SecureCookie - Code Metrics - Inspection of "merge 2.0 branch" - comodojo/cookies - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 04748f...585c72 )

by Marco

created 2018-03-21 01:03 UTC

SecureCookie A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	32
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	1

Test Coverage

Coverage

Importance

Changes

Metric	Value
wmc	3
lcom	0
cbo	1
dl	0
loc	32
ccs	0
cts	8
cp	0
rs	10
c	0
b	0
f	0

1 Method

Rating	Name	Duplication	Size	Complexity
A	encryptKey()	0	19	3

<?php namespace Comodojo\Cookies;

/**
 * AES-encrypted cookie
 *
 * @package     Comodojo Spare Parts
 * @author      Marco Giovinazzi <[email protected]>
 * @license     MIT
 *
 * LICENSE:
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */

class SecureCookie extends EncryptedCookie {

    /**
     * Create a client-specific key using provided key,
     * the client remote address and (in case) the value of
     * HTTP_X_FORWARDED_FOR header
     *
     * @param   string   $key
     *
     * @return  string
     */
    protected static function encryptKey($key) {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}

        if ( isset($_SERVER['REMOTE_ADDR']) ) {

            $client_hash = md5($_SERVER['REMOTE_ADDR'].(isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : ''), true);

            $server_hash = md5($key, true);

            $cookie_key = $client_hash.$server_hash;

        } else {

            $cookie_key = hash('sha256', $key);

        }

        return $cookie_key;

    }

}


1			<?php namespace Comodojo\Cookies;
2
3			/**
4			* AES-encrypted cookie
5			*
6			* @package Comodojo Spare Parts
7			* @author Marco Giovinazzi <[email protected]>
8			* @license MIT
9			*
10			* LICENSE:
11			*
12			* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
13			* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14			* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
15			* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
16			* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
17			* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
18			* THE SOFTWARE.
19			*/
20
21			class SecureCookie extends EncryptedCookie {
22
23			/**
24			* Create a client-specific key using provided key,
25			* the client remote address and (in case) the value of
26			* HTTP_X_FORWARDED_FOR header
27			*
28			* @param string $key
29			*
30			* @return string
31			*/
32			protected static function encryptKey($key) {
			0 ignored issues – show Coding Style introduced 2016-12-13 00:18 UTC by Report Bug Copy Issue Report `encryptKey` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
33
34			if ( isset($_SERVER['REMOTE_ADDR']) ) {
35
36			$client_hash = md5($_SERVER['REMOTE_ADDR'].(isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : ''), true);
37
38			$server_hash = md5($key, true);
39
40			$cookie_key = $client_hash.$server_hash;
41
42			} else {
43
44			$cookie_key = hash('sha256', $key);
45
46			}
47
48			return $cookie_key;
49
50			}
51
52			}
53

comodojo / cookies

Push — master ( 04748f...585c72 )

SecureCookie A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

1 Method

Duplication Side-by-Side

Filter issues like