for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
<?php
namespace Ubiquity\security\csp;
use Ubiquity\utils\http\URequest;
class NonceGenerator {
private array $nonces = [];
private ?callable $onNonce;
public function __construct(?callable $onNonce) {
$this->onNonce = $onNonce;
}
protected function _generateNonce(string $name, ?int $value = null): string {
$bytes = \random_bytes((int) ($value ?? 32));
$nonce = \base64_encode($bytes);
if (isset($this->onNonce) && ! URequest::isAjax()) {
$this->{onNonce}($name, $nonce);
Ubiquity\security\csp\onNonce
return $nonce;
public function getNonce(string $name) {
return $this->nonces[$name] ??= self::_generateNonce($name, $value);
Ubiquity\security\csp\No...rator::_generateNonce()
If this is a false-positive, you can also ignore this issue in your code via the ignore-call annotation
ignore-call
return $this->nonces[$name] ??= self::/** @scrutinizer ignore-call */ _generateNonce($name, $value);
$value
phpMv /
ubiquity-security
Loading history...