|
1
|
|
|
<?php declare(strict_types=1); |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* @license http://opensource.org/licenses/mit-license.php MIT |
|
5
|
|
|
* @link https://github.com/nicoSWD |
|
6
|
|
|
* @author Nicolas Oelgart <[email protected]> |
|
7
|
|
|
*/ |
|
8
|
|
|
namespace nicoSWD\SecHeaderCheck\Domain\Header; |
|
9
|
|
|
|
|
10
|
|
|
use nicoSWD\SecHeaderCheck\Domain\Result\AbstractParsedHeader; |
|
11
|
|
|
use nicoSWD\SecHeaderCheck\Domain\Result\AuditionResult; |
|
12
|
|
|
use nicoSWD\SecHeaderCheck\Domain\Result\ParsedHeaders; |
|
13
|
|
|
use nicoSWD\SecHeaderCheck\Domain\Result\ScanResultProcessor; |
|
14
|
|
|
use nicoSWD\SecHeaderCheck\Domain\URL\URL; |
|
15
|
|
|
use nicoSWD\SecHeaderCheck\Domain\Validator\HeaderParserFactory; |
|
16
|
|
|
|
|
17
|
|
|
final class URLScanner |
|
18
|
|
|
{ |
|
19
|
|
|
/** @var HeaderProviderInterface */ |
|
20
|
|
|
private $headerProvider; |
|
21
|
|
|
/** @var HeaderParserFactory */ |
|
22
|
|
|
private $parserFactory; |
|
23
|
|
|
/** @var ScanResultProcessor */ |
|
24
|
|
|
private $scanResultProcessor; |
|
25
|
|
|
|
|
26
|
2 |
|
public function __construct( |
|
27
|
|
|
HeaderProviderInterface $headerProvider, |
|
28
|
|
|
HeaderParserFactory $parserFactory, |
|
29
|
|
|
ScanResultProcessor $scanResultProcessor |
|
30
|
|
|
) { |
|
31
|
2 |
|
$this->headerProvider = $headerProvider; |
|
32
|
2 |
|
$this->parserFactory = $parserFactory; |
|
33
|
2 |
|
$this->scanResultProcessor = $scanResultProcessor; |
|
34
|
2 |
|
} |
|
35
|
|
|
|
|
36
|
2 |
|
public function scanURL(string $url, bool $followRedirects = true): AuditionResult |
|
37
|
|
|
{ |
|
38
|
2 |
|
$headers = $this->getHeaders($url, $followRedirects); |
|
39
|
2 |
|
$parsedHeaders = new ParsedHeaders(); |
|
40
|
|
|
|
|
41
|
2 |
|
foreach ($headers as $header) { |
|
42
|
2 |
|
$parsedHeaders->add( |
|
43
|
2 |
|
$this->parseHeader($header) |
|
|
|
|
|
|
44
|
|
|
); |
|
45
|
|
|
} |
|
46
|
|
|
|
|
47
|
2 |
|
return $this->processParsedHeaders($parsedHeaders); |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
2 |
|
private function getHeaders(string $url, bool $followRedirects): HttpHeaderBag |
|
51
|
|
|
{ |
|
52
|
2 |
|
return $this->headerProvider->getHeadersFromUrl(new URL($url), $followRedirects); |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
2 |
|
private function parseHeader(HttpHeader $header): AbstractParsedHeader |
|
56
|
|
|
{ |
|
57
|
2 |
|
return $this->parserFactory->createFromHeader($header)->parse(); |
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
2 |
|
private function processParsedHeaders(ParsedHeaders $scanResult): AuditionResult |
|
61
|
|
|
{ |
|
62
|
2 |
|
return $this->scanResultProcessor->processParsedHeaders($scanResult); |
|
63
|
|
|
} |
|
64
|
|
|
} |
|
65
|
|
|
|
nicoSWD /
headsec
This check looks for type mismatches where the missing type is
false. This is usually indicative of an error condtion.Consider the follow example
This function either returns a new
DateTimeobject or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returnedfalsebefore passing on the value to another function or method that may not be able to handle afalse.