From: [email protected] [mailto:[email protected]] On Behalf
Of Dee Johnson
Sent: Tuesday, October 18, 2011 7:27 PM
To: [email protected]
Subject: cakephp and security

 

Hi all, I scanned a cake project with a security program called fortify and
it came back with 181 errors associated with using the "extract" function in
the core.

Explanation below:
Possible Variable Overwrite: Global Scope (Input Validation and
Representation, Structural)

The program invokes a function that can overwrite global variables, which
can open the door for attackers.

example is line 870 of configure.php

    function import($type = null, $name = null, $parent = true, $search =
array(), $file = null, $return = false) {
        $plugin = $directory = null;

        if (is_array($type)) {
            extract($type, EXTR_OVERWRITE);
        }

        if (is_array($parent)) {
            extract($parent, EXTR_OVERWRITE);
        }

The application suggests that in all instances where "extract" is used, to
use the argument 'EXTR_SKIP'.  Since this would be in place of
EXTR_OVERWRITE I was wondering if this would cause any issues considering
this is the core and all... ???  Thoughts?  Full explanation below

source - 

Recommendations:
Prevent functions that can overwrite global variables from doing so in the
following ways:  

    - Invoke mb_parse_str(string $encoded_string [, array &$result ]) with
the second argument, which captures the result of the operation and prevents
the function from overwriting global variables.  

    - Invoke extract(array $var_array [, int $extract_type [, string
$prefix]]) with the second argument set to EXTR_SKIP, which prevents the
function from overwriting global variables that are already defined.  
    
Example 2: The following code uses a second argument to mb_parse_str() to
mitigate the vulnerability from Example 1. 

<?php
    $first="User";
    ...
    $str =  $_SERVER['QUERY_STRING'];
    mb_parse_str($str, $output);
    echo $first;
?>

References:

[1] CWE ID 473, Standards Mapping - Common Weakness Enumeration - (CWE)

-- 
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help
others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
Visit this group at http://groups.google.com/group/cake-php?hl=en.


Reply via email to