Issues in OriginCheck.php - All Issues - Inspection of "Add support for Laravel 5.8 (#122)" - beyondcode/laravel-websockets - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( edcf20...3ec6c0 )

by Marcel

created 2019-02-27 14:27 UTC

src/Server/OriginCheck.php (2 issues)

Labels

Bug 2

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace BeyondCode\LaravelWebSockets\Server;

use Ratchet\ConnectionInterface;
use Ratchet\Http\CloseResponseTrait;
use Ratchet\Http\HttpServerInterface;
use Psr\Http\Message\RequestInterface;
use Ratchet\MessageComponentInterface;

class OriginCheck implements HttpServerInterface
{
    use CloseResponseTrait;

    /** @var \Ratchet\MessageComponentInterface */
    protected $_component;

    protected $allowedOrigins = [];

    public function __construct(MessageComponentInterface $component, array $allowedOrigins = [])
    {
        $this->_component = $component;

        $this->allowedOrigins = $allowedOrigins;
    }

    public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
    {
        if ($request->hasHeader('Origin')) {
function someFunction(A $objectMaybe = null)
{
    if ($objectMaybe instanceof A) {
        $objectMaybe->doSomething();
    }
}
            $this->verifyOrigin($connection, $request);
function notNullable(stdClass $x) { }

// Unsafe
function withoutCheck(stdClass $x = null) {
    notNullable($x);
}

// Safe - Alternative 1: Adding Additional Type-Check
function withCheck(stdClass $x = null) {
    if ($x instanceof stdClass) {
        notNullable($x);
    }
}

// Safe - Alternative 2: Changing Parameter
function withNonNullableParam(stdClass $x) {
    notNullable($x);
}
        }

        return $this->_component->onOpen($connection, $request);
    }

    public function onMessage(ConnectionInterface $from, $msg)
    {
        return $this->_component->onMessage($from, $msg);
    }

    public function onClose(ConnectionInterface $connection)
    {
        return $this->_component->onClose($connection);
    }

    public function onError(ConnectionInterface $connection, \Exception $e)
    {
        return $this->_component->onError($connection, $e);
    }

    protected function verifyOrigin(ConnectionInterface $connection, RequestInterface $request)
    {
        $header = (string) $request->getHeader('Origin')[0];
        $origin = parse_url($header, PHP_URL_HOST) ?: $header;

        if (! empty($this->allowedOrigins) && ! in_array($origin, $this->allowedOrigins)) {
            return $this->close($connection, 403);
        }
    }
}


1			<?php
2
3			namespace BeyondCode\LaravelWebSockets\Server;
4
5			use Ratchet\ConnectionInterface;
6			use Ratchet\Http\CloseResponseTrait;
7			use Ratchet\Http\HttpServerInterface;
8			use Psr\Http\Message\RequestInterface;
9			use Ratchet\MessageComponentInterface;
10
11			class OriginCheck implements HttpServerInterface
12			{
13			use CloseResponseTrait;
14
15			/** @var \Ratchet\MessageComponentInterface */
16			protected $_component;
17
18			protected $allowedOrigins = [];
19
20			public function __construct(MessageComponentInterface $component, array $allowedOrigins = [])
21			{
22			$this->_component = $component;
23
24			$this->allowedOrigins = $allowedOrigins;
25			}
26
27			public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
28			{
29			if ($request->hasHeader('Origin')) {
			0 ignored issues – show Bug introduced 2018-12-04 21:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request` is not always an object, but can also be of type `null`. Maybe add an additional type check? If a variable is not always an object, we recommend to add an additional type check to ensure your method call is safe: function someFunction(A $objectMaybe = null) { if ($objectMaybe instanceof A) { $objectMaybe->doSomething(); } } Loading history...
30			$this->verifyOrigin($connection, $request);
			0 ignored issues – show Bug introduced 2018-12-04 21:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request` defined by parameter `$request` on line `27` can be `null`; however, `BeyondCode\LaravelWebSoc...inCheck::verifyOrigin()` does not accept `null`, maybe add an additional type check? It seems like you allow that null is being passed for a parameter, however the function which is called does not seem to accept null. We recommend to add an additional type check (or disallow null for the parameter): function notNullable(stdClass $x) { } // Unsafe function withoutCheck(stdClass $x = null) { notNullable($x); } // Safe - Alternative 1: Adding Additional Type-Check function withCheck(stdClass $x = null) { if ($x instanceof stdClass) { notNullable($x); } } // Safe - Alternative 2: Changing Parameter function withNonNullableParam(stdClass $x) { notNullable($x); } Loading history...
31			}
32
33			return $this->_component->onOpen($connection, $request);
34			}
35
36			public function onMessage(ConnectionInterface $from, $msg)
37			{
38			return $this->_component->onMessage($from, $msg);
39			}
40
41			public function onClose(ConnectionInterface $connection)
42			{
43			return $this->_component->onClose($connection);
44			}
45
46			public function onError(ConnectionInterface $connection, \Exception $e)
47			{
48			return $this->_component->onError($connection, $e);
49			}
50
51			protected function verifyOrigin(ConnectionInterface $connection, RequestInterface $request)
52			{
53			$header = (string) $request->getHeader('Origin')[0];
54			$origin = parse_url($header, PHP_URL_HOST) ?: $header;
55
56			if (! empty($this->allowedOrigins) && ! in_array($origin, $this->allowedOrigins)) {
57			return $this->close($connection, 403);
58			}
59			}
60			}
61

beyondcode / laravel-websockets

Push — master ( edcf20...3ec6c0 )

src/Server/OriginCheck.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like