master - fixed sql injection

Ion Ghițun · Ion Ghițun · commit 118a16434468 · 2022-02-24T10:32:53.000+02:00
diff --git a/src/Models/BaseModel.php b/src/Models/BaseModel.php
@@ -6,6 +6,13 @@
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Arr;
+use Illuminate\Support\Facades\DB;
+use function array_key_exists;
+use function array_slice;
+use function chr;
+use function count;
+use function in_array;
+use function strlen;
 
 /**
  * @method static Builder|self whereEncrypted($column, $value)
@@ -46,13 +53,13 @@ public function getAttribute($key)
     {
         $value = parent::getAttribute($key);
 
-        if (\array_key_exists($key, $this->relations) || method_exists($this, $key)) {
+        if (array_key_exists($key, $this->relations) || method_exists($this, $key)) {
             return $value;
         }
 
         $value = parent::getAttribute($key);
 
-        if (\in_array($key, $this->encrypted, true)) {
+        if (in_array($key, $this->encrypted, true)) {
             return $this->aesDecrypt($value);
         }
 
@@ -86,9 +93,9 @@ public function aesDecrypt($val, string $cypher = 'aes-128-ecb', bool $mySqlKey
      */
     private function generateMysqlAesKey($key): string
     {
-        $generatedKey = str_repeat(\chr(0), 16);
+        $generatedKey = str_repeat(chr(0), 16);
 
-        for ($i = 0, $len = \strlen($key); $i < $len; $i++) {
+        for ($i = 0, $len = strlen($key); $i < $len; $i++) {
             $generatedKey[$i % 16] = $generatedKey[$i % 16] ^ $key[$i];
         }
 
@@ -105,7 +112,7 @@ private function generateMysqlAesKey($key): string
      */
     public function setAttribute($key, $value)
     {
-        if (\in_array($key, $this->encrypted, true)) {
+        if (in_array($key, $this->encrypted, true)) {
             $value = $this->aesEncrypt($value);
         }
 
@@ -158,7 +165,7 @@ public function attributesToArray(): array
      */
     public function getOriginal($key = null, $default = null)
     {
-        if (\in_array($key, $this->encrypted, true)) {
+        if (in_array($key, $this->encrypted, true)) {
             return $this->aesDecrypt(Arr::get($this->original, $key, $default));
         }
 
@@ -195,11 +202,11 @@ public function anonymize($locale = null): void
         $faker = Factory::create($locale ?? (getenv('FAKER_LOCALE') ?? Factory::DEFAULT_LOCALE));
 
         foreach ($this->anonymizable as $field => $type) {
-            if (\in_array($field, $this->attributes, true)) {
+            if (in_array($field, $this->attributes, true)) {
                 $method = $type[0];
 
-                if (\count($type) > 1) {
-                    $this->$field = $faker->$method(\array_slice($type, 1));
+                if (count($type) > 1) {
+                    $this->$field = $faker->$method(array_slice($type, 1));
                 } else {
                     $this->$field = $faker->$method;
                 }
@@ -218,7 +225,7 @@ public function anonymize($locale = null): void
      */
     public function scopeWhereEncrypted($query, $column, $value)
     {
-        return $query->whereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") LIKE ? COLLATE utf8mb4_general_ci', [$value]);
+        return $query->whereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") LIKE '.DB::getPdo()->quote($value).' COLLATE utf8mb4_general_ci');
     }
 
     /**
@@ -232,7 +239,7 @@ public function scopeWhereEncrypted($query, $column, $value)
      */
     public function scopeWhereNotEncrypted($query, $column, $value)
     {
-        return $query->whereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") NOT LIKE ? COLLATE utf8mb4_general_ci', [$value]);
+        return $query->whereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") NOT LIKE '.DB::getPdo()->quote($value).' COLLATE utf8mb4_general_ci');
     }
 
     /**
@@ -246,7 +253,7 @@ public function scopeWhereNotEncrypted($query, $column, $value)
      */
     public function scopeOrWhereEncrypted($query, $column, $value)
     {
-        return $query->orWhereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") LIKE ? COLLATE utf8mb4_general_ci', [$value]);
+        return $query->orWhereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") LIKE '.DB::getPdo()->quote($value).' COLLATE utf8mb4_general_ci');
     }
 
     /**
@@ -260,7 +267,7 @@ public function scopeOrWhereEncrypted($query, $column, $value)
      */
     public function scopeOrWhereNotEncrypted($query, $column, $value)
     {
-        return $query->orWhereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") NOT LIKE ? COLLATE utf8mb4_general_ci', [$value]);
+        return $query->orWhereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") NOT LIKE '.DB::getPdo()->quote($value).' COLLATE utf8mb4_general_ci');
     }
 
     /**
diff --git a/src/MysqlEncryptionServiceProvider.php b/src/MysqlEncryptionServiceProvider.php
@@ -36,8 +36,7 @@ private function addValidators(): void
             $field = isset($parameters[1]) ? $parameters[1] : $attribute;
             $ignore = isset($parameters[2]) ? $parameters[2] : null;
 
-            $items = DB::select("SELECT count(*) as aggregate FROM `".$parameters[0]."` WHERE AES_DECRYPT(`".$field."`, '".getenv("ENCRYPTION_KEY")."') LIKE ? COLLATE utf8mb4_general_ci".($ignore ? " AND id != ".$ignore : ''),
-                [$value]);
+            $items = DB::select("SELECT count(*) as aggregate FROM `".$parameters[0]."` WHERE AES_DECRYPT(`".$field."`, '".getenv("ENCRYPTION_KEY")."') LIKE '".DB::getPdo()->quote($value)."' COLLATE utf8mb4_general_ci".($ignore ? " AND id != ".$ignore : ''));
 
             return $items[0]->aggregate === 0;
         });
@@ -52,8 +51,7 @@ private function addValidators(): void
 
             $field = isset($parameters[1]) ? $parameters[1] : $attribute;
 
-            $items = DB::select("SELECT count(*) as aggregate FROM `".$parameters[0]."` WHERE AES_DECRYPT(`".$field."`, '".getenv("ENCRYPTION_KEY")."') LIKE ? COLLATE utf8mb4_general_ci",
-                [$value]);
+            $items = DB::select("SELECT count(*) as aggregate FROM `".$parameters[0]."` WHERE AES_DECRYPT(`".$field."`, '".getenv("ENCRYPTION_KEY")."') LIKE '".DB::getPdo()->quote($value)."' COLLATE utf8mb4_general_ci");
 
             return $items[0]->aggregate > 0;
         });

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,13 @@`
`6`	`6`	`use Illuminate\Database\Eloquent\Builder;`
`7`	`7`	`use Illuminate\Database\Eloquent\Model;`
`8`	`8`	`use Illuminate\Support\Arr;`
	`9`	`+use Illuminate\Support\Facades\DB;`
	`10`	`+use function array_key_exists;`
	`11`	`+use function array_slice;`
	`12`	`+use function chr;`
	`13`	`+use function count;`
	`14`	`+use function in_array;`
	`15`	`+use function strlen;`
`9`	`16`
`10`	`17`	`/**`
`11`	`18`	`* @method static Builder\|self whereEncrypted($column, $value)`
`@@ -46,13 +53,13 @@ public function getAttribute($key)`
`46`	`53`	`{`
`47`	`54`	`$value = parent::getAttribute($key);`
`48`	`55`
`49`		`- if (\array_key_exists($key, $this->relations) \|\| method_exists($this, $key)) {`
	`56`	`+ if (array_key_exists($key, $this->relations) \|\| method_exists($this, $key)) {`
`50`	`57`	`return $value;`
`51`	`58`	`}`
`52`	`59`
`53`	`60`	`$value = parent::getAttribute($key);`
`54`	`61`
`55`		`- if (\in_array($key, $this->encrypted, true)) {`
	`62`	`+ if (in_array($key, $this->encrypted, true)) {`
`56`	`63`	`return $this->aesDecrypt($value);`
`57`	`64`	`}`
`58`	`65`
`@@ -86,9 +93,9 @@ public function aesDecrypt($val, string $cypher = 'aes-128-ecb', bool $mySqlKey`
`86`	`93`	`*/`
`87`	`94`	`private function generateMysqlAesKey($key): string`
`88`	`95`	`{`
`89`		`- $generatedKey = str_repeat(\chr(0), 16);`
	`96`	`+ $generatedKey = str_repeat(chr(0), 16);`
`90`	`97`
`91`		`- for ($i = 0, $len = \strlen($key); $i < $len; $i++) {`
	`98`	`+ for ($i = 0, $len = strlen($key); $i < $len; $i++) {`
`92`	`99`	`$generatedKey[$i % 16] = $generatedKey[$i % 16] ^ $key[$i];`
`93`	`100`	`}`
`94`	`101`
`@@ -105,7 +112,7 @@ private function generateMysqlAesKey($key): string`
`105`	`112`	`*/`
`106`	`113`	`public function setAttribute($key, $value)`
`107`	`114`	`{`
`108`		`- if (\in_array($key, $this->encrypted, true)) {`
	`115`	`+ if (in_array($key, $this->encrypted, true)) {`
`109`	`116`	`$value = $this->aesEncrypt($value);`
`110`	`117`	`}`
`111`	`118`
`@@ -158,7 +165,7 @@ public function attributesToArray(): array`
`158`	`165`	`*/`
`159`	`166`	`public function getOriginal($key = null, $default = null)`
`160`	`167`	`{`
`161`		`- if (\in_array($key, $this->encrypted, true)) {`
	`168`	`+ if (in_array($key, $this->encrypted, true)) {`
`162`	`169`	`return $this->aesDecrypt(Arr::get($this->original, $key, $default));`
`163`	`170`	`}`
`164`	`171`
`@@ -195,11 +202,11 @@ public function anonymize($locale = null): void`
`195`	`202`	`$faker = Factory::create($locale ?? (getenv('FAKER_LOCALE') ?? Factory::DEFAULT_LOCALE));`
`196`	`203`
`197`	`204`	`foreach ($this->anonymizable as $field => $type) {`
`198`		`- if (\in_array($field, $this->attributes, true)) {`
	`205`	`+ if (in_array($field, $this->attributes, true)) {`
`199`	`206`	`$method = $type[0];`
`200`	`207`
`201`		`- if (\count($type) > 1) {`
`202`		`- $this->$field = $faker->$method(\array_slice($type, 1));`
	`208`	`+ if (count($type) > 1) {`
	`209`	`+ $this->$field = $faker->$method(array_slice($type, 1));`
`203`	`210`	`} else {`
`204`	`211`	`$this->$field = $faker->$method;`
`205`	`212`	`}`
`@@ -218,7 +225,7 @@ public function anonymize($locale = null): void`
`218`	`225`	`*/`
`219`	`226`	`public function scopeWhereEncrypted($query, $column, $value)`
`220`	`227`	`{`
`221`		`- return $query->whereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") LIKE ? COLLATE utf8mb4_general_ci', [$value]);`
	`228`	`+ return $query->whereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") LIKE '.DB::getPdo()->quote($value).' COLLATE utf8mb4_general_ci');`
`222`	`229`	`}`
`223`	`230`
`224`	`231`	`/**`
`@@ -232,7 +239,7 @@ public function scopeWhereEncrypted($query, $column, $value)`
`232`	`239`	`*/`
`233`	`240`	`public function scopeWhereNotEncrypted($query, $column, $value)`
`234`	`241`	`{`
`235`		`- return $query->whereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") NOT LIKE ? COLLATE utf8mb4_general_ci', [$value]);`
	`242`	`+ return $query->whereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") NOT LIKE '.DB::getPdo()->quote($value).' COLLATE utf8mb4_general_ci');`
`236`	`243`	`}`
`237`	`244`
`238`	`245`	`/**`
`@@ -246,7 +253,7 @@ public function scopeWhereNotEncrypted($query, $column, $value)`
`246`	`253`	`*/`
`247`	`254`	`public function scopeOrWhereEncrypted($query, $column, $value)`
`248`	`255`	`{`
`249`		`- return $query->orWhereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") LIKE ? COLLATE utf8mb4_general_ci', [$value]);`
	`256`	`+ return $query->orWhereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") LIKE '.DB::getPdo()->quote($value).' COLLATE utf8mb4_general_ci');`
`250`	`257`	`}`
`251`	`258`
`252`	`259`	`/**`
`@@ -260,7 +267,7 @@ public function scopeOrWhereEncrypted($query, $column, $value)`
`260`	`267`	`*/`
`261`	`268`	`public function scopeOrWhereNotEncrypted($query, $column, $value)`
`262`	`269`	`{`
`263`		`- return $query->orWhereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") NOT LIKE ? COLLATE utf8mb4_general_ci', [$value]);`
	`270`	`+ return $query->orWhereRaw('AES_DECRYPT('.$column.', "'.getenv('ENCRYPTION_KEY').'") NOT LIKE '.DB::getPdo()->quote($value).' COLLATE utf8mb4_general_ci');`
`264`	`271`	`}`
`265`	`272`
`266`	`273`	`/**`