Issues in JWSVerifier.php - Failed Issues - Inspection of "Merge pull request #220 from web-token/v2.1" - web-token/jwt-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — master ( 71e756...c4ef0e )

by Florent

created 2019-10-31 23:01 UTC

src/Bundle/JoseFramework/Services/JWSVerifier.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2019 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace Jose\Bundle\JoseFramework\Services;

use Jose\Bundle\JoseFramework\Event\JWSVerificationFailureEvent;
use Jose\Bundle\JoseFramework\Event\JWSVerificationSuccessEvent;
use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
use Jose\Component\Signature\JWS;
use Jose\Component\Signature\JWSVerifier as BaseJWSVerifier;
use Psr\EventDispatcher\EventDispatcherInterface;

final class JWSVerifier extends BaseJWSVerifier
{
    /**
     * @var EventDispatcherInterface
     */
    private $eventDispatcher;

    public function __construct(AlgorithmManager $signatureAlgorithmManager, EventDispatcherInterface $eventDispatcher)
    {
        parent::__construct($signatureAlgorithmManager);
        $this->eventDispatcher = $eventDispatcher;
    }

    public function verifyWithKeySet(JWS $jws, JWKSet $jwkset, int $signatureIndex, ?string $detachedPayload = null, JWK &$jwk = null): bool
    {
        $success = parent::verifyWithKeySet($jws, $jwkset, $signatureIndex, $detachedPayload, $jwk);
        if ($success) {
            $this->eventDispatcher->dispatch(new JWSVerificationSuccessEvent(
                $jws,
                $jwkset,
                $signatureIndex,
                $detachedPayload,
                $jwk
function notNullable(stdClass $x) { }

// Unsafe
function withoutCheck(stdClass $x = null) {
    notNullable($x);
}

// Safe - Alternative 1: Adding Additional Type-Check
function withCheck(stdClass $x = null) {
    if ($x instanceof stdClass) {
        notNullable($x);
    }
}

// Safe - Alternative 2: Changing Parameter
function withNonNullableParam(stdClass $x) {
    notNullable($x);
}
            ));
        } else {
            $this->eventDispatcher->dispatch(new JWSVerificationFailureEvent(
                $jws,
                $jwkset,
                $detachedPayload
            ));
        }

        return $success;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2019 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace Jose\Bundle\JoseFramework\Services;
15
16			use Jose\Bundle\JoseFramework\Event\JWSVerificationFailureEvent;
17			use Jose\Bundle\JoseFramework\Event\JWSVerificationSuccessEvent;
18			use Jose\Component\Core\AlgorithmManager;
19			use Jose\Component\Core\JWK;
20			use Jose\Component\Core\JWKSet;
21			use Jose\Component\Signature\JWS;
22			use Jose\Component\Signature\JWSVerifier as BaseJWSVerifier;
23			use Psr\EventDispatcher\EventDispatcherInterface;
24
25			final class JWSVerifier extends BaseJWSVerifier
26			{
27			/**
28			* @var EventDispatcherInterface
29			*/
30			private $eventDispatcher;
31
32			public function __construct(AlgorithmManager $signatureAlgorithmManager, EventDispatcherInterface $eventDispatcher)
33			{
34			parent::__construct($signatureAlgorithmManager);
35			$this->eventDispatcher = $eventDispatcher;
36			}
37
38			public function verifyWithKeySet(JWS $jws, JWKSet $jwkset, int $signatureIndex, ?string $detachedPayload = null, JWK &$jwk = null): bool
39			{
40			$success = parent::verifyWithKeySet($jws, $jwkset, $signatureIndex, $detachedPayload, $jwk);
41			if ($success) {
42			$this->eventDispatcher->dispatch(new JWSVerificationSuccessEvent(
43			$jws,
44			$jwkset,
45			$signatureIndex,
46			$detachedPayload,
47			$jwk
			0 ignored issues – show Bug introduced 2019-07-11 06:48 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$jwk` defined by parameter `$jwk` on line `38` can be `null`; however, `Jose\Bundle\JoseFramewor...essEvent::__construct()` does not accept `null`, maybe add an additional type check? It seems like you allow that null is being passed for a parameter, however the function which is called does not seem to accept null. We recommend to add an additional type check (or disallow null for the parameter): function notNullable(stdClass $x) { } // Unsafe function withoutCheck(stdClass $x = null) { notNullable($x); } // Safe - Alternative 1: Adding Additional Type-Check function withCheck(stdClass $x = null) { if ($x instanceof stdClass) { notNullable($x); } } // Safe - Alternative 2: Changing Parameter function withNonNullableParam(stdClass $x) { notNullable($x); } Loading history...
48			));
49			} else {
50			$this->eventDispatcher->dispatch(new JWSVerificationFailureEvent(
51			$jws,
52			$jwkset,
53			$detachedPayload
54			));
55			}
56
57			return $success;
58			}
59			}
60

web-token / jwt-framework

Push — master ( 71e756...c4ef0e )

src/Bundle/JoseFramework/Services/JWSVerifier.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like