Issues in Pingback.php (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/Pingback.php (1 issue)

Labels

Coding Style 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Send information about this MediaWiki instance to MediaWiki.org.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 */

use Psr\Log\LoggerInterface;
use MediaWiki\Logger\LoggerFactory;

/**
 * Send information about this MediaWiki instance to MediaWiki.org.
 *
 * @since 1.28
 */
class Pingback {

	/**
	 * @var int Revision ID of the JSON schema that describes the pingback
	 *   payload. The schema lives on MetaWiki, at
	 *   <https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback>.
	 */
	const SCHEMA_REV = 15781718;

	/** @var LoggerInterface */
	protected $logger;

	/** @var Config */
	protected $config;

	/** @var string updatelog key (also used as cache/db lock key) */
	protected $key;

	/** @var string Randomly-generated identifier for this wiki */
	protected $id;

	/**
	 * @param Config $config
	 * @param LoggerInterface $logger
	 */
	public function __construct( Config $config = null, LoggerInterface $logger = null ) {
		$this->config = $config ?: RequestContext::getMain()->getConfig();
		$this->logger = $logger ?: LoggerFactory::getInstance( __CLASS__ );
		$this->key = 'Pingback-' . $this->config->get( 'Version' );
	}

	/**
	 * Should a pingback be sent?
	 * @return bool
	 */
	private function shouldSend() {
		return $this->config->get( 'Pingback' ) && !$this->checkIfSent();
	}

	/**
	 * Has a pingback already been sent for this MediaWiki version?
	 * @return bool
	 */
	private function checkIfSent() {
		$dbr = wfGetDB( DB_REPLICA );
		$sent = $dbr->selectField(
			'updatelog', '1', [ 'ul_key' => $this->key ], __METHOD__ );
		return $sent !== false;
	}

	/**
	 * Record the fact that we have sent a pingback for this MediaWiki version,
	 * to ensure we don't submit data multiple times.
	 */
	private function markSent() {
		$dbw = wfGetDB( DB_MASTER );
		return $dbw->insert(
			'updatelog', [ 'ul_key' => $this->key ], __METHOD__, 'IGNORE' );
	}

	/**
	 * Acquire lock for sending a pingback
	 *
	 * This ensures only one thread can attempt to send a pingback at any given
	 * time and that we wait an hour before retrying failed attempts.
	 *
	 * @return bool Whether lock was acquired
	 */
	private function acquireLock() {
		$cache = ObjectCache::getLocalClusterInstance();
		if ( !$cache->add( $this->key, 1, 60 * 60 ) ) {
			return false;  // throttled
		}

		$dbw = wfGetDB( DB_MASTER );
		if ( !$dbw->lock( $this->key, __METHOD__, 0 ) ) {
			return false;  // already in progress
		}

		return true;
	}

	/**
	 * Collect basic data about this MediaWiki installation and return it
	 * as an associative array conforming to the Pingback schema on MetaWiki
	 * (<https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback>).
	 *
	 * This is public so we can display it in the installer
	 *
	 * Developers: If you're adding a new piece of data to this, please ensure
	 * that you update https://www.mediawiki.org/wiki/Manual:$wgPingback
	 *
	 * @return array
	 */
	public function getSystemInfo() {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
		$event = [
			'database'   => $this->config->get( 'DBtype' ),
			'MediaWiki'  => $this->config->get( 'Version' ),
			'PHP'        => PHP_VERSION,
			'OS'         => PHP_OS . ' ' . php_uname( 'r' ),
			'arch'       => PHP_INT_SIZE === 8 ? 64 : 32,
			'machine'    => php_uname( 'm' ),
		];

		if ( isset( $_SERVER['SERVER_SOFTWARE'] ) ) {
			$event['serverSoftware'] = $_SERVER['SERVER_SOFTWARE'];
		}

		$limit = ini_get( 'memory_limit' );
		if ( $limit && $limit != -1 ) {
			$event['memoryLimit'] = $limit;
		}

		return $event;
	}

	/**
	 * Get the EventLogging packet to be sent to the server
	 *
	 * @return array
	 */
	private function getData() {
		return [
			'schema'           => 'MediaWikiPingback',
			'revision'         => self::SCHEMA_REV,
			'wiki'             => $this->getOrCreatePingbackId(),
			'event'            => $this->getSystemInfo(),
		];
	}

	/**
	 * Get a unique, stable identifier for this wiki
	 *
	 * If the identifier does not already exist, create it and save it in the
	 * database. The identifier is randomly-generated.
	 *
	 * @return string 32-character hex string
	 */
	private function getOrCreatePingbackId() {
		if ( !$this->id ) {
			$id = wfGetDB( DB_REPLICA )->selectField(
				'updatelog', 'ul_value', [ 'ul_key' => 'PingBack' ] );

			if ( $id == false ) {
				$id = MWCryptRand::generateHex( 32 );
				$dbw = wfGetDB( DB_MASTER );
				$dbw->insert(
					'updatelog',
					[ 'ul_key' => 'PingBack', 'ul_value' => $id ],
					__METHOD__,
					'IGNORE'
				);

				if ( !$dbw->affectedRows() ) {
					$id = $dbw->selectField(
						'updatelog', 'ul_value', [ 'ul_key' => 'PingBack' ] );
				}
			}

			$this->id = $id;
		}

		return $this->id;
	}

	/**
	 * Serialize pingback data and send it to MediaWiki.org via a POST
	 * to its event beacon endpoint.
	 *
	 * The data encoding conforms to the expectations of EventLogging,
	 * a software suite used by the Wikimedia Foundation for logging and
	 * processing analytic data.
	 *
	 * Compare:
	 * <https://github.com/wikimedia/mediawiki-extensions-EventLogging/
	 *   blob/7e5fe4f1ef/includes/EventLogging.php#L32-L74>
	 *
	 * @param array $data Pingback data as an associative array
	 * @return bool true on success, false on failure
	 */
	private function postPingback( array $data ) {
		$json = FormatJson::encode( $data );
		$queryString = rawurlencode( str_replace( ' ', '\u0020', $json ) ) . ';';
		$url = 'https://www.mediawiki.org/beacon/event?' . $queryString;
		return Http::post( $url ) !== false;
	}

	/**
	 * Send information about this MediaWiki instance to MediaWiki.org.
	 *
	 * The data is structured and serialized to match the expectations of
	 * EventLogging, a software suite used by the Wikimedia Foundation for
	 * logging and processing analytic data.
	 *
	 * Compare:
	 * <https://github.com/wikimedia/mediawiki-extensions-EventLogging/
	 *   blob/7e5fe4f1ef/includes/EventLogging.php#L32-L74>
	 *
	 * The schema for the data is located at:
	 * <https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback>
	 */
	public function sendPingback() {
		if ( !$this->acquireLock() ) {
			$this->logger->debug( __METHOD__ . ": couldn't acquire lock" );
			return false;
		}

		$data = $this->getData();
		if ( !$this->postPingback( $data ) ) {
			$this->logger->warning( __METHOD__ . ": failed to send pingback; check 'http' log" );
			return false;
		}

		$this->markSent();
		$this->logger->debug( __METHOD__ . ": pingback sent OK ({$this->key})" );
		return true;
	}

	/**
	 * Schedule a deferred callable that will check if a pingback should be
	 * sent and (if so) proceed to send it.
	 */
	public static function schedulePingback() {
		DeferredUpdates::addCallableUpdate( function () {
			$instance = new Pingback;
			if ( $instance->shouldSend() ) {
				$instance->sendPingback();
			}
		} );
	}
}


1			<?php
2			/**
3			* Send information about this MediaWiki instance to MediaWiki.org.
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License along
16			* with this program; if not, write to the Free Software Foundation, Inc.,
17			* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18			* http://www.gnu.org/copyleft/gpl.html
19			*
20			* @file
21			*/
22
23			use Psr\Log\LoggerInterface;
24			use MediaWiki\Logger\LoggerFactory;
25
26			/**
27			* Send information about this MediaWiki instance to MediaWiki.org.
28			*
29			* @since 1.28
30			*/
31			class Pingback {
32
33			/**
34			* @var int Revision ID of the JSON schema that describes the pingback
35			* payload. The schema lives on MetaWiki, at
36			* <https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback>.
37			*/
38			const SCHEMA_REV = 15781718;
39
40			/** @var LoggerInterface */
41			protected $logger;
42
43			/** @var Config */
44			protected $config;
45
46			/** @var string updatelog key (also used as cache/db lock key) */
47			protected $key;
48
49			/** @var string Randomly-generated identifier for this wiki */
50			protected $id;
51
52			/**
53			* @param Config $config
54			* @param LoggerInterface $logger
55			*/
56			public function __construct( Config $config = null, LoggerInterface $logger = null ) {
57			$this->config = $config ?: RequestContext::getMain()->getConfig();
58			$this->logger = $logger ?: LoggerFactory::getInstance( __CLASS__ );
59			$this->key = 'Pingback-' . $this->config->get( 'Version' );
60			}
61
62			/**
63			* Should a pingback be sent?
64			* @return bool
65			*/
66			private function shouldSend() {
67			return $this->config->get( 'Pingback' ) && !$this->checkIfSent();
68			}
69
70			/**
71			* Has a pingback already been sent for this MediaWiki version?
72			* @return bool
73			*/
74			private function checkIfSent() {
75			$dbr = wfGetDB( DB_REPLICA );
76			$sent = $dbr->selectField(
77			'updatelog', '1', [ 'ul_key' => $this->key ], __METHOD__ );
78			return $sent !== false;
79			}
80
81			/**
82			* Record the fact that we have sent a pingback for this MediaWiki version,
83			* to ensure we don't submit data multiple times.
84			*/
85			private function markSent() {
86			$dbw = wfGetDB( DB_MASTER );
87			return $dbw->insert(
88			'updatelog', [ 'ul_key' => $this->key ], __METHOD__, 'IGNORE' );
89			}
90
91			/**
92			* Acquire lock for sending a pingback
93			*
94			* This ensures only one thread can attempt to send a pingback at any given
95			* time and that we wait an hour before retrying failed attempts.
96			*
97			* @return bool Whether lock was acquired
98			*/
99			private function acquireLock() {
100			$cache = ObjectCache::getLocalClusterInstance();
101			if ( !$cache->add( $this->key, 1, 60 * 60 ) ) {
102			return false; // throttled
103			}
104
105			$dbw = wfGetDB( DB_MASTER );
106			if ( !$dbw->lock( $this->key, __METHOD__, 0 ) ) {
107			return false; // already in progress
108			}
109
110			return true;
111			}
112
113			/**
114			* Collect basic data about this MediaWiki installation and return it
115			* as an associative array conforming to the Pingback schema on MetaWiki
116			* (<https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback>).
117			*
118			* This is public so we can display it in the installer
119			*
120			* Developers: If you're adding a new piece of data to this, please ensure
121			* that you update https://www.mediawiki.org/wiki/Manual:$wgPingback
122			*
123			* @return array
124			*/
125			public function getSystemInfo() {
			0 ignored issues – show Coding Style introduced 2016-07-23 17:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this `getSystemInfo` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
126			$event = [
127			'database' => $this->config->get( 'DBtype' ),
128			'MediaWiki' => $this->config->get( 'Version' ),
129			'PHP' => PHP_VERSION,
130			'OS' => PHP_OS . ' ' . php_uname( 'r' ),
131			'arch' => PHP_INT_SIZE === 8 ? 64 : 32,
132			'machine' => php_uname( 'm' ),
133			];
134
135			if ( isset( $_SERVER['SERVER_SOFTWARE'] ) ) {
136			$event['serverSoftware'] = $_SERVER['SERVER_SOFTWARE'];
137			}
138
139			$limit = ini_get( 'memory_limit' );
140			if ( $limit && $limit != -1 ) {
141			$event['memoryLimit'] = $limit;
142			}
143
144			return $event;
145			}
146
147			/**
148			* Get the EventLogging packet to be sent to the server
149			*
150			* @return array
151			*/
152			private function getData() {
153			return [
154			'schema' => 'MediaWikiPingback',
155			'revision' => self::SCHEMA_REV,
156			'wiki' => $this->getOrCreatePingbackId(),
157			'event' => $this->getSystemInfo(),
158			];
159			}
160
161			/**
162			* Get a unique, stable identifier for this wiki
163			*
164			* If the identifier does not already exist, create it and save it in the
165			* database. The identifier is randomly-generated.
166			*
167			* @return string 32-character hex string
168			*/
169			private function getOrCreatePingbackId() {
170			if ( !$this->id ) {
171			$id = wfGetDB( DB_REPLICA )->selectField(
172			'updatelog', 'ul_value', [ 'ul_key' => 'PingBack' ] );
173
174			if ( $id == false ) {
175			$id = MWCryptRand::generateHex( 32 );
176			$dbw = wfGetDB( DB_MASTER );
177			$dbw->insert(
178			'updatelog',
179			[ 'ul_key' => 'PingBack', 'ul_value' => $id ],
180			__METHOD__,
181			'IGNORE'
182			);
183
184			if ( !$dbw->affectedRows() ) {
185			$id = $dbw->selectField(
186			'updatelog', 'ul_value', [ 'ul_key' => 'PingBack' ] );
187			}
188			}
189
190			$this->id = $id;
191			}
192
193			return $this->id;
194			}
195
196			/**
197			* Serialize pingback data and send it to MediaWiki.org via a POST
198			* to its event beacon endpoint.
199			*
200			* The data encoding conforms to the expectations of EventLogging,
201			* a software suite used by the Wikimedia Foundation for logging and
202			* processing analytic data.
203			*
204			* Compare:
205			* <https://github.com/wikimedia/mediawiki-extensions-EventLogging/
206			* blob/7e5fe4f1ef/includes/EventLogging.php#L32-L74>
207			*
208			* @param array $data Pingback data as an associative array
209			* @return bool true on success, false on failure
210			*/
211			private function postPingback( array $data ) {
212			$json = FormatJson::encode( $data );
213			$queryString = rawurlencode( str_replace( ' ', '\u0020', $json ) ) . ';';
214			$url = 'https://www.mediawiki.org/beacon/event?' . $queryString;
215			return Http::post( $url ) !== false;
216			}
217
218			/**
219			* Send information about this MediaWiki instance to MediaWiki.org.
220			*
221			* The data is structured and serialized to match the expectations of
222			* EventLogging, a software suite used by the Wikimedia Foundation for
223			* logging and processing analytic data.
224			*
225			* Compare:
226			* <https://github.com/wikimedia/mediawiki-extensions-EventLogging/
227			* blob/7e5fe4f1ef/includes/EventLogging.php#L32-L74>
228			*
229			* The schema for the data is located at:
230			* <https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback>
231			*/
232			public function sendPingback() {
233			if ( !$this->acquireLock() ) {
234			$this->logger->debug( __METHOD__ . ": couldn't acquire lock" );
235			return false;
236			}
237
238			$data = $this->getData();
239			if ( !$this->postPingback( $data ) ) {
240			$this->logger->warning( __METHOD__ . ": failed to send pingback; check 'http' log" );
241			return false;
242			}
243
244			$this->markSent();
245			$this->logger->debug( __METHOD__ . ": pingback sent OK ({$this->key})" );
246			return true;
247			}
248
249			/**
250			* Schedule a deferred callable that will check if a pingback should be
251			* sent and (if so) proceed to send it.
252			*/
253			public static function schedulePingback() {
254			DeferredUpdates::addCallableUpdate( function () {
255			$instance = new Pingback;
256			if ( $instance->shouldSend() ) {
257			$instance->sendPingback();
258			}
259			} );
260			}
261			}
262

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

includes/Pingback.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like