exit() and die() functions should be avoided

  • Major
  • Bugrisk

More information: https://insight.symfony.com/what-we-analyse/php.use_exit_function

in src/SAML2/SOAP.php, line 74
  1. $xml = $this->getOutputToSend($message);
  2. Utils::getContainer()->debugMessage($xml, 'out');
  3. echo $xml;
  4. exit(0);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Boy Baukema
  5. }
  6. /**
  7. * Receive a SAML 2 message sent using the HTTP-POST binding.
  8. *

Source code should not contain TODO comments

  • Minor
  • Architecture

More information: https://insight.symfony.com/what-we-analyse/task_todo_comment

in src/SAML2/SOAP.php, line 41
  1. $response = new ECPResponse;
  2. $response->setAssertionConsumerServiceURL($this->getDestination() ?: $message->getDestination());
  3. $response->toXML($header);
  4. // TODO We SHOULD add ecp:RequestAuthenticated SOAP header if we

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by John Maguire
  5. // authenticated the AuthnRequest. It may make sense to have a
  6. // standardized way for Message objects to contain (optional) SOAP
  7. // headers for use with the SOAP binding.
  8. //
  9. // https://docs.oasis-open.org/security/saml/Post2.0/saml-ecp/v2.0/cs01/saml-ecp-v2.0-cs01.html#_Toc366664733

Code should not be duplicated

  • Minor
  • Architecture

More information: https://insight.symfony.com/what-we-analyse/php.duplicated_code

  1. */
  2. public function encryptNameId(XMLSecurityKey $key)
  3. {
  4. /* First create an XML representation of the NameID. */
  5. $doc = DOMDocumentFactory::create();
  6. $root = $doc->createElement('root');

    The next 48 lines appear both in src/SAML2/Assertion.php:752 and src/SAML2/AuthnRequest.php:658.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Boy Baukema
  7. $doc->appendChild($root);
  8. $this->nameId->toXML($root);
  9. $nameId = $root->firstChild;
  10. Utils::getContainer()->debugMessage($nameId, 'encrypt');

PHPUnit should be able to run all PHP tests 72

  • Minor
  • Bugrisk

More information: https://insight.symfony.com/what-we-analyse/php.neglected_tests

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

This file is not included in any of the tests suites present in the source code (tools/phpunit/phpunit.xml).

Time to fix: about 1 hour
Open Issue Permalink
Collective

Boolean property should not be prefixed by "is" 9

  • Minor
  • Codestyle

More information: https://insight.symfony.com/what-we-analyse/php.bad_mutator_method_name_for_boolean_property

  1. /**
  2. * Retrieve the value of the IsPassive attribute.
  3. *
  4. * @return bool The IsPassive attribute.
  5. */
  6. public function getIsPassive()

    Boolean property accessor should not be setIsXXX nor getIsXXX but setXXX and isXXX.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Boy Baukema
  7. {
  8. return $this->isPassive;
  9. }
  1. /**
  2. * Set the value of the IsPassive attribute.
  3. *
  4. * @param bool $isPassive The IsPassive attribute.
  5. */
  6. public function setIsPassive(bool $isPassive)

    Boolean property accessor should not be setIsXXX nor getIsXXX but setXXX and isXXX.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Tim van Dijen
  7. {
  8. $this->isPassive = $isPassive;
  9. }
  10. /**
  1. /**
  2. * Collect the value of the isDefault-property
  3. * @return boolean|null
  4. */
  5. public function getIsDefault()

    Boolean property accessor should not be setIsXXX nor getIsXXX but setXXX and isXXX.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Tim van Dijen
  6. {
  7. return $this->isDefault;
  8. }
  9. /**
  1. /**
  2. * Set the value of the isDefault-property
  3. * @param boolean|null $flag
  4. */
  5. public function setIsDefault(bool $flag = null)

    Boolean property accessor should not be setIsXXX nor getIsXXX but setXXX and isXXX.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Tim van Dijen
  6. {
  7. $this->isDefault = $flag;
  8. }
  9. /**
  1. /**
  2. * Collect the value of the isDefault-property
  3. * @return bool|null
  4. */
  5. public function getIsDefault()

    Boolean property accessor should not be setIsXXX nor getIsXXX but setXXX and isXXX.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Tim van Dijen
  6. {
  7. return $this->isDefault;
  8. }
  9. /**
  1. /**
  2. * Set the value of the isDefault-property
  3. * @param bool|null $flag
  4. */
  5. public function setIsDefault(bool $flag = null)

    Boolean property accessor should not be setIsXXX nor getIsXXX but setXXX and isXXX.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Tim van Dijen
  6. {
  7. $this->isDefault = $flag;
  8. }
  1. /**
  2. * Collect the value of the isRequired-property
  3. * @return bool|null
  4. */
  5. public function getIsRequired()

    Boolean property accessor should not be setIsXXX nor getIsXXX but setXXX and isXXX.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Tim van Dijen
  6. {
  7. return $this->isRequired;
  8. }
  9. /**
  1. /**
  2. * Set the value of the isRequired-property
  3. * @param boolean|null $flag
  4. */
  5. public function setIsRequired(bool $flag = null)

    Boolean property accessor should not be setIsXXX nor getIsXXX but setXXX and isXXX.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Tim van Dijen
  6. {
  7. $this->isRequired = $flag;
  8. }
  9. /**
  1. /**
  2. * Set the value of the regexp-property
  3. * @param bool $regexp
  4. */
  5. public function setIsRegexpScope(bool $regexp)

    Boolean property accessor should not be setIsXXX nor getIsXXX but setXXX and isXXX.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Tim van Dijen
  6. {
  7. $this->regexp = $regexp;
  8. }
  9. /**

Unused method, property, variable or parameter 4

  • Minor
  • Deadcode

More information: https://insight.symfony.com/what-we-analyse/php.unused_local_variable_or_private_member

  1. private $debugMessages = [];
  2. /**
  3. * @var string
  4. */
  5. private $redirectUrl;

    This redirectUrl attribute is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Boy Baukema
  6. /**
  7. * @var array
  8. */
  9. private $redirectData;
  1. private $redirectUrl;
  2. /**
  3. * @var array
  4. */
  5. private $redirectData;

    This redirectData attribute is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Boy Baukema
  6. /**
  7. * @var string
  8. */
  9. private $postRedirectUrl;
  1. private $redirectData;
  2. /**
  3. * @var string
  4. */
  5. private $postRedirectUrl;

    This postRedirectUrl attribute is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Boy Baukema
  6. /**
  7. * @var array
  8. */
  9. private $postRedirectData;
  1. private $postRedirectUrl;
  2. /**
  3. * @var array
  4. */
  5. private $postRedirectData;

    This postRedirectData attribute is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Boy Baukema
  6. /**
  7. * Get a PSR-3 compatible logger.
  8. * @return \Psr\Log\LoggerInterface
  9. */

Interfaces names should end with "Interface" 11

  • Info
  • Codestyle

More information: https://insight.symfony.com/what-we-analyse/php.interface_has_no_interface_suffix

  1. namespace SAML2\Assertion\Transformer;
  2. use SAML2\Assertion;
  3. interface Transformer

    Interface Transformer should be named TransformerInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  4. {
  5. /**
  6. * @param \SAML2\Assertion $assertion
  7. *
  8. * @return \SAML2\Assertion
  1. namespace SAML2\Assertion\Validation;
  2. use SAML2\Assertion;
  3. interface AssertionConstraintValidator

    Interface AssertionConstraintValidator should be named AssertionConstraintValidatorInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  4. {
  5. public function validate(Assertion $assertion, Result $result);
  6. }
  1. namespace SAML2\Assertion\Validation;
  2. use SAML2\XML\saml\SubjectConfirmation;
  3. interface SubjectConfirmationConstraintValidator

    Interface SubjectConfirmationConstraintValidator should be named SubjectConfirmationConstraintValidatorInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  4. {
  5. public function validate(
  6. SubjectConfirmation $subjectConfirmation,
  7. Result $result
  8. );
  1. namespace SAML2\Configuration;
  2. /**
  3. * CertificateProvider interface.
  4. */
  5. interface CertificateProvider extends Queryable

    Interface CertificateProvider should be named CertificateProviderInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  6. {
  7. /**
  8. * Returns an array or \Traversable of keys, where each element represents a configured key.
  9. * A configured key itself is an array or object implementing ArrayAccess where the array key/property is the
  10. * configuration key and the value is the configured value.
  1. declare(strict_types=1);
  2. namespace SAML2\Configuration;
  3. interface DecryptionProvider

    Interface DecryptionProvider should be named DecryptionProviderInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  4. {
  5. /**
  6. * @return null|bool
  7. */
  8. public function isAssertionEncryptionRequired();
  1. namespace SAML2\Configuration;
  2. /**
  3. * Interface \SAML2\Configuration\EntityIdProvider
  4. */
  5. interface EntityIdProvider

    Interface EntityIdProvider should be named EntityIdProviderInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  6. {
  7. /**
  8. * @return null|string
  9. */
  10. public function getEntityId();
  1. namespace SAML2\Configuration;
  2. /**
  3. * Interface for triggering setter injection
  4. */
  5. interface IdentityProviderAware

    Interface IdentityProviderAware should be named IdentityProviderAwareInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  6. {
  7. public function setIdentityProvider(IdentityProvider $identityProvider);
  8. }
  1. namespace SAML2\Configuration;
  2. /**
  3. * Interface for triggering setter injection
  4. */
  5. interface ServiceProviderAware

    Interface ServiceProviderAware should be named ServiceProviderAwareInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  6. {
  7. public function setServiceProvider(ServiceProvider $serviceProvider);
  8. }
  1. namespace SAML2\Response\Validation;
  2. use SAML2\Response;
  3. interface ConstraintValidator

    Interface ConstraintValidator should be named ConstraintValidatorInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  4. {
  5. public function validate(Response $response, Result $result);
  6. }
  1. /**
  2. * Interface \SAML2\Validator\Responsible
  3. *
  4. * should be renamed.
  5. */
  6. interface ChainedValidator extends ValidatorInterface

    Interface ChainedValidator should be named ChainedValidatorInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  7. {
  8. /**
  9. * Test whether or not this link in the chain can validate the signedElement signature.
  10. *
  11. * @param \SAML2\SignedElement $signedElement
  1. declare(strict_types=1);
  2. namespace SAML2\Utilities;
  3. interface Collection extends \ArrayAccess, \Countable, \IteratorAggregate

    Interface Collection should be named CollectionInterface for better clarity.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Charles Bell
  4. {
  5. /**
  6. * Add an element to the collection
  7. *
  8. * @param $element