IPRange::matches() - Code Metrics - Inspection of "IPs can be configured to bypass signed queries #96..." - Ecodev/felix - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 5311a4...27e9db )

by Adrien

created 2023-07-24 15:43 UTC

IPRange::matches() A

↳ Parent: IPRange

Complexity

Conditions	2
Paths	2

Size

Total Lines	7
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	4
CRAP Score	2

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	3
c	1
b	0
f	0
dl	0
loc	7
ccs	4
cts	4
cp	1
rs	10
cc	2
nc	2
nop	2
crap	2

<?php

declare(strict_types=1);

namespace Ecodev\Felix\Validator;

abstract class IPRange
{
    final public static function matches(string $ip, string $cidr): bool
    {
        if (str_contains($ip, ':')) {
            return self::matchesIPv6($ip, $cidr);
        }

        return self::matchesIPv4($ip, $cidr);
    }

    private static function matchesIPv4(string $ip, string $cidr): bool
    {
        $mask = 32;
        $subnet = $cidr;

        if (str_contains($cidr, '/')) {
            [$subnet, $mask] = explode('/', $cidr, 2);
            $mask = (int) $mask;
        }

        if ($mask < 0 || $mask > 32) {
            return false;
        }

        $ip = ip2long($ip);
        $subnet = ip2long($subnet);
        if (false === $ip || false === $subnet) {
            // Invalid data
            return false;
        }

        return 0 === substr_compare(
            sprintf('%032b', $ip),
            sprintf('%032b', $subnet),
            0,
            $mask
        );
    }

    private static function matchesIPv6(string $ip, string $cidr): bool
    {
        $mask = 128;
        $subnet = $cidr;

        if (str_contains($cidr, '/')) {
            [$subnet, $mask] = explode('/', $cidr, 2);
            $mask = (int) $mask;
        }

        if ($mask < 0 || $mask > 128) {
            return false;
        }

        $ip = inet_pton($ip);
        $subnet = inet_pton($subnet);

        if (false === $ip || false === $subnet) {
            // Invalid data
            return false;
        }

        // mask 0: if it's a valid IP, it's valid
        if ($mask === 0) {
            return (bool) unpack('n*', $ip);
        }

        /** @see http://stackoverflow.com/questions/7951061/matching-ipv6-address-to-a-cidr-subnet, MW answer */
        $binMask = str_repeat('f', (int) ($mask / 4));
        switch ($mask % 4) {
            case 0:
                break;
            case 1:
                $binMask .= '8';

                break;
            case 2:
                $binMask .= 'c';

                break;
            case 3:
                $binMask .= 'e';

                break;
        }

        $binMask = str_pad($binMask, 32, '0');
        $binMask = pack('H*', $binMask);

        return ($ip & $binMask) === $subnet;

    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace Ecodev\Felix\Validator;
6
7		abstract class IPRange
8		{
9	22	final public static function matches(string $ip, string $cidr): bool
10		{
11	22	if (str_contains($ip, ':')) {
12	9	return self::matchesIPv6($ip, $cidr);
13		}
14
15	13	return self::matchesIPv4($ip, $cidr);
16		}
17
18	13	private static function matchesIPv4(string $ip, string $cidr): bool
19		{
20	13	$mask = 32;
21	13	$subnet = $cidr;
22
23	13	if (str_contains($cidr, '/')) {
24	7	[$subnet, $mask] = explode('/', $cidr, 2);
25	7	$mask = (int) $mask;
26		}
27
28	13	if ($mask < 0 \|\| $mask > 32) {
29	1	return false;
30		}
31
32	12	$ip = ip2long($ip);
33	12	$subnet = ip2long($subnet);
34	12	if (false === $ip \|\| false === $subnet) {
35		// Invalid data
36	5	return false;
37		}
38
39	7	return 0 === substr_compare(
40	7	sprintf('%032b', $ip),
41	7	sprintf('%032b', $subnet),
42		0,
43		$mask
44		);
45		}
46
47	9	private static function matchesIPv6(string $ip, string $cidr): bool
48		{
49	9	$mask = 128;
50	9	$subnet = $cidr;
51
52	9	if (str_contains($cidr, '/')) {
53	4	[$subnet, $mask] = explode('/', $cidr, 2);
54	4	$mask = (int) $mask;
55		}
56
57	9	if ($mask < 0 \|\| $mask > 128) {
58		return false;
59		}
60
61	9	$ip = inet_pton($ip);
62	9	$subnet = inet_pton($subnet);
63
64	9	if (false === $ip \|\| false === $subnet) {
65		// Invalid data
66	2	return false;
67		}
68
69		// mask 0: if it's a valid IP, it's valid
70	7	if ($mask === 0) {
71	2	return (bool) unpack('n*', $ip);
72		}
73
74		/** @see http://stackoverflow.com/questions/7951061/matching-ipv6-address-to-a-cidr-subnet, MW answer */
75	5	$binMask = str_repeat('f', (int) ($mask / 4));
76	5	switch ($mask % 4) {
77	5	case 0:
78	3	break;
79	2	case 1:
80	2	$binMask .= '8';
81
82	2	break;
83		case 2:
84		$binMask .= 'c';
85
86		break;
87		case 3:
88		$binMask .= 'e';
89
90		break;
91		}
92
93	5	$binMask = str_pad($binMask, 32, '0');
94	5	$binMask = pack('H*', $binMask);
95
96	5	return ($ip & $binMask) === $subnet;
		0 ignored issues – show Bug introduced 2023-07-24 15:47 UTC by Report Bug Copy Issue Report Are you sure you want to use the bitwise `&` or did you mean `&&`? Loading history...
97		}
98		}
99

Ecodev / felix

Push — master ( 5311a4...27e9db )

IPRange::matches() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like