SOAP - Code Metrics - Inspection of "Merge pull request #96 from JohnMaguire/ecp-suppor..." - simplesamlphp/saml2 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( a0de91...6ebd4b )

by Thijs

created 2017-12-06 15:22 UTC

SOAP A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	92
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	7

Importance

Changes

Metric	Value
dl	0
loc	92
rs	10
c	0
b	0
f	0
wmc	7
lcom	0
cbo	7

4 Methods

Rating	Name	Size	Complexity
B	getOutputToSend()	40	3
A	send()	10	1
A	receive()	15	2
A	getInputStream()	4	1

<?php

namespace SAML2;

use DOMDocument;

use SAML2\XML\ecp\Response as ECPResponse;

/**
 * Class which implements the SOAP binding.
 *
 * @package SimpleSAMLphp
 */
class SOAP extends Binding
{
    public function getOutputToSend(Message $message)
    {
        $envelope = <<<SOAP
<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="%s">
    <SOAP-ENV:Header />
    <SOAP-ENV:Body />
</SOAP-ENV:Envelope>
SOAP;
        $envelope = sprintf($envelope, Constants::NS_SOAP);

        $doc = new DOMDocument;
        $doc->loadXML($envelope);

        // In the Artifact Resolution profile, this will be an ArtifactResolve
        // containing another message (e.g. a Response), however in the ECP
        // profile, this is the Response itself.
        if ($message instanceof Response) {
            $header = $doc->getElementsByTagNameNS(Constants::NS_SOAP, 'Header')->item(0);

            $response = new ECPResponse;
            $response->AssertionConsumerServiceURL = $this->getDestination() ?: $message->getDestination();

            $response->toXML($header);


            // TODO We SHOULD add ecp:RequestAuthenticated SOAP header if we
            // authenticated the AuthnRequest. It may make sense to have a
            // standardized way for Message objects to contain (optional) SOAP
            // headers for use with the SOAP binding.
            //
            // https://docs.oasis-open.org/security/saml/Post2.0/saml-ecp/v2.0/cs01/saml-ecp-v2.0-cs01.html#_Toc366664733
            // See Section 2.3.6.1

        }

        $body = $doc->getElementsByTagNameNs(Constants::NS_SOAP, 'Body')->item(0);

        $body->appendChild($doc->importNode($message->toSignedXML(), true));

        return $doc->saveXML();
    }

    /**
     * Send a SAML 2 message using the SOAP binding.
     *
     * Note: This function never returns.
     *
     * @param \SAML2\Message $message The message we should send.
     *
     * @SuppressWarnings(PHPMD.ExitExpression)
     */
    public function send(Message $message)
    {
        header('Content-Type: text/xml', true);

        $xml = $this->getOutputToSend($message);
        SAML2_Utils::getContainer()->debugMessage($xml, 'out');
        echo $xml;

        exit(0);
    }

    /**
     * Receive a SAML 2 message sent using the HTTP-POST binding.
     *
     * Throws an exception if it is unable receive the message.
     *
     * @return \SAML2\Message The received message.
     * @throws \Exception
     */
    public function receive()
    {
        $postText = $this->getInputStream();

        if (empty($postText)) {
            throw new \Exception('Invalid message received to AssertionConsumerService endpoint.');
        }

        $document = DOMDocumentFactory::fromString($postText);
        $xml = $document->firstChild;
        Utils::getContainer()->debugMessage($xml, 'in');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $results = Utils::xpQuery($xml, '/soap-env:Envelope/soap-env:Body/*[1]');

        return Message::fromXML($results[0]);
    }

    protected function getInputStream()
    {
        return file_get_contents('php://input');
    }
}


1			<?php
2
3			namespace SAML2;
4
5			use DOMDocument;
6
7			use SAML2\XML\ecp\Response as ECPResponse;
8
9			/**
10			* Class which implements the SOAP binding.
11			*
12			* @package SimpleSAMLphp
13			*/
14			class SOAP extends Binding
15			{
16			public function getOutputToSend(Message $message)
17			{
18			$envelope = <<<SOAP
19			<?xml version="1.0" encoding="utf-8"?>
20			<SOAP-ENV:Envelope xmlns:SOAP-ENV="%s">
21			<SOAP-ENV:Header />
22			<SOAP-ENV:Body />
23			</SOAP-ENV:Envelope>
24			SOAP;
25			$envelope = sprintf($envelope, Constants::NS_SOAP);
26
27			$doc = new DOMDocument;
28			$doc->loadXML($envelope);
29
30			// In the Artifact Resolution profile, this will be an ArtifactResolve
31			// containing another message (e.g. a Response), however in the ECP
32			// profile, this is the Response itself.
33			if ($message instanceof Response) {
34			$header = $doc->getElementsByTagNameNS(Constants::NS_SOAP, 'Header')->item(0);
35
36			$response = new ECPResponse;
37			$response->AssertionConsumerServiceURL = $this->getDestination() ?: $message->getDestination();
38
39			$response->toXML($header);
			0 ignored issues – show Compatibility introduced 2017-05-31 21:20 UTC by Report Bug Copy Issue Report `$header` of type `object<DOMNode>` is not a sub-type of `object<DOMElement>`. It seems like you assume a child class of the class `DOMNode` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
40
41			// TODO We SHOULD add ecp:RequestAuthenticated SOAP header if we
42			// authenticated the AuthnRequest. It may make sense to have a
43			// standardized way for Message objects to contain (optional) SOAP
44			// headers for use with the SOAP binding.
45			//
46			// https://docs.oasis-open.org/security/saml/Post2.0/saml-ecp/v2.0/cs01/saml-ecp-v2.0-cs01.html#_Toc366664733
47			// See Section 2.3.6.1
			0 ignored issues – show Unused Code Comprehensibility introduced 2017-05-31 21:20 UTC by Report Bug Copy Issue Report `38%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
48			}
49
50			$body = $doc->getElementsByTagNameNs(Constants::NS_SOAP, 'Body')->item(0);
51
52			$body->appendChild($doc->importNode($message->toSignedXML(), true));
53
54			return $doc->saveXML();
55			}
56
57			/**
58			* Send a SAML 2 message using the SOAP binding.
59			*
60			* Note: This function never returns.
61			*
62			* @param \SAML2\Message $message The message we should send.
63			*
64			* @SuppressWarnings(PHPMD.ExitExpression)
65			*/
66			public function send(Message $message)
67			{
68			header('Content-Type: text/xml', true);
69
70			$xml = $this->getOutputToSend($message);
71			SAML2_Utils::getContainer()->debugMessage($xml, 'out');
72			echo $xml;
73
74			exit(0);
75			}
76
77			/**
78			* Receive a SAML 2 message sent using the HTTP-POST binding.
79			*
80			* Throws an exception if it is unable receive the message.
81			*
82			* @return \SAML2\Message The received message.
83			* @throws \Exception
84			*/
85			public function receive()
86			{
87			$postText = $this->getInputStream();
88
89			if (empty($postText)) {
90			throw new \Exception('Invalid message received to AssertionConsumerService endpoint.');
91			}
92
93			$document = DOMDocumentFactory::fromString($postText);
94			$xml = $document->firstChild;
95			Utils::getContainer()->debugMessage($xml, 'in');
			0 ignored issues – show Documentation introduced 2015-11-29 21:04 UTC by Report Bug Copy Issue Report `$xml` is of type `object<DOMNode>`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
96			$results = Utils::xpQuery($xml, '/soap-env:Envelope/soap-env:Body/*[1]');
97
98			return Message::fromXML($results[0]);
99			}
100
101			protected function getInputStream()
102			{
103			return file_get_contents('php://input');
104			}
105			}
106

simplesamlphp / saml2

Push — master ( a0de91...6ebd4b )

SOAP A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

Duplication Side-by-Side

Filter issues like