Issues in Upload.php (master) - Issues in master - andela-iadeniyi/Potato-ORM - Measure and Improve Code Quality continuously with Scrutinizer

Issues (66)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Helper/Upload.php (28 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Ibonly\PotatoORM;

/**
 * This class allows a user to upload and 
 * validate their files.
 *
 * @author John Ciacia <[email protected]>
 * @version 1.0
 * @copyright Copyright (c) 2007, John Ciacia
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 */
trait Upload {
    
    protected $file;
    /**
     *@var string contains an array of valid extensions which are allowed to be uploaded.
     */
    protected $ValidExtensions;
    /**
     *@var string contains a message which can be used for debugging.
     */
    protected $Message;
    /**
     *@var integer contains maximum size of fiels to be uploaded in bytes.
     */
    protected $MaximumFileSize;
    /**
     *@var bool contains whether or not the files being uploaded are images.
     */
    protected $IsImage;
    /**
     *@var string contains the email address of the recipient of upload logs.
     */
    protected $Email;
    /**
     *@var integer contains maximum width of images to be uploaded.
     */
    protected $MaximumWidth;
    /**
     *@var integer contains maximum height of images to be uploaded.
     */
    protected $MaximumHeight;

    // public function upload()

    // {

    // }

    public function file($file)
    {
        $this->output = $file;
class MyClass { }

$x = new MyClass();
$x->foo = true;

        return $this;
    }

    // public function fileSize()

    // {
    //     return $this->output['size'];

    // }

    // public function fileTmp()

    // {
    //     return $this->output['tmp_name'];

    // }

    // public function fileName()

    // {
    //     return $this->output;

    // }

    // public function fileMove($destination, $fileName = NULL)

    // {
    //     $file_name = ($fileName == null) ? $this->fileName() : $fileName;

    //     if (move_uploaded_file($this->fileTmp(), $destination.'/'.$file_name)) {

    //         return 333;
    //     } else {

    //         return 000;
    //     }
    // }

    /**
     *@method bool ValidateExtension() returns whether the extension of file to be uploaded
     *    is allowable or not.
     *@return true the extension is valid.
     *@return false the extension is invalid.
     */
    public function ValidateExtension()
    {

        $FileName = trim($this->GetFileName());
        $FileParts = pathinfo($FileName);
        $Extension = strtolower($FileParts['extension']);
        $ValidExtensions = $this->ValidExtensions;

        if (!$FileName) {
            $this->SetMessage("ERROR: File name is empty.");
            return false;
        }

        if (!$ValidExtensions) {
            $this->SetMessage("WARNING: All extensions are valid.");
            return true;
        }

        if (in_array($Extension, $ValidExtensions)) {
            $this->SetMessage("MESSAGE: The extension '$Extension' appears to be valid.");
            return true;
        } else {
            $this->SetMessage("Error: The extension '$Extension' is invalid.");
            return false;  
        }
    }

    /**
     *@method bool ValidateSize() returns whether the file size is acceptable.
     *@return true the size is smaller than the alloted value.
     *@return false the size is larger than the alloted value.
     */
    public function ValidateSize()
    {
        $MaximumFileSize = $this->MaximumFileSize;
        $TempFileName = $this->GetTempName();
        $TempFileSize = filesize($TempFileName);

        if($MaximumFileSize == "") {
            $this->SetMessage("WARNING: There is no size restriction.");
            return true;
        }

        if ($MaximumFileSize >= $TempFileSize) {
            $this->SetMessage("ERROR: The file is too big. It must be less than $MaximumFileSize and it is $TempFileSize.");
            return false;
        }

        $this->SetMessage("Message: The file size is less than the MaximumFileSize.");
        return true;
    }

    /**
     *@method bool ValidateExistance() determins whether the file already exists. If so, rename $FileName.
     *@return true can never be returned as all file names must be unique.
     *@return false the file name does not exist.
     */
    public function ValidateExistance($uploadDirectory)
    {
        $FileName = $this->GetFileName();
        $File = $uploadDirectory . $FileName;

        if (file_exists($File)) {
            $this->SetMessage("Message: The file '$FileName' already exist.");
            $UniqueName = rand() . $FileName;
            $this->SetFileName($UniqueName);
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
            $this->ValidateExistance($uploadDirectory);
        } else {
            $this->SetMessage("Message: The file name '$FileName' does not exist.");
            return false;
        }
    }

    /**
     *@method bool ValidateDirectory()
     *@return true the UploadDirectory exists, writable, and has a traling slash.
     *@return false the directory was never set, does not exist, or is not writable.
     */
    public function ValidateDirectory($uploadDirectory)
    {
        if (! $uploadDirectory) {
            $this->SetMessage("ERROR: The directory variable is empty.");
            return false;
        }

        if (!is_dir($uploadDirectory)) {
            $this->SetMessage("ERROR: The directory '$uploadDirectory' does not exist.");
            return false;
        }

        if (!is_writable($uploadDirectory)) {
            $this->SetMessage("ERROR: The directory '$uploadDirectory' does not writable.");
            return false;
        }

        if (substr($uploadDirectory, -1) != "/") {
            $this->SetMessage("ERROR: The traling slash does not exist.");
            $NewDirectory = $uploadDirectory . "/";
            $this->SetUploadDirectory($NewDirectory);
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
            $this->ValidateDirectory($uploadDirectory);
        } else {
            $this->SetMessage("MESSAGE: The traling slash exist.");
            return true;
        }
    }

    /**
     *@method bool ValidateImage()
     *@return true the image is smaller than the alloted dimensions.
     *@return false the width and/or height is larger then the alloted dimensions.
     */
    public function ValidateImage() {
        $MaximumWidth = $this->MaximumWidth;
        $MaximumHeight = $this->MaximumHeight;
        $TempFileName = $this->GetTempName();

        if($Size = @getimagesize($TempFileName)) {
            $Width = $Size[0];   //$Width is the width in pixels of the image uploaded to the server.
            $Height = $Size[1];  //$Height is the height in pixels of the image uploaded to the server.
        }

        if ($Width > $MaximumWidth) {
            $this->SetMessage("The width of the image [$Width] exceeds the maximum amount [$MaximumWidth].");
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
            return false;
        }

        if ($Height > $MaximumHeight) {
            $this->SetMessage("The height of the image [$Height] exceeds the maximum amount [$MaximumHeight].");
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
            return false;
        }

        $this->SetMessage("The image height [$Height] and width [$Width] are within their limitations.");     
        return true;
    }

    /**
     *@method bool UploadFile() uploads the file to the server after passing all the validations.
     *@return true the file was uploaded.
     *@return false the upload failed.
     */
    public function uploadFile($uploadDirectory)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {

        // if (!$this->ValidateExtension()) {

        //     die($this->GetMessage());

        // } 

        // else if (!$this->ValidateSize()) {

        //     die($this->GetMessage());

        // }

        // else if ($this->ValidateExistance($uploadDirectory)) {

        //     die($this->GetMessage());

        // }

        // elseif (!$this->ValidateDirectory($uploadDirectory)) {

        //     die($this->GetMessage());

        // }

        // else if ($this->IsImage && !$this->ValidateImage()) {

        //     die($this->GetMessage());

        // }

        // else {

            $FileName = time()."_".str_replace(' ', '_', $this->GetFileName());
            $TempFileName = $this->GetTempName();

            if (is_uploaded_file($TempFileName)) { 
                move_uploaded_file($TempFileName, $_SERVER['DOCUMENT_ROOT'].'/'.$uploadDirectory.'/'.$FileName);
                return $FileName;
            } else {
                return 4444;
            }

        // }

    }

    #Accessors and Mutators beyond this point.
    #Siginificant documentation is not needed.
    public function SetValidExtensions($argv)
    {
        $this->ValidExtensions = $argv;
    }

    public function SetMessage($argv)
    {
        $this->Message = $argv;
    }

    public function SetMaximumFileSize($argv)
    {
        $this->MaximumFileSize = $argv;
    }

    public function SetEmail($argv)
    {
        $this->Email = $argv;
    }
   
    public function SetIsImage($argv)
    {
        $this->IsImage = $argv;
    }

    public function SetMaximumWidth($argv)
    {
        $this->MaximumWidth = $argv;
    }

    public function SetMaximumHeight($argv)
    {
        $this->MaximumHeight = $argv;
    }   
    public function GetFileName()
    {
        return $this->output['name'];
    }

    public function GetUploadDirectory()
    {
        return $this->UploadDirectory;
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }

    public function GetTempName()
    {
        return $this->output['tmp_name'];
    }

    public function GetValidExtensions()
    {
        return $this->ValidExtensions;
    }

    public function GetMessage()
    {
        if (!isset($this->Message)) {
            $this->SetMessage("No Message");
        }

        return $this->Message;
    }

    public function GetMaximumFileSize()
    {
        return $this->MaximumFileSize;
    }

    public function GetIsImage()
    {
        return $this->IsImage;
    }

    public function GetMaximumWidth()
    {
        return $this->MaximumWidth;
    }

    public function GetMaximumHeight()
    {
        return $this->MaximumHeight;
    }
}

Issues (66)

Security Analysis no request data

src/Helper/Upload.php (28 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

1			<?php
2
3			namespace Ibonly\PotatoORM;
4
5			/**
6			* This class allows a user to upload and
7			* validate their files.
8			*
9			* @author John Ciacia <[email protected]>
10			* @version 1.0
11			* @copyright Copyright (c) 2007, John Ciacia
12			* @license http://opensource.org/licenses/gpl-license.php GNU Public License
13			*/
14			trait Upload {
15
16			protected $file;
17			/**
18			*@var string contains an array of valid extensions which are allowed to be uploaded.
19			*/
20			protected $ValidExtensions;
21			/**
22			*@var string contains a message which can be used for debugging.
23			*/
24			protected $Message;
25			/**
26			*@var integer contains maximum size of fiels to be uploaded in bytes.
27			*/
28			protected $MaximumFileSize;
29			/**
30			*@var bool contains whether or not the files being uploaded are images.
31			*/
32			protected $IsImage;
33			/**
34			*@var string contains the email address of the recipient of upload logs.
35			*/
36			protected $Email;
37			/**
38			*@var integer contains maximum width of images to be uploaded.
39			*/
40			protected $MaximumWidth;

andela-iadeniyi / Potato-ORM

Issues (66)

Security Analysis no request data

src/Helper/Upload.php (28 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like