Issues in request.php (master) - Issues in master - litefeel/writing-on-github - Measure and Improve Code Quality continuously with Scrutinizer

Issues (67)

lib/request.php (2 issues)

Labels

Severity

Major 2

<?php
/**
 * Request management object.
 * @package Writing_On_GitHub
 */

/**
 * Class Writing_On_GitHub_Request
 */
class Writing_On_GitHub_Request {

    /**
     * Application container.
     *
     * @var Writing_On_GitHub
     */
    protected $app;

    /**
     * Raw request data.
     *
     * @var string
     */
    protected $raw_data;

    /**
     * Headers
     * @var array
     */
    protected $headers;

    /**
     * Writing_On_GitHub_Request constructor.
     *
     * @param Writing_On_GitHub $app Application container.
     */
    public function __construct( Writing_On_GitHub $app ) {
        $this->app = $app;
    }

    /**
     * Validates the header's secret.
     *
     * @return true|WP_Error
     */
    public function is_secret_valid() {
        $headers = $this->headers();

        $this->raw_data = $this->read_raw_data();

        // Validate request secret.
        $hash = hash_hmac( 'sha1', $this->raw_data, $this->secret() );
        if ( 'sha1=' . $hash !== $headers['X-Hub-Signature'] ) {
            return false;

        }

        //      [X-Hub-Signature] => sha1=3cf3da70de401f7dfff053392f60cc534efed3b4
        //     [Content-Type] => application/json
        //     [X-Github-Delivery] => b2102500-0acf-11e7-8acb-fd86a3497c2f
        //     [X-Github-Event] => ping

        return true;
    }

    /**
     * Validates the ping event.
     * @return boolean
     */
    public function is_ping() {
        return 'ping' == $this->webhook_event();
    }

    /**
     * Validates the push event.
     * @return boolean
     */
    public function is_push() {
        return 'push' == $this->webhook_event();
    }

    /**
     * Return X-Github-Event in headers.
     * @return string
     */
    public function webhook_event() {
        $headers = $this->headers();
        return $headers['X-Github-Event'];
    }

    /**
     * Returns a payload object for the given request.
     *
     * @return Writing_On_GitHub_Payload
     */
    public function payload() {
        return new Writing_On_GitHub_Payload( $this->app, $this->raw_data );
    }

    /**
     * Cross-server header support.
     *
     * Returns an array of the request's headers.
     *
     * @return array
     */
    protected function headers() {
        if ( ! empty( $this->headers ) ) {
            return $this->headers;
        }

        $this->headers = array();
        if ( function_exists( 'getallheaders' ) ) {
            $headers = getallheaders();
            // github webhook
            // content-type: application/json
            // Expect:
            // User-Agent: GitHub-Hookshot/7a71d82
            // X-GitHub-Delivery: a331b200-2537-11e8-9d7e-ce0853020b44
            // X-GitHub-Event: push
            // X-Hub-Signature: sha1=98185ffa2c4684c9a1324c57086709acca9dddc7
            foreach ( $headers as $name => $value ) {
                $this->headers[ str_replace( ' ', '-', ucwords( strtolower( str_replace( '-', ' ', $name ) ) ) ) ] = $value;
            }
        } else {
            /**
             * Nginx and pre 5.4 workaround.
             * @see http://www.php.net/manual/en/function.getallheaders.php
             */
            foreach ( $_SERVER as $name => $value ) {
                if ( 'HTTP_' === substr( $name, 0, 5 ) ) {
                    $this->headers[ str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) ) ] = $value;
                }
            }
        }

        return $this->headers;
    }

    /**
     * Reads the raw data from STDIN.
     *
     * @return string
     */
    protected function read_raw_data() {
        return file_get_contents( 'php://input' );
    }

    /**
     * Returns the Webhook secret
     *
     * @return string
     */
    protected function secret() {
        return get_option( 'wogh_secret' );

    }
}


1			<?php
2			/**
3			* Request management object.
4			* @package Writing_On_GitHub
5			*/
6
7			/**
8			* Class Writing_On_GitHub_Request
9			*/
10			class Writing_On_GitHub_Request {
11
12			/**
13			* Application container.
14			*
15			* @var Writing_On_GitHub
16			*/
17			protected $app;
18
19			/**
20			* Raw request data.
21			*
22			* @var string
23			*/
24			protected $raw_data;
25
26			/**
27			* Headers
28			* @var array
29			*/
30			protected $headers;
31
32			/**
33			* Writing_On_GitHub_Request constructor.
34			*
35			* @param Writing_On_GitHub $app Application container.
36			*/
37			public function __construct( Writing_On_GitHub $app ) {
38			$this->app = $app;
39			}
40
41			/**
42			* Validates the header's secret.
43			*
44			* @return true\|WP_Error
45			*/
46			public function is_secret_valid() {
47			$headers = $this->headers();
48
49			$this->raw_data = $this->read_raw_data();
50
51			// Validate request secret.
52			$hash = hash_hmac( 'sha1', $this->raw_data, $this->secret() );
53			if ( 'sha1=' . $hash !== $headers['X-Hub-Signature'] ) {
54			return false;
			0 ignored issues – show Bug Best Practice introduced 2018-03-08 04:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return false` returns the type `false` which is incompatible with the documented return type `WP_Error\|true`. Loading history...
55			}
56
57			// [X-Hub-Signature] => sha1=3cf3da70de401f7dfff053392f60cc534efed3b4
58			// [Content-Type] => application/json
59			// [X-Github-Delivery] => b2102500-0acf-11e7-8acb-fd86a3497c2f
60			// [X-Github-Event] => ping
61
62			return true;
63			}
64
65			/**
66			* Validates the ping event.
67			* @return boolean
68			*/
69			public function is_ping() {
70			return 'ping' == $this->webhook_event();
71			}
72
73			/**
74			* Validates the push event.
75			* @return boolean
76			*/
77			public function is_push() {
78			return 'push' == $this->webhook_event();
79			}
80
81			/**
82			* Return X-Github-Event in headers.
83			* @return string
84			*/
85			public function webhook_event() {
86			$headers = $this->headers();
87			return $headers['X-Github-Event'];
88			}
89
90			/**
91			* Returns a payload object for the given request.
92			*
93			* @return Writing_On_GitHub_Payload
94			*/
95			public function payload() {
96			return new Writing_On_GitHub_Payload( $this->app, $this->raw_data );
97			}
98
99			/**
100			* Cross-server header support.
101			*
102			* Returns an array of the request's headers.
103			*
104			* @return array
105			*/
106			protected function headers() {
107			if ( ! empty( $this->headers ) ) {
108			return $this->headers;
109			}
110
111			$this->headers = array();
112			if ( function_exists( 'getallheaders' ) ) {
113			$headers = getallheaders();
114			// github webhook
115			// content-type: application/json
116			// Expect:
117			// User-Agent: GitHub-Hookshot/7a71d82
118			// X-GitHub-Delivery: a331b200-2537-11e8-9d7e-ce0853020b44
119			// X-GitHub-Event: push
120			// X-Hub-Signature: sha1=98185ffa2c4684c9a1324c57086709acca9dddc7
121			foreach ( $headers as $name => $value ) {
122			$this->headers[ str_replace( ' ', '-', ucwords( strtolower( str_replace( '-', ' ', $name ) ) ) ) ] = $value;
123			}
124			} else {
125			/**
126			* Nginx and pre 5.4 workaround.
127			* @see http://www.php.net/manual/en/function.getallheaders.php
128			*/
129			foreach ( $_SERVER as $name => $value ) {
130			if ( 'HTTP_' === substr( $name, 0, 5 ) ) {
131			$this->headers[ str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) ) ] = $value;
132			}
133			}
134			}
135
136			return $this->headers;
137			}
138
139			/**
140			* Reads the raw data from STDIN.
141			*
142			* @return string
143			*/
144			protected function read_raw_data() {
145			return file_get_contents( 'php://input' );
146			}
147
148			/**
149			* Returns the Webhook secret
150			*
151			* @return string
152			*/
153			protected function secret() {
154			return get_option( 'wogh_secret' );
			0 ignored issues – show Bug Best Practice introduced 2018-03-08 04:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return get_option('wogh_secret')` could also return `false` which is incompatible with the documented return type `string`. Did you maybe forget to handle an error condition? If the returned type also contains false, it is an indicator that maybe an error condition leading to the specific return statement remains unhandled. Loading history...
155			}
156			}
157

litefeel / writing-on-github

Issues (67)

lib/request.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like