Issues in functions.php (master) - Issues in master - peter-gribanov/sphinx-php-client - Measure and Improve Code Quality continuously with Scrutinizer

Issues (6)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/functions.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * $Id$
 */

/**
 * Copyright (c) 2001-2015, Andrew Aksyonoff
 * Copyright (c) 2008-2015, Sphinx Technologies Inc
 * All rights reserved
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License. You should
 * have received a copy of the LGPL license along with this program; if you
 * did not, you can find it at http://www.gnu.org/
 */

namespace Sphinx;

/**
 * important properties of PHP's integers:
 *  - always signed (one bit short of PHP_INT_SIZE)
 *  - conversion from string to int is saturated
 *  - float is double
 *  - div converts arguments to floats
 *  - mod converts arguments to ints
 *
 * the packing code below works as follows:
 *  - when we got an int, just pack it
 *    if performance is a problem, this is the branch users should aim for
 *
 *  - otherwise, we got a number in string form
 *    this might be due to different reasons, but we assume that this is
 *    because it didn't fit into PHP int
 *
 *  - factor the string into high and low ints for packing
 *    - if we have bcmath, then it is used
 *    - if we don't, we have to do it manually (this is the fun part)
 *
 *    - x64 branch does factoring using ints
 *    - x32 (ab)uses floats, since we can't fit unsigned 32-bit number into an int
 *
 * unpacking routines are pretty much the same.
 *  - return ints if we can
 *  - otherwise format number into a string
 */

/**
 * Pack 64-bit signed
 *
 * @param int $value
 *
 * @return string
 */
function pack64IntSigned($value)
{
    assert(is_numeric($value));

    // x64
    if (PHP_INT_SIZE >= 8) {
        $value = (int)$value;
        return pack('NN', $value >> 32, $value & 0xFFFFFFFF);
    }

    // x32, int
    if (is_int($value)) {
        return pack('NN', $value < 0 ? -1 : 0, $value);
    }

    // x32, bcmath
    if (function_exists('bcmul')) {
        if (bccomp($value, 0) == -1) {
            $value = bcadd('18446744073709551616', $value);
        }
        $h = bcdiv($value, '4294967296', 0);
        $l = bcmod($value, '4294967296');
        return pack('NN', (float)$h, (float)$l); // conversion to float is intentional; int would lose 31st bit
    }

    // x32, no-bcmath
    $p = max(0, strlen($value) - 13);
    $lo = abs((float)substr($value, $p));
    $hi = abs((float)substr($value, 0, $p));

    $m = $lo + $hi * 1316134912.0; // (10 ^ 13) % (1 << 32) = 1316134912

    $q = floor($m / 4294967296.0);
    $l = $m - ($q * 4294967296.0);
    $h = $hi * 2328.0 + $q; // (10 ^ 13) / (1 << 32) = 2328


    if ($value < 0) {
        if ($l == 0) {
            $h = 4294967296.0 - $h;
        } else {
            $h = 4294967295.0 - $h;
            $l = 4294967296.0 - $l;
        }
    }
    return pack('NN', $h, $l);
}

/**
 * Ppack 64-bit unsigned
 *
 * @param int $value
 *
 * @return string
 */
function pack64IntUnsigned($value)
{
    assert(is_numeric($value));

    // x64
    if (PHP_INT_SIZE >= 8) {
        assert($value >= 0);

        // x64, int
        if (is_int($value)) {
            return pack('NN', $value >> 32, $value & 0xFFFFFFFF);
        }

        // x64, bcmath
        if (function_exists('bcmul')) {
            $h = bcdiv($value, 4294967296, 0);
            $l = bcmod($value, 4294967296);
            return pack('NN', $h, $l);
        }

        // x64, no-bcmath
        $p = max(0, strlen($value) - 13);
        $lo = (int)substr($value, $p);
        $hi = (int)substr($value, 0, $p);

        $m = $lo + $hi * 1316134912;
        $l = $m % 4294967296;
        $h = $hi * 2328 + (int)($m / 4294967296);

        return pack('NN', $h, $l);
    }

    // x32, int
    if (is_int($value)) {
        return pack('NN', 0, $value);
    }

    // x32, bcmath
    if (function_exists('bcmul')) {
        $h = bcdiv($value, '4294967296', 0);
        $l = bcmod($value, '4294967296');
        return pack('NN', (float)$h, (float)$l); // conversion to float is intentional; int would lose 31st bit
    }

    // x32, no-bcmath
    $p = max(0, strlen($value) - 13);
    $lo = (float)substr($value, $p);
    $hi = (float)substr($value, 0, $p);

    $m = $lo + $hi * 1316134912.0;
    $q = floor($m / 4294967296.0);
    $l = $m - ($q * 4294967296.0);
    $h = $hi * 2328.0 + $q;

    return pack('NN', $h, $l);
}

/**
 * Unpack 64-bit unsigned
 *
 * @param string $value
 *
 * @return string
 */
function unpack64IntUnsigned($value)
{
    list($hi, $lo) = array_values(unpack('N*N*', $value));

    if (PHP_INT_SIZE >= 8) {
        if ($hi < 0) { // because php 5.2.2 to 5.2.5 is totally fucked up again
            $hi += 1 << 32;
        }
        if ($lo < 0) {
            $lo += 1 << 32;
        }

        // x64, int
        if ($hi <= 2147483647) {
            return ($hi << 32) + $lo;
        }

        // x64, bcmath
        if (function_exists('bcmul')) {
            return bcadd($lo, bcmul($hi, '4294967296'));
        }

        // x64, no-bcmath
        $C = 100000;
        $h = ((int)($hi / $C) << 32) + (int)($lo / $C);
        $l = (($hi % $C) << 32) + ($lo % $C);
        if ($l > $C) {
            $h += (int)($l / $C);
            $l  = $l % $C;
        }

        if ($h == 0) {
            return $l;
        }
        return sprintf('%d%05d', $h, $l);
    }

    // x32, int
    if ($hi == 0) {
        if ($lo > 0) {
            return $lo;
        }
        return sprintf('%u', $lo);
    }

    $hi = sprintf('%u', $hi);
    $lo = sprintf('%u', $lo);

    // x32, bcmath
    if (function_exists('bcmul')) {
        return bcadd($lo, bcmul($hi, '4294967296'));
    }

    // x32, no-bcmath
    $hi = (float)$hi;
    $lo = (float)$lo;

    $q = floor($hi / 10000000.0);
    $r = $hi - $q * 10000000.0;
    $m = $lo + $r * 4967296.0;
    $mq = floor($m / 10000000.0);
    $l = $m - $mq * 10000000.0;
    $h = $q * 4294967296.0 + $r * 429.0 + $mq;

    $h = sprintf('%.0f', $h);
    $l = sprintf('%07.0f', $l);
    if ($h == '0') {
        return sprintf('%.0f', (float)$l);
    }
    return $h . $l;
}

/**
 * Unpack 64-bit signed
 *
 * @param string $value
 *
 * @return string
 */
function unpack64IntSigned($value)
{
    list($hi, $lo) = array_values(unpack('N*N*', $value));

    // x64
    if (PHP_INT_SIZE >= 8) {
        if ($hi < 0) { // because php 5.2.2 to 5.2.5 is totally fucked up again
            $hi += 1 << 32;
        }
        if ($lo < 0) {
            $lo += 1 << 32;
        }

        return ($hi << 32) + $lo;
    }

    if ($hi == 0) { // x32, int
        if ($lo > 0) {
            return $lo;
        }
        return sprintf('%u', $lo);
    } elseif ($hi == -1) { // x32, int
        if ($lo < 0) {
            return $lo;
        }
        return sprintf('%.0f', $lo - 4294967296.0);
    }

    $neg = '';
    $c = 0;
    if ($hi < 0) {
        $hi = ~$hi;
        $lo = ~$lo;
        $c = 1;
        $neg = '-';
    }

    $hi = sprintf('%u', $hi);
    $lo = sprintf('%u', $lo);

    // x32, bcmath
    if (function_exists('bcmul')) {
        return $neg . bcadd(bcadd($lo, bcmul($hi, '4294967296')), $c);
    }

    // x32, no-bcmath
    $hi = (float)$hi;
    $lo = (float)$lo;

    $q = floor($hi / 10000000.0);
    $r = $hi - $q * 10000000.0;
    $m = $lo + $r * 4967296.0;
    $mq = floor($m / 10000000.0);
    $l = $m - $mq * 10000000.0 + $c;
    $h = $q * 4294967296.0 + $r * 429.0 + $mq;
    if ($l == 10000000) {
        $l = 0;
        $h += 1;
    }

    $h = sprintf('%.0f', $h);
    $l = sprintf('%07.0f', $l);
    if ($h == '0') {
        return $neg . sprintf('%.0f', (float)$l);
    }
    return $neg . $h . $l;
}

/**
 * @param int $value
 *
 * @return int|string
 */
function fixUInt($value)
{
    if (PHP_INT_SIZE >= 8) {
        // x64 route, workaround broken unpack() in 5.2.2+
        if ($value < 0) {
            $value += 1 << 32;
        }
        return $value;
    } else {
        // x32 route, workaround php signed/unsigned brain damage
        return sprintf('%u', $value);
    }
}

/**
 * @param int $flag
 * @param int $bit
 * @param bool $on
 *
 * @return int
 */
function setBit($flag, $bit, $on)
{
    if ($on) {
        $flag |= 1 << $bit;
    } else {
        $reset = 16777215 ^ (1 << $bit);
        $flag = $flag & $reset;
    }

    return $flag;
}


1			<?php
2			/**
3			* $Id$
4			*/
5
6			/**
7			* Copyright (c) 2001-2015, Andrew Aksyonoff
8			* Copyright (c) 2008-2015, Sphinx Technologies Inc
9			* All rights reserved
10			*
11			* This program is free software; you can redistribute it and/or modify
12			* it under the terms of the GNU Library General Public License. You should
13			* have received a copy of the LGPL license along with this program; if you
14			* did not, you can find it at http://www.gnu.org/
15			*/
16
17			namespace Sphinx;
18
19			/**
20			* important properties of PHP's integers:
21			* - always signed (one bit short of PHP_INT_SIZE)
22			* - conversion from string to int is saturated
23			* - float is double
24			* - div converts arguments to floats
25			* - mod converts arguments to ints
26			*
27			* the packing code below works as follows:
28			* - when we got an int, just pack it
29			* if performance is a problem, this is the branch users should aim for
30			*
31			* - otherwise, we got a number in string form
32			* this might be due to different reasons, but we assume that this is
33			* because it didn't fit into PHP int
34			*
35			* - factor the string into high and low ints for packing
36			* - if we have bcmath, then it is used
37			* - if we don't, we have to do it manually (this is the fun part)
38			*
39			* - x64 branch does factoring using ints
40			* - x32 (ab)uses floats, since we can't fit unsigned 32-bit number into an int
41			*
42			* unpacking routines are pretty much the same.
43			* - return ints if we can
44			* - otherwise format number into a string
45			*/
46
47			/**
48			* Pack 64-bit signed
49			*
50			* @param int $value
51			*
52			* @return string
53			*/
54			function pack64IntSigned($value)
55			{
56			assert(is_numeric($value));
57
58			// x64
59			if (PHP_INT_SIZE >= 8) {
60			$value = (int)$value;
61			return pack('NN', $value >> 32, $value & 0xFFFFFFFF);
62			}
63
64			// x32, int
65			if (is_int($value)) {
66			return pack('NN', $value < 0 ? -1 : 0, $value);
67			}
68
69			// x32, bcmath
70			if (function_exists('bcmul')) {
71			if (bccomp($value, 0) == -1) {
72			$value = bcadd('18446744073709551616', $value);
73			}
74			$h = bcdiv($value, '4294967296', 0);
75			$l = bcmod($value, '4294967296');
76			return pack('NN', (float)$h, (float)$l); // conversion to float is intentional; int would lose 31st bit
77			}
78
79			// x32, no-bcmath
80			$p = max(0, strlen($value) - 13);
81			$lo = abs((float)substr($value, $p));
82			$hi = abs((float)substr($value, 0, $p));
83
84			$m = $lo + $hi * 1316134912.0; // (10 ^ 13) % (1 << 32) = 1316134912
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-03-29 09:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `50%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
85			$q = floor($m / 4294967296.0);
86			$l = $m - ($q * 4294967296.0);
87			$h = $hi * 2328.0 + $q; // (10 ^ 13) / (1 << 32) = 2328
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-03-29 09:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `50%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
88
89			if ($value < 0) {
90			if ($l == 0) {
91			$h = 4294967296.0 - $h;
92			} else {
93			$h = 4294967295.0 - $h;
94			$l = 4294967296.0 - $l;
95			}
96			}
97			return pack('NN', $h, $l);
98			}
99
100			/**
101			* Ppack 64-bit unsigned
102			*
103			* @param int $value
104			*
105			* @return string
106			*/
107			function pack64IntUnsigned($value)
108			{
109			assert(is_numeric($value));
110
111			// x64
112			if (PHP_INT_SIZE >= 8) {
113			assert($value >= 0);
114
115			// x64, int
116			if (is_int($value)) {
117			return pack('NN', $value >> 32, $value & 0xFFFFFFFF);
118			}
119
120			// x64, bcmath
121		View Code Duplication	if (function_exists('bcmul')) {
122			$h = bcdiv($value, 4294967296, 0);
123			$l = bcmod($value, 4294967296);
124			return pack('NN', $h, $l);
125			}
126
127			// x64, no-bcmath
128			$p = max(0, strlen($value) - 13);
129			$lo = (int)substr($value, $p);
130			$hi = (int)substr($value, 0, $p);
131
132			$m = $lo + $hi * 1316134912;
133			$l = $m % 4294967296;
134			$h = $hi * 2328 + (int)($m / 4294967296);
135
136			return pack('NN', $h, $l);
137			}
138
139			// x32, int
140			if (is_int($value)) {
141			return pack('NN', 0, $value);
142			}
143
144			// x32, bcmath
145		View Code Duplication	if (function_exists('bcmul')) {
146			$h = bcdiv($value, '4294967296', 0);
147			$l = bcmod($value, '4294967296');
148			return pack('NN', (float)$h, (float)$l); // conversion to float is intentional; int would lose 31st bit
149			}
150
151			// x32, no-bcmath
152			$p = max(0, strlen($value) - 13);
153			$lo = (float)substr($value, $p);
154			$hi = (float)substr($value, 0, $p);
155
156			$m = $lo + $hi * 1316134912.0;
157			$q = floor($m / 4294967296.0);
158			$l = $m - ($q * 4294967296.0);
159			$h = $hi * 2328.0 + $q;
160
161			return pack('NN', $h, $l);
162			}
163
164			/**
165			* Unpack 64-bit unsigned
166			*
167			* @param string $value
168			*
169			* @return string
170			*/
171			function unpack64IntUnsigned($value)
172			{
173			list($hi, $lo) = array_values(unpack('NN', $value));
174
175			if (PHP_INT_SIZE >= 8) {
176			if ($hi < 0) { // because php 5.2.2 to 5.2.5 is totally fucked up again
177			$hi += 1 << 32;
178			}
179			if ($lo < 0) {
180			$lo += 1 << 32;
181			}
182
183			// x64, int
184			if ($hi <= 2147483647) {
185			return ($hi << 32) + $lo;
186			}
187
188			// x64, bcmath
189			if (function_exists('bcmul')) {
190			return bcadd($lo, bcmul($hi, '4294967296'));
191			}
192
193			// x64, no-bcmath
194			$C = 100000;
195			$h = ((int)($hi / $C) << 32) + (int)($lo / $C);
196			$l = (($hi % $C) << 32) + ($lo % $C);
197			if ($l > $C) {
198			$h += (int)($l / $C);
199			$l = $l % $C;
200			}
201
202			if ($h == 0) {
203			return $l;
204			}
205			return sprintf('%d%05d', $h, $l);
206			}
207
208			// x32, int
209			if ($hi == 0) {
210			if ($lo > 0) {
211			return $lo;
212			}
213			return sprintf('%u', $lo);
214			}
215
216			$hi = sprintf('%u', $hi);
217			$lo = sprintf('%u', $lo);
218
219			// x32, bcmath
220			if (function_exists('bcmul')) {
221			return bcadd($lo, bcmul($hi, '4294967296'));
222			}
223
224			// x32, no-bcmath
225			$hi = (float)$hi;
226			$lo = (float)$lo;
227
228			$q = floor($hi / 10000000.0);
229			$r = $hi - $q * 10000000.0;
230			$m = $lo + $r * 4967296.0;
231			$mq = floor($m / 10000000.0);
232			$l = $m - $mq * 10000000.0;
233			$h = $q * 4294967296.0 + $r * 429.0 + $mq;
234
235			$h = sprintf('%.0f', $h);
236			$l = sprintf('%07.0f', $l);
237			if ($h == '0') {
238			return sprintf('%.0f', (float)$l);
239			}
240			return $h . $l;
241			}
242
243			/**
244			* Unpack 64-bit signed
245			*
246			* @param string $value
247			*
248			* @return string
249			*/
250			function unpack64IntSigned($value)
251			{
252			list($hi, $lo) = array_values(unpack('NN', $value));
253
254			// x64
255			if (PHP_INT_SIZE >= 8) {
256			if ($hi < 0) { // because php 5.2.2 to 5.2.5 is totally fucked up again
257			$hi += 1 << 32;
258			}
259			if ($lo < 0) {
260			$lo += 1 << 32;
261			}
262
263			return ($hi << 32) + $lo;
264			}
265
266			if ($hi == 0) { // x32, int
267			if ($lo > 0) {
268			return $lo;
269			}
270			return sprintf('%u', $lo);
271			} elseif ($hi == -1) { // x32, int
272			if ($lo < 0) {
273			return $lo;
274			}
275			return sprintf('%.0f', $lo - 4294967296.0);
276			}
277
278			$neg = '';
279			$c = 0;
280			if ($hi < 0) {
281			$hi = ~$hi;
282			$lo = ~$lo;
283			$c = 1;
284			$neg = '-';
285			}
286
287			$hi = sprintf('%u', $hi);
288			$lo = sprintf('%u', $lo);
289
290			// x32, bcmath
291			if (function_exists('bcmul')) {
292			return $neg . bcadd(bcadd($lo, bcmul($hi, '4294967296')), $c);
293			}
294
295			// x32, no-bcmath
296			$hi = (float)$hi;
297			$lo = (float)$lo;
298
299			$q = floor($hi / 10000000.0);
300			$r = $hi - $q * 10000000.0;
301			$m = $lo + $r * 4967296.0;
302			$mq = floor($m / 10000000.0);
303			$l = $m - $mq * 10000000.0 + $c;
304			$h = $q * 4294967296.0 + $r * 429.0 + $mq;
305			if ($l == 10000000) {
306			$l = 0;
307			$h += 1;
308			}
309
310			$h = sprintf('%.0f', $h);
311			$l = sprintf('%07.0f', $l);
312			if ($h == '0') {
313			return $neg . sprintf('%.0f', (float)$l);
314			}
315			return $neg . $h . $l;
316			}
317
318			/**
319			* @param int $value
320			*
321			* @return int\|string
322			*/
323			function fixUInt($value)
324			{
325			if (PHP_INT_SIZE >= 8) {
326			// x64 route, workaround broken unpack() in 5.2.2+
327			if ($value < 0) {
328			$value += 1 << 32;
329			}
330			return $value;
331			} else {
332			// x32 route, workaround php signed/unsigned brain damage
333			return sprintf('%u', $value);
334			}
335			}
336
337			/**
338			* @param int $flag
339			* @param int $bit
340			* @param bool $on
341			*
342			* @return int
343			*/
344			function setBit($flag, $bit, $on)
345			{
346	4		if ($on) {
347	4		$flag \|= 1 << $bit;
348	4		} else {
349			$reset = 16777215 ^ (1 << $bit);
350			$flag = $flag & $reset;
351			}
352
353	4		return $flag;
354			}
355

peter-gribanov / sphinx-php-client

Issues (6)

Security Analysis no request data

src/functions.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like