Secure - Code Metrics - Inspection of "Helpers : Secure and Http : Add method to check ma..." - bfw-systems/bfw - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 3.0 ( c52ac9...9f183d )

by Vermeulen

created 2018-04-09 10:53 UTC

Secure A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	221
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	2

Importance

Changes

Metric	Value
wmc	26
c	0
b	0
f	0
lcom	0
cbo	2
dl	0
loc	221
rs	10

6 Methods

Rating	Name	Size	Complexity
A	hash()	4	1
B	securiseKnownTypes()	20	9
C	securise()	39	7
A	getSqlSecureMethod()	11	2
A	getSecurisedKeyInArray()	20	2
B	getSecurisedManyKeys()	38	5

<?php

namespace BFW\Helpers;

use \Exception;

/**
 * Helpers to securize data
 */
class Secure
{
    /**
     * @const ERR_SECURE_UNKNOWN_TYPE Exception code if the data into the
     * method secure() is not a predefined type.
     */
    const ERR_SECURE_UNKNOWN_TYPE = 1207001;
    
    /**
     * @const ERR_SECURE_ARRAY_KEY_NOT_EXIST If the asked key not exist into
     * the array to secure.
     */
    const ERR_SECURE_ARRAY_KEY_NOT_EXIST = 1207002;
    
    /**
     * @const ERR_OBTAIN_KEY Exception code if the key asked not exist
     */
    const ERR_OBTAIN_KEY = 1207003;
    
    /**
     * Hash a string
     * 
     * @param string $val String to hash
     * 
     * @return string
     */
    public static function hash($val)
    {
        return hash('sha256', md5($val));
    }

    /**
     * Securize a string for some types with filter_var function.
     * 
     * @param mixed $data String to securize
     * @param string $type Type of filter
     * 
     * @return mixed
     * 
     * @throws Exception If the type is unknown
     */
    public static function securiseKnownTypes($data, $type)
    {
        $filterType = 'text';

        if ($type === 'int' || $type === 'integer') {
            $filterType = FILTER_VALIDATE_INT;
        } elseif ($type === 'float' || $type === 'double') {
            $filterType = FILTER_VALIDATE_FLOAT;
        } elseif ($type === 'bool' || $type === 'boolean') {
            $filterType = FILTER_VALIDATE_BOOLEAN;
        } elseif ($type === 'email') {
            $filterType = FILTER_VALIDATE_EMAIL;
        }

        if ($filterType === 'text') {
            throw new Exception('Unknown type', self::ERR_SECURE_UNKNOWN_TYPE);
        }

        return filter_var($data, $filterType);
    }

    /**
     * Securise a variable
     * 
     * @param mixed $data The variable to securise
     * @param string $type The type of datas
     * @param boolean $htmlentities If use htmlentities function
     *  to a better security
     * 
     * @return mixed
     * 
     * @throws Exception If an error with a type of data
     */
    public static function securise($data, $type, $htmlentities)
    {
        $currentClass = get_called_class();
        
        if (is_array($data)) {
            foreach ($data as $key => $val) {
                unset($data[$key]);

                $key = $currentClass::securise($key, gettype($key), true);
                $val = $currentClass::securise($val, $type, $htmlentities);

                $data[$key] = $val;
            }

            return $data;
        }

        try {
            return $currentClass::securiseKnownTypes($data, $type);
        } catch (Exception $ex) {
            if ($ex->getCode() !== self::ERR_SECURE_UNKNOWN_TYPE) {
                throw new Exception($ex->getCode(), $ex->getMessage());
            }
            //Else : Use securise text type
        }

        $sqlSecureMethod = $currentClass::getSqlSecureMethod();
        if ($sqlSecureMethod !== false) {
            $data = $sqlSecureMethod($data);
        } else {
            $data = addslashes($data);
        }

        if ($htmlentities === true) {
            $data = htmlentities($data, ENT_COMPAT | ENT_HTML401);
        }

        return $data;
    }

    /**
     * Get the sqlSecure function declared in bfw config file
     * 
     * @return boolean|string
     */
    public static function getSqlSecureMethod()
    {
        $app       = \BFW\Application::getInstance();
        $secureFct = $app->getConfig()->getValue('sqlSecureMethod');

        if (!is_callable($secureFct, false)) {
            return false;
        }

        return $secureFct;
    }

    /**
     * Securise the value of an array key for a declared type.
     * 
     * @param array &$array The array where is the key
     * @param string $key The key where is the value to securize
     * @param string $type The type of data
     * @param boolean $htmlentities (default: false) If use htmlentities
     *  function to a better security
     * 
     * @return mixed
     * 
     * @throws Exception If the key not exist in array
     */
    public static function getSecurisedKeyInArray(
        &$array,
        $key,
        $type,
        $htmlentities = false
    ) {
        if (!isset($array[$key])) {
            throw new Exception(
                'The key '.$key.' not exist',
                self::ERR_SECURE_ARRAY_KEY_NOT_EXIST
            );
        }

        $currentClass = get_called_class();
        return $currentClass::securise(
            trim($array[$key]),
            $type,
            $htmlentities
        );
    }
    
    /**
     * Obtain many key from an array in one time
     * 
     * @param array &$arraySrc The source array
     * @param array $keysList The key list to obtain.
     *  For each item, the key is the name of the key in source array; And the
     *  value the type of the value. The value can also be an object. In this
     *  case, the properties "type" contain the value type, and the "htmlenties"
     *  property contain the boolean who indicate if secure system 
     *  will use htmlentities.
     * @param boolean $throwOnError (defaut true) If a key not exist, throw an
     *  exception. If false, the value will be null into returned array
     * 
     * @return array
     * 
     * @throws Exception If a key is not found and if $throwOnError is true
     */
    public static function getSecurisedManyKeys(
        &$arraySrc,
        $keysList,
        $throwOnError = true
    ) {
        $currentClass = get_called_class();
        $result       = [];
        
        foreach ($keysList as $keyName => $infos) {
            if (!is_object($infos)) {
                $infos = (object) [
                    'type'         => $infos,
                    'htmlentities' => false
                ];
            }
            
            try {
                $result[$keyName] = $currentClass::getSecurisedKeyInArray(
                    $arraySrc,
                    $keyName,
                    $infos->type,
                    $infos->htmlentities
                );
            } catch (Exception $ex) {
                if ($throwOnError === true) {
                    throw new Exception(
                        'Error to obtain the key '.$keyName,
                        self::ERR_OBTAIN_KEY,
                        $ex
                    );
                } else {
                    $result[$keyName] = null;
                }
            }
        }
        
        return $result;
    }
}


1			<?php
2
3			namespace BFW\Helpers;
4
5			use \Exception;
6
7			/**
8			* Helpers to securize data
9			*/
10			class Secure
11			{
12			/**
13			* @const ERR_SECURE_UNKNOWN_TYPE Exception code if the data into the
14			* method secure() is not a predefined type.
15			*/
16			const ERR_SECURE_UNKNOWN_TYPE = 1207001;
17
18			/**
19			* @const ERR_SECURE_ARRAY_KEY_NOT_EXIST If the asked key not exist into
20			* the array to secure.
21			*/
22			const ERR_SECURE_ARRAY_KEY_NOT_EXIST = 1207002;
23
24			/**
25			* @const ERR_OBTAIN_KEY Exception code if the key asked not exist
26			*/
27			const ERR_OBTAIN_KEY = 1207003;
28
29			/**
30			* Hash a string
31			*
32			* @param string $val String to hash
33			*
34			* @return string
35			*/
36			public static function hash($val)
37			{
38			return hash('sha256', md5($val));
39			}
40
41			/**
42			* Securize a string for some types with filter_var function.
43			*
44			* @param mixed $data String to securize
45			* @param string $type Type of filter
46			*
47			* @return mixed
48			*
49			* @throws Exception If the type is unknown
50			*/
51			public static function securiseKnownTypes($data, $type)
52			{
53			$filterType = 'text';
54
55			if ($type === 'int' \|\| $type === 'integer') {
56			$filterType = FILTER_VALIDATE_INT;
57			} elseif ($type === 'float' \|\| $type === 'double') {
58			$filterType = FILTER_VALIDATE_FLOAT;
59			} elseif ($type === 'bool' \|\| $type === 'boolean') {
60			$filterType = FILTER_VALIDATE_BOOLEAN;
61			} elseif ($type === 'email') {
62			$filterType = FILTER_VALIDATE_EMAIL;
63			}
64
65			if ($filterType === 'text') {
66			throw new Exception('Unknown type', self::ERR_SECURE_UNKNOWN_TYPE);
67			}
68
69			return filter_var($data, $filterType);
70			}
71
72			/**
73			* Securise a variable
74			*
75			* @param mixed $data The variable to securise
76			* @param string $type The type of datas
77			* @param boolean $htmlentities If use htmlentities function
78			* to a better security
79			*
80			* @return mixed
81			*
82			* @throws Exception If an error with a type of data
83			*/
84			public static function securise($data, $type, $htmlentities)
85			{
86			$currentClass = get_called_class();
87
88			if (is_array($data)) {
89			foreach ($data as $key => $val) {
90			unset($data[$key]);
91
92			$key = $currentClass::securise($key, gettype($key), true);
93			$val = $currentClass::securise($val, $type, $htmlentities);
94
95			$data[$key] = $val;
96			}
97
98			return $data;
99			}
100
101			try {
102			return $currentClass::securiseKnownTypes($data, $type);
103			} catch (Exception $ex) {
104			if ($ex->getCode() !== self::ERR_SECURE_UNKNOWN_TYPE) {
105			throw new Exception($ex->getCode(), $ex->getMessage());
106			}
107			//Else : Use securise text type
108			}
109
110			$sqlSecureMethod = $currentClass::getSqlSecureMethod();
111			if ($sqlSecureMethod !== false) {
112			$data = $sqlSecureMethod($data);
113			} else {
114			$data = addslashes($data);
115			}
116
117			if ($htmlentities === true) {
118			$data = htmlentities($data, ENT_COMPAT \| ENT_HTML401);
119			}
120
121			return $data;
122			}
123
124			/**
125			* Get the sqlSecure function declared in bfw config file
126			*
127			* @return boolean\|string
128			*/
129			public static function getSqlSecureMethod()
130			{
131			$app = \BFW\Application::getInstance();
132			$secureFct = $app->getConfig()->getValue('sqlSecureMethod');
133
134			if (!is_callable($secureFct, false)) {
135			return false;
136			}
137
138			return $secureFct;
139			}
140
141			/**
142			* Securise the value of an array key for a declared type.
143			*
144			* @param array &$array The array where is the key
145			* @param string $key The key where is the value to securize
146			* @param string $type The type of data
147			* @param boolean $htmlentities (default: false) If use htmlentities
148			* function to a better security
149			*
150			* @return mixed
151			*
152			* @throws Exception If the key not exist in array
153			*/
154			public static function getSecurisedKeyInArray(
155			&$array,
156			$key,
157			$type,
158			$htmlentities = false
159			) {
160			if (!isset($array[$key])) {
161			throw new Exception(
162			'The key '.$key.' not exist',
163			self::ERR_SECURE_ARRAY_KEY_NOT_EXIST
164			);
165			}
166
167			$currentClass = get_called_class();
168			return $currentClass::securise(
169			trim($array[$key]),
170			$type,
171			$htmlentities
172			);
173			}
174
175			/**
176			* Obtain many key from an array in one time
177			*
178			* @param array &$arraySrc The source array
179			* @param array $keysList The key list to obtain.
180			* For each item, the key is the name of the key in source array; And the
181			* value the type of the value. The value can also be an object. In this
182			* case, the properties "type" contain the value type, and the "htmlenties"
183			* property contain the boolean who indicate if secure system
184			* will use htmlentities.
185			* @param boolean $throwOnError (defaut true) If a key not exist, throw an
186			* exception. If false, the value will be null into returned array
187			*
188			* @return array
189			*
190			* @throws Exception If a key is not found and if $throwOnError is true
191			*/
192			public static function getSecurisedManyKeys(
193			&$arraySrc,
194			$keysList,
195			$throwOnError = true
196			) {
197			$currentClass = get_called_class();
198			$result = [];
199
200			foreach ($keysList as $keyName => $infos) {
201			if (!is_object($infos)) {
202			$infos = (object) [
203			'type' => $infos,
204			'htmlentities' => false
205			];
206			}
207
208			try {
209			$result[$keyName] = $currentClass::getSecurisedKeyInArray(
210			$arraySrc,
211			$keyName,
212			$infos->type,
213			$infos->htmlentities
214			);
215			} catch (Exception $ex) {
216			if ($throwOnError === true) {
217			throw new Exception(
218			'Error to obtain the key '.$keyName,
219			self::ERR_OBTAIN_KEY,
220			$ex
221			);
222			} else {
223			$result[$keyName] = null;
224			}
225			}
226			}
227
228			return $result;
229			}
230			}
231

bfw-systems / bfw

GitHub Access Token became invalid

Push — 3.0 ( c52ac9...9f183d )

Secure A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

6 Methods

Duplication Side-by-Side

Filter issues like