Secure::securiseUnknownType() - Code Metrics - Inspection of "Helpers\Secure : Create a new method securiseUnkno..." - bfw-systems/bfw - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 3.0 ( 9f6cf7...2a696a )

by Vermeulen

created 2018-08-23 01:01 UTC

Secure::securiseUnknownType() A

↳ Parent: Secure

Complexity

Conditions	3
Paths	4

Size

Total Lines	16
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	3
eloc	9
nc	4
nop	2
dl	0
loc	16
rs	9.9666
c	0
b	0
f	0

<?php

namespace BFW\Helpers;

use \Exception;

/**
 * Helpers to securize data
 */
class Secure
{
    /**
     * @const ERR_SECURE_UNKNOWN_TYPE Exception code if the data into the
     * method secure() is not a predefined type.
     */
    const ERR_SECURE_UNKNOWN_TYPE = 1609001;
    
    /**
     * @const ERR_SECURE_ARRAY_KEY_NOT_EXIST If the asked key not exist into
     * the array to secure.
     */
    const ERR_SECURE_ARRAY_KEY_NOT_EXIST = 1609002;
    
    /**
     * @const ERR_OBTAIN_KEY Exception code if the key asked not exist
     */
    const ERR_OBTAIN_KEY = 1609003;
    
    /**
     * Hash a string
     * 
     * @param string $val String to hash
     * 
     * @return string
     */
    public static function hash(string $val): string
    {
        return hash('sha256', md5($val));
    }

    /**
     * Securize a string for some types with filter_var function.
     * 
     * @param mixed $data String to securize
     * @param string $type Type of filter
     * 
     * @return mixed
     * 
     * @throws \Exception If the type is unknown
     */
    public static function securiseKnownTypes($data, string $type)
    {
        $filterType = 'text';

        if ($type === 'int' || $type === 'integer') {
            $filterType = FILTER_VALIDATE_INT;
        } elseif ($type === 'float' || $type === 'double') {
            $filterType = FILTER_VALIDATE_FLOAT;
        } elseif ($type === 'bool' || $type === 'boolean') {
            $filterType = FILTER_VALIDATE_BOOLEAN;
        } elseif ($type === 'email') {
            $filterType = FILTER_VALIDATE_EMAIL;
        }

        if ($filterType === 'text') {
            throw new Exception('Unknown type', self::ERR_SECURE_UNKNOWN_TYPE);
        }

        return filter_var($data, $filterType);
    }
    
    /**
     * Securise a mixed data type who are not managed by securiseKnownType.
     * We work the data like if the type is a string.
     * 
     * @param mixed $data The variable to securise
     * @param boolean $htmlentities If use htmlentities function
     *  to a better security
     * 
     * @return mixed
     */
    public static function securiseUnknownType($data, bool $htmlentities)
    {
        $currentClass    = get_called_class();
        $sqlSecureMethod = $currentClass::getSqlSecureMethod();
        
        if ($sqlSecureMethod !== false) {
            $data = $sqlSecureMethod($data);
        } else {
            $data = addslashes($data);
        }

        if ($htmlentities === true) {
            $data = htmlentities($data, ENT_COMPAT | ENT_HTML401);
        }
        
        return $data;
    }

    /**
     * Securise a variable
     * 
     * @param mixed $data The variable to securise
     * @param string $type The type of datas
     * @param boolean $htmlentities If use htmlentities function
     *  to a better security
     * 
     * @return mixed
     * 
     * @throws \Exception If an error with a type of data
     */
    public static function securise($data, string $type, bool $htmlentities)
    {
        $currentClass = get_called_class();
        
        if (is_array($data)) {
            foreach ($data as $key => $val) {
                unset($data[$key]);

                $key = $currentClass::securise($key, gettype($key), true);
                $val = $currentClass::securise($val, $type, $htmlentities);

                $data[$key] = $val;
            }

            return $data;
        }

        try {
            return $currentClass::securiseKnownTypes($data, $type);
        } catch (Exception $ex) {
            if ($ex->getCode() !== self::ERR_SECURE_UNKNOWN_TYPE) {
                throw new Exception($ex->getMessage(), $ex->getCode());
            }
            //Else : Use securise like if it's a text type
        }

        return $currentClass::securiseUnknownType($data, $htmlentities);
    }

    /**
     * Get the sqlSecure function declared in bfw config file
     * 
     * @return boolean|string
     */
    public static function getSqlSecureMethod()
    {
        $app       = \BFW\Application::getInstance();
        $secureFct = $app->getConfig()->getValue(
            'sqlSecureMethod',
            'global.php'
        );

        if (!is_callable($secureFct, false)) {
            return false;
        }

        return $secureFct;
    }

    /**
     * Securise the value of an array key for a declared type.
     * 
     * @param array &$array The array where is the key
     * @param string $key The key where is the value to securize
     * @param string $type The type of data
     * @param boolean $htmlentities (default: false) If use htmlentities
     *  function to a better security
     * 
     * @return mixed
     * 
     * @throws \Exception If the key not exist in array
     */
    public static function getSecurisedKeyInArray(
        array &$array,
        string $key,
        string $type,
        bool $htmlentities = false
    ) {
        if (!isset($array[$key])) {
            throw new Exception(
                'The key '.$key.' not exist',
                self::ERR_SECURE_ARRAY_KEY_NOT_EXIST
            );
        }

        $currentClass = get_called_class();
        return $currentClass::securise(
            trim($array[$key]),
            $type,
            $htmlentities
        );
    }
    
    /**
     * Obtain many key from an array in one time
     * 
     * @param array &$arraySrc The source array
     * @param array $keysList The key list to obtain.
     *  For each item, the key is the name of the key in source array; And the
     *  value the type of the value. The value can also be an object. In this
     *  case, the properties "type" contain the value type, and the "htmlenties"
     *  property contain the boolean who indicate if secure system 
     *  will use htmlentities.
     * @param boolean $throwOnError (defaut true) If a key not exist, throw an
     *  exception. If false, the value will be null into returned array
     * 
     * @return array
     * 
     * @throws \Exception If a key is not found and if $throwOnError is true
     */
    public static function getSecurisedManyKeys(
        array &$arraySrc,
        array $keysList,
        bool $throwOnError = true
    ): array {
        $currentClass = get_called_class();
        $result       = [];
        
        foreach ($keysList as $keyName => $infos) {
            if (!is_array($infos)) {
                $infos = [
                    'type'         => $infos,
                    'htmlentities' => false
                ];
            }
            
            try {
                $result[$keyName] = $currentClass::getSecurisedKeyInArray(
                    $arraySrc,
                    $keyName,
                    $infos['type'],
                    $infos['htmlentities']
                );
            } catch (Exception $ex) {
                if ($throwOnError === true) {
                    throw new Exception(
                        'Error to obtain the key '.$keyName,
                        self::ERR_OBTAIN_KEY,
                        $ex
                    );
                } else {
                    $result[$keyName] = null;
                }
            }
        }
        
        return $result;
    }
}


1			<?php
2
3			namespace BFW\Helpers;
4
5			use \Exception;
6
7			/**
8			* Helpers to securize data
9			*/
10			class Secure
11			{
12			/**
13			* @const ERR_SECURE_UNKNOWN_TYPE Exception code if the data into the
14			* method secure() is not a predefined type.
15			*/
16			const ERR_SECURE_UNKNOWN_TYPE = 1609001;
17
18			/**
19			* @const ERR_SECURE_ARRAY_KEY_NOT_EXIST If the asked key not exist into
20			* the array to secure.
21			*/
22			const ERR_SECURE_ARRAY_KEY_NOT_EXIST = 1609002;
23
24			/**
25			* @const ERR_OBTAIN_KEY Exception code if the key asked not exist
26			*/
27			const ERR_OBTAIN_KEY = 1609003;
28
29			/**
30			* Hash a string
31			*
32			* @param string $val String to hash
33			*
34			* @return string
35			*/
36			public static function hash(string $val): string
37			{
38			return hash('sha256', md5($val));
39			}
40
41			/**
42			* Securize a string for some types with filter_var function.
43			*
44			* @param mixed $data String to securize
45			* @param string $type Type of filter
46			*
47			* @return mixed
48			*
49			* @throws \Exception If the type is unknown
50			*/
51			public static function securiseKnownTypes($data, string $type)
52			{
53			$filterType = 'text';
54
55			if ($type === 'int' \|\| $type === 'integer') {
56			$filterType = FILTER_VALIDATE_INT;
57			} elseif ($type === 'float' \|\| $type === 'double') {
58			$filterType = FILTER_VALIDATE_FLOAT;
59			} elseif ($type === 'bool' \|\| $type === 'boolean') {
60			$filterType = FILTER_VALIDATE_BOOLEAN;
61			} elseif ($type === 'email') {
62			$filterType = FILTER_VALIDATE_EMAIL;
63			}
64
65			if ($filterType === 'text') {
66			throw new Exception('Unknown type', self::ERR_SECURE_UNKNOWN_TYPE);
67			}
68
69			return filter_var($data, $filterType);
70			}
71
72			/**
73			* Securise a mixed data type who are not managed by securiseKnownType.
74			* We work the data like if the type is a string.
75			*
76			* @param mixed $data The variable to securise
77			* @param boolean $htmlentities If use htmlentities function
78			* to a better security
79			*
80			* @return mixed
81			*/
82			public static function securiseUnknownType($data, bool $htmlentities)
83			{
84			$currentClass = get_called_class();
85			$sqlSecureMethod = $currentClass::getSqlSecureMethod();
86
87			if ($sqlSecureMethod !== false) {
88			$data = $sqlSecureMethod($data);
89			} else {
90			$data = addslashes($data);
91			}
92
93			if ($htmlentities === true) {
94			$data = htmlentities($data, ENT_COMPAT \| ENT_HTML401);
95			}
96
97			return $data;
98			}
99
100			/**
101			* Securise a variable
102			*
103			* @param mixed $data The variable to securise
104			* @param string $type The type of datas
105			* @param boolean $htmlentities If use htmlentities function
106			* to a better security
107			*
108			* @return mixed
109			*
110			* @throws \Exception If an error with a type of data
111			*/
112			public static function securise($data, string $type, bool $htmlentities)
113			{
114			$currentClass = get_called_class();
115
116			if (is_array($data)) {
117			foreach ($data as $key => $val) {
118			unset($data[$key]);
119
120			$key = $currentClass::securise($key, gettype($key), true);
121			$val = $currentClass::securise($val, $type, $htmlentities);
122
123			$data[$key] = $val;
124			}
125
126			return $data;
127			}
128
129			try {
130			return $currentClass::securiseKnownTypes($data, $type);
131			} catch (Exception $ex) {
132			if ($ex->getCode() !== self::ERR_SECURE_UNKNOWN_TYPE) {
133			throw new Exception($ex->getMessage(), $ex->getCode());
134			}
135			//Else : Use securise like if it's a text type
136			}
137
138			return $currentClass::securiseUnknownType($data, $htmlentities);
139			}
140
141			/**
142			* Get the sqlSecure function declared in bfw config file
143			*
144			* @return boolean\|string
145			*/
146			public static function getSqlSecureMethod()
147			{
148			$app = \BFW\Application::getInstance();
149			$secureFct = $app->getConfig()->getValue(
150			'sqlSecureMethod',
151			'global.php'
152			);
153
154			if (!is_callable($secureFct, false)) {
155			return false;
156			}
157
158			return $secureFct;
159			}
160
161			/**
162			* Securise the value of an array key for a declared type.
163			*
164			* @param array &$array The array where is the key
165			* @param string $key The key where is the value to securize
166			* @param string $type The type of data
167			* @param boolean $htmlentities (default: false) If use htmlentities
168			* function to a better security
169			*
170			* @return mixed
171			*
172			* @throws \Exception If the key not exist in array
173			*/
174			public static function getSecurisedKeyInArray(
175			array &$array,
176			string $key,
177			string $type,
178			bool $htmlentities = false
179			) {
180			if (!isset($array[$key])) {
181			throw new Exception(
182			'The key '.$key.' not exist',
183			self::ERR_SECURE_ARRAY_KEY_NOT_EXIST
184			);
185			}
186
187			$currentClass = get_called_class();
188			return $currentClass::securise(
189			trim($array[$key]),
190			$type,
191			$htmlentities
192			);
193			}
194
195			/**
196			* Obtain many key from an array in one time
197			*
198			* @param array &$arraySrc The source array
199			* @param array $keysList The key list to obtain.
200			* For each item, the key is the name of the key in source array; And the
201			* value the type of the value. The value can also be an object. In this
202			* case, the properties "type" contain the value type, and the "htmlenties"
203			* property contain the boolean who indicate if secure system
204			* will use htmlentities.
205			* @param boolean $throwOnError (defaut true) If a key not exist, throw an
206			* exception. If false, the value will be null into returned array
207			*
208			* @return array
209			*
210			* @throws \Exception If a key is not found and if $throwOnError is true
211			*/
212			public static function getSecurisedManyKeys(
213			array &$arraySrc,
214			array $keysList,
215			bool $throwOnError = true
216			): array {
217			$currentClass = get_called_class();
218			$result = [];
219
220			foreach ($keysList as $keyName => $infos) {
221			if (!is_array($infos)) {
222			$infos = [
223			'type' => $infos,
224			'htmlentities' => false
225			];
226			}
227
228			try {
229			$result[$keyName] = $currentClass::getSecurisedKeyInArray(
230			$arraySrc,
231			$keyName,
232			$infos['type'],
233			$infos['htmlentities']
234			);
235			} catch (Exception $ex) {
236			if ($throwOnError === true) {
237			throw new Exception(
238			'Error to obtain the key '.$keyName,
239			self::ERR_OBTAIN_KEY,
240			$ex
241			);
242			} else {
243			$result[$keyName] = null;
244			}
245			}
246			}
247
248			return $result;
249			}
250			}
251

bfw-systems / bfw

GitHub Access Token became invalid

Push — 3.0 ( 9f6cf7...2a696a )

Secure::securiseUnknownType() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like