Issues in request.php - New Issues - Inspection of "update ci" - litefeel/writing-on-github - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( c00ab5...5ed1e2 )

by litefeel

created 2017-08-10 15:17 UTC

lib/request.php (2 issues)

Labels

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Request management object.
 * @package Writing_On_GitHub
 */

/**
 * Class Writing_On_GitHub_Request
 */
class Writing_On_GitHub_Request {

	/**
	 * Application container.
	 *
	 * @var Writing_On_GitHub
	 */
	protected $app;

	/**
	 * Raw request data.
	 *
	 * @var string
	 */
	protected $raw_data;

	/**
	 * Headers
	 * @var array
	 */
	protected $headers;

	/**
	 * Writing_On_GitHub_Request constructor.
	 *
	 * @param Writing_On_GitHub $app Application container.
	 */
	public function __construct( Writing_On_GitHub $app ) {
		$this->app = $app;
	}

	/**
	 * Validates the header's secret.
	 *
	 * @return true|WP_Error

	 */
	public function is_secret_valid() {
		$headers = $this->headers();

		$this->raw_data = $this->read_raw_data();

		// Validate request secret.
		$hash = hash_hmac( 'sha1', $this->raw_data, $this->secret() );
		if ( 'sha1=' . $hash !== $headers['X-Hub-Signature'] ) {

			return false;
		}

		// 		[X-Hub-Signature] => sha1=3cf3da70de401f7dfff053392f60cc534efed3b4
		//     [Content-Type] => application/json
		//     [X-Github-Delivery] => b2102500-0acf-11e7-8acb-fd86a3497c2f
		//     [X-Github-Event] => ping

		return true;
	}

	/**
	 * Validates the ping event.
	 * @return boolean
	 */
	public function is_ping() {
		$headers = $this->headers();

		$event = $headers['X-Github-Event'];
		return 'ping' == $event;
	}

	/**
	 * Validates the push event.
	 * @return boolean
	 */
	public function is_push() {
		$headers = $this->headers();

		$event = $headers['X-Github-Event'];
		return 'push' == $event;
	}

	/**
	 * Returns a payload object for the given request.
	 *
	 * @return Writing_On_GitHub_Payload
	 */
	public function payload() {
		return new Writing_On_GitHub_Payload( $this->app, $this->raw_data );
	}

	/**
	 * Cross-server header support.
	 *
	 * Returns an array of the request's headers.
	 *
	 * @return array
	 */
	protected function headers() {
		if ( ! empty( $this->headers ) ) {
			return $this->headers;
		}

		if ( function_exists( 'getallheaders' ) ) {

			$this->headers = getallheaders();
			return $this->headers;
		}
		/**
		 * Nginx and pre 5.4 workaround.
		 * @see http://www.php.net/manual/en/function.getallheaders.php
		 */
		$this->headers = array();
		foreach ( $_SERVER as $name => $value ) {
			if ( 'HTTP_' === substr( $name, 0, 5 ) ) {
				$this->headers[ str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) ) ] = $value;
			}
		}

		return $this->headers;
	}

	/**
	 * Reads the raw data from STDIN.
	 *
	 * @return string
	 */
	protected function read_raw_data() {
		return file_get_contents( 'php://input' );
	}

	/**
	 * Returns the Webhook secret
	 *
	 * @return string
	 */
	protected function secret() {
		return get_option( 'wogh_secret' );
	}
}


1			<?php
2			/**
3			* Request management object.
4			* @package Writing_On_GitHub
5			*/
6
7			/**
8			* Class Writing_On_GitHub_Request
9			*/
10			class Writing_On_GitHub_Request {
11
12			/**
13			* Application container.
14			*
15			* @var Writing_On_GitHub
16			*/
17			protected $app;
18
19			/**
20			* Raw request data.
21			*
22			* @var string
23			*/
24			protected $raw_data;
25
26			/**
27			* Headers
28			* @var array
29			*/
30			protected $headers;
31
32			/**
33			* Writing_On_GitHub_Request constructor.
34			*
35			* @param Writing_On_GitHub $app Application container.
36			*/
37			public function __construct( Writing_On_GitHub $app ) {
38			$this->app = $app;
39			}
40
41			/**
42			* Validates the header's secret.
43			*
44			* @return true\|WP_Error
			0 ignored issues – show Documentation introduced 2017-08-09 23:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `boolean`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
45			*/
46			public function is_secret_valid() {
47			$headers = $this->headers();
48
49			$this->raw_data = $this->read_raw_data();
50
51			// Validate request secret.
52			$hash = hash_hmac( 'sha1', $this->raw_data, $this->secret() );
53			if ( 'sha1=' . $hash !== $headers['X-Hub-Signature'] ) {
			0 ignored issues – show Unused Code introduced 2017-08-09 23:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This `if` statement, and the following `return` statement can be replaced with `return !('sha1=' . $hash...rs['X-Hub-Signature']);`. Loading history...
54			return false;
55			}
56
57			// [X-Hub-Signature] => sha1=3cf3da70de401f7dfff053392f60cc534efed3b4
58			// [Content-Type] => application/json
59			// [X-Github-Delivery] => b2102500-0acf-11e7-8acb-fd86a3497c2f
60			// [X-Github-Event] => ping
61
62			return true;
63			}
64
65			/**
66			* Validates the ping event.
67			* @return boolean
68			*/
69			public function is_ping() {
70			$headers = $this->headers();
71
72			$event = $headers['X-Github-Event'];
73			return 'ping' == $event;
74			}
75
76			/**
77			* Validates the push event.
78			* @return boolean
79			*/
80			public function is_push() {
81			$headers = $this->headers();
82
83			$event = $headers['X-Github-Event'];
84			return 'push' == $event;
85			}
86
87			/**
88			* Returns a payload object for the given request.
89			*
90			* @return Writing_On_GitHub_Payload
91			*/
92			public function payload() {
93			return new Writing_On_GitHub_Payload( $this->app, $this->raw_data );
94			}
95
96			/**
97			* Cross-server header support.
98			*
99			* Returns an array of the request's headers.
100			*
101			* @return array
102			*/
103			protected function headers() {
104			if ( ! empty( $this->headers ) ) {
105			return $this->headers;
106			}
107
108			if ( function_exists( 'getallheaders' ) ) {
109
110			$this->headers = getallheaders();
111			return $this->headers;
112			}
113			/**
114			* Nginx and pre 5.4 workaround.
115			* @see http://www.php.net/manual/en/function.getallheaders.php
116			*/
117			$this->headers = array();
118			foreach ( $_SERVER as $name => $value ) {
119			if ( 'HTTP_' === substr( $name, 0, 5 ) ) {
120			$this->headers[ str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) ) ] = $value;
121			}
122			}
123
124			return $this->headers;
125			}
126
127			/**
128			* Reads the raw data from STDIN.
129			*
130			* @return string
131			*/
132			protected function read_raw_data() {
133			return file_get_contents( 'php://input' );
134			}
135
136			/**
137			* Returns the Webhook secret
138			*
139			* @return string
140			*/
141			protected function secret() {
142			return get_option( 'wogh_secret' );
143			}
144			}
145

litefeel / writing-on-github

Push — master ( c00ab5...5ed1e2 )

lib/request.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like