Issues in Security.php (master) - Issues in master - las93/venus3 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (190)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

bundles/core/Security.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * The security of app
 *
 * @category  core
 * @author    Judicaël Paquet <[email protected]>
 * @copyright Copyright (c) 2005-2013 RueDuCommerce.com FR Inc. (http://www.rueducommerce.com)
 * @license   http://www.rueducommerce.com Tout droit réservé à Rueducommerce.com
 * @filesource
 * @link      http://www.rueducommerce.com
 * @since     1.0rc1
 */

namespace Venus\core;

use \Venus\core\Config as Config;
use \Venus\lib\Request as Request;

/**
 * This class manage the security
 *
 * @category  core
 * @author    Judicaël Paquet <[email protected]>
 * @copyright Copyright (c) 2005-2013 RueDuCommerce.com FR Inc. (http://www.rueducommerce.com)
 * @license   http://www.rueducommerce.com Tout droit réservé à Rueducommerce.com
 * @version   3.0.0
 * @link      http://www.rueducommerce.com
 * @since     1.0rc1
 */

class Security {

	/**
	 * The base Uri to construct the route
	 *
	 * @access private
	 * @var    string
	 */

	private $_sBaseUri = '';

	/**
	 * Actual user
	 *
	 * @access private
	 * @var    string
	 */

	private static $_sLogin = '';

	/**
	 * Actual user
	 *
	 * @access private
	 * @var    string
	 */

	private static $_sPassword = '';

	/**
	 * check security of access
	 *
	 * @access public
	 * @return null|boolean
	 */

	public function checkSecurity() {

		foreach (Config::get('Route') as $sHost => $oHost) {


			if ((!strstr($sHost, '/') && $sHost == $_SERVER['HTTP_HOST'])
				|| (strstr($sHost, '/') && strstr($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], $sHost))) {

				if (strstr($sHost, '/') && strstr($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], $sHost)) {


					$this->_sBaseUri = preg_replace('#^[^/]+#', '', $sHost);
				}

				if (isset($oSecurity->firewall)) { $oSecurity = $oHost->firewall; }
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
			}
		}

		if (isset($oSecurity)) {

			if (isset($oSecurity->authentification) && $oSecurity->authentification === 'http_basic') {

				if (!isset($_SERVER['PHP_AUTH_USER'])) {

					if (!isset($oSecurity->realm)) { $oSecurity->realm = 'Access'; }
					if (!isset($oSecurity->cancelled)) { $oSecurity->cancelled = 'Cancelled'; }

					header('WWW-Authenticate: Basic realm="'.$oSecurity->realm.'"');
					header('HTTP/1.0 401 Unauthorized');
					echo $oSecurity->cancelled;
					exit;
				} else {

					self::$_sLogin = $_SERVER['PHP_AUTH_USER'];
					self::$_sPassword = $_SERVER['PHP_AUTH_PW'];

					if (!$this->_checkPasswordIsGood()) { return false; }
					if (!$this->_checkAccess()) { return false; }
					if (!$this->_checkBlackListIps()) { return false; }
				}
			}
			else if (isset($oSecurity->authentification) && $oSecurity->authentification === 'http_basic_validate_by_controller') {

				if (!isset($_SERVER['PHP_AUTH_USER'])) {

					if (!isset($oSecurity->realm)) { $oSecurity->realm = 'Access'; }
					if (!isset($oSecurity->cancelled)) { $oSecurity->cancelled = 'Cancelled'; }

					header('WWW-Authenticate: Basic realm="'.$oSecurity->realm.'"');
					header('HTTP/1.0 401 Unauthorized');
					echo $oSecurity->cancelled;
					exit;
				} else {

					self::$_sLogin = $_SERVER['PHP_AUTH_USER'];
					self::$_sPassword = $_SERVER['PHP_AUTH_PW'];

					$sControllerName = $oSecurity->controller;
					$sActionName = $oSecurity->action;

					$oController = new $sControllerName;

					if (!$oController->$sActionName(self::$_sLogin, self::$_sPassword)) { return false; }
					if (!$this->_checkAccess()) { return false; }
					if (!$this->_checkBlackListIps()) { return false; }
				}
			} else if (isset($oSecurity->authentification) && $oSecurity->authentification === 'controller') {

				// it's an action of one controller that it return true or false for the authentification

				$sControllerName = $oSecurity->controller;
				$sActionName = $oSecurity->action;

				$oController = new $sControllerName;

				if (!$oController->$sActionName) { return false; }
				if (!$this->_checkAccess()) { return false; }
				if (!$this->_checkBlackListIps()) { return false; }
			}

			if (isset($oSecurity->ips) && !in_array($_SERVER['REMOTE_ADDR'], $oSecurity->ips)) { return false; }

			if (isset($oSecurity->requires_channel) && $oSecurity->requires_channel == 'https' && !Request::isHttpsRequest()) {

				return false;
			} else if (isset($oSecurity->requires_channel) && $oSecurity->requires_channel == 'http' && ((Request::isHttpRequest()
				&& Request::isHttpsRequest()) || !Request::isHttpRequest())) {

				return false;
			}
		}

		return true;
	}

	/**
	 * check access
	 *
	 * @access private
	 * @return bool
	 */

	private function _checkAccess() : bool {

		$oSecurity = Config::get('Security');
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();

		if (isset($oSecurity->access)) {

			foreach ($oSecurity->access as $sPathAccess => $aParams) {

				if (preg_match('#'.$sPathAccess.'#', str_replace($this->_sBaseUri, '', $_SERVER['REQUEST_URI']))) {

					if (in_array($this->getUserRole(), $aParams->roles)) { return true; } else { return false; }
				}
			}
		}

		return true;
	}

	/**
	 * check if the ips is not in the blacklist
	 *
	 * @access private
	 * @return bool
	 */

	private function _checkBlackListIps() : bool {

		$oSecurity = Config::get('Security');
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();

		if (isset($oSecurity->blacklist_ips)) {

			foreach ($oSecurity->blacklist_ips as $sIp) {

				if ($_SERVER['REMOTE_ADDR'] == $sIp) { return false; }
			}
		}

		return true;
	}

	/**
	 * check if the password is good
	 *
	 * @access private
	 * @return bool
	 */

	private function _checkPasswordIsGood() : bool {

		$sLogin = self::$_sLogin;
		$sPassword = Config::get('Security')->users->$sLogin->password;

		if ($sPassword == self::$_sPassword) { return true; }
		else if ($sPassword == md5(self::$_sPassword)) { return true; }
		else { return false; }
	}

	/**
	 * get the user roles
	 *
	 * @access public
	 * @return string
	 */

	public function getUserRole() : string {

		if (self::$_sLogin) {

			$sLogin = self::$_sLogin;
			return Config::get('Security')->users->$sLogin->roles;
		} else {

			return '';
		}
	}


	/**
	 * get the user roles
	 *
	 * @access public
	 * @param  string $sRole role to test
	 * @return bool
	 */

	public function isGranted(string $sRole) : bool {

		if ($sRole == $this->getUserRole() || $this->getUserRole() == '') { return true; } else { return false; }
	}

	/**
	 * set base uri
	 *
	 * @access public
	 * @param  string $sBaseUri
	 * @return \Venus\core\Security
	 */

	public function setBaseUri($sBaseUri) {

		$this->_sBaseUri = $sBaseUri;
	}
}


Issues (190)

Security Analysis not enabled

bundles/core/Security.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1		<?php
2
3		/**
4		* The security of app
5		*
6		* @category core
7		* @author Judicaël Paquet <[email protected]>
8		* @copyright Copyright (c) 2005-2013 RueDuCommerce.com FR Inc. (http://www.rueducommerce.com)
9		* @license http://www.rueducommerce.com Tout droit réservé à Rueducommerce.com
10		* @filesource
11		* @link http://www.rueducommerce.com
12		* @since 1.0rc1
13		*/
14
15		namespace Venus\core;
16
17		use \Venus\core\Config as Config;
18		use \Venus\lib\Request as Request;
19
20		/**
21		* This class manage the security
22		*
23		* @category core
24		* @author Judicaël Paquet <[email protected]>
25		* @copyright Copyright (c) 2005-2013 RueDuCommerce.com FR Inc. (http://www.rueducommerce.com)
26		* @license http://www.rueducommerce.com Tout droit réservé à Rueducommerce.com
27		* @version 3.0.0
28		* @link http://www.rueducommerce.com
29		* @since 1.0rc1
30		*/
31
32		class Security {
33
34		/**
35		* The base Uri to construct the route
36		*
37		* @access private
38		* @var string
39		*/
40
41		private $_sBaseUri = '';
42
43		/**
44		* Actual user
45		*
46		* @access private
47		* @var string
48		*/
49
50		private static $_sLogin = '';
51
52		/**
53		* Actual user
54		*
55		* @access private
56		* @var string
57		*/
58
59		private static $_sPassword = '';
60
61		/**
62		* check security of access
63		*
64		* @access public
65		* @return null\|boolean
66		*/
67
68		public function checkSecurity() {
69
70		foreach (Config::get('Route') as $sHost => $oHost) {
		0 ignored issues – show Bug introduced 2016-09-08 12:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `\Venus\core\Config::get('Route')` of type `null` is not traversable. Loading history...
71
72		if ((!strstr($sHost, '/') && $sHost == $_SERVER['HTTP_HOST'])
73		\|\| (strstr($sHost, '/') && strstr($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], $sHost))) {
74
75	View Code Duplication	if (strstr($sHost, '/') && strstr($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], $sHost)) {
		0 ignored issues – show Duplication introduced 2016-09-08 12:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
76
77		$this->_sBaseUri = preg_replace('#^[^/]+#', '', $sHost);
78		}
79
80		if (isset($oSecurity->firewall)) { $oSecurity = $oHost->firewall; }
		0 ignored issues – show Bug introduced 2016-09-08 12:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$oSecurity` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
81		}
82		}
83
84		if (isset($oSecurity)) {
85
86		if (isset($oSecurity->authentification) && $oSecurity->authentification === 'http_basic') {
87
88		if (!isset($_SERVER['PHP_AUTH_USER'])) {
89
90		if (!isset($oSecurity->realm)) { $oSecurity->realm = 'Access'; }
91		if (!isset($oSecurity->cancelled)) { $oSecurity->cancelled = 'Cancelled'; }
92
93		header('WWW-Authenticate: Basic realm="'.$oSecurity->realm.'"');
94		header('HTTP/1.0 401 Unauthorized');
95		echo $oSecurity->cancelled;
96		exit;
97		} else {
98
99		self::$_sLogin = $_SERVER['PHP_AUTH_USER'];
100		self::$_sPassword = $_SERVER['PHP_AUTH_PW'];
101
102		if (!$this->_checkPasswordIsGood()) { return false; }
103		if (!$this->_checkAccess()) { return false; }
104		if (!$this->_checkBlackListIps()) { return false; }
105		}
106		}
107		else if (isset($oSecurity->authentification) && $oSecurity->authentification === 'http_basic_validate_by_controller') {
108
109		if (!isset($_SERVER['PHP_AUTH_USER'])) {
110
111		if (!isset($oSecurity->realm)) { $oSecurity->realm = 'Access'; }
112		if (!isset($oSecurity->cancelled)) { $oSecurity->cancelled = 'Cancelled'; }
113
114		header('WWW-Authenticate: Basic realm="'.$oSecurity->realm.'"');
115		header('HTTP/1.0 401 Unauthorized');
116		echo $oSecurity->cancelled;
117		exit;
118		} else {
119
120		self::$_sLogin = $_SERVER['PHP_AUTH_USER'];
121		self::$_sPassword = $_SERVER['PHP_AUTH_PW'];
122
123		$sControllerName = $oSecurity->controller;
124		$sActionName = $oSecurity->action;
125
126		$oController = new $sControllerName;
127
128		if (!$oController->$sActionName(self::$_sLogin, self::$_sPassword)) { return false; }
129		if (!$this->_checkAccess()) { return false; }
130		if (!$this->_checkBlackListIps()) { return false; }
131		}
132		} else if (isset($oSecurity->authentification) && $oSecurity->authentification === 'controller') {
133
134		// it's an action of one controller that it return true or false for the authentification
135
136		$sControllerName = $oSecurity->controller;
137		$sActionName = $oSecurity->action;
138
139		$oController = new $sControllerName;
140
141		if (!$oController->$sActionName) { return false; }
142		if (!$this->_checkAccess()) { return false; }
143		if (!$this->_checkBlackListIps()) { return false; }
144		}
145
146		if (isset($oSecurity->ips) && !in_array($_SERVER['REMOTE_ADDR'], $oSecurity->ips)) { return false; }
147
148		if (isset($oSecurity->requires_channel) && $oSecurity->requires_channel == 'https' && !Request::isHttpsRequest()) {
149
150		return false;
151		} else if (isset($oSecurity->requires_channel) && $oSecurity->requires_channel == 'http' && ((Request::isHttpRequest()
152		&& Request::isHttpsRequest()) \|\| !Request::isHttpRequest())) {
153
154		return false;
155		}
156		}
157
158		return true;
159		}
160
161		/**
162		* check access
163		*
164		* @access private
165		* @return bool
166		*/
167
168		private function _checkAccess() : bool {
169
170		$oSecurity = Config::get('Security');
		0 ignored issues – show Bug introduced 2016-09-08 12:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$oSecurity` is correct as `\Venus\core\Config::get('Security')` (which targets `Venus\core\Config::get()`) seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
171
172		if (isset($oSecurity->access)) {
173
174		foreach ($oSecurity->access as $sPathAccess => $aParams) {
175
176		if (preg_match('#'.$sPathAccess.'#', str_replace($this->_sBaseUri, '', $_SERVER['REQUEST_URI']))) {
177
178		if (in_array($this->getUserRole(), $aParams->roles)) { return true; } else { return false; }
179		}
180		}
181		}
182
183		return true;
184		}
185
186		/**
187		* check if the ips is not in the blacklist
188		*
189		* @access private
190		* @return bool
191		*/
192
193		private function _checkBlackListIps() : bool {
194
195		$oSecurity = Config::get('Security');
		0 ignored issues – show Bug introduced 2016-09-08 12:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$oSecurity` is correct as `\Venus\core\Config::get('Security')` (which targets `Venus\core\Config::get()`) seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
196
197		if (isset($oSecurity->blacklist_ips)) {
198
199		foreach ($oSecurity->blacklist_ips as $sIp) {
200
201		if ($_SERVER['REMOTE_ADDR'] == $sIp) { return false; }
202		}
203		}
204
205		return true;
206		}
207
208		/**
209		* check if the password is good
210		*
211		* @access private
212		* @return bool
213		*/
214
215		private function _checkPasswordIsGood() : bool {
216
217		$sLogin = self::$_sLogin;
218		$sPassword = Config::get('Security')->users->$sLogin->password;
219
220		if ($sPassword == self::$_sPassword) { return true; }
221		else if ($sPassword == md5(self::$_sPassword)) { return true; }
222		else { return false; }
223		}
224
225		/**
226		* get the user roles
227		*
228		* @access public
229		* @return string
230		*/
231
232		public function getUserRole() : string {
233
234		if (self::$_sLogin) {
235
236		$sLogin = self::$_sLogin;
237		return Config::get('Security')->users->$sLogin->roles;
238		} else {
239
240		return '';
241		}
242		}
243
244
245		/**
246		* get the user roles
247		*
248		* @access public
249		* @param string $sRole role to test
250		* @return bool
251		*/
252
253		public function isGranted(string $sRole) : bool {
254
255		if ($sRole == $this->getUserRole() \|\| $this->getUserRole() == '') { return true; } else { return false; }
256		}
257
258		/**
259		* set base uri
260		*
261		* @access public
262		* @param string $sBaseUri
263		* @return \Venus\core\Security
264		*/
265
266		public function setBaseUri($sBaseUri) {
267
268		$this->_sBaseUri = $sBaseUri;
269		}
270		}
271

las93 / venus3

Issues (190)

Security Analysis not enabled

bundles/core/Security.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like