Issues in JWEDecrypter.php - Failed Issues - Inspection of "Merge pull request #220 from web-token/v2.1" - web-token/jwt-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — master ( 71e756...c4ef0e )

by Florent

created 2019-10-31 23:01 UTC

src/Bundle/JoseFramework/Services/JWEDecrypter.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2019 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose\Bundle\JoseFramework\Services;

use Jose\Bundle\JoseFramework\Event\JWEDecryptionFailureEvent;
use Jose\Bundle\JoseFramework\Event\JWEDecryptionSuccessEvent;
use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use Jose\Component\Encryption\JWE;
use Jose\Component\Encryption\JWEDecrypter as BaseJWEDecrypter;
use Psr\EventDispatcher\EventDispatcherInterface;

final class JWEDecrypter extends BaseJWEDecrypter
{
    /**
     * @var EventDispatcherInterface
     */
    private $eventDispatcher;

    public function __construct(AlgorithmManager $keyEncryptionAlgorithmManager, AlgorithmManager $contentEncryptionAlgorithmManager, CompressionMethodManager $compressionMethodManager, EventDispatcherInterface $eventDispatcher)
    {
        parent::__construct($keyEncryptionAlgorithmManager, $contentEncryptionAlgorithmManager, $compressionMethodManager);
        $this->eventDispatcher = $eventDispatcher;
    }

    public function decryptUsingKeySet(JWE &$jwe, JWKSet $jwkset, int $recipient, JWK &$jwk = null, ?JWK $senderKey = null): bool
    {
        $success = parent::decryptUsingKeySet($jwe, $jwkset, $recipient, $jwk, $senderKey);
        if ($success) {
            $this->eventDispatcher->dispatch(new JWEDecryptionSuccessEvent(
                $jwe,
                $jwkset,
                $jwk,
function notNullable(stdClass $x) { }

// Unsafe
function withoutCheck(stdClass $x = null) {
    notNullable($x);
}

// Safe - Alternative 1: Adding Additional Type-Check
function withCheck(stdClass $x = null) {
    if ($x instanceof stdClass) {
        notNullable($x);
    }
}

// Safe - Alternative 2: Changing Parameter
function withNonNullableParam(stdClass $x) {
    notNullable($x);
}
                $recipient
            ));
        } else {
            $this->eventDispatcher->dispatch(new JWEDecryptionFailureEvent(
                $jwe,
                $jwkset
            ));
        }

        return $success;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2019 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace Jose\Bundle\JoseFramework\Services;
15
16			use Jose\Bundle\JoseFramework\Event\JWEDecryptionFailureEvent;
17			use Jose\Bundle\JoseFramework\Event\JWEDecryptionSuccessEvent;
18			use Jose\Component\Core\AlgorithmManager;
19			use Jose\Component\Core\JWK;
20			use Jose\Component\Core\JWKSet;
21			use Jose\Component\Encryption\Compression\CompressionMethodManager;
22			use Jose\Component\Encryption\JWE;
23			use Jose\Component\Encryption\JWEDecrypter as BaseJWEDecrypter;
24			use Psr\EventDispatcher\EventDispatcherInterface;
25
26			final class JWEDecrypter extends BaseJWEDecrypter
27			{
28			/**
29			* @var EventDispatcherInterface
30			*/
31			private $eventDispatcher;
32
33			public function __construct(AlgorithmManager $keyEncryptionAlgorithmManager, AlgorithmManager $contentEncryptionAlgorithmManager, CompressionMethodManager $compressionMethodManager, EventDispatcherInterface $eventDispatcher)
34			{
35			parent::__construct($keyEncryptionAlgorithmManager, $contentEncryptionAlgorithmManager, $compressionMethodManager);
36			$this->eventDispatcher = $eventDispatcher;
37			}
38
39			public function decryptUsingKeySet(JWE &$jwe, JWKSet $jwkset, int $recipient, JWK &$jwk = null, ?JWK $senderKey = null): bool
40			{
41			$success = parent::decryptUsingKeySet($jwe, $jwkset, $recipient, $jwk, $senderKey);
42			if ($success) {
43			$this->eventDispatcher->dispatch(new JWEDecryptionSuccessEvent(
44			$jwe,
45			$jwkset,
46			$jwk,
			0 ignored issues – show Bug introduced 2019-07-11 06:48 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$jwk` defined by parameter `$jwk` on line `39` can be `null`; however, `Jose\Bundle\JoseFramewor...essEvent::__construct()` does not accept `null`, maybe add an additional type check? It seems like you allow that null is being passed for a parameter, however the function which is called does not seem to accept null. We recommend to add an additional type check (or disallow null for the parameter): function notNullable(stdClass $x) { } // Unsafe function withoutCheck(stdClass $x = null) { notNullable($x); } // Safe - Alternative 1: Adding Additional Type-Check function withCheck(stdClass $x = null) { if ($x instanceof stdClass) { notNullable($x); } } // Safe - Alternative 2: Changing Parameter function withNonNullableParam(stdClass $x) { notNullable($x); } Loading history...
47			$recipient
48			));
49			} else {
50			$this->eventDispatcher->dispatch(new JWEDecryptionFailureEvent(
51			$jwe,
52			$jwkset
53			));
54			}
55
56			return $success;
57			}
58			}
59

web-token / jwt-framework

Push — master ( 71e756...c4ef0e )

src/Bundle/JoseFramework/Services/JWEDecrypter.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like