Secure - Code Metrics - Inspection of "Unit test atoum config : Update reports paths for..." - bfw-systems/bfw - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 3.0 ( 7c2f4b...3ca115 )

by Vermeulen

created 2017-03-19 11:45 UTC

Secure A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	169
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	1

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
wmc	23
c	1
b	0
f	0
lcom	0
cbo	1
dl	0
loc	169
rs	10

7 Methods

Rating	Name	Size	Complexity
B	securiseKnownTypes()	20	9
A	hash()	4	1
C	securise()	39	7
A	getSqlSecureMethod()	11	2
A	getSecurisedKeyInArray()	9	2
A	getSecurisedPostKey()	5	1
A	getSecurisedGetKey()	5	1

<?php

namespace BFW\Helpers;

use \Exception;

/**
 * Helpers to securize data
 */
class Secure
{
    /**
     * Hash a string
     * 
     * @param string $val String to hash
     * 
     * @return string
     */
    public static function hash($val)
    {
        return hash('sha256', md5($val));
    }

    /**
     * Securize a string for some types with filter_var.
     * 
     * @param mixed $data String to securize
     * @param string $type Type of filter
     * 
     * @return mixed
     * 
     * @throws Exception If the type is unknown
     */
    public static function securiseKnownTypes($data, $type)
    {
        $filterType = 'text';

        if ($type === 'int' || $type === 'integer') {
            $filterType = FILTER_VALIDATE_INT;
        } elseif ($type === 'float' || $type === 'double') {
            $filterType = FILTER_VALIDATE_FLOAT;
        } elseif ($type === 'bool' || $type === 'boolean') {
            $filterType = FILTER_VALIDATE_BOOLEAN;
        } elseif ($type === 'email') {
            $filterType = FILTER_VALIDATE_EMAIL;
        }

        if ($filterType === 'text') {
            throw new Exception('Unknown type');
        }

        return filter_var($data, $filterType);
    }

    /**
     * Securize a variable
     * 
     * @param mixed $data The variable to securize
     * @param string $type The type of datas
     * @param boolean $htmlentities If use htmlentities function
     *  to more securize
     * 
     * @return mixed
     * 
     * @throws Exception If a error with a type of data
     */
    public static function securise($data, $type, $htmlentities)
    {
        $currentClass = get_called_class();
        
        if (is_array($data)) {
            foreach ($data as $key => $val) {
                unset($data[$key]);

                $key = $currentClass::securise($key, gettype($key), true);
                $val = $currentClass::securise($val, $type, $htmlentities);

                $data[$key] = $val;
            }

            return $data;
        }

        try {
            return $currentClass::securiseKnownTypes($data, $type);
        } catch (Exception $ex) {
            if ($ex->getMessage() !== 'Unknown type') {
                throw new Exception($ex->getCode(), $ex->getMessage());
            }
            //Else : Use securise text type
        }

        $sqlSecureMethod = $currentClass::getSqlSecureMethod();
        if ($sqlSecureMethod !== false) {
            $data = $sqlSecureMethod($data);
        } else {
            $data = addslashes($data);
        }

        if ($htmlentities === true) {
            $data = htmlentities($data, ENT_COMPAT | ENT_HTML401, 'UTF-8');
        }

        return $data;
    }

    /**
     * Get the sqlSecure function declared in bfw config file
     * 
     * @return boolean|string
     */
    public static function getSqlSecureMethod()
    {
        $application    = \BFW\Application::getInstance();
        $secureFunction = $application->getConfig('sqlSecureMethod');

        if (!is_callable($secureFunction, false)) {
            return false;
        }

        return $secureFunction;
    }

    /**
     * Securize an array key's value for a declared type.
     * 
     * @param array $array The array where is the key
     * @param string $key The key where is the value to securize
     * @param string $type The type of data
     * @param boolean $htmlentities If use htmlentities function
     *  to more securize
     * 
     * @return mixed
     * 
     * @throws Exception If the key not exist in array
     */
    public static function getSecurisedKeyInArray(&$array, $key, $type, $htmlentities = false)
    {
        if (!isset($array[$key])) {
            throw new Exception('The key '.$key.' not exist');
        }

        $currentClass = get_called_class();
        return $currentClass::securise(trim($array[$key]), $type, $htmlentities);
    }

    /**
     * Get a securized value for a key in $_POST array
     * 
     * @param string $key The key where is the value to securize
     * @param string $type The type of data
     * @param boolean $htmlentities If use htmlentities function
     *  to more securize
     * 
     * @return mixed
     */
    public static function getSecurisedPostKey($key, $type, $htmlentities = false)
    {
        $currentClass = get_called_class();
        return $currentClass::getSecurisedKeyInArray($_POST, $key, $type, $htmlentities);
    }

    /**
     * Get a securized value for a key in $_GET array
     * 
     * @param string $key The key where is the value to securize
     * @param string $type The type of data
     * @param boolean $htmlentities If use htmlentities function
     *  to more securize
     * 
     * @return mixed
     */
    public static function getSecurisedGetKey($key, $type, $htmlentities = false)
    {
        $currentClass = get_called_class();
        return $currentClass::getSecurisedKeyInArray($_GET, $key, $type, $htmlentities);
    }
}


1			<?php
2
3			namespace BFW\Helpers;
4
5			use \Exception;
6
7			/**
8			* Helpers to securize data
9			*/
10			class Secure
11			{
12			/**
13			* Hash a string
14			*
15			* @param string $val String to hash
16			*
17			* @return string
18			*/
19			public static function hash($val)
20			{
21			return hash('sha256', md5($val));
22			}
23
24			/**
25			* Securize a string for some types with filter_var.
26			*
27			* @param mixed $data String to securize
28			* @param string $type Type of filter
29			*
30			* @return mixed
31			*
32			* @throws Exception If the type is unknown
33			*/
34			public static function securiseKnownTypes($data, $type)
35			{
36			$filterType = 'text';
37
38			if ($type === 'int' \|\| $type === 'integer') {
39			$filterType = FILTER_VALIDATE_INT;
40			} elseif ($type === 'float' \|\| $type === 'double') {
41			$filterType = FILTER_VALIDATE_FLOAT;
42			} elseif ($type === 'bool' \|\| $type === 'boolean') {
43			$filterType = FILTER_VALIDATE_BOOLEAN;
44			} elseif ($type === 'email') {
45			$filterType = FILTER_VALIDATE_EMAIL;
46			}
47
48			if ($filterType === 'text') {
49			throw new Exception('Unknown type');
50			}
51
52			return filter_var($data, $filterType);
53			}
54
55			/**
56			* Securize a variable
57			*
58			* @param mixed $data The variable to securize
59			* @param string $type The type of datas
60			* @param boolean $htmlentities If use htmlentities function
61			* to more securize
62			*
63			* @return mixed
64			*
65			* @throws Exception If a error with a type of data
66			*/
67			public static function securise($data, $type, $htmlentities)
68			{
69			$currentClass = get_called_class();
70
71			if (is_array($data)) {
72			foreach ($data as $key => $val) {
73			unset($data[$key]);
74
75			$key = $currentClass::securise($key, gettype($key), true);
76			$val = $currentClass::securise($val, $type, $htmlentities);
77
78			$data[$key] = $val;
79			}
80
81			return $data;
82			}
83
84			try {
85			return $currentClass::securiseKnownTypes($data, $type);
86			} catch (Exception $ex) {
87			if ($ex->getMessage() !== 'Unknown type') {
88			throw new Exception($ex->getCode(), $ex->getMessage());
89			}
90			//Else : Use securise text type
91			}
92
93			$sqlSecureMethod = $currentClass::getSqlSecureMethod();
94			if ($sqlSecureMethod !== false) {
95			$data = $sqlSecureMethod($data);
96			} else {
97			$data = addslashes($data);
98			}
99
100			if ($htmlentities === true) {
101			$data = htmlentities($data, ENT_COMPAT \| ENT_HTML401, 'UTF-8');
102			}
103
104			return $data;
105			}
106
107			/**
108			* Get the sqlSecure function declared in bfw config file
109			*
110			* @return boolean\|string
111			*/
112			public static function getSqlSecureMethod()
113			{
114			$application = \BFW\Application::getInstance();
115			$secureFunction = $application->getConfig('sqlSecureMethod');
116
117			if (!is_callable($secureFunction, false)) {
118			return false;
119			}
120
121			return $secureFunction;
122			}
123
124			/**
125			* Securize an array key's value for a declared type.
126			*
127			* @param array $array The array where is the key
128			* @param string $key The key where is the value to securize
129			* @param string $type The type of data
130			* @param boolean $htmlentities If use htmlentities function
131			* to more securize
132			*
133			* @return mixed
134			*
135			* @throws Exception If the key not exist in array
136			*/
137			public static function getSecurisedKeyInArray(&$array, $key, $type, $htmlentities = false)
138			{
139			if (!isset($array[$key])) {
140			throw new Exception('The key '.$key.' not exist');
141			}
142
143			$currentClass = get_called_class();
144			return $currentClass::securise(trim($array[$key]), $type, $htmlentities);
145			}
146
147			/**
148			* Get a securized value for a key in $_POST array
149			*
150			* @param string $key The key where is the value to securize
151			* @param string $type The type of data
152			* @param boolean $htmlentities If use htmlentities function
153			* to more securize
154			*
155			* @return mixed
156			*/
157			public static function getSecurisedPostKey($key, $type, $htmlentities = false)
158			{
159			$currentClass = get_called_class();
160			return $currentClass::getSecurisedKeyInArray($_POST, $key, $type, $htmlentities);
161			}
162
163			/**
164			* Get a securized value for a key in $_GET array
165			*
166			* @param string $key The key where is the value to securize
167			* @param string $type The type of data
168			* @param boolean $htmlentities If use htmlentities function
169			* to more securize
170			*
171			* @return mixed
172			*/
173			public static function getSecurisedGetKey($key, $type, $htmlentities = false)
174			{
175			$currentClass = get_called_class();
176			return $currentClass::getSecurisedKeyInArray($_GET, $key, $type, $htmlentities);
177			}
178			}
179

bfw-systems / bfw

GitHub Access Token became invalid

Push — 3.0 ( 7c2f4b...3ca115 )

Secure A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

7 Methods

Duplication Side-by-Side

Filter issues like