These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * The OpenSSL Random Number Source |
||
4 | * |
||
5 | * This uses the OS's secure generator to generate high strength numbers |
||
6 | * |
||
7 | * PHP version 5.3 |
||
8 | * |
||
9 | * @category PHPCryptLib |
||
10 | * @package Random |
||
11 | * @subpackage Source |
||
12 | * @author Anthony Ferrara <[email protected]> |
||
13 | * @copyright 2011 The Authors |
||
14 | * @license http://www.opensource.org/licenses/mit-license.html MIT License |
||
15 | * @version Build @@version@@ |
||
16 | */ |
||
17 | |||
18 | namespace RandomLib\Source; |
||
19 | |||
20 | use SecurityLib\Strength; |
||
21 | |||
22 | /** |
||
23 | * The OpenSSL Random Number Source |
||
24 | * |
||
25 | * This uses the OS's secure generator to generate high strength numbers |
||
26 | * |
||
27 | * @category PHPCryptLib |
||
28 | * @package Random |
||
29 | * @subpackage Source |
||
30 | * @author Anthony Ferrara <[email protected]> |
||
31 | * @codeCoverageIgnore |
||
32 | */ |
||
33 | class OpenSSL implements \RandomLib\Source { |
||
34 | |||
35 | /** |
||
36 | * Return an instance of Strength indicating the strength of the source |
||
37 | * |
||
38 | * @return Strength An instance of one of the strength classes |
||
39 | */ |
||
40 | public static function getStrength() { |
||
41 | /** |
||
42 | * Prior to PHP 5.6.10 (see https://bugs.php.net/bug.php?id=70014) the "openssl_random_pseudo_bytes" |
||
43 | * was using "RAND_pseudo_bytes" (predictable) instead of "RAND_bytes" (unpredictable). |
||
44 | */ |
||
45 | if (PHP_VERSION_ID < 50610) { |
||
46 | return new Strength(Strength::MEDIUM); |
||
0 ignored issues
–
show
|
|||
47 | } |
||
48 | |||
49 | return new Strength(Strength::HIGH); |
||
0 ignored issues
–
show
The return type of
return new \SecurityLib\...ityLib\Strength::HIGH); (SecurityLib\Strength ) is incompatible with the return type declared by the interface RandomLib\Source::getStrength of type RandomLib\Strength .
If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author {
private $name;
public function __construct($name) {
$this->name = $name;
}
public function getName() {
return $this->name;
}
}
abstract class Post {
public function getAuthor() {
return 'Johannes';
}
}
class BlogPost extends Post {
public function getAuthor() {
return new Author('Johannes');
}
}
class ForumPost extends Post { /* ... */ }
function my_function(Post $post) {
echo strtoupper($post->getAuthor());
}
Our function
Loading history...
|
|||
50 | } |
||
51 | |||
52 | /** |
||
53 | * Generate a random string of the specified size |
||
54 | * |
||
55 | * @param int $size The size of the requested random string |
||
56 | * |
||
57 | * @return string A string of the requested size |
||
58 | */ |
||
59 | public function generate($size) { |
||
60 | if (!function_exists('openssl_random_pseudo_bytes') || $size < 1) { |
||
61 | return str_repeat(chr(0), $size); |
||
62 | } |
||
63 | /** |
||
64 | * Note, normally we would check the return of of $crypto_strong to |
||
65 | * ensure that we generated a good random string. However, since we're |
||
66 | * using this as one part of many sources a low strength random number |
||
67 | * shouldn't be much of an issue. |
||
68 | */ |
||
69 | return openssl_random_pseudo_bytes($size); |
||
70 | } |
||
71 | |||
72 | } |
||
73 |
If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design.
Let’s take a look at an example:
Our function
my_function
expects aPost
object, and outputs the author of the post. The base classPost
returns a simple string and outputting a simple string will work just fine. However, the child classBlogPost
which is a sub-type ofPost
instead decided to return anobject
, and is therefore violating the SOLID principles. If aBlogPost
were passed tomy_function
, PHP would not complain, but ultimately fail when executing thestrtoupper
call in its body.