Issues in class.jetpack-data.php - Fixed Issues - Inspection of "Remove debug code" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — try/remote-provision ( bd1ea0...84fe51 )

unknown

created 2018-02-28 22:48 UTC

class.jetpack-data.php (1 issue)

Labels

Unused Code 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class Jetpack_Data {
	/**
	 * Gets locally stored token
	 *
	 * @return object|false
	 */
	public static function get_access_token( $user_id = false ) {
		if ( $user_id ) {
			if ( !$tokens = Jetpack_Options::get_option( 'user_tokens' ) ) {
				return false;
			}
			if ( $user_id === JETPACK_MASTER_USER ) {
				if ( !$user_id = Jetpack_Options::get_option( 'master_user' ) ) {
					return false;
				}
			}
			if ( !isset( $tokens[$user_id] ) || !$token = $tokens[$user_id] ) {
				return false;
			}
			$token_chunks = explode( '.', $token );
			if ( empty( $token_chunks[1] ) || empty( $token_chunks[2] ) ) {
				return false;
			}
			if ( $user_id != $token_chunks[2] ) {
				return false;
			}
			$token = "{$token_chunks[0]}.{$token_chunks[1]}";
		} else {
			$token = Jetpack_Options::get_option( 'blog_token' );
			if ( empty( $token ) ) {
				return false;
			}
		}

		return (object) array(
			'secret' => $token,
			'external_user_id' => (int) $user_id,
		);
	}

	/**
	 * This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
	 *
	 * @param $domain
	 * @param array $extra
	 *
	 * @return bool|WP_Error
	 */
	public static function is_usable_domain( $domain, $extra = array() ) {

		// If it's empty, just fail out.
		if ( ! $domain ) {
			return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
		}

		/**
		 * Skips the usuable domain check when connecting a site.
		 *
		 * Allows site administrators with domains that fail gethostname-based checks to pass the request to WP.com
		 *
		 * @since 4.1.0
		 *
		 * @param bool If the check should be skipped. Default false.
		 */
		if ( apply_filters( 'jetpack_skip_usuable_domain_check', false ) ) {
			return true;
		}

		// None of the explicit localhosts.
		$forbidden_domains = array(
			'wordpress.com',
			'localhost',
			'localhost.localdomain',
			'127.0.0.1',
			'local.wordpress.dev',         // VVV
			'local.wordpress-trunk.dev',   // VVV
			'src.wordpress-develop.dev',   // VVV
			'build.wordpress-develop.dev', // VVV
		);
		if ( in_array( $domain, $forbidden_domains ) ) {
			return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
		}

		// No .dev or .local domains
		if ( preg_match( '#\.(dev|local)$#i', $domain ) ) {
			return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
		}

		// No WPCOM subdomains
		if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
			return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
		}

		// If PHP was compiled without support for the Filter module (very edge case)
		if ( ! function_exists( 'filter_var' ) ) {
			// Just pass back true for now, and let wpcom sort it out.
			return true;
		}

		return true;

		// Check the IP to make sure it's pingable.
		$ip = gethostbyname( $domain );
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}

		// Doing this again as I was getting some false positives when gethostbyname() flaked out and returned the domain.
		$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ? $ip : gethostbyname( $ip );

		if ( ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_IPV4 ) && ! self::php_bug_66229_check( $ip ) ) {
			return new WP_Error( 'fail_domain_bad_ip_range', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as its IP `%2$s` is either invalid, or in a reserved or private range.', 'jetpack' ), $domain, $ip ) );
		}

		return true;
	}

	/**
	 * Returns true if the IP address passed in should not be in a reserved range, even if PHP says that it is.
	 * See: https://bugs.php.net/bug.php?id=66229 and https://github.com/php/php-src/commit/d1314893fd1325ca6aa0831101896e31135a2658
	 *
	 * This function mirrors Jetpack_Data::php_bug_66229_check() in the WPCOM codebase.
	 */
	public static function php_bug_66229_check( $ip ) {
		if ( ! filter_var( $ip, FILTER_VALIDATE_IP ) ) {
			return false;
		}

		$ip_arr = array_map( 'intval', explode( '.', $ip ) );

		if ( 128 == $ip_arr[0] && 0 == $ip_arr[1] ) {
			return true;
		}

		if ( 191 == $ip_arr[0] && 255 == $ip_arr[1] ) {
			return true;
		}

		return false;
	}
}


1		<?php
2
3		class Jetpack_Data {
4		/**
5		* Gets locally stored token
6		*
7		* @return object\|false
8		*/
9		public static function get_access_token( $user_id = false ) {
10		if ( $user_id ) {
11		if ( !$tokens = Jetpack_Options::get_option( 'user_tokens' ) ) {
12		return false;
13		}
14		if ( $user_id === JETPACK_MASTER_USER ) {
15		if ( !$user_id = Jetpack_Options::get_option( 'master_user' ) ) {
16		return false;
17		}
18		}
19		if ( !isset( $tokens[$user_id] ) \|\| !$token = $tokens[$user_id] ) {
20		return false;
21		}
22		$token_chunks = explode( '.', $token );
23		if ( empty( $token_chunks[1] ) \|\| empty( $token_chunks[2] ) ) {
24		return false;
25		}
26		if ( $user_id != $token_chunks[2] ) {
27		return false;
28		}
29		$token = "{$token_chunks[0]}.{$token_chunks[1]}";
30		} else {
31		$token = Jetpack_Options::get_option( 'blog_token' );
32		if ( empty( $token ) ) {
33		return false;
34		}
35		}
36
37		return (object) array(
38		'secret' => $token,
39		'external_user_id' => (int) $user_id,
40		);
41		}
42
43		/**
44		* This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
45		*
46		* @param $domain
47		* @param array $extra
48		*
49		* @return bool\|WP_Error
50		*/
51		public static function is_usable_domain( $domain, $extra = array() ) {
52
53		// If it's empty, just fail out.
54		if ( ! $domain ) {
55		return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
56		}
57
58		/**
59		* Skips the usuable domain check when connecting a site.
60		*
61		* Allows site administrators with domains that fail gethostname-based checks to pass the request to WP.com
62		*
63		* @since 4.1.0
64		*
65		* @param bool If the check should be skipped. Default false.
66		*/
67		if ( apply_filters( 'jetpack_skip_usuable_domain_check', false ) ) {
68		return true;
69		}
70
71		// None of the explicit localhosts.
72		$forbidden_domains = array(
73		'wordpress.com',
74		'localhost',
75		'localhost.localdomain',
76		'127.0.0.1',
77		'local.wordpress.dev', // VVV
78		'local.wordpress-trunk.dev', // VVV
79		'src.wordpress-develop.dev', // VVV
80		'build.wordpress-develop.dev', // VVV
81		);
82	View Code Duplication	if ( in_array( $domain, $forbidden_domains ) ) {
83		return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
84		}
85
86		// No .dev or .local domains
87	View Code Duplication	if ( preg_match( '#\.(dev\|local)$#i', $domain ) ) {
88		return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
89		}
90
91		// No WPCOM subdomains
92	View Code Duplication	if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
93		return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
94		}
95
96		// If PHP was compiled without support for the Filter module (very edge case)
97		if ( ! function_exists( 'filter_var' ) ) {
98		// Just pass back true for now, and let wpcom sort it out.
99		return true;
100		}
101
102		return true;
103
104		// Check the IP to make sure it's pingable.
105		$ip = gethostbyname( $domain );
		0 ignored issues – show Unused Code introduced 2018-02-28 22:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$ip = gethostbyname($domain);` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
106
107		// Doing this again as I was getting some false positives when gethostbyname() flaked out and returned the domain.
108		$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ? $ip : gethostbyname( $ip );
109
110		if ( ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE \| FILTER_FLAG_NO_RES_RANGE \| FILTER_FLAG_IPV4 ) && ! self::php_bug_66229_check( $ip ) ) {
111		return new WP_Error( 'fail_domain_bad_ip_range', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as its IP `%2$s` is either invalid, or in a reserved or private range.', 'jetpack' ), $domain, $ip ) );
112		}
113
114		return true;
115		}
116
117		/**
118		* Returns true if the IP address passed in should not be in a reserved range, even if PHP says that it is.
119		* See: https://bugs.php.net/bug.php?id=66229 and https://github.com/php/php-src/commit/d1314893fd1325ca6aa0831101896e31135a2658
120		*
121		* This function mirrors Jetpack_Data::php_bug_66229_check() in the WPCOM codebase.
122		*/
123		public static function php_bug_66229_check( $ip ) {
124		if ( ! filter_var( $ip, FILTER_VALIDATE_IP ) ) {
125		return false;
126		}
127
128		$ip_arr = array_map( 'intval', explode( '.', $ip ) );
129
130		if ( 128 == $ip_arr[0] && 0 == $ip_arr[1] ) {
131		return true;
132		}
133
134		if ( 191 == $ip_arr[0] && 255 == $ip_arr[1] ) {
135		return true;
136		}
137
138		return false;
139		}
140		}
141

Automattic / jetpack

Push — try/remote-provision ( bd1ea0...84fe51 )

class.jetpack-data.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like