ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4797/php/rule.adoc
Arseniy Zaostrovnykh 7ca29f686f Force linebreaks
2021-02-02 15:02:10 +01:00

65 lines
3.5 KiB
Plaintext
Raw Blame History

Handling files is security-sensitive. It has led in the past to the following vulnerabilities:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0358[CVE-2018-0358]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7560[CVE-2017-7560]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4015[CVE-2005-4015]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3835[CVE-2018-3835]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8008[CVE-2018-8008]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2320[CVE-2010-2320]
Any access to the file system can create a vulnerability. Exposing a file's content, path or even its existence or absence is dangerous. It is also extremely risky to create or write files without making sure that their permission and content is safe and controlled. Using a file path or reading a file content must be always done with caution as they could have been tampered with.
The file system is a resource which can be easily exhausted. Opening too many files will use up all file descriptors, preventing other software from opening files. Filling the storage space will also prevent any additional write from happening.
This rule raises an issue on http://php.net/manual/en/ref.filesystem.php[filesystem functions] which have a high impact on security and are often subject to injection. The goal is to guide manual security code reviews.
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
----
function handle_file($filename, $directory, $group, $data, $mode, $flags, $use_include_path, $pattern, $recursive, $context)
{
file_put_contents($filename, $data, $flags); // Sensitive
copy($filename, $filename); // Sensitive
tmpfile(); // Sensitive
parse_ini_file($filename); // Sensitive
// The following calls will raise an issue if and only if the $filename or $directory is not hardcoded
move_uploaded_file($filename, $filename); // Sensitive
rmdir($directory); // Sensitive
unlink($filename); // Sensitive
move_uploaded_file("mypath1", "mypath2"); // Compliant
rmdir("dir1"); // Compliant
unlink("dir2"); // Compliant
// The following functions can also be used to perform network requests (http, socket, ftp, etc...)
// in some case they won't raise issues, see below.
file_get_contents($filename, $use_include_path); // Sensitive
file($filename, $flags); // Sensitive
fopen($filename, $mode, $use_include_path); // Sensitive
readfile($filename, $use_include_path); // Sensitive
// No issue is raised if the source path, cleaned from prefixed wrappers (like 'rar://', 'zlib://', 'bzip2://', 'zip://', 'compress.zlib://',
// 'compress.bzip2://', 'glob://', 'ogg://') still contains '://' without starting by 'file://'
file_get_contents("zip://http://example.com/file.zip" $use_include_path); // Compliant
file("http://example.com", $flags); // Compliant
fopen("http://example.com", $mode, $use_include_path); // Compliant
readfile("http://example.com", $use_include_path); // Compliant
// No issue is created if a context is given as there is a high chance that it is not a filesystem access.
// Note that this will create some false negatives with "zip" contexts.
file_get_contents($filename, $use_include_path, $context); // Compliant
file($filename, $flags, $context); // Compliant
fopen($filename, $mode, $use_include_path, $context); // Compliant
readfile($filename, $use_include_path, $context); // Compliant
}
----
include::../see.adoc[]
Reference in New Issue View Git Blame Copy Permalink