SecureWebPage::addSecureScript() - Code Metrics - Inspection of "Merge pull request #8 from BurningFlipside/feature..." - BurningFlipside/SecureFramework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( f62fbf...a22572 )

unknown

created 2017-03-01 23:56 UTC

SecureWebPage::addSecureScript() A

↳ Parent: SecureWebPage

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	2
nc	1
nop	0
dl	0
loc	4
rs	10
c	0
b	0
f	0

<?php

require_once('class.FlipPage.php');
require_once('class.FlipSession.php');
require_once('class.SecurePlugin.php');

trait SecureWebPage
namespace YourVendor;

class YourClass { }
{
    protected function getSecureRoot()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $root = $_SERVER['DOCUMENT_ROOT'];
        $script_dir = dirname(__FILE__);
        $ret = substr($script_dir, strlen($root));

        if($ret === false || strlen($ret) === 0)
        {
            return '/';
        }
        else if($ret[strlen($ret)-1] !== '/')
        {
            $ret .= '/';
        }
        return $ret;
    }

    protected function addSecureCss()
    {
        $this->addCSSByURI($this->secure_root.'css/secure.css');
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }

    protected function addSecureScript()
    {
        $this->addWellKnownJS(JS_LOGIN);
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
    }

    protected function loadAndGetPlugins()
    {
        $script_dir = dirname(__FILE__);
        $plugin_files = glob($script_dir.'/*/plugin.php');
        $count = count($plugin_files);
        for($i = 0; $i < $count; $i++)
        {
            include($plugin_files[$i]);
        }
        $ret = array();
        foreach(get_declared_classes() as $class)
        {
            if(is_subclass_of($class, 'SecurePlugin'))
            {
                $ret[] = new $class();
            }
        }
        return $ret;
    }

    public function addPluginLinks($count, $plugins)
    {
        $secure_menu = array();
        for($i = 0; $i < $count; $i++)
        {
            $ret = $plugins[$i]->get_secure_menu_entries($this, $this->user);
class MyClass { }

$x = new MyClass();
$x->foo = true;
            if($ret !== false)
            {
                $ret["<hr id='hr_$i'/>"] = false;
                $secure_menu = array_merge($secure_menu, $ret);
            }
        }
        array_pop($secure_menu);
        $this->addLink('Secure', $this->secureUrl, $secure_menu);
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }
}

class SecurePage extends FlipPage
namespace YourVendor;

class YourClass { }
{
    use SecureWebPage;

    public $secure_root;
    protected $plugins;
    protected $plugin_count;

    function __construct($title)

    {
        parent::__construct($title, true);
        $this->secure_root = $this->getSecureRoot();
        $this->addSecureCss();
        $this->addSecureScript();
        $this->add_login_form();
        $this->body_tags='data-login-url="'.$this->secure_root.'api/v1/login"';
        $this->plugins = $this->loadAndGetPlugins();
        $this->plugin_count = count($this->plugins);
        $this->add_links();
    }

    function add_links()

    {
        if($this->user !== false)
        {
            $this->addPluginLinks($this->plugin_count, $this->plugins);
        }
    }

    function get_secure_child_entry_points()

    {
        $entry_points = '';
        for($i = 0; $i < $this->plugin_count; $i++)
        {
            $ret = $this->plugins[$i]->get_plugin_entry_point();
            if($ret !== false)
            {
                $entry_points .= '<li>'.$this->createLink($ret['name'],$ret['link']).'</li>';
            }
        }
        return $entry_points;
    }
}
?>



1		<?php
		0 ignored issues – show Coding Style Compatibility introduced 2016-06-14 20:03 UTC by Report Bug Copy Issue Report For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 6 and the first side effect is on line 2. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2		require_once('class.FlipPage.php');
3		require_once('class.FlipSession.php');
4		require_once('class.SecurePlugin.php');
5
6		trait SecureWebPage
		0 ignored issues – show Coding Style Compatibility introduced 2017-03-01 23:50 UTC by Report Bug Copy Issue Report Each trait must be in a namespace of at least one level (a top-level vendor name) You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
7		{
8		protected function getSecureRoot()
		0 ignored issues – show Coding Style introduced 2017-03-01 23:50 UTC by Report Bug Copy Issue Report `getSecureRoot` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
9		{
10		$root = $_SERVER['DOCUMENT_ROOT'];
11		$script_dir = dirname(__FILE__);
12		$ret = substr($script_dir, strlen($root));
13
14		if($ret === false \|\| strlen($ret) === 0)
15		{
16		return '/';
17		}
18		else if($ret[strlen($ret)-1] !== '/')
19		{
20		$ret .= '/';
21		}
22		return $ret;
23		}
24
25		protected function addSecureCss()
26		{
27		$this->addCSSByURI($this->secure_root.'css/secure.css');
		0 ignored issues – show Bug introduced 2017-03-01 23:50 UTC by Report Bug Copy Issue Report The property `secure_root` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history... Bug introduced 2017-03-01 23:50 UTC by Report Bug Copy Issue Report It seems like `addCSSByURI()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
28		}
29
30		protected function addSecureScript()
31		{
32		$this->addWellKnownJS(JS_LOGIN);
		0 ignored issues – show Bug introduced 2017-03-01 23:50 UTC by Report Bug Copy Issue Report It seems like `addWellKnownJS()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
33		}
34
35		protected function loadAndGetPlugins()
36		{
37		$script_dir = dirname(__FILE__);
38		$plugin_files = glob($script_dir.'/*/plugin.php');
39		$count = count($plugin_files);
40		for($i = 0; $i < $count; $i++)
41		{
42		include($plugin_files[$i]);
43		}
44		$ret = array();
45		foreach(get_declared_classes() as $class)
46		{
47		if(is_subclass_of($class, 'SecurePlugin'))
48		{
49		$ret[] = new $class();
50		}
51		}
52		return $ret;
53		}
54
55		public function addPluginLinks($count, $plugins)
56		{
57		$secure_menu = array();
58		for($i = 0; $i < $count; $i++)
59		{
60		$ret = $plugins[$i]->get_secure_menu_entries($this, $this->user);
		0 ignored issues – show Bug introduced 2017-03-01 23:50 UTC by Report Bug Copy Issue Report The property `user` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
61		if($ret !== false)
62		{
63		$ret["<hr id='hr_$i'/>"] = false;
64		$secure_menu = array_merge($secure_menu, $ret);
65		}
66		}
67		array_pop($secure_menu);
68		$this->addLink('Secure', $this->secureUrl, $secure_menu);
		0 ignored issues – show Bug introduced 2017-03-01 23:27 UTC by Report Bug Copy Issue Report The property `secureUrl` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history... Bug introduced 2017-03-01 23:50 UTC by Report Bug Copy Issue Report It seems like `addLink()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
69		}
70		}
71
72		class SecurePage extends FlipPage
		0 ignored issues – show Coding Style Compatibility introduced 2016-06-14 20:03 UTC by Report Bug Copy Issue Report PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history... Coding Style Compatibility introduced 2017-03-01 23:50 UTC by Report Bug Copy Issue Report Each trait must be in a file by itself Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history...
73		{
74		use SecureWebPage;
75
76		public $secure_root;
77		protected $plugins;
78		protected $plugin_count;
79
80	View Code Duplication	function __construct($title)
		0 ignored issues – show Best Practice introduced 2016-06-14 20:03 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history... Duplication introduced 2017-03-01 23:50 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
81		{
82		parent::__construct($title, true);
83		$this->secure_root = $this->getSecureRoot();
84		$this->addSecureCss();
85		$this->addSecureScript();
86		$this->add_login_form();
87		$this->body_tags='data-login-url="'.$this->secure_root.'api/v1/login"';
88		$this->plugins = $this->loadAndGetPlugins();
89		$this->plugin_count = count($this->plugins);
90		$this->add_links();
91		}
92
93		function add_links()
		0 ignored issues – show Best Practice introduced 2016-06-14 20:03 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
94		{
95		if($this->user !== false)
96		{
97		$this->addPluginLinks($this->plugin_count, $this->plugins);
98		}
99		}
100
101		function get_secure_child_entry_points()
		0 ignored issues – show Best Practice introduced 2016-06-14 20:03 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
102		{
103		$entry_points = '';
104		for($i = 0; $i < $this->plugin_count; $i++)
105		{
106		$ret = $this->plugins[$i]->get_plugin_entry_point();
107		if($ret !== false)
108		{
109		$entry_points .= '<li>'.$this->createLink($ret['name'],$ret['link']).'</li>';
110		}
111		}
112		return $entry_points;
113		}
114		}
115		?>
		0 ignored issues – show Best Practice introduced 2016-06-14 20:03 UTC by Report Bug Copy Issue Report It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...
116

BurningFlipside / SecureFramework

Push — master ( f62fbf...a22572 )

SecureWebPage::addSecureScript() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like