Re: [ANN] [ARO] | Arionum | CPU Only | PHP Based

Quote from: zecon on February 17, 2018, 01:22:14 AM

PHP is a terribly insecure language to code in, Go or Ruby would be much better. But if nothing else, have you all ran the code through a vulnerability scanner yet?

A quick scan using RIPS bug scanner yielded quite a few things to look at. Lots of additional validation and security hardening needed.

Lots of stuff found in peer.php too:

Code:

Userinput is passed through function parameters.
149: ⇑ _log ("$x['id'] - Invalid signature"); // transaction.inc.php
117: ⇓ function check($x, $height = 0)
requires:
149: if(!$acc->check_signature ($info, $x['signature'], $x['public_key']))

Userinput is passed through function parameters.
82: ⇑ $trx->check ($data) // schema.inc.php
80: $data['id'] = san ($data['id']); // schema.inc.php
31: $data = json_decode(trim($_POST['data']), true); // schema.inc.phpif(!empty($_POST)),
requires:
71: elseif($q == "submitTransaction")

Suggest the devs download the scanner and check on the issues themselves to improve security of the code since these servers are wide open for attack on the Internet per the README file.

RIPS info:
https://sourceforge.net/projects/rips-scanner/

https://superb-sea2.dl.sourceforge.net/project/rips-scanner/rips-0.55.zip

Thank you for your input, i have already ran the code via rips, it produces only false positives.

I do not believe that any language is insecure by default and the code can be insecure with any language.

I do encourage other php developers to review all the code and inform me if they can find any bugs/vulnerabilities.