|
1
|
|
|
<?php declare(strict_types=1); |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* @license http://opensource.org/licenses/mit-license.php MIT |
|
5
|
|
|
* @link https://github.com/nicoSWD |
|
6
|
|
|
* @author Nicolas Oelgart <[email protected]> |
|
7
|
|
|
*/ |
|
8
|
|
|
namespace nicoSWD\SecHeaderCheck\Domain\Validator\Header; |
|
9
|
|
|
|
|
10
|
|
|
use nicoSWD\SecHeaderCheck\Domain\Result\Result\XXSSProtectionHeaderResult; |
|
11
|
|
|
use nicoSWD\SecHeaderCheck\Domain\Validator\AbstractHeaderParser; |
|
12
|
|
|
|
|
13
|
|
|
final class XXSSProtectionHeader extends AbstractHeaderParser |
|
14
|
|
|
{ |
|
15
|
|
|
private const MODE_ON = '1'; |
|
16
|
|
|
private const MODE_BLOCK = 'mode=block'; |
|
17
|
|
|
|
|
18
|
8 |
|
public function parse(): XXSSProtectionHeaderResult |
|
19
|
|
|
{ |
|
20
|
8 |
|
$options = $this->getOptions(); |
|
21
|
|
|
|
|
22
|
8 |
|
return (new XXSSProtectionHeaderResult($this->getName(), $this->getValue())) |
|
23
|
8 |
|
->setProtectionIsOn($this->protectionIsOn($options)) |
|
24
|
8 |
|
->setIsBlocking($this->isBlocking($options)) |
|
25
|
8 |
|
->setHasReportUri($this->hasReportUri($options)); |
|
26
|
|
|
} |
|
27
|
|
|
|
|
28
|
8 |
|
private function protectionIsOn(array $options): bool |
|
29
|
|
|
{ |
|
30
|
8 |
|
return in_array(self::MODE_ON, $options, true); |
|
31
|
|
|
} |
|
32
|
|
|
|
|
33
|
8 |
|
private function isBlocking(array $options): bool |
|
34
|
|
|
{ |
|
35
|
8 |
|
return in_array(self::MODE_BLOCK, $options, true); |
|
36
|
|
|
} |
|
37
|
|
|
|
|
38
|
8 |
|
private function hasReportUri(array $options): bool |
|
39
|
|
|
{ |
|
40
|
8 |
|
return count(preg_grep('~report=~', $options)) === 1; |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
8 |
|
private function getOptions(): array |
|
44
|
|
|
{ |
|
45
|
8 |
|
return preg_split('~\s*;\s*~', $this->getValue(), -1, PREG_SPLIT_NO_EMPTY); |
|
46
|
|
|
} |
|
47
|
|
|
} |
|
48
|
|
|
|
nicoSWD /
headsec
