From: [email protected] [mailto:[email protected]] On Behalf Of Dee Johnson Sent: Tuesday, October 18, 2011 7:27 PM To: [email protected] Subject: cakephp and security Hi all, I scanned a cake project with a security program called fortify and it came back with 181 errors associated with using the "extract" function in the core. Explanation below: Possible Variable Overwrite: Global Scope (Input Validation and Representation, Structural) The program invokes a function that can overwrite global variables, which can open the door for attackers. example is line 870 of configure.php function import($type = null, $name = null, $parent = true, $search = array(), $file = null, $return = false) { $plugin = $directory = null; if (is_array($type)) { extract($type, EXTR_OVERWRITE); } if (is_array($parent)) { extract($parent, EXTR_OVERWRITE); } The application suggests that in all instances where "extract" is used, to use the argument 'EXTR_SKIP'. Since this would be in place of EXTR_OVERWRITE I was wondering if this would cause any issues considering this is the core and all... ??? Thoughts? Full explanation below source - Recommendations: Prevent functions that can overwrite global variables from doing so in the following ways: - Invoke mb_parse_str(string $encoded_string [, array &$result ]) with the second argument, which captures the result of the operation and prevents the function from overwriting global variables. - Invoke extract(array $var_array [, int $extract_type [, string $prefix]]) with the second argument set to EXTR_SKIP, which prevents the function from overwriting global variables that are already defined. Example 2: The following code uses a second argument to mb_parse_str() to mitigate the vulnerability from Example 1. <?php $first="User"; ... $str = $_SERVER['QUERY_STRING']; mb_parse_str($str, $output); echo $first; ?> References: [1] CWE ID 473, Standards Mapping - Common Weakness Enumeration - (CWE) -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php?hl=en.
