Issues in class.jetpack-data.php - New Issues - Inspection of "Basic admin UI for sync status" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/sync-rest-2 ( cc5c19...9c3d4f )

unknown

created 2016-04-20 23:37 UTC

class.jetpack-data.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class Jetpack_Data {
	/**
	 * Gets locally stored token
	 *
	 * @return object|false
	 */
	public static function get_access_token( $user_id = false ) {
		if ( $user_id ) {
			if ( !$tokens = Jetpack_Options::get_option( 'user_tokens' ) ) {
				return false;
			}
			if ( $user_id === JETPACK_MASTER_USER ) {
				if ( !$user_id = Jetpack_Options::get_option( 'master_user' ) ) {
					return false;
				}
			}
			if ( !isset( $tokens[$user_id] ) || !$token = $tokens[$user_id] ) {
				return false;
			}
			$token_chunks = explode( '.', $token );
			if ( empty( $token_chunks[1] ) || empty( $token_chunks[2] ) ) {
				return false;
			}
			if ( $user_id != $token_chunks[2] ) {
				return false;
			}
			$token = "{$token_chunks[0]}.{$token_chunks[1]}";
		} else {
			$token = Jetpack_Options::get_option( 'blog_token' );
			if ( empty( $token ) ) {
				return false;
			}
		}

		return (object) array(
			'secret' => $token,
			'external_user_id' => (int) $user_id,
		);
	}

	/**
	 * This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
	 *
	 * @param $domain
	 * @param array $extra
	 *
	 * @return bool|WP_Error
	 */
	public static function is_usable_domain( $domain, $extra = array() ) {

		return true;
		// If it's empty, just fail out.
		if ( ! $domain ) {
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
			return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
		}

		// None of the explicit localhosts.
		$forbidden_domains = array(
			'wordpress.com',
			'localhost',
			'localhost.localdomain',
			'127.0.0.1',
			'local.wordpress.dev',         // VVV
			'local.wordpress-trunk.dev',   // VVV
			'src.wordpress-develop.dev',   // VVV
			'build.wordpress-develop.dev', // VVV
		);
		if ( in_array( $domain, $forbidden_domains ) ) {
function someFunction() {
    $x = 5;
    echo $x;
}
			return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
		}

		// No .dev or .local domains
		if ( preg_match( '#\.(dev|local)$#i', $domain ) ) {
function someFunction() {
    $x = 5;
    echo $x;
}
			return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
		}

		// No WPCOM subdomains
		if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
function someFunction() {
    $x = 5;
    echo $x;
}
			return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
		}

		// If PHP was compiled without support for the Filter module (very edge case)
		if ( ! function_exists( 'filter_var' ) ) {
			// Just pass back true for now, and let wpcom sort it out.
			return true;
		}

		// Check the IP to make sure it's pingable.
		$ip = gethostbyname( $domain );

		// Doing this again as I was getting some false positives when gethostbyname() flaked out and returned the domain.
		$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ? $ip : gethostbyname( $ip );

		if ( ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_IPV4 ) && ! self::php_bug_66229_check( $ip ) ) {
function someFunction() {
    $x = 5;
    echo $x;
}
			return new WP_Error( 'fail_domain_bad_ip_range', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as its IP `%2$s` is either invalid, or in a reserved or private range.', 'jetpack' ), $domain, $ip ) );
		}

		return true;
	}

	/**
	 * Returns true if the IP address passed in should not be in a reserved range, even if PHP says that it is.
	 * See: https://bugs.php.net/bug.php?id=66229 and https://github.com/php/php-src/commit/d1314893fd1325ca6aa0831101896e31135a2658
	 *
	 * This function mirrors Jetpack_Data::php_bug_66229_check() in the WPCOM codebase.
	 */
	public static function php_bug_66229_check( $ip ) {
		if ( ! filter_var( $ip, FILTER_VALIDATE_IP ) ) {
			return false;
		}

		$ip_arr = array_map( 'intval', explode( '.', $ip ) );

		if ( 128 == $ip_arr[0] && 0 == $ip_arr[1] ) {
			return true;
		}

		if ( 191 == $ip_arr[0] && 255 == $ip_arr[1] ) {
			return true;
		}

		return false;
	}
}


1		<?php
2
3		class Jetpack_Data {
4		/**
5		* Gets locally stored token
6		*
7		* @return object\|false
8		*/
9		public static function get_access_token( $user_id = false ) {
10		if ( $user_id ) {
11		if ( !$tokens = Jetpack_Options::get_option( 'user_tokens' ) ) {
12		return false;
13		}
14		if ( $user_id === JETPACK_MASTER_USER ) {
15		if ( !$user_id = Jetpack_Options::get_option( 'master_user' ) ) {
16		return false;
17		}
18		}
19		if ( !isset( $tokens[$user_id] ) \|\| !$token = $tokens[$user_id] ) {
20		return false;
21		}
22		$token_chunks = explode( '.', $token );
23		if ( empty( $token_chunks[1] ) \|\| empty( $token_chunks[2] ) ) {
24		return false;
25		}
26		if ( $user_id != $token_chunks[2] ) {
27		return false;
28		}
29		$token = "{$token_chunks[0]}.{$token_chunks[1]}";
30		} else {
31		$token = Jetpack_Options::get_option( 'blog_token' );
32		if ( empty( $token ) ) {
33		return false;
34		}
35		}
36
37		return (object) array(
38		'secret' => $token,
39		'external_user_id' => (int) $user_id,
40		);
41		}
42
43		/**
44		* This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
45		*
46		* @param $domain
47		* @param array $extra
48		*
49		* @return bool\|WP_Error
50		*/
51		public static function is_usable_domain( $domain, $extra = array() ) {
		0 ignored issues – show Unused Code introduced 2016-04-21 06:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$domain` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
52		return true;
53		// If it's empty, just fail out.
54		if ( ! $domain ) {
		0 ignored issues – show Unused Code introduced 2016-04-21 06:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this `// If it's empty, just f...jetpack'), $domain)); }` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history... Bug introduced 2016-04-21 06:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$domain` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history...
55		return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
56		}
57
58		// None of the explicit localhosts.
59		$forbidden_domains = array(
60		'wordpress.com',
61		'localhost',
62		'localhost.localdomain',
63		'127.0.0.1',
64		'local.wordpress.dev', // VVV
65		'local.wordpress-trunk.dev', // VVV
66		'src.wordpress-develop.dev', // VVV
67		'build.wordpress-develop.dev', // VVV
68		);
69		if ( in_array( $domain, $forbidden_domains ) ) {
		0 ignored issues – show Bug introduced 2016-04-21 06:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$domain` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history... Bug introduced 2016-04-21 06:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$forbidden_domains` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history...
70		return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
71		}
72
73		// No .dev or .local domains
74	View Code Duplication	if ( preg_match( '#\.(dev\|local)$#i', $domain ) ) {
		0 ignored issues – show Bug introduced 2016-04-21 06:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$domain` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history...
75		return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
76		}
77
78		// No WPCOM subdomains
79	View Code Duplication	if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
		0 ignored issues – show Bug introduced 2016-04-21 06:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$domain` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history...
80		return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
81		}
82
83		// If PHP was compiled without support for the Filter module (very edge case)
84		if ( ! function_exists( 'filter_var' ) ) {
85		// Just pass back true for now, and let wpcom sort it out.
86		return true;
87		}
88
89		// Check the IP to make sure it's pingable.
90		$ip = gethostbyname( $domain );
91
92		// Doing this again as I was getting some false positives when gethostbyname() flaked out and returned the domain.
93		$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ? $ip : gethostbyname( $ip );
94
95		if ( ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE \| FILTER_FLAG_NO_RES_RANGE \| FILTER_FLAG_IPV4 ) && ! self::php_bug_66229_check( $ip ) ) {
		0 ignored issues – show Bug introduced 2016-04-21 06:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$ip` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history...
96		return new WP_Error( 'fail_domain_bad_ip_range', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as its IP `%2$s` is either invalid, or in a reserved or private range.', 'jetpack' ), $domain, $ip ) );
97		}
98
99		return true;
100		}
101
102		/**
103		* Returns true if the IP address passed in should not be in a reserved range, even if PHP says that it is.
104		* See: https://bugs.php.net/bug.php?id=66229 and https://github.com/php/php-src/commit/d1314893fd1325ca6aa0831101896e31135a2658
105		*
106		* This function mirrors Jetpack_Data::php_bug_66229_check() in the WPCOM codebase.
107		*/
108		public static function php_bug_66229_check( $ip ) {
109		if ( ! filter_var( $ip, FILTER_VALIDATE_IP ) ) {
110		return false;
111		}
112
113		$ip_arr = array_map( 'intval', explode( '.', $ip ) );
114
115		if ( 128 == $ip_arr[0] && 0 == $ip_arr[1] ) {
116		return true;
117		}
118
119		if ( 191 == $ip_arr[0] && 255 == $ip_arr[1] ) {
120		return true;
121		}
122
123		return false;
124		}
125		}
126

Automattic / jetpack

Push — add/sync-rest-2 ( cc5c19...9c3d4f )

class.jetpack-data.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like