CookiePlugin::__construct() - Code Metrics - Inspection of "RFC6265 compliant date parsing." - php-http/client-common - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#46)

by Михаил

created 2016-10-12 08:48 UTC

CookiePlugin::__construct() A

↳ Parent: CookiePlugin

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	3
CRAP Score	1

Importance

Changes

Metric	Value
dl	0
loc	4
ccs	3
cts	3
cp	1
rs	10
c	0
b	0
f	0
cc	1
eloc	2
nc	1
nop	1
crap	1

<?php

namespace Http\Client\Common\Plugin;

use Http\Client\Common\Plugin;
use Http\Client\Exception\TransferException;
use Http\Message\Cookie;
use Http\Message\CookieJar;
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;

/**
 * Handle request cookies.
 *
 * @author Joel Wurtz <[email protected]>
 */
final class CookiePlugin implements Plugin
{
    /**
     * Cookie storage.
     *
     * @var CookieJar
     */
    private $cookieJar;

    /**
     * @param CookieJar $cookieJar
     */
    public function __construct(CookieJar $cookieJar)
    {
        $this->cookieJar = $cookieJar;
    }

    /**
     * {@inheritdoc}
     */
    public function handleRequest(RequestInterface $request, callable $next, callable $first)
    {
        foreach ($this->cookieJar->getCookies() as $cookie) {
            if ($cookie->isExpired()) {
                continue;
            }

            if (!$cookie->matchDomain($request->getUri()->getHost())) {
                continue;
            }

            if (!$cookie->matchPath($request->getUri()->getPath())) {
                continue;
            }

            if ($cookie->isSecure() && ($request->getUri()->getScheme() !== 'https')) {
                continue;
            }

            $request = $request->withAddedHeader('Cookie', sprintf('%s=%s', $cookie->getName(), $cookie->getValue()));
        }

        return $next($request)->then(function (ResponseInterface $response) use ($request) {
            if ($response->hasHeader('Set-Cookie')) {
                $setCookies = $response->getHeader('Set-Cookie');

                foreach ($setCookies as $setCookie) {
                    $cookie = $this->createCookie($request, $setCookie);

                    // Cookie invalid do not use it
                    if (null === $cookie) {
                        continue;
                    }

                    // Restrict setting cookie from another domain
                    if (false === strpos($cookie->getDomain(), $request->getUri()->getHost())) {
                        continue;
                    }

                    $this->cookieJar->addCookie($cookie);
                }
            }

            return $response;
        });
    }

    /**
     * Creates a cookie from a string.
     *
     * @param RequestInterface $request
     * @param $setCookie
     *
     * @return Cookie|null
     *
     * @throws TransferException
     */
    private function createCookie(RequestInterface $request, $setCookie)
    {
        $parts = array_map('trim', explode(';', $setCookie));

        if (empty($parts) || !strpos($parts[0], '=')) {
            return;
        }

        list($name, $cookieValue) = $this->createValueKey(array_shift($parts));

        $maxAge = null;
        $expires = null;
        $domain = $request->getUri()->getHost();
        $path = $request->getUri()->getPath();
        $secure = false;
        $httpOnly = false;

        // Add the cookie pieces into the parsed data array
        foreach ($parts as $part) {
            list($key, $value) = $this->createValueKey($part);

            switch (strtolower($key)) {
                case 'expires':
                    $expires = $this->parseExpires($value);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

                    if (true !== ($expires instanceof \DateTime)) {
                        throw new TransferException(
                            sprintf(
                                'Cookie header `%s` expires value `%s` could not be converted to date',
                                $name,
                                $value
                            )
                        );
                    }
                    break;

                case 'max-age':
                    $maxAge = (int) $value;
                    break;

                case 'domain':
                    $domain = $value;
                    break;

                case 'path':
                    $path = $value;
                    break;

                case 'secure':
                    $secure = true;
                    break;

                case 'httponly':
                    $httpOnly = true;
                    break;
            }
        }

        return new Cookie($name, $cookieValue, $maxAge, $domain, $path, $secure, $httpOnly, $expires);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
    }

    /**
     * Separates key/value pair from cookie.
     *
     * @param $part
     *
     * @return array
     */
    private function createValueKey($part)
    {
        $parts = explode('=', $part, 2);
        $key = trim($parts[0]);
        $value = isset($parts[1]) ? trim($parts[1]) : true;

        return [$key, $value];
    }

    /**
     * Parses cookie "expires" value.
     *
     * @param string $expires
     *
     * @return \DateTime|false
     *
     * @see https://tools.ietf.org/html/rfc6265#section-5.1.1
     * @see https://github.com/salesforce/tough-cookie/blob/master/lib/cookie.js
     */
    private function parseExpires($expires)
    {
        /*
         * RFC6265 5.1.1:
         * 2. Process each date-token sequentially in the order the date-tokens
         * appear in the cookie-date
         */
        $tokens = preg_split('/[\x09\x20-\x2F\x3B-\x40\x5B-\x60\x7B-\x7E]/', $expires);
        if (!is_array($tokens)) {
            return false;
        }

        $hour = null;
        $minutes = null;
        $seconds = null;
        $day = null;
        $month = null;
        $year = null;

        foreach ($tokens as $token) {
            $token = trim($token);
            if ('' === $token) {
                continue;
            }

            /*
             * 2.1. If the found-time flag is not set and the token matches the time
             * production, set the found-time flag and set the hour- value,
             * minute-value, and second-value to the numbers denoted by the digits in
             * the date-token, respectively.  Skip the remaining sub-steps and continue
             * to the next date-token.
             */
            if (null === $seconds) {
                preg_match('/^(\d{1,2})\D*:(\d{1,2})\D*:(\d{1,2})\D*$/', $token, $match);
                if (count($match) > 0) {
                    $hour = (int) $match[1];
                    $minutes = (int) $match[2];
                    $seconds = (int) $match[3];
                    /*
                     * [fail if]
                     * - the hour-value is greater than 23,
                     * - the minute-value is greater than 59, or
                     * - the second-value is greater than 59.
                     */
                    if ($hour > 23 || $minutes > 59 || $seconds > 59) {
                        return false;
                    }

                    continue;
                }
            }

            /*
             * 2.2. If the found-day-of-month flag is not set and the date-token matches
             * the day-of-month production, set the found-day-of- month flag and set
             * the day-of-month-value to the number denoted by the date-token.  Skip
             * the remaining sub-steps and continue to the next date-token.
             */
            if (null === $day) {
                preg_match('/^(\d{1,2})\D*$/', $token, $match);
                if (count($match) > 0) {
                    $day = (int) $match[1];
                    /*
                     * [fail if] the day-of-month-value is less than 1 or greater than 31
                     */
                    if ($day < 1 || $day > 31) {
                        return false;
                    }
                    continue;
                }
            }

            /*
             * 2.3. If the found-month flag is not set and the date-token matches the
             * month production, set the found-month flag and set the month-value to
             * the month denoted by the date-token.  Skip the remaining sub-steps and
             * continue to the next date-token.
             */
            if (null === $month) {
                preg_match('/^(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)/i', $token, $match);
                if (count($match) > 0) {
                    $month = array_search(
                        strtolower($match[1]),
                        [
                            'jan',
                            'feb',
                            'mar',
                            'apr',
                            'may',
                            'jun',
                            'jul',
                            'aug',
                            'sep',
                            'oct',
                            'nov',
                            'dec'
                        ],
                        true
                    );
                    continue;
                }
            }

            /*
             * 2.4. If the found-year flag is not set and the date-token matches the year
             * production, set the found-year flag and set the year-value to the number
             * denoted by the date-token.  Skip the remaining sub-steps and continue to
             * the next date-token.
             */
            if (null === $year) {
                preg_match(' /^(\d{2}|\d{4})$/', $token, $match);
                if (count($match) > 0) {
                    $year = (int) $match[1];
                    /*
                     * 3.  If the year-value is greater than or equal to 70 and less
                     * than or equal to 99, increment the year-value by 1900.
                     * 4.  If the year-value is greater than or equal to 0 and less
                     * than or equal to 69, increment the year-value by 2000.
                     */
                    if (70 <= $year && $year <= 99) {
                        $year += 1900;
                    } elseif (0 <= $year && $year <= 69) {
                        $year += 2000;
                    }

                    if ($year < 1601) {
                        return false; // 5. ... the year-value is less than 1601
                    }
                }
            }
        }

        if (null === $seconds || null === $day || null === $month || null === $year) {
            /*
             * 5. ... at least one of the found-day-of-month, found-month, found-
             * year, or found-time flags is not set,
             */
            return false;
        }

        // UTC/GMT format required by cookies.
        $time = new \DateTime('now', new \DateTimeZone('UTC'));
        $time->setDate($year, $month, $day);
        $time->setTime($hour, $minutes, $seconds);

        return $time;
    }
}


1		<?php
2
3		namespace Http\Client\Common\Plugin;
4
5		use Http\Client\Common\Plugin;
6		use Http\Client\Exception\TransferException;
7		use Http\Message\Cookie;
8		use Http\Message\CookieJar;
9		use Psr\Http\Message\RequestInterface;
10		use Psr\Http\Message\ResponseInterface;
11
12		/**
13		* Handle request cookies.
14		*
15		* @author Joel Wurtz <[email protected]>
16		*/
17		final class CookiePlugin implements Plugin
18		{
19		/**
20		* Cookie storage.
21		*
22		* @var CookieJar
23		*/
24		private $cookieJar;
25
26		/**
27		* @param CookieJar $cookieJar
28		*/
29	11	public function __construct(CookieJar $cookieJar)
30		{
31	11	$this->cookieJar = $cookieJar;
32	11	}
33
34		/**
35		* {@inheritdoc}
36		*/
37	9	public function handleRequest(RequestInterface $request, callable $next, callable $first)
38		{
39	9	foreach ($this->cookieJar->getCookies() as $cookie) {
40	6	if ($cookie->isExpired()) {
41	1	continue;
42		}
43
44	5	if (!$cookie->matchDomain($request->getUri()->getHost())) {
45	1	continue;
46		}
47
48	4	if (!$cookie->matchPath($request->getUri()->getPath())) {
49	1	continue;
50		}
51
52	3	if ($cookie->isSecure() && ($request->getUri()->getScheme() !== 'https')) {
53	1	continue;
54		}
55
56	2	$request = $request->withAddedHeader('Cookie', sprintf('%s=%s', $cookie->getName(), $cookie->getValue()));
57	9	}
58
59	9	return $next($request)->then(function (ResponseInterface $response) use ($request) {
60	3	if ($response->hasHeader('Set-Cookie')) {
61	3	$setCookies = $response->getHeader('Set-Cookie');
62
63	3	foreach ($setCookies as $setCookie) {
64	3	$cookie = $this->createCookie($request, $setCookie);
65
66		// Cookie invalid do not use it
67	2	if (null === $cookie) {
68		continue;
69		}
70
71		// Restrict setting cookie from another domain
72	2	if (false === strpos($cookie->getDomain(), $request->getUri()->getHost())) {
73		continue;
74		}
75
76	2	$this->cookieJar->addCookie($cookie);
77	2	}
78	2	}
79
80	2	return $response;
81	9	});
82		}
83
84		/**
85		* Creates a cookie from a string.
86		*
87		* @param RequestInterface $request
88		* @param $setCookie
89		*
90		* @return Cookie\|null
91		*
92		* @throws TransferException
93		*/
94	3	private function createCookie(RequestInterface $request, $setCookie)
95		{
96	3	$parts = array_map('trim', explode(';', $setCookie));
97
98	3	if (empty($parts) \|\| !strpos($parts[0], '=')) {
99		return;
100		}
101
102	3	list($name, $cookieValue) = $this->createValueKey(array_shift($parts));
103
104	3	$maxAge = null;
105	3	$expires = null;
106	3	$domain = $request->getUri()->getHost();
107	3	$path = $request->getUri()->getPath();
108	3	$secure = false;
109	3	$httpOnly = false;
110
111		// Add the cookie pieces into the parsed data array
112	3	foreach ($parts as $part) {
113	3	list($key, $value) = $this->createValueKey($part);
114
115	3	switch (strtolower($key)) {
116	3	case 'expires':
117	3	$expires = $this->parseExpires($value);
		0 ignored issues – show Bug introduced 2016-10-12 08:57 UTC by Report Bug Copy Issue Report It seems like `$value` defined by `$this->createValueKey($part)` on line `113` can also be of type `boolean`; however, `Http\Client\Common\Plugi...ePlugin::parseExpires()` does only seem to accept `string`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
118
119	3	if (true !== ($expires instanceof \DateTime)) {
120	1	throw new TransferException(
121	1	sprintf(
122	1	'Cookie header `%s` expires value `%s` could not be converted to date',
123	1	$name,
124		$value
125	1	)
126	1	);
127		}
128	2	break;
129
130	2	case 'max-age':
131	2	$maxAge = (int) $value;
132	2	break;
133
134	2	case 'domain':
135	2	$domain = $value;
136	2	break;
137
138	2	case 'path':
139	2	$path = $value;
140	2	break;
141
142	2	case 'secure':
143	2	$secure = true;
144	2	break;
145
146	2	case 'httponly':
147	2	$httpOnly = true;
148	2	break;
149	2	}
150	2	}
151
152	2	return new Cookie($name, $cookieValue, $maxAge, $domain, $path, $secure, $httpOnly, $expires);
		0 ignored issues – show Bug introduced 2016-04-03 10:26 UTC by Report Bug Copy Issue Report It seems like `$cookieValue` defined by `$this->createValueKey(array_shift($parts))` on line `102` can also be of type `boolean`; however, `Http\Message\Cookie::__construct()` does only seem to accept `string\|null`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string / function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history... Bug introduced 2016-04-03 10:26 UTC by Report Bug Copy Issue Report It seems like `$domain` defined by `$value` on line `135` can also be of type `boolean`; however, `Http\Message\Cookie::__construct()` does only seem to accept `string\|null`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /* * @return array\|string / function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history... Bug introduced 2016-04-03 10:26 UTC by Report Bug Copy Issue Report It seems like `$path` defined by `$value` on line `139` can also be of type `boolean`; however, `Http\Message\Cookie::__construct()` does only seem to accept `string\|null`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /* * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history... Security Bug introduced 2016-10-12 08:57 UTC by Report Bug Copy Issue Report It seems like `$expires` defined by `$this->parseExpires($value)` on line `117` can also be of type `false`; however, `Http\Message\Cookie::__construct()` does only seem to accept `null\|object<DateTime>`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
153		}
154
155		/**
156		* Separates key/value pair from cookie.
157		*
158		* @param $part
159		*
160		* @return array
161		*/
162	3	private function createValueKey($part)
163		{
164	3	$parts = explode('=', $part, 2);
165	3	$key = trim($parts[0]);
166	3	$value = isset($parts[1]) ? trim($parts[1]) : true;
167
168	3	return [$key, $value];
169		}
170
171		/**
172		* Parses cookie "expires" value.
173		*
174		* @param string $expires
175		*
176		* @return \DateTime\|false
177		*
178		* @see https://tools.ietf.org/html/rfc6265#section-5.1.1
179		* @see https://github.com/salesforce/tough-cookie/blob/master/lib/cookie.js
180		*/
181	3	private function parseExpires($expires)
182		{
183		/*
184		* RFC6265 5.1.1:
185		* 2. Process each date-token sequentially in the order the date-tokens
186		* appear in the cookie-date
187		*/
188	3	$tokens = preg_split('/[\x09\x20-\x2F\x3B-\x40\x5B-\x60\x7B-\x7E]/', $expires);
189	3	if (!is_array($tokens)) {
190		return false;
191		}
192
193	3	$hour = null;
194	3	$minutes = null;
195	3	$seconds = null;
196	3	$day = null;
197	3	$month = null;
198	3	$year = null;
199
200	3	foreach ($tokens as $token) {
201	3	$token = trim($token);
202	3	if ('' === $token) {
203	2	continue;
204		}
205
206		/*
207		* 2.1. If the found-time flag is not set and the token matches the time
208		* production, set the found-time flag and set the hour- value,
209		* minute-value, and second-value to the numbers denoted by the digits in
210		* the date-token, respectively. Skip the remaining sub-steps and continue
211		* to the next date-token.
212		*/
213	3	if (null === $seconds) {
214	3	preg_match('/^(\d{1,2})\D:(\d{1,2})\D:(\d{1,2})\D*$/', $token, $match);
215	3	if (count($match) > 0) {
216	2	$hour = (int) $match[1];
217	2	$minutes = (int) $match[2];
218	2	$seconds = (int) $match[3];
219		/*
220		* [fail if]
221		* - the hour-value is greater than 23,
222		* - the minute-value is greater than 59, or
223		* - the second-value is greater than 59.
224		*/
225	2	if ($hour > 23 \|\| $minutes > 59 \|\| $seconds > 59) {
226		return false;
227		}
228
229	2	continue;
230		}
231	3	}
232
233		/*
234		* 2.2. If the found-day-of-month flag is not set and the date-token matches
235		* the day-of-month production, set the found-day-of- month flag and set
236		* the day-of-month-value to the number denoted by the date-token. Skip
237		* the remaining sub-steps and continue to the next date-token.
238		*/
239	3	if (null === $day) {
240	3	preg_match('/^(\d{1,2})\D*$/', $token, $match);
241	3	if (count($match) > 0) {
242	2	$day = (int) $match[1];
243		/*
244		* [fail if] the day-of-month-value is less than 1 or greater than 31
245		*/
246	2	if ($day < 1 \|\| $day > 31) {
247		return false;
248		}
249	2	continue;
250		}
251	3	}
252
253		/*
254		* 2.3. If the found-month flag is not set and the date-token matches the
255		* month production, set the found-month flag and set the month-value to
256		* the month denoted by the date-token. Skip the remaining sub-steps and
257		* continue to the next date-token.
258		*/
259	3	if (null === $month) {
260	3	preg_match('/^(Jan\|Feb\|Mar\|Apr\|May\|Jun\|Jul\|Aug\|Sep\|Oct\|Nov\|Dec)/i', $token, $match);
261	3	if (count($match) > 0) {
262	2	$month = array_search(
263	2	strtolower($match[1]),
264		[
265	2	'jan',
266	2	'feb',
267	2	'mar',
268	2	'apr',
269	2	'may',
270	2	'jun',
271	2	'jul',
272	2	'aug',
273	2	'sep',
274	2	'oct',
275	2	'nov',
276		'dec'
277	2	],
278		true
279	2	);
280	2	continue;
281		}
282	3	}
283
284		/*
285		* 2.4. If the found-year flag is not set and the date-token matches the year
286		* production, set the found-year flag and set the year-value to the number
287		* denoted by the date-token. Skip the remaining sub-steps and continue to
288		* the next date-token.
289		*/
290	3	if (null === $year) {
291	3	preg_match(' /^(\d{2}\|\d{4})$/', $token, $match);
292	3	if (count($match) > 0) {
293	2	$year = (int) $match[1];
294		/*
295		* 3. If the year-value is greater than or equal to 70 and less
296		* than or equal to 99, increment the year-value by 1900.
297		* 4. If the year-value is greater than or equal to 0 and less
298		* than or equal to 69, increment the year-value by 2000.
299		*/
300	2	if (70 <= $year && $year <= 99) {
301	2	$year += 1900;
302	2	} elseif (0 <= $year && $year <= 69) {
303		$year += 2000;
304		}
305
306	2	if ($year < 1601) {
307		return false; // 5. ... the year-value is less than 1601
308		}
309	2	}
310	3	}
311	3	}
312
313	3	if (null === $seconds \|\| null === $day \|\| null === $month \|\| null === $year) {
314		/*
315		* 5. ... at least one of the found-day-of-month, found-month, found-
316		* year, or found-time flags is not set,
317		*/
318	1	return false;
319		}
320
321		// UTC/GMT format required by cookies.
322	2	$time = new \DateTime('now', new \DateTimeZone('UTC'));
323	2	$time->setDate($year, $month, $day);
324	2	$time->setTime($hour, $minutes, $seconds);
325
326	2	return $time;
327		}
328		}
329

php-http / client-common

Pull Request — master (#46)

CookiePlugin::__construct() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like