View GitHub Repository phpsa

Schedule Inspection
Subscribe
Completed
Pull Request — master (#273)
by Enrico
11:06
created

SleepUsage::pass()   A

↳ Parent: SleepUsage

Complexity

Conditions 3
Paths 2

Size

Total Lines 15
Code Lines 9

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 9
CRAP Score 3

Importance

Changes 1
Bugs 0 Features 0
Metric Value
cc 3
eloc 9
nc 2
nop 2
dl 0
loc 15
ccs 9
cts 9
cp 1
crap 3
rs 9.4285
c 1
b 0
f 0
1 
<?php
2 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    3
                

                                    
                                                    
                
                
                
namespace PHPSA\Analyzer\Pass\Expression\FunctionCall;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    4
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    5
                

                                    
                                                    
                
                
                
use PhpParser\Node\Expr\FuncCall;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    6
                

                                    
                                                    
                
                
                
use PHPSA\Context;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    7
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    8
                

                                    
                                                    
                
                
                
class SleepUsage extends AbstractFunctionCallAnalyzer

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    9
                

                                    
                                                    
                
                
                
{

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    10
                

                                    
                                                    
                
                
                
    const DESCRIPTION = 'Checks for use of different sleep functions which can lead to a DoS vulnerability.';

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    12
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                
     * @var array different sleep functions

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    14
                

                                    
                                                    
                
                
                
     */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    15
                

                                    
                                                    
                
                
                
    protected $map = [

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                
        'sleep' => 'sleep',

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    17
                

                                    
                                                    
                
                
                
        'usleep' => 'usleep',

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    18
                

                                    
                                                    
                
                
                
        'time_nanosleep' => 'time_nanosleep',

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    19
                

                                    
                                                    
                
                
                
        'time_sleep_until' => 'time_sleep_until'

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    20
                

                                    
                                                    
                
                
                
    ];

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    22
                

                                    
                             1                         
                
                
                
    public function pass(FuncCall $funcCall, Context $context)

            


            
                                                        
            
                                    
            
            

                
                    23
                

                                    
                                                    
                
                
                
    {

            


            
                                                        
            
                                    
            
            

                
                    24
                

                                    
                             1                         
                
                
                
        $functionName = $this->resolveFunctionName($funcCall, $context);

            


            
                                                        
            
                                    
            
            

                
                    25
                

                                    
                             1                         
                
                
                
        if (!$functionName || !isset($this->map[$functionName])) {

            


            
                                                        
            
                                    
            
            

                
                    26
                

                                    
                             1                         
                
                
                
            return false;

            


            
                                                        
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                
        }

            


            
                                                        
            
                                    
            
            

                
                    28
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    29
                

                                    
                             1                         
                
                
                
        $context->notice(

            


            
                                                        
            
                                    
            
            

                
                    30
                

                                    
                             1                         
                
                
                
            'sleep.usage',

            


            
                                                        
            
                                    
            
            

                
                    31
                

                                    
                             1                         
                
                
                
            sprintf('Function %s() can cause a denial of service vulnerability.', $functionName),

            


            
                                                        
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                
            $funcCall

            


            
                                                        
            
                                    
            
            

                
                    33
                

                                    
                             1                         
                
                
                
        );

            


            
                                                        
            
                                    
            
            

                
                    34
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    35
                

                                    
                             1                         
                
                
                
        return true;

            


            
                                                        
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                
    }

            


            
                                                        
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                
}

            


            
                                                        
            
                                    
            
            

                
                    38