Issues in Util.php (master) - Issues in master - andrewandante/submuncher - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Util.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Andrew Aitken-Fincham 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace AndrewAndante\SubMuncher;

// The bulk of the following code is from /etc/inc/util.inc in pfSense v2.0.2
// See https://www.pfsense.org - seriously good open source router software

class Util
{
    /**
     * This class should not be instantiated.
     */
    private function __construct()
    {
    }

    /* Convert IP address to long int, truncated to 32-bits to avoid sign extension
    on 64-bit platforms. */
    public static function ip2long32($ip)
    {
        return (ip2long($ip) & 0xFFFFFFFF);
    }

    /* Convert IP address to unsigned long int. */
    public static function ip2ulong($ip)
    {
        return sprintf("%u", self::ip2long32($ip));
    }

    /* Convert long int to IP address, truncating to 32-bits. */
    public static function long2ip32($ip)
    {
        return long2ip($ip & 0xFFFFFFFF);
    }

    /* returns true if $ipaddr is a valid dotted IPv4 address */
    public static function is_ipaddr($ipaddr)
    {
        if (!is_string($ipaddr)) {
            return false;
        }

        $ip_long = ip2long($ipaddr);
        $ip_reverse = self::long2ip32($ip_long);

        return ($ipaddr == $ip_reverse);
    }

    /* Return true if the first IP is 'before' the second */
    public static function ip_less_than($ip1, $ip2)
    {
        // Compare as unsigned long because otherwise it wouldn't work when
        // crossing over from 127.255.255.255 / 128.0.0.0 barrier
        return self::ip2ulong($ip1) < self::ip2ulong($ip2);
    }

    /* Return true if the first IP is 'after' the second */
    public static function ip_greater_than($ip1, $ip2)
    {
        // Compare as unsigned long because otherwise it wouldn't work
        // when crossing over from 127.255.255.255 / 128.0.0.0 barrier
        return self::ip2ulong($ip1) > self::ip2ulong($ip2);
    }

    /* Return the next IP address after the given address */
    public static function ip_after($ip, $increment = 1)
    {
        return self::long2ip32(ip2long($ip) + $increment);
    }

    /* Return the next IP address after the given address */
    public static function ip_before($ip, $decrement = 1)
    {
        return self::long2ip32(ip2long($ip) - $decrement);
    }

    public static function ip_diff($ip1, $ip2)
    {
        return abs(self::ip2ulong($ip1) - self::ip2ulong($ip2));
    }

    public static function cidr_contains($cidr, $ip)
    {
        list($start, $mask) = explode('/', $cidr);
        $cidrMax = self::gen_subnet_max($start, $mask);
        return !self::ip_greater_than($ip, $cidrMax) && !self::ip_less_than($ip, $start);
    }

    /* Find the smallest possible subnet mask which can contain a given number of IPs
    *  e.g. 512 IPs can fit in a /23, but 513 IPs need a /22
    */
    public static function find_smallest_cidr($number)
    {
        $smallest = 1;
        for ($b = 32; $b > 0; $b--) {
            $smallest = ($number <= pow(2, $b)) ? $b : $smallest;
        }
        return (32 - $smallest);
    }

    /* Find out how many IPs are contained within a given IP range
    *  e.g. 192.168.0.0 to 192.168.0.255 returns 256
    */
    public static function ip_range_size($startip, $endip)
    {
        if (self::is_ipaddr($startip) && self::is_ipaddr($endip)) {
            // Operate as unsigned long because otherwise it wouldn't work
            // when crossing over from 127.255.255.255 / 128.0.0.0 barrier
            return abs(self::ip2ulong($startip) - self::ip2ulong($endip)) + 1;
        }
        return -1;
    }


    public static function get_single_subnet($startip, $endip)
    {
        if (!self::is_ipaddr($startip) || !self::is_ipaddr($endip)) {
            return null;
        }

        $cidr = self::find_smallest_cidr(self::ip_range_size($startip, $endip));
        $lowestCommonIP = self::find_smallest_common_IP($startip, $endip);

        while (self::ip_greater_than($endip, self::gen_subnet_max($lowestCommonIP, $cidr))) {
            $cidr--;
            if ($cidr == 0) {
                return null;
            }
        }
        return $lowestCommonIP . '/' . $cidr;
    }

    public static function find_smallest_common_IP($startip, $endip)
    {
        $startBits = explode('.', $startip);
        $endBits = explode('.', $endip);

        $returnIP = [];
        $broken = false;
        for ($i = 0; $i < 4; ++$i) {
            if ($broken) {
                $returnIP[$i] = "00000000";
                continue;
            }
            $startAsBinary = str_pad(decbin($startBits[$i]), 8, "0", STR_PAD_LEFT);
            $endAsBinary = str_pad(decbin($endBits[$i]), 8, "0", STR_PAD_LEFT);

            if ($startAsBinary === $endAsBinary) {
                $returnIP[$i] = $startAsBinary;
                continue;
            }

            $returnOctet = [];
            for ($j = 0; $j < 8; ++$j) {
                if (!$broken && $startAsBinary[$j] == $endAsBinary[$j]) {
                    $returnOctet[$j] = $startAsBinary[$j];
                    continue;
                } else {
                    $returnOctet[$j] = "0";
                    $broken = true;
                }
            }

            $returnIP[$i] = implode('', $returnOctet);
        }
        $returnIPDec = [];
        foreach ($returnIP as $returnIPBin) {
            $returnIPDec[] = bindec($returnIPBin);
        }
        return implode('.', $returnIPDec);
    }

    public static function subnet_range_size($subnetmask)
    {
        return (2 ** (32 - (int) $subnetmask));
    }

    public static function cidr_to_ips_array($cidr)
    {
        $parts = explode('/', $cidr);
        if (!self::is_ipaddr($parts[0])) {
            return false;
        }

        $subnetMask = isset($parts[1]) ? $parts[1] : "32";
        $ips = [];
        $currentIP = $parts[0];

        for ($i = 0; $i < self::subnet_range_size($subnetMask); ++$i) {
            $ips[] = $currentIP;
            $currentIP = self::ip_after($currentIP);
        }

        return $ips;
    }

    /* return the subnet address given a host address and a subnet bit count */
    public static function gen_subnet($ipaddr, $bits)

    {
        if (!self::is_ipaddr($ipaddr) || !is_numeric($bits)) {
            return "";
        }

        return long2ip(ip2long($ipaddr) & self::gen_subnet_mask_long($bits));
    }

    /* returns a subnet mask (long given a bit count) */
    public static function gen_subnet_mask_long($bits)
    {
        $sm = 0;
        for ($i = 0; $i < $bits; $i++) {
            $sm >>= 1;
            $sm |= 0x80000000;
        }
        return $sm;
    }

    /* return the highest (broadcast) address in the subnet given a host address and
    a subnet bit count */
    public static function gen_subnet_max($ipaddr, $bits)

    {
        if (!self::is_ipaddr($ipaddr) || !is_numeric($bits)) {
            return "";
        }

        return self::long2ip32(ip2long($ipaddr) | ~self::gen_subnet_mask_long($bits));
    }

    /* takes an array of ip address, sorts and returns as an array */
    public static function sort_addresses($ipaddr)
    {
        $ipaddr = array_unique($ipaddr);
        $bitAddresses = [];
        $ipAddresses = [];
        foreach ($ipaddr as $ipv4) {
            $bitAddresses[] = self::ip2ulong($ipv4);
        }
        sort($bitAddresses);
        foreach ($bitAddresses as $raw) {
            $ipAddresses[] = self::long2ip32($raw);
        }
        return $ipAddresses;
    }

    /* takes an array of ip address, sorts and returns as an array */
    public static function sort_cidrs($cidrs)
    {
        $map = [];
        $bitAddresses = [];
        $sortedCidrs = [];
        foreach ($cidrs as $cidr) {
            $parts = explode('/', $cidr);
            $map[$parts[0]] = $parts[1];
            $bitAddresses[] = self::ip2ulong($parts[0]);
        }
        sort($bitAddresses);
        foreach ($bitAddresses as $raw) {
            $sortedCidrs[] = self::long2ip32($raw) . '/' . $map[self::long2ip32($raw)];
        }
        return $sortedCidrs;
    }
}


1		<?php
2
3		namespace AndrewAndante\SubMuncher;
4
5		// The bulk of the following code is from /etc/inc/util.inc in pfSense v2.0.2
6		// See https://www.pfsense.org - seriously good open source router software
7
8		class Util
9		{
10		/**
11		* This class should not be instantiated.
12		*/
13		private function __construct()
14		{
15		}
16
17		/* Convert IP address to long int, truncated to 32-bits to avoid sign extension
18		on 64-bit platforms. */
19		public static function ip2long32($ip)
20		{
21		return (ip2long($ip) & 0xFFFFFFFF);
22		}
23
24		/* Convert IP address to unsigned long int. */
25		public static function ip2ulong($ip)
26		{
27		return sprintf("%u", self::ip2long32($ip));
28		}
29
30		/* Convert long int to IP address, truncating to 32-bits. */
31		public static function long2ip32($ip)
32		{
33		return long2ip($ip & 0xFFFFFFFF);
34		}
35
36		/* returns true if $ipaddr is a valid dotted IPv4 address */
37		public static function is_ipaddr($ipaddr)
38		{
39		if (!is_string($ipaddr)) {
40		return false;
41		}
42
43		$ip_long = ip2long($ipaddr);
44		$ip_reverse = self::long2ip32($ip_long);
45
46		return ($ipaddr == $ip_reverse);
47		}
48
49		/* Return true if the first IP is 'before' the second */
50		public static function ip_less_than($ip1, $ip2)
51		{
52		// Compare as unsigned long because otherwise it wouldn't work when
53		// crossing over from 127.255.255.255 / 128.0.0.0 barrier
54		return self::ip2ulong($ip1) < self::ip2ulong($ip2);
55		}
56
57		/* Return true if the first IP is 'after' the second */
58		public static function ip_greater_than($ip1, $ip2)
59		{
60		// Compare as unsigned long because otherwise it wouldn't work
61		// when crossing over from 127.255.255.255 / 128.0.0.0 barrier
62		return self::ip2ulong($ip1) > self::ip2ulong($ip2);
63		}
64
65		/* Return the next IP address after the given address */
66		public static function ip_after($ip, $increment = 1)
67		{
68		return self::long2ip32(ip2long($ip) + $increment);
69		}
70
71		/* Return the next IP address after the given address */
72		public static function ip_before($ip, $decrement = 1)
73		{
74		return self::long2ip32(ip2long($ip) - $decrement);
75		}
76
77		public static function ip_diff($ip1, $ip2)
78		{
79		return abs(self::ip2ulong($ip1) - self::ip2ulong($ip2));
80		}
81
82		public static function cidr_contains($cidr, $ip)
83		{
84		list($start, $mask) = explode('/', $cidr);
85		$cidrMax = self::gen_subnet_max($start, $mask);
86		return !self::ip_greater_than($ip, $cidrMax) && !self::ip_less_than($ip, $start);
87		}
88
89		/* Find the smallest possible subnet mask which can contain a given number of IPs
90		* e.g. 512 IPs can fit in a /23, but 513 IPs need a /22
91		*/
92		public static function find_smallest_cidr($number)
93		{
94		$smallest = 1;
95		for ($b = 32; $b > 0; $b--) {
96		$smallest = ($number <= pow(2, $b)) ? $b : $smallest;
97		}
98		return (32 - $smallest);
99		}
100
101		/* Find out how many IPs are contained within a given IP range
102		* e.g. 192.168.0.0 to 192.168.0.255 returns 256
103		*/
104		public static function ip_range_size($startip, $endip)
105		{
106		if (self::is_ipaddr($startip) && self::is_ipaddr($endip)) {
107		// Operate as unsigned long because otherwise it wouldn't work
108		// when crossing over from 127.255.255.255 / 128.0.0.0 barrier
109		return abs(self::ip2ulong($startip) - self::ip2ulong($endip)) + 1;
110		}
111		return -1;
112		}
113
114
115		public static function get_single_subnet($startip, $endip)
116		{
117		if (!self::is_ipaddr($startip) \|\| !self::is_ipaddr($endip)) {
118		return null;
119		}
120
121		$cidr = self::find_smallest_cidr(self::ip_range_size($startip, $endip));
122		$lowestCommonIP = self::find_smallest_common_IP($startip, $endip);
123
124		while (self::ip_greater_than($endip, self::gen_subnet_max($lowestCommonIP, $cidr))) {
125		$cidr--;
126		if ($cidr == 0) {
127		return null;
128		}
129		}
130		return $lowestCommonIP . '/' . $cidr;
131		}
132
133		public static function find_smallest_common_IP($startip, $endip)
134		{
135		$startBits = explode('.', $startip);
136		$endBits = explode('.', $endip);
137
138		$returnIP = [];
139		$broken = false;
140		for ($i = 0; $i < 4; ++$i) {
141		if ($broken) {
142		$returnIP[$i] = "00000000";
143		continue;
144		}
145		$startAsBinary = str_pad(decbin($startBits[$i]), 8, "0", STR_PAD_LEFT);
146		$endAsBinary = str_pad(decbin($endBits[$i]), 8, "0", STR_PAD_LEFT);
147
148		if ($startAsBinary === $endAsBinary) {
149		$returnIP[$i] = $startAsBinary;
150		continue;
151		}
152
153		$returnOctet = [];
154		for ($j = 0; $j < 8; ++$j) {
155		if (!$broken && $startAsBinary[$j] == $endAsBinary[$j]) {
156		$returnOctet[$j] = $startAsBinary[$j];
157		continue;
158		} else {
159		$returnOctet[$j] = "0";
160		$broken = true;
161		}
162		}
163
164		$returnIP[$i] = implode('', $returnOctet);
165		}
166		$returnIPDec = [];
167		foreach ($returnIP as $returnIPBin) {
168		$returnIPDec[] = bindec($returnIPBin);
169		}
170		return implode('.', $returnIPDec);
171		}
172
173		public static function subnet_range_size($subnetmask)
174		{
175		return (2 ** (32 - (int) $subnetmask));
176		}
177
178		public static function cidr_to_ips_array($cidr)
179		{
180		$parts = explode('/', $cidr);
181		if (!self::is_ipaddr($parts[0])) {
182		return false;
183		}
184
185		$subnetMask = isset($parts[1]) ? $parts[1] : "32";
186		$ips = [];
187		$currentIP = $parts[0];
188
189		for ($i = 0; $i < self::subnet_range_size($subnetMask); ++$i) {
190		$ips[] = $currentIP;
191		$currentIP = self::ip_after($currentIP);
192		}
193
194		return $ips;
195		}
196
197		/* return the subnet address given a host address and a subnet bit count */
198	View Code Duplication	public static function gen_subnet($ipaddr, $bits)
		0 ignored issues – show Duplication introduced 2018-03-05 11:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
199		{
200		if (!self::is_ipaddr($ipaddr) \|\| !is_numeric($bits)) {
201		return "";
202		}
203
204		return long2ip(ip2long($ipaddr) & self::gen_subnet_mask_long($bits));
205		}
206
207		/* returns a subnet mask (long given a bit count) */
208		public static function gen_subnet_mask_long($bits)
209		{
210		$sm = 0;
211		for ($i = 0; $i < $bits; $i++) {
212		$sm >>= 1;
213		$sm \|= 0x80000000;
214		}
215		return $sm;
216		}
217
218		/* return the highest (broadcast) address in the subnet given a host address and
219		a subnet bit count */
220	View Code Duplication	public static function gen_subnet_max($ipaddr, $bits)
		0 ignored issues – show Duplication introduced 2018-03-05 11:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
221		{
222		if (!self::is_ipaddr($ipaddr) \|\| !is_numeric($bits)) {
223		return "";
224		}
225
226		return self::long2ip32(ip2long($ipaddr) \| ~self::gen_subnet_mask_long($bits));
227		}
228
229		/* takes an array of ip address, sorts and returns as an array */
230		public static function sort_addresses($ipaddr)
231		{
232		$ipaddr = array_unique($ipaddr);
233		$bitAddresses = [];
234		$ipAddresses = [];
235		foreach ($ipaddr as $ipv4) {
236		$bitAddresses[] = self::ip2ulong($ipv4);
237		}
238		sort($bitAddresses);
239		foreach ($bitAddresses as $raw) {
240		$ipAddresses[] = self::long2ip32($raw);
241		}
242		return $ipAddresses;
243		}
244
245		/* takes an array of ip address, sorts and returns as an array */
246		public static function sort_cidrs($cidrs)
247		{
248		$map = [];
249		$bitAddresses = [];
250		$sortedCidrs = [];
251		foreach ($cidrs as $cidr) {
252		$parts = explode('/', $cidr);
253		$map[$parts[0]] = $parts[1];
254		$bitAddresses[] = self::ip2ulong($parts[0]);
255		}
256		sort($bitAddresses);
257		foreach ($bitAddresses as $raw) {
258		$sortedCidrs[] = self::long2ip32($raw) . '/' . $map[self::long2ip32($raw)];
259		}
260		return $sortedCidrs;
261		}
262		}
263

andrewandante / submuncher

Issues (10)

Security Analysis no request data

src/Util.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like