PasswordSecureTransferRule::doValidation() - Code Metrics - Inspection of "ENV update" - phmLabs/Smoke - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (1f9106)

by Nils

created 2016-06-15 05:50 UTC

PasswordSecureTransferRule::doValidation() B

↳ Parent: PasswordSecureTransferRule

Complexity

Conditions	6
Paths	8

Size

Total Lines	34
Code Lines	19

Duplication

Lines	0
Ratio	0 %

Importance

Changes	3
Bugs	0	Features	0

Metric	Value
c	3
b	0
f	0
dl	0
loc	34
rs	8.439
cc	6
eloc	19
nc	8
nop	1

<?php

namespace whm\Smoke\Rules\Security;

use Symfony\Component\DomCrawler\Crawler;
use whm\Smoke\Http\Response;
use whm\Smoke\Rules\Rule;
use whm\Smoke\Rules\StandardRule;

/**
 * This rule checks if a https request contains any insecure includes via http.
 */
class PasswordSecureTransferRule extends StandardRule
{
    protected $contentTypes = array('text/html');

    private $knownIdentifier = array();

    protected function doValidation(Response $response)
    {
        $crawler = new Crawler($response->getBody());
        $actionNodes = $crawler->filterXPath('//form[//input[@type="password"]]');

        $url = (string) $response->getUri();

        foreach ($actionNodes as $node) {
            $action = $node->getAttribute('action');

            if (strpos($action, 'https://') === 0) {
                continue;
            }

            $fullPath = $node->tagName;
            $parent = $node->parentNode;

            while ($parent = $parent->parentNode) {
                if (property_exists($parent, 'tagName')) {
                    $fullPath = $parent->tagName . '/' . $fullPath;
                } else {
                    break;
                }
            }

            if (in_array($fullPath, $this->knownIdentifier, true)) {
                continue;
            }

            $this->knownIdentifier[] = $fullPath;

            $this->assert(strpos($url, 'https://') !== false, 'Password is transferred insecure using HTTP.');
        }
    }
}


1			<?php
2
3			namespace whm\Smoke\Rules\Security;
4
5			use Symfony\Component\DomCrawler\Crawler;
6			use whm\Smoke\Http\Response;
7			use whm\Smoke\Rules\Rule;
8			use whm\Smoke\Rules\StandardRule;
9
10			/**
11			* This rule checks if a https request contains any insecure includes via http.
12			*/
13			class PasswordSecureTransferRule extends StandardRule
14			{
15			protected $contentTypes = array('text/html');
16
17			private $knownIdentifier = array();
18
19			protected function doValidation(Response $response)
20			{
21			$crawler = new Crawler($response->getBody());
22			$actionNodes = $crawler->filterXPath('//form[//input[@type="password"]]');
23
24			$url = (string) $response->getUri();
25
26			foreach ($actionNodes as $node) {
27			$action = $node->getAttribute('action');
28
29			if (strpos($action, 'https://') === 0) {
30			continue;
31			}
32
33			$fullPath = $node->tagName;
34			$parent = $node->parentNode;
35
36			while ($parent = $parent->parentNode) {
37			if (property_exists($parent, 'tagName')) {
38			$fullPath = $parent->tagName . '/' . $fullPath;
39			} else {
40			break;
41			}
42			}
43
44			if (in_array($fullPath, $this->knownIdentifier, true)) {
45			continue;
46			}
47
48			$this->knownIdentifier[] = $fullPath;
49
50			$this->assert(strpos($url, 'https://') !== false, 'Password is transferred insecure using HTTP.');
51			}
52			}
53			}
54

phmLabs / Smoke

Branch — master (1f9106)

PasswordSecureTransferRule::doValidation() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like