InsecureContentRule::init() - Code Metrics - Inspection of "Merge branch 'master' of github.com:phmLabs/Smoke" - phmLabs/Smoke - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 45c4a1...640869 )

by Nils

created 2017-06-23 14:23 UTC

InsecureContentRule::init() A

↳ Parent: InsecureContentRule

Complexity

Conditions	2
Paths	2

Size

Total Lines	6
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	6
rs	9.4285
cc	2
eloc	3
nc	2
nop	1

<?php

/*
 * This rule will find external ressources on a https transfered page that are insecure (http).
 *
 * @author Nils Langner <[email protected]>
 * @inspiredBy Christian Haller
 */

namespace whm\Smoke\Rules\Html;

use Psr\Http\Message\ResponseInterface;
use whm\Html\Document;
use whm\Smoke\Rules\CheckResult;
use whm\Smoke\Rules\Rule;

/**
 * This rule checks if a https document uses http (insecure) ressources.
 */
class InsecureContentRule implements Rule
{
    private $excludedFiles = [];

    public function init($excludedFiles = [])
    {
        foreach ($excludedFiles as $excludedFile) {
            $this->excludedFiles[] = $excludedFile['file'];
        }
    }

    public function validate(ResponseInterface $response)
    {
        $uri = $response->getUri();
interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}

        if ('https' !== $uri->getScheme()) {
            return;
        }

        $htmlDocument = new Document((string)$response->getBody());

        $resources = $htmlDocument->getDependencies($uri, false);

        $unsecures = array();

        foreach ($resources as $resource) {
            if ($resource->getScheme() && 'https' !== $resource->getScheme()) {
                $excluded = false;
                foreach ($this->excludedFiles as $excludedFile) {
                    if (preg_match('*' . $excludedFile . '*', (string)$resource)) {
                        $excluded = true;
                        break;
                    }
                }
                if (!$excluded) {
                    $unsecures[] = $resource;
                }
            }
        }

        if (count($unsecures) > 0) {
            $message = 'At least one dependency was found on a secure url, that was transfered insecure.<ul>';
            foreach ($unsecures as $unsecure) {
                $message .= '<li>' . (string)$unsecure . '</li>';
            }
            $message .= '</ul>';
            return new CheckResult(CheckResult::STATUS_FAILURE, $message, count($unsecures));
        } else {
            return new CheckResult(CheckResult::STATUS_SUCCESS, 'No http element on that https url found.', 0);
        }
    }
}


1			<?php
2
3			/*
4			* This rule will find external ressources on a https transfered page that are insecure (http).
5			*
6			* @author Nils Langner <[email protected]>
7			* @inspiredBy Christian Haller
8			*/
9
10			namespace whm\Smoke\Rules\Html;
11
12			use Psr\Http\Message\ResponseInterface;
13			use whm\Html\Document;
14			use whm\Smoke\Rules\CheckResult;
15			use whm\Smoke\Rules\Rule;
16
17			/**
18			* This rule checks if a https document uses http (insecure) ressources.
19			*/
20			class InsecureContentRule implements Rule
21			{
22			private $excludedFiles = [];
23
24			public function init($excludedFiles = [])
25			{
26			foreach ($excludedFiles as $excludedFile) {
27			$this->excludedFiles[] = $excludedFile['file'];
28			}
29			}
30
31			public function validate(ResponseInterface $response)
32			{
33			$uri = $response->getUri();
			0 ignored issues – show Bug introduced 2017-05-12 13:13 UTC by Report Bug Copy Issue Report It seems like you code against a concrete implementation and not the interface `Psr\Http\Message\ResponseInterface` as the method `getUri()` does only exist in the following implementations of said interface: `phm\HttpWebdriverClient\...t\Chrome\ChromeResponse`, `phm\HttpWebdriverClient\...t\Guzzle\GuzzleResponse`, `phm\HttpWebdriverClient\...\Client\Guzzle\Response`. Let’s take a look at an example: interface User { /** @return string / public function getPassword(); } class MyUser implements User { public function getPassword() { // return something } public function getDisplayName() { // return some name. } } class AuthSystem { public function authenticate(User $user) { $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName())); // do something. } } In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break. Available Fixes Change the type-hint for the parameter: class AuthSystem { public function authenticate(MyUser $user) { / ... / } } Add an additional type-check: class AuthSystem { public function authenticate(User $user) { if ($user instanceof MyUser) { $this->logger->info(/* ... /); } // or alternatively if ( ! $user instanceof MyUser) { throw new \LogicException( '$user must be an instance of MyUser, ' .'other instances are not supported.' ); } } } Note:* PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case. Add the method to the interface: interface User { /** @return string / public function getPassword(); /* @return string */ public function getDisplayName(); } Loading history...
34
35			if ('https' !== $uri->getScheme()) {
36			return;
37			}
38
39			$htmlDocument = new Document((string)$response->getBody());
40
41			$resources = $htmlDocument->getDependencies($uri, false);
42
43			$unsecures = array();
44
45			foreach ($resources as $resource) {
46			if ($resource->getScheme() && 'https' !== $resource->getScheme()) {
47			$excluded = false;
48			foreach ($this->excludedFiles as $excludedFile) {
49			if (preg_match('' . $excludedFile . '', (string)$resource)) {
50			$excluded = true;
51			break;
52			}
53			}
54			if (!$excluded) {
55			$unsecures[] = $resource;
56			}
57			}
58			}
59
60			if (count($unsecures) > 0) {
61			$message = 'At least one dependency was found on a secure url, that was transfered insecure.<ul>';
62			foreach ($unsecures as $unsecure) {
63			$message .= '<li>' . (string)$unsecure . '</li>';
64			}
65			$message .= '</ul>';
66			return new CheckResult(CheckResult::STATUS_FAILURE, $message, count($unsecures));
67			} else {
68			return new CheckResult(CheckResult::STATUS_SUCCESS, 'No http element on that https url found.', 0);
69			}
70			}
71			}
72

phmLabs / Smoke

Push — master ( 45c4a1...640869 )

InsecureContentRule::init() A

Complexity

Size

Duplication

Importance

Available Fixes

Duplication Side-by-Side

Filter issues like