Issues in Autopromote.php (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/Autopromote.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Automatic user rights promotion based on conditions specified
 * in $wgAutopromote.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 */

/**
 * This class checks if user can get extra rights
 * because of conditions specified in $wgAutopromote
 */
class Autopromote {
	/**
	 * Get the groups for the given user based on $wgAutopromote.
	 *
	 * @param User $user The user to get the groups for
	 * @return array Array of groups to promote to.
	 */
	public static function getAutopromoteGroups( User $user ) {
		global $wgAutopromote;

		$promote = [];

		foreach ( $wgAutopromote as $group => $cond ) {
			if ( self::recCheckCondition( $cond, $user ) ) {
				$promote[] = $group;
			}
		}

		Hooks::run( 'GetAutoPromoteGroups', [ $user, &$promote ] );

		return $promote;
	}

	/**
	 * Get the groups for the given user based on the given criteria.
	 *
	 * Does not return groups the user already belongs to or has once belonged.
	 *
	 * @param User $user The user to get the groups for
	 * @param string $event Key in $wgAutopromoteOnce (each one has groups/criteria)
	 *
	 * @return array Groups the user should be promoted to.
	 *
	 * @see $wgAutopromoteOnce
	 */
	public static function getAutopromoteOnceGroups( User $user, $event ) {
		global $wgAutopromoteOnce;

		$promote = [];

		if ( isset( $wgAutopromoteOnce[$event] ) && count( $wgAutopromoteOnce[$event] ) ) {
			$currentGroups = $user->getGroups();
			$formerGroups = $user->getFormerGroups();
			foreach ( $wgAutopromoteOnce[$event] as $group => $cond ) {
				// Do not check if the user's already a member
				if ( in_array( $group, $currentGroups ) ) {
					continue;
				}
				// Do not autopromote if the user has belonged to the group
				if ( in_array( $group, $formerGroups ) ) {
					continue;
				}
				// Finally - check the conditions
				if ( self::recCheckCondition( $cond, $user ) ) {
					$promote[] = $group;
				}
			}
		}

		return $promote;
	}

	/**
	 * Recursively check a condition.  Conditions are in the form
	 *   array( '&' or '|' or '^' or '!', cond1, cond2, ... )
	 * where cond1, cond2, ... are themselves conditions; *OR*
	 *   APCOND_EMAILCONFIRMED, *OR*
	 *   array( APCOND_EMAILCONFIRMED ), *OR*
	 *   array( APCOND_EDITCOUNT, number of edits ), *OR*
	 *   array( APCOND_AGE, seconds since registration ), *OR*
	 *   similar constructs defined by extensions.
	 * This function evaluates the former type recursively, and passes off to
	 * self::checkCondition for evaluation of the latter type.
	 *
	 * @param mixed $cond A condition, possibly containing other conditions
	 * @param User $user The user to check the conditions against
	 * @return bool Whether the condition is true
	 */
	private static function recCheckCondition( $cond, User $user ) {
		$validOps = [ '&', '|', '^', '!' ];

		if ( is_array( $cond ) && count( $cond ) >= 2 && in_array( $cond[0], $validOps ) ) {
			# Recursive condition
			if ( $cond[0] == '&' ) { // AND (all conds pass)
				foreach ( array_slice( $cond, 1 ) as $subcond ) {
					if ( !self::recCheckCondition( $subcond, $user ) ) {
						return false;
					}
				}

				return true;
			} elseif ( $cond[0] == '|' ) { // OR (at least one cond passes)
				foreach ( array_slice( $cond, 1 ) as $subcond ) {
					if ( self::recCheckCondition( $subcond, $user ) ) {
						return true;
					}
				}

				return false;
			} elseif ( $cond[0] == '^' ) { // XOR (exactly one cond passes)
				if ( count( $cond ) > 3 ) {
					wfWarn( 'recCheckCondition() given XOR ("^") condition on three or more conditions.' .
						' Check your $wgAutopromote and $wgAutopromoteOnce settings.' );
				}
				return self::recCheckCondition( $cond[1], $user )
					xor self::recCheckCondition( $cond[2], $user );
			} elseif ( $cond[0] == '!' ) { // NOT (no conds pass)
				foreach ( array_slice( $cond, 1 ) as $subcond ) {
					if ( self::recCheckCondition( $subcond, $user ) ) {
						return false;
					}
				}

				return true;
			}
		}
		// If we got here, the array presumably does not contain other conditions;
		// it's not recursive.  Pass it off to self::checkCondition.
		if ( !is_array( $cond ) ) {
			$cond = [ $cond ];
		}

		return self::checkCondition( $cond, $user );
	}

	/**
	 * As recCheckCondition, but *not* recursive.  The only valid conditions
	 * are those whose first element is APCOND_EMAILCONFIRMED/APCOND_EDITCOUNT/
	 * APCOND_AGE.  Other types will throw an exception if no extension evaluates them.
	 *
	 * @param array $cond A condition, which must not contain other conditions
	 * @param User $user The user to check the condition against
	 * @throws MWException
	 * @return bool Whether the condition is true for the user
	 */
	private static function checkCondition( $cond, User $user ) {
		global $wgEmailAuthentication;
		if ( count( $cond ) < 1 ) {
			return false;
		}

		switch ( $cond[0] ) {
			case APCOND_EMAILCONFIRMED:
				if ( Sanitizer::validateEmail( $user->getEmail() ) ) {
					if ( $wgEmailAuthentication ) {
						return (bool)$user->getEmailAuthenticationTimestamp();
					} else {
						return true;
					}
				}
				return false;
			case APCOND_EDITCOUNT:
				return $user->getEditCount() >= $cond[1];
			case APCOND_AGE:
				$age = time() - wfTimestampOrNull( TS_UNIX, $user->getRegistration() );

				return $age >= $cond[1];
			case APCOND_AGE_FROM_EDIT:
				$age = time() - wfTimestampOrNull( TS_UNIX, $user->getFirstEditTimestamp() );

				return $age >= $cond[1];
			case APCOND_INGROUPS:
				$groups = array_slice( $cond, 1 );
				return count( array_intersect( $groups, $user->getGroups() ) ) == count( $groups );
			case APCOND_ISIP:
				return $cond[1] == $user->getRequest()->getIP();
			case APCOND_IPINRANGE:
				return IP::isInRange( $user->getRequest()->getIP(), $cond[1] );
			case APCOND_BLOCKED:
				return $user->isBlocked();
			case APCOND_ISBOT:
				return in_array( 'bot', User::getGroupPermissions( $user->getGroups() ) );
			default:
				$result = null;
				Hooks::run( 'AutopromoteCondition', [ $cond[0],
					array_slice( $cond, 1 ), $user, &$result ] );
				if ( $result === null ) {
					throw new MWException( "Unrecognized condition {$cond[0]} for autopromotion!" );
				}

				return (bool)$result;
		}
	}
}


1		<?php
2		/**
3		* Automatic user rights promotion based on conditions specified
4		* in $wgAutopromote.
5		*
6		* This program is free software; you can redistribute it and/or modify
7		* it under the terms of the GNU General Public License as published by
8		* the Free Software Foundation; either version 2 of the License, or
9		* (at your option) any later version.
10		*
11		* This program is distributed in the hope that it will be useful,
12		* but WITHOUT ANY WARRANTY; without even the implied warranty of
13		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14		* GNU General Public License for more details.
15		*
16		* You should have received a copy of the GNU General Public License along
17		* with this program; if not, write to the Free Software Foundation, Inc.,
18		* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
19		* http://www.gnu.org/copyleft/gpl.html
20		*
21		* @file
22		*/
23
24		/**
25		* This class checks if user can get extra rights
26		* because of conditions specified in $wgAutopromote
27		*/
28		class Autopromote {
29		/**
30		* Get the groups for the given user based on $wgAutopromote.
31		*
32		* @param User $user The user to get the groups for
33		* @return array Array of groups to promote to.
34		*/
35		public static function getAutopromoteGroups( User $user ) {
36		global $wgAutopromote;
37
38		$promote = [];
39
40		foreach ( $wgAutopromote as $group => $cond ) {
41		if ( self::recCheckCondition( $cond, $user ) ) {
42		$promote[] = $group;
43		}
44		}
45
46		Hooks::run( 'GetAutoPromoteGroups', [ $user, &$promote ] );
47
48		return $promote;
49		}
50
51		/**
52		* Get the groups for the given user based on the given criteria.
53		*
54		* Does not return groups the user already belongs to or has once belonged.
55		*
56		* @param User $user The user to get the groups for
57		* @param string $event Key in $wgAutopromoteOnce (each one has groups/criteria)
58		*
59		* @return array Groups the user should be promoted to.
60		*
61		* @see $wgAutopromoteOnce
62		*/
63		public static function getAutopromoteOnceGroups( User $user, $event ) {
64		global $wgAutopromoteOnce;
65
66		$promote = [];
67
68		if ( isset( $wgAutopromoteOnce[$event] ) && count( $wgAutopromoteOnce[$event] ) ) {
69		$currentGroups = $user->getGroups();
70		$formerGroups = $user->getFormerGroups();
71		foreach ( $wgAutopromoteOnce[$event] as $group => $cond ) {
72		// Do not check if the user's already a member
73		if ( in_array( $group, $currentGroups ) ) {
74		continue;
75		}
76		// Do not autopromote if the user has belonged to the group
77		if ( in_array( $group, $formerGroups ) ) {
78		continue;
79		}
80		// Finally - check the conditions
81		if ( self::recCheckCondition( $cond, $user ) ) {
82		$promote[] = $group;
83		}
84		}
85		}
86
87		return $promote;
88		}
89
90		/**
91		* Recursively check a condition. Conditions are in the form
92		* array( '&' or '\|' or '^' or '!', cond1, cond2, ... )
93		* where cond1, cond2, ... are themselves conditions; OR
94		* APCOND_EMAILCONFIRMED, OR
95		* array( APCOND_EMAILCONFIRMED ), OR
96		* array( APCOND_EDITCOUNT, number of edits ), OR
97		* array( APCOND_AGE, seconds since registration ), OR
98		* similar constructs defined by extensions.
99		* This function evaluates the former type recursively, and passes off to
100		* self::checkCondition for evaluation of the latter type.
101		*
102		* @param mixed $cond A condition, possibly containing other conditions
103		* @param User $user The user to check the conditions against
104		* @return bool Whether the condition is true
105		*/
106		private static function recCheckCondition( $cond, User $user ) {
107		$validOps = [ '&', '\|', '^', '!' ];
108
109		if ( is_array( $cond ) && count( $cond ) >= 2 && in_array( $cond[0], $validOps ) ) {
110		# Recursive condition
111		if ( $cond[0] == '&' ) { // AND (all conds pass)
112		foreach ( array_slice( $cond, 1 ) as $subcond ) {
113		if ( !self::recCheckCondition( $subcond, $user ) ) {
114		return false;
115		}
116		}
117
118		return true;
119	View Code Duplication	} elseif ( $cond[0] == '\|' ) { // OR (at least one cond passes)
120		foreach ( array_slice( $cond, 1 ) as $subcond ) {
121		if ( self::recCheckCondition( $subcond, $user ) ) {
122		return true;
123		}
124		}
125
126		return false;
127		} elseif ( $cond[0] == '^' ) { // XOR (exactly one cond passes)
128		if ( count( $cond ) > 3 ) {
129		wfWarn( 'recCheckCondition() given XOR ("^") condition on three or more conditions.' .
130		' Check your $wgAutopromote and $wgAutopromoteOnce settings.' );
131		}
132		return self::recCheckCondition( $cond[1], $user )
133		xor self::recCheckCondition( $cond[2], $user );
134	View Code Duplication	} elseif ( $cond[0] == '!' ) { // NOT (no conds pass)
135		foreach ( array_slice( $cond, 1 ) as $subcond ) {
136		if ( self::recCheckCondition( $subcond, $user ) ) {
137		return false;
138		}
139		}
140
141		return true;
142		}
143		}
144		// If we got here, the array presumably does not contain other conditions;
145		// it's not recursive. Pass it off to self::checkCondition.
146		if ( !is_array( $cond ) ) {
147		$cond = [ $cond ];
148		}
149
150		return self::checkCondition( $cond, $user );
151		}
152
153		/**
154		* As recCheckCondition, but not recursive. The only valid conditions
155		* are those whose first element is APCOND_EMAILCONFIRMED/APCOND_EDITCOUNT/
156		* APCOND_AGE. Other types will throw an exception if no extension evaluates them.
157		*
158		* @param array $cond A condition, which must not contain other conditions
159		* @param User $user The user to check the condition against
160		* @throws MWException
161		* @return bool Whether the condition is true for the user
162		*/
163		private static function checkCondition( $cond, User $user ) {
164		global $wgEmailAuthentication;
165		if ( count( $cond ) < 1 ) {
166		return false;
167		}
168
169		switch ( $cond[0] ) {
170		case APCOND_EMAILCONFIRMED:
171		if ( Sanitizer::validateEmail( $user->getEmail() ) ) {
172		if ( $wgEmailAuthentication ) {
173		return (bool)$user->getEmailAuthenticationTimestamp();
174		} else {
175		return true;
176		}
177		}
178		return false;
179		case APCOND_EDITCOUNT:
180		return $user->getEditCount() >= $cond[1];
181		case APCOND_AGE:
182		$age = time() - wfTimestampOrNull( TS_UNIX, $user->getRegistration() );
		0 ignored issues – show Security Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$user->getRegistration()` targeting `User::getRegistration()` can also be of type `false`; however, `wfTimestampOrNull()` does only seem to accept `string\|null`, did you maybe forget to handle an error condition? Loading history...
183		return $age >= $cond[1];
184		case APCOND_AGE_FROM_EDIT:
185		$age = time() - wfTimestampOrNull( TS_UNIX, $user->getFirstEditTimestamp() );
		0 ignored issues – show Security Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$user->getFirstEditTimestamp()` targeting `User::getFirstEditTimestamp()` can also be of type `false`; however, `wfTimestampOrNull()` does only seem to accept `string\|null`, did you maybe forget to handle an error condition? Loading history...
186		return $age >= $cond[1];
187		case APCOND_INGROUPS:
188		$groups = array_slice( $cond, 1 );
189		return count( array_intersect( $groups, $user->getGroups() ) ) == count( $groups );
190		case APCOND_ISIP:
191		return $cond[1] == $user->getRequest()->getIP();
192		case APCOND_IPINRANGE:
193		return IP::isInRange( $user->getRequest()->getIP(), $cond[1] );
194		case APCOND_BLOCKED:
195		return $user->isBlocked();
196		case APCOND_ISBOT:
197		return in_array( 'bot', User::getGroupPermissions( $user->getGroups() ) );
198		default:
199		$result = null;
200		Hooks::run( 'AutopromoteCondition', [ $cond[0],
201		array_slice( $cond, 1 ), $user, &$result ] );
202		if ( $result === null ) {
203		throw new MWException( "Unrecognized condition {$cond[0]} for autopromotion!" );
204		}
205
206		return (bool)$result;
207		}
208		}
209		}
210

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

includes/Autopromote.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like