Issues in Cache.php (master) - Issues in master - splitbrain/dokuwiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (847)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

inc/Cache/Cache.php (2 issues)

Labels

Deprecated Code 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace dokuwiki\Cache;

use dokuwiki\Debug\PropertyDeprecationHelper;
use dokuwiki\Extension\Event;

/**
 * Generic handling of caching
 */
class Cache
{
    use PropertyDeprecationHelper;

    public $key = '';          // primary identifier for this item
    public $ext = '';          // file ext for cache data, secondary identifier for this item
    public $cache = '';        // cache file name
    public $depends = array(); // array containing cache dependency information,
    //   used by makeDefaultCacheDecision to determine cache validity

    // phpcs:disable
    /**
     * @deprecated since 2019-02-02 use the respective getters instead!
     */
    protected $_event = '';       // event to be triggered during useCache
    protected $_time;
    protected $_nocache = false;  // if set to true, cache will not be used or stored
    // phpcs:enable

    /**
     * @param string $key primary identifier
     * @param string $ext file extension
     */
    public function __construct($key, $ext)
    {
        $this->key = $key;
        $this->ext = $ext;
        $this->cache = getCacheName($key, $ext);

        /**
         * @deprecated since 2019-02-02 use the respective getters instead!
         */
        $this->deprecatePublicProperty('_event');
        $this->deprecatePublicProperty('_time');
        $this->deprecatePublicProperty('_nocache');
    }

    public function getTime()
    {
        return $this->_time;
    }

    public function getEvent()
    {
        return $this->_event;

    }

    public function setEvent($event)
    {
        $this->_event = $event;

    }

    /**
     * public method to determine whether the cache can be used
     *
     * to assist in centralisation of event triggering and calculation of cache statistics,
     * don't override this function override makeDefaultCacheDecision()
     *
     * @param  array $depends array of cache dependencies, support dependecies:
     *                            'age'   => max age of the cache in seconds
     *                            'files' => cache must be younger than mtime of each file
     *                                       (nb. dependency passes if file doesn't exist)
     *
     * @return bool    true if cache can be used, false otherwise
     */
    public function useCache($depends = array())
    {
        $this->depends = $depends;
        $this->addDependencies();

        if ($this->getEvent()) {
            return $this->stats(
                Event::createAndTrigger(
                    $this->getEvent(),
                    $this,
                    array($this, 'makeDefaultCacheDecision')
                )
            );
        }

        return $this->stats($this->makeDefaultCacheDecision());
    }

    /**
     * internal method containing cache use decision logic
     *
     * this function processes the following keys in the depends array
     *   purge - force a purge on any non empty value
     *   age   - expire cache if older than age (seconds)
     *   files - expire cache if any file in this array was updated more recently than the cache
     *
     * Note that this function needs to be public as it is used as callback for the event handler
     *
     * can be overridden
     *
     * @internal This method may only be called by the event handler! Call \dokuwiki\Cache\Cache::useCache instead!
     *
     * @return bool               see useCache()
     */
    public function makeDefaultCacheDecision()
    {
        if ($this->_nocache) {
            return false;
        }                              // caching turned off
        if (!empty($this->depends['purge'])) {
            return false;
        }              // purge requested?
        if (!($this->_time = @filemtime($this->cache))) {
            return false;
        }   // cache exists?

        // cache too old?
        if (!empty($this->depends['age']) && ((time() - $this->_time) > $this->depends['age'])) {
            return false;
        }

        if (!empty($this->depends['files'])) {
            foreach ($this->depends['files'] as $file) {
                if ($this->_time <= @filemtime($file)) {
                    return false;
                }         // cache older than files it depends on?
            }
        }

        return true;
    }

    /**
     * add dependencies to the depends array
     *
     * this method should only add dependencies,
     * it should not remove any existing dependencies and
     * it should only overwrite a dependency when the new value is more stringent than the old
     */
    protected function addDependencies()
    {
        global $INPUT;
        if ($INPUT->has('purge')) {
            $this->depends['purge'] = true;
        }   // purge requested
    }

    /**
     * retrieve the cached data
     *
     * @param   bool $clean true to clean line endings, false to leave line endings alone
     * @return  string          cache contents
     */
    public function retrieveCache($clean = true)
    {
        return io_readFile($this->cache, $clean);
    }

    /**
     * cache $data
     *
     * @param   string $data the data to be cached
     * @return  bool           true on success, false otherwise
     */
    public function storeCache($data)
    {
        if ($this->_nocache) {
            return false;
        }

        return io_saveFile($this->cache, $data);
    }

    /**
     * remove any cached data associated with this cache instance
     */
    public function removeCache()
    {
        @unlink($this->cache);
    }

    /**
     * Record cache hits statistics.
     * (Only when debugging allowed, to reduce overhead.)
     *
     * @param    bool $success result of this cache use attempt
     * @return   bool              pass-thru $success value
     */
    protected function stats($success)
    {
        global $conf;
        static $stats = null;
        static $file;

        if (!$conf['allowdebug']) {
            return $success;
        }

        if (is_null($stats)) {
            $file = $conf['cachedir'] . '/cache_stats.txt';
            $lines = explode("\n", io_readFile($file));

            foreach ($lines as $line) {
                $i = strpos($line, ',');
                $stats[substr($line, 0, $i)] = $line;
            }
        }

        if (isset($stats[$this->ext])) {
            list($ext, $count, $hits) = explode(',', $stats[$this->ext]);
        } else {
            $ext = $this->ext;
            $count = 0;
            $hits = 0;
        }

        $count++;
        if ($success) {
            $hits++;
        }
        $stats[$this->ext] = "$ext,$count,$hits";

        io_saveFile($file, join("\n", $stats));

        return $success;
    }

    /**
     * @return bool
     */
    public function isNoCache()
    {
        return $this->_nocache;
    }
}


1			<?php
2
3			namespace dokuwiki\Cache;
4
5			use dokuwiki\Debug\PropertyDeprecationHelper;
6			use dokuwiki\Extension\Event;
7
8			/**
9			* Generic handling of caching
10			*/
11			class Cache
12			{
13			use PropertyDeprecationHelper;
14
15			public $key = ''; // primary identifier for this item
16			public $ext = ''; // file ext for cache data, secondary identifier for this item
17			public $cache = ''; // cache file name
18			public $depends = array(); // array containing cache dependency information,
19			// used by makeDefaultCacheDecision to determine cache validity
20
21			// phpcs:disable
22			/**
23			* @deprecated since 2019-02-02 use the respective getters instead!
24			*/
25			protected $_event = ''; // event to be triggered during useCache
26			protected $_time;
27			protected $_nocache = false; // if set to true, cache will not be used or stored
28			// phpcs:enable
29
30			/**
31			* @param string $key primary identifier
32			* @param string $ext file extension
33			*/
34			public function __construct($key, $ext)
35			{
36			$this->key = $key;
37			$this->ext = $ext;
38			$this->cache = getCacheName($key, $ext);
39
40			/**
41			* @deprecated since 2019-02-02 use the respective getters instead!
42			*/
43			$this->deprecatePublicProperty('_event');
44			$this->deprecatePublicProperty('_time');
45			$this->deprecatePublicProperty('_nocache');
46			}
47
48			public function getTime()
49			{
50			return $this->_time;
51			}
52
53			public function getEvent()
54			{
55			return $this->_event;
			0 ignored issues – show Deprecated Code introduced 2019-02-22 22:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `dokuwiki\Cache\Cache::$_event` has been deprecated with message: since 2019-02-02 use the respective getters instead! This property has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the property will be removed from the class and what other property to use instead. Loading history...
56			}
57
58			public function setEvent($event)
59			{
60			$this->_event = $event;
			0 ignored issues – show Deprecated Code introduced 2019-02-22 22:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `dokuwiki\Cache\Cache::$_event` has been deprecated with message: since 2019-02-02 use the respective getters instead! This property has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the property will be removed from the class and what other property to use instead. Loading history...
61			}
62
63			/**
64			* public method to determine whether the cache can be used
65			*
66			* to assist in centralisation of event triggering and calculation of cache statistics,
67			* don't override this function override makeDefaultCacheDecision()
68			*
69			* @param array $depends array of cache dependencies, support dependecies:
70			* 'age' => max age of the cache in seconds
71			* 'files' => cache must be younger than mtime of each file
72			* (nb. dependency passes if file doesn't exist)
73			*
74			* @return bool true if cache can be used, false otherwise
75			*/
76			public function useCache($depends = array())
77			{
78			$this->depends = $depends;
79			$this->addDependencies();
80
81			if ($this->getEvent()) {
82			return $this->stats(
83			Event::createAndTrigger(
84			$this->getEvent(),
85			$this,
86			array($this, 'makeDefaultCacheDecision')
87			)
88			);
89			}
90
91			return $this->stats($this->makeDefaultCacheDecision());
92			}
93
94			/**
95			* internal method containing cache use decision logic
96			*
97			* this function processes the following keys in the depends array
98			* purge - force a purge on any non empty value
99			* age - expire cache if older than age (seconds)
100			* files - expire cache if any file in this array was updated more recently than the cache
101			*
102			* Note that this function needs to be public as it is used as callback for the event handler
103			*
104			* can be overridden
105			*
106			* @internal This method may only be called by the event handler! Call \dokuwiki\Cache\Cache::useCache instead!
107			*
108			* @return bool see useCache()
109			*/
110			public function makeDefaultCacheDecision()
111			{
112			if ($this->_nocache) {
113			return false;
114			} // caching turned off
115			if (!empty($this->depends['purge'])) {
116			return false;
117			} // purge requested?
118			if (!($this->_time = @filemtime($this->cache))) {
119			return false;
120			} // cache exists?
121
122			// cache too old?
123			if (!empty($this->depends['age']) && ((time() - $this->_time) > $this->depends['age'])) {
124			return false;
125			}
126
127			if (!empty($this->depends['files'])) {
128			foreach ($this->depends['files'] as $file) {
129			if ($this->_time <= @filemtime($file)) {
130			return false;
131			} // cache older than files it depends on?
132			}
133			}
134
135			return true;
136			}
137
138			/**
139			* add dependencies to the depends array
140			*
141			* this method should only add dependencies,
142			* it should not remove any existing dependencies and
143			* it should only overwrite a dependency when the new value is more stringent than the old
144			*/
145			protected function addDependencies()
146			{
147			global $INPUT;
148			if ($INPUT->has('purge')) {
149			$this->depends['purge'] = true;
150			} // purge requested
151			}
152
153			/**
154			* retrieve the cached data
155			*
156			* @param bool $clean true to clean line endings, false to leave line endings alone
157			* @return string cache contents
158			*/
159			public function retrieveCache($clean = true)
160			{
161			return io_readFile($this->cache, $clean);
162			}
163
164			/**
165			* cache $data
166			*
167			* @param string $data the data to be cached
168			* @return bool true on success, false otherwise
169			*/
170			public function storeCache($data)
171			{
172			if ($this->_nocache) {
173			return false;
174			}
175
176			return io_saveFile($this->cache, $data);
177			}
178
179			/**
180			* remove any cached data associated with this cache instance
181			*/
182			public function removeCache()
183			{
184			@unlink($this->cache);
185			}
186
187			/**
188			* Record cache hits statistics.
189			* (Only when debugging allowed, to reduce overhead.)
190			*
191			* @param bool $success result of this cache use attempt
192			* @return bool pass-thru $success value
193			*/
194			protected function stats($success)
195			{
196			global $conf;
197			static $stats = null;
198			static $file;
199
200			if (!$conf['allowdebug']) {
201			return $success;
202			}
203
204			if (is_null($stats)) {
205			$file = $conf['cachedir'] . '/cache_stats.txt';
206			$lines = explode("\n", io_readFile($file));
207
208			foreach ($lines as $line) {
209			$i = strpos($line, ',');
210			$stats[substr($line, 0, $i)] = $line;
211			}
212			}
213
214			if (isset($stats[$this->ext])) {
215			list($ext, $count, $hits) = explode(',', $stats[$this->ext]);
216			} else {
217			$ext = $this->ext;
218			$count = 0;
219			$hits = 0;
220			}
221
222			$count++;
223			if ($success) {
224			$hits++;
225			}
226			$stats[$this->ext] = "$ext,$count,$hits";
227
228			io_saveFile($file, join("\n", $stats));
229
230			return $success;
231			}
232
233			/**
234			* @return bool
235			*/
236			public function isNoCache()
237			{
238			return $this->_nocache;
239			}
240			}
241

splitbrain / dokuwiki

Issues (847)

Security Analysis not enabled

inc/Cache/Cache.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like