SuperSakeChecker::checkWebConfigProtection() - Code Metrics - Inspection of "Add MakeTestCommand fixes #3" - axyr/silverstripe-console - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8dfa1d...e5ceef )

by Martijn van

created 2016-04-17 18:45 UTC

SuperSakeChecker::checkWebConfigProtection() A

↳ Parent: SuperSakeChecker

Complexity

Conditions	3
Paths	2

Size

Total Lines	10
Code Lines	5

Duplication

Lines	10
Ratio	100 %

Importance

Changes	1
Bugs	1	Features	1

Metric	Value
c	1
b	1
f	1
dl	10
loc	10
rs	9.4285
cc	3
eloc	5
nc	2
nop	0

<?php


class SuperSakeChecker
namespace YourVendor;

class YourClass { }
{

    /**
     * Checks if the supersake file in webroot is protected with htaccess or web.config
     */
    public function superSakeIsNotProtected()
    {
        if($this->isApache()) {
            return $this->checkHtAccessProtection();
        }

        if($this->isIIS()) {
            return $this->checkWebConfigProtection();
        }

        return 'unknown server. please make sure the supersake has no direct access';
    }

    /**
     * @return bool|string
     */
    protected function checkHtAccessProtection()

    {
        $file = BASE_PATH . '/.htaccess';

        if(!is_file($file) || strpos(file_get_contents($file), '<Files supersake>') !== false) {
            return 'supersake is not protected in .htaccess';
        }

        return false;
    }

    /**
     * @return bool|string
     */
    protected function checkWebConfigProtection()

    {
        $file = BASE_PATH . '/web.config';

        if(!is_file($file) || strpos(file_get_contents($file), '<add fileExtension="supersake" allowed="false"/>') !== false) {
            return 'supersake is not protected in web.config';
        }

        return false;
    }

    /**
     * Check if the web server is IIS and version greater than the given version.
     * @return boolean
     */
    public function isIIS($fromVersion = 7) {
        if(strpos($this->findWebserver(), 'IIS/') === false) {
            return false;
        }
        return substr(strstr($this->findWebserver(), '/'), -3, 1) >= $fromVersion;
    }

    /**
     * @return bool
     */
    public function isApache() {
        if(strpos($this->findWebserver(), 'Apache') !== false) {

            return true;
        } else {
            return false;
        }
    }

    /**
     * Find the webserver software running on the PHP host.
     * @return string|boolean Server software or boolean FALSE
     */
    public function findWebserver() {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
        // Try finding from SERVER_SIGNATURE or SERVER_SOFTWARE
        if(!empty($_SERVER['SERVER_SIGNATURE'])) {
            $webserver = $_SERVER['SERVER_SIGNATURE'];
        } elseif(!empty($_SERVER['SERVER_SOFTWARE'])) {
            $webserver = $_SERVER['SERVER_SOFTWARE'];
        } else {
            return false;
        }

        return strip_tags(trim($webserver));
    }
}


1		<?php
2
3
4		class SuperSakeChecker
		0 ignored issues – show Coding Style Compatibility introduced 2016-04-17 18:47 UTC by Report Bug Copy Issue Report PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
5		{
6
7		/**
8		* Checks if the supersake file in webroot is protected with htaccess or web.config
9		*/
10		public function superSakeIsNotProtected()
11		{
12		if($this->isApache()) {
13		return $this->checkHtAccessProtection();
14		}
15
16		if($this->isIIS()) {
17		return $this->checkWebConfigProtection();
18		}
19
20		return 'unknown server. please make sure the supersake has no direct access';
21		}
22
23		/**
24		* @return bool\|string
25		*/
26	View Code Duplication	protected function checkHtAccessProtection()
		1 ignored issue – show Duplication introduced 2016-04-17 18:47 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
27		{
28		$file = BASE_PATH . '/.htaccess';
29
30		if(!is_file($file) \|\| strpos(file_get_contents($file), '<Files supersake>') !== false) {
31		return 'supersake is not protected in .htaccess';
32		}
33
34		return false;
35		}
36
37		/**
38		* @return bool\|string
39		*/
40	View Code Duplication	protected function checkWebConfigProtection()
		1 ignored issue – show Duplication introduced 2016-04-17 18:47 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
41		{
42		$file = BASE_PATH . '/web.config';
43
44		if(!is_file($file) \|\| strpos(file_get_contents($file), '<add fileExtension="supersake" allowed="false"/>') !== false) {
45		return 'supersake is not protected in web.config';
46		}
47
48		return false;
49		}
50
51		/**
52		* Check if the web server is IIS and version greater than the given version.
53		* @return boolean
54		*/
55		public function isIIS($fromVersion = 7) {
56		if(strpos($this->findWebserver(), 'IIS/') === false) {
57		return false;
58		}
59		return substr(strstr($this->findWebserver(), '/'), -3, 1) >= $fromVersion;
60		}
61
62		/**
63		* @return bool
64		*/
65		public function isApache() {
66		if(strpos($this->findWebserver(), 'Apache') !== false) {
		0 ignored issues – show Coding Style introduced 2016-04-17 18:47 UTC by Report Bug Copy Issue Report The `if`-`else` statement can be simplified to `return strpos($this->fin...), 'Apache') !== false;`. Loading history...
67		return true;
68		} else {
69		return false;
70		}
71		}
72
73		/**
74		* Find the webserver software running on the PHP host.
75		* @return string\|boolean Server software or boolean FALSE
76		*/
77		public function findWebserver() {
		0 ignored issues – show Coding Style introduced 2016-04-17 18:47 UTC by Report Bug Copy Issue Report `findWebserver` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
78		// Try finding from SERVER_SIGNATURE or SERVER_SOFTWARE
79		if(!empty($_SERVER['SERVER_SIGNATURE'])) {
80		$webserver = $_SERVER['SERVER_SIGNATURE'];
81		} elseif(!empty($_SERVER['SERVER_SOFTWARE'])) {
82		$webserver = $_SERVER['SERVER_SOFTWARE'];
83		} else {
84		return false;
85		}
86
87		return strip_tags(trim($webserver));
88		}
89		}
90

axyr / silverstripe-console

Push — master ( 8dfa1d...e5ceef )

SuperSakeChecker::checkWebConfigProtection() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like