SecurityHeaderControllerExtension - Code Metrics - Inspection of "Add ability to exclude a header by leaving the val..." - guttmann/silverstripe-security-headers - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#9)

unknown

created 2019-07-31 03:06 UTC

SecurityHeaderControllerExtension A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	52
Duplicated Lines	0 %

Test Coverage

Coverage

96.77%

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
eloc	25
c	4
b	0
f	0
dl	0
loc	52
ccs	30
cts	31
cp	0.9677
rs	10
wmc	12

2 Methods

Rating	Name	Duplication	Size	Complexity
B	onAfterInit()	0	21	7
A	browserHasWorkingCSPImplementation()	0	24	5

<?php

namespace Guttmann\SilverStripe;

use Config;
use Extension;

class SecurityHeaderControllerExtension extends Extension
{
    public function onAfterInit()
    {
        $response = $this->owner->getResponse();

        $headersToSend = (array) Config::inst()->get('Guttmann\SilverStripe\SecurityHeaderControllerExtension', 'headers');
        $xHeaderMap = (array) Config::inst()->get('Guttmann\SilverStripe\SecurityHeaderControllerExtension', 'x_headers_map');

        foreach ($headersToSend as $header => $value) {
            if (empty($value)) {
                continue;
            }

            if ($header === 'Content-Security-Policy' && !$this->browserHasWorkingCSPImplementation()) {
                continue;
            }

            $response->addHeader($header, $value);

            if (isset($xHeaderMap[$header])) {
                foreach ($xHeaderMap[$header] as $xHeader) {
                    $response->addHeader($xHeader, $value);
                }
            }
        }
    }

    private function browserHasWorkingCSPImplementation()
    {
        $agent = strtolower(
            $this->owner->getRequest()->getHeader('User-Agent')
        );

        if (strpos($agent, 'safari') === false) {
            return true;
        }

        $split = explode('version/', $agent);

        if (!isset($split[1])) {
            return true;
        }

        $version = trim($split[1]);
        $versions = explode('.', $version);

        if (isset($versions[0]) && $versions[0] <= 5) {
            return false;
        }

        return true;
    }
}


1		<?php
2
3		namespace Guttmann\SilverStripe;
4
5		use Config;
6		use Extension;
7
8		class SecurityHeaderControllerExtension extends Extension
9		{
10	2	public function onAfterInit()
11		{
12	2	$response = $this->owner->getResponse();
13
14	2	$headersToSend = (array) Config::inst()->get('Guttmann\SilverStripe\SecurityHeaderControllerExtension', 'headers');
15	2	$xHeaderMap = (array) Config::inst()->get('Guttmann\SilverStripe\SecurityHeaderControllerExtension', 'x_headers_map');
16
17	2	foreach ($headersToSend as $header => $value) {
18	2	if (empty($value)) {
19		continue;
20		}
21
22	2	if ($header === 'Content-Security-Policy' && !$this->browserHasWorkingCSPImplementation()) {
23	1	continue;
24		}
25
26	2	$response->addHeader($header, $value);
27
28	2	if (isset($xHeaderMap[$header])) {
29	2	foreach ($xHeaderMap[$header] as $xHeader) {
30	2	$response->addHeader($xHeader, $value);
31	2	}
32	2	}
33	2	}
34	2	}
35
36	2	private function browserHasWorkingCSPImplementation()
37		{
38	2	$agent = strtolower(
39	2	$this->owner->getRequest()->getHeader('User-Agent')
40	2	);
41
42	2	if (strpos($agent, 'safari') === false) {
43	1	return true;
44		}
45
46	1	$split = explode('version/', $agent);
47
48	1	if (!isset($split[1])) {
49	1	return true;
50		}
51
52	1	$version = trim($split[1]);
53	1	$versions = explode('.', $version);
54
55	1	if (isset($versions[0]) && $versions[0] <= 5) {
56	1	return false;
57		}
58
59	1	return true;
60		}
61		}
62

guttmann / silverstripe-security-headers

Pull Request — master (#9)

SecurityHeaderControllerExtension A

Complexity

Size/Duplication

Test Coverage

Importance

2 Methods

Duplication Side-by-Side

Filter issues like