Secure::securise() - Code Metrics - Inspection of "update composer.json" - bfw-systems/bfw - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 3.0 ( ec7cbd...c3085b )

by Vermeulen

created 2016-09-17 22:13 UTC

Secure::securise() C

↳ Parent: Secure

Complexity

Conditions	7
Paths	8

Size

Total Lines	37
Code Lines	21

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	37
rs	6.7272
cc	7
eloc	21
nc	8
nop	3

<?php

namespace BFW\Helpers;

use \Exception;

/**
 * Helpers to securize data
 */
class Secure
{
    /**
     * Hash a string
     * 
     * @param string $val String to hash
     * 
     * @return string
     */
    public static function hashage($val)
    {
        return substr(hash('sha256', md5($val)), 0, 32);
    }

    /**
     * Securize a string for some types with filter_var.
     * 
     * @param mixed $data String to securize
     * @param string $type Type of filter
     * 
     * @return mixed
     * 
     * @throws Exception If the type is unknown
     */
    public static function securiseKnownTypes($data, $type)
    {
        $filterType = 'text';

        if ($type === 'int' || $type === 'integer') {
            $filterType = FILTER_VALIDATE_INT;
        } elseif ($type === 'float' || $type === 'double') {
            $filterType = FILTER_VALIDATE_FLOAT;
        } elseif ($type === 'bool' || $type === 'boolean') {
            $filterType = FILTER_VALIDATE_BOOLEAN;
        } elseif ($type === 'email') {
            $filterType = FILTER_VALIDATE_EMAIL;
        }

        if ($filterType === 'text') {
            throw new Exception('Unknown type');
        }

        return filter_var($data, $filterType);
    }

    /**
     * Securize a variable
     * 
     * @param mixed $data The variable to securize
     * @param string $type The type of datas
     * @param boolean $htmlentities If use htmlentities function
     *  to more securize
     * 
     * @return mixed
     * 
     * @throws Exception If a error with a type of data
     */
    public static function securise($data, $type, $htmlentities)
    {
        if (is_array($data)) {
            foreach ($data as $key => $val) {
                unset($data[$key]);

                $key = self::securise($key, true);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
                $val = self::securise($val, $htmlentities);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

                $data[$key] = $val;
            }

            return $data;
        }

        try {
            return self::securiseKnownTypes($data, $type);
        } catch (Exception $ex) {
            if ($ex->getMessage() !== 'Unknown type') {
                throw new Exception($ex->getCode(), $ex->getMessage());
            }
            //Else : Use securise text type
        }

        $sqlSecureMethod = self::getSqlSecureMethod();
        if ($sqlSecureMethod !== false) {
            $data = $sqlSecureMethod($data);
        } else {
            $data = addslashes($data);
        }

        if ($htmlentities === false) {
            $data = htmlentities($data, ENT_COMPAT | ENT_HTML401, 'UTF-8');
        }

        return $data;
    }

    /**
     * Get the sqlSecure function declared in bfw config file
     * 
     * @return boolean|string
     */
    public static function getSqlSecureMethod()
    {
        $app = \BFW\Application::getInstance();
        $fct = $app->getConfig('sqlSecureMethod');

        $callableName = '';
        if (!is_callable($fct, true, $callableName)) {
            return false;
        }

        return $callableName;
    }

    /**
     * Securize an array key's value for a declared type.
     * 
     * @param array $array The array where is the key
     * @param string $key The key where is the value to securize
     * @param string $type The type of data
     * @param boolean $htmlentities If use htmlentities function
     *  to more securize
     * 
     * @return mixed
     * 
     * @throws Exception If the key not exist in array
     */
    public static function getSecurisedKeyInArray(&$array, $key, $type, $htmlentities = false)
    {
        if (!isset($array[$key])) {
            throw new Exception('The key '.$key.' not exist');
        }

        return self::securise(trim($array[$key]), $type, $htmlentities);
    }

    /**
     * Get a securized value for a key in $_POST array
     * 
     * @param string $key The key where is the value to securize
     * @param string $type The type of data
     * @param boolean $htmlentities If use htmlentities function
     *  to more securize
     * 
     * @return mixed
     */
    public static function getSecurisedPostKey($key, $type, $htmlentities = false)
    {
        return self::getSecurisedKeyInArray($_POST, $key, $type, $htmlentities);
    }

    /**
     * Get a securized value for a key in $_GET array
     * 
     * @param string $key The key where is the value to securize
     * @param string $type The type of data
     * @param boolean $htmlentities If use htmlentities function
     *  to more securize
     * 
     * @return mixed
     */
    public static function getSecurisedGetKey($key, $type, $htmlentities = false)
    {
        return self::getSecurisedKeyInArray($_GET, $key, $type, $htmlentities);
    }
}


1			<?php
2
3			namespace BFW\Helpers;
4
5			use \Exception;
6
7			/**
8			* Helpers to securize data
9			*/
10			class Secure
11			{
12			/**
13			* Hash a string
14			*
15			* @param string $val String to hash
16			*
17			* @return string
18			*/
19			public static function hashage($val)
20			{
21			return substr(hash('sha256', md5($val)), 0, 32);
22			}
23
24			/**
25			* Securize a string for some types with filter_var.
26			*
27			* @param mixed $data String to securize
28			* @param string $type Type of filter
29			*
30			* @return mixed
31			*
32			* @throws Exception If the type is unknown
33			*/
34			public static function securiseKnownTypes($data, $type)
35			{
36			$filterType = 'text';
37
38			if ($type === 'int' \|\| $type === 'integer') {
39			$filterType = FILTER_VALIDATE_INT;
40			} elseif ($type === 'float' \|\| $type === 'double') {
41			$filterType = FILTER_VALIDATE_FLOAT;
42			} elseif ($type === 'bool' \|\| $type === 'boolean') {
43			$filterType = FILTER_VALIDATE_BOOLEAN;
44			} elseif ($type === 'email') {
45			$filterType = FILTER_VALIDATE_EMAIL;
46			}
47
48			if ($filterType === 'text') {
49			throw new Exception('Unknown type');
50			}
51
52			return filter_var($data, $filterType);
53			}
54
55			/**
56			* Securize a variable
57			*
58			* @param mixed $data The variable to securize
59			* @param string $type The type of datas
60			* @param boolean $htmlentities If use htmlentities function
61			* to more securize
62			*
63			* @return mixed
64			*
65			* @throws Exception If a error with a type of data
66			*/
67			public static function securise($data, $type, $htmlentities)
68			{
69			if (is_array($data)) {
70			foreach ($data as $key => $val) {
71			unset($data[$key]);
72
73			$key = self::securise($key, true);
			0 ignored issues – show Bug introduced 2016-09-17 22:15 UTC by Report Bug Copy Issue Report The call to `securise()` misses a required argument `$htmlentities`. This check looks for function calls that miss required arguments. Loading history... Documentation introduced 2016-09-17 22:15 UTC by Report Bug Copy Issue Report `true` is of type `boolean`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
74			$val = self::securise($val, $htmlentities);
			0 ignored issues – show Bug introduced 2016-09-17 22:15 UTC by Report Bug Copy Issue Report The call to `securise()` misses a required argument `$htmlentities`. This check looks for function calls that miss required arguments. Loading history... Documentation introduced 2016-09-17 22:15 UTC by Report Bug Copy Issue Report `$htmlentities` is of type `boolean`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
75
76			$data[$key] = $val;
77			}
78
79			return $data;
80			}
81
82			try {
83			return self::securiseKnownTypes($data, $type);
84			} catch (Exception $ex) {
85			if ($ex->getMessage() !== 'Unknown type') {
86			throw new Exception($ex->getCode(), $ex->getMessage());
87			}
88			//Else : Use securise text type
89			}
90
91			$sqlSecureMethod = self::getSqlSecureMethod();
92			if ($sqlSecureMethod !== false) {
93			$data = $sqlSecureMethod($data);
94			} else {
95			$data = addslashes($data);
96			}
97
98			if ($htmlentities === false) {
99			$data = htmlentities($data, ENT_COMPAT \| ENT_HTML401, 'UTF-8');
100			}
101
102			return $data;
103			}
104
105			/**
106			* Get the sqlSecure function declared in bfw config file
107			*
108			* @return boolean\|string
109			*/
110			public static function getSqlSecureMethod()
111			{
112			$app = \BFW\Application::getInstance();
113			$fct = $app->getConfig('sqlSecureMethod');
114
115			$callableName = '';
116			if (!is_callable($fct, true, $callableName)) {
117			return false;
118			}
119
120			return $callableName;
121			}
122
123			/**
124			* Securize an array key's value for a declared type.
125			*
126			* @param array $array The array where is the key
127			* @param string $key The key where is the value to securize
128			* @param string $type The type of data
129			* @param boolean $htmlentities If use htmlentities function
130			* to more securize
131			*
132			* @return mixed
133			*
134			* @throws Exception If the key not exist in array
135			*/
136			public static function getSecurisedKeyInArray(&$array, $key, $type, $htmlentities = false)
137			{
138			if (!isset($array[$key])) {
139			throw new Exception('The key '.$key.' not exist');
140			}
141
142			return self::securise(trim($array[$key]), $type, $htmlentities);
143			}
144
145			/**
146			* Get a securized value for a key in $_POST array
147			*
148			* @param string $key The key where is the value to securize
149			* @param string $type The type of data
150			* @param boolean $htmlentities If use htmlentities function
151			* to more securize
152			*
153			* @return mixed
154			*/
155			public static function getSecurisedPostKey($key, $type, $htmlentities = false)
156			{
157			return self::getSecurisedKeyInArray($_POST, $key, $type, $htmlentities);
158			}
159
160			/**
161			* Get a securized value for a key in $_GET array
162			*
163			* @param string $key The key where is the value to securize
164			* @param string $type The type of data
165			* @param boolean $htmlentities If use htmlentities function
166			* to more securize
167			*
168			* @return mixed
169			*/
170			public static function getSecurisedGetKey($key, $type, $htmlentities = false)
171			{
172			return self::getSecurisedKeyInArray($_GET, $key, $type, $htmlentities);
173			}
174			}
175

bfw-systems / bfw

GitHub Access Token became invalid

Push — 3.0 ( ec7cbd...c3085b )

Secure::securise() C

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like