Issues in auth.php - All Issues - Inspection of "Handle identical texts in translation, complete Ge..." - UB-Mannheim/PalMA - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#137)

by Philipp

created 2018-01-23 15:52 UTC

All Issues
New 0

auth.php (3 issues)

Labels

Duplication 2
Security 1

Severity

Critical 1
Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
if (!isset($_SESSION)) {
    session_start();
}

if (!isset($_SESSION['username'])) {
    if (isset($_SERVER['HTTP_REFERER'])) {
        error_log("auth.php referred by " . $_SERVER['HTTP_REFERER']);
    }
    $header = 'Location: login.php';
    $separator = '?';
    if (isset($_REQUEST['lang'])) {

        $header = $header . $separator . 'lang=' . $_REQUEST['lang'];
        $separator = '&';
    }
    if (isset($_REQUEST['pin'])) {

        $header = $header . $separator . 'pin=' . $_REQUEST['pin'];
        $separator = '&';
    }
    header($header);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}

    exit;
}


Pull Request — master (#137)

auth.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

2 paths for user data to reach this point

Response Splitting Attacks

General Strategies to prevent injection

1		<?php
2		if (!isset($_SESSION)) {
3		session_start();
4		}
5
6		if (!isset($_SESSION['username'])) {
7		if (isset($_SERVER['HTTP_REFERER'])) {
8		error_log("auth.php referred by " . $_SERVER['HTTP_REFERER']);
9		}
10		$header = 'Location: login.php';
11		$separator = '?';
12	View Code Duplication	if (isset($_REQUEST['lang'])) {
		0 ignored issues – show Duplication introduced 2017-04-18 11:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
13		$header = $header . $separator . 'lang=' . $_REQUEST['lang'];
14		$separator = '&';
15		}
16	View Code Duplication	if (isset($_REQUEST['pin'])) {
		0 ignored issues – show Duplication introduced 2016-07-29 11:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
17		$header = $header . $separator . 'pin=' . $_REQUEST['pin'];
18		$separator = '&';
19		}
20		header($header);
		0 ignored issues – show Security Response Splitting introduced 2017-04-18 11:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$header` can contain request data and is used in response header context(s) leading to a potential security vulnerability. 2 paths for user data to reach this point 1. Path: Read from `$_REQUEST,` and `$header` is assigned in auth.php on line 13 Read from `$_REQUEST,` and `$header` is assigned in auth.php on line 13 2. Path: Read from `$_REQUEST,` and `$header` is assigned in auth.php on line 17 Read from `$_REQUEST,` and `$header` is assigned in auth.php on line 17 Response Splitting Attacks Allowing an attacker to set a response header, opens your application to response splitting attacks; effectively allowing an attacker to send any response, he would like. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
21
22		exit;
23		}
24

UB-Mannheim / PalMA

Pull Request — master (#137)

auth.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

2 paths for user data to reach this point

Response Splitting Attacks

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like