Issues in Sjcl.php - All Issues - Inspection of "refactoring as recommended by Scrutinizer" - PrivateBin/PrivateBin - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 81ac23...a5d5f6 )

by El

created 2017-10-08 17:19 UTC

lib/Sjcl.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * PrivateBin
 *
 * a zero-knowledge paste bin
 *
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
 * @version   1.1.1
 */

namespace PrivateBin;

/**
 * Sjcl
 *
 * Provides SJCL validation function.
 */
class Sjcl
{
    /**
     * SJCL validator
     *
     * Checks if a json string is a proper SJCL encrypted message.
     *
     * @access public
     * @static
     * @param  string $encoded JSON
     * @return bool
     */
    public static function isValid($encoded)
    {
        $accepted_keys = array('iv', 'v', 'iter', 'ks', 'ts', 'mode', 'adata', 'cipher', 'salt', 'ct');

        // Make sure content is valid json
        $decoded = json_decode($encoded);
        if (is_null($decoded)) {
            return false;
        }
        $decoded = (array) $decoded;

        // Make sure no additionnal keys were added.
        if (
            count(array_keys($decoded)) != count($accepted_keys)
        ) {
            return false;
        }

        // Make sure required fields are present and contain base64 data.
        foreach ($accepted_keys as $k) {
            if (!array_key_exists($k, $decoded)) {
                return false;
            }
        }

        // Make sure some fields are base64 data.
        if (!base64_decode($decoded['iv'], true)) {
            return false;
        }
        if (!base64_decode($decoded['salt'], true)) {
            return false;
        }
        if (!($ct = base64_decode($decoded['ct'], true))) {
            return false;
        }

        // Make sure some fields have a reasonable size.
        if (strlen($decoded['iv']) > 24) {
            return false;
        }
        if (strlen($decoded['salt']) > 14) {
            return false;
        }

        // Make sure some fields contain no unsupported values.
        if (!(is_int($decoded['v']) || is_float($decoded['v'])) || (float) $decoded['v'] < 1) {
            return false;
        }
        if (!is_int($decoded['iter']) || $decoded['iter'] <= 100) {
            return false;
        }
        if (!in_array($decoded['ks'], array(128, 192, 256), true)) {
            return false;
        }
        if (!in_array($decoded['ts'], array(64, 96, 128), true)) {

            return false;
        }
        if (!in_array($decoded['mode'], array('ccm', 'ocb2', 'gcm'), true)) {

            return false;
        }
        if ($decoded['cipher'] !== 'aes') {
            return false;
        }

        // Reject data if entropy is too low
        if (strlen($ct) > strlen(gzdeflate($ct))) {
            return false;
        }

        return true;
    }
}


1			<?php
2			/**
3			* PrivateBin
4			*
5			* a zero-knowledge paste bin
6			*
7			* @link https://github.com/PrivateBin/PrivateBin
8			* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
9			* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
10			* @version 1.1.1
11			*/
12
13			namespace PrivateBin;
14
15			/**
16			* Sjcl
17			*
18			* Provides SJCL validation function.
19			*/
20			class Sjcl
21			{
22			/**
23			* SJCL validator
24			*
25			* Checks if a json string is a proper SJCL encrypted message.
26			*
27			* @access public
28			* @static
29			* @param string $encoded JSON
30			* @return bool
31			*/
32	49		public static function isValid($encoded)
33			{
34	49		$accepted_keys = array('iv', 'v', 'iter', 'ks', 'ts', 'mode', 'adata', 'cipher', 'salt', 'ct');
35
36			// Make sure content is valid json
37	49		$decoded = json_decode($encoded);
38	49		if (is_null($decoded)) {
39	3		return false;
40			}
41	46		$decoded = (array) $decoded;
42
43			// Make sure no additionnal keys were added.
44			if (
45	46		count(array_keys($decoded)) != count($accepted_keys)
46			) {
47	1		return false;
48			}
49
50			// Make sure required fields are present and contain base64 data.
51	46		foreach ($accepted_keys as $k) {
52	46		if (!array_key_exists($k, $decoded)) {
53	46		return false;
54			}
55			}
56
57			// Make sure some fields are base64 data.
58	46		if (!base64_decode($decoded['iv'], true)) {
59	1		return false;
60			}
61	46		if (!base64_decode($decoded['salt'], true)) {
62	1		return false;
63			}
64	46		if (!($ct = base64_decode($decoded['ct'], true))) {
65	1		return false;
66			}
67
68			// Make sure some fields have a reasonable size.
69	46		if (strlen($decoded['iv']) > 24) {
70	1		return false;
71			}
72	46		if (strlen($decoded['salt']) > 14) {
73	1		return false;
74			}
75
76			// Make sure some fields contain no unsupported values.
77	46		if (!(is_int($decoded['v']) \|\| is_float($decoded['v'])) \|\| (float) $decoded['v'] < 1) {
78	1		return false;
79			}
80	46		if (!is_int($decoded['iter']) \|\| $decoded['iter'] <= 100) {
81	1		return false;
82			}
83	46		if (!in_array($decoded['ks'], array(128, 192, 256), true)) {
84	1		return false;
85			}
86	46	View Code Duplication	if (!in_array($decoded['ts'], array(64, 96, 128), true)) {
			0 ignored issues – show Duplication introduced 2016-07-09 10:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
87	1		return false;
88			}
89	46	View Code Duplication	if (!in_array($decoded['mode'], array('ccm', 'ocb2', 'gcm'), true)) {
			0 ignored issues – show Duplication introduced 2016-07-09 10:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
90	1		return false;
91			}
92	46		if ($decoded['cipher'] !== 'aes') {
93	1		return false;
94			}
95
96			// Reject data if entropy is too low
97	46		if (strlen($ct) > strlen(gzdeflate($ct))) {
98	1		return false;
99			}
100
101	46		return true;
102			}
103			}
104

PrivateBin / PrivateBin

Push — master ( 81ac23...a5d5f6 )

lib/Sjcl.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like