Inspection of "Vulnerability using API authorization with SQL Inj..." - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#4373)

by Nils

created 2024-09-27 14:32 UTC

Status

Spacing +10 added lines, -10 removed lines patch added patch discarded remove patch

@@ -34,7 +34,7 @@  discard block
 block discarded – undo
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
 
-require_once API_ROOT_PATH . "/Model/Database.php";
+require_once API_ROOT_PATH."/Model/Database.php";
 
 
 class AuthModel extends Database
@@ -52,7 +52,7 @@  discard block
 block discarded – undo
     public function getUserAuth(string $login, string $password, string $apikey): array
     {
         // Sanitize
-        include_once API_ROOT_PATH . '/../sources/main.functions.php';
+        include_once API_ROOT_PATH.'/../sources/main.functions.php';
         $inputData = dataSanitizer(
             [
                 'login' => isset($login) === true ? $login : '',
@@ -79,8 +79,8 @@  discard block
 block discarded – undo
             // Check if user exists
             $userInfoRes = $this->select(
                 "SELECT u.id, u.pw, u.login, u.admin, u.gestionnaire, u.can_manage_all_users, u.fonction_id, u.can_create_root_folder, u.public_key, u.private_key, u.personal_folder, u.fonction_id, u.groupes_visibles, u.groupes_interdits, a.value AS user_api_key, a.allowed_folders as user_api_allowed_folders, a.enabled, a.allowed_to_create, a.allowed_to_read, a.allowed_to_update, a.allowed_to_delete
-                FROM " . prefixTable('users') . " AS u
-                INNER JOIN " . prefixTable('api') . " AS a ON (a.user_id=u.id)
+                FROM " . prefixTable('users')." AS u
+                INNER JOIN " . prefixTable('api')." AS a ON (a.user_id=u.id)
                 WHERE login='".$inputData['login']."'");
             if (count($userInfoRes) === 0) {
                 return ["error" => "Login failed.", "info" => "apikey : Not valid"];
@@ -108,7 +108,7 @@  discard block
 block discarded – undo
                 // Update user's key_tempo
                 $keyTempo = bin2hex(random_bytes(16));
                 $this->update(
-                    "UPDATE " . prefixTable('users') . "
+                    "UPDATE ".prefixTable('users')."
                     SET key_tempo='".$keyTempo."'
                     WHERE id=".$userInfo['id']
                 );
@@ -251,7 +251,7 @@  discard block
 block discarded – undo
 
         // Get folders from the roles
         if (empty($userFunctionId) === false) {
-            $rows = $this->select("SELECT * FROM " . prefixTable('roles_values') . " WHERE role_id IN (".$userFunctionId.") AND type IN ('W', 'ND', 'NE', 'NDNE', 'R')");
+            $rows = $this->select("SELECT * FROM ".prefixTable('roles_values')." WHERE role_id IN (".$userFunctionId.") AND type IN ('W', 'ND', 'NE', 'NDNE', 'R')");
             foreach ($rows as $record) {
                 if ($record['type'] === 'R') {
                     array_push($readOnlyFolders, $record['folder_id']);
@@ -272,7 +272,7 @@  discard block
 block discarded – undo
         
         // Does this user is allowed to see other items
         $inc = 0;
-        $rows = $this->select("SELECT id, id_tree FROM " . prefixTable('items') . " WHERE restricted_to LIKE '".$userInfo['id']."'".
+        $rows = $this->select("SELECT id, id_tree FROM ".prefixTable('items')." WHERE restricted_to LIKE '".$userInfo['id']."'".
             (empty($userFunctionId) === false ? ' AND id_tree NOT IN ('.$userFunctionId.')' : ''));
         foreach ($rows as $record) {
             // Exclude restriction on item if folder is fully accessible
@@ -282,8 +282,8 @@  discard block
 block discarded – undo
 
         // Check for the users roles if some specific rights exist on items
         $rows = $this->select("SELECT i.id_tree, r.item_id
-            FROM " . prefixTable('items') . " as i
-            INNER JOIN " . prefixTable('restriction_to_roles') . " as r ON (r.item_id=i.id)
+            FROM " . prefixTable('items')." as i
+            INNER JOIN " . prefixTable('restriction_to_roles')." as r ON (r.item_id=i.id)
             WHERE ".(empty($userFunctionId) === false ? ' id_tree NOT IN ('.$userFunctionId.') AND ' : '')." i.id_tree != ''
             ORDER BY i.id_tree ASC");
         foreach ($rows as $record) {
@@ -297,7 +297,7 @@  discard block
 block discarded – undo
         // Add all personal folders
         $rows = $this->select(
             'SELECT id
-            FROM ' . prefixTable('nested_tree') . '
+            FROM ' . prefixTable('nested_tree').'
             WHERE title = '.$userInfo['id'].' AND personal_folder = 1'.
             (empty($userFunctionId) === false ? ' AND id NOT IN ('.$userFunctionId.')' : '').
             ' LIMIT 0,1'

Please login to merge, or discard this patch.

		@@ -34,7 +34,7 @@ discard block
		block discarded – undo
34	34	use Firebase\JWT\JWT;
35	35	use Firebase\JWT\Key;
36	36
37		-require_once API_ROOT_PATH . "/Model/Database.php";
	37	+require_once API_ROOT_PATH."/Model/Database.php";
38	38
39	39
40	40	class AuthModel extends Database
		@@ -52,7 +52,7 @@ discard block
		block discarded – undo
52	52	public function getUserAuth(string $login, string $password, string $apikey): array
53	53	{
54	54	// Sanitize
55		- include_once API_ROOT_PATH . '/../sources/main.functions.php';
	55	+ include_once API_ROOT_PATH.'/../sources/main.functions.php';
56	56	$inputData = dataSanitizer(
57	57	[
58	58	'login' => isset($login) === true ? $login : '',
		@@ -79,8 +79,8 @@ discard block
		block discarded – undo
79	79	// Check if user exists
80	80	$userInfoRes = $this->select(
81	81	"SELECT u.id, u.pw, u.login, u.admin, u.gestionnaire, u.can_manage_all_users, u.fonction_id, u.can_create_root_folder, u.public_key, u.private_key, u.personal_folder, u.fonction_id, u.groupes_visibles, u.groupes_interdits, a.value AS user_api_key, a.allowed_folders as user_api_allowed_folders, a.enabled, a.allowed_to_create, a.allowed_to_read, a.allowed_to_update, a.allowed_to_delete
82		- FROM " . prefixTable('users') . " AS u
83		- INNER JOIN " . prefixTable('api') . " AS a ON (a.user_id=u.id)
	82	+ FROM " . prefixTable('users')." AS u
	83	+ INNER JOIN " . prefixTable('api')." AS a ON (a.user_id=u.id)
84	84	WHERE login='".$inputData['login']."'");
85	85	if (count($userInfoRes) === 0) {
86	86	return ["error" => "Login failed.", "info" => "apikey : Not valid"];
		@@ -108,7 +108,7 @@ discard block
		block discarded – undo
108	108	// Update user's key_tempo
109	109	$keyTempo = bin2hex(random_bytes(16));
110	110	$this->update(
111		- "UPDATE " . prefixTable('users') . "
	111	+ "UPDATE ".prefixTable('users')."
112	112	SET key_tempo='".$keyTempo."'
113	113	WHERE id=".$userInfo['id']
114	114	);
		@@ -251,7 +251,7 @@ discard block
		block discarded – undo
251	251
252	252	// Get folders from the roles
253	253	if (empty($userFunctionId) === false) {
254		- $rows = $this->select("SELECT * FROM " . prefixTable('roles_values') . " WHERE role_id IN (".$userFunctionId.") AND type IN ('W', 'ND', 'NE', 'NDNE', 'R')");
	254	+ $rows = $this->select("SELECT * FROM ".prefixTable('roles_values')." WHERE role_id IN (".$userFunctionId.") AND type IN ('W', 'ND', 'NE', 'NDNE', 'R')");
255	255	foreach ($rows as $record) {
256	256	if ($record['type'] === 'R') {
257	257	array_push($readOnlyFolders, $record['folder_id']);
		@@ -272,7 +272,7 @@ discard block
		block discarded – undo
272	272
273	273	// Does this user is allowed to see other items
274	274	$inc = 0;
275		- $rows = $this->select("SELECT id, id_tree FROM " . prefixTable('items') . " WHERE restricted_to LIKE '".$userInfo['id']."'".
	275	+ $rows = $this->select("SELECT id, id_tree FROM ".prefixTable('items')." WHERE restricted_to LIKE '".$userInfo['id']."'".
276	276	(empty($userFunctionId) === false ? ' AND id_tree NOT IN ('.$userFunctionId.')' : ''));
277	277	foreach ($rows as $record) {
278	278	// Exclude restriction on item if folder is fully accessible
		@@ -282,8 +282,8 @@ discard block
		block discarded – undo
282	282
283	283	// Check for the users roles if some specific rights exist on items
284	284	$rows = $this->select("SELECT i.id_tree, r.item_id
285		- FROM " . prefixTable('items') . " as i
286		- INNER JOIN " . prefixTable('restriction_to_roles') . " as r ON (r.item_id=i.id)
	285	+ FROM " . prefixTable('items')." as i
	286	+ INNER JOIN " . prefixTable('restriction_to_roles')." as r ON (r.item_id=i.id)
287	287	WHERE ".(empty($userFunctionId) === false ? ' id_tree NOT IN ('.$userFunctionId.') AND ' : '')." i.id_tree != ''
288	288	ORDER BY i.id_tree ASC");
289	289	foreach ($rows as $record) {
		@@ -297,7 +297,7 @@ discard block
		block discarded – undo
297	297	// Add all personal folders
298	298	$rows = $this->select(
299	299	'SELECT id
300		- FROM ' . prefixTable('nested_tree') . '
	300	+ FROM ' . prefixTable('nested_tree').'
301	301	WHERE title = '.$userInfo['id'].' AND personal_folder = 1'.
302	302	(empty($userFunctionId) === false ? ' AND id NOT IN ('.$userFunctionId.')' : '').
303	303	' LIMIT 0,1'

nilsteampassnet / TeamPass

Pull Request — master (#4373)

Status

Category

Spacing +10 added lines, -10 removed lines patch added patch discarded remove patch