PasswordSecureTransferRule - Code Metrics - Inspection of "PasswordSecureTransferRule: insecure element are o..." - phmLabs/Smoke - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8531f3...cdf8ff )

by Nils

created 2016-01-15 10:22 UTC

PasswordSecureTransferRule A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	41
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	3

Importance

Changes	3
Bugs	0	Features	1

Metric	Value
wmc	6
c	3
b	0
f	1
lcom	1
cbo	3
dl	0
loc	41
rs	10

1 Method

Rating	Name	Duplication	Size	Complexity
B	doValidation()	0	34	6

<?php

namespace whm\Smoke\Rules\Security;

use Symfony\Component\DomCrawler\Crawler;
use whm\Smoke\Http\Response;
use whm\Smoke\Rules\Rule;
use whm\Smoke\Rules\StandardRule;

/**
 * This rule checks if a https request contains any insecure includes via http.
 */
class PasswordSecureTransferRule extends StandardRule
{
    protected $contentTypes = array('text/html');

    private $knownIdentifier = array();

    protected function doValidation(Response $response)
    {
        $crawler = new Crawler($response->getBody());
        $actionNodes = $crawler->filterXPath('//form[//input[@type="password"]]');

        $url = (string)$response->getUri();

        foreach ($actionNodes as $node) {
            $action = $node->getAttribute('action');

            if (strpos($action, 'https://') === 0) {
                continue;
            }

            $fullPath = $node->tagName;
            $parent = $node->parentNode;

            while ($parent = $parent->parentNode) {
                if (property_exists($parent, 'tagName')) {
                    $fullPath = $parent->tagName . '/' . $fullPath;
                } else {
                    break;
                }
            }

            if (in_array($fullPath, $this->knownIdentifier)) {
                continue;
            }

            $this->knownIdentifier[] = $fullPath;

            $this->assert(strpos($url, 'https://') !== false, 'Password is transferred insecure using HTTP.');
        }
    }
}


1			<?php
2
3			namespace whm\Smoke\Rules\Security;
4
5			use Symfony\Component\DomCrawler\Crawler;
6			use whm\Smoke\Http\Response;
7			use whm\Smoke\Rules\Rule;
8			use whm\Smoke\Rules\StandardRule;
9
10			/**
11			* This rule checks if a https request contains any insecure includes via http.
12			*/
13			class PasswordSecureTransferRule extends StandardRule
14			{
15			protected $contentTypes = array('text/html');
16
17			private $knownIdentifier = array();
18
19			protected function doValidation(Response $response)
20			{
21			$crawler = new Crawler($response->getBody());
22			$actionNodes = $crawler->filterXPath('//form[//input[@type="password"]]');
23
24			$url = (string)$response->getUri();
25
26			foreach ($actionNodes as $node) {
27			$action = $node->getAttribute('action');
28
29			if (strpos($action, 'https://') === 0) {
30			continue;
31			}
32
33			$fullPath = $node->tagName;
34			$parent = $node->parentNode;
35
36			while ($parent = $parent->parentNode) {
37			if (property_exists($parent, 'tagName')) {
38			$fullPath = $parent->tagName . '/' . $fullPath;
39			} else {
40			break;
41			}
42			}
43
44			if (in_array($fullPath, $this->knownIdentifier)) {
45			continue;
46			}
47
48			$this->knownIdentifier[] = $fullPath;
49
50			$this->assert(strpos($url, 'https://') !== false, 'Password is transferred insecure using HTTP.');
51			}
52			}
53			}
54

phmLabs / Smoke

Push — master ( 8531f3...cdf8ff )

PasswordSecureTransferRule A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

1 Method

Duplication Side-by-Side

Filter issues like