Issues in upgradeLogging.php (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

maintenance/archives/upgradeLogging.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Replication-safe online upgrade for log_id/log_deleted fields.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @ingroup MaintenanceArchive
 */

require __DIR__ . '/../commandLine.inc';

/**
 * Maintenance script that upgrade for log_id/log_deleted fields in a
 * replication-safe way.
 *
 * @ingroup Maintenance
 */
class UpdateLogging {

	/**
	 * @var Database
	 */
	public $dbw;
	public $batchSize = 1000;
	public $minTs = false;

	function execute() {
		$this->dbw = $this->getDB( DB_MASTER );

		$logging = $this->dbw->tableName( 'logging' );
		$logging_1_10 = $this->dbw->tableName( 'logging_1_10' );
		$logging_pre_1_10 = $this->dbw->tableName( 'logging_pre_1_10' );

		if ( $this->dbw->tableExists( 'logging_pre_1_10' ) && !$this->dbw->tableExists( 'logging' ) ) {
			# Fix previous aborted run
			echo "Cleaning up from previous aborted run\n";
			$this->dbw->query( "RENAME TABLE $logging_pre_1_10 TO $logging", __METHOD__ );
		}

		if ( $this->dbw->tableExists( 'logging_pre_1_10' ) ) {
			echo "This script has already been run to completion\n";

			return;
		}

		# Create the target table
		if ( !$this->dbw->tableExists( 'logging_1_10' ) ) {
			global $wgDBTableOptions;

			$sql = <<<EOT
CREATE TABLE $logging_1_10 (
  -- Log ID, for referring to this specific log entry, probably for deletion and such.
  log_id int unsigned NOT NULL auto_increment,

  -- Symbolic keys for the general log type and the action type
  -- within the log. The output format will be controlled by the
  -- action field, but only the type controls categorization.
  log_type varbinary(10) NOT NULL default '',
  log_action varbinary(10) NOT NULL default '',

  -- Timestamp. Duh.
  log_timestamp binary(14) NOT NULL default '19700101000000',

  -- The user who performed this action; key to user_id
  log_user int unsigned NOT NULL default 0,

  -- Key to the page affected. Where a user is the target,
  -- this will point to the user page.
  log_namespace int NOT NULL default 0,
  log_title varchar(255) binary NOT NULL default '',

  -- Freeform text. Interpreted as edit history comments.
  log_comment varchar(255) NOT NULL default '',

  -- LF separated list of miscellaneous parameters
  log_params blob NOT NULL,

  -- rev_deleted for logs
  log_deleted tinyint unsigned NOT NULL default '0',

  PRIMARY KEY log_id (log_id),
  KEY type_time (log_type, log_timestamp),
  KEY user_time (log_user, log_timestamp),
  KEY page_time (log_namespace, log_title, log_timestamp),
  KEY times (log_timestamp)

) $wgDBTableOptions
EOT;
			echo "Creating table logging_1_10\n";
			$this->dbw->query( $sql, __METHOD__ );
		}

		# Synchronise the tables
		echo "Doing initial sync...\n";
		$this->sync( 'logging', 'logging_1_10' );
		echo "Sync done\n\n";

		# Rename the old table away
		echo "Renaming the old table to $logging_pre_1_10\n";
		$this->dbw->query( "RENAME TABLE $logging TO $logging_pre_1_10", __METHOD__ );

		# Copy remaining old rows
		# Done before the new table is active so that $copyPos is accurate
		echo "Doing final sync...\n";
		$this->sync( 'logging_pre_1_10', 'logging_1_10' );

		# Move the new table in
		echo "Moving the new table in...\n";
		$this->dbw->query( "RENAME TABLE $logging_1_10 TO $logging", __METHOD__ );
		echo "Finished.\n";
	}

	/**
	 * Copy all rows from $srcTable to $dstTable
	 * @param string $srcTable
	 * @param string $dstTable
	 */
	function sync( $srcTable, $dstTable ) {
		$batchSize = 1000;
		$minTs = $this->dbw->selectField( $srcTable, 'MIN(log_timestamp)', false, __METHOD__ );
		$minTsUnix = wfTimestamp( TS_UNIX, $minTs );
		$numRowsCopied = 0;

		while ( true ) {
			$maxTs = $this->dbw->selectField( $srcTable, 'MAX(log_timestamp)', false, __METHOD__ );
			$copyPos = $this->dbw->selectField( $dstTable, 'MAX(log_timestamp)', false, __METHOD__ );
			$maxTsUnix = wfTimestamp( TS_UNIX, $maxTs );
			$copyPosUnix = wfTimestamp( TS_UNIX, $copyPos );

			if ( $copyPos === null ) {
				$percent = 0;
			} else {
				$percent = ( $copyPosUnix - $minTsUnix ) / ( $maxTsUnix - $minTsUnix ) * 100;
			}
			printf( "%s  %.2f%%\n", $copyPos, $percent );

			# Handle all entries with timestamp equal to $copyPos
			if ( $copyPos !== null ) {
				$numRowsCopied += $this->copyExactMatch( $srcTable, $dstTable, $copyPos );
			}

			# Now copy a batch of rows
			if ( $copyPos === null ) {
				$conds = false;
			} else {
				$conds = [ 'log_timestamp > ' . $this->dbw->addQuotes( $copyPos ) ];
			}
			$srcRes = $this->dbw->select( $srcTable, '*', $conds, __METHOD__,
				[ 'LIMIT' => $batchSize, 'ORDER BY' => 'log_timestamp' ] );

			if ( !$srcRes->numRows() ) {
				# All done
				break;
			}

			$batch = [];
			foreach ( $srcRes as $srcRow ) {
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
				$batch[] = (array)$srcRow;
			}
			$this->dbw->insert( $dstTable, $batch, __METHOD__ );
			$numRowsCopied += count( $batch );

			wfWaitForSlaves();

		}
		echo "Copied $numRowsCopied rows\n";
	}

	function copyExactMatch( $srcTable, $dstTable, $copyPos ) {
		$numRowsCopied = 0;
		$srcRes = $this->dbw->select( $srcTable, '*', [ 'log_timestamp' => $copyPos ], __METHOD__ );
		$dstRes = $this->dbw->select( $dstTable, '*', [ 'log_timestamp' => $copyPos ], __METHOD__ );

		if ( $srcRes->numRows() ) {
			$srcRow = $srcRes->fetchObject();
			$srcFields = array_keys( (array)$srcRow );
			$srcRes->seek( 0 );
			$dstRowsSeen = [];

			# Make a hashtable of rows that already exist in the destination
			foreach ( $dstRes as $dstRow ) {
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
				$reducedDstRow = [];
				foreach ( $srcFields as $field ) {
					$reducedDstRow[$field] = $dstRow->$field;
				}
				$hash = md5( serialize( $reducedDstRow ) );
				$dstRowsSeen[$hash] = true;
			}

			# Copy all the source rows that aren't already in the destination
			foreach ( $srcRes as $srcRow ) {
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
				$hash = md5( serialize( (array)$srcRow ) );
				if ( !isset( $dstRowsSeen[$hash] ) ) {
					$this->dbw->insert( $dstTable, (array)$srcRow, __METHOD__ );
					$numRowsCopied++;
				}
			}
		}

		return $numRowsCopied;
	}
}

$ul = new UpdateLogging;
$ul->execute();


1			<?php
			0 ignored issues – show Coding Style Compatibility introduced 2016-02-23 18:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 32 and the first side effect is on line 24. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2			/**
3			* Replication-safe online upgrade for log_id/log_deleted fields.
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License along
16			* with this program; if not, write to the Free Software Foundation, Inc.,
17			* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18			* http://www.gnu.org/copyleft/gpl.html
19			*
20			* @file
21			* @ingroup MaintenanceArchive
22			*/
23
24			require __DIR__ . '/../commandLine.inc';
25
26			/**
27			* Maintenance script that upgrade for log_id/log_deleted fields in a
28			* replication-safe way.
29			*
30			* @ingroup Maintenance
31			*/
32			class UpdateLogging {
33
34			/**
35			* @var Database
36			*/
37			public $dbw;
38			public $batchSize = 1000;
39			public $minTs = false;
40
41			function execute() {
42			$this->dbw = $this->getDB( DB_MASTER );
			0 ignored issues – show Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getDB()` does not seem to exist on `object<UpdateLogging>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
43			$logging = $this->dbw->tableName( 'logging' );
44			$logging_1_10 = $this->dbw->tableName( 'logging_1_10' );
45			$logging_pre_1_10 = $this->dbw->tableName( 'logging_pre_1_10' );
46
47			if ( $this->dbw->tableExists( 'logging_pre_1_10' ) && !$this->dbw->tableExists( 'logging' ) ) {
48			# Fix previous aborted run
49			echo "Cleaning up from previous aborted run\n";
50			$this->dbw->query( "RENAME TABLE $logging_pre_1_10 TO $logging", __METHOD__ );
51			}
52
53			if ( $this->dbw->tableExists( 'logging_pre_1_10' ) ) {
54			echo "This script has already been run to completion\n";
55
56			return;
57			}
58
59			# Create the target table
60			if ( !$this->dbw->tableExists( 'logging_1_10' ) ) {
61			global $wgDBTableOptions;
62
63			$sql = <<<EOT
64			CREATE TABLE $logging_1_10 (
65			-- Log ID, for referring to this specific log entry, probably for deletion and such.
66			log_id int unsigned NOT NULL auto_increment,
67
68			-- Symbolic keys for the general log type and the action type
69			-- within the log. The output format will be controlled by the
70			-- action field, but only the type controls categorization.
71			log_type varbinary(10) NOT NULL default '',
72			log_action varbinary(10) NOT NULL default '',
73
74			-- Timestamp. Duh.
75			log_timestamp binary(14) NOT NULL default '19700101000000',
76
77			-- The user who performed this action; key to user_id
78			log_user int unsigned NOT NULL default 0,
79
80			-- Key to the page affected. Where a user is the target,
81			-- this will point to the user page.
82			log_namespace int NOT NULL default 0,
83			log_title varchar(255) binary NOT NULL default '',
84
85			-- Freeform text. Interpreted as edit history comments.
86			log_comment varchar(255) NOT NULL default '',
87
88			-- LF separated list of miscellaneous parameters
89			log_params blob NOT NULL,
90
91			-- rev_deleted for logs
92			log_deleted tinyint unsigned NOT NULL default '0',
93
94			PRIMARY KEY log_id (log_id),
95			KEY type_time (log_type, log_timestamp),
96			KEY user_time (log_user, log_timestamp),
97			KEY page_time (log_namespace, log_title, log_timestamp),
98			KEY times (log_timestamp)
99
100			) $wgDBTableOptions
101			EOT;
102			echo "Creating table logging_1_10\n";
103			$this->dbw->query( $sql, __METHOD__ );
104			}
105
106			# Synchronise the tables
107			echo "Doing initial sync...\n";
108			$this->sync( 'logging', 'logging_1_10' );
109			echo "Sync done\n\n";
110
111			# Rename the old table away
112			echo "Renaming the old table to $logging_pre_1_10\n";
113			$this->dbw->query( "RENAME TABLE $logging TO $logging_pre_1_10", __METHOD__ );
114
115			# Copy remaining old rows
116			# Done before the new table is active so that $copyPos is accurate
117			echo "Doing final sync...\n";
118			$this->sync( 'logging_pre_1_10', 'logging_1_10' );
119
120			# Move the new table in
121			echo "Moving the new table in...\n";
122			$this->dbw->query( "RENAME TABLE $logging_1_10 TO $logging", __METHOD__ );
123			echo "Finished.\n";
124			}
125
126			/**
127			* Copy all rows from $srcTable to $dstTable
128			* @param string $srcTable
129			* @param string $dstTable
130			*/
131			function sync( $srcTable, $dstTable ) {
132			$batchSize = 1000;
133			$minTs = $this->dbw->selectField( $srcTable, 'MIN(log_timestamp)', false, __METHOD__ );
134			$minTsUnix = wfTimestamp( TS_UNIX, $minTs );
135			$numRowsCopied = 0;
136
137			while ( true ) {
138			$maxTs = $this->dbw->selectField( $srcTable, 'MAX(log_timestamp)', false, __METHOD__ );
139			$copyPos = $this->dbw->selectField( $dstTable, 'MAX(log_timestamp)', false, __METHOD__ );
140			$maxTsUnix = wfTimestamp( TS_UNIX, $maxTs );
141			$copyPosUnix = wfTimestamp( TS_UNIX, $copyPos );
142
143			if ( $copyPos === null ) {
144			$percent = 0;
145			} else {
146			$percent = ( $copyPosUnix - $minTsUnix ) / ( $maxTsUnix - $minTsUnix ) * 100;
147			}
148			printf( "%s %.2f%%\n", $copyPos, $percent );
149
150			# Handle all entries with timestamp equal to $copyPos
151			if ( $copyPos !== null ) {
152			$numRowsCopied += $this->copyExactMatch( $srcTable, $dstTable, $copyPos );
153			}
154
155			# Now copy a batch of rows
156			if ( $copyPos === null ) {
157			$conds = false;
158			} else {
159			$conds = [ 'log_timestamp > ' . $this->dbw->addQuotes( $copyPos ) ];
160			}
161			$srcRes = $this->dbw->select( $srcTable, '*', $conds, __METHOD__,
162			[ 'LIMIT' => $batchSize, 'ORDER BY' => 'log_timestamp' ] );
163
164			if ( !$srcRes->numRows() ) {
165			# All done
166			break;
167			}
168
169			$batch = [];
170			foreach ( $srcRes as $srcRow ) {
			0 ignored issues – show Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$srcRes` of type `object<ResultWrapper>\|boolean` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
171			$batch[] = (array)$srcRow;
172			}
173			$this->dbw->insert( $dstTable, $batch, __METHOD__ );
174			$numRowsCopied += count( $batch );
175
176			wfWaitForSlaves();
			0 ignored issues – show Deprecated Code introduced 2016-01-25 18:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `wfWaitForSlaves()` has been deprecated with message: since 1.27 Use LBFactory::waitForReplication This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
177			}
178			echo "Copied $numRowsCopied rows\n";
179			}
180
181			function copyExactMatch( $srcTable, $dstTable, $copyPos ) {
182			$numRowsCopied = 0;
183			$srcRes = $this->dbw->select( $srcTable, '*', [ 'log_timestamp' => $copyPos ], __METHOD__ );
184			$dstRes = $this->dbw->select( $dstTable, '*', [ 'log_timestamp' => $copyPos ], __METHOD__ );
185
186			if ( $srcRes->numRows() ) {
187			$srcRow = $srcRes->fetchObject();
188			$srcFields = array_keys( (array)$srcRow );
189			$srcRes->seek( 0 );
190			$dstRowsSeen = [];
191
192			# Make a hashtable of rows that already exist in the destination
193			foreach ( $dstRes as $dstRow ) {
			0 ignored issues – show Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$dstRes` of type `boolean\|object<ResultWrapper>` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
194			$reducedDstRow = [];
195			foreach ( $srcFields as $field ) {
196			$reducedDstRow[$field] = $dstRow->$field;
197			}
198			$hash = md5( serialize( $reducedDstRow ) );
199			$dstRowsSeen[$hash] = true;
200			}
201
202			# Copy all the source rows that aren't already in the destination
203			foreach ( $srcRes as $srcRow ) {
			0 ignored issues – show Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$srcRes` of type `boolean\|object<ResultWrapper>` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
204			$hash = md5( serialize( (array)$srcRow ) );
205			if ( !isset( $dstRowsSeen[$hash] ) ) {
206			$this->dbw->insert( $dstTable, (array)$srcRow, __METHOD__ );
207			$numRowsCopied++;
208			}
209			}
210			}
211
212			return $numRowsCopied;
213			}
214			}
215
216			$ul = new UpdateLogging;
217			$ul->execute();
218

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

maintenance/archives/upgradeLogging.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like