Project: Wordpress Plugin WP-Stateless – Google Cloud Storage 2.3.2

Vulnerability: #9253668 (2020-04-26 11:11:43)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::file_exists
Risk _ENV
/home/redeemer/phpsourcerer/src/PhpSourcerer/Simulator/Stubs/Standard.php:110 (show/hide source)
Threat level 0

Callstack:

Google\Auth\CredentialsLoader::fromWellKnownFile /wp-stateless/lib/Google/vendor/google/auth/src/CredentialsLoader.php:99 (show/hide source)
79      /**
80       * Load a JSON key from a well known path.
81       *
82       * The well known path is OS dependent:
83       * - windows: %APPDATA%/gcloud/application_default_credentials.json
84       * - others: $HOME/.config/gcloud/application_default_credentials.json
85       *
86       * If the file does not exists, this returns null.
87       *
88       * @return array JSON key | null
89       */
90      public static function fromWellKnownFile()
91      {
92          $rootEnv = self::isOnWindows() ? 'APPDATA' : 'HOME';
93          $path = [getenv($rootEnv)];
94          if (!self::isOnWindows()) {
95              $path[] = self::NON_WINDOWS_WELL_KNOWN_PATH_BASE;
96          }
97          $path[] = self::WELL_KNOWN_PATH;
98          $path = implode(DIRECTORY_SEPARATOR, $path);
99 if (!file_exists($path)) {
100 return; 101 }
Google\Auth\ApplicationDefaultCredentials::getCredentials /wp-stateless/lib/Google/vendor/google/auth/src/ApplicationDefaultCredentials.php:145 (show/hide source)
125       * this does not fallback to the Compute Engine defaults.
126       *
127       * @param string|array scope the scope of the access request, expressed
128       *   either as an Array or as a space-delimited String.
129       * @param callable $httpHandler callback which delivers psr7 request
130       * @param array $cacheConfig configuration for the cache when it's present
131       * @param CacheItemPoolInterface $cache
132       *
133       * @return CredentialsLoader
134       *
135       * @throws DomainException if no implementation can be obtained.
136       */
137      public static function getCredentials(
138          $scope = null,
139          callable $httpHandler = null,
140          array $cacheConfig = null,
141          CacheItemPoolInterface $cache = null
142      ) {
143          $creds = null;
144          $jsonKey = CredentialsLoader::fromEnv()
145 ?: CredentialsLoader::fromWellKnownFile();
146 147 if (!is_null($jsonKey)) {
wpCloud\StatelessMedia\Google_Client\Google_Client::createApplicationDefaultCredentials /wp-stateless/lib/Google/src/Google/Client.php:1088 (show/hide source)
1068  
1069      return new Client($options);
1070    }
1071  
1072    private function createApplicationDefaultCredentials()
1073    {
1074      $scopes = $this->prepareScopes();
1075      $sub = $this->config['subject'];
1076      $signingKey = $this->config['signing_key'];
1077  
1078      // create credentials using values supplied in setAuthConfig
1079      if ($signingKey) {
1080        $serviceAccountCredentials = array(
1081          'client_id' => $this->config['client_id'],
1082          'client_email' => $this->config['client_email'],
1083          'private_key' => $signingKey,
1084          'type' => 'service_account',
1085        );
1086        $credentials = CredentialsLoader::makeCredentials($scopes, $serviceAccountCredentials);
1087      } else {
1088 $credentials = ApplicationDefaultCredentials::getCredentials($scopes);
1089 } 1090
wpCloud\StatelessMedia\Google_Client\Google_Client::authorize /wp-stateless/lib/Google/src/Google/Client.php:365 (show/hide source)
345     * set in the Google API Client object
346     *
347     * @param GuzzleHttp\ClientInterface $http the http client object.
348     * @return GuzzleHttp\ClientInterface the http client object
349     */
350    public function authorize(ClientInterface $http = null)
351    {
352      $credentials = null;
353      $token = null;
354      $scopes = null;
355      if (null === $http) {
356        $http = $this->getHttpClient();
357      }
358  
359      // These conditionals represent the decision tree for authentication
360      //   1.  Check for Application Default Credentials
361      //   2.  Check for API Key
362      //   3a. Check for an Access Token
363      //   3b. If access token exists but is expired, try to refresh it
364      if ($this->isUsingApplicationDefaultCredentials()) {
365 $credentials = $this->createApplicationDefaultCredentials();
366 } elseif ($token = $this->getAccessToken()) { 367 $scopes = $this->prepareScopes();