Issues in Auth.php (master) - Issues in master - vijinho/kohana2-legacy - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1240)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

modules/auth/libraries/Auth.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php defined('SYSPATH') or die('No direct access allowed.');
/**
 * User authorization library. Handles user login and logout, as well as secure
 * password hashing.
 *
 * @package    Auth
 * @author     Kohana Team
 * @copyright  (c) 2007 Kohana Team
 * @license    http://kohanaphp.com/license.html
 */
class Auth_Core
{

    // Session instance
    protected $session;

    // Configuration
    protected $config;

    /**
     * Create an instance of Auth.
     *
     * @return  object

     */
    public static function factory($config = array())
    {
        return new Auth($config);
    }

    /**
     * Return a static instance of Auth.
     *
     * @return  object

     */
    public static function instance($config = array())
    {
        static $instance;

        // Load the Auth instance
        empty($instance) and $instance = new Auth($config);

        return $instance;
    }

    /**
     * Loads Session and configuration options.
     *
     * @return  void

     */
    public function __construct($config = array())
    {
        // Append default auth configuration
        $config += Kohana::config('auth');

        // Clean up the salt pattern and split it into an array
        $config['salt_pattern'] = preg_split('/,\s*/', Kohana::config('auth.salt_pattern'));

        // Save the config in the object
        $this->config = $config;

        // Set the driver class name
        $driver = 'Auth_'.$config['driver'].'_Driver';

        if (! Kohana::auto_load($driver)) {
            throw new Kohana_Exception('core.driver_not_found', $config['driver'], get_class($this));
        }

        // Load the driver
        $driver = new $driver($config);

        if (! ($driver instanceof Auth_Driver)) {
            throw new Kohana_Exception('core.driver_implements', $config['driver'], get_class($this), 'Auth_Driver');
        }

        // Load the driver for access
        $this->driver = $driver;
class MyClass { }

$x = new MyClass();
$x->foo = true;

        Kohana::log('debug', 'Auth Library loaded');
    }

    /**
     * Check if there is an active session. Optionally allows checking for a
     * specific role.
     *
     * @param   string   role name
     * @return  boolean
     */
    public function logged_in($role = null)
    {
        return $this->driver->logged_in($role);
    }

    /**
     * Returns the currently logged in user, or FALSE.
     *
     * @return  mixed
     */
    public function get_user()
    {
        return $this->driver->get_user();
    }

    /**
     * Attempt to log in a user by using an ORM object and plain-text password.
     *
     * @param   string   username to log in
     * @param   string   password to check against
     * @param   boolean  enable auto-login
     * @return  boolean
     */
    public function login($username, $password, $remember = false)
    {
        if (empty($password)) {
            return false;
        }

        if (is_string($password)) {
            // Get the salt from the stored password
            $salt = $this->find_salt($this->driver->password($username));

            // Create a hashed password using the salt from the stored password
            $password = $this->hash_password($password, $salt);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        }

        return $this->driver->login($username, $password, $remember);
    }

    /**
     * Attempt to automatically log a user in.
     *
     * @return  boolean
     */
    public function auto_login()
    {
        return $this->driver->auto_login();
    }

    /**
     * Force a login for a specific username.
     *
     * @param   mixed    username
     * @return  boolean
     */
    public function force_login($username)
    {
        return $this->driver->force_login($username);
    }

    /**
     * Log out a user by removing the related session variables.
     *
     * @param   boolean  completely destroy the session
     * @return  boolean
     */
    public function logout($destroy = false)
    {
        return $this->driver->logout($destroy);
    }

    /**
     * Creates a hashed password from a plaintext password, inserting salt
     * based on the configured salt pattern.
     *
     * @param   string  plaintext password
     * @param string $password
     * @return  string  hashed password string
     */
    public function hash_password($password, $salt = false)
    {
        if ($salt === false) {
            // Create a salt seed, same length as the number of offsets in the pattern
            $salt = substr($this->hash(uniqid(null, true)), 0, count($this->config['salt_pattern']));
        }

        // Password hash that the salt will be inserted into
        $hash = $this->hash($salt.$password);

        // Change salt to an array
        $salt = str_split($salt, 1);

        // Returned password
        $password = '';

        // Used to calculate the length of splits
        $last_offset = 0;

        foreach ($this->config['salt_pattern'] as $offset) {
            // Split a new part of the hash off
            $part = substr($hash, 0, $offset - $last_offset);

            // Cut the current part out of the hash
            $hash = substr($hash, $offset - $last_offset);

            // Add the part to the password, appending the salt character
            $password .= $part.array_shift($salt);

            // Set the last offset to the current offset
            $last_offset = $offset;
        }

        // Return the password, with the remaining hash appended
        return $password.$hash;
    }

    /**
     * Perform a hash, using the configured method.
     *
     * @param   string  string to hash
     * @param string $str
     * @return  string
     */
    public function hash($str)
    {
        return hash($this->config['hash_method'], $str);
    }

    /**
     * Finds the salt from a password, based on the configured salt pattern.
     *
     * @param   string  hashed password
     * @return  string
     */
    public function find_salt($password)
    {
        $salt = '';

        foreach ($this->config['salt_pattern'] as $i => $offset) {
            // Find salt characters, take a good long look...
            $salt .= $password[$offset + $i];
        }

        return $salt;
    }
} // End Auth


1			<?php defined('SYSPATH') or die('No direct access allowed.');
2			/**
3			* User authorization library. Handles user login and logout, as well as secure
4			* password hashing.
5			*
6			* @package Auth
7			* @author Kohana Team
8			* @copyright (c) 2007 Kohana Team
9			* @license http://kohanaphp.com/license.html
10			*/
11			class Auth_Core
12			{
13
14			// Session instance
15			protected $session;
16
17			// Configuration
18			protected $config;
19
20			/**
21			* Create an instance of Auth.
22			*
23			* @return object
			0 ignored issues – show Documentation introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `Auth`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
24			*/
25			public static function factory($config = array())
26			{
27			return new Auth($config);
28			}
29
30			/**
31			* Return a static instance of Auth.
32			*
33			* @return object
			0 ignored issues – show Documentation introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `Auth`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
34			*/
35			public static function instance($config = array())
36			{
37			static $instance;
38
39			// Load the Auth instance
40			empty($instance) and $instance = new Auth($config);
41
42			return $instance;
43			}
44
45			/**
46			* Loads Session and configuration options.
47			*
48			* @return void
			0 ignored issues – show Comprehensibility Best Practice introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
49			*/
50			public function __construct($config = array())
51			{
52			// Append default auth configuration
53			$config += Kohana::config('auth');
54
55			// Clean up the salt pattern and split it into an array
56			$config['salt_pattern'] = preg_split('/,\s*/', Kohana::config('auth.salt_pattern'));
57
58			// Save the config in the object
59			$this->config = $config;
60
61			// Set the driver class name
62			$driver = 'Auth_'.$config['driver'].'_Driver';
63
64			if (! Kohana::auto_load($driver)) {
65			throw new Kohana_Exception('core.driver_not_found', $config['driver'], get_class($this));
66			}
67
68			// Load the driver
69			$driver = new $driver($config);
70
71			if (! ($driver instanceof Auth_Driver)) {
72			throw new Kohana_Exception('core.driver_implements', $config['driver'], get_class($this), 'Auth_Driver');
73			}
74
75			// Load the driver for access
76			$this->driver = $driver;
			0 ignored issues – show Bug introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `driver` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
77
78			Kohana::log('debug', 'Auth Library loaded');
79			}
80
81			/**
82			* Check if there is an active session. Optionally allows checking for a
83			* specific role.
84			*
85			* @param string role name
86			* @return boolean
87			*/
88			public function logged_in($role = null)
89			{
90			return $this->driver->logged_in($role);
91			}
92
93			/**
94			* Returns the currently logged in user, or FALSE.
95			*
96			* @return mixed
97			*/
98			public function get_user()
99			{
100			return $this->driver->get_user();
101			}
102
103			/**
104			* Attempt to log in a user by using an ORM object and plain-text password.
105			*
106			* @param string username to log in
107			* @param string password to check against
108			* @param boolean enable auto-login
109			* @return boolean
110			*/
111			public function login($username, $password, $remember = false)
112			{
113			if (empty($password)) {
114			return false;
115			}
116
117			if (is_string($password)) {
118			// Get the salt from the stored password
119			$salt = $this->find_salt($this->driver->password($username));
120
121			// Create a hashed password using the salt from the stored password
122			$password = $this->hash_password($password, $salt);
			0 ignored issues – show Documentation introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$salt` is of type `string`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
123			}
124
125			return $this->driver->login($username, $password, $remember);
126			}
127
128			/**
129			* Attempt to automatically log a user in.
130			*
131			* @return boolean
132			*/
133			public function auto_login()
134			{
135			return $this->driver->auto_login();
136			}
137
138			/**
139			* Force a login for a specific username.
140			*
141			* @param mixed username
142			* @return boolean
143			*/
144			public function force_login($username)
145			{
146			return $this->driver->force_login($username);
147			}
148
149			/**
150			* Log out a user by removing the related session variables.
151			*
152			* @param boolean completely destroy the session
153			* @return boolean
154			*/
155			public function logout($destroy = false)
156			{
157			return $this->driver->logout($destroy);
158			}
159
160			/**
161			* Creates a hashed password from a plaintext password, inserting salt
162			* based on the configured salt pattern.
163			*
164			* @param string plaintext password
165			* @param string $password
166			* @return string hashed password string
167			*/
168			public function hash_password($password, $salt = false)
169			{
170			if ($salt === false) {
171			// Create a salt seed, same length as the number of offsets in the pattern
172			$salt = substr($this->hash(uniqid(null, true)), 0, count($this->config['salt_pattern']));
173			}
174
175			// Password hash that the salt will be inserted into
176			$hash = $this->hash($salt.$password);
177
178			// Change salt to an array
179			$salt = str_split($salt, 1);
180
181			// Returned password
182			$password = '';
183
184			// Used to calculate the length of splits
185			$last_offset = 0;
186
187			foreach ($this->config['salt_pattern'] as $offset) {
188			// Split a new part of the hash off
189			$part = substr($hash, 0, $offset - $last_offset);
190
191			// Cut the current part out of the hash
192			$hash = substr($hash, $offset - $last_offset);
193
194			// Add the part to the password, appending the salt character
195			$password .= $part.array_shift($salt);
196
197			// Set the last offset to the current offset
198			$last_offset = $offset;
199			}
200
201			// Return the password, with the remaining hash appended
202			return $password.$hash;
203			}
204
205			/**
206			* Perform a hash, using the configured method.
207			*
208			* @param string string to hash
209			* @param string $str
210			* @return string
211			*/
212			public function hash($str)
213			{
214			return hash($this->config['hash_method'], $str);
215			}
216
217			/**
218			* Finds the salt from a password, based on the configured salt pattern.
219			*
220			* @param string hashed password
221			* @return string
222			*/
223			public function find_salt($password)
224			{
225			$salt = '';
226
227			foreach ($this->config['salt_pattern'] as $i => $offset) {
228			// Find salt characters, take a good long look...
229			$salt .= $password[$offset + $i];
230			}
231
232			return $salt;
233			}
234			} // End Auth
235

vijinho / kohana2-legacy

Issues (1240)

Security Analysis not enabled

modules/auth/libraries/Auth.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like