Issues in CheckDbTask.php (master) - Issues in master - shogodev/argilla - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1410)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

build/tasks/CheckDbTask.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Проверка БД с которой работает движок - доступы, настройки самой БД и т.д.
 * @author Fedor A Borshev <[email protected]>
 * @link https://github.com/shogodev/argilla/
 * @copyright Copyright &copy; 2003-2014 Shogo
 * @license http://argilla.ru/LICENSE
 * @package build.tasks.checkDbTask
 */

require_once "phing/Task.php";

class CheckDbTask extends Task
{
  /**
   * @var boolean проверять доступ к триггерам
   */
  private $checkTriggers;

  /**
   * @var boolean проверять доступ к созданию и просмотру структуры вьюх
   */
  private $checkViews;

  /**
   * @var boolean проверять доступ к созданию и изменению хранимых процедур
   */
  private $checkRoutines;

  /**
   * @var boolean проверять доступ к LOCK TABLES
   */
  private $checkLockTables;

  /**
   * @var boolean проверять доступ к CREATE TMP TABLE
   */
  private $checkTmpTable;

  /**
   * @var boolean проверять включен ли InnoDB
   */
  private $checkInnoDb;

  /**
   * @var PDO
   */
  private $pdo;
  /**
   * @var bool
   */
  private $_connected = false;

  private $_user;
  private $_host;
  private $_dbName;

  /**
   * @var PrivilegeChecker
   */
  private $_privilegeChecker;

  #region setters
  public function setTriggers($val)
  {
    $this->checkTriggers = $val;
  }

  public function setViews($val)
  {
    $this->checkViews = $val;
  }

  public function setRoutines($val)
  {
    $this->checkRoutines = $val;
  }

  public function setLockTables($val)
  {
    $this->checkLockTables = $val;
  }

  public function setTmpTables($val)
  {
    $this->checkTmpTable = $val;
  }

  public function setInnoDb($val)
  {
    $this->checkInnoDb = $val;
  }

  #endregion

  public function main()
  {
    if( !$this->_connected )
    {
      $this->connect();
    }

    try
    {
      $this->_privilegeChecker = new PrivilegeChecker(PrivilegeChecker::getShowGrantsOutput($this->pdo));
    }
    catch(Exception $e)
    {
      if( strpos($e->getMessage(), 'The MySQL server is running with the --skip-grant-tables') !== false )
      {
        return;
      }
      else
      {
        throw $e;
      }
    }

    if( $this->checkTriggers )
    {
      $this->checkPrivilege(PrivilegeEnum::TRIGGER);
    }

    if( $this->checkViews )
    {
      $this->checkPrivilege(PrivilegeEnum::SHOW_VIEW);
      $this->checkPrivilege(PrivilegeEnum::CREATE_VIEW);
    }

    if( $this->checkRoutines )
    {
      $this->checkPrivilege(PrivilegeEnum::CREATE_ROUTINE);
      $this->checkPrivilege(PrivilegeEnum::ALTER_ROUTINE);
    }

    if( $this->checkLockTables )
    {
      $this->checkPrivilege(PrivilegeEnum::LOCK_TABLES);
    }

    if( $this->checkTmpTable )
    {
      $this->checkPrivilege(PrivilegeEnum::CREATE_TEMPORARY_TABLES);
    }

    if( $this->checkInnoDb )
    {
      $this->checkEngine('InnoDB');
    }
  }

  protected function checkPrivilege($privilege)
  {
    if( !$this->hasPrivilege($privilege) )
    {
      throw new BuildException(
        "Required DB privelege '{$privilege}' not granted for '{$this->_user}'@'{$this->_host}' on db '{$this->_dbName}'");
    }
  }

  protected function checkEngine($engine)
  {
    $q = $this->pdo->query('SHOW ENGINES;');
    $q->execute();
    foreach($q as $row)
    {
      if( $row['Engine'] == $engine and ($row['Support'] == 'YES' or $row['Support'] == 'DEFAULT') )
        return true;
    }
    throw new BuildException("Required Engine '$engine' is not supported by current DB driver");
  }

  protected function hasPrivilege($privilege)
  {
    return $this->_privilegeChecker->hasPrivilege($privilege, $this->_dbName, $this->_user, $this->_host);
  }

  private function connect()
  {
    $dsn = $dsn = $this->project->getProperty('db.driver').':'.'host='.$this->project->getProperty('db.host');

    try
    {
      $this->pdo = new PDO($dsn,
        $this->project->getProperty('db.username'),
        $this->project->getProperty('db.password'));
    }
    catch(PDOException $e)
    {
      throw new BuildException("CheckDbPermissionsTask: Could not connect to PDO: $dsn");
    }

    $this->_connected = true;
    $this->_user = $this->project->getProperty('db.mysqlUser');
    $this->_host = $this->project->getProperty('db.mysqlHost');
    $this->_dbName = $this->project->getProperty('db.dbname');
  }
}


/**
 * Привилегии.
 */
class PrivilegeEnum
{
  const TRIGGER = 'trigger';
  const SHOW_VIEW = 'show view';
  const CREATE_VIEW = 'create view';
  const CREATE_ROUTINE = 'create routine';
  const ALTER_ROUTINE = 'alter routine';
  const LOCK_TABLES = 'lock tables';
  const CREATE_TEMPORARY_TABLES = 'create temporary tables';
}


/**
 * Инкапсулиреут правила проверки привилегий.
 */
class PrivilegeChecker
{
  /**
   * Возвращает результат команды SHOW GRANTS;
   *
   * @param PDO $connection Соединение с базой данных.
   *
   * @throws BadMethodCallException
   * @return array Результат команды SHOW GRANTS;
   */
  public static function getShowGrantsOutput(PDO $connection)
  {
    if( !$query = $connection->query('SHOW GRANTS;') )
    {
      throw new BadMethodCallException($connection->errorInfo()[2], $connection->errorInfo()[1]);
    }

    return $query->fetchAll();
  }

  /**
   * @var string[] Массив GRANT команд.
   */
  private $_showGrantsOutput;

  /**
   * Создает новый объект для проверки привилегий в базе данных для пользователя.
   *
   * @param string[] $showGrantsRawOutput Результат команды SHOW GRANTS;
   */
  public function __construct(array $showGrantsRawOutput)
  {
    $this->_showGrantsOutput = $this->preprocess($showGrantsRawOutput);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
  }

  /**
   * Проверает наличие указанной привилегии для определенного пользователя и хоста.
   *
   * @param string $privilege Название привилегии (см. PrivilegeEnum)
   * @param string $db Имя базы данных.
   * @param string $user Имя пользователя.
   * @param string $host Имя хоста.
   *
   * @return bool true в случае наличия привилегии, иначе false.
   */
  public function hasPrivilege($privilege, $db, $user, $host)
  {
    try
    {
      $grantQuery = $this->findRow($this->_showGrantsOutput, $db, $user, $host);
    }
    catch(UnexpectedValueException $e)
    {
      return false;
    }

    return $this->checkPrivilege($grantQuery, $privilege);
  }

  /**
   * Выполняет предварительную обработку для результата команды SHOW GRANTS;
   *
   * @param string $showGrantsRawOutput Результат команды SHOW GRANTS;
   *
   * @return string[] Массив GRANT команд.
   */
  private function preprocess($showGrantsRawOutput)
  {
    return array_map(function (array $rowAsArray)
    {
      return reset($rowAsArray);
    }, $showGrantsRawOutput);
  }

  /**
   * Отыскивает строку, содержащую GRANT команду, для указанного пользователя и хоста.
   *
   * @param string[] $grantCommands Все GRANT команды.
   * @param string $db Имя базы данных.
   * @param string $user Имя пользователя.
   * @param string $host Имя хоста.
   *
   * @throws UnexpectedValueException Бросается если GRANT команда для указанного пользователя и хоста не найдена.
   * @return string GRANT команда для указанного пользователя и хоста.
   */
  private function findRow(array $grantCommands, $db, $user, $host)
  {
    $candidates = array_filter($grantCommands, function ($row) use ($db, $user, $host)
    {
      /** @var $row string */
      if( stripos($row, 'GRANT USAGE ON') !== false )
      {
        return false;
      }

      return preg_match("/('{$user}'@'{$host}')|('{$user}'@'%')/", $row);
    });

    if( count($candidates) === 0 )
    {
      throw new UnexpectedValueException();
    }

    return reset($candidates);
  }

  private function parsePrivileges($string)
  {
    if( !preg_match('/GRANT\s+(?<privileges>.+)\s+ON/i', $string, $matches) )
      return array();

    $privilegeList = array_map(function ($privilege)
    {
      return strtolower(trim($privilege));
    }, explode(',', $matches['privileges']));

    return is_array($privilegeList) ? $privilegeList : array();
  }

  /**
   * Проверяет наличие привилегии в SQL GRANT команде.
   *
   * @param string $string Строка, содержащая SQL GRANT команду.
   * @param string $checkPrivilege Название привилегии на которую делается проверка.
   *
   * @return bool true в случае наличия привилегии, иначе false.
   */
  private function checkPrivilege($string, $checkPrivilege)
  {
    $privileges = $this->parsePrivileges($string);

    return in_array(strtolower($checkPrivilege), $privileges) || in_array('all privileges', $privileges) || in_array('all', $privileges);
  }
}

GitHub Access Token became invalid

Issues (1410)

Security Analysis not enabled

build/tasks/CheckDbTask.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* Проверка БД с которой работает движок - доступы, настройки самой БД и т.д.
4			* @author Fedor A Borshev <[email protected]>
5			* @link https://github.com/shogodev/argilla/
6			* @copyright Copyright © 2003-2014 Shogo
7			* @license http://argilla.ru/LICENSE
8			* @package build.tasks.checkDbTask
9			*/
10
11			require_once "phing/Task.php";
12
13			class CheckDbTask extends Task
14			{
15			/**
16			* @var boolean проверять доступ к триггерам
17			*/
18			private $checkTriggers;
19
20			/**
21			* @var boolean проверять доступ к созданию и просмотру структуры вьюх
22			*/
23			private $checkViews;
24
25			/**
26			* @var boolean проверять доступ к созданию и изменению хранимых процедур
27			*/
28			private $checkRoutines;
29
30			/**
31			* @var boolean проверять доступ к LOCK TABLES
32			*/
33			private $checkLockTables;
34
35			/**
36			* @var boolean проверять доступ к CREATE TMP TABLE
37			*/
38			private $checkTmpTable;
39
40			/**
41			* @var boolean проверять включен ли InnoDB
42			*/
43			private $checkInnoDb;
44
45			/**
46			* @var PDO
47			*/
48			private $pdo;
49			/**
50			* @var bool
51			*/
52			private $_connected = false;
53
54			private $_user;
55			private $_host;
56			private $_dbName;
57
58			/**
59			* @var PrivilegeChecker
60			*/
61			private $_privilegeChecker;
62
63			#region setters
64			public function setTriggers($val)
65			{
66			$this->checkTriggers = $val;
67			}
68
69			public function setViews($val)
70			{
71			$this->checkViews = $val;
72			}
73
74			public function setRoutines($val)
75			{
76			$this->checkRoutines = $val;
77			}
78
79			public function setLockTables($val)
80			{
81			$this->checkLockTables = $val;
82			}
83
84			public function setTmpTables($val)
85			{
86			$this->checkTmpTable = $val;
87			}
88
89			public function setInnoDb($val)
90			{
91			$this->checkInnoDb = $val;
92			}
93
94			#endregion
95
96			public function main()
97			{
98			if( !$this->_connected )
99			{
100			$this->connect();
101			}
102
103			try
104			{
105			$this->_privilegeChecker = new PrivilegeChecker(PrivilegeChecker::getShowGrantsOutput($this->pdo));
106			}
107			catch(Exception $e)
108			{
109			if( strpos($e->getMessage(), 'The MySQL server is running with the --skip-grant-tables') !== false )
110			{
111			return;
112			}
113			else
114			{
115			throw $e;
116			}
117			}
118
119			if( $this->checkTriggers )
120			{
121			$this->checkPrivilege(PrivilegeEnum::TRIGGER);
122			}
123
124			if( $this->checkViews )
125			{
126			$this->checkPrivilege(PrivilegeEnum::SHOW_VIEW);
127			$this->checkPrivilege(PrivilegeEnum::CREATE_VIEW);
128			}
129
130			if( $this->checkRoutines )
131			{
132			$this->checkPrivilege(PrivilegeEnum::CREATE_ROUTINE);
133			$this->checkPrivilege(PrivilegeEnum::ALTER_ROUTINE);
134			}
135
136			if( $this->checkLockTables )
137			{
138			$this->checkPrivilege(PrivilegeEnum::LOCK_TABLES);
139			}
140
141			if( $this->checkTmpTable )
142			{
143			$this->checkPrivilege(PrivilegeEnum::CREATE_TEMPORARY_TABLES);
144			}
145
146			if( $this->checkInnoDb )
147			{
148			$this->checkEngine('InnoDB');
149			}
150			}
151
152			protected function checkPrivilege($privilege)
153			{
154			if( !$this->hasPrivilege($privilege) )
155			{
156			throw new BuildException(
157			"Required DB privelege '{$privilege}' not granted for '{$this->_user}'@'{$this->_host}' on db '{$this->_dbName}'");
158			}
159			}
160
161			protected function checkEngine($engine)
162			{
163			$q = $this->pdo->query('SHOW ENGINES;');
164			$q->execute();
165			foreach($q as $row)
166			{
167			if( $row['Engine'] == $engine and ($row['Support'] == 'YES' or $row['Support'] == 'DEFAULT') )
168			return true;
169			}
170			throw new BuildException("Required Engine '$engine' is not supported by current DB driver");
171			}
172
173			protected function hasPrivilege($privilege)
174			{
175			return $this->_privilegeChecker->hasPrivilege($privilege, $this->_dbName, $this->_user, $this->_host);
176			}
177
178			private function connect()
179			{
180			$dsn = $dsn = $this->project->getProperty('db.driver').':'.'host='.$this->project->getProperty('db.host');
181
182			try
183			{
184			$this->pdo = new PDO($dsn,
185			$this->project->getProperty('db.username'),
186			$this->project->getProperty('db.password'));
187			}
188			catch(PDOException $e)
189			{
190			throw new BuildException("CheckDbPermissionsTask: Could not connect to PDO: $dsn");
191			}
192
193			$this->_connected = true;
194			$this->_user = $this->project->getProperty('db.mysqlUser');
195			$this->_host = $this->project->getProperty('db.mysqlHost');
196			$this->_dbName = $this->project->getProperty('db.dbname');
197			}
198			}
199
200
201			/**
202			* Привилегии.
203			*/
204			class PrivilegeEnum
205			{
206			const TRIGGER = 'trigger';
207			const SHOW_VIEW = 'show view';
208			const CREATE_VIEW = 'create view';
209			const CREATE_ROUTINE = 'create routine';
210			const ALTER_ROUTINE = 'alter routine';
211			const LOCK_TABLES = 'lock tables';
212			const CREATE_TEMPORARY_TABLES = 'create temporary tables';
213			}
214
215
216			/**
217			* Инкапсулиреут правила проверки привилегий.
218			*/
219			class PrivilegeChecker
220			{
221			/**
222			* Возвращает результат команды SHOW GRANTS;
223			*
224			* @param PDO $connection Соединение с базой данных.
225			*
226			* @throws BadMethodCallException
227			* @return array Результат команды SHOW GRANTS;
228			*/
229			public static function getShowGrantsOutput(PDO $connection)
230			{
231			if( !$query = $connection->query('SHOW GRANTS;') )
232			{
233			throw new BadMethodCallException($connection->errorInfo()[2], $connection->errorInfo()[1]);
234			}
235
236			return $query->fetchAll();
237			}
238
239			/**
240			* @var string[] Массив GRANT команд.
241			*/
242			private $_showGrantsOutput;
243
244			/**
245			* Создает новый объект для проверки привилегий в базе данных для пользователя.
246			*
247			* @param string[] $showGrantsRawOutput Результат команды SHOW GRANTS;
248			*/
249			public function __construct(array $showGrantsRawOutput)
250			{
251			$this->_showGrantsOutput = $this->preprocess($showGrantsRawOutput);
			0 ignored issues – show Documentation introduced 2015-11-25 11:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$showGrantsRawOutput` is of type `array<integer,string>`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
252			}
253
254			/**
255			* Проверает наличие указанной привилегии для определенного пользователя и хоста.
256			*
257			* @param string $privilege Название привилегии (см. PrivilegeEnum)
258			* @param string $db Имя базы данных.
259			* @param string $user Имя пользователя.
260			* @param string $host Имя хоста.
261			*
262			* @return bool true в случае наличия привилегии, иначе false.
263			*/
264			public function hasPrivilege($privilege, $db, $user, $host)
265			{
266			try
267			{
268			$grantQuery = $this->findRow($this->_showGrantsOutput, $db, $user, $host);
269			}
270			catch(UnexpectedValueException $e)
271			{
272			return false;
273			}
274
275			return $this->checkPrivilege($grantQuery, $privilege);
276			}
277
278			/**
279			* Выполняет предварительную обработку для результата команды SHOW GRANTS;
280			*
281			* @param string $showGrantsRawOutput Результат команды SHOW GRANTS;
282			*
283			* @return string[] Массив GRANT команд.
284			*/
285			private function preprocess($showGrantsRawOutput)
286			{
287			return array_map(function (array $rowAsArray)
288			{
289			return reset($rowAsArray);
290			}, $showGrantsRawOutput);
291			}
292
293			/**
294			* Отыскивает строку, содержащую GRANT команду, для указанного пользователя и хоста.
295			*
296			* @param string[] $grantCommands Все GRANT команды.
297			* @param string $db Имя базы данных.
298			* @param string $user Имя пользователя.
299			* @param string $host Имя хоста.
300			*
301			* @throws UnexpectedValueException Бросается если GRANT команда для указанного пользователя и хоста не найдена.
302			* @return string GRANT команда для указанного пользователя и хоста.
303			*/
304			private function findRow(array $grantCommands, $db, $user, $host)
305			{
306			$candidates = array_filter($grantCommands, function ($row) use ($db, $user, $host)
307			{
308			/** @var $row string */
309			if( stripos($row, 'GRANT USAGE ON') !== false )
310			{
311			return false;
312			}
313
314			return preg_match("/('{$user}'@'{$host}')\|('{$user}'@'%')/", $row);
315			});
316
317			if( count($candidates) === 0 )
318			{
319			throw new UnexpectedValueException();
320			}
321
322			return reset($candidates);
323			}
324
325			private function parsePrivileges($string)
326			{
327			if( !preg_match('/GRANT\s+(?<privileges>.+)\s+ON/i', $string, $matches) )
328			return array();
329
330			$privilegeList = array_map(function ($privilege)
331			{
332			return strtolower(trim($privilege));
333			}, explode(',', $matches['privileges']));
334
335			return is_array($privilegeList) ? $privilegeList : array();
336			}
337
338			/**
339			* Проверяет наличие привилегии в SQL GRANT команде.
340			*
341			* @param string $string Строка, содержащая SQL GRANT команду.
342			* @param string $checkPrivilege Название привилегии на которую делается проверка.
343			*
344			* @return bool true в случае наличия привилегии, иначе false.
345			*/
346			private function checkPrivilege($string, $checkPrivilege)
347			{
348			$privileges = $this->parsePrivileges($string);
349
350			return in_array(strtolower($checkPrivilege), $privileges) \|\| in_array('all privileges', $privileges) \|\| in_array('all', $privileges);
351			}
352			}

shogodev / argilla

GitHub Access Token became invalid

Issues (1410)

Security Analysis not enabled

build/tasks/CheckDbTask.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like