Code Duplication - thecodingmachine/csrf-header-check-middleware - Measure and Improve Code Quality continuously with Scrutinizer

Code Duplication Length = 11-13 lines in 6 locations

tests/CsrfHeaderCheckMiddlewareTest.php 6 locations


        $response = $middleware->process($request, $this->getDelegate());
    }

    public function testFailingPostRequestNoHost()
    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Post");
        $request = $request->withHeader('Origin', "http://alice.com");
        $request = $request->withoutHeader('Host');

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $this->expectException(CsrfHeaderCheckMiddlewareException::class);
        $this->expectExceptionMessage('Could not find the HOST header in the HTTP request.');

        $response = $middleware->process($request, $this->getDelegate());
    }

    public function testSuccessfullPostWithOriginAndHost()
    {

        $response = $middleware->process($request, $this->getDelegate());
    }

    public function testSuccessfullPostWithOriginAndHost()
    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Post");
        $request = $request->withHeader('Origin', "http://alice.com");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $response = $middleware->process($request, $this->getDelegate());

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testSuccessfullPostWithOriginAndHostAndPort()
    {

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testSuccessfullPostWithOriginAndHostAndPort()
    {
        $request = new ServerRequest([], [], "http://alice.com:8080/hello", "Post");
        $request = $request->withHeader('Origin', "http://alice.com:8080");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $response = $middleware->process($request, $this->getDelegate());

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testSuccessfullPostWithRefererAndForwardedHostAndPort()
    {

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testSuccessfullPostWithRefererAndForwardedHostAndPort()
    {
        $request = new ServerRequest([], [], "http://bob.com/hello", "Post");
        $request = $request->withHeader('Referer', "http://alice.com");
        $request = $request->withHeader('X-Forwarded-Host', "alice.com");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $response = $middleware->process($request, $this->getDelegate());

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testAttackPostWithOriginAndHost()
    {

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testAttackPostWithOriginAndHost()
    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Post");
        $request = $request->withHeader('Origin', "http://eve.com");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $this->expectException(CsrfHeaderCheckMiddlewareException::class);
        $this->expectExceptionMessage('Potential CSRF attack stopped. Source origin and target origin do not match.');
        $response = $middleware->process($request, $this->getDelegate());
    }

    public function testExceptionOnWeirdRequests()
    {

        $response = $middleware->process($request, $this->getDelegate());
    }

    public function testExceptionOnWeirdRequests()
    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Post");
        $request = $request->withHeader('Origin', "http://eve.com");
        $request = $request->withAddedHeader('Origin', "http://alice.com");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $this->expectException(CsrfHeaderCheckMiddlewareException::class);
        $this->expectExceptionMessage('Unexpected request: more than one ORIGIN header sent.');
        $response = $middleware->process($request, $this->getDelegate());
    }
}


		@@ 41-53 (lines=13) @@
38		$response = $middleware->process($request, $this->getDelegate());
39		}
40
41		public function testFailingPostRequestNoHost()
42		{
43		$request = new ServerRequest([], [], "http://alice.com/hello", "Post");
44		$request = $request->withHeader('Origin', "http://alice.com");
45		$request = $request->withoutHeader('Host');
46
47		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
48
49		$this->expectException(CsrfHeaderCheckMiddlewareException::class);
50		$this->expectExceptionMessage('Could not find the HOST header in the HTTP request.');
51
52		$response = $middleware->process($request, $this->getDelegate());
53		}
54
55		public function testSuccessfullPostWithOriginAndHost()
56		{
		@@ 55-65 (lines=11) @@
52		$response = $middleware->process($request, $this->getDelegate());
53		}
54
55		public function testSuccessfullPostWithOriginAndHost()
56		{
57		$request = new ServerRequest([], [], "http://alice.com/hello", "Post");
58		$request = $request->withHeader('Origin', "http://alice.com");
59
60		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
61
62		$response = $middleware->process($request, $this->getDelegate());
63
64		$this->assertSame('foobar', (string) $response->getBody());
65		}
66
67		public function testSuccessfullPostWithOriginAndHostAndPort()
68		{
		@@ 67-77 (lines=11) @@
64		$this->assertSame('foobar', (string) $response->getBody());
65		}
66
67		public function testSuccessfullPostWithOriginAndHostAndPort()
68		{
69		$request = new ServerRequest([], [], "http://alice.com:8080/hello", "Post");
70		$request = $request->withHeader('Origin', "http://alice.com:8080");
71
72		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
73
74		$response = $middleware->process($request, $this->getDelegate());
75
76		$this->assertSame('foobar', (string) $response->getBody());
77		}
78
79		public function testSuccessfullPostWithRefererAndForwardedHostAndPort()
80		{
		@@ 79-90 (lines=12) @@
76		$this->assertSame('foobar', (string) $response->getBody());
77		}
78
79		public function testSuccessfullPostWithRefererAndForwardedHostAndPort()
80		{
81		$request = new ServerRequest([], [], "http://bob.com/hello", "Post");
82		$request = $request->withHeader('Referer', "http://alice.com");
83		$request = $request->withHeader('X-Forwarded-Host', "alice.com");
84
85		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
86
87		$response = $middleware->process($request, $this->getDelegate());
88
89		$this->assertSame('foobar', (string) $response->getBody());
90		}
91
92		public function testAttackPostWithOriginAndHost()
93		{
		@@ 92-102 (lines=11) @@
89		$this->assertSame('foobar', (string) $response->getBody());
90		}
91
92		public function testAttackPostWithOriginAndHost()
93		{
94		$request = new ServerRequest([], [], "http://alice.com/hello", "Post");
95		$request = $request->withHeader('Origin', "http://eve.com");
96
97		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
98
99		$this->expectException(CsrfHeaderCheckMiddlewareException::class);
100		$this->expectExceptionMessage('Potential CSRF attack stopped. Source origin and target origin do not match.');
101		$response = $middleware->process($request, $this->getDelegate());
102		}
103
104		public function testExceptionOnWeirdRequests()
105		{
		@@ 104-115 (lines=12) @@
101		$response = $middleware->process($request, $this->getDelegate());
102		}
103
104		public function testExceptionOnWeirdRequests()
105		{
106		$request = new ServerRequest([], [], "http://alice.com/hello", "Post");
107		$request = $request->withHeader('Origin', "http://eve.com");
108		$request = $request->withAddedHeader('Origin', "http://alice.com");
109
110		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
111
112		$this->expectException(CsrfHeaderCheckMiddlewareException::class);
113		$this->expectExceptionMessage('Unexpected request: more than one ORIGIN header sent.');
114		$response = $middleware->process($request, $this->getDelegate());
115		}
116		}
117

thecodingmachine / csrf-header-check-middleware

Code Duplication Length = 11-13 lines in 6 locations

tests/CsrfHeaderCheckMiddlewareTest.php 6 locations