CsrfHeaderCheckMiddlewareTest.php$0 ➔ process() - Code Metrics - Inspection of "[WIP] Improvements" - thecodingmachine/csrf-header-check-middleware - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#1)

by David

created 2017-06-09 15:31 UTC

CsrfHeaderCheckMiddlewareTest.php$0 ➔ process() A

↳ Parent: CsrfHeaderCheckMiddlewareTest

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	4
rs	10
c	0
b	0
f	0
cc	1

<?php
declare(strict_types=1);

namespace TheCodingMachine\Middlewares;

use Interop\Http\ServerMiddleware\DelegateInterface;
use PHPUnit\Framework\TestCase;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use TheCodingMachine\Middlewares\SafeRequests\IsSafeHttpMethod;
use Zend\Diactoros\Request;
use Zend\Diactoros\Response;
use Zend\Diactoros\ServerRequest;

class CsrfHeaderCheckMiddlewareTest extends AbstractMiddlewareTest
{
    public function testGetRequest()

    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Get");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());


        $response = $middleware->process($request, $this->getDelegate());

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testFailingPostRequestNoOrigin()

    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Post");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $this->expectException(CsrfHeaderCheckMiddlewareException::class);
        $this->expectExceptionMessage('Could not find neither the ORIGIN header nor the REFERER header in the HTTP request.');

        $response = $middleware->process($request, $this->getDelegate());
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
    }

    public function testFailingPostRequestNoHost()

    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Post");
        $request = $request->withHeader('Origin', "http://alice.com");
        $request = $request->withoutHeader('Host');

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $this->expectException(CsrfHeaderCheckMiddlewareException::class);
        $this->expectExceptionMessage('Could not find the HOST header in the HTTP request.');

        $response = $middleware->process($request, $this->getDelegate());
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
    }

    public function testSuccessfullPostWithOriginAndHost()

    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Post");
        $request = $request->withHeader('Origin', "http://alice.com");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $response = $middleware->process($request, $this->getDelegate());

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testSuccessfullPostWithOriginAndHostAndPort()

    {
        $request = new ServerRequest([], [], "http://alice.com:8080/hello", "Post");
        $request = $request->withHeader('Origin', "http://alice.com:8080");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $response = $middleware->process($request, $this->getDelegate());

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testSuccessfullPostWithRefererAndForwardedHostAndPort()

    {
        $request = new ServerRequest([], [], "http://bob.com/hello", "Post");
        $request = $request->withHeader('Referer', "http://alice.com");
        $request = $request->withHeader('X-Forwarded-Host', "alice.com");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $response = $middleware->process($request, $this->getDelegate());

        $this->assertSame('foobar', (string) $response->getBody());
    }

    public function testAttackPostWithOriginAndHost()

    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Post");
        $request = $request->withHeader('Origin', "http://eve.com");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $this->expectException(CsrfHeaderCheckMiddlewareException::class);
        $this->expectExceptionMessage('Potential CSRF attack stopped. Source origin and target origin do not match.');
        $response = $middleware->process($request, $this->getDelegate());
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
    }

    public function testExceptionOnWeirdRequests()

    {
        $request = new ServerRequest([], [], "http://alice.com/hello", "Post");
        $request = $request->withHeader('Origin', "http://eve.com");
        $request = $request->withAddedHeader('Origin', "http://alice.com");

        $middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());

        $this->expectException(CsrfHeaderCheckMiddlewareException::class);
        $this->expectExceptionMessage('Unexpected request: more than one ORIGIN header sent.');
        $response = $middleware->process($request, $this->getDelegate());
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
    }
}


1		<?php
2		declare(strict_types=1);
3
4		namespace TheCodingMachine\Middlewares;
5
6		use Interop\Http\ServerMiddleware\DelegateInterface;
7		use PHPUnit\Framework\TestCase;
8		use Psr\Http\Message\ResponseInterface;
9		use Psr\Http\Message\ServerRequestInterface;
10		use TheCodingMachine\Middlewares\SafeRequests\IsSafeHttpMethod;
11		use Zend\Diactoros\Request;
12		use Zend\Diactoros\Response;
13		use Zend\Diactoros\ServerRequest;
14
15		class CsrfHeaderCheckMiddlewareTest extends AbstractMiddlewareTest
16		{
17	View Code Duplication	public function testGetRequest()
		0 ignored issues – show Duplication introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
18		{
19		$request = new ServerRequest([], [], "http://alice.com/hello", "Get");
20
21		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
22
23
24		$response = $middleware->process($request, $this->getDelegate());
25
26		$this->assertSame('foobar', (string) $response->getBody());
27		}
28
29	View Code Duplication	public function testFailingPostRequestNoOrigin()
		0 ignored issues – show Duplication introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
30		{
31		$request = new ServerRequest([], [], "http://alice.com/hello", "Post");
32
33		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
34
35		$this->expectException(CsrfHeaderCheckMiddlewareException::class);
36		$this->expectExceptionMessage('Could not find neither the ORIGIN header nor the REFERER header in the HTTP request.');
37
38		$response = $middleware->process($request, $this->getDelegate());
		0 ignored issues – show Unused Code introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report `$response` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
39		}
40
41	View Code Duplication	public function testFailingPostRequestNoHost()
		0 ignored issues – show Duplication introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
42		{
43		$request = new ServerRequest([], [], "http://alice.com/hello", "Post");
44		$request = $request->withHeader('Origin', "http://alice.com");
45		$request = $request->withoutHeader('Host');
46
47		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
48
49		$this->expectException(CsrfHeaderCheckMiddlewareException::class);
50		$this->expectExceptionMessage('Could not find the HOST header in the HTTP request.');
51
52		$response = $middleware->process($request, $this->getDelegate());
		0 ignored issues – show Unused Code introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report `$response` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
53		}
54
55	View Code Duplication	public function testSuccessfullPostWithOriginAndHost()
		0 ignored issues – show Duplication introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
56		{
57		$request = new ServerRequest([], [], "http://alice.com/hello", "Post");
58		$request = $request->withHeader('Origin', "http://alice.com");
59
60		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
61
62		$response = $middleware->process($request, $this->getDelegate());
63
64		$this->assertSame('foobar', (string) $response->getBody());
65		}
66
67	View Code Duplication	public function testSuccessfullPostWithOriginAndHostAndPort()
		0 ignored issues – show Duplication introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
68		{
69		$request = new ServerRequest([], [], "http://alice.com:8080/hello", "Post");
70		$request = $request->withHeader('Origin', "http://alice.com:8080");
71
72		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
73
74		$response = $middleware->process($request, $this->getDelegate());
75
76		$this->assertSame('foobar', (string) $response->getBody());
77		}
78
79	View Code Duplication	public function testSuccessfullPostWithRefererAndForwardedHostAndPort()
		0 ignored issues – show Duplication introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
80		{
81		$request = new ServerRequest([], [], "http://bob.com/hello", "Post");
82		$request = $request->withHeader('Referer', "http://alice.com");
83		$request = $request->withHeader('X-Forwarded-Host', "alice.com");
84
85		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
86
87		$response = $middleware->process($request, $this->getDelegate());
88
89		$this->assertSame('foobar', (string) $response->getBody());
90		}
91
92	View Code Duplication	public function testAttackPostWithOriginAndHost()
		0 ignored issues – show Duplication introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
93		{
94		$request = new ServerRequest([], [], "http://alice.com/hello", "Post");
95		$request = $request->withHeader('Origin', "http://eve.com");
96
97		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
98
99		$this->expectException(CsrfHeaderCheckMiddlewareException::class);
100		$this->expectExceptionMessage('Potential CSRF attack stopped. Source origin and target origin do not match.');
101		$response = $middleware->process($request, $this->getDelegate());
		0 ignored issues – show Unused Code introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report `$response` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
102		}
103
104	View Code Duplication	public function testExceptionOnWeirdRequests()
		0 ignored issues – show Duplication introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
105		{
106		$request = new ServerRequest([], [], "http://alice.com/hello", "Post");
107		$request = $request->withHeader('Origin', "http://eve.com");
108		$request = $request->withAddedHeader('Origin', "http://alice.com");
109
110		$middleware = new CsrfHeaderCheckMiddleware(IsSafeHttpMethod::fromDefaultSafeMethods());
111
112		$this->expectException(CsrfHeaderCheckMiddlewareException::class);
113		$this->expectExceptionMessage('Unexpected request: more than one ORIGIN header sent.');
114		$response = $middleware->process($request, $this->getDelegate());
		0 ignored issues – show Unused Code introduced 2017-06-08 16:21 UTC by Report Bug Copy Issue Report `$response` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
115		}
116		}
117

thecodingmachine / csrf-header-check-middleware

Pull Request — master (#1)

CsrfHeaderCheckMiddlewareTest.php$0 ➔ process() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like