Issues in CdnCacheUpdate.php (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/deferred/CdnCacheUpdate.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * CDN cache purging.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @ingroup Cache
 */

use Wikimedia\Assert\Assert;
use MediaWiki\MediaWikiServices;

/**
 * Handles purging appropriate CDN URLs given a title (or titles)
 * @ingroup Cache
 */
class CdnCacheUpdate implements DeferrableUpdate, MergeableUpdate {
	/** @var string[] Collection of URLs to purge */
	protected $urls = [];

	/**
	 * @param string[] $urlArr Collection of URLs to purge
	 */
	public function __construct( array $urlArr ) {
		$this->urls = $urlArr;
	}

	public function merge( MergeableUpdate $update ) {
		/** @var CdnCacheUpdate $update */
		Assert::parameterType( __CLASS__, $update, '$update' );

		$this->urls = array_merge( $this->urls, $update->urls );
	}

	/**
	 * Create an update object from an array of Title objects, or a TitleArray object
	 *
	 * @param Traversable|array $titles
	 * @param string[] $urlArr
	 * @return CdnCacheUpdate
	 */
	public static function newFromTitles( $titles, $urlArr = [] ) {
		/** @var Title $title */
		foreach ( $titles as $title ) {
			$urlArr = array_merge( $urlArr, $title->getCdnUrls() );
		}

		return new CdnCacheUpdate( $urlArr );
	}

	/**
	 * @param Title $title
	 * @return CdnCacheUpdate
	 * @deprecated since 1.27
	 */
	public static function newSimplePurge( Title $title ) {
		return new CdnCacheUpdate( $title->getCdnUrls() );
	}

	/**
	 * Purges the list of URLs passed to the constructor.
	 */
	public function doUpdate() {
		global $wgCdnReboundPurgeDelay;

		self::purge( $this->urls );

		if ( $wgCdnReboundPurgeDelay > 0 ) {
			JobQueueGroup::singleton()->lazyPush( new CdnPurgeJob(
				Title::makeTitle( NS_SPECIAL, 'Badtitle/' . __CLASS__ ),
				[
					'urls' => $this->urls,
					'jobReleaseTimestamp' => time() + $wgCdnReboundPurgeDelay
				]
			) );
		}
	}

	/**
	 * Purges a list of CDN nodes defined in $wgSquidServers.
	 * $urlArr should contain the full URLs to purge as values
	 * (example: $urlArr[] = 'http://my.host/something')
	 *
	 * @param string[] $urlArr List of full URLs to purge
	 */
	public static function purge( array $urlArr ) {
		global $wgSquidServers, $wgHTCPRouting;

		if ( !$urlArr ) {
			return;
		}

		// Remove duplicate URLs from list
		$urlArr = array_unique( $urlArr );

		wfDebugLog( 'squid', __METHOD__ . ': ' . implode( ' ', $urlArr ) );

		// Reliably broadcast the purge to all edge nodes
		$relayer = MediaWikiServices::getInstance()->getEventRelayerGroup()
					->getRelayer( 'cdn-url-purges' );
		$ts = microtime( true );
		$relayer->notifyMulti(
			'cdn-url-purges',
			array_map(
				function ( $url ) use ( $ts ) {
					return [
						'url' => $url,
						'timestamp' => $ts,
					];
				},
				$urlArr
			)
		);

		// Send lossy UDP broadcasting if enabled
		if ( $wgHTCPRouting ) {
			self::HTCPPurge( $urlArr );
		}

		// Do direct server purges if enabled (this does not scale very well)
		if ( $wgSquidServers ) {
			// Maximum number of parallel connections per squid
			$maxSocketsPerSquid = 8;
			// Number of requests to send per socket
			// 400 seems to be a good tradeoff, opening a socket takes a while
			$urlsPerSocket = 400;
			$socketsPerSquid = ceil( count( $urlArr ) / $urlsPerSocket );
			if ( $socketsPerSquid > $maxSocketsPerSquid ) {
				$socketsPerSquid = $maxSocketsPerSquid;
			}

			$pool = new SquidPurgeClientPool;
			$chunks = array_chunk( $urlArr, ceil( count( $urlArr ) / $socketsPerSquid ) );
			foreach ( $wgSquidServers as $server ) {
				foreach ( $chunks as $chunk ) {
					$client = new SquidPurgeClient( $server );
					foreach ( $chunk as $url ) {
						$client->queuePurge( $url );
					}
					$pool->addClient( $client );
				}
			}

			$pool->run();
		}
	}

	/**
	 * Send Hyper Text Caching Protocol (HTCP) CLR requests.
	 *
	 * @throws MWException
	 * @param string[] $urlArr Collection of URLs to purge
	 */
	private static function HTCPPurge( array $urlArr ) {
		global $wgHTCPRouting, $wgHTCPMulticastTTL;

		// HTCP CLR operation
		$htcpOpCLR = 4;

		// @todo FIXME: PHP doesn't support these socket constants (include/linux/in.h)
		if ( !defined( "IPPROTO_IP" ) ) {
			define( "IPPROTO_IP", 0 );
			define( "IP_MULTICAST_LOOP", 34 );
			define( "IP_MULTICAST_TTL", 33 );
		}

		// pfsockopen doesn't work because we need set_sock_opt
		$conn = socket_create( AF_INET, SOCK_DGRAM, SOL_UDP );
		if ( !$conn ) {
			$errstr = socket_strerror( socket_last_error() );
			wfDebugLog( 'squid', __METHOD__ .
				": Error opening UDP socket: $errstr" );

			return;
		}

		// Set socket options
		socket_set_option( $conn, IPPROTO_IP, IP_MULTICAST_LOOP, 0 );
		if ( $wgHTCPMulticastTTL != 1 ) {
			// Set multicast time to live (hop count) option on socket
			socket_set_option( $conn, IPPROTO_IP, IP_MULTICAST_TTL,
				$wgHTCPMulticastTTL );
		}

		// Get sequential trx IDs for packet loss counting
		$ids = UIDGenerator::newSequentialPerNodeIDs(
			'squidhtcppurge', 32, count( $urlArr ), UIDGenerator::QUICK_VOLATILE
		);

		foreach ( $urlArr as $url ) {
			if ( !is_string( $url ) ) {
				throw new MWException( 'Bad purge URL' );
			}
			$url = self::expand( $url );
			$conf = self::getRuleForURL( $url, $wgHTCPRouting );
<?php

function getDate($date)
{
    if ($date !== null) {
        return new DateTime($date);
    }

    return false;
}
			if ( !$conf ) {
				wfDebugLog( 'squid', __METHOD__ .
					"No HTCP rule configured for URL {$url} , skipping" );
				continue;
			}

			if ( isset( $conf['host'] ) && isset( $conf['port'] ) ) {
				// Normalize single entries
				$conf = [ $conf ];
			}
			foreach ( $conf as $subconf ) {
				if ( !isset( $subconf['host'] ) || !isset( $subconf['port'] ) ) {
					throw new MWException( "Invalid HTCP rule for URL $url\n" );
				}
			}

			// Construct a minimal HTCP request diagram
			// as per RFC 2756
			// Opcode 'CLR', no response desired, no auth
			$htcpTransID = current( $ids );
			next( $ids );

			$htcpSpecifier = pack( 'na4na*na8n',
				4, 'HEAD', strlen( $url ), $url,
				8, 'HTTP/1.0', 0 );

			$htcpDataLen = 8 + 2 + strlen( $htcpSpecifier );
			$htcpLen = 4 + $htcpDataLen + 2;

			// Note! Squid gets the bit order of the first
			// word wrong, wrt the RFC. Apparently no other
			// implementation exists, so adapt to Squid
			$htcpPacket = pack( 'nxxnCxNxxa*n',
				$htcpLen, $htcpDataLen, $htcpOpCLR,
				$htcpTransID, $htcpSpecifier, 2 );

			wfDebugLog( 'squid', __METHOD__ .
				"Purging URL $url via HTCP" );
			foreach ( $conf as $subconf ) {
				socket_sendto( $conn, $htcpPacket, $htcpLen, 0,
					$subconf['host'], $subconf['port'] );
			}
		}
	}

	/**
	 * Expand local URLs to fully-qualified URLs using the internal protocol
	 * and host defined in $wgInternalServer. Input that's already fully-
	 * qualified will be passed through unchanged.
	 *
	 * This is used to generate purge URLs that may be either local to the
	 * main wiki or include a non-native host, such as images hosted on a
	 * second internal server.
	 *
	 * Client functions should not need to call this.
	 *
	 * @param string $url
	 * @return string
	 */
	public static function expand( $url ) {
		return wfExpandUrl( $url, PROTO_INTERNAL );
	}

	/**
	 * Find the HTCP routing rule to use for a given URL.
	 * @param string $url URL to match
	 * @param array $rules Array of rules, see $wgHTCPRouting for format and behavior
	 * @return mixed Element of $rules that matched, or false if nothing matched
	 */
	private static function getRuleForURL( $url, $rules ) {
		foreach ( $rules as $regex => $routing ) {
			if ( $regex === '' || preg_match( $regex, $url ) ) {
				return $routing;
			}
		}

		return false;
	}
}

/**
 * @deprecated since 1.27
 */
class SquidUpdate extends CdnCacheUpdate {
	// Keep class name for b/c
}


1			<?php
2			/**
3			* CDN cache purging.
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License along
16			* with this program; if not, write to the Free Software Foundation, Inc.,
17			* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18			* http://www.gnu.org/copyleft/gpl.html
19			*
20			* @file
21			* @ingroup Cache
22			*/
23
24			use Wikimedia\Assert\Assert;
25			use MediaWiki\MediaWikiServices;
26
27			/**
28			* Handles purging appropriate CDN URLs given a title (or titles)
29			* @ingroup Cache
30			*/
31			class CdnCacheUpdate implements DeferrableUpdate, MergeableUpdate {
32			/** @var string[] Collection of URLs to purge */
33			protected $urls = [];
34
35			/**
36			* @param string[] $urlArr Collection of URLs to purge
37			*/
38			public function __construct( array $urlArr ) {
39			$this->urls = $urlArr;
40			}
41
42			public function merge( MergeableUpdate $update ) {
43			/** @var CdnCacheUpdate $update */
44			Assert::parameterType( __CLASS__, $update, '$update' );
45
46			$this->urls = array_merge( $this->urls, $update->urls );
47			}
48
49			/**
50			* Create an update object from an array of Title objects, or a TitleArray object
51			*
52			* @param Traversable\|array $titles
53			* @param string[] $urlArr
54			* @return CdnCacheUpdate
55			*/
56			public static function newFromTitles( $titles, $urlArr = [] ) {
57			/** @var Title $title */
58			foreach ( $titles as $title ) {
59			$urlArr = array_merge( $urlArr, $title->getCdnUrls() );
60			}
61
62			return new CdnCacheUpdate( $urlArr );
63			}
64
65			/**
66			* @param Title $title
67			* @return CdnCacheUpdate
68			* @deprecated since 1.27
69			*/
70			public static function newSimplePurge( Title $title ) {
71			return new CdnCacheUpdate( $title->getCdnUrls() );
72			}
73
74			/**
75			* Purges the list of URLs passed to the constructor.
76			*/
77			public function doUpdate() {
78			global $wgCdnReboundPurgeDelay;
79
80			self::purge( $this->urls );
81
82			if ( $wgCdnReboundPurgeDelay > 0 ) {
83			JobQueueGroup::singleton()->lazyPush( new CdnPurgeJob(
84			Title::makeTitle( NS_SPECIAL, 'Badtitle/' . __CLASS__ ),
85			[
86			'urls' => $this->urls,
87			'jobReleaseTimestamp' => time() + $wgCdnReboundPurgeDelay
88			]
89			) );
90			}
91			}
92
93			/**
94			* Purges a list of CDN nodes defined in $wgSquidServers.
95			* $urlArr should contain the full URLs to purge as values
96			* (example: $urlArr[] = 'http://my.host/something')
97			*
98			* @param string[] $urlArr List of full URLs to purge
99			*/
100			public static function purge( array $urlArr ) {
101			global $wgSquidServers, $wgHTCPRouting;
102
103			if ( !$urlArr ) {
104			return;
105			}
106
107			// Remove duplicate URLs from list
108			$urlArr = array_unique( $urlArr );
109
110			wfDebugLog( 'squid', __METHOD__ . ': ' . implode( ' ', $urlArr ) );
111
112			// Reliably broadcast the purge to all edge nodes
113			$relayer = MediaWikiServices::getInstance()->getEventRelayerGroup()
114			->getRelayer( 'cdn-url-purges' );
115			$ts = microtime( true );
116			$relayer->notifyMulti(
117			'cdn-url-purges',
118			array_map(
119			function ( $url ) use ( $ts ) {
120			return [
121			'url' => $url,
122			'timestamp' => $ts,
123			];
124			},
125			$urlArr
126			)
127			);
128
129			// Send lossy UDP broadcasting if enabled
130			if ( $wgHTCPRouting ) {
131			self::HTCPPurge( $urlArr );
132			}
133
134			// Do direct server purges if enabled (this does not scale very well)
135			if ( $wgSquidServers ) {
136			// Maximum number of parallel connections per squid
137			$maxSocketsPerSquid = 8;
138			// Number of requests to send per socket
139			// 400 seems to be a good tradeoff, opening a socket takes a while
140			$urlsPerSocket = 400;
141			$socketsPerSquid = ceil( count( $urlArr ) / $urlsPerSocket );
142			if ( $socketsPerSquid > $maxSocketsPerSquid ) {
143			$socketsPerSquid = $maxSocketsPerSquid;
144			}
145
146			$pool = new SquidPurgeClientPool;
147			$chunks = array_chunk( $urlArr, ceil( count( $urlArr ) / $socketsPerSquid ) );
148			foreach ( $wgSquidServers as $server ) {
149			foreach ( $chunks as $chunk ) {
150			$client = new SquidPurgeClient( $server );
151			foreach ( $chunk as $url ) {
152			$client->queuePurge( $url );
153			}
154			$pool->addClient( $client );
155			}
156			}
157
158			$pool->run();
159			}
160			}
161
162			/**
163			* Send Hyper Text Caching Protocol (HTCP) CLR requests.
164			*
165			* @throws MWException
166			* @param string[] $urlArr Collection of URLs to purge
167			*/
168			private static function HTCPPurge( array $urlArr ) {
169			global $wgHTCPRouting, $wgHTCPMulticastTTL;
170
171			// HTCP CLR operation
172			$htcpOpCLR = 4;
173
174			// @todo FIXME: PHP doesn't support these socket constants (include/linux/in.h)
175			if ( !defined( "IPPROTO_IP" ) ) {
176			define( "IPPROTO_IP", 0 );
177			define( "IP_MULTICAST_LOOP", 34 );
178			define( "IP_MULTICAST_TTL", 33 );
179			}
180
181			// pfsockopen doesn't work because we need set_sock_opt
182			$conn = socket_create( AF_INET, SOCK_DGRAM, SOL_UDP );
183			if ( !$conn ) {
184			$errstr = socket_strerror( socket_last_error() );
185			wfDebugLog( 'squid', __METHOD__ .
186			": Error opening UDP socket: $errstr" );
187
188			return;
189			}
190
191			// Set socket options
192			socket_set_option( $conn, IPPROTO_IP, IP_MULTICAST_LOOP, 0 );
193			if ( $wgHTCPMulticastTTL != 1 ) {
194			// Set multicast time to live (hop count) option on socket
195			socket_set_option( $conn, IPPROTO_IP, IP_MULTICAST_TTL,
196			$wgHTCPMulticastTTL );
197			}
198
199			// Get sequential trx IDs for packet loss counting
200			$ids = UIDGenerator::newSequentialPerNodeIDs(
201			'squidhtcppurge', 32, count( $urlArr ), UIDGenerator::QUICK_VOLATILE
202			);
203
204			foreach ( $urlArr as $url ) {
205			if ( !is_string( $url ) ) {
206			throw new MWException( 'Bad purge URL' );
207			}
208			$url = self::expand( $url );
209			$conf = self::getRuleForURL( $url, $wgHTCPRouting );
			0 ignored issues – show Security Bug introduced 2016-02-23 18:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$url` defined by `self::expand($url)` on line `208` can also be of type `false`; however, `CdnCacheUpdate::getRuleForURL()` does only seem to accept `string`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
210			if ( !$conf ) {
211			wfDebugLog( 'squid', __METHOD__ .
212			"No HTCP rule configured for URL {$url} , skipping" );
213			continue;
214			}
215
216			if ( isset( $conf['host'] ) && isset( $conf['port'] ) ) {
217			// Normalize single entries
218			$conf = [ $conf ];
219			}
220			foreach ( $conf as $subconf ) {
221			if ( !isset( $subconf['host'] ) \|\| !isset( $subconf['port'] ) ) {
222			throw new MWException( "Invalid HTCP rule for URL $url\n" );
223			}
224			}
225
226			// Construct a minimal HTCP request diagram
227			// as per RFC 2756
228			// Opcode 'CLR', no response desired, no auth
229			$htcpTransID = current( $ids );
230			next( $ids );
231
232			$htcpSpecifier = pack( 'na4na*na8n',
233			4, 'HEAD', strlen( $url ), $url,
234			8, 'HTTP/1.0', 0 );
235
236			$htcpDataLen = 8 + 2 + strlen( $htcpSpecifier );
237			$htcpLen = 4 + $htcpDataLen + 2;
238
239			// Note! Squid gets the bit order of the first
240			// word wrong, wrt the RFC. Apparently no other
241			// implementation exists, so adapt to Squid
242			$htcpPacket = pack( 'nxxnCxNxxa*n',
243			$htcpLen, $htcpDataLen, $htcpOpCLR,
244			$htcpTransID, $htcpSpecifier, 2 );
245
246			wfDebugLog( 'squid', __METHOD__ .
247			"Purging URL $url via HTCP" );
248			foreach ( $conf as $subconf ) {
249			socket_sendto( $conn, $htcpPacket, $htcpLen, 0,
250			$subconf['host'], $subconf['port'] );
251			}
252			}
253			}
254
255			/**
256			* Expand local URLs to fully-qualified URLs using the internal protocol
257			* and host defined in $wgInternalServer. Input that's already fully-
258			* qualified will be passed through unchanged.
259			*
260			* This is used to generate purge URLs that may be either local to the
261			* main wiki or include a non-native host, such as images hosted on a
262			* second internal server.
263			*
264			* Client functions should not need to call this.
265			*
266			* @param string $url
267			* @return string
268			*/
269			public static function expand( $url ) {
270			return wfExpandUrl( $url, PROTO_INTERNAL );
271			}
272
273			/**
274			* Find the HTCP routing rule to use for a given URL.
275			* @param string $url URL to match
276			* @param array $rules Array of rules, see $wgHTCPRouting for format and behavior
277			* @return mixed Element of $rules that matched, or false if nothing matched
278			*/
279			private static function getRuleForURL( $url, $rules ) {
280			foreach ( $rules as $regex => $routing ) {
281			if ( $regex === '' \|\| preg_match( $regex, $url ) ) {
282			return $routing;
283			}
284			}
285
286			return false;
287			}
288			}
289
290			/**
291			* @deprecated since 1.27
292			*/
293			class SquidUpdate extends CdnCacheUpdate {
294			// Keep class name for b/c
295			}
296

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

includes/deferred/CdnCacheUpdate.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like