Issues in SQLServerConnector.php (master) - Issues in master - silverstripe/silverstripe-mssql - Measure and Improve Code Quality continuously with Scrutinizer

Issues (37)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/SQLServerConnector.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace SilverStripe\MSSQL;

use SilverStripe\ORM\Connect\DBConnector;
use function sqlsrv_connect;
use function sqlsrv_begin_transaction;
use function sqlsrv_rollback;
use function sqlsrv_query;

use const MSSQL_USE_WINDOWS_AUTHENTICATION;

/**
 * Database connector driver for sqlsrv_ library
 */
class SQLServerConnector extends DBConnector
{

    /**
     * Connection to the DBMS.
     *
     * @var resource
     */
    protected $dbConn = null;

    /**
     * Stores the affected rows of the last query.
     * Used by sqlsrv functions only, as sqlsrv_rows_affected
     * accepts a result instead of a database handle.
     *
     * @var integer
     */
    protected $lastAffectedRows;

    /**
     * Name of the currently selected database
     *
     * @var string
     */
    protected $selectedDatabase = null;

    public function connect($parameters, $selectDB = false)
    {
        // Disable default warnings as errors behaviour for sqlsrv to keep it in line with mssql functions
        if (ini_get('sqlsrv.WarningsReturnAsErrors')) {
            ini_set('sqlsrv.WarningsReturnAsErrors', 'Off');
        }

        $charset = isset($parameters['charset']) ? $parameters : 'UTF-8';

        $options = [
            'CharacterSet' => $charset,
            'ReturnDatesAsStrings' => isset($parameters['returndatesasstrings'])
                ? $parameters['returndatesasstrings']
                : true,
            'MultipleActiveResultSets' => isset($parameters['multipleactiveresultsets'])
                ? $parameters['multipleactiveresultsets']
                : true
        ];

        if (!(defined('MSSQL_USE_WINDOWS_AUTHENTICATION') && MSSQL_USE_WINDOWS_AUTHENTICATION == true)
            && empty($parameters['windowsauthentication'])
        ) {
            $options['UID'] = $parameters['username'];
            $options['PWD'] = $parameters['password'];
        }

        // Required by MS Azure database
        if ($selectDB && !empty($parameters['database'])) {
            $options['Database'] = $parameters['database'];
        }

        $this->dbConn = sqlsrv_connect($parameters['server'], $options);

        if (empty($this->dbConn)) {
            $this->databaseError("Couldn't connect to SQL Server database");
        } elseif ($selectDB && !empty($parameters['database'])) {
            // Check selected database (Azure)
            $this->selectedDatabase = $parameters['database'];
        }
    }

    /**
     * Start transaction. READ ONLY not supported.
     */
    public function transactionStart()
    {
        $result = sqlsrv_begin_transaction($this->dbConn);

        if (!$result) {
            $this->databaseError("Couldn't start the transaction.");
        }
    }

    /**
     * Commit everything inside this transaction so far
     */
    public function transactionEnd()
    {
        $result = sqlsrv_commit($this->dbConn);

        if (!$result) {
            $this->databaseError("Couldn't commit the transaction.");
        }
    }

    /**
     * Rollback or revert to a savepoint if your queries encounter problems
     * If you encounter a problem at any point during a transaction, you may
     * need to rollback that particular query, or return to a savepoint
     */
    public function transactionRollback()
    {
        $result = sqlsrv_rollback($this->dbConn);
        if (!$result) {
            $this->databaseError("Couldn't rollback the transaction.");
        }
    }

    public function affectedRows()
    {
        return $this->lastAffectedRows;
    }

    public function getLastError()
    {
        $errorMessages = array();
        $errors = sqlsrv_errors();

        if ($errors) {
            foreach ($errors as $info) {
                $errorMessages[] = implode(', ', array($info['SQLSTATE'], $info['code'], $info['message']));
            }
        }

        return implode('; ', $errorMessages);
    }

    public function isActive()
    {
        return $this->dbConn && $this->selectedDatabase;
    }

    public function preparedQuery($sql, $parameters, $errorLevel = E_USER_ERROR)
    {
        // Reset state
        $this->lastAffectedRows = 0;

        // Run query
        if ($parameters) {

            $parsedParameters = $this->parameterValues($parameters);
        } else {
            $parsedParameters = [];
        }

        if (empty($parsedParameters)) {
            $handle = sqlsrv_query($this->dbConn, $sql);
        } else {
            $handle = sqlsrv_query($this->dbConn, $sql, $parsedParameters);
        }

        // Check for error
        if (!$handle) {
            $error = $this->getLastError();

            if (preg_match("/Cannot insert explicit value for identity column in table '(.*)'/", $error, $matches)) {
                sqlsrv_query($this->dbConn, "SET IDENTITY_INSERT \"$matches[1]\" ON");
                $result = $this->preparedQuery($sql, $parameters, $errorLevel);

                if ($result) {
                    sqlsrv_query($this->dbConn, "SET IDENTITY_INSERT \"$matches[1]\" OFF");

                    return $result;
                } else {
                    return null;
                }
            }

            $this->databaseError($this->getLastError(), $errorLevel, $sql, $parsedParameters);

            return null;
        }

        $this->lastAffectedRows = sqlsrv_rows_affected($handle);

        return new SQLServerQuery($this, $handle);
    }

    public function query($sql, $errorLevel = E_USER_ERROR)
    {
        return $this->preparedQuery($sql, [], $errorLevel);
    }

    public function selectDatabase($name)
    {
        $this->query("USE \"$name\"");
        $this->selectedDatabase = $name;
        return true;
    }

    public function __destruct()
    {
        if (is_resource($this->dbConn)) {
            sqlsrv_close($this->dbConn);
        }
    }

    public function getVersion()
    {
        return trim($this->query("SELECT CONVERT(char(15), SERVERPROPERTY('ProductVersion'))")->value());
    }

    public function getGeneratedID($table)
    {
        return $this->query("SELECT IDENT_CURRENT('$table')")->value();
    }

    public function getSelectedDatabase()
    {
        return $this->selectedDatabase;
    }

    public function unloadDatabase()
    {
        $this->selectDatabase('Master');
        $this->selectedDatabase = null;
    }

    /**
     * Quotes a string, including the "N" prefix so unicode
     * strings are saved to the database correctly.
     *
     * @param string $value String to be encoded
     * @return string Processed string ready for DB
     */
    public function quoteString($value)
    {
        return "N'" . $this->escapeString($value) . "'";
    }

    public function escapeString($value)
    {
        $value = str_replace("'", "''", $value);
        $value = str_replace("\0", "[NULL]", $value);
        return $value;
    }
}


1			<?php
2
3			namespace SilverStripe\MSSQL;
4
5			use SilverStripe\ORM\Connect\DBConnector;
6			use function sqlsrv_connect;
7			use function sqlsrv_begin_transaction;
8			use function sqlsrv_rollback;
9			use function sqlsrv_query;
10
11			use const MSSQL_USE_WINDOWS_AUTHENTICATION;
12
13			/**
14			* Database connector driver for sqlsrv_ library
15			*/
16			class SQLServerConnector extends DBConnector
17			{
18
19			/**
20			* Connection to the DBMS.
21			*
22			* @var resource
23			*/
24			protected $dbConn = null;
25
26			/**
27			* Stores the affected rows of the last query.
28			* Used by sqlsrv functions only, as sqlsrv_rows_affected
29			* accepts a result instead of a database handle.
30			*
31			* @var integer
32			*/
33			protected $lastAffectedRows;
34
35			/**
36			* Name of the currently selected database
37			*
38			* @var string
39			*/
40			protected $selectedDatabase = null;
41
42			public function connect($parameters, $selectDB = false)
43			{
44			// Disable default warnings as errors behaviour for sqlsrv to keep it in line with mssql functions
45			if (ini_get('sqlsrv.WarningsReturnAsErrors')) {
46			ini_set('sqlsrv.WarningsReturnAsErrors', 'Off');
47			}
48
49			$charset = isset($parameters['charset']) ? $parameters : 'UTF-8';
50
51			$options = [
52			'CharacterSet' => $charset,
53			'ReturnDatesAsStrings' => isset($parameters['returndatesasstrings'])
54			? $parameters['returndatesasstrings']
55			: true,
56			'MultipleActiveResultSets' => isset($parameters['multipleactiveresultsets'])
57			? $parameters['multipleactiveresultsets']
58			: true
59			];
60
61			if (!(defined('MSSQL_USE_WINDOWS_AUTHENTICATION') && MSSQL_USE_WINDOWS_AUTHENTICATION == true)
62			&& empty($parameters['windowsauthentication'])
63			) {
64			$options['UID'] = $parameters['username'];
65			$options['PWD'] = $parameters['password'];
66			}
67
68			// Required by MS Azure database
69			if ($selectDB && !empty($parameters['database'])) {
70			$options['Database'] = $parameters['database'];
71			}
72
73			$this->dbConn = sqlsrv_connect($parameters['server'], $options);
74
75			if (empty($this->dbConn)) {
76			$this->databaseError("Couldn't connect to SQL Server database");
77			} elseif ($selectDB && !empty($parameters['database'])) {
78			// Check selected database (Azure)
79			$this->selectedDatabase = $parameters['database'];
80			}
81			}
82
83			/**
84			* Start transaction. READ ONLY not supported.
85			*/
86			public function transactionStart()
87			{
88			$result = sqlsrv_begin_transaction($this->dbConn);
89
90			if (!$result) {
91			$this->databaseError("Couldn't start the transaction.");
92			}
93			}
94
95			/**
96			* Commit everything inside this transaction so far
97			*/
98			public function transactionEnd()
99			{
100			$result = sqlsrv_commit($this->dbConn);
101
102			if (!$result) {
103			$this->databaseError("Couldn't commit the transaction.");
104			}
105			}
106
107			/**
108			* Rollback or revert to a savepoint if your queries encounter problems
109			* If you encounter a problem at any point during a transaction, you may
110			* need to rollback that particular query, or return to a savepoint
111			*/
112			public function transactionRollback()
113			{
114			$result = sqlsrv_rollback($this->dbConn);
115			if (!$result) {
116			$this->databaseError("Couldn't rollback the transaction.");
117			}
118			}
119
120			public function affectedRows()
121			{
122			return $this->lastAffectedRows;
123			}
124
125			public function getLastError()
126			{
127			$errorMessages = array();
128			$errors = sqlsrv_errors();
129
130			if ($errors) {
131			foreach ($errors as $info) {
132			$errorMessages[] = implode(', ', array($info['SQLSTATE'], $info['code'], $info['message']));
133			}
134			}
135
136			return implode('; ', $errorMessages);
137			}
138
139			public function isActive()
140			{
141			return $this->dbConn && $this->selectedDatabase;
142			}
143
144			public function preparedQuery($sql, $parameters, $errorLevel = E_USER_ERROR)
145			{
146			// Reset state
147			$this->lastAffectedRows = 0;
148
149			// Run query
150			if ($parameters) {
			0 ignored issues – show Bug Best Practice introduced 2020-10-13 02:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$parameters` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
151			$parsedParameters = $this->parameterValues($parameters);
152			} else {
153			$parsedParameters = [];
154			}
155
156			if (empty($parsedParameters)) {
157			$handle = sqlsrv_query($this->dbConn, $sql);
158			} else {
159			$handle = sqlsrv_query($this->dbConn, $sql, $parsedParameters);
160			}
161
162			// Check for error
163			if (!$handle) {
164			$error = $this->getLastError();
165
166			if (preg_match("/Cannot insert explicit value for identity column in table '(.*)'/", $error, $matches)) {
167			sqlsrv_query($this->dbConn, "SET IDENTITY_INSERT \"$matches[1]\" ON");
168			$result = $this->preparedQuery($sql, $parameters, $errorLevel);
169
170			if ($result) {
171			sqlsrv_query($this->dbConn, "SET IDENTITY_INSERT \"$matches[1]\" OFF");
172
173			return $result;
174			} else {
175			return null;
176			}
177			}
178
179			$this->databaseError($this->getLastError(), $errorLevel, $sql, $parsedParameters);
180
181			return null;
182			}
183
184			$this->lastAffectedRows = sqlsrv_rows_affected($handle);
185
186			return new SQLServerQuery($this, $handle);
187			}
188
189			public function query($sql, $errorLevel = E_USER_ERROR)
190			{
191			return $this->preparedQuery($sql, [], $errorLevel);
192			}
193
194			public function selectDatabase($name)
195			{
196			$this->query("USE \"$name\"");
197			$this->selectedDatabase = $name;
198			return true;
199			}
200
201			public function __destruct()
202			{
203			if (is_resource($this->dbConn)) {
204			sqlsrv_close($this->dbConn);
205			}
206			}
207
208			public function getVersion()
209			{
210			return trim($this->query("SELECT CONVERT(char(15), SERVERPROPERTY('ProductVersion'))")->value());
211			}
212
213			public function getGeneratedID($table)
214			{
215			return $this->query("SELECT IDENT_CURRENT('$table')")->value();
216			}
217
218			public function getSelectedDatabase()
219			{
220			return $this->selectedDatabase;
221			}
222
223			public function unloadDatabase()
224			{
225			$this->selectDatabase('Master');
226			$this->selectedDatabase = null;
227			}
228
229			/**
230			* Quotes a string, including the "N" prefix so unicode
231			* strings are saved to the database correctly.
232			*
233			* @param string $value String to be encoded
234			* @return string Processed string ready for DB
235			*/
236			public function quoteString($value)
237			{
238			return "N'" . $this->escapeString($value) . "'";
239			}
240
241			public function escapeString($value)
242			{
243			$value = str_replace("'", "''", $value);
244			$value = str_replace("\0", "[NULL]", $value);
245			return $value;
246			}
247			}
248

silverstripe / silverstripe-mssql

Issues (37)

Security Analysis no request data

src/SQLServerConnector.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like