Issues in Connection.php (master) - Issues in master - RobinvdVleuten/php-nntp - Measure and Improve Code Quality continuously with Scrutinizer

Issues (12)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Connection/Connection.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the NNTP library.
 *
 * (c) Robin van der Vleuten <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Rvdv\Nntp\Connection;

use Rvdv\Nntp\Command\CommandInterface;
use Rvdv\Nntp\Exception\InvalidArgumentException;
use Rvdv\Nntp\Exception\RuntimeException;
use Rvdv\Nntp\Exception\UnknownHandlerException;
use Rvdv\Nntp\Response\MultiLineResponse;
use Rvdv\Nntp\Response\Response;
use Rvdv\Nntp\Response\ResponseInterface;
use Rvdv\Nntp\Socket\Socket;
use Rvdv\Nntp\Socket\SocketInterface;

/**
 * @author Robin van der Vleuten <[email protected]>
 */
class Connection implements ConnectionInterface
{
    const BUFFER_SIZE = 1024;

    /**
     * @var string
     */
    private $host;

    /**
     * @var int
     */
    private $port;

    /**
     * @var bool
     */
    private $secure;

    /**
     * @var SocketInterface
     */
    private $socket;

    /**
     * Constructor.
     *
     * @param string          $host   the host of the NNTP server
     * @param int             $port   the port of the NNTP server
     * @param bool            $secure a bool indicating if a secure connection should be established
     * @param SocketInterface $socket an optional socket wrapper instance
     */
    public function __construct($host, $port, $secure = false, SocketInterface $socket = null)
    {
        $this->host = $host;
        $this->port = $port;
        $this->secure = $secure;
        $this->socket = $socket ?: new Socket();
    }

    /**
     * {@inheritdoc}
     */
    public function connect()
    {
        $this->socket->connect(sprintf('tcp://%s:%d', $this->host, $this->port));

        if ($this->secure) {
            $this->socket->enableCrypto(true);
        }

        return $this->getResponse();
    }

    /**
     * {@inheritdoc}
     */
    public function disconnect()
    {
        $this->socket->disconnect();
    }

    /**
     * {@inheritdoc}
     */
    public function sendCommand(CommandInterface $command)
    {
        $commandString = $command();

        // NNTP/RFC977 only allows command up to 512 (-2 \r\n) chars.
        if (strlen($commandString) > 510) {
            throw new InvalidArgumentException('Failed to write to socket: command exceeded 510 characters');
        }

        if (strlen($commandString."\r\n") !== $this->socket->write($commandString."\r\n")) {
            throw new RuntimeException('Failed to write to socket');
        }

        $response = $this->getResponse();

        if ($command->isMultiLine() && ($response->getStatusCode() >= 200 && $response->getStatusCode() <= 399)) {
            $response = $command->isCompressed() ? $this->getCompressedResponse($response) : $this->getMultiLineResponse($response);
        }

        return $this->callCommandHandlerForResponse($command, $response);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
    }

    public function sendArticle(CommandInterface $command)
    {
        $commandString = $command();

        if (strlen($commandString."\r\n.\r\n") !== $this->socket->write($commandString."\r\n.\r\n")) {
            throw new RuntimeException('Failed to write to socket');
        }

        $response = $this->getResponse();

        return $this->callCommandHandlerForResponse($command, $response);
    }

    private function getResponse()
    {
        $buffer = '';

        while (!$this->socket->eof()) {
            $buffer .= $this->socket->gets(self::BUFFER_SIZE);

            if ("\r\n" === substr($buffer, -2)) {
                break;
            }

            if (false === $buffer) {
                $this->disconnect();

                throw new RuntimeException('Incorrect data received from buffer');
            }
        }

        return Response::createFromString($buffer);
    }

    private function getMultiLineResponse(Response $response)
    {
        $lines = [];

        while (!$this->socket->eof()) {
            $line = $this->socket->gets(self::BUFFER_SIZE);
            if ("\r\n" !== substr($line, -2) || strlen($line) < 2) {
                continue;
            }

            // Remove CR LF from the end of the line.
            $line = substr($line, 0, -2);

            // Check if the line terminates the text response.
            if ('.' === $line) {
                return new MultiLineResponse($response, $lines);
            }

            // If 1st char is '.' it's doubled (NNTP/RFC977 2.4.1).
            if ('..' === substr($line, 0, 2)) {
                $line = substr($line, 1);
            }

            // Add the line to the array of lines.
            $lines[] = $line;
        }
    }

    private function getCompressedResponse(Response $response)
    {
        // Determine encoding by fetching first line.
        $line = $this->socket->gets(self::BUFFER_SIZE);

        if ('=ybegin' == substr($line, 0, 7)) {
            $this->disconnect();

            throw new RuntimeException('yEnc encoded overviews are not currently supported.');
        }

        $uncompressed = '';

        while (!$this->socket->eof()) {
            $buffer = $this->socket->gets(self::BUFFER_SIZE);

            if (0 === strlen($buffer)) {
                $uncompressed = @gzuncompress($line);

                if (false !== $uncompressed) {
                    break;
                }
            }

            if (false === $buffer) {
                $this->disconnect();

                throw new RuntimeException('Incorrect data received from buffer');
            }

            $line .= $buffer;
        }

        $lines = explode("\r\n", trim($uncompressed));
        if ('.' === end($lines)) {
            array_pop($lines);
        }

        return new MultiLineResponse($response, array_filter($lines));
    }

    private function callCommandHandlerForResponse(CommandInterface $command, ResponseInterface $response)
    {
        if (in_array($response->getStatusCode(), [Response::$codes['CommandUnknown'], Response::$codes['CommandUnavailable']])) {
            throw new RuntimeException('Sent command is either unknown or unavailable on server');
        }

        // Check if we received a response code that we're aware of.
        if (false === ($responseName = array_search($response->getStatusCode(), Response::$codes, true))) {
            throw new RuntimeException(sprintf(
                'Unexpected response received: [%d] %s',
                $response->getStatusCode(),
                $response->getMessage()
            ));
        }

        $responseHandlerMethod = 'on'.$responseName;

        if (!is_callable([$command, $responseHandlerMethod])) {
            throw new UnknownHandlerException(sprintf('Response handler (%s) is not a callable method on given command object', $responseHandlerMethod));
        }

        return call_user_func([$command, $responseHandlerMethod], $response);
    }
}


1		<?php
2
3		/*
4		* This file is part of the NNTP library.
5		*
6		* (c) Robin van der Vleuten <[email protected]>
7		*
8		* For the full copyright and license information, please view the LICENSE
9		* file that was distributed with this source code.
10		*/
11
12		namespace Rvdv\Nntp\Connection;
13
14		use Rvdv\Nntp\Command\CommandInterface;
15		use Rvdv\Nntp\Exception\InvalidArgumentException;
16		use Rvdv\Nntp\Exception\RuntimeException;
17		use Rvdv\Nntp\Exception\UnknownHandlerException;
18		use Rvdv\Nntp\Response\MultiLineResponse;
19		use Rvdv\Nntp\Response\Response;
20		use Rvdv\Nntp\Response\ResponseInterface;
21		use Rvdv\Nntp\Socket\Socket;
22		use Rvdv\Nntp\Socket\SocketInterface;
23
24		/**
25		* @author Robin van der Vleuten <[email protected]>
26		*/
27		class Connection implements ConnectionInterface
28		{
29		const BUFFER_SIZE = 1024;
30
31		/**
32		* @var string
33		*/
34		private $host;
35
36		/**
37		* @var int
38		*/
39		private $port;
40
41		/**
42		* @var bool
43		*/
44		private $secure;
45
46		/**
47		* @var SocketInterface
48		*/
49		private $socket;
50
51		/**
52		* Constructor.
53		*
54		* @param string $host the host of the NNTP server
55		* @param int $port the port of the NNTP server
56		* @param bool $secure a bool indicating if a secure connection should be established
57		* @param SocketInterface $socket an optional socket wrapper instance
58		*/
59	7	public function __construct($host, $port, $secure = false, SocketInterface $socket = null)
60		{
61	7	$this->host = $host;
62	7	$this->port = $port;
63	7	$this->secure = $secure;
64	7	$this->socket = $socket ?: new Socket();
65	7	}
66
67		/**
68		* {@inheritdoc}
69		*/
70	3	public function connect()
71		{
72	3	$this->socket->connect(sprintf('tcp://%s:%d', $this->host, $this->port));
73
74	2	if ($this->secure) {
75	1	$this->socket->enableCrypto(true);
76	1	}
77
78	2	return $this->getResponse();
79		}
80
81		/**
82		* {@inheritdoc}
83		*/
84	1	public function disconnect()
85		{
86	1	$this->socket->disconnect();
87	1	}
88
89		/**
90		* {@inheritdoc}
91		*/
92	3	public function sendCommand(CommandInterface $command)
93		{
94	3	$commandString = $command();
95
96		// NNTP/RFC977 only allows command up to 512 (-2 \r\n) chars.
97	3	if (strlen($commandString) > 510) {
98	1	throw new InvalidArgumentException('Failed to write to socket: command exceeded 510 characters');
99		}
100
101	2	if (strlen($commandString."\r\n") !== $this->socket->write($commandString."\r\n")) {
102	1	throw new RuntimeException('Failed to write to socket');
103		}
104
105	1	$response = $this->getResponse();
106
107	1	if ($command->isMultiLine() && ($response->getStatusCode() >= 200 && $response->getStatusCode() <= 399)) {
108		$response = $command->isCompressed() ? $this->getCompressedResponse($response) : $this->getMultiLineResponse($response);
109		}
110
111	1	return $this->callCommandHandlerForResponse($command, $response);
		0 ignored issues – show Bug introduced 2016-12-02 20:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$response` defined by `$command->isCompressed()...LineResponse($response)` on line `108` can also be of type `null`; however, `Rvdv\Nntp\Connection\Con...andHandlerForResponse()` does only seem to accept `object<Rvdv\Nntp\Response\ResponseInterface>`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
112		}
113
114		public function sendArticle(CommandInterface $command)
115		{
116		$commandString = $command();
117
118		if (strlen($commandString."\r\n.\r\n") !== $this->socket->write($commandString."\r\n.\r\n")) {
119		throw new RuntimeException('Failed to write to socket');
120		}
121
122		$response = $this->getResponse();
123
124		return $this->callCommandHandlerForResponse($command, $response);
125		}
126
127	3	private function getResponse()
128		{
129	3	$buffer = '';
130
131	3	while (!$this->socket->eof()) {
132	3	$buffer .= $this->socket->gets(self::BUFFER_SIZE);
133
134	3	if ("\r\n" === substr($buffer, -2)) {
135	3	break;
136		}
137
138		if (false === $buffer) {
139		$this->disconnect();
140
141		throw new RuntimeException('Incorrect data received from buffer');
142		}
143		}
144
145	3	return Response::createFromString($buffer);
146		}
147
148		private function getMultiLineResponse(Response $response)
149		{
150		$lines = [];
151
152		while (!$this->socket->eof()) {
153		$line = $this->socket->gets(self::BUFFER_SIZE);
154		if ("\r\n" !== substr($line, -2) \|\| strlen($line) < 2) {
155		continue;
156		}
157
158		// Remove CR LF from the end of the line.
159		$line = substr($line, 0, -2);
160
161		// Check if the line terminates the text response.
162		if ('.' === $line) {
163		return new MultiLineResponse($response, $lines);
164		}
165
166		// If 1st char is '.' it's doubled (NNTP/RFC977 2.4.1).
167		if ('..' === substr($line, 0, 2)) {
168		$line = substr($line, 1);
169		}
170
171		// Add the line to the array of lines.
172		$lines[] = $line;
173		}
174		}
175
176		private function getCompressedResponse(Response $response)
177		{
178		// Determine encoding by fetching first line.
179		$line = $this->socket->gets(self::BUFFER_SIZE);
180
181		if ('=ybegin' == substr($line, 0, 7)) {
182		$this->disconnect();
183
184		throw new RuntimeException('yEnc encoded overviews are not currently supported.');
185		}
186
187		$uncompressed = '';
188
189		while (!$this->socket->eof()) {
190		$buffer = $this->socket->gets(self::BUFFER_SIZE);
191
192		if (0 === strlen($buffer)) {
193		$uncompressed = @gzuncompress($line);
194
195		if (false !== $uncompressed) {
196		break;
197		}
198		}
199
200		if (false === $buffer) {
201		$this->disconnect();
202
203		throw new RuntimeException('Incorrect data received from buffer');
204		}
205
206		$line .= $buffer;
207		}
208
209		$lines = explode("\r\n", trim($uncompressed));
210		if ('.' === end($lines)) {
211		array_pop($lines);
212		}
213
214		return new MultiLineResponse($response, array_filter($lines));
215		}
216
217	1	private function callCommandHandlerForResponse(CommandInterface $command, ResponseInterface $response)
218		{
219	1	if (in_array($response->getStatusCode(), [Response::$codes['CommandUnknown'], Response::$codes['CommandUnavailable']])) {
220		throw new RuntimeException('Sent command is either unknown or unavailable on server');
221		}
222
223		// Check if we received a response code that we're aware of.
224	1	if (false === ($responseName = array_search($response->getStatusCode(), Response::$codes, true))) {
225		throw new RuntimeException(sprintf(
226		'Unexpected response received: [%d] %s',
227		$response->getStatusCode(),
228		$response->getMessage()
229		));
230		}
231
232	1	$responseHandlerMethod = 'on'.$responseName;
233
234	1	if (!is_callable([$command, $responseHandlerMethod])) {
235		throw new UnknownHandlerException(sprintf('Response handler (%s) is not a callable method on given command object', $responseHandlerMethod));
236		}
237
238	1	return call_user_func([$command, $responseHandlerMethod], $response);
239		}
240		}
241

RobinvdVleuten / php-nntp

Issues (12)

Security Analysis no request data

src/Connection/Connection.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like