Issues in worker.class.php (development) - Issues in development - MPOS/php-mpos - Measure and Improve Code Quality continuously with Scrutinizer

Issues (431)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/classes/worker.class.php (13 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;

class Worker extends Base {
  protected $table = 'pool_worker';

  /**
   * We allow changing the database for shared accounts across pools
   * Load the config on construct so we can assign the DB name
   * @param config array MPOS configuration
   * @return none

   **/
  public function __construct($config) {
    $this->setConfig($config);
    $this->table = $this->config['db']['shared']['workers'] . '.' . $this->table;
class MyClass { }

$x = new MyClass();
$x->foo = true;
  }

  /**
   * Update worker list for a user
   * @param account_id int User ID
   * @param data array All workers and their settings
   * @return bool
   **/
  public function updateWorkers($account_id, $data) {
    $this->debug->append("STA " . __METHOD__, 4);
    if (!is_array($data)) {
      $this->setErrorMessage('No workers to update');
      return false;
    }
    $username = $this->user->getUserName($account_id);
class MyClass { }

$x = new MyClass();
$x->foo = true;
    $iFailed = 0;
    foreach ($data as $key => $value) {
    if ('' === $value['username'] || '' === $value['password']) {
      $iFailed++;
    } else {
      // Check worker name first
      if (! preg_match("/^[0-9a-zA-Z_\-]*$/", $value['username'])) {
        $iFailed++;
        continue;
      }
      // Prefix the WebUser to Worker name
      $value['username'] = "$username." . $value['username'];
      $stmt = $this->mysqli->prepare("UPDATE $this->table SET password = ?, username = ?, monitor = ? WHERE account_id = ? AND id = ? LIMIT 1");
      if ( ! ( $this->checkStmt($stmt) && $stmt->bind_param('ssiii', $value['password'], $value['username'], $value['monitor'], $account_id, $key) && $stmt->execute()) )
        $iFailed++;
      }
    }
    if ($iFailed == 0)
      return true;
    return $this->sqlError('E0053', $iFailed);
  }

  /**
   * Fetch all IDLE workers that have monitoring enabled
   * @param none
   * @return data array Workers in IDLE state and monitoring enabled
   **/
  public function getAllIdleWorkers($interval=600) {

    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("
      SELECT w.account_id AS account_id, w.id AS id, w.username AS username
      FROM
      (
        SELECT username AS s_username, MAX(shares_id) AS shares_id, MAX(shares_archive_id) AS shares_archive_id
        FROM
        (
          SELECT
          s.username AS username, MAX(s.id) AS shares_id, NULL AS shares_archive_id
          FROM . " . $this->share->getTableName() . " AS s
class MyClass { }

$x = new MyClass();
$x->foo = true;
          WHERE s.time > DATE_SUB(now(), INTERVAL ? SECOND)
          AND s.our_result = 'Y'
          GROUP BY s.username
          UNION
          SELECT
          sa.username AS username, NULL AS shares_id, MAX(sa.id) AS shares_archive_id
          FROM " . $this->share->getArchiveTableName() . " AS sa
          WHERE sa.time > DATE_SUB(now(), INTERVAL ? SECOND)
          AND sa.our_result = 'Y'
          GROUP BY sa.username
        ) AS derived0
        GROUP BY s_username
      ) AS derived1
      RIGHT JOIN " . $this->getTableName() . " AS w
      ON s_username = w.username
      WHERE w.monitor = 1
      AND shares_id IS NULL
      AND shares_archive_id IS NULL
    ");
    if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $interval, $interval) && $stmt->execute() && $result = $stmt->get_result())
      return $result->fetch_all(MYSQLI_ASSOC);
    return $this->sqlError('E0054');
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
  }

  /**
   * Fetch a specific worker and its status
   * @param id int Worker ID
   * @return mixed array Worker details
   **/
  public function getWorker($id, $interval=600) {
    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("
      SELECT id, username, password, monitor,
        (
          SELECT COUNT(id) FROM " . $this->share->getTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) + (
          SELECT COUNT(id) FROM " . $this->share->getArchiveTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) AS count_all,
        (
          SELECT
          IFNULL(SUM(difficulty), 0)
          FROM " . $this->share->getTableName() . "
          WHERE
            username = w.username
            AND our_result = 'Y'
            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) + (
          SELECT
          IFNULL(SUM(difficulty), 0)
          FROM " . $this->share->getArchiveTableName() . "
          WHERE
            username = w.username
            AND our_result = 'Y'
            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
         ) AS shares
       FROM $this->table AS w
       WHERE id = ?");
    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiii', $interval, $interval, $interval, $interval, $id) && $stmt->execute() && ($result = $stmt->get_result()) && ($row = $result->fetch_assoc())) {
      $row['hashrate'] = round($this->coin->calcHashrate($row['shares'], $interval), 2);
class MyClass { }

$x = new MyClass();
$x->foo = true;
      if ($row['count_all'] > 0) {
        $row['difficulty'] = round($row['shares'] / $row['count_all'], 2);
      } else {
        $row['difficulty'] = 0.00;
      }
      return $row;
    }
    return $this->sqlError('E0055');
  }

  /**
   * Fetch all workers for an account
   * @param account_id int User ID
   * @return mixed array Workers and their settings or false
   **/
  public function getWorkers($account_id, $interval=600) {
    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("
      SELECT id, username, password, monitor,
        (
          SELECT COUNT(id) FROM " . $this->share->getTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) + (
          SELECT COUNT(id) FROM " . $this->share->getArchiveTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) AS count_all,
        (
          SELECT
          IFNULL(SUM(difficulty), 0)
          FROM " . $this->share->getTableName() . "
          WHERE
            username = w.username
            AND our_result = 'Y'
            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) + (
          SELECT
          IFNULL(SUM(difficulty), 0)
          FROM " . $this->share->getArchiveTableName() . "
          WHERE
            username = w.username
            AND our_result = 'Y'
            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) AS shares
      FROM $this->table AS w
      WHERE account_id = ?");
    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiii', $interval, $interval, $interval, $interval, $account_id) && $stmt->execute() && $result = $stmt->get_result()) {

      $aData = array();
      while ($row = $result->fetch_assoc()) {
        $row['hashrate'] = round($this->coin->calcHashrate($row['shares'], $interval), 2);
        if ($row['count_all'] > 0) {
          $row['difficulty'] = round($row['shares'] / $row['count_all'], $this->coin->getShareDifficultyPrecision());
        } else {
          $row['difficulty'] = 0.00;
        }
        $aData[] = $row;
      }
      return $aData;
    }
    return $this->sqlError('E0056');
  }

  /**
   * Fetch all workers for admin panel
   * @param limit int max amount of workers
   * @return mixed array Workers and their settings or false
   **/
  public function getAllWorkers($iLimit=0, $interval=600, $start=0) {
    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("
      SELECT id, username, password, monitor,
        (
          SELECT COUNT(id) FROM " . $this->share->getTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) + (
          SELECT COUNT(id) FROM " . $this->share->getArchiveTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) AS count_all,
        IFNULL(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty), 0) AS difficulty,
        (
          SELECT
          IFNULL(SUM(difficulty), 0)
          FROM " . $this->share->getTableName() . "
          WHERE
            username = w.username
            AND our_result = 'Y'
            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) + (
          SELECT
          IFNULL(SUM(difficulty), 0)
          FROM " . $this->share->getArchiveTableName() . "
          WHERE
            username = w.username
            AND our_result = 'Y'
            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
        ) AS shares
      FROM $this->table AS w
      ORDER BY shares DESC LIMIT ?,?");
    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiiii', $interval, $interval, $interval, $interval, $start, $iLimit) && $stmt->execute() && $result = $stmt->get_result()) {

      $aData = array();
      while ($row = $result->fetch_assoc()) {
        $row['hashrate'] = round($this->coin->calcHashrate($row['shares'], $interval), 2);
        if ($row['count_all'] > 0) {
          $row['avg_difficulty'] = round($row['shares'] / $row['count_all'], 2);
        } else {
          $row['avg_difficulty'] = 0.00;
        }
        $aData[] = $row;
      }
      return $aData;
    }
    return $this->sqlError('E0057');
  }

  /**
   * Get all currently active workers in the past 2 minutes
   * @param none
   * @return data mixed int count if any workers are active, false otherwise
   **/
  public function getCountAllActiveWorkers($interval=120) {

    $this->debug->append("STA " . __METHOD__, 4);
    if ($data = $this->memcache->get(__FUNCTION__)) return $data;
class MyClass { }

$x = new MyClass();
$x->foo = true;
    $stmt = $this->mysqli->prepare("
      SELECT COUNT(DISTINCT(username)) AS total
      FROM "  . $this->share->getTableName() . "
      WHERE our_result = 'Y'
      AND time > DATE_SUB(now(), INTERVAL ? SECOND)");
    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $interval) && $stmt->execute() && $result = $stmt->get_result())
      return $this->memcache->setCache(__FUNCTION__, $result->fetch_object()->total);
    return $this->sqlError();
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
  }

  /**
   * Add new worker to an existing web account
   * The webuser name is prefixed to the worker name
   * Passwords are plain text for pushpoold
   * @param account_id int User ID
   * @param workerName string Worker name
   * @param workerPassword string Worker password
   * @return bool
   **/
  public function addWorker($account_id, $workerName, $workerPassword) {
    $this->debug->append("STA " . __METHOD__, 4);
    if ('' === $workerName || '' === $workerPassword) {
      $this->setErrorMessage($this->getErrorMsg('E0058'));
      return false;
    }
    if (!preg_match("/^[0-9a-zA-Z_\-]*$/", $workerName)) {
      $this->setErrorMessage($this->getErrorMsg('E0072'));
      return false;
    }
    $username = $this->user->getUserName($account_id);
    $workerName = "$username.$workerName";
    if (strlen($workerName) > 50) {
      $this->setErrorMessage($this->getErrorMsg('E0073'));
      return false;
    }
    $stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id, username, password) VALUES(?, ?, ?)");
    if ($this->checkStmt($stmt) && $stmt->bind_param('iss', $account_id, $workerName, $workerPassword)) {
      if (!$stmt->execute()) {
        if ($stmt->sqlstate == '23000') return $this->sqlError('E0059');
      } else {
        return true;
      }
    }
    return $this->sqlError('E0060');
  }

  /**
   * Delete existing worker from account
   * @param account_id int User ID
   * @param id int Worker ID
   * @return bool
   **/
  public function deleteWorker($account_id, $id) {

    $this->debug->append("STA " . __METHOD__, 4);
    $stmt = $this->mysqli->prepare("DELETE FROM $this->table WHERE account_id = ? AND id = ? LIMIT 1");
    if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $account_id, $id) && $stmt->execute() && $stmt->affected_rows == 1)
        return true;
    return $this->sqlError('E0061');
  }
}

$worker = new Worker($config);
$worker->setDebug($debug);
$worker->setMysql($mysqli);
$worker->setMemcache($memcache);
$worker->setShare($share);
$worker->setUser($user);
$worker->setErrorCodes($aErrorCodes);
$worker->setCoin($coin);


MPOS / php-mpos

Issues (431)

Security Analysis not enabled

include/classes/worker.class.php (13 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like