ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4787/php/rule.adoc
Fred Tingaud 51369b610e
Make sure that includes are always surrounded by empty lines (#2270) 
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
2023-06-22 10:38:01 +02:00

246 lines
7.3 KiB
Plaintext
Raw Permalink Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
Builtin functions
----
function myEncrypt($cipher, $key, $data, $mode, $iv, $options, $padding, $infile, $outfile, $recipcerts, $headers, $nonce, $ad, $pub_key_ids, $env_keys)
{
mcrypt_ecb ($cipher, $key, $data, $mode); // Sensitive
mcrypt_cfb($cipher, $key, $data, $mode, $iv); // Sensitive
mcrypt_cbc($cipher, $key, $data, $mode, $iv); // Sensitive
mcrypt_encrypt($cipher, $key, $data, $mode); // Sensitive
openssl_encrypt($data, $cipher, $key, $options, $iv); // Sensitive
openssl_public_encrypt($data, $crypted, $key, $padding); // Sensitive
openssl_pkcs7_encrypt($infile, $outfile, $recipcerts, $headers); // Sensitive
openssl_seal($data, $sealed_data, $env_keys, $pub_key_ids); // Sensitive
sodium_crypto_aead_aes256gcm_encrypt ($data, $ad, $nonce, $key); // Sensitive
sodium_crypto_aead_chacha20poly1305_encrypt ($data, $ad, $nonce, $key); // Sensitive
sodium_crypto_aead_chacha20poly1305_ietf_encrypt ($data, $ad, $nonce, $key); // Sensitive
sodium_crypto_aead_xchacha20poly1305_ietf_encrypt ($data, $ad, $nonce, $key); // Sensitive
sodium_crypto_box_seal ($data, $key); // Sensitive
sodium_crypto_box ($data, $nonce, $key); // Sensitive
sodium_crypto_secretbox ($data, $nonce, $key); // Sensitive
sodium_crypto_stream_xor ($data, $nonce, $key); // Sensitive
}
----
CakePHP
----
use Cake\Utility\Security;
function myCakeEncrypt($key, $data, $engine)
{
Security::encrypt($data, $key); // Sensitive
// Do not use custom made engines and remember that Mcrypt is deprecated.
Security::engine($engine); // Sensitive. Setting the encryption engine.
}
----
CodeIgniter
----
class EncryptionController extends CI_Controller
{
public function __construct()
{
parent::__construct();
$this->load->library('encryption');
}
public function index()
{
$this->encryption->create_key(16); // Sensitive. Review the key length.
$this->encryption->initialize( // Sensitive.
array(
'cipher' => 'aes-256',
'mode' => 'ctr',
'key' => 'the key',
)
);
$this->encryption->encrypt("mysecretdata"); // Sensitive.
}
}
----
CraftCMS version 3
----
use Craft;
// This is similar to Yii as it used by CraftCMS
function craftEncrypt($data, $key, $password) {
Craft::$app->security->encryptByKey($data, $key); // Sensitive
Craft::$app->getSecurity()->encryptByKey($data, $key); // Sensitive
Craft::$app->security->encryptByPassword($data, $password); // Sensitive
Craft::$app->getSecurity()->encryptByPassword($data, $password); // Sensitive
}
----
Drupal 7 - Encrypt module
----
function drupalEncrypt() {
$encrypted_text = encrypt('some string to encrypt'); // Sensitive
}
----
Joomla
----
use Joomla\Crypt\CipherInterface;
abstract class MyCipher implements CipherInterface // Sensitive. Implementing custom cipher class
{}
function joomlaEncrypt() {
new Joomla\Crypt\Cipher_Sodium(); // Sensitive
new Joomla\Crypt\Cipher_Simple(); // Sensitive
new Joomla\Crypt\Cipher_Rijndael256(); // Sensitive
new Joomla\Crypt\Cipher_Crypto(); // Sensitive
new Joomla\Crypt\Cipher_Blowfish(); // Sensitive
new Joomla\Crypt\Cipher_3DES(); // Sensitive
}
}
----
Laravel
----
use Illuminate\Support\Facades\Crypt;
function myLaravelEncrypt($data)
{
Crypt::encryptString($data); // Sensitive
Crypt::encrypt($data); // Sensitive
// encrypt using the Laravel "encrypt" helper
encrypt($data); // Sensitive
}
----
PHP-Encryption library
----
use Defuse\Crypto\Crypto;
use Defuse\Crypto\File;
function mypPhpEncryption($data, $key, $password, $inputFilename, $outputFilename, $inputHandle, $outputHandle) {
Crypto::encrypt($data, $key); // Sensitive
Crypto::encryptWithPassword($data, $password); // Sensitive
File::encryptFile($inputFilename, $outputFilename, $key); // Sensitive
File::encryptFileWithPassword($inputFilename, $outputFilename, $password); // Sensitive
File::encryptResource($inputHandle, $outputHandle, $key); // Sensitive
File::encryptResourceWithPassword($inputHandle, $outputHandle, $password); // Sensitive
}
----
PhpSecLib
----
function myphpseclib($mode) {
new phpseclib\Crypt\RSA(); // Sensitive. Note: RSA can also be used for signing data.
new phpseclib\Crypt\AES(); // Sensitive
new phpseclib\Crypt\Rijndael(); // Sensitive
new phpseclib\Crypt\Twofish(); // Sensitive
new phpseclib\Crypt\Blowfish(); // Sensitive
new phpseclib\Crypt\RC4(); // Sensitive
new phpseclib\Crypt\RC2(); // Sensitive
new phpseclib\Crypt\TripleDES(); // Sensitive
new phpseclib\Crypt\DES(); // Sensitive
new phpseclib\Crypt\AES($mode); // Sensitive
new phpseclib\Crypt\Rijndael($mode); // Sensitive
new phpseclib\Crypt\TripleDES($mode); // Sensitive
new phpseclib\Crypt\DES($mode); // Sensitive
}
----
Sodium Compat library
----
function mySodiumCompatEncrypt($data, $ad, $nonce, $key) {
ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_encrypt($data, $ad, $nonce, $key); // Sensitive
ParagonIE_Sodium_Compat::crypto_aead_xchacha20poly1305_ietf_encrypt($data, $ad, $nonce, $key); // Sensitive
ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_encrypt($data, $ad, $nonce, $key); // Sensitive
ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_encrypt($data, $ad, $nonce, $key); // Sensitive
ParagonIE_Sodium_Compat::crypto_box($data, $nonce, $key); // Sensitive
ParagonIE_Sodium_Compat::crypto_secretbox($data, $nonce, $key); // Sensitive
ParagonIE_Sodium_Compat::crypto_box_seal($data, $key); // Sensitive
ParagonIE_Sodium_Compat::crypto_secretbox_xchacha20poly1305($data, $nonce, $key); // Sensitive
}
----
Yii version 2
----
use Yii;
// Similar to CraftCMS as it uses Yii
function YiiEncrypt($data, $key, $password) {
Yii::$app->security->encryptByKey($data, $key); // Sensitive
Yii::$app->getSecurity()->encryptByKey($data, $key); // Sensitive
Yii::$app->security->encryptByPassword($data, $password); // Sensitive
Yii::$app->getSecurity()->encryptByPassword($data, $password); // Sensitive
}
----
Zend
----
use Zend\Crypt\FileCipher;
use Zend\Crypt\PublicKey\DiffieHellman;
use Zend\Crypt\PublicKey\Rsa;
use Zend\Crypt\Hybrid;
use Zend\Crypt\BlockCipher;
function myZendEncrypt($key, $data, $prime, $options, $generator, $lib)
{
new FileCipher; // Sensitive. This is used to encrypt files
new DiffieHellman($prime, $generator, $key); // Sensitive
$rsa = Rsa::factory([ // Sensitive
'public_key' => 'public_key.pub',
'private_key' => 'private_key.pem',
'pass_phrase' => 'mypassphrase',
'binary_output' => false,
]);
$rsa->encrypt($data); // No issue raised here. The configuration of the Rsa object is the line to review.
$hybrid = new Hybrid(); // Sensitive
BlockCipher::factory($lib, $options); // Sensitive
}
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
include::../highlighting.adoc[]
'''
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink