SecurityPolicyMiddleware - Code Metrics - Inspection of "Add support for security policy" - platine-php/framework - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — develop ( 4cc33e...7d04c7 )

by nguereza

created 2023-09-09 06:20 UTC

SecurityPolicyMiddleware A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	67
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	21
c	1
b	0
f	0
dl	0
loc	67
rs	10
wmc	6

3 Methods

Rating	Name	Size	Complexity
A	process()	30	3
A	shouldBeProcessed()	10	2
A	__construct()	3	1

<?php

/**
 * Platine Framework
 *
 * Platine Framework is a lightweight, high-performance, simple and elegant PHP
 * Web framework
 *
 * This content is released under the MIT License (MIT)
 *
 * Copyright (c) 2020 Platine Framework
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

/**
 *  @file SecurityPolicyMiddleware.php
 *
 *  The Security Policy middleware class is used to set response security headers
 *
 *  @package    Platine\Framework\Http\Middleware
 *  @author Platine Developers Team
 *  @copyright  Copyright (c) 2020
 *  @license    http://opensource.org/licenses/MIT  MIT License
 *  @link   https://www.platine-php.com
 *  @version 1.0.0
 *  @filesource
 */

declare(strict_types=1);

namespace Platine\Framework\Http\Middleware;

use Platine\Framework\Security\SecurityPolicy;
use Platine\Http\Handler\MiddlewareInterface;
use Platine\Http\Handler\RequestHandlerInterface;
use Platine\Http\ResponseInterface;
use Platine\Http\ServerRequestInterface;
use Platine\Route\Route;

/**
 * @class SecurityPolicyMiddleware
 * @package Platine\Framework\Http\Middleware
 * @template T
 */
class SecurityPolicyMiddleware implements MiddlewareInterface
{
    /**
     * The SecurityPolicy instance
     * @var SecurityPolicy
     */
    protected SecurityPolicy $securityPolicy;

    /**
     * Create new instance
     * @param SecurityPolicy $securityPolicy
     */
    public function __construct(SecurityPolicy $securityPolicy)
    {
        $this->securityPolicy = $securityPolicy;
    }

    /**
     * {@inheritdoc}
     */
    public function process(
        ServerRequestInterface $request,
        RequestHandlerInterface $handler
    ): ResponseInterface {

        if (!$this->shouldBeProcessed($request)) {
            return $handler->handle($request);
        }

        $this->request = $request;


        $response = $handler->handle($request);

        // Generate the nonces to be used in script and style
        $scriptNonce = $this->securityPolicy->nonce('script');
        $styleNonce = $this->securityPolicy->nonce('style');

        $request = $request->withAttribute(SecurityPolicy::class, [

            'nonces' => [
                'style' => $styleNonce,
                'script' => $scriptNonce,
            ]
        ]);

        $headers = $this->securityPolicy->headers();
        foreach ($headers as $name => $value) {
            $response = $response->withAddedHeader($name, $value);
        }

        return $response;

    }

    /**
     * Whether we can process this request
     * @param ServerRequestInterface $request
     * @return bool
     */
    protected function shouldBeProcessed(ServerRequestInterface $request): bool
    {
       //If no route has been match no need check for CSRF
        /** @var ?Route $route */
        $route = $request->getAttribute(Route::class);
        if (!$route) {
            return false;
        }

        return true;
    }
}


1			<?php
2
3			/**
4			* Platine Framework
5			*
6			* Platine Framework is a lightweight, high-performance, simple and elegant PHP
7			* Web framework
8			*
9			* This content is released under the MIT License (MIT)
10			*
11			* Copyright (c) 2020 Platine Framework
12			*
13			* Permission is hereby granted, free of charge, to any person obtaining a copy
14			* of this software and associated documentation files (the "Software"), to deal
15			* in the Software without restriction, including without limitation the rights
16			* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
17			* copies of the Software, and to permit persons to whom the Software is
18			* furnished to do so, subject to the following conditions:
19			*
20			* The above copyright notice and this permission notice shall be included in all
21			* copies or substantial portions of the Software.
22			*
23			* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
24			* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
25			* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
26			* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
27			* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
28			* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
29			* SOFTWARE.
30			*/
31
32			/**
33			* @file SecurityPolicyMiddleware.php
34			*
35			* The Security Policy middleware class is used to set response security headers
36			*
37			* @package Platine\Framework\Http\Middleware
38			* @author Platine Developers Team
39			* @copyright Copyright (c) 2020
40			* @license http://opensource.org/licenses/MIT MIT License
41			* @link https://www.platine-php.com
42			* @version 1.0.0
43			* @filesource
44			*/
45
46			declare(strict_types=1);
47
48			namespace Platine\Framework\Http\Middleware;
49
50			use Platine\Framework\Security\SecurityPolicy;
51			use Platine\Http\Handler\MiddlewareInterface;
52			use Platine\Http\Handler\RequestHandlerInterface;
53			use Platine\Http\ResponseInterface;
54			use Platine\Http\ServerRequestInterface;
55			use Platine\Route\Route;
56
57			/**
58			* @class SecurityPolicyMiddleware
59			* @package Platine\Framework\Http\Middleware
60			* @template T
61			*/
62			class SecurityPolicyMiddleware implements MiddlewareInterface
63			{
64			/**
65			* The SecurityPolicy instance
66			* @var SecurityPolicy
67			*/
68			protected SecurityPolicy $securityPolicy;
69
70			/**
71			* Create new instance
72			* @param SecurityPolicy $securityPolicy
73			*/
74			public function __construct(SecurityPolicy $securityPolicy)
75			{
76			$this->securityPolicy = $securityPolicy;
77			}
78
79			/**
80			* {@inheritdoc}
81			*/
82			public function process(
83			ServerRequestInterface $request,
84			RequestHandlerInterface $handler
85			): ResponseInterface {
86
87			if (!$this->shouldBeProcessed($request)) {
88			return $handler->handle($request);
89			}
90
91			$this->request = $request;
			0 ignored issues – show Bug Best Practice introduced 2023-09-09 06:23 UTC by Report Bug Copy Issue Report The property `request` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
92
93			$response = $handler->handle($request);
94
95			// Generate the nonces to be used in script and style
96			$scriptNonce = $this->securityPolicy->nonce('script');
97			$styleNonce = $this->securityPolicy->nonce('style');
98
99			$request = $request->withAttribute(SecurityPolicy::class, [
			0 ignored issues – show Unused Code introduced 2023-09-09 06:23 UTC by Report Bug Copy Issue Report The assignment to `$request` is dead and can be removed. Loading history...
100			'nonces' => [
101			'style' => $styleNonce,
102			'script' => $scriptNonce,
103			]
104			]);
105
106			$headers = $this->securityPolicy->headers();
107			foreach ($headers as $name => $value) {
108			$response = $response->withAddedHeader($name, $value);
109			}
110
111			return $response;
			0 ignored issues – show Bug Best Practice introduced 2023-09-09 06:23 UTC by Report Bug Copy Issue Report The expression `return $response` could return the type `Platine\Http\MessageInterface` which includes types incompatible with the type-hinted return `Platine\Http\ResponseInterface`. Consider adding an additional type-check to rule them out. Loading history...
112			}
113
114			/**
115			* Whether we can process this request
116			* @param ServerRequestInterface $request
117			* @return bool
118			*/
119			protected function shouldBeProcessed(ServerRequestInterface $request): bool
120			{
121			//If no route has been match no need check for CSRF
122			/** @var ?Route $route */
123			$route = $request->getAttribute(Route::class);
124			if (!$route) {
125			return false;
126			}
127
128			return true;
129			}
130			}
131

platine-php / framework

Push — develop ( 4cc33e...7d04c7 )

SecurityPolicyMiddleware A

Complexity

Size/Duplication

Importance

3 Methods

Duplication Side-by-Side

Filter issues like