DisallowUnsafeDynamicURL - Code Metrics - Inspection of "Added covering test" - s9e/TextFormatter - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( c9dc8f...993e26 )

by Josh

created 2019-04-26 22:35 UTC

DisallowUnsafeDynamicURL A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	52
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	3

Test Coverage

Coverage

80%

Importance

Changes

Metric	Value
wmc	8
lcom	1
cbo	3
dl	0
loc	52
ccs	12
cts	15
cp	0.8
rs	10
c	0
b	0
f	0

4 Methods

Rating	Name	Size	Complexity
A	getNodes()	4	1
A	isSafe()	4	1
A	checkAttributeNode()	8	2
A	checkElementNode()	12	4

<?php

/**
* @package   s9e\TextFormatter
* @copyright Copyright (c) 2010-2019 The s9e Authors
* @license   http://www.opensource.org/licenses/mit-license.php The MIT License
*/
namespace s9e\TextFormatter\Configurator\TemplateChecks;

use DOMAttr;
use DOMElement;
use DOMText;
use s9e\TextFormatter\Configurator\Helpers\TemplateHelper;
use s9e\TextFormatter\Configurator\Items\Attribute;
use s9e\TextFormatter\Configurator\Items\Tag;

/**
* This primary use of this check is to ensure that dynamic content cannot be used to create
* javascript: links
*/
class DisallowUnsafeDynamicURL extends AbstractDynamicContentCheck
{
	/**
	* @var string Regexp used to exclude nodes that start with a hardcoded scheme part, a hardcoded
	*             local part, or a fragment
	*/
	protected $exceptionRegexp = '(^(?:(?!data|\\w*script)\\w+:|[^:]*/|#))i';

	/**
	* {@inheritdoc}
	*/
	protected function getNodes(DOMElement $template)
	{
		return TemplateHelper::getURLNodes($template->ownerDocument);
	}

	/**
	* {@inheritdoc}
	*/
	protected function isSafe(Attribute $attribute)
	{
		return $attribute->isSafeAsURL();
	}

	/**
	* {@inheritdoc}
	*/
	protected function checkAttributeNode(DOMAttr $attribute, Tag $tag)
	{
		// Ignore this attribute if its scheme is hardcoded or it starts with //
		if (!preg_match($this->exceptionRegexp, $attribute->value))
		{
			parent::checkAttributeNode($attribute, $tag);
		}
	}

	/**
	* {@inheritdoc}
	*/
	protected function checkElementNode(DOMElement $element, Tag $tag)
	{
		// Ignore this element if its scheme is hardcoded or it starts with //
		if ($element->firstChild
		 && $element->firstChild instanceof DOMText
		 && preg_match($this->exceptionRegexp, $element->firstChild->textContent))
		{
			return;
		}

		parent::checkElementNode($element, $tag);
	}
}

1		<?php
2
3		/**
4		* @package s9e\TextFormatter
5		* @copyright Copyright (c) 2010-2019 The s9e Authors
6		* @license http://www.opensource.org/licenses/mit-license.php The MIT License
7		*/
8		namespace s9e\TextFormatter\Configurator\TemplateChecks;
9
10		use DOMAttr;
11		use DOMElement;
12		use DOMText;
13		use s9e\TextFormatter\Configurator\Helpers\TemplateHelper;
14		use s9e\TextFormatter\Configurator\Items\Attribute;
15		use s9e\TextFormatter\Configurator\Items\Tag;
16
17		/**
18		* This primary use of this check is to ensure that dynamic content cannot be used to create
19		* javascript: links
20		*/
21		class DisallowUnsafeDynamicURL extends AbstractDynamicContentCheck
22		{
23		/**
24		* @var string Regexp used to exclude nodes that start with a hardcoded scheme part, a hardcoded
25		* local part, or a fragment
26		*/
27		protected $exceptionRegexp = '(^(?:(?!data\|\\wscript)\\w+:\|[^:]/\|#))i';
28
29		/**
30		* {@inheritdoc}
31		*/
32	16	protected function getNodes(DOMElement $template)
33		{
34	16	return TemplateHelper::getURLNodes($template->ownerDocument);
35		}
36
37		/**
38		* {@inheritdoc}
39		*/
40	8	protected function isSafe(Attribute $attribute)
41		{
42	8	return $attribute->isSafeAsURL();
43		}
44
45		/**
46		* {@inheritdoc}
47		*/
48	8	protected function checkAttributeNode(DOMAttr $attribute, Tag $tag)
49		{
50		// Ignore this attribute if its scheme is hardcoded or it starts with //
51	8	if (!preg_match($this->exceptionRegexp, $attribute->value))
52		{
53	8	parent::checkAttributeNode($attribute, $tag);
54		}
55		}
56
57		/**
58		* {@inheritdoc}
59		*/
60	6	protected function checkElementNode(DOMElement $element, Tag $tag)
61		{
62		// Ignore this element if its scheme is hardcoded or it starts with //
63	6	if ($element->firstChild
64	6	&& $element->firstChild instanceof DOMText
65	6	&& preg_match($this->exceptionRegexp, $element->firstChild->textContent))
66		{
67		return;
68		}
69
70	6	parent::checkElementNode($element, $tag);
71		}
72		}

s9e / TextFormatter

Push — master ( c9dc8f...993e26 )

DisallowUnsafeDynamicURL A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

4 Methods

Duplication Side-by-Side

Filter issues like