Issues (1507)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

PHPDaemon/Config/_Object.php (4 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
namespace PHPDaemon\Config;
3
4
use PHPDaemon\Config\Entry\ConfigFile;
5
use PHPDaemon\Config\Entry\Number;
6
use PHPDaemon\Config\Entry\Size;
7
use PHPDaemon\Config\Entry\Time;
8
use PHPDaemon\Core\Daemon;
9
10
/**
11
 * Config class
12
 *
13
 * @package    Core
14
 * @subpackage Config
15
 *
16
 * @author     Vasily Zorin <[email protected]>
17
 * @dynamic_fields
18
 */
19
class _Object implements \ArrayAccess
20
{
21
    use \PHPDaemon\Traits\ClassWatchdog;
22
23
    /**
24
     * Maximum memory usage
25
     * @var size
26
     */
27
    public $maxmemoryusage = '0b';
28
29
    /**
30
     * Maximum idle time
31
     * @var time
32
     */
33
    public $maxidle = '0s';
34
35
    /**
36
     * PID file
37
     * @var string|Entry\Generic
38
     */
39
    public $pidfile = '/var/run/phpd.pid';
40
41
    /**
42
     * Default namespace
43
     * @var path
44
     */
45
    public $defaultns = 'PHPDaemon';
46
47
    /**
48
     * Default PID file
49
     * @var path
50
     */
51
    public $defaultpidfile = '/var/run/phpd.pid';
52
53
    /**
54
     * Config file
55
     * @var string|Entry\ConfigFile
56
     */
57
    public $configfile = '/etc/phpdaemon/phpd.conf;/etc/phpd/phpd.conf;./conf/phpd.conf';
58
59
    /**
60
     * Application resolver
61
     * @var string|Entry\Generic
62
     */
63
    public $path = '/etc/phpdaemon/AppResolver.php;./conf/AppResolver.php';
64
65
    /**
66
     * Additional include path
67
     * @var string|Entry\Generic
68
     */
69
    public $addincludepath = null;
70
71
    /**
72
     * Multi-Process Manager delay
73
     * @var time
74
     */
75
    public $mpmdelay = '0.1s';
76
77
    /**
78
     * Max. requests before worker restart
79
     * @var int|Entry\Number
80
     */
81
    public $maxrequests = '10k';
82
83
    /**
84
     * Start workers
85
     * @var int|Entry\Number
86
     */
87
    public $startworkers = 4;
88
89
    /**
90
     * Minimum number of workers
91
     * @var int|Entry\Number
92
     */
93
    public $minworkers = 4;
94
95
    /**
96
     * Maximum number of workers
97
     * @var int|Entry\Number
98
     */
99
    public $maxworkers = 8;
100
101
    /**
102
     * Minimum number of spare workes
103
     * @var int|Entry\Number
104
     */
105
    public $minspareworkers = 2;
106
107
    /**
108
     * Maximum number of spare workes
109
     * @var int|Entry\Number
110
     */
111
    public $maxspareworkers = 0;
112
113
    /**
114
     * Master thread priority
115
     * @var integer
116
     */
117
    public $masterpriority = 100;
118
119
    /**
120
     * IPC thread priority
121
     * @var integer
122
     */
123
    public $ipcthreadpriority = 100;
124
125
    /**
126
     * IPC thread priority
127
     * @var boolean
128
     */
129
    public $obfilterauto = 1;
130
131
    /**
132
     * System user (setuid)
133
     * @var string|Entry\Generic
134
     */
135
    public $user = null;
136
137
    /**
138
     * System group (setgid)
139
     * @var string|Entry\Generic
140
     */
141
    public $group = null;
142
143
    /**
144
     * Automatic garbage collector, number of iterations between GC call
145
     * @var int|Entry\Number
146
     */
147
    public $autogc = '1k';
148
149
    /**
150
     * Chroot
151
     * @var string|Entry\Generic
152
     */
153
    public $chroot = '/';
154
155
    /**
156
     * Current directory
157
     * @var string
158
     */
159
    public $cwd = '.';
160
161
    /**
162
     * Autoreload interval. Time interval between checks.
163
     * @var time
164
     */
165
    public $autoreload = '0s';
166
167
    /**
168
     * Try to import updated code (runkit required)
169
     * @var boolean|Entry\Generic
170
     */
171
    public $autoreimport = 0;
172
173
    /**
174
     * Worker thread priority
175
     * @var integer
176
     */
177
    public $workerpriority = 4;
178
179
    /**
180
     * Lambda cache size
181
     * @var integer
182
     */
183
    public $lambdacachemaxsize = 128;
184
185
    /**
186
     * Lambda cache cap window
187
     * @var integer
188
     */
189
    public $lambdacachecapwindow = 32;
190
191
    /**
192
     * Lambda cache ttl
193
     * @var integer
194
     */
195
    public $lambdacachettl = 0;
196
197
    /**
198
     * Throw exception on shutdown?
199
     * @var boolean
200
     */
201
    public $throwexceptiononshutdown = 0;
202
203
    /**
204
     * Comma-separated list of locales
205
     * @var string|Entry\Generic
206
     */
207
    public $locale = '';
208
209
    /**
210
     * Restrict usage of error-control functions (like @ operator), useful in debugging
211
     * @var boolean
212
     */
213
    public $restricterrorcontrol = false;
214
215
    // Logging-related
216
217
    /**
218
     * Logging?
219
     * @var boolean
220
     */
221
    public $logging = 1;
222
223
    /**
224
     * Log storage
225
     * @var boolean|Entry\Generic
226
     */
227
    public $logstorage = '/var/log/phpdaemon.log';
228
229
    /**
230
     * Log format
231
     * @var string
232
     */
233
    public $logformat = '[D, j M Y H:i:s.u O] %msg%';
234
235
    /**
236
     * Log errors?
237
     * @var boolean
238
     */
239
    public $logerrors = 1;
240
241
    /**
242
     * Log Worker->setState() ?
243
     * @var boolean
244
     */
245
    public $logworkersetstate = 0;
246
247
    /**
248
     * Log signals?
249
     * @var boolean
250
     */
251
    public $logsignals = 0;
252
253
    /**
254
     * Do not close STDOUT and STDERR pipes and send log messages there
255
     * @var boolean
256
     */
257
    public $verbosetty = 0;
258
259
    /**
260
     * EIO enabled?
261
     * @var boolean
262
     */
263
    public $eioenabled = 1;
264
265
    /**
266
     * EIO maximum idle time
267
     * @var time
268
     */
269
    public $eiosetmaxidle = null;
270
271
    /**
272
     * EIO maximum parallel threads
273
     * @var int|Entry\Number
274
     */
275
    public $eiosetmaxparallel = null;
276
277
    /**
278
     * EIO maximum poll requests
279
     * @var int|Entry\Number
280
     */
281
    public $eiosetmaxpollreqs = null;
282
283
    /**
284
     * EIO maximum poll time
285
     * @var time
286
     */
287
    public $eiosetmaxpolltime = null;
288
289
    /**
290
     * EIO minimum parallel threads
291
     * @var int|Entry\Number
292
     */
293
    public $eiosetminparallel = null;
294
295
    /** @var int */
296
    public static $lastRevision = 0;
297
298
    /**
299
     * Constructor
300
     * @return _Object
301
     */
0 ignored issues
show
Comprehensibility Best Practice introduced by
Adding a @return annotation to constructors is generally not recommended as a constructor does not have a meaningful return value.

Adding a @return annotation to a constructor is not recommended, since a constructor does not have a meaningful return value.

Please refer to the PHP core documentation on constructors.

Loading history...
302
303
    public function __construct()
304
    {
305
        static $sizes = ['maxmemoryusage'];
306
        static $times = ['maxidle', 'autoreload', 'mpmdelay', 'eiosetmaxpolltime', 'lambdacachettl'];
307
        static $numbers = [
308
            'maxrequests',
309
            'autogc',
310
            'startworkers',
311
            'workerpriority',
312
            'minworkers',
313
            'maxworkers',
314
            'minspareworkers',
315
            'maxspareworkers',
316
            'masterpriority',
317
            'ipcthreadpriority',
318
            'eiosetmaxidle',
319
            'eiosetmaxparallel',
320
            'eiosetmaxpollreqs',
321
            'eiosetminparallel',
322
            'verbose',
323
            'verbosetty',
324
            'lambdacachemaxsize',
325
            'lambdacachecapwindow',
326
        ];
327
328
        foreach ($this as $name => $value) {
0 ignored issues
show
The expression $this of type this<PHPDaemon\Config\_Object> is not traversable.
Loading history...
329
            if (in_array($name, $sizes)) {
330
                $entry = new Size;
331
            } elseif (in_array($name, $times)) {
332
                $entry = new Time;
333
            } elseif (in_array($name, $numbers)) {
334
                $entry = new Number;
335
            } elseif ($name === 'configfile') {
336
                $entry = new ConfigFile;
337
            } else {
338
                $entry = new Entry\Generic;
339
            }
340
341
            if ($name === 'addincludepath') {
342
                $entry->setStackable();
343
            }
344
345
            $entry->setDefaultValue($value);
346
            $entry->setHumanValue($value);
347
            $this->{$name} = $entry;
348
        }
349
    }
350
351
    /**
352
     * Renames section
353
     * @param string $old
354
     * @param string $new
355
     * @param boolean $log Log?
356
     * @return void
357
     */
358
    public function renameSection($old, $new, $log = false)
359
    {
360
        Daemon::$config->{$new} = Daemon::$config->{$old};
361
        unset(Daemon::$config->{$old});
362
        if ($log) {
363
            Daemon::log('Config section \'' . $old . '\' -> \'' . $new . '\'');
364
        }
365
    }
366
367
    /**
368
     * Load config file
369
     * @param string Path
370
     * @return boolean Success
371
     */
372
    public function loadFile($path)
373
    {
374
        $parser = Parser::parse($path, $this);
375
        $this->onLoad();
376
        return !$parser->isErroneous();
377
    }
378
379
    /**
380
     * Called when config is loaded
381
     * @return void
382
     */
383
    protected function onLoad()
384
    {
385
        if (isset($this->minspareworkers->value) && $this->minspareworkers->value > 0
386
            && isset($this->maxspareworkers->value) && $this->maxspareworkers->value > 0
387
        ) {
388
            if ($this->minspareworkers->value > $this->maxspareworkers->value) {
389
                Daemon::log('\'minspareworkers\' (' . $this->minspareworkers->value . ')  cannot be greater than \'maxspareworkers\' (' . $this->maxspareworkers->value . ').');
390
                $this->minspareworkers->value = $this->maxspareworkers->value;
391
            }
392
        }
393
394
        if (isset($this->minworkers->value) && isset($this->maxworkers->value)) {
395
            if ($this->minworkers->value > $this->maxworkers->value) {
396
                $this->minworkers->value = $this->maxworkers->value;
397
            }
398
        }
399
    }
400
401
    /**
402
     * Get real property name
403
     * @param string Property name
404
     * @return string Real property name
405
     */
406
    public function getRealPropertyName($prop)
407
    {
408
        return str_replace('-', '', strtolower($prop));
409
    }
410
411
    /**
412
     * Checks if property exists
413
     * @param string Property name
414
     * @return boolean Exists?
415
     */
416
417
    public function offsetExists($prop)
418
    {
419
        $prop = $this->getRealPropertyName($prop);
420
        return property_exists($this, $prop);
421
    }
422
423
    /**
424
     * Get property by name
425
     * @param string Property name
426
     * @return mixed
427
     */
428
    public function offsetGet($prop)
429
    {
430
        $prop = $this->getRealPropertyName($prop);
431
        return isset($this->{$prop}) ? $this->{$prop}->value : null;
432
    }
433
434
    /**
435
     * Set property
436
     * @param string Property name
437
     * @param mixed  Value
438
     * @return void
439
     */
440
    public function offsetSet($prop, $value)
441
    {
442
        $prop = $this->getRealPropertyName($prop);
443
        $this->{$prop} = $value;
444
    }
445
446
    /**
447
     * Unset property
448
     * @param string Property name
449
     * @return void
450
     */
451
    public function offsetUnset($prop)
452
    {
453
        $prop = $this->getRealPropertyName($prop);
454
        unset($this->{$prop});
455
    }
456
457
    /**
458
     * Checks if property exists
459
     * @param string Property name
460
     * @return boolean Exists?
0 ignored issues
show
Should the return type not be array<string,string>|false?

This check compares the return type specified in the @return annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch.

Loading history...
461
     */
462
    public static function parseCfgUri($uri, $source = null)
0 ignored issues
show
The parameter $source is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
463
    {
464
        if (mb_orig_strpos($uri, '://') === false) {
465
            if (strncmp($uri, 'unix:', 5) === 0) {
466
                $e = explode(':', $uri);
467
                if (sizeof($e) === 4) {
468
                    $uri = 'unix://' . $e[1] . ':' . $e[2] . '@localhost' . $e[3];
469
                } elseif (sizeof($e) === 3) {
470
                    $uri = 'unix://' . $e[1] . '@localhost' . $e[2];
471
                } else {
472
                    $uri = 'unix://localhost' . $e[1];
473
                }
474
            } else {
475
                $uri = 'tcp://' . $uri;
476
            }
477
        }
478
        if (stripos($uri, 'unix:///') === 0) {
479
            $uri = 'unix://localhost/' . substr($uri, 8);
480
        }
481
        $zeroPortNum = false;
482
        $uri = preg_replace_callback('~:0(?:$|/)~', function () use (&$zeroPortNum) {
483
            $zeroPortNum = true;
484
            return '';
485
        }, $uri);
486
        $u = parse_url($uri);
487
        $u['host'] = trim($u['host'], '][');
488
        $u['uri'] = $uri;
489
        if ($zeroPortNum) {
490
            $u['port'] = 0;
491
        }
492
        if (!isset($u['scheme'])) {
493
            $u['scheme'] = '';
494
        }
495
        $u['params'] = [];
496
        if (!isset($u['fragment'])) {
497
            return $u;
498
        }
499
        $hash = '#' . $u['fragment'];
500
        $error = false;
501
        preg_replace_callback('~(#+)(.+?)(?=#|$)|(.+)~', function ($m) use (&$u, &$error, $uri) {
502
            if ($error) {
503
                return;
504
            }
505
            list(, $type, $value) = $m;
506
            if ($type === '#') { // standard value
507
                $e = explode('=', $value, 2);
508
                if (sizeof($e) === 2) {
509
                    list($key, $value) = $e;
510
                } else {
511
                    $key = $value;
512
                    $value = true;
513
                }
514
                $u['params'][$key] = $value;
515
            } elseif ($type === '##') { // Context name
516
                $u['params']['ctxname'] = $value;
517
            } else {
518
                Daemon::log('Malformed URI: ' . var_export($uri, true) . ', unexpected token \'' . $type . '\'');
519
                $error = true;
520
            }
521
        }, $hash);
522
        return $error ? false : $u;
523
    }
524
525
    /**
526
     * Imports parameters from command line args
527
     * @param array Settings.
528
     * @return boolean - Success.
529
     */
530
    public static function loadCmdLineArgs($settings)
531
    {
532
        $error = false;
533
534
        static $ktr = [
535
            '-' => '',
536
        ];
537
538
        foreach ($settings as $k => $v) {
539
            $k = strtolower(strtr($k, $ktr));
540
541
            if ($k === 'config') {
542
                $k = 'configfile';
543
            }
544
545
            if (($k === 'user') || ($k === 'group')) {
546
                if ($v === '') {
547
                    $v = null;
548
                }
549
            }
550
            if (isset(Daemon::$config->{$k})) {
551
                Daemon::$config->{$k}->setHumanValue($v);
552
                Daemon::$config->{$k}->source = 'cmdline';
553
            } else {
554
                Daemon::log('Unrecognized parameter \'' . $k . '\'');
555
                $error = true;
556
            }
557
        }
558
559
        return !$error;
560
    }
561
}
562