for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
<?php
require('Autoload.php');
function doAuthByType($type, $src, $auth, $ref)
{
$currentUser = false;
$google = $auth->getMethodByName($type);
if(!isset($_GET['code']))
$google->redirect();
die();
}
else
$res = $google->authenticate($_GET['code'], $currentUser);
switch($res)
case \Flipside\Auth\Authenticator::SUCCESS:
header('Location: '.$ref);
default:
case \Flipside\Auth\Authenticator::LOGIN_FAILED:
case \Flipside\Auth\Auth...: login.php'); die;
This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed.
Unreachable code is most often the result of return, die or exit statements that have been added for debug purposes.
return
die
exit
function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; }
In the above example, the last return false will never be executed, because a return statement has already been met in every possible execution path.
return false
header('Location: login.php');
case \Flipside\Auth\Authenticator::ALREADY_PRESENT:
header('Location: user_exists.php?src='.$src.'&uid='.$currentUser->uid);
$auth = \Flipside\AuthProvider::getInstance();
$src = false;
if(isset($_GET['src']))
$src = $_GET['src'];
else if(strstr($_SERVER['HTTP_REFERER'], 'google.com') !== false)
$src = 'google';
else if(strstr($_SERVER['HTTP_REFERER'], 'gitlab.com') !== false)
$src = 'gitlab';
$ref = '.';
if(isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], 'google.com') === false)
$ref = $_SERVER['HTTP_REFERER'];
switch($src)
case 'google':
doAuthByType('Flipside\Auth\GoogleAuthenticator', $src, $auth, $ref);
break;
case 'twitter':
$twitter = $auth->getMethodByName('Flipside\Auth\TwitterAuthenticator');
if(!isset($_GET['oauth_token']) || !isset($_GET['oauth_verifier']))
$twitter->redirect();
$twitter->authenticate($_GET['oauth_token'], $_GET['oauth_verifier'], $current_user);
case \Auth\Authenticator::SUCCESS:
case \Auth\Authenticator::LOGIN_FAILED:
case \Auth\Authenticator::ALREADY_PRESENT:
header('Location: user_exists.php?src=twitter&uid='.$current_user->uid);
case 'gitlab':
doAuthByType('Flipside\Auth\OAuth2\GitLabAuthenticator', $src, $auth, $ref);
//Generic OAuth...
print_r($_SERVER);
/* vim: set tabstop=4 shiftwidth=4 expandtab: */
BurningFlipside /
Profiles
Problem
This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed.
Unreachable code is most often the result of
return,dieorexitstatements that have been added for debug purposes.In the above example, the last
return falsewill never be executed, because a return statement has already been met in every possible execution path.