Issues in Ftp.php (master) - Issues in master - linpax/microphp-framework - Measure and Improve Code Quality continuously with Scrutinizer

Issues (243)

Security Analysis 2 potential vulnerabilities

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection (2)

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/web/Ftp.php (4 issues)

Labels

Duplication 4

Severity

Informational 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php /** MicroFTP */

namespace Micro\Web;

/**
 * Simple FTP Class
 *
 * @author Shay Anderson 05.11
 * @link shayanderson.com
 * @license http://www.gnu.org/licenses/gpl.html GPL License
 * @package Micro
 * @subpackage Web
 * @version 1.0
 * @since 1.0
 * @final
 */
final class Ftp
{
    /**
     * Last error
     *
     * @var string $error
     */
    public $error;
    /**
     * FTP passive mode flag
     *
     * @var bool $passive
     */
    public $passive = false;
    /**
     * SSL-FTP connection flag
     *
     * @var bool $ssl
     */
    public $ssl = false;
    /**
     * System type of FTP server
     *
     * @var string $system_type
     */
    public $system_type;
    /**
     * FTP host
     *
     * @var string $_host
     */
    private $_host;
    /**
     * FTP port
     *
     * @var int $_port
     */
    private $_port = 21;
    /**
     * FTP password
     *
     * @var string $_pwd
     */
    private $_pwd;
    /**
     * FTP stream
     *
     * @var resource $_id
     */
    private $_stream;
    /**
     * FTP timeout
     *
     * @var int $_timeout
     */
    private $_timeout = 90;
    /**
     * FTP user
     *
     * @var string $_user
     */
    private $_user;

    /**
     * Initialize connection params
     *
     * @access public
     *
     * @param array $params
     *
     * @result void
     */
    public function __construct(array $params = [])
    {
        $this->_host = $params['host'] ?: null;
        $this->_user = $params['user'] ?: null;
        $this->_pwd = $params['password'] ?: null;
        $this->_port = (int)$params['port'] ?: 21;
        $this->_timeout = (int)$params['timeout'] ?: 90;
    }

    /**
     * Auto close connection
     */
    public function __destruct()
    {
        $this->close();
    }

    /**
     * Close FTP connection
     */
    public function close()
    {
        // check for valid FTP stream
        if ($this->_stream) {
            // close FTP connection
            \ftp_close($this->_stream);

            // reset stream
            $this->_stream = null;
        }
    }

    /**
     * Change current directory on FTP server
     *
     * @param string $directory
     *
     * @return bool
     */
    public function cd($directory = null)
    {
        if (\ftp_chdir($this->_stream, $directory)) {
            return true;
        }

        $this->error = "Failed to change directory to \"{$directory}\"";

        return false;
    }

    /**
     * Set file permissions
     *
     * @param int $permissions (ex: 0644)
     * @param string $remote_file
     *
     * @return false
     */
    public function chmod($permissions = 0, $remote_file = null)
    {
        if (\ftp_chmod($this->_stream, $permissions, $remote_file)) {
            return true;
        }

        $this->error = 'Failed to set file permissions for "'.$remote_file.'"';

        return false;
    }

    /**
     * Connect to FTP server
     *
     * @return bool
     */
    public function connect()
    {
        $func = $this->ssl ? 'ftp_ssl_connect' : 'ftp_connect';
        $this->_stream = $func($this->_host, $this->_port, $this->_timeout);

        if (!$this->_stream) {
            $this->error = 'Failed to connect '.$this->_host.'.';

            return false;
        }

        if (\ftp_login($this->_stream, $this->_user, $this->_pwd)) {
            \ftp_pasv($this->_stream, (bool)$this->passive);

            $this->system_type = \ftp_systype($this->_stream);

            return true;
        }

        $this->error = 'Failed to connect to '.$this->_host.' (login failed)';

        return false;
    }

    /**
     * Delete file on FTP server
     *
     * @param string $remote_file
     *
     * @return bool
     */
    public function delete($remote_file = null)
    {
        if (\ftp_delete($this->_stream, $remote_file)) {
            return true;
        }

        $this->error = 'Failed to delete file "'.$remote_file.'"';

        return false;
    }

    /**
     * Download file from server
     *
     * @param string $remote_file
     * @param string $local_file
     * @param int $mode
     *
     * @return bool
     */
    public function get($remote_file = null, $local_file = null, $mode = FTP_ASCII)

    {
        if (\ftp_get($this->_stream, $local_file, $remote_file, $mode)) {
            return true;
        }

        $this->error = 'Failed to download file "'.$remote_file.'"';

        return false;
    }

    /**
     * Get list of files/directories in directory
     *
     * @param string $directory
     *
     * @return array
     */
    public function ls($directory = null)
    {
        if ($list = \ftp_nlist($this->_stream, $directory)) {
            return $list;
        }

        $this->error = 'Failed to get directory list';

        return [];
    }

    /**
     * Create directory on FTP server
     *
     * @param string $directory
     *
     * @return bool
     */
    public function mkdir($directory = null)

    {
        if (\ftp_mkdir($this->_stream, $directory)) {
            return true;
        }

        $this->error = 'Failed to create directory "'.$directory.'"';

        return false;
    }

    /**
     * Upload file to server
     *
     * @param string $local_file
     * @param string $remote_file
     * @param int $mode
     *
     * @return bool
     */
    public function put($local_file = null, $remote_file = null, $mode = FTP_ASCII)

    {
        if (\ftp_put($this->_stream, $remote_file, $local_file, $mode)) {
            return true;
        }

        $this->error = 'Failed to upload file "'.$local_file.'"';

        return false;
    }

    /**
     * Get current directory
     *
     * @return string
     */
    public function pwd()
    {
        return \ftp_pwd($this->_stream);
    }

    /**
     * Rename file on FTP server
     *
     * @param string $old_name
     * @param string $new_name
     *
     * @return bool
     */
    public function rename($old_name = null, $new_name = null)
    {
        if (\ftp_rename($this->_stream, $old_name, $new_name)) {
            return true;
        }

        $this->error = 'Failed to rename file "'.$old_name.'"';

        return false;
    }

    /**
     * Remove directory on FTP server
     *
     * @param string $directory
     *
     * @return bool
     */
    public function rmdir($directory = null)

    {
        if (\ftp_rmdir($this->_stream, $directory)) {
            return true;
        }

        $this->error = 'Failed to remove directory "'.$directory.'"';

        return false;
    }
}


1		<?php /** MicroFTP */
2
3		namespace Micro\Web;
4
5		/**
6		* Simple FTP Class
7		*
8		* @author Shay Anderson 05.11
9		* @link shayanderson.com
10		* @license http://www.gnu.org/licenses/gpl.html GPL License
11		* @package Micro
12		* @subpackage Web
13		* @version 1.0
14		* @since 1.0
15		* @final
16		*/
17		final class Ftp
18		{
19		/**
20		* Last error
21		*
22		* @var string $error
23		*/
24		public $error;
25		/**
26		* FTP passive mode flag
27		*
28		* @var bool $passive
29		*/
30		public $passive = false;
31		/**
32		* SSL-FTP connection flag
33		*
34		* @var bool $ssl
35		*/
36		public $ssl = false;
37		/**
38		* System type of FTP server
39		*
40		* @var string $system_type
41		*/
42		public $system_type;
43		/**
44		* FTP host
45		*
46		* @var string $_host
47		*/
48		private $_host;
49		/**
50		* FTP port
51		*
52		* @var int $_port
53		*/
54		private $_port = 21;
55		/**
56		* FTP password
57		*
58		* @var string $_pwd
59		*/
60		private $_pwd;
61		/**
62		* FTP stream
63		*
64		* @var resource $_id
65		*/
66		private $_stream;
67		/**
68		* FTP timeout
69		*
70		* @var int $_timeout
71		*/
72		private $_timeout = 90;
73		/**
74		* FTP user
75		*
76		* @var string $_user
77		*/
78		private $_user;
79
80		/**
81		* Initialize connection params
82		*
83		* @access public
84		*
85		* @param array $params
86		*
87		* @result void
88		*/
89		public function __construct(array $params = [])
90		{
91		$this->_host = $params['host'] ?: null;
92		$this->_user = $params['user'] ?: null;
93		$this->_pwd = $params['password'] ?: null;
94		$this->_port = (int)$params['port'] ?: 21;
95		$this->_timeout = (int)$params['timeout'] ?: 90;
96		}
97
98		/**
99		* Auto close connection
100		*/
101		public function __destruct()
102		{
103		$this->close();
104		}
105
106		/**
107		* Close FTP connection
108		*/
109		public function close()
110		{
111		// check for valid FTP stream
112		if ($this->_stream) {
113		// close FTP connection
114		\ftp_close($this->_stream);
115
116		// reset stream
117		$this->_stream = null;
118		}
119		}
120
121		/**
122		* Change current directory on FTP server
123		*
124		* @param string $directory
125		*
126		* @return bool
127		*/
128		public function cd($directory = null)
129		{
130		if (\ftp_chdir($this->_stream, $directory)) {
131		return true;
132		}
133
134		$this->error = "Failed to change directory to \"{$directory}\"";
135
136		return false;
137		}
138
139		/**
140		* Set file permissions
141		*
142		* @param int $permissions (ex: 0644)
143		* @param string $remote_file
144		*
145		* @return false
146		*/
147		public function chmod($permissions = 0, $remote_file = null)
148		{
149		if (\ftp_chmod($this->_stream, $permissions, $remote_file)) {
150		return true;
151		}
152
153		$this->error = 'Failed to set file permissions for "'.$remote_file.'"';
154
155		return false;
156		}
157
158		/**
159		* Connect to FTP server
160		*
161		* @return bool
162		*/
163		public function connect()
164		{
165		$func = $this->ssl ? 'ftp_ssl_connect' : 'ftp_connect';
166		$this->_stream = $func($this->_host, $this->_port, $this->_timeout);
167
168		if (!$this->_stream) {
169		$this->error = 'Failed to connect '.$this->_host.'.';
170
171		return false;
172		}
173
174		if (\ftp_login($this->_stream, $this->_user, $this->_pwd)) {
175		\ftp_pasv($this->_stream, (bool)$this->passive);
176
177		$this->system_type = \ftp_systype($this->_stream);
178
179		return true;
180		}
181
182		$this->error = 'Failed to connect to '.$this->_host.' (login failed)';
183
184		return false;
185		}
186
187		/**
188		* Delete file on FTP server
189		*
190		* @param string $remote_file
191		*
192		* @return bool
193		*/
194		public function delete($remote_file = null)
195		{
196		if (\ftp_delete($this->_stream, $remote_file)) {
197		return true;
198		}
199
200		$this->error = 'Failed to delete file "'.$remote_file.'"';
201
202		return false;
203		}
204
205		/**
206		* Download file from server
207		*
208		* @param string $remote_file
209		* @param string $local_file
210		* @param int $mode
211		*
212		* @return bool
213		*/
214	View Code Duplication	public function get($remote_file = null, $local_file = null, $mode = FTP_ASCII)
		0 ignored issues – show Duplication introduced 2016-03-10 20:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
215		{
216		if (\ftp_get($this->_stream, $local_file, $remote_file, $mode)) {
217		return true;
218		}
219
220		$this->error = 'Failed to download file "'.$remote_file.'"';
221
222		return false;
223		}
224
225		/**
226		* Get list of files/directories in directory
227		*
228		* @param string $directory
229		*
230		* @return array
231		*/
232		public function ls($directory = null)
233		{
234		if ($list = \ftp_nlist($this->_stream, $directory)) {
235		return $list;
236		}
237
238		$this->error = 'Failed to get directory list';
239
240		return [];
241		}
242
243		/**
244		* Create directory on FTP server
245		*
246		* @param string $directory
247		*
248		* @return bool
249		*/
250	View Code Duplication	public function mkdir($directory = null)
		0 ignored issues – show Duplication introduced 2016-03-10 20:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
251		{
252		if (\ftp_mkdir($this->_stream, $directory)) {
253		return true;
254		}
255
256		$this->error = 'Failed to create directory "'.$directory.'"';
257
258		return false;
259		}
260
261		/**
262		* Upload file to server
263		*
264		* @param string $local_file
265		* @param string $remote_file
266		* @param int $mode
267		*
268		* @return bool
269		*/
270	View Code Duplication	public function put($local_file = null, $remote_file = null, $mode = FTP_ASCII)
		0 ignored issues – show Duplication introduced 2016-03-10 20:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
271		{
272		if (\ftp_put($this->_stream, $remote_file, $local_file, $mode)) {
273		return true;
274		}
275
276		$this->error = 'Failed to upload file "'.$local_file.'"';
277
278		return false;
279		}
280
281		/**
282		* Get current directory
283		*
284		* @return string
285		*/
286		public function pwd()
287		{
288		return \ftp_pwd($this->_stream);
289		}
290
291		/**
292		* Rename file on FTP server
293		*
294		* @param string $old_name
295		* @param string $new_name
296		*
297		* @return bool
298		*/
299		public function rename($old_name = null, $new_name = null)
300		{
301		if (\ftp_rename($this->_stream, $old_name, $new_name)) {
302		return true;
303		}
304
305		$this->error = 'Failed to rename file "'.$old_name.'"';
306
307		return false;
308		}
309
310		/**
311		* Remove directory on FTP server
312		*
313		* @param string $directory
314		*
315		* @return bool
316		*/
317	View Code Duplication	public function rmdir($directory = null)
		0 ignored issues – show Duplication introduced 2016-03-10 20:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
318		{
319		if (\ftp_rmdir($this->_stream, $directory)) {
320		return true;
321		}
322
323		$this->error = 'Failed to remove directory "'.$directory.'"';
324
325		return false;
326		}
327		}
328

linpax / microphp-framework

Issues (243)

Security Analysis 2 potential vulnerabilities

src/web/Ftp.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like