App\Http\Controllers\ScanController

Complexity

Total Complexity

46

Size/Duplication

Total Lines	305
Duplicated Lines	0 %

Importance

Changes

0

14 Methods

Rating	Name	Duplication	Size	Complexity
A	result()	0	2	1
A	getLastScanDate()	0	15	3
A	resultRaw()	0	15	3
A	isDomainAlive()	0	16	4
A	status()	0	11	2
A	startScanJob()	0	33	6
A	startFreeScan()	0	31	3
A	resultRawFree()	0	14	3
A	start()	0	10	3
A	callback()	0	39	3
A	GetStatusById()	0	5	1
A	startNewFreeScan()	0	25	4
A	GetResultById()	0	5	1
B	updateScanStatus()	0	41	9

<?php

namespace App\Http\Controllers;

use App\Domain;
use App\Http\Requests\ScannerStartRequest;
use App\Jobs\ScanJob;
use App\Scan;
use App\ScanResult;
use App\Siweocs\Models\ScanRawResultResponse;
use App\Siweocs\Models\ScanStatusResponse;
use App\Token;
use GuzzleHttp\Client;
use Illuminate\Http\Request;
use Illuminate\Support\Carbon;
use Log;

class ScanController extends Controller
{
    public function start(ScannerStartRequest $request)
    {
        $token = Token::getTokenByString(($request->header('siwecosToken')));

        Log::info('Token: '.$token->token);
        if ($token instanceof Token && $token->reduceCredits()) {
            $isNotTestRunner = $request->json('isNotATest') ?? true;
            $dangerlevel = $request->json('dangerLevel') ?? 10;

            return self::startScanJob($token, $request->json('domain'), false, $dangerlevel, $isNotTestRunner);

It seems like $dangerlevel can also be of type Symfony\Component\HttpFoundation\ParameterBag; however, parameter $dangerLevel of App\Http\Controllers\ScanController::startScanJob() does only seem to accept integer, maybe add an additional type check?

It seems like $isNotTestRunner can also be of type Symfony\Component\HttpFoundation\ParameterBag; however, parameter $isRegistered of App\Http\Controllers\ScanController::startScanJob() does only seem to accept boolean, maybe add an additional type check?

It seems like $request->json('domain') can also be of type Symfony\Component\HttpFoundation\ParameterBag; however, parameter $domain of App\Http\Controllers\ScanController::startScanJob() does only seem to accept string, maybe add an additional type check?

        }
    }

    public static function startScanJob(Token $token, string $domain, bool $isRecurrent = false, int $dangerLevel = 0, bool $isRegistered = false)

The parameter $isRegistered is not used and could be removed.

    {

        // create a new scan order
        /** @var Domain $currentDomain */
        $currentDomain = Domain::getDomainOrFail($domain, $token->id);
        /** @var Scan $scan */
        $scan = $token->scans()->create([
            'token_id'      => $token->id,
            'url'           => $currentDomain->domain,
            'callbackurls'  => [],
            'dangerLevel'   => $dangerLevel,
            'recurrentscan' => $isRecurrent,
        ]);

        $scan->recurrentscan = $isRecurrent ? 1 : 0;
        $scan->save();

        $envVars = array_key_exists('APP_NAME', $_ENV) ? $_ENV : getenv();

        // dispatch each scanner to the queue
        foreach ($envVars as $key => $value) {
            Log::info($key.' '.$value);
            if (!preg_match("/^SCANNER_(\w+)_URL$/", $key, $scanner_name)) {
                continue;
            }
            if (!preg_match("/^https?:\/\//", $value)) {
                continue;
            }
            ScanJob::dispatch($scanner_name[1], $value, $scan);
        }

        return response()->json(new ScanStatusResponse($scan));
    }

    public function GetResultById(int $id)
    {
        $scan = Scan::find($id);

        return response()->json(new ScanRawResultResponse($scan));
    }

    public function GetStatusById(int $id)
    {
        $scan = Scan::find($id);

        return response()->json(new ScanStatusResponse($scan));
    }

    public function status(Request $request)
    {
        //		$token  = Token::getTokenByString( ( $request->header( 'siwecosToken' ) ) );
        //		$domain = Domain::getDomainOrFail( $request->get( 'url'), $token->id  );
        $domain = Domain::whereDomain($request->get('url'))->first();
        $scan = Scan::whereUrl($domain->domain)->latest()->first();
        if ($scan instanceof Scan) {
            return response()->json(new ScanStatusResponse($scan));
        }

        return response('No results found', 422);
    }

    public function result(Request $request)

The parameter $request is not used and could be removed.

    {
        // to be implemented
    }

    /**
     * @param Request $request
     *
     * @return Scan
     */
    public function startFreeScan(Request $request)
    {
        $domainFilter = parse_url($request->json('domain'));

It seems like $request->json('domain') can also be of type Symfony\Component\HttpFoundation\ParameterBag; however, parameter $url of parse_url() does only seem to accept string, maybe add an additional type check?

        $domain = $domainFilter['scheme'].'://'.$domainFilter['host'];

        //PING THE GIVEN DOMAIN
        if (!self::isDomainAlive($domain)) {
            Log::info('Domain not found '.$domain);

            return response('Domain not alive', 422);

The expression return response('Domain not alive', 422) returns the type Illuminate\Contracts\Routing\ResponseFactory|Symfony\Component\HttpFoundation\Response which is incompatible with the documented return type App\Scan.

        }

        Log::info('Start Freescan for:'.$domain);
        /** @var Domain $freeScanDomain */
        $freeScanDomain = Domain::whereDomain($domain)->first();

        if ($freeScanDomain instanceof Domain) {

$freeScanDomain is always a sub-type of App\Domain. If $freeScanDomain can have other possible types, add them to app/Http/Controllers/ScanController.php:118.

            //Domain already taken or another freescan has taken
            /* @var Scan $lastScan */
            //			$lastScan = $freeScanDomain->scans()->get()->last();
            //			if ( $lastScan instanceof Scan ) {
            //				// return minified Version
            //				return response()->json( new ScanStatusResponse( $lastScan ) );
            //			}

            return $this->startNewFreeScan($freeScanDomain);

The expression return $this->startNewFreeScan($freeScanDomain) returns the type Illuminate\Http\JsonResponse which is incompatible with the documented return type App\Scan.

        }
        $freeScanDomain = new Domain(['domain' => $domain]);
        $freeScanDomain->save();

        return $this->startNewFreeScan($freeScanDomain);
    }

    /**
     * Check if Domain is Alive or redirects (200 / 301).
     *
     * @param string $domain
     *
     * @return bool
     */
    public static function isDomainAlive(string $domain)
    {
        $client = new Client();

        try {
            $response = $client->get($domain);
            if ($response->getStatusCode() === 200 || $response->getStatusCode() === 301) {
                return true;
            }
        } catch (\Exception $ex) {
            Log::info($domain.' '.$ex->getMessage());

            return false;
        }

        return false;
    }

    protected function startNewFreeScan(Domain $freeScanDomain)
    {
        // start Scan and Broadcast Result afterwards
        /** @var Scan $scan */
        $scan = $freeScanDomain->scans()->create([
            'url'          => $freeScanDomain,
            'callbackurls' => [],
            'dangerLevel'  => 0,
            'freescan'     => true,
        ]);
        $scan->freescan = 1;
        $scan->save();

        // dispatch each scanner to the queue
        foreach ($_ENV as $key => $value) {
            if (!preg_match("/^SCANNER_(\w+)_URL$/", $key, $scanner_name)) {
                continue;
            }
            if (!preg_match("/^https?:\/\//", $value)) {
                continue;
            }
            ScanJob::dispatch($scanner_name[1], $value, $scan);
        }

        return response()->json(new ScanStatusResponse($scan));
    }

    public function getLastScanDate(string $format, string $domain)
    {
        /** @var Scan $currentLastScan */
        $domainReal = 'https://'.$domain;
        $currentLastScan = Scan::whereUrl($domainReal)->where('status', '3')->whereFreescan(0)->get()->last();
        if ($currentLastScan instanceof Scan) {

$currentLastScan is always a sub-type of App\Scan. If $currentLastScan can have other possible types, add them to app/Http/Controllers/ScanController.php:192.

            return $currentLastScan->updated_at->format($format);
        }
        $domainReal = 'http://'.$domain;
        $currentLastScan = Scan::whereUrl($domainReal)->where('status', '3')->whereFreescan(0)->get()->last();
        if ($currentLastScan instanceof Scan) {
            return $currentLastScan->updated_at->format($format);
        }

        return response('No finished scan found', 422);
    }

    public function resultRaw(Request $request)
    {
        $token = Token::getTokenByString(($request->header('siwecosToken')));
        $domain = Domain::getDomainOrFail($request->get('domain'), $token->id);
        if ($domain instanceof Domain) {

$domain is always a sub-type of App\Domain.

            $latestScan = Scan::whereUrl($domain->domain)->whereStatus(3)->latest()->first();

            if ($latestScan instanceof Scan) {
                return response()->json(new ScanRawResultResponse($latestScan));
            }

            return response('No finished scan found.', 404);
        }

        return response('No domain found', 404);
    }

    public function resultRawFree(Request $request)
    {
        $domain = Domain::whereDomain($request->get('domain'))->first();
        if ($domain instanceof Domain) {
            $latestScan = Scan::whereUrl($domain->domain)->whereFreescan(0)->whereStatus(3)->latest()->first();

            if ($latestScan instanceof Scan) {
                return response()->json(new ScanRawResultResponse($latestScan));
            }

            return response('No finished scan found.', 404);
        }

        return response('No domain found', 404);
    }

    // TODO: Check and Test
    public function callback(Request $request, int $scanId)
    {

        /** @var ScanResult $scanResult */
        $scanResult = ScanResult::findOrFail($scanId);
        Log::info($scanId.' / '.$scanResult->scan_id.' Callback: '.json_encode($request->json()->all()));
        if (!$request->json('hasError')) {
            Log::info($request->json('score').' für '.$scanResult->id);

Are you sure $request->json('score') of type Symfony\Component\HttpFoundation\ParameterBag|mixed can be used in concatenation?

            $scanResult->update([
                'result'      => $request->json('tests'),
                'total_score' => $request->json('score'),
            ]);
            $scanResult->total_score = $request->json('score');
            $scanResult->has_error = 0;
            $scanResult->complete_request = $request->json()->all();
            $scanResult->save();
            //   Sends the ScanResult to the given callback urls.
            foreach ($scanResult->scan->callbackurls as $callback) {

The expression $scanResult->scan->callbackurls of type string is not traversable.

                $client = new Client();

                $request = new Request('POST', $callback, [

'POST' of type string is incompatible with the type array expected by parameter $query of Illuminate\Http\Request::__construct().

                    'body' => $scanResult,
                ]);

                $client->sendAsync($request);

$request of type Illuminate\Http\Request is incompatible with the type Psr\Http\Message\RequestInterface expected by parameter $request of GuzzleHttp\Client::sendAsync().

            }
        } else {
            $scanResult->update([
                'result'        => $request->json('tests'),
                'total_score'   => $request->json('score'),
                'error_message' => $request->json('errorMessage'),
            ]);
            $scanResult->has_error = 1;
            $scanResult->complete_request = $request->json()->all();
            $scanResult->save();
            $scanResult->save();
        }

        $this->updateScanStatus(Scan::find($scanResult->scan_id));
    }

    protected function updateScanStatus(Scan $scan)
    {
        Log::info('Get Progress from id: '.$scan->id.' for '.$scan->url);
        if ($scan->getProgress() >= 99) {
            $scan->update([
                'status' => 3,

            ]);
            Log::info('Ready to update '.$scan->id.' to status 3');
            // SCAN IS FINISHED! INFORM USER
            if ($scan->recurrentscan === 1 && $scan->results->count() === 5) {

The condition $scan->recurrentscan === 1 is always false.

                //CHECK LAST NOTIFICATION
                // SHOULD FIX #28 IN BLA
                $domainString = $scan->url;
                Log::info('TRY TO GET DOMAIN OBJECT FOR '.$domainString);
                /** @var Domain $domain */
                $domain = Domain::whereDomain($domainString)->first();
                Log::info('SCAN FINISHED FOR'.$domainString.'//'.$domain->domain_token);
                $totalScore = 0;
                /** @var ScanResult $result */
                foreach ($scan->results() as $result) {
                    $totalScore += $result->total_score;
                }

                $totalScore /= 5;
                Log::info('TOTAL SCORE FOR DOMAIN '.$domain->domain.' // '.$totalScore);
                if ($domain instanceof Domain && ($domain->last_notification === null || $domain->last_notification < Carbon::now()->addWeeks(-1)) && $totalScore <= 50) {
                    Log::info('LAST NOTIFICATION FOR '.$domainString.' EARLIER THEN 1 WEEK');
                    $domain->last_notification = Carbon::now();
                    $domain->save();
                    $client = new Client();
                    $client->get(env('BLA_URL', 'https://api.siwecos.de/bla/current/public').'/api/v1/generateLowScoreReport/'.$scan->id);
                    Log::info('CONNECT REPORT GEN ON '.env('BLA_URL'));
                }
            }
            $scan->save();
            Log::info('Done updating   '.$scan->id.' to status 3');
            // Call broadcasting api from business layer
            $client = new Client();
            $client->get(env('BLA_URL', 'https://api.siwecos.de/bla/current/public').'/api/v1/freescan/'.$scan->id);
            Log::info('CONNECT FREESCAN ON '.env('BLA_URL'));
        }
    }
}