fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

veracode medium issues

Browse Source 
Directory Transversal, OS Command Injection
This commit is contained in:
marcelo.cuiza
2015-04-06 17:43:51 -04:00
parent 4824edcf80
commit cac0c4e96e
10 changed files with 39 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gulliver/thirdparty/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php vendored
View File

@@ -182,7 +182,11 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
*/ */
private function _write($file, $data, $config) private function _write($file, $data, $config)
{ {
$result = file_put_contents($file, $data); if(is_file($file)) {
$result = file_put_contents($file, $data);
} else {
$result = false;
}
if ($result !== false) { if ($result !== false) {
// set permissions of the new file (no execute) // set permissions of the new file (no execute)
$chmod = $config->get('Cache.SerializerPermissions'); $chmod = $config->get('Cache.SerializerPermissions');

7
gulliver/thirdparty/pear/Net/FTP/Socket.php vendored
View File

@@ -660,7 +660,12 @@ function ftp_get(&$control, $local, $remote, $mode, $resume = 0)
return false; return false;
} }
$fp = fopen($local, 'w'.$windows[$mode]); if(is_file($local)) {
$fp = fopen($local, 'w'.$windows[$mode]);
} else {
$fp = false;
}
if (!is_resource($fp)) { if (!is_resource($fp)) {
$fp = null; $fp = null;
return false; return false;

4
gulliver/thirdparty/phing/Phing.php vendored
View File

@@ -856,7 +856,9 @@ class Phing {
if (self::getMsgOutputLevel() === PROJECT_MSG_DEBUG) { if (self::getMsgOutputLevel() === PROJECT_MSG_DEBUG) {
print("Phing::import() prepending new include_path components: " . implode(PATH_SEPARATOR, $new_parts) . "\n"); print("Phing::import() prepending new include_path components: " . implode(PATH_SEPARATOR, $new_parts) . "\n");
} }
ini_set('include_path', implode(PATH_SEPARATOR, array_merge($new_parts, $curr_parts))); if (is_dir(implode(PATH_SEPARATOR, array_merge($new_parts, $curr_parts)))) {
ini_set('include_path', implode(PATH_SEPARATOR, array_merge($new_parts, $curr_parts)));
}
} }
} }

5
gulliver/thirdparty/phing/lib/Capsule.php vendored
View File

@@ -121,7 +121,10 @@ class Capsule {
// prepend template path to include path, // prepend template path to include path,
// so that include "path/relative/to/templates"; can be used within templates // so that include "path/relative/to/templates"; can be used within templates
$__old_inc_path = ini_get('include_path'); $__old_inc_path = ini_get('include_path');
ini_set('include_path', $this->templatePath . PATH_SEPARATOR . $__old_inc_path);
if(is_dir($this->templatePath . PATH_SEPARATOR . $__old_inc_path)) {
ini_set('include_path', $this->templatePath . PATH_SEPARATOR . $__old_inc_path);
}
@ini_set('track_errors', true); @ini_set('track_errors', true);
include $__template; include $__template;

4
gulliver/thirdparty/phing/tasks/system/IncludePathTask.php vendored
View File

@@ -108,7 +108,9 @@ class IncludePathTask extends TaskPhing {
if ($new_parts) { if ($new_parts) {
$this->log("Prepending new include_path components: " . implode(PATH_SEPARATOR, $new_parts), PROJECT_MSG_VERBOSE); $this->log("Prepending new include_path components: " . implode(PATH_SEPARATOR, $new_parts), PROJECT_MSG_VERBOSE);
set_include_path(implode(PATH_SEPARATOR, array_merge($new_parts, $curr_parts))); if(is_dir(implode(PATH_SEPARATOR, array_merge($new_parts, $curr_parts)))) {
set_include_path(implode(PATH_SEPARATOR, array_merge($new_parts, $curr_parts)));
}
} }
} }

4
workflow/engine/classes/class.case.php
View File

@@ -3797,6 +3797,10 @@ class Cases
if (!is_dir($strPathName)) { if (!is_dir($strPathName)) {
G::verifyPath($strPathName, true); G::verifyPath($strPathName, true);
} }
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$file = $filter->xssFilterHard($file, 'path');
copy($file, $strPathName . $strFileName); copy($file, $strPathName . $strFileName);
chmod($strPathName . $strFileName, 0666); chmod($strPathName . $strFileName, 0666);

4
workflow/engine/classes/class.pmLicenseManager.php
View File

@@ -442,6 +442,10 @@ class pmLicenseManager
$LicenseStatus = $this->lookForStatusLicense(); //we're looking for a status ACTIVE $LicenseStatus = $this->lookForStatusLicense(); //we're looking for a status ACTIVE
//getting the content from file //getting the content from file
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$path = $filter->xssFilterHard($path, 'path');
$handle = fopen ( $path, "r" ); $handle = fopen ( $path, "r" );
$contents = fread ( $handle, filesize ( $path ) ); $contents = fread ( $handle, filesize ( $path ) );
fclose ( $handle ); fclose ( $handle );

1
workflow/engine/classes/class.system.php
View File

@@ -287,6 +287,7 @@ class System
$tempFilename = isset( $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] : ''; $tempFilename = isset( $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] ) ? $_FILES['form']['tmp_name']['UPGRADE_FILENAME'] : '';
$this->sRevision = str_replace( '.tar.gz', '', str_replace( 'pmos-patch-', '', $upgradeFilename ) ); $this->sRevision = str_replace( '.tar.gz', '', str_replace( 'pmos-patch-', '', $upgradeFilename ) );
$sTemFilename = $tempFilename; $sTemFilename = $tempFilename;
$sTemFilename = $filter->xssFilterHard($sTemFilename, 'path');
$pathFile = $filter->xssFilterHard(PATH_DATA . 'upgrade' . PATH_SEP . $upgradeFilename, 'path'); $pathFile = $filter->xssFilterHard(PATH_DATA . 'upgrade' . PATH_SEP . $upgradeFilename, 'path');
$this->sFilename = $pathFile; $this->sFilename = $pathFile;
$this->sPath = dirname( $this->sFilename ) . PATH_SEP; $this->sPath = dirname( $this->sFilename ) . PATH_SEP;

12
workflow/engine/controllers/pmTablesProxy.php
View File

@@ -669,10 +669,12 @@ class pmTablesProxy extends HttpProxyController
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
$countRow = 250; $countRow = 250;
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $_FILES['form']['tmp_name']['CSV_FILE'] ) ) === 0) { $tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
$filename = $_FILES['form']['name']['CSV_FILE']; $filename = $_FILES['form']['name']['CSV_FILE'];
$filename = $filter->xssFilterHard($filename, 'path'); $filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $_FILES['form']['tmp_name']['CSV_FILE'], 'r' )) { if ($oFile = fopen( $tmpfilename, 'r' )) {
require_once 'classes/model/AdditionalTables.php'; require_once 'classes/model/AdditionalTables.php';
$oAdditionalTables = new AdditionalTables(); $oAdditionalTables = new AdditionalTables();
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true ); $aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );
@@ -767,10 +769,12 @@ class pmTablesProxy extends HttpProxyController
{ {
G::LoadSystem('inputfilter'); G::LoadSystem('inputfilter');
$filter = new InputFilter(); $filter = new InputFilter();
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $_FILES['form']['tmp_name']['CSV_FILE'] ) ) === 0) { $tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
$filename = $_FILES['form']['name']['CSV_FILE']; $filename = $_FILES['form']['name']['CSV_FILE'];
$filename = $filter->xssFilterHard($filename, 'path'); $filename = $filter->xssFilterHard($filename, 'path');
if ($oFile = fopen( $_FILES['form']['tmp_name']['CSV_FILE'], 'r' )) { if ($oFile = fopen( $tmpfilename, 'r' )) {
require_once 'classes/model/AdditionalTables.php'; require_once 'classes/model/AdditionalTables.php';
$oAdditionalTables = new AdditionalTables(); $oAdditionalTables = new AdditionalTables();
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true ); $aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );

1
workflow/engine/methods/setup/languages_Import.php
View File

@@ -61,6 +61,7 @@ try {
$languageFile = $_FILES['form']['tmp_name']['LANGUAGE_FILENAME']; $languageFile = $_FILES['form']['tmp_name']['LANGUAGE_FILENAME'];
$languageFilename = $_FILES['form']['name']['LANGUAGE_FILENAME']; $languageFilename = $_FILES['form']['name']['LANGUAGE_FILENAME'];
$languageFile = $filter->xssFilterHard($languageFile, 'path');
$languageFilename = $filter->xssFilterHard($languageFilename, 'path'); $languageFilename = $filter->xssFilterHard($languageFilename, 'path');
if (substr_compare( $languageFilename, ".gz", - 3, 3, true ) == 0) { if (substr_compare( $languageFilename, ".gz", - 3, 3, true ) == 0) {
$zp = gzopen( $languageFile, "r" ); $zp = gzopen( $languageFile, "r" );