Issues in KeysetAnalyzerCommand.php - New Issues - Inspection of "Key and Keyset checker commands" - Spomky-Labs/jose - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — v7 ( 859ab9...badffc )

by Florent

created 2017-09-08 21:58 UTC

KeyManagement/Command/KeysetAnalyzerCommand.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2017 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose\Bundle\KeyManagement\Command;

use Jose\Component\Core\JWKSet;
use Jose\Component\KeyManagement\KeyAnalyzer\JWKAnalyzerManager;
use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;

final class KeysetAnalyzerCommand extends ContainerAwareCommand
{
    /**
     * {@inheritdoc}
     */
    protected function configure()
    {
        $this
            ->setName('keyset:analyze')
            ->setDescription('JWKSet quality analyzer.')
            ->setHelp('This command will analyze a JWKSet object and find security issues.')
            ->addArgument('jwkset', InputArgument::REQUIRED, 'The JWKSet object')
        ;
    }

    /**
     * {@inheritdoc}
     */
    protected function execute(InputInterface $input, OutputInterface $output)
    {
        /** @var JWKAnalyzerManager $analyzerManager */
        $analyzerManager = $this->getContainer()->get(JWKAnalyzerManager::class);
        $jwkset = $this->getKeyset($input);

        $privateKeys = 0;
        $publicKeys = 0;
        $sharedKeys = 0;
        $mixedKeys = false;

        foreach($jwkset as $kid => $jwk) {
            $output->writeln(sprintf('Analysing key with index/kid "%s"', $kid));
            $messages = $analyzerManager->analyze($jwk);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
            if (!empty($messages)) {
                foreach ($messages as $message) {
                    $output->writeln('    '.$message);
                }
            } else {
                $output->writeln('    No issue with this key');
            }

            switch (true) {
                case 'oct' === $jwk->get('kty'):
                    $sharedKeys++;
                    if (0 !== $privateKeys+$publicKeys) {
                        $mixedKeys = true;
                    }
                    break;
                case in_array($jwk->get('kty'), ['RSA', 'EC', 'OKP']):
                    if ($jwk->has('d')) {
                        $privateKeys++;
                        if (0 !== $sharedKeys+$publicKeys) {
                            $mixedKeys = true;
                        }
                    } else {
                        $publicKeys++;
                        if (0 !== $privateKeys+$sharedKeys) {
                            $mixedKeys = true;
                        }
                    }
                    break;
                default:
                    break;
            }
        }

        if ($mixedKeys) {
            $output->writeln('/!\\ This key set mixes share, public and private keys. You should create one key set per key type. /!\\');
        }
    }

    /**
     * @param InputInterface $input
     *
     * @return JWKSet
     */
    private function getKeyset(InputInterface $input): JWKSet
    {
        $jwkset = $input->getArgument('jwkset');
        $json = json_decode($jwkset, true);
        if (is_array($json)) {
            return JWKSet::createFromKeyData($json);
        } elseif ($this->getContainer()->has($jwkset)) {
            $id = $this->getContainer()->get($jwkset);
            if ($id instanceof JWKSet) {
                return $id;
            }
        }

        throw new \InvalidArgumentException('The argument must be a valid JWKSet or a service ID to a JWKSet.');
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2017 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace Jose\Bundle\KeyManagement\Command;
15
16			use Jose\Component\Core\JWKSet;
17			use Jose\Component\KeyManagement\KeyAnalyzer\JWKAnalyzerManager;
18			use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
19			use Symfony\Component\Console\Input\InputArgument;
20			use Symfony\Component\Console\Input\InputInterface;
21			use Symfony\Component\Console\Output\OutputInterface;
22
23			final class KeysetAnalyzerCommand extends ContainerAwareCommand
24			{
25			/**
26			* {@inheritdoc}
27			*/
28			protected function configure()
29			{
30			$this
31			->setName('keyset:analyze')
32			->setDescription('JWKSet quality analyzer.')
33			->setHelp('This command will analyze a JWKSet object and find security issues.')
34			->addArgument('jwkset', InputArgument::REQUIRED, 'The JWKSet object')
35			;
36			}
37
38			/**
39			* {@inheritdoc}
40			*/
41			protected function execute(InputInterface $input, OutputInterface $output)
42			{
43			/** @var JWKAnalyzerManager $analyzerManager */
44			$analyzerManager = $this->getContainer()->get(JWKAnalyzerManager::class);
45			$jwkset = $this->getKeyset($input);
46
47			$privateKeys = 0;
48			$publicKeys = 0;
49			$sharedKeys = 0;
50			$mixedKeys = false;
51
52			foreach($jwkset as $kid => $jwk) {
53			$output->writeln(sprintf('Analysing key with index/kid "%s"', $kid));
54			$messages = $analyzerManager->analyze($jwk);
			0 ignored issues – show Bug introduced 2017-09-08 22:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$jwk` defined by `$jwk` on line `52` can be `null`; however, `Jose\Component\KeyManage...lyzerManager::analyze()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
55			if (!empty($messages)) {
56			foreach ($messages as $message) {
57			$output->writeln(' '.$message);
58			}
59			} else {
60			$output->writeln(' No issue with this key');
61			}
62
63			switch (true) {
64			case 'oct' === $jwk->get('kty'):
65			$sharedKeys++;
66			if (0 !== $privateKeys+$publicKeys) {
67			$mixedKeys = true;
68			}
69			break;
70			case in_array($jwk->get('kty'), ['RSA', 'EC', 'OKP']):
71			if ($jwk->has('d')) {
72			$privateKeys++;
73			if (0 !== $sharedKeys+$publicKeys) {
74			$mixedKeys = true;
75			}
76			} else {
77			$publicKeys++;
78			if (0 !== $privateKeys+$sharedKeys) {
79			$mixedKeys = true;
80			}
81			}
82			break;
83			default:
84			break;
85			}
86			}
87
88			if ($mixedKeys) {
89			$output->writeln('/!\\ This key set mixes share, public and private keys. You should create one key set per key type. /!\\');
90			}
91			}
92
93			/**
94			* @param InputInterface $input
95			*
96			* @return JWKSet
97			*/
98			private function getKeyset(InputInterface $input): JWKSet
99			{
100			$jwkset = $input->getArgument('jwkset');
101			$json = json_decode($jwkset, true);
102			if (is_array($json)) {
103			return JWKSet::createFromKeyData($json);
104			} elseif ($this->getContainer()->has($jwkset)) {
105			$id = $this->getContainer()->get($jwkset);
106			if ($id instanceof JWKSet) {
107			return $id;
108			}
109			}
110
111			throw new \InvalidArgumentException('The argument must be a valid JWKSet or a service ID to a JWKSet.');
112			}
113			}
114

Spomky-Labs / jose

Push — v7 ( 859ab9...badffc )

KeyManagement/Command/KeysetAnalyzerCommand.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like