$myis_active,$mygroup_id) {
        $this->id=$myid;
        $this->keyword=strtolower($mykeyword);
        $this->description=$mydescription;
        $this->link=$mylink;
        $this->scope=$myscope;
        $this->service_short_name=$myservice_short_name;
        $this->nature=$nature;
        $this->is_active=$myis_active;
        $this->group_id=$mygroup_id;
        $this->num_param=$this->computeNumParam($this->link);
    }

    /**
     * Accessors 
     */
    function getId() {
        return $this->id;
    }
    function getKeyword() {
        return $this->keyword;
    }
    function getDescription() {
        return $this->description;
    }
    function getLink() {
        return $this->link;
    }
    function getScope() {
        return $this->scope;
    }
    function getServiceShortName() {
        return $this->service_short_name;
    }
    function getNature() {
        return $this->nature;
    }
    function isActive() {
        return $this->is_active;
    }
    function getGroupId() {
        return $this->group_id;
    }
    /**
     * @return bool true if this is a system reference (false if project reference)
     */ 
    function isSystemReference() {
        return ($this->scope == 'S');
    }
    


    /**
     * @see computeNumParam()
     */
    function getNumParam() {
        // Compute number of parameters if not already done
        if ($this->num_param == false) 

            $this->num_param=$this->computeNumParam($this->link);
        return $this->num_param;
    }

    function setIsActive($my_is_active) {
        $this->is_active=$my_is_active;
    }

    function setGroupId($my_group_id) {
        $this->group_id=$my_group_id;
    }

    function setId($my_id) {
        $this->id=$my_id;
    }

     function setDescription($my_description) {
        $this->description=$my_description;
    }

    public function setLink($link) {
        $this->link = $link;
    }

   /** 
     * Replace original link with arguments
     * 
     * Replacement rules
     * $projname -> project short name
     * $group_id -> project id
     * $0        -> keyword used in text
     * $1        -> first param
     * $2        -> second param, and so on until 9th param
     *
     * @param array $args array of arguments (optional)
     * @param string $projname contains the project name (optional)
    */
    function replaceLink($args=null, $projname=null) {
        $this->link = str_replace('$0', $this->keyword, $this->link);
        if ($projname) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $this->link = str_replace('$projname', $projname, $this->link);
        }
        $this->link = str_replace('$group_id', $this->group_id, $this->link);
        if (is_array($args)) {
            $count=count($args);
            if ($count>9) $count=9;
            for ($i=1; $i<=$count; $i++) {
                $this->link = str_replace('$'.$i, urlencode($args[$i-1]), $this->link);
            }
        }
    }

    /** 
     * Returns number of parameters needed to compute the link
     *
     * For instance, if only '$3' is used in the original link, it 
     * does not mean that only one param is needed: 3 params are needed,
     * but only one is used to compute the link. 
     * Max number is 9 parameters.
     *
     * @param string $link original link containing '$1', '$2',... parameters
     * @return integer number of parameters needed to compute the link
     * @static
     */
    function computeNumParam($link) {
        for ($i=9; $i>0; $i--) {
            if (strpos($link,'$'.$i)!==false) return $i;
        }
        return 0;
    }
        
    /**
     * @return ReferenceDao instance
     */
    function &_getReferenceDao() {
        if (!is_a($this->referenceDao, 'ReferenceDao')) {
            $this->referenceDao = new ReferenceDao(CodendiDataAccess::instance());
        }
        return $this->referenceDao;
    }

}
?>


GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/common/reference/Reference.class.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
4			* Copyright (c) Enalean, 2015. All Rights Reserved.
5			*
6			* This file is a part of Tuleap.
7			*
8			* Tuleap is free software; you can redistribute it and/or modify
9			* it under the terms of the GNU General Public License as published by
10			* the Free Software Foundation; either version 2 of the License, or
11			* (at your option) any later version.
12			*
13			* Tuleap is distributed in the hope that it will be useful,
14			* but WITHOUT ANY WARRANTY; without even the implied warranty of
15			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16			* GNU General Public License for more details.
17			*
18			* You should have received a copy of the GNU General Public License
19			* along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
20			*/
21
22			/**
23			* Reference class
24			* Stores a reference as stored in the DB (with keyword, link, etc.)
25			*/
26			class Reference {
27
28			/**
29			* @var integer the ID as stored in the 'Reference' DB table.
30			*/
31			var $id;
32			/**
33			* @var string the keyword to extract.
34			*/
35			var $keyword;
36			/**
37			* @var string description of this reference
38			*/
39			var $description;
40
41			/**
42			* Originally, the 'link' contains parameters (like $1, $2) that are later converted with replaceLink()
43			* @var string link pointed by this reference
44			*/
45			var $link;
46
47			/**
48			* @var string is either 'S' for system references, or 'P' for project-defined references.
49			*/
50			var $scope;
51
52			/**
53			* Service short name is useful to automate reference (de-)activation when (de-)activating a service.
54			* @var string
55			*/
56			var $service_short_name;
57
58			/**
59			* Nature of the referenced item.
60			* List of available natures is ReferenceManager : getAvailableNatures()
61			* @var string
62			*/
63			var $nature;
64
65			/**
66			* @var bool
67			*/
68			var $is_active;
69			/**
70			* @var integer
71			*/
72			var $group_id;
73
74			/**
75			* This parameter is computed from the 'link' param.
76			* @var integer when set
77			*/
78			var $num_param=null;
79
80			/**
81			* Class constructor
82			* The constructor only builds full objects; Only the 'myid' and 'mygroup_id' params may be set to 0 if unknown.
83			*/
84			public function __construct($myid,$mykeyword,$mydescription,$mylink,$myscope,$myservice_short_name,$nature,$myis_active,$mygroup_id) {
85			$this->id=$myid;
86			$this->keyword=strtolower($mykeyword);
87			$this->description=$mydescription;
88			$this->link=$mylink;
89			$this->scope=$myscope;
90			$this->service_short_name=$myservice_short_name;
91			$this->nature=$nature;
92			$this->is_active=$myis_active;
93			$this->group_id=$mygroup_id;
94			$this->num_param=$this->computeNumParam($this->link);
95			}
96
97			/**
98			* Accessors
99			*/
100			function getId() {
101			return $this->id;
102			}
103			function getKeyword() {
104			return $this->keyword;
105			}
106			function getDescription() {
107			return $this->description;
108			}
109			function getLink() {
110			return $this->link;
111			}
112			function getScope() {
113			return $this->scope;
114			}
115			function getServiceShortName() {
116			return $this->service_short_name;
117			}
118			function getNature() {
119			return $this->nature;
120			}
121			function isActive() {
122			return $this->is_active;
123			}
124			function getGroupId() {
125			return $this->group_id;
126			}
127			/**
128			* @return bool true if this is a system reference (false if project reference)
129			*/
130			function isSystemReference() {
131			return ($this->scope == 'S');
132			}
133
134
135
136			/**
137			* @see computeNumParam()
138			*/
139			function getNumParam() {
140			// Compute number of parameters if not already done
141			if ($this->num_param == false)
			0 ignored issues – show Bug Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing `$this->num_param` of type `integer` to the boolean `false`. If you are specifically checking for 0, consider using something more explicit like `=== 0` instead. Loading history...
142			$this->num_param=$this->computeNumParam($this->link);
143			return $this->num_param;
144			}
145
146			function setIsActive($my_is_active) {
147			$this->is_active=$my_is_active;
148			}
149
150			function setGroupId($my_group_id) {
151			$this->group_id=$my_group_id;
152			}
153
154			function setId($my_id) {
155			$this->id=$my_id;
156			}
157
158			function setDescription($my_description) {
159			$this->description=$my_description;
160			}
161
162			public function setLink($link) {
163			$this->link = $link;
164			}
165
166			/**
167			* Replace original link with arguments
168			*
169			* Replacement rules
170			* $projname -> project short name
171			* $group_id -> project id
172			* $0 -> keyword used in text
173			* $1 -> first param
174			* $2 -> second param, and so on until 9th param
175			*
176			* @param array $args array of arguments (optional)
177			* @param string $projname contains the project name (optional)
178			*/
179			function replaceLink($args=null, $projname=null) {
180			$this->link = str_replace('$0', $this->keyword, $this->link);
181			if ($projname) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$projname` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
182			$this->link = str_replace('$projname', $projname, $this->link);
183			}
184			$this->link = str_replace('$group_id', $this->group_id, $this->link);
185			if (is_array($args)) {
186			$count=count($args);
187			if ($count>9) $count=9;
188			for ($i=1; $i<=$count; $i++) {
189			$this->link = str_replace('$'.$i, urlencode($args[$i-1]), $this->link);
190			}
191			}
192			}
193
194			/**
195			* Returns number of parameters needed to compute the link
196			*
197			* For instance, if only '$3' is used in the original link, it
198			* does not mean that only one param is needed: 3 params are needed,
199			* but only one is used to compute the link.
200			* Max number is 9 parameters.
201			*
202			* @param string $link original link containing '$1', '$2',... parameters
203			* @return integer number of parameters needed to compute the link
204			* @static
205			*/
206			function computeNumParam($link) {
207			for ($i=9; $i>0; $i--) {
208			if (strpos($link,'$'.$i)!==false) return $i;
209			}
210			return 0;
211			}
212
213			/**
214			* @return ReferenceDao instance
215			*/
216			function &_getReferenceDao() {
217			if (!is_a($this->referenceDao, 'ReferenceDao')) {
218			$this->referenceDao = new ReferenceDao(CodendiDataAccess::instance());
219			}
220			return $this->referenceDao;
221			}
222
223			}
224			?>
225

Enalean / tuleap

GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/common/reference/Reference.class.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like