ChrisReferenceProjects · christophe-havard-sonarsource · Dec 6, 2021 · Dec 6, 2021 · Jan 10, 2022 · Jan 10, 2022
diff --git a/phpdoc-demo.php b/phpdoc-demo.php
@@ -8,6 +8,9 @@ class Controller
      * @var \Doctrine\DBAL\Connection
      */
     protected $connection;
+    protected $httpUrl = "https://example.domain?user=user&password=65DBGgwe4uazdWQA" // Sensitive
+
+
 
     public function sqlQuery1(Request $request)
     {
@@ -25,18 +28,47 @@ public function newVulnFunction(Request $request)
         $statement = $this->connection->prepare($sql);
         $statement->execute();
         $username = $statement->fetchColumn();
-        return $this->json(['email' => $username]);
+        return $this->json(['username' => $username]);
+
     }
-    public function newNewVulnFunction(Request $request)
+      public function getNothing(Request $request)
     {
+        define( 'FORCE_SSL_LOGIN', false); // Sensitive
         $userId = $request->get('id');
-        $sql = "SELECT username FROM user WHERE id='$userId'";
+        $sql = "SELECT nothingmore FROM user WHERE id='$userId'";
         $statement = $this->connection->prepare($sql);
         $statement->execute();
         $username = $statement->fetchColumn();
-        return $this->json(['email' => $username]);
+        return $this->json(['username' => $username]);
     }
-
+    public function configure_logging() {
+        error_reporting(E_RECOVERABLE_ERROR); // Sensitive
+        error_reporting(32); // Sensitive
+
+        ini_set('docref_root', '1'); // Sensitive
+        toto
+        ini_set('display_startup_errors', '1'); // Sensitive
+        ini_set('error_log', "path/to/logfile"); // Sensitive - check logfile is secure
+        ini_set('error_reporting', E_PARSE ); // Sensitive
+        ini_set('error_reporting', 64); // Sensitive
+        ini_set('log_errors', '0'); // Sensitive
+        ini_set('log_errors_max_length', '512'); // Sensitive
+        ini_set('ignore_repeated_errors', '1'); // Sensitive
+        ini_set('ignore_repeated_source', '1'); // Sensitive
+        ini_set('track_errors', '0'); // Sensitive
+
+        ini_alter('docref_root', '1'); // Sensitive
+        ini_alter('display_errors', '1'); // Sensitive
+        ini_alter('display_startup_errors', '1'); // Sensitive
+        ini_alter('error_log', "path/to/logfile"); // Sensitive - check logfile is secure
+        ini_alter('error_reporting', E_PARSE ); // Sensitive
+        ini_alter('error_reporting', 64); // Sensitive
+        ini_alter('log_errors', '0'); // Sensitive
+        ini_alter('log_errors_max_length', '512'); // Sensitive
+        ini_alter('ignore_repeated_errors', '1'); // Sensitive
+        ini_alter('ignore_repeated_source', '1'); // Sensitive
+        ini_alter('track_errors', '0'); // Sensitive
+      }
 }
 
 ?>
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -1,7 +1,7 @@
 sonar.projectKey=ChrisReferenceProjects_Vuln-PHP-petit-projet
 sonar.organization=tests-projects
 
-#sonar.host.url=https://squad-4-core.sc-dev.io
+sonar.host.url=https://squad-5-core.sc-dev.io
 
 # This is the name and version displayed in the SonarCloud UI.
 #sonar.projectName=Vuln-PHP-petit-projet