InsecureContentRule - Code Metrics - phmLabs/Smoke - Measure and Improve Code Quality continuously with Scrutinizer

InsecureContentRule A
last analyzed 2019-05-12 19:55 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	59
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	4

Importance

Changes

Metric	Value
wmc	14
lcom	1
cbo	4
dl	0
loc	59
rs	10
c	0
b	0
f	0

2 Methods

Rating	Name	Duplication	Size	Complexity
A	init()	0	10	4
B	validate()	0	41	10

<?php

/*
 * This rule will find external ressources on a https transfered page that are insecure (http).
 *
 * @author Nils Langner <[email protected]>
 * @inspiredBy Christian Haller
 */

namespace whm\Smoke\Rules\Html;

use phm\HttpWebdriverClient\Http\Response\UriAwareResponse;
use Psr\Http\Message\ResponseInterface;
use whm\Html\Document;
use whm\Smoke\Rules\CheckResult;
use whm\Smoke\Rules\Rule;

/**
 * This rule checks if a https document uses http (insecure) resources.
 */
class InsecureContentRule implements Rule
{
    private $excludedFiles = [];

    private $nonStrictFiles = ['\.png', '\.jpg', '\.jpeg', '\.ico', '\.bmp', '\.gif'];

    public function init($excludedFiles = [], $nonStrictMode = false)
    {
        foreach ($excludedFiles as $excludedFile) {
            $this->excludedFiles[] = $excludedFile['file'];
        }

        if ($nonStrictMode == 'on' || $nonStrictMode == true) {

            $this->excludedFiles = array_merge($this->excludedFiles, $this->nonStrictFiles);
        }
    }

    public function validate(ResponseInterface $response)
    {
        /** @var UriAwareResponse $response */
        $uri = $response->getUri();

        if ('https' !== $uri->getScheme()) {
            return;
        }

        $htmlDocument = new Document((string)$response->getBody());

        $resources = $htmlDocument->getDependencies($uri, false);

        $unsecures = array();

        foreach ($resources as $resource) {
            if ($resource->getScheme() && 'https' !== $resource->getScheme()) {
                $excluded = false;
                foreach ($this->excludedFiles as $excludedFile) {
                    if (preg_match('~' . $excludedFile . '~', (string)$resource)) {
                        $excluded = true;
                        break;
                    }
                }
                if (!$excluded) {
                    $unsecures[] = $resource;
                }
            }
        }

        if (count($unsecures) > 0) {
            $message = 'At least one dependency was found on a secure url, that was transfered insecure.<ul>';
            foreach ($unsecures as $unsecure) {
                $message .= '<li>' . (string)$unsecure . '</li>';
            }
            $message .= '</ul>';
            return new CheckResult(CheckResult::STATUS_FAILURE, $message, count($unsecures));
        } else {
            return new CheckResult(CheckResult::STATUS_SUCCESS, 'No insecure http element found.', 0);
        }
    }
}


1			<?php
2
3			/*
4			* This rule will find external ressources on a https transfered page that are insecure (http).
5			*
6			* @author Nils Langner <[email protected]>
7			* @inspiredBy Christian Haller
8			*/
9
10			namespace whm\Smoke\Rules\Html;
11
12			use phm\HttpWebdriverClient\Http\Response\UriAwareResponse;
13			use Psr\Http\Message\ResponseInterface;
14			use whm\Html\Document;
15			use whm\Smoke\Rules\CheckResult;
16			use whm\Smoke\Rules\Rule;
17
18			/**
19			* This rule checks if a https document uses http (insecure) resources.
20			*/
21			class InsecureContentRule implements Rule
22			{
23			private $excludedFiles = [];
24
25			private $nonStrictFiles = ['\.png', '\.jpg', '\.jpeg', '\.ico', '\.bmp', '\.gif'];
26
27			public function init($excludedFiles = [], $nonStrictMode = false)
28			{
29			foreach ($excludedFiles as $excludedFile) {
30			$this->excludedFiles[] = $excludedFile['file'];
31			}
32
33			if ($nonStrictMode == 'on' \|\| $nonStrictMode == true) {
			0 ignored issues – show Coding Style Best Practice introduced 2017-08-30 12:19 UTC by Report Bug Copy Issue Report It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
34			$this->excludedFiles = array_merge($this->excludedFiles, $this->nonStrictFiles);
35			}
36			}
37
38			public function validate(ResponseInterface $response)
39			{
40			/** @var UriAwareResponse $response */
41			$uri = $response->getUri();
42
43			if ('https' !== $uri->getScheme()) {
44			return;
45			}
46
47			$htmlDocument = new Document((string)$response->getBody());
48
49			$resources = $htmlDocument->getDependencies($uri, false);
50
51			$unsecures = array();
52
53			foreach ($resources as $resource) {
54			if ($resource->getScheme() && 'https' !== $resource->getScheme()) {
55			$excluded = false;
56			foreach ($this->excludedFiles as $excludedFile) {
57			if (preg_match('~' . $excludedFile . '~', (string)$resource)) {
58			$excluded = true;
59			break;
60			}
61			}
62			if (!$excluded) {
63			$unsecures[] = $resource;
64			}
65			}
66			}
67
68			if (count($unsecures) > 0) {
69			$message = 'At least one dependency was found on a secure url, that was transfered insecure.<ul>';
70			foreach ($unsecures as $unsecure) {
71			$message .= '<li>' . (string)$unsecure . '</li>';
72			}
73			$message .= '</ul>';
74			return new CheckResult(CheckResult::STATUS_FAILURE, $message, count($unsecures));
75			} else {
76			return new CheckResult(CheckResult::STATUS_SUCCESS, 'No insecure http element found.', 0);
77			}
78			}
79			}
80

phmLabs / Smoke

InsecureContentRule A last analyzed 2019-05-12 19:55 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

2 Methods

Duplication Side-by-Side

Filter issues like

InsecureContentRule A
last analyzed 2019-05-12 19:55 UTC