Inspection of "support FaceID (a.k.a. Apple's very own attestatio..." - simplesamlphp/simplesamlphp-module-webauthn - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 74c929...60a713 )

by Stefan

created 2021-03-10 08:20 UTC

Status

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -130,7 +130,7 @@
 block discarded – undo
         $frontendData = [];
         $frontendData['challengeEncoded'] = $challengeEncoded;
         $frontendData['state'] = [];
-        foreach (['Source', 'FIDO2Scope','FIDO2Username','FIDO2Displayname','requestTokenModel'] as $stateItem) {
+        foreach (['Source', 'FIDO2Scope', 'FIDO2Username', 'FIDO2Displayname', 'requestTokenModel'] as $stateItem) {
             $frontendData['state'][$stateItem] = $state[$stateItem];
         }
 

Please login to merge, or discard this patch.

lib/Controller/AuthProcess.php 1 patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -176,7 +176,7 @@
 block discarded – undo
 
         if ($debugEnabled) {
             $response = new StreamedResponse();
-            $response->setCallback(function ($authObject, $state) {
+            $response->setCallback(function($authObject, $state) {
                 echo $authObject->getDebugBuffer();
                 echo $authObject->getValidateBuffer();
                 echo "Debug mode, not continuing to " . ($state['FIDO2WantsRegister'] ? "credential registration page." : "destination.");

Please login to merge, or discard this patch.

lib/Controller/RegProcess.php 1 patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -183,7 +183,7 @@
 block discarded – undo
         $id = $this->authState::saveState($state, 'webauthn:request');
         if ($debugEnabled === true) {
             $response = new StreamedResponse();
-            $response->setCallback(function ($regObject, $id) {
+            $response->setCallback(function($regObject, $id) {
                 echo $regObject->getDebugBuffer();
                 echo $regObject->getValidateBuffer();
                 echo "<form id='regform' method='POST' action='" .

Please login to merge, or discard this patch.

lib/WebAuthn/WebAuthnRegistrationEvent.php 1 patch

Spacing +7 added lines, -7 removed lines patch added patch discarded remove patch

@@ -181,7 +181,7 @@  discard block
 block discarded – undo
 	// Found the root CA with Google, see above, and will perform chain validation even if the spec doesn't say so.
 
 	// first, clear the openssl error backlog. We might need error data in case things go sideways.
-	while(openssl_error_string() !== false);
+	while (openssl_error_string() !== false);
 
         $stmtDecoded = $attestationArray['attStmt'];
 	if (!isset($stmtDecoded['x5c'])) {
@@ -197,7 +197,7 @@  discard block
 block discarded – undo
            !isset($certProps['extensions']['1.2.840.113635.100.8.2'])
            || empty($certProps['extensions']['1.2.840.113635.100.8.2'])
                 ) {
-                    $this->fail( "The required nonce value is not present in the OID." );
+                    $this->fail("The required nonce value is not present in the OID.");
                 }
 	$toCompare = substr($certProps['extensions']['1.2.840.113635.100.8.2'], 6);
 	if ($nonce != $toCompare) {
@@ -205,7 +205,7 @@  discard block
 block discarded – undo
 	}
 
 	// chain validation first
-	foreach ( $stmtDecoded['x5c'] as $runIndex => $runCert ) {
+	foreach ($stmtDecoded['x5c'] as $runIndex => $runCert) {
 		if (isset($stmtDecoded['x5c'][$runIndex + 1])) { // there is a next cert, so follow the chain
 			$certResource = openssl_x509_read(Utils\Crypto::der2pem($runCert));
 			$signerPubKey = openssl_pkey_get_public(Utils\Crypto::der2pem($stmtDecoded['x5c'][$runIndex + 1]));
@@ -219,7 +219,7 @@  discard block
 block discarded – undo
 			$certResource = openssl_x509_read(Utils\Crypto::der2pem($runCert));
 			$signerPubKey = openssl_pkey_get_public($APPLE_WEBAUTHN_ROOT_CA);
 			if (openssl_x509_verify($certResource, $signerPubKey) != 1) {
-                                $this->fail("Error during root CA validation of the attestation chain certificate, which is ".Utils\Crypto::der2pem($runCert));
+                                $this->fail("Error during root CA validation of the attestation chain certificate, which is " . Utils\Crypto::der2pem($runCert));
                         }
 		}
 	}
@@ -251,9 +251,9 @@  discard block
 block discarded – undo
 	// § 8.8 Bullet 5
 	$credentialDetails = openssl_pkey_get_details($credentialResource);
 	$keyDetails = openssl_pkey_get_details($keyResource);
-	if ( $credentialDetails['bits'] != $keyDetails['bits'] ||
-             $credentialDetails['key']  != $keyDetails['key']  ||
-             $credentialDetails['type'] != $keyDetails['type'] ) { 
+	if ($credentialDetails['bits'] != $keyDetails['bits'] ||
+             $credentialDetails['key'] != $keyDetails['key'] ||
+             $credentialDetails['type'] != $keyDetails['type']) { 
 		$this->fail("The credential public key does not match the certificate public key in attestationData. ("
               . $credentialDetails['key'] 
               . " - "

Please login to merge, or discard this patch.

		@@ -130,7 +130,7 @@
		block discarded – undo
130	130	$frontendData = [];
131	131	$frontendData['challengeEncoded'] = $challengeEncoded;
132	132	$frontendData['state'] = [];
133		- foreach (['Source', 'FIDO2Scope','FIDO2Username','FIDO2Displayname','requestTokenModel'] as $stateItem) {
	133	+ foreach (['Source', 'FIDO2Scope', 'FIDO2Username', 'FIDO2Displayname', 'requestTokenModel'] as $stateItem) {
134	134	$frontendData['state'][$stateItem] = $state[$stateItem];
135	135	}
136	136

		@@ -176,7 +176,7 @@
		block discarded – undo
176	176
177	177	if ($debugEnabled) {
178	178	$response = new StreamedResponse();
179		- $response->setCallback(function ($authObject, $state) {
	179	+ $response->setCallback(function($authObject, $state) {
180	180	echo $authObject->getDebugBuffer();
181	181	echo $authObject->getValidateBuffer();
182	182	echo "Debug mode, not continuing to " . ($state['FIDO2WantsRegister'] ? "credential registration page." : "destination.");

		@@ -183,7 +183,7 @@
		block discarded – undo
183	183	$id = $this->authState::saveState($state, 'webauthn:request');
184	184	if ($debugEnabled === true) {
185	185	$response = new StreamedResponse();
186		- $response->setCallback(function ($regObject, $id) {
	186	+ $response->setCallback(function($regObject, $id) {
187	187	echo $regObject->getDebugBuffer();
188	188	echo $regObject->getValidateBuffer();
189	189	echo "<form id='regform' method='POST' action='" .

		@@ -181,7 +181,7 @@ discard block
		block discarded – undo
181	181	// Found the root CA with Google, see above, and will perform chain validation even if the spec doesn't say so.
182	182
183	183	// first, clear the openssl error backlog. We might need error data in case things go sideways.
184		- while(openssl_error_string() !== false);
	184	+ while (openssl_error_string() !== false);
185	185
186	186	$stmtDecoded = $attestationArray['attStmt'];
187	187	if (!isset($stmtDecoded['x5c'])) {
		@@ -197,7 +197,7 @@ discard block
		block discarded – undo
197	197	!isset($certProps['extensions']['1.2.840.113635.100.8.2'])
198	198	\|\| empty($certProps['extensions']['1.2.840.113635.100.8.2'])
199	199	) {
200		- $this->fail( "The required nonce value is not present in the OID." );
	200	+ $this->fail("The required nonce value is not present in the OID.");
201	201	}
202	202	$toCompare = substr($certProps['extensions']['1.2.840.113635.100.8.2'], 6);
203	203	if ($nonce != $toCompare) {
		@@ -205,7 +205,7 @@ discard block
		block discarded – undo
205	205	}
206	206
207	207	// chain validation first
208		- foreach ( $stmtDecoded['x5c'] as $runIndex => $runCert ) {
	208	+ foreach ($stmtDecoded['x5c'] as $runIndex => $runCert) {
209	209	if (isset($stmtDecoded['x5c'][$runIndex + 1])) { // there is a next cert, so follow the chain
210	210	$certResource = openssl_x509_read(Utils\Crypto::der2pem($runCert));
211	211	$signerPubKey = openssl_pkey_get_public(Utils\Crypto::der2pem($stmtDecoded['x5c'][$runIndex + 1]));
		@@ -219,7 +219,7 @@ discard block
		block discarded – undo
219	219	$certResource = openssl_x509_read(Utils\Crypto::der2pem($runCert));
220	220	$signerPubKey = openssl_pkey_get_public($APPLE_WEBAUTHN_ROOT_CA);
221	221	if (openssl_x509_verify($certResource, $signerPubKey) != 1) {
222		- $this->fail("Error during root CA validation of the attestation chain certificate, which is ".Utils\Crypto::der2pem($runCert));
	222	+ $this->fail("Error during root CA validation of the attestation chain certificate, which is " . Utils\Crypto::der2pem($runCert));
223	223	}
224	224	}
225	225	}
		@@ -251,9 +251,9 @@ discard block
		block discarded – undo
251	251	// § 8.8 Bullet 5
252	252	$credentialDetails = openssl_pkey_get_details($credentialResource);
253	253	$keyDetails = openssl_pkey_get_details($keyResource);
254		- if ( $credentialDetails['bits'] != $keyDetails['bits'] \|\|
255		- $credentialDetails['key'] != $keyDetails['key'] \|\|
256		- $credentialDetails['type'] != $keyDetails['type'] ) {
	254	+ if ($credentialDetails['bits'] != $keyDetails['bits'] \|\|
	255	+ $credentialDetails['key'] != $keyDetails['key'] \|\|
	256	+ $credentialDetails['type'] != $keyDetails['type']) {
257	257	$this->fail("The credential public key does not match the certificate public key in attestationData. ("
258	258	. $credentialDetails['key']
259	259	. " - "

simplesamlphp / simplesamlphp-module-webauthn

Push — master ( 74c929...60a713 )

Status

Category

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

Spacing +7 added lines, -7 removed lines patch added patch discarded remove patch