for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2019 Spomky-Labs
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Signature\Serializer;
use Base64Url\Base64Url;
use InvalidArgumentException;
use Jose\Component\Core\Util\JsonConverter;
use Jose\Component\Signature\JWS;
final class JSONFlattenedSerializer extends Serializer
{
public const NAME = 'jws_json_flattened';
public function displayName(): string
return 'JWS JSON Flattened';
}
public function name(): string
return self::NAME;
public function serialize(JWS $jws, ?int $signatureIndex = null): string
if (null === $signatureIndex) {
$signatureIndex = 0;
$signature = $jws->getSignature($signatureIndex);
$data = [];
$values = [
$values
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
$myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; }
Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.
$myVar
$higher
'payload' => $jws->getEncodedPayload(),
'protected' => $signature->getEncodedProtectedHeader(),
'header' => $signature->getHeader(),
];
$encodedPayload = $jws->getEncodedPayload();
if (null !== $encodedPayload && '' !== $encodedPayload) {
$data['payload'] = $encodedPayload;
$encodedProtectedHeader = $signature->getEncodedProtectedHeader();
if (null !== $encodedProtectedHeader && '' !== $encodedProtectedHeader) {
$data['protected'] = $encodedProtectedHeader;
$header = $signature->getHeader();
if (0 !== \count($header)) {
$data['header'] = $header;
$data['signature'] = Base64Url::encode($signature->getSignature());
return JsonConverter::encode($data);
public function unserialize(string $input): JWS
$data = JsonConverter::decode($input);
if (!\is_array($data)) {
throw new InvalidArgumentException('Unsupported input.');
if (!isset($data['signature'])) {
$signature = Base64Url::decode($data['signature']);
if (isset($data['protected'])) {
$encodedProtectedHeader = $data['protected'];
$protectedHeader = JsonConverter::decode(Base64Url::decode($data['protected']));
} else {
$encodedProtectedHeader = null;
$protectedHeader = [];
if (isset($data['header'])) {
if (!\is_array($data['header'])) {
throw new InvalidArgumentException('Bad header.');
$header = $data['header'];
$header = [];
if (isset($data['payload'])) {
$encodedPayload = $data['payload'];
$payload = $this->isPayloadEncoded($protectedHeader) ? Base64Url::decode($encodedPayload) : $encodedPayload;
$payload = null;
$encodedPayload = null;
$jws = new JWS($payload, $encodedPayload, null === $encodedPayload);
return $jws->addSignature($signature, $protectedHeader, $encodedProtectedHeader, $header);
web-token /
jwt-framework
Spomky
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
Both the
$myVarassignment in line 1 and the$higherassignment in line 2 are dead. The first because$myVaris never used and the second because$higheris always overwritten for every possible time line.