cakephp and security

Dee Johnson Tue, 18 Oct 2011 09:27:09 -0700

Hi all, I scanned a cake project with a security program called fortify and 
it came back with 181 errors associated with using the "extract" function in 
the core.


*Explanation below:*
Possible Variable Overwrite: Global Scope (Input Validation and 
Representation, Structural)

The program invokes a function that can overwrite global variables, which 
can open the door for attackers.

example is line 870 of configure.php

    function import($type = null, $name = null, $parent = true, $search = 
array(), $file = null, $return = false) {
        $plugin = $directory = null;

        if (is_array($type)) {
            extract($type, EXTR_OVERWRITE);
        }

        if (is_array($parent)) {
            extract($parent, EXTR_OVERWRITE);
        }

The application suggests that in all instances where "extract" is used, to 
use the argument 'EXTR_SKIP'.  Since this would be in place of 
EXTR_OVERWRITE I was wondering if this would cause any issues considering 
this is the core and all... ???  Thoughts?  Full explanation below

*source - *

*Recommendations:*
Prevent functions that can overwrite global variables from doing so in the 
following ways:  

    - Invoke mb_parse_str(string $encoded_string [, array &$result ]) with 
the second argument, which captures the result of the operation and prevents 
the function from overwriting global variables.  

    - Invoke extract(array $var_array [, int $extract_type [, string 
$prefix]]) with the second argument set to EXTR_SKIP, which prevents the 
function from overwriting global variables that are already defined.  
    
Example 2: The following code uses a second argument to mb_parse_str() to 
mitigate the vulnerability from Example 1. 

<?php
    $first="User";
    ...
    $str =  $_SERVER['QUERY_STRING'];
    mb_parse_str($str, $output);
    echo $first;
?>

References:

[1] CWE ID 473, Standards Mapping - Common Weakness Enumeration - (CWE)

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
[email protected] For more options, visit this group at 
http://groups.google.com/group/cake-php

cakephp and security

Reply via email to