nicoSWD\SecHeaderCheck\Domain\Validator\Header\ReferrerPolicyHeader

Complexity

Total Complexity

4

Size/Duplication

Total Lines	39
Duplicated Lines	0 %

Test Coverage

Coverage

100%

Importance

Changes

0

4 Methods

Rating	Name	Duplication	Size	Complexity
A	valueIsIn()	0	6	1
A	mayLeakOrigin()	0	10	1
A	parse()	0	5	1
A	doesNotLeakReferrer()	0	10	1

<?php declare(strict_types=1);

/**
 * @license  http://opensource.org/licenses/mit-license.php MIT
 * @link     https://github.com/nicoSWD
 * @author   Nicolas Oelgart <nico@oelgart.com>
 */
namespace nicoSWD\SecHeaderCheck\Domain\Validator\Header;

use nicoSWD\SecHeaderCheck\Domain\Result\Result\ReferrerPolicyHeaderResult;
use nicoSWD\SecHeaderCheck\Domain\Validator\AbstractHeaderParser;

final class ReferrerPolicyHeader extends AbstractHeaderParser
{
    public function parse(): ReferrerPolicyHeaderResult
    {
        return (new ReferrerPolicyHeaderResult($this->getName(), $this->getValue()))
            ->setMayLeakOrigin($this->mayLeakOrigin())
            ->setDoesNotLeakReferrer($this->doesNotLeakReferrer());
    }

    private function doesNotLeakReferrer(): bool
    {
        $secureReferrerOptions = [
            'no-referrer',
            'no-referrer-when-downgrade',
            'same-origin',
            'strict-origin',
        ];

        return $this->valueIsIn($secureReferrerOptions);
    }

    private function mayLeakOrigin(): bool
    {
        $leakyReferrerOptions = [
            'origin',
            'origin-when-cross-origin',
            'strict-origin-when-cross-origin',
            'unsafe-url',
        ];

        return $this->valueIsIn($leakyReferrerOptions);
    }

    private function valueIsIn(array $options): bool
    {
        $value = strtolower($this->getValue());
        $values = preg_split('~\s*,\s*~', $value, -1, PREG_SPLIT_NO_EMPTY);

        return ($options !== array_intersect($options, $values));

It seems like $values can also be of type false; however, parameter $array2 of array_intersect() does only seem to accept array, maybe add an additional type check?

    }
}