Issues in Router.php (master) - Issues in master - HaaseIT/HCSF - Measure and Improve Code Quality continuously with Scrutinizer

Issues (102)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Router.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace HaaseIT\HCSF;

use Zend\ServiceManager\ServiceManager;
use Symfony\Component\Yaml\Yaml;

class Router
{
    private $P;

    /**
     * @var string
     */
    private $sPath;

    /**
     * @var ServiceManager
     */
    private $serviceManager;

    /**
     * @var \HaaseIT\HCSF\HelperConfig
     */
    protected $config;

    /**
     * @var \HaaseIT\HCSF\Helper
     */
    protected $helper;

    /**
     * Router constructor.
     * @param ServiceManager $serviceManager
     */
    public function __construct(ServiceManager $serviceManager)
    {
        $this->serviceManager = $serviceManager;
        $this->config = $serviceManager->get('config');
        $this->helper = $serviceManager->get('helper');
    }

    public function getPage()
    {
        // Maintenance page
        if ($this->config->getCore('maintenancemode')) {
            try {
                $controller = new \HaaseIT\HCSF\Controller\Maintenance($this->serviceManager);
                $this->P = $controller->getPage();
            } catch (\Exception $e) {
                $this->P = $e->getMessage();
            }
        } else {
            $routes = require __DIR__.DIRECTORY_SEPARATOR.'config'.DIRECTORY_SEPARATOR.'routes.php';
            $customRoutesFile = PATH_BASEDIR . 'customization/routes.yml';
            if (is_file($customRoutesFile)) {
                try{
                    $customRoutes = Yaml::parse(file_get_contents($customRoutesFile));
                    if (!empty($customRoutes['literal'])) {
                        $routes['literal'] = array_merge($routes['literal'], $customRoutes['literal']);
                    }
                    if (!empty($customRoutes['regex'])) {
                        $routes['regex'] = array_merge($routes['regex'], $customRoutes['regex']);
                    }
                } catch (\Exception $e) {
                    // todo: log error
                }
            }
            $aURL = parse_url($this->helper->getCleanRequestTarget());
            $this->sPath = $aURL['path'];

            $aPath = explode('/', $this->sPath);
            if (!empty($routes['literal'][$this->sPath])) {
                $class = '\\HaaseIT\\HCSF\\Controller\\'.$routes['literal'][$this->sPath];
            } else {
                if (!empty($routes['regex'])) {
                    foreach ($routes['regex'] as $regex) {
                        $result = preg_match('(^' . $regex['regex'] . '$)', $this->sPath, $matches);
                        if ($result) {
                            $class = '\\HaaseIT\\HCSF\\Controller\\' . $regex['controller'];
                            break;
                        }
                    }
                }
                if (empty($result) && $aPath[1] === $this->config->getCore('directory_images')) {
                    $class = Controller\Glide::class;
                }
            }

            if (!empty($class)) {
                // Core Page
                try {
                    /** @var Controller\Base $controller */
                    $controller = new $class($this->serviceManager, $aPath, (!empty($matches) ? $matches : false));
                    $this->P = $controller->getPage();
                } catch (\Exception $e) {
                    $this->P = new Page();
//                    die($e->getMessage());
                    $this->P->setStatus(500);
                    // todo: write error message
                    //echo $e->getMessage();
                }
            } else {
                if ($this->config->getCore('enable_module_shop')) {
                    $aRoutingoverride = $this->getRoutingoverride($aPath);
                }

                $this->P = new UserPage($this->serviceManager, $this->sPath);

                // go and look if the page can be loaded yet
                if ($this->P->cb_id === NULL) {
                    /*
                    If the last part of the path doesn't include a dot (.) and is not empty, apend a slash.
                    If there is already a slash at the end, the last part of the path array will be empty.
                     */
                    if (mb_strpos($aPath[count($aPath) - 1], '.') === false && $aPath[count($aPath) - 1] !== '') {
                        $this->sPath .= '/';
                    }

                    if ($this->sPath[strlen($this->sPath) - 1] === '/') {
                        $this->sPath .= 'index.html';
                    }

                    $this->P = new UserPage($this->serviceManager, $this->sPath);
                }

                if ($this->P->cb_id === NULL) { // if the page is still not found, unset the page object
                    $this->P->setStatus(404);
                } else { // if it is found, go on
                    // Support for shorturls
                    if ($this->P->cb_pagetype === 'shorturl') {
                        $this->P->setStatus(302);
                        $this->P->setHeader('Location', $this->P->cb_pageconfig);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
                    }

                    if (isset($this->P, $aRoutingoverride) && count($aRoutingoverride)) {
                        $this->P->cb_pagetype = $aRoutingoverride['cb_pagetype'];
                        $this->P->cb_pageconfig->itemno = $aRoutingoverride['itemno'];
                    }
                }
            }

            if ($this->P->getStatus() === 404) {
                $this->P = new CorePage($this->serviceManager);
                $this->P->cb_pagetype = 'error';
                $this->P->setStatus(404);
                $this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T('misc_page_not_found');
            } elseif ($this->P->getStatus() === 500) {
                $this->P = new CorePage($this->serviceManager);
                $this->P->cb_pagetype = 'error';
                $this->P->setStatus(500);
                $this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T('misc_server_error');
            } elseif (is_object($this->P) && $this->P->oPayload === null) {// elseif the page has been found but contains no payload...
                // no payload is fine if page is one of these
                $pagetypesnocontent = [
                    'itemoverviewjson',
                    'itemoverview',
                    'itemoverviewgrpd',
                    'itemdetail',
                    'shorturl',
                ];
                if (!in_array($this->P->cb_pagetype, $pagetypesnocontent, true)) {
                    $this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T('misc_content_not_found');
                    $this->P->setStatus(404);
                }
            } elseif ($this->P->oPayload->cl_lang !== null && $this->P->oPayload->cl_lang !== $this->config->getLang()) { // if the page is available but not in the current language, display info
                $this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T('misc_page_not_available_lang').'<br><br>'.$this->P->oPayload->cl_html;
            }
        }
        return $this->P;
    }

    private function getRoutingoverride($aPath)
    {
        $aRoutingoverride = [];
        // /xxxx/item/0010.html
        $aTMP['parts_in_path'] = count($aPath);
        // if the last dir in path is 'item' and the last part of the path is not empty
        if ($aPath[$aTMP['parts_in_path'] - 2] === 'item' && $aPath[$aTMP['parts_in_path'] - 1] !== '') {

            // explode the filename by .
            $aTMP['exploded_request_file'] = explode('.', $aPath[$aTMP['parts_in_path'] - 1]);

            // if the filename ends in '.html', get the requested itemno
            if ($aTMP['exploded_request_file'][count($aTMP['exploded_request_file']) - 1] === 'html') {
                // to allow dots in the filename, we have to iterate through all parts of the filename
                $aRoutingoverride['itemno'] = '';
                for ($i = 0; $i < count($aTMP['exploded_request_file']) - 1; $i++) {
                    $aRoutingoverride['itemno'] .= $aTMP['exploded_request_file'][$i].'.';
                }
                // remove the trailing dot
                $aRoutingoverride['itemno'] = \HaaseIT\Toolbox\Tools::cutStringend($aRoutingoverride['itemno'], 1);

                $aRoutingoverride['cb_pagetype'] = 'itemdetail';

                // rebuild the path string without the trailing '/item/itemno.html'
                $this->sPath = '';
                for ($i = 0; $i < $aTMP['parts_in_path'] - 2; $i++) {
                    $this->sPath .= $aPath[$i].'/';
                }
            }
        }

        return $aRoutingoverride;
    }
}


1		<?php
2
3		namespace HaaseIT\HCSF;
4
5		use Zend\ServiceManager\ServiceManager;
6		use Symfony\Component\Yaml\Yaml;
7
8		class Router
9		{
10		private $P;
11
12		/**
13		* @var string
14		*/
15		private $sPath;
16
17		/**
18		* @var ServiceManager
19		*/
20		private $serviceManager;
21
22		/**
23		* @var \HaaseIT\HCSF\HelperConfig
24		*/
25		protected $config;
26
27		/**
28		* @var \HaaseIT\HCSF\Helper
29		*/
30		protected $helper;
31
32		/**
33		* Router constructor.
34		* @param ServiceManager $serviceManager
35		*/
36		public function __construct(ServiceManager $serviceManager)
37		{
38		$this->serviceManager = $serviceManager;
39		$this->config = $serviceManager->get('config');
40		$this->helper = $serviceManager->get('helper');
41		}
42
43		public function getPage()
44		{
45		// Maintenance page
46		if ($this->config->getCore('maintenancemode')) {
47		try {
48		$controller = new \HaaseIT\HCSF\Controller\Maintenance($this->serviceManager);
49		$this->P = $controller->getPage();
50		} catch (\Exception $e) {
51		$this->P = $e->getMessage();
52		}
53		} else {
54		$routes = require __DIR__.DIRECTORY_SEPARATOR.'config'.DIRECTORY_SEPARATOR.'routes.php';
55		$customRoutesFile = PATH_BASEDIR . 'customization/routes.yml';
56		if (is_file($customRoutesFile)) {
57		try{
58		$customRoutes = Yaml::parse(file_get_contents($customRoutesFile));
59	View Code Duplication	if (!empty($customRoutes['literal'])) {
60		$routes['literal'] = array_merge($routes['literal'], $customRoutes['literal']);
61		}
62	View Code Duplication	if (!empty($customRoutes['regex'])) {
63		$routes['regex'] = array_merge($routes['regex'], $customRoutes['regex']);
64		}
65		} catch (\Exception $e) {
66		// todo: log error
67		}
68		}
69		$aURL = parse_url($this->helper->getCleanRequestTarget());
70		$this->sPath = $aURL['path'];
71
72		$aPath = explode('/', $this->sPath);
73		if (!empty($routes['literal'][$this->sPath])) {
74		$class = '\\HaaseIT\\HCSF\\Controller\\'.$routes['literal'][$this->sPath];
75		} else {
76		if (!empty($routes['regex'])) {
77		foreach ($routes['regex'] as $regex) {
78		$result = preg_match('(^' . $regex['regex'] . '$)', $this->sPath, $matches);
79		if ($result) {
80		$class = '\\HaaseIT\\HCSF\\Controller\\' . $regex['controller'];
81		break;
82		}
83		}
84		}
85		if (empty($result) && $aPath[1] === $this->config->getCore('directory_images')) {
86		$class = Controller\Glide::class;
87		}
88		}
89
90		if (!empty($class)) {
91		// Core Page
92		try {
93		/** @var Controller\Base $controller */
94		$controller = new $class($this->serviceManager, $aPath, (!empty($matches) ? $matches : false));
95		$this->P = $controller->getPage();
96		} catch (\Exception $e) {
97		$this->P = new Page();
98		// die($e->getMessage());
99		$this->P->setStatus(500);
100		// todo: write error message
101		//echo $e->getMessage();
102		}
103		} else {
104		if ($this->config->getCore('enable_module_shop')) {
105		$aRoutingoverride = $this->getRoutingoverride($aPath);
106		}
107
108		$this->P = new UserPage($this->serviceManager, $this->sPath);
109
110		// go and look if the page can be loaded yet
111		if ($this->P->cb_id === NULL) {
112		/*
113		If the last part of the path doesn't include a dot (.) and is not empty, apend a slash.
114		If there is already a slash at the end, the last part of the path array will be empty.
115		*/
116		if (mb_strpos($aPath[count($aPath) - 1], '.') === false && $aPath[count($aPath) - 1] !== '') {
117		$this->sPath .= '/';
118		}
119
120		if ($this->sPath[strlen($this->sPath) - 1] === '/') {
121		$this->sPath .= 'index.html';
122		}
123
124		$this->P = new UserPage($this->serviceManager, $this->sPath);
125		}
126
127		if ($this->P->cb_id === NULL) { // if the page is still not found, unset the page object
128		$this->P->setStatus(404);
129		} else { // if it is found, go on
130		// Support for shorturls
131		if ($this->P->cb_pagetype === 'shorturl') {
132		$this->P->setStatus(302);
133		$this->P->setHeader('Location', $this->P->cb_pageconfig);
		0 ignored issues – show Bug introduced 2017-07-08 12:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->P->cb_pageconfig` can also be of type `array`; however, `HaaseIT\HCSF\Page::setHeader()` does only seem to accept `string`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
134		}
135
136		if (isset($this->P, $aRoutingoverride) && count($aRoutingoverride)) {
137		$this->P->cb_pagetype = $aRoutingoverride['cb_pagetype'];
138		$this->P->cb_pageconfig->itemno = $aRoutingoverride['itemno'];
139		}
140		}
141		}
142
143		if ($this->P->getStatus() === 404) {
144		$this->P = new CorePage($this->serviceManager);
145		$this->P->cb_pagetype = 'error';
146		$this->P->setStatus(404);
147		$this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T('misc_page_not_found');
148		} elseif ($this->P->getStatus() === 500) {
149		$this->P = new CorePage($this->serviceManager);
150		$this->P->cb_pagetype = 'error';
151		$this->P->setStatus(500);
152		$this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T('misc_server_error');
153		} elseif (is_object($this->P) && $this->P->oPayload === null) {// elseif the page has been found but contains no payload...
154		// no payload is fine if page is one of these
155		$pagetypesnocontent = [
156		'itemoverviewjson',
157		'itemoverview',
158		'itemoverviewgrpd',
159		'itemdetail',
160		'shorturl',
161		];
162		if (!in_array($this->P->cb_pagetype, $pagetypesnocontent, true)) {
163		$this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T('misc_content_not_found');
164		$this->P->setStatus(404);
165		}
166		} elseif ($this->P->oPayload->cl_lang !== null && $this->P->oPayload->cl_lang !== $this->config->getLang()) { // if the page is available but not in the current language, display info
167		$this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T('misc_page_not_available_lang').'<br><br>'.$this->P->oPayload->cl_html;
168		}
169		}
170		return $this->P;
171		}
172
173		private function getRoutingoverride($aPath)
174		{
175		$aRoutingoverride = [];
176		// /xxxx/item/0010.html
177		$aTMP['parts_in_path'] = count($aPath);
178		// if the last dir in path is 'item' and the last part of the path is not empty
179		if ($aPath[$aTMP['parts_in_path'] - 2] === 'item' && $aPath[$aTMP['parts_in_path'] - 1] !== '') {
180
181		// explode the filename by .
182		$aTMP['exploded_request_file'] = explode('.', $aPath[$aTMP['parts_in_path'] - 1]);
183
184		// if the filename ends in '.html', get the requested itemno
185		if ($aTMP['exploded_request_file'][count($aTMP['exploded_request_file']) - 1] === 'html') {
186		// to allow dots in the filename, we have to iterate through all parts of the filename
187		$aRoutingoverride['itemno'] = '';
188		for ($i = 0; $i < count($aTMP['exploded_request_file']) - 1; $i++) {
189		$aRoutingoverride['itemno'] .= $aTMP['exploded_request_file'][$i].'.';
190		}
191		// remove the trailing dot
192		$aRoutingoverride['itemno'] = \HaaseIT\Toolbox\Tools::cutStringend($aRoutingoverride['itemno'], 1);
193
194		$aRoutingoverride['cb_pagetype'] = 'itemdetail';
195
196		// rebuild the path string without the trailing '/item/itemno.html'
197		$this->sPath = '';
198		for ($i = 0; $i < $aTMP['parts_in_path'] - 2; $i++) {
199		$this->sPath .= $aPath[$i].'/';
200		}
201		}
202		}
203
204		return $aRoutingoverride;
205		}
206		}
207

HaaseIT / HCSF

Issues (102)

Security Analysis not enabled

src/Router.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like