Issues in GlSyncFtp.php (master) - Issues in master - emmanuelroecker/php-sync-sftp - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/GlSyncFtp.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Sync local files with ftp server
 *
 * PHP version 5.4
 *
 * @category  GLICER
 * @package   GlSyncFtp
 * @author    Emmanuel ROECKER
 * @author    Rym BOUCHAGOUR
 * @copyright 2015 GLICER
 * @license   MIT
 * @link      http://dev.glicer.com/
 *
 * Created : 22/05/15
 * File : GlSyncFtp.php
 *
 */

namespace GlSyncFtp;

use Symfony\Component\Finder\SplFileInfo;
use Symfony\Component\Finder\Finder;
use phpseclib\Net\SFTP;

/**
 * Class SFTPConnection
 * @package GLICER\GetterBundle\Ftp
 */
class GlSyncFtp
{
    const DELETE_FILE = 0;
    const DELETE_DIR  = 1;
    const CREATE_DIR  = 2;
    const NEW_FILE    = 3;
    const UPDATE_FILE = 4;

    /**
     * @var SFTP
     */
    private $sftp;

    /**
     * @var string
     */
    private $server;

    /**
     * @var int
     */
    private $port;

    /**
     * @var string
     */
    private $user;

    /**
     * @var string
     */
    private $password;

    /**
     * @param string $ftpserver
     * @param int    $port
     * @param string $user
     * @param string $password
     */
    public function __construct($ftpserver, $port, $user, $password)
    {
        $this->server   = $ftpserver;
        $this->port     = $port;
        $this->user     = $user;
        $this->password = $password;
    }

    public function __destruct()
    {
        $this->disconnect();
    }

    public function disconnect()
    {
        if (isset($this->sftp)) {
            $this->sftp->disconnect();
        }
    }

    /**
     * @param string $root
     * @param array  $listfiles
     * @param array  $listdirs
     *
     * @throws GlSyncFtpException
     */
    public function getAllFiles($root, &$listfiles, &$listdirs)
    {
        $this->login();
        $this->getFiles($root, "", $listfiles, $listdirs);
    }

    /**
     * @throws GlSyncFtpException
     */
    private function login()
    {
        if (isset($this->sftp)) {
            return;
        }

        $this->sftp = new SFTP($this->server, $this->port);
        if (!$this->sftp->login($this->user, $this->password)) {
            throw new GlSyncFtpException('Login Failed');
        }
    }

    /**
     * @param string $root
     * @param string $relative
     * @param array  $listfiles
     * @param array  $listdirs
     */
    private function getFiles($root, $relative, &$listfiles, &$listdirs)
    {
        $files = $this->sftp->rawlist($root . '/' . $relative);
        if ($files === false) {
            return;
        }
        foreach ($files as $name => $raw) {
            if (($name != '.') && ($name != '..')) {
                if ($raw['type'] == NET_SFTP_TYPE_DIRECTORY) {
                    $listdirs[$relative . '/' . $name] = $raw;
                    $this->getFiles($root, $relative . '/' . $name, $listfiles, $listdirs);
                } else {
                    $listfiles[$relative . '/' . $name] = $raw;
                }
            }
        }
    }


    /**
     * sync list of local directories with list of ftp directories
     *
     * @param array    $list
     * @param callable $syncdir = null
     * @param callable $syncop  = null
     */
    public function syncDirectories($list, callable $syncdir = null, callable $syncop = null)
    {
        foreach ($list as $src => $dst) {
            if ($syncdir) {
                $syncdir($src, $dst);
            }
            $this->syncDirectory(
                 $src,
                     $dst,
                     $syncop
            );
        }
    }

    /**
     * delete files unknowns on ftp server
     * 
     * @param string $src
     * @param string $dst
     * @param callable|null $syncop
     */
    private function syncDelete($src, $dst,callable $syncop = null) {
        $files = [];
        $dirs  = [];
        $this->getFiles($dst, "", $files, $dirs);

        // delete on ftp server, files not present in local directory
        foreach ($files as $name => $raw) {

            if (!file_exists($src . $name)) {
                $filepathFtp = $dst . strtr($name, ["\\" => "/"]);
                if ($syncop) {
                    $syncop(self::DELETE_FILE, $filepathFtp);
                }
                $this->sftp->delete($filepathFtp);
            }
        }

        // delete on ftp server, unknowns directories
        $dirs = array_reverse($dirs);
        foreach ($dirs as $name => $raw) {

            if (!file_exists($src . $name)) {
                $filepathFtp = $dst . strtr($name, ["\\" => "/"]);
                if ($syncop) {
                    $syncop(self::DELETE_DIR, $filepathFtp);
                }
                $this->sftp->rmdir($filepathFtp);
            }
        }        
    }


    /**
     * sync local directory with ftp directory
     *
     * @param string        $src
     * @param string        $dst
     * @param callable|null $syncop
     *
     * @throws GlSyncFtpException
     */
    public function syncDirectory($src, $dst, callable $syncop = null)
    {
        $this->login();

        $this->syncDelete($src, $dst, $syncop);
        
        // create new directories
        $finderdir = new Finder();
        $finderdir->directories()->ignoreDotFiles(false)->followLinks()->in($src)->notName('.git*');

        /**
         * @var SplFileInfo $dir
         */
        foreach ($finderdir as $dir) {
            $dirpathFtp = $dst . "/" . strtr($dir->getRelativePathname(), ["\\" => "/"]);
            $stat       = $this->sftp->stat($dirpathFtp);
            if (!$stat) {
                if ($syncop) {
                    $syncop(self::CREATE_DIR, $dirpathFtp);
                }
                $this->sftp->mkdir($dirpathFtp, $dir->getRealPath(), SFTP::SOURCE_LOCAL_FILE);
                $this->sftp->chmod(0755, $dirpathFtp, $dir->getRealPath());
            }
        }

        // copy new files or update if younger
        $finderdir = new Finder();
        $finderdir->files()->ignoreDotFiles(false)->followLinks()->in($src)->notName('.git*');

        /**
         * @var SplFileInfo $file
         */
        foreach ($finderdir as $file) {
            $filepathFtp = $dst . "/" . strtr($file->getRelativePathname(), ["\\" => "/"]);
            $stat        = $this->sftp->stat($filepathFtp);
            if (!$stat) {
                if ($syncop) {
                    $syncop(self::NEW_FILE, $filepathFtp);
                }
                $this->sftp->put($filepathFtp, $file->getRealPath(), SFTP::SOURCE_LOCAL_FILE);
            } else {
                $size = $this->sftp->size($filepathFtp);
                if (($file->getMTime() > $stat['mtime']) || ($file->getSize() != $size)) {
                    if ($syncop) {
                        $syncop(self::UPDATE_FILE, $filepathFtp);
                    }
                    $this->sftp->put($filepathFtp, $file->getRealPath(), SFTP::SOURCE_LOCAL_FILE);
                }
            }
        }
    }
}



1		<?php
2
3		/**
4		* Sync local files with ftp server
5		*
6		* PHP version 5.4
7		*
8		* @category GLICER
9		* @package GlSyncFtp
10		* @author Emmanuel ROECKER
11		* @author Rym BOUCHAGOUR
12		* @copyright 2015 GLICER
13		* @license MIT
14		* @link http://dev.glicer.com/
15		*
16		* Created : 22/05/15
17		* File : GlSyncFtp.php
18		*
19		*/
20
21		namespace GlSyncFtp;
22
23		use Symfony\Component\Finder\SplFileInfo;
24		use Symfony\Component\Finder\Finder;
25		use phpseclib\Net\SFTP;
26
27		/**
28		* Class SFTPConnection
29		* @package GLICER\GetterBundle\Ftp
30		*/
31		class GlSyncFtp
32		{
33		const DELETE_FILE = 0;
34		const DELETE_DIR = 1;
35		const CREATE_DIR = 2;
36		const NEW_FILE = 3;
37		const UPDATE_FILE = 4;
38
39		/**
40		* @var SFTP
41		*/
42		private $sftp;
43
44		/**
45		* @var string
46		*/
47		private $server;
48
49		/**
50		* @var int
51		*/
52		private $port;
53
54		/**
55		* @var string
56		*/
57		private $user;
58
59		/**
60		* @var string
61		*/
62		private $password;
63
64		/**
65		* @param string $ftpserver
66		* @param int $port
67		* @param string $user
68		* @param string $password
69		*/
70		public function __construct($ftpserver, $port, $user, $password)
71		{
72		$this->server = $ftpserver;
73		$this->port = $port;
74		$this->user = $user;
75		$this->password = $password;
76		}
77
78		public function __destruct()
79		{
80		$this->disconnect();
81		}
82
83		public function disconnect()
84		{
85		if (isset($this->sftp)) {
86		$this->sftp->disconnect();
87		}
88		}
89
90		/**
91		* @param string $root
92		* @param array $listfiles
93		* @param array $listdirs
94		*
95		* @throws GlSyncFtpException
96		*/
97		public function getAllFiles($root, &$listfiles, &$listdirs)
98		{
99		$this->login();
100		$this->getFiles($root, "", $listfiles, $listdirs);
101		}
102
103		/**
104		* @throws GlSyncFtpException
105		*/
106		private function login()
107		{
108		if (isset($this->sftp)) {
109		return;
110		}
111
112		$this->sftp = new SFTP($this->server, $this->port);
113		if (!$this->sftp->login($this->user, $this->password)) {
114		throw new GlSyncFtpException('Login Failed');
115		}
116		}
117
118		/**
119		* @param string $root
120		* @param string $relative
121		* @param array $listfiles
122		* @param array $listdirs
123		*/
124		private function getFiles($root, $relative, &$listfiles, &$listdirs)
125		{
126		$files = $this->sftp->rawlist($root . '/' . $relative);
127		if ($files === false) {
128		return;
129		}
130		foreach ($files as $name => $raw) {
131		if (($name != '.') && ($name != '..')) {
132		if ($raw['type'] == NET_SFTP_TYPE_DIRECTORY) {
133		$listdirs[$relative . '/' . $name] = $raw;
134		$this->getFiles($root, $relative . '/' . $name, $listfiles, $listdirs);
135		} else {
136		$listfiles[$relative . '/' . $name] = $raw;
137		}
138		}
139		}
140		}
141
142
143		/**
144		* sync list of local directories with list of ftp directories
145		*
146		* @param array $list
147		* @param callable $syncdir = null
148		* @param callable $syncop = null
149		*/
150		public function syncDirectories($list, callable $syncdir = null, callable $syncop = null)
151		{
152		foreach ($list as $src => $dst) {
153		if ($syncdir) {
154		$syncdir($src, $dst);
155		}
156		$this->syncDirectory(
157		$src,
158		$dst,
159		$syncop
160		);
161		}
162		}
163
164		/**
165		* delete files unknowns on ftp server
166		*
167		* @param string $src
168		* @param string $dst
169		* @param callable\|null $syncop
170		*/
171		private function syncDelete($src, $dst,callable $syncop = null) {
172		$files = [];
173		$dirs = [];
174		$this->getFiles($dst, "", $files, $dirs);
175
176		// delete on ftp server, files not present in local directory
177	View Code Duplication	foreach ($files as $name => $raw) {
		0 ignored issues – show Duplication introduced 2016-01-12 14:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
178		if (!file_exists($src . $name)) {
179		$filepathFtp = $dst . strtr($name, ["\\" => "/"]);
180		if ($syncop) {
181		$syncop(self::DELETE_FILE, $filepathFtp);
182		}
183		$this->sftp->delete($filepathFtp);
184		}
185		}
186
187		// delete on ftp server, unknowns directories
188		$dirs = array_reverse($dirs);
189	View Code Duplication	foreach ($dirs as $name => $raw) {
		0 ignored issues – show Duplication introduced 2016-01-12 14:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
190		if (!file_exists($src . $name)) {
191		$filepathFtp = $dst . strtr($name, ["\\" => "/"]);
192		if ($syncop) {
193		$syncop(self::DELETE_DIR, $filepathFtp);
194		}
195		$this->sftp->rmdir($filepathFtp);
196		}
197		}
198		}
199
200
201		/**
202		* sync local directory with ftp directory
203		*
204		* @param string $src
205		* @param string $dst
206		* @param callable\|null $syncop
207		*
208		* @throws GlSyncFtpException
209		*/
210		public function syncDirectory($src, $dst, callable $syncop = null)
211		{
212		$this->login();
213
214		$this->syncDelete($src, $dst, $syncop);
215
216		// create new directories
217		$finderdir = new Finder();
218		$finderdir->directories()->ignoreDotFiles(false)->followLinks()->in($src)->notName('.git*');
219
220		/**
221		* @var SplFileInfo $dir
222		*/
223		foreach ($finderdir as $dir) {
224		$dirpathFtp = $dst . "/" . strtr($dir->getRelativePathname(), ["\\" => "/"]);
225		$stat = $this->sftp->stat($dirpathFtp);
226		if (!$stat) {
227		if ($syncop) {
228		$syncop(self::CREATE_DIR, $dirpathFtp);
229		}
230		$this->sftp->mkdir($dirpathFtp, $dir->getRealPath(), SFTP::SOURCE_LOCAL_FILE);
231		$this->sftp->chmod(0755, $dirpathFtp, $dir->getRealPath());
232		}
233		}
234
235		// copy new files or update if younger
236		$finderdir = new Finder();
237		$finderdir->files()->ignoreDotFiles(false)->followLinks()->in($src)->notName('.git*');
238
239		/**
240		* @var SplFileInfo $file
241		*/
242		foreach ($finderdir as $file) {
243		$filepathFtp = $dst . "/" . strtr($file->getRelativePathname(), ["\\" => "/"]);
244		$stat = $this->sftp->stat($filepathFtp);
245		if (!$stat) {
246		if ($syncop) {
247		$syncop(self::NEW_FILE, $filepathFtp);
248		}
249		$this->sftp->put($filepathFtp, $file->getRealPath(), SFTP::SOURCE_LOCAL_FILE);
250		} else {
251		$size = $this->sftp->size($filepathFtp);
252		if (($file->getMTime() > $stat['mtime']) \|\| ($file->getSize() != $size)) {
253		if ($syncop) {
254		$syncop(self::UPDATE_FILE, $filepathFtp);
255		}
256		$this->sftp->put($filepathFtp, $file->getRealPath(), SFTP::SOURCE_LOCAL_FILE);
257		}
258		}
259		}
260		}
261		}
262
263

emmanuelroecker / php-sync-sftp

Issues (2)

Security Analysis no request data

src/GlSyncFtp.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like