MvcResolver::getAction() - Code Metrics - Inspection of "refactor Micro (remove to small classes)" - linpax/microphp-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ea8fd7...b1104c )

by Oleg

created 2016-11-09 01:30 UTC

MvcResolver::getAction() A

↳ Parent: MvcResolver

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	4
rs	10
c	0
b	0
f	0
cc	1
eloc	2
nc	1
nop	0

<?php /** MicroHMVCResolver */

namespace Micro\Mvc;

use Micro\Base\Exception;
use Micro\Base\KernelInjector;
use Micro\base\ResolverInterface;
use Micro\Mvc\Controllers\IController;
use Micro\Web\RequestInjector;
use Micro\Web\RouterInjector;
use Psr\Http\Message\ServerRequestInterface;

/**
 * MVC Resolver class file.
 *
 * @author Oleg Lunegov <[email protected]>
 * @link https://github.com/linpax/microphp-framework
 * @copyright Copyright (c) 2013 Oleg Lunegov
 * @license https://github.com/linpax/microphp-framework/blob/master/LICENSE
 * @package Micro
 * @subpackage Resolver
 * @version 1.0
 * @since 1.0
 */
class MvcResolver implements ResolverInterface
{
    /** @var string $uri converted URL */
    protected $uri;

    /** @var string $extensions Extensions in request */
    private $extensions;
    /** @var string $modules Modules in request */
    private $modules;
    /** @var string $controller IController to run */
    private $controller;
    /** @var string $action Action to run */
    private $action;


    /**
     * Get instance application
     *
     * @access public
     *
     * @return IController
     * @throws Exception
     */
    public function getApp()
    {
        /** @var ServerRequestInterface $request */
        $request = (new RequestInjector)->build();
        /** @var array $rawQuery */
        $rawQuery = $request->getQueryParams();

        $query = !empty($rawQuery['r']) ? $rawQuery['r'] : '/default';
        $query = (substr($query, -1) === '/') ? substr($query, 0, -1) : $query;

        $this->uri = (new RouterInjector)->build()->parse($query, $request->getMethod());

        $this->initialize();

        /** @var string $cls */
        $cls = $this->getCalculatePath();

        if (!class_exists($cls) || !is_subclass_of($cls, '\Micro\Mvc\Controllers\IController')) {
            throw new Exception('Controller '.$cls.' not found or not a valid');
        }

        return new $cls($this->getModules());
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
    }

    /**
     * Initialize request object
     *
     * @access public
     *
     * @return void
     * @throws Exception
     */
    protected function initialize()
    {
        $key = strpos($this->uri, '?');
        $params = $key ? substr($this->uri, $key + 2) : null;
        $uriBlocks = explode('/', substr($this->uri, 0, $key ?: strlen($this->uri)));

        if (0 === strpos($this->uri, '/')) {
            array_shift($uriBlocks);
        }

        $this->prepareExtensions($uriBlocks);
        $this->prepareModules($uriBlocks);
        $this->prepareController($uriBlocks);
        $this->prepareAction($uriBlocks);

        if ($params) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $paramBlocks = explode('&', $params);
            $query = (new RequestInjector)->build()->getQueryParams();

            foreach ($paramBlocks AS $param) {
                $val = explode('=', $param);

                $query[$val[0]] = $val[1];
            }

            // replace request
            $request = (new RequestInjector)->build();
            (new RequestInjector)->addRequirement('request', $request->withQueryParams(
                array_replace_recursive($request->getQueryParams(), $query)
            ));
        }
    }

    /**
     * Prepare extensions
     *
     * @access private
     *
     * @param array $uriBlocks uri blocks from URL
     *
     * @return void
     * @throws Exception
     */
    protected function prepareExtensions(&$uriBlocks)
    {
        foreach ($uriBlocks as $i => $block) {
            if (file_exists((new KernelInjector)->build()->getAppDir().$this->extensions.'/extensions/'.$block)) {
                $this->extensions .= '/Extensions/'.ucfirst($block);

                unset($uriBlocks[$i]);
            } else {
                break;
            }
        }

        $this->extensions = str_replace('/', '\\', $this->extensions);
    }

    /**
     * Prepare modules
     *
     * @access private
     *
     * @global      Micro
     *
     * @param array $uriBlocks uri blocks from URL
     *
     * @return void
     * @throws Exception
     */
    protected function prepareModules(&$uriBlocks)
    {
        $path = (new KernelInjector)->build()->getAppDir().($this->extensions ?: '');

        foreach ($uriBlocks as $i => $block) {
            if ($block && file_exists($path.strtolower($this->modules).'/modules/'.$block)) {
                $this->modules .= '/Modules/'.ucfirst($block);

                unset($uriBlocks[$i]);
            } else {
                break;
            }
        }

        $this->modules = str_replace('/', '\\', $this->modules);
    }

    /**
     * Prepare controller
     *
     * @access private
     *
     * @param array $uriBlocks uri blocks from URL
     *
     * @return void
     * @throws Exception
     */
    protected function prepareController(&$uriBlocks)
    {
        $path = (new KernelInjector)->build()->getAppDir().($this->extensions ?: '').strtolower($this->modules ?: '');
        $str = array_shift($uriBlocks);

        if (file_exists(str_replace('\\', '/', $path.'/controllers/'.ucfirst($str).'Controller.php'))) {
            $this->controller = $str;
        } else {
            $this->controller = 'default';

            array_unshift($uriBlocks, $str);
        }
    }

    /**
     * Prepare action
     *
     * @access private
     *
     * @param array $uriBlocks uri blocks from URL
     *
     * @return void
     */
    protected function prepareAction(&$uriBlocks)
    {
        $this->action = array_shift($uriBlocks) ?: 'index';
    }


    /**
     * Get calculate path to controller
     *
     * @access public
     *
     * @return string
     */
    public function getCalculatePath()
    {
        return '\\App'.$this->getExtensions().$this->getModules().'\\Controllers\\'.$this->getController();
    }

    /**
     * Get extensions from request
     *
     * @access public
     *
     * @return string
     */
    public function getExtensions()
    {
        return $this->extensions;
    }

    /**
     * Get modules from request
     *
     * @access public
     *
     * @return string
     */
    public function getModules()
    {
        return $this->modules;
    }

    /**
     * Get controller from request
     *
     * @access public
     *
     * @return string
     */
    public function getController()
    {
        return ucfirst($this->controller).'Controller';
    }


    /**
     * Get action from request
     *
     * @access public
     *
     * @return string
     */
    public function getAction()
    {
        return $this->action;
    }
}


Push — master ( ea8fd7...b1104c )

MvcResolver::getAction() A

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

General Strategies to prevent injection

1			<?php /** MicroHMVCResolver */
2
3			namespace Micro\Mvc;
4
5			use Micro\Base\Exception;
6			use Micro\Base\KernelInjector;
7			use Micro\base\ResolverInterface;
8			use Micro\Mvc\Controllers\IController;
9			use Micro\Web\RequestInjector;
10			use Micro\Web\RouterInjector;
11			use Psr\Http\Message\ServerRequestInterface;
12
13			/**
14			* MVC Resolver class file.
15			*
16			* @author Oleg Lunegov <[email protected]>
17			* @link https://github.com/linpax/microphp-framework
18			* @copyright Copyright (c) 2013 Oleg Lunegov
19			* @license https://github.com/linpax/microphp-framework/blob/master/LICENSE
20			* @package Micro
21			* @subpackage Resolver
22			* @version 1.0
23			* @since 1.0
24			*/
25			class MvcResolver implements ResolverInterface
26			{
27			/** @var string $uri converted URL */
28			protected $uri;
29
30			/** @var string $extensions Extensions in request */
31			private $extensions;
32			/** @var string $modules Modules in request */
33			private $modules;
34			/** @var string $controller IController to run */
35			private $controller;
36			/** @var string $action Action to run */
37			private $action;
38
39
40			/**
41			* Get instance application
42			*
43			* @access public
44			*
45			* @return IController
46			* @throws Exception
47			*/
48			public function getApp()
49			{
50			/** @var ServerRequestInterface $request */
51			$request = (new RequestInjector)->build();
52			/** @var array $rawQuery */
53			$rawQuery = $request->getQueryParams();
54
55			$query = !empty($rawQuery['r']) ? $rawQuery['r'] : '/default';
56			$query = (substr($query, -1) === '/') ? substr($query, 0, -1) : $query;
57
58			$this->uri = (new RouterInjector)->build()->parse($query, $request->getMethod());
59
60			$this->initialize();
61
62			/** @var string $cls */
63			$cls = $this->getCalculatePath();
64
65			if (!class_exists($cls) \|\| !is_subclass_of($cls, '\Micro\Mvc\Controllers\IController')) {
66			throw new Exception('Controller '.$cls.' not found or not a valid');
67			}
68
69			return new $cls($this->getModules());
			0 ignored issues – show Security Code Execution introduced 2016-11-09 01:33 UTC by Report Bug Copy Issue Report `$cls` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_GET,` and `$query ?: $_GET` is passed to ServerRequest::__construct() in vendor/src/ServerRequestFactory.php on line 71 ServerRequest::$queryParams is assigned in vendor/src/ServerRequest.php on line 101 Tainted property ServerRequest::$queryParams is read in vendor/src/ServerRequest.php on line 156 ServerRequest::getQueryParams() returns tainted data, and `$rawQuery` is assigned in src/mvc/MvcResolver.php on line 53 `$query` is assigned in src/mvc/MvcResolver.php on line 55 `$query` is assigned in src/mvc/MvcResolver.php on line 56 MvcResolver::$uri is assigned in src/mvc/MvcResolver.php on line 58 Tainted property MvcResolver::$uri is read, and `$this->uri` is passed through substr(), and `substr($this->uri, 0, $key ?: strlen($this->uri))` is passed through explode(), and `$uriBlocks` is assigned in src/mvc/MvcResolver.php on line 84 `$uriBlocks` is passed to MvcResolver::prepareExtensions() in src/mvc/MvcResolver.php on line 90 `$block` is assigned in src/mvc/MvcResolver.php on line 125 `$block` is passed through ucfirst(), and MvcResolver::$extensions is assigned in src/mvc/MvcResolver.php on line 127 Tainted property MvcResolver::$extensions is read in src/mvc/MvcResolver.php on line 227 MvcResolver::getExtensions() returns tainted data in src/mvc/MvcResolver.php on line 215 MvcResolver::getCalculatePath() returns tainted data, and `$cls` is assigned in src/mvc/MvcResolver.php on line 63 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
70			}
71
72			/**
73			* Initialize request object
74			*
75			* @access public
76			*
77			* @return void
78			* @throws Exception
79			*/
80			protected function initialize()
81			{
82			$key = strpos($this->uri, '?');
83			$params = $key ? substr($this->uri, $key + 2) : null;
84			$uriBlocks = explode('/', substr($this->uri, 0, $key ?: strlen($this->uri)));
85
86			if (0 === strpos($this->uri, '/')) {
87			array_shift($uriBlocks);
88			}
89
90			$this->prepareExtensions($uriBlocks);
91			$this->prepareModules($uriBlocks);
92			$this->prepareController($uriBlocks);
93			$this->prepareAction($uriBlocks);
94
95			if ($params) {
			0 ignored issues – show Bug Best Practice introduced 2016-03-10 20:06 UTC by Report Bug Copy Issue Report The expression `$params` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
96			$paramBlocks = explode('&', $params);
97			$query = (new RequestInjector)->build()->getQueryParams();
98
99			foreach ($paramBlocks AS $param) {
100			$val = explode('=', $param);
101
102			$query[$val[0]] = $val[1];
103			}
104
105			// replace request
106			$request = (new RequestInjector)->build();
107			(new RequestInjector)->addRequirement('request', $request->withQueryParams(
108			array_replace_recursive($request->getQueryParams(), $query)
109			));
110			}
111			}
112
113			/**
114			* Prepare extensions
115			*
116			* @access private
117			*
118			* @param array $uriBlocks uri blocks from URL
119			*
120			* @return void
121			* @throws Exception
122			*/
123			protected function prepareExtensions(&$uriBlocks)
124			{
125			foreach ($uriBlocks as $i => $block) {
126			if (file_exists((new KernelInjector)->build()->getAppDir().$this->extensions.'/extensions/'.$block)) {
127			$this->extensions .= '/Extensions/'.ucfirst($block);
128
129			unset($uriBlocks[$i]);
130			} else {
131			break;
132			}
133			}
134
135			$this->extensions = str_replace('/', '\\', $this->extensions);
136			}
137
138			/**
139			* Prepare modules
140			*
141			* @access private
142			*
143			* @global Micro
144			*
145			* @param array $uriBlocks uri blocks from URL
146			*
147			* @return void
148			* @throws Exception
149			*/
150			protected function prepareModules(&$uriBlocks)
151			{
152			$path = (new KernelInjector)->build()->getAppDir().($this->extensions ?: '');
153
154			foreach ($uriBlocks as $i => $block) {
155			if ($block && file_exists($path.strtolower($this->modules).'/modules/'.$block)) {
156			$this->modules .= '/Modules/'.ucfirst($block);
157
158			unset($uriBlocks[$i]);
159			} else {
160			break;
161			}
162			}
163
164			$this->modules = str_replace('/', '\\', $this->modules);
165			}
166
167			/**
168			* Prepare controller
169			*
170			* @access private
171			*
172			* @param array $uriBlocks uri blocks from URL
173			*
174			* @return void
175			* @throws Exception
176			*/
177			protected function prepareController(&$uriBlocks)
178			{
179			$path = (new KernelInjector)->build()->getAppDir().($this->extensions ?: '').strtolower($this->modules ?: '');
180			$str = array_shift($uriBlocks);
181
182			if (file_exists(str_replace('\\', '/', $path.'/controllers/'.ucfirst($str).'Controller.php'))) {
183			$this->controller = $str;
184			} else {
185			$this->controller = 'default';
186
187			array_unshift($uriBlocks, $str);
188			}
189			}
190
191			/**
192			* Prepare action
193			*
194			* @access private
195			*
196			* @param array $uriBlocks uri blocks from URL
197			*
198			* @return void
199			*/
200			protected function prepareAction(&$uriBlocks)
201			{
202			$this->action = array_shift($uriBlocks) ?: 'index';
203			}
204
205
206			/**
207			* Get calculate path to controller
208			*
209			* @access public
210			*
211			* @return string
212			*/
213			public function getCalculatePath()
214			{
215			return '\\App'.$this->getExtensions().$this->getModules().'\\Controllers\\'.$this->getController();
216			}
217
218			/**
219			* Get extensions from request
220			*
221			* @access public
222			*
223			* @return string
224			*/
225			public function getExtensions()
226			{
227			return $this->extensions;
228			}
229
230			/**
231			* Get modules from request
232			*
233			* @access public
234			*
235			* @return string
236			*/
237			public function getModules()
238			{
239			return $this->modules;
240			}
241
242			/**
243			* Get controller from request
244			*
245			* @access public
246			*
247			* @return string
248			*/
249			public function getController()
250			{
251			return ucfirst($this->controller).'Controller';
252			}
253
254
255			/**
256			* Get action from request
257			*
258			* @access public
259			*
260			* @return string
261			*/
262			public function getAction()
263			{
264			return $this->action;
265			}
266			}
267

linpax / microphp-framework

Push — master ( ea8fd7...b1104c )

MvcResolver::getAction() A

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like