Completed
Push — master ( d01ad3...6b97e6 )
by Paweł
21s queued 10s
created

ArticleNotFoundListener::onKernelException()   A

Complexity

Conditions 4
Paths 3

Size

Total Lines 18

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
dl 0
loc 18
rs 9.6666
c 0
b 0
f 0
cc 4
nc 3
nop 1
1
<?php
2
3
declare(strict_types=1);
4
5
/*
6
 * This file is part of the Superdesk Web Publisher Content Bundle.
7
 *
8
 * Copyright 2017 Sourcefabric z.ú. and contributors.
9
 *
10
 * For the full copyright and license information, please see the
11
 * AUTHORS and LICENSE files distributed with this source code.
12
 *
13
 * @copyright 2017 Sourcefabric z.ú
14
 * @license http://www.superdesk.org/license
15
 */
16
17
namespace SWP\Bundle\ContentBundle\EventListener;
18
19
use SWP\Component\Common\Exception\ArticleNotFoundException;
20
use Symfony\Component\HttpFoundation\RedirectResponse;
21
use Symfony\Component\HttpFoundation\Response;
22
use Symfony\Component\HttpKernel\Event\ExceptionEvent;
23
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
24
use Symfony\Component\Routing\RouterInterface;
25
26
final class ArticleNotFoundListener
27
{
28
    private $router;
29
30
    private $redirectNotFoundArticles;
31
32
    public function __construct(RouterInterface $router, bool $redirectNotFoundArticles)
33
    {
34
        $this->router = $router;
35
        $this->redirectNotFoundArticles = $redirectNotFoundArticles;
36
    }
37
38
    public function onKernelException(ExceptionEvent $event)
39
    {
40
        $exception = $event->getException();
41
        $request = $event->getRequest();
42
        if (!$this->redirectNotFoundArticles || !$exception instanceof ArticleNotFoundException) {
43
            return;
44
        }
45
46
        $route = 'homepage';
47
        if ($request->attributes->has('routeMeta')) {
48
            $route = $request->attributes->get('routeMeta');
49
        }
50
51
        $event->setResponse(new RedirectResponse(
52
            $this->router->generate($route, [], UrlGeneratorInterface::ABSOLUTE_URL),
0 ignored issues
show
Security Cross-Site Scripting introduced by
$this->router->generate(...nterface::ABSOLUTE_URL) can contain request data and is used in output context(s) leading to a potential security vulnerability.

4 paths for user data to reach this point

  1. Path: $this->parameters['HTTP_AUTHORIZATION'] seems to return tainted data, and $authorizationHeader is assigned in ServerBag.php on line 62
  1. $this->parameters['HTTP_AUTHORIZATION'] seems to return tainted data, and $authorizationHeader is assigned
    in vendor/ServerBag.php on line 62
  2. ParameterBag::$parameters is assigned
    in vendor/ServerBag.php on line 77
  3. Tainted property ParameterBag::$parameters is read
    in vendor/ParameterBag.php on line 84
  4. ParameterBag::get() returns tainted data, and $baseUrl is assigned
    in vendor/Request.php on line 1770
  5. $baseUrl is passed through rtrim()
    in vendor/Request.php on line 1826
  6. Request::prepareBaseUrl() returns tainted data, and Request::$baseUrl is assigned
    in vendor/Request.php on line 882
  7. Tainted property Request::$baseUrl is read
    in vendor/Request.php on line 885
  8. Request::getBaseUrl() returns tainted data, and $request->getBaseUrl() is passed to RequestContext::setBaseUrl()
    in vendor/RequestContext.php on line 55
  9. RequestContext::$baseUrl is assigned
    in vendor/RequestContext.php on line 86
  10. Tainted property RequestContext::$baseUrl is read
    in vendor/RequestContext.php on line 74
  11. RequestContext::getBaseUrl() returns tainted data, and $url is assigned
    in vendor/Generator/UrlGenerator.php on line 279
  12. UrlGenerator::doGenerate() returns tainted data
    in vendor/Generator/CompiledUrlGenerator.php on line 56
  13. CompiledUrlGenerator::generate() returns tainted data
    in vendor/Router.php on line 254
  14. Router::generate() returns tainted data
    in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
  2. Path: Read from $_POST, and $_POST is passed to Request::createRequestFromFactory() in Request.php on line 281
  1. Read from $_POST, and $_POST is passed to Request::createRequestFromFactory()
    in vendor/Request.php on line 281
  2. $request is passed to Request::__construct()
    in vendor/Request.php on line 1953
  3. $request is passed to Request::initialize()
    in vendor/Request.php on line 235
  4. $request is passed to ParameterBag::__construct()
    in vendor/Request.php on line 253
  5. ParameterBag::$parameters is assigned
    in vendor/ParameterBag.php on line 31
  6. Tainted property ParameterBag::$parameters is read
    in vendor/ParameterBag.php on line 84
  7. ParameterBag::get() returns tainted data, and $baseUrl is assigned
    in vendor/Request.php on line 1770
  8. $baseUrl is passed through rtrim()
    in vendor/Request.php on line 1826
  9. Request::prepareBaseUrl() returns tainted data, and Request::$baseUrl is assigned
    in vendor/Request.php on line 882
  10. Tainted property Request::$baseUrl is read
    in vendor/Request.php on line 885
  11. Request::getBaseUrl() returns tainted data, and $request->getBaseUrl() is passed to RequestContext::setBaseUrl()
    in vendor/RequestContext.php on line 55
  12. RequestContext::$baseUrl is assigned
    in vendor/RequestContext.php on line 86
  13. Tainted property RequestContext::$baseUrl is read
    in vendor/RequestContext.php on line 74
  14. RequestContext::getBaseUrl() returns tainted data, and $url is assigned
    in vendor/Generator/UrlGenerator.php on line 279
  15. UrlGenerator::doGenerate() returns tainted data
    in vendor/Generator/CompiledUrlGenerator.php on line 56
  16. CompiledUrlGenerator::generate() returns tainted data
    in vendor/Router.php on line 254
  17. Router::generate() returns tainted data
    in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
  3. Path: $this->parameters['PHP_AUTH_USER'] seems to return tainted data, and $headers is assigned in ServerBag.php on line 43
  1. $this->parameters['PHP_AUTH_USER'] seems to return tainted data, and $headers is assigned
    in vendor/ServerBag.php on line 43
  2. $headers is assigned
    in vendor/ServerBag.php on line 44
  3. ServerBag::getHeaders() returns tainted data, and $this->server->getHeaders() is passed to HeaderBag::__construct()
    in vendor/Request.php on line 259
  4. $values is assigned
    in vendor/HeaderBag.php on line 29
  5. $values is passed to HeaderBag::set()
    in vendor/HeaderBag.php on line 30
  6. $values is passed through array_values(), and $values is assigned
    in vendor/HeaderBag.php on line 142
  7. HeaderBag::$headers is assigned
    in vendor/HeaderBag.php on line 145
  8. Tainted property HeaderBag::$headers is read
    in vendor/HeaderBag.php on line 65
  9. HeaderBag::all() returns tainted data, and $headers is assigned
    in vendor/HeaderBag.php on line 113
  10. HeaderBag::get() returns tainted data, and $host is assigned
    in vendor/Request.php on line 1149
  11. $host is passed through trim(), and trim($host) is passed through preg_replace(), and preg_replace('/:\\d+$/', '', trim($host)) is passed through strtolower(), and $host is assigned
    in vendor/Request.php on line 1157
  12. Request::getHost() returns tainted data, and $request->getHost() is passed to RequestContext::setHost()
    in vendor/RequestContext.php on line 58
  13. $host is passed through strtolower(), and RequestContext::$host is assigned
    in vendor/RequestContext.php on line 162
  14. Tainted property RequestContext::$host is read
    in vendor/RequestContext.php on line 150
  15. RequestContext::getHost() returns tainted data, and $uri is assigned
    in src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 83
  16. MediaManager::getMediaUri() returns tainted data
    in src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 70
  17. MediaManager::getMediaPublicUrl() returns tainted data
    in src/SWP/Bundle/CoreBundle/Routing/ArticleAuthorMediaRouter.php on line 47
  18. ArticleAuthorMediaRouter::generate() returns tainted data
    in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
  4. Path: $this->parameters['PHP_AUTH_PW'] seems to return tainted data, and $headers is assigned in ServerBag.php on line 44
  1. $this->parameters['PHP_AUTH_PW'] seems to return tainted data, and $headers is assigned
    in vendor/ServerBag.php on line 44
  2. ServerBag::getHeaders() returns tainted data, and $this->server->getHeaders() is passed to HeaderBag::__construct()
    in vendor/Request.php on line 259
  3. $values is assigned
    in vendor/HeaderBag.php on line 29
  4. $values is passed to HeaderBag::set()
    in vendor/HeaderBag.php on line 30
  5. $values is passed through array_values(), and $values is assigned
    in vendor/HeaderBag.php on line 142
  6. HeaderBag::$headers is assigned
    in vendor/HeaderBag.php on line 145
  7. Tainted property HeaderBag::$headers is read
    in vendor/HeaderBag.php on line 65
  8. HeaderBag::all() returns tainted data, and $headers is assigned
    in vendor/HeaderBag.php on line 113
  9. HeaderBag::get() returns tainted data, and $host is assigned
    in vendor/Request.php on line 1149
  10. $host is passed through trim(), and trim($host) is passed through preg_replace(), and preg_replace('/:\\d+$/', '', trim($host)) is passed through strtolower(), and $host is assigned
    in vendor/Request.php on line 1157
  11. Request::getHost() returns tainted data, and $request->getHost() is passed to RequestContext::setHost()
    in vendor/RequestContext.php on line 58
  12. $host is passed through strtolower(), and RequestContext::$host is assigned
    in vendor/RequestContext.php on line 162
  13. Tainted property RequestContext::$host is read
    in vendor/RequestContext.php on line 150
  14. RequestContext::getHost() returns tainted data, and $uri is assigned
    in src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 83
  15. MediaManager::getMediaUri() returns tainted data
    in src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 70
  16. MediaManager::getMediaPublicUrl() returns tainted data
    in src/SWP/Bundle/CoreBundle/Routing/ArticleAuthorMediaRouter.php on line 47
  17. ArticleAuthorMediaRouter::generate() returns tainted data
    in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52

Used in output context

  1. RedirectResponse::__construct() uses RedirectResponse::setTargetUrl() ($url)
    in vendor/RedirectResponse.php on line 39
  2. RedirectResponse::setTargetUrl() uses Response::setContent() ($content)
    in vendor/RedirectResponse.php on line 92
  3. Response::setContent() uses property Response::$content for writing
    in vendor/Response.php on line 404
  4. Property Response::$content is used in echo
    in vendor/Response.php on line 363

Preventing Cross-Site-Scripting Attacks

Cross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user.

In order to prevent this, make sure to escape all user-provided data:

// for HTML
$sanitized = htmlentities($tainted, ENT_QUOTES);

// for URLs
$sanitized = urlencode($tainted);

General Strategies to prevent injection

In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:

if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}

For numeric data, we recommend to explicitly cast the data:

$sanitized = (integer) $tainted;
Loading history...
53
            Response::HTTP_MOVED_PERMANENTLY
54
        ));
55
    }
56
}
57