TemplateChecker - Code Metrics - Inspection of "TemplateChecker: disallow xsl:import and xsl:inclu..." - s9e/TextFormatter - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 2eb814...27f51a )

by Josh

created 2020-03-24 21:01 UTC

TemplateChecker A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	105
Duplicated Lines	0 %

Test Coverage

Coverage

97.06%

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
wmc	10
eloc	33
c	1
b	0
f	0
dl	0
loc	105
ccs	33
cts	34
cp	0.9706
rs	10

5 Methods

Rating	Name	Size	Complexity
A	__construct()	19	1
A	checkTemplate()	18	4
A	checkTag()	6	3
A	enable()	3	1
A	disable()	3	1

<?php

/**
* @package   s9e\TextFormatter
* @copyright Copyright (c) 2010-2020 The s9e authors
* @license   http://www.opensource.org/licenses/mit-license.php The MIT License
*/
namespace s9e\TextFormatter\Configurator;

use ArrayAccess;
use Iterator;
use s9e\TextFormatter\Configurator\Collections\TemplateCheckList;
use s9e\TextFormatter\Configurator\Helpers\TemplateLoader;
use s9e\TextFormatter\Configurator\Items\Tag;
use s9e\TextFormatter\Configurator\Items\UnsafeTemplate;
use s9e\TextFormatter\Configurator\TemplateChecks\DisallowElementNS;
use s9e\TextFormatter\Configurator\TemplateChecks\DisallowXPathFunction;
use s9e\TextFormatter\Configurator\TemplateChecks\RestrictFlashScriptAccess;
use s9e\TextFormatter\Configurator\Traits\CollectionProxy;

/**
* @method mixed   add(mixed $value, null $void)  Add (append) a value to this list
* @method mixed   append(mixed $value)           Append a value to this list
* @method array   asConfig()
* @method void    clear()                        Empty this collection
* @method bool    contains(mixed $value)         Test whether a given value is present in this collection
* @method integer count()
* @method mixed   current()
* @method void    delete(string $key)            Delete a value from this list and remove gaps in keys
* @method bool    exists(string $key)            Test whether an item of given key exists
* @method mixed   get(string $key)               Return a value from this collection
* @method mixed   indexOf(mixed $value)          Find the index of a given value
* @method mixed   insert(integer $offset, mixed $value) Insert a value at an arbitrary 0-based position
* @method integer|string key()
* @method mixed   next()
* @method integer normalizeKey(mixed $key)       Ensure that the key is a valid offset
* @method TemplateCheck normalizeValue(mixed $check)   Normalize the value to an instance of TemplateCheck
* @method bool    offsetExists(string|integer $offset)
* @method mixed   offsetGet(string|integer $offset)
* @method void    offsetSet(mixed $offset, mixed $value) Custom offsetSet() implementation to allow assignment with a null offset to append to the
* @method void    offsetUnset(string|integer $offset)
* @method string  onDuplicate(string|null $action) Query and set the action to take when add() is called with a key that already exists
* @method mixed   prepend(mixed $value)          Prepend a value to this list
* @method integer remove(mixed $value)           Remove all items matching given value
* @method void    rewind()
* @method mixed   set(string $key, mixed $value) Set and overwrite a value in this collection
* @method bool    valid()
*/
class TemplateChecker implements ArrayAccess, Iterator
{
	use CollectionProxy;

	/**
	* @var TemplateCheckList Collection of TemplateCheck instances
	*/
	protected $collection;

	/**
	* @var bool Whether checks are currently disabled
	*/
	protected $disabled = false;

	/**
	* Constructor
	*
	* Will load the default checks
	*/
	public function __construct()
	{
		$this->collection = new TemplateCheckList;
		$this->collection->append('DisallowAttributeSets');
		$this->collection->append('DisallowCopy');
		$this->collection->append('DisallowDisableOutputEscaping');
		$this->collection->append('DisallowDynamicAttributeNames');
		$this->collection->append('DisallowDynamicElementNames');
		$this->collection->append('DisallowObjectParamsWithGeneratedName');
		$this->collection->append('DisallowPHPTags');
		$this->collection->append('DisallowUnsafeCopyOf');
		$this->collection->append('DisallowUnsafeDynamicCSS');
		$this->collection->append('DisallowUnsafeDynamicJS');
		$this->collection->append('DisallowUnsafeDynamicURL');
		$this->collection->append(new DisallowElementNS('http://icl.com/saxon', 'output'));
		$this->collection->append(new DisallowElementNS('http://www.w3.org/1999/XSL/Transform', 'import'));
		$this->collection->append(new DisallowElementNS('http://www.w3.org/1999/XSL/Transform', 'include'));
		$this->collection->append(new DisallowXPathFunction('document'));
		$this->collection->append(new RestrictFlashScriptAccess('sameDomain', true));
	}

	/**
	* Check a given tag's templates for disallowed content
	*
	* @param  Tag  $tag Tag whose templates will be checked
	* @return void
	*/
	public function checkTag(Tag $tag)
	{
		if (isset($tag->template) && !($tag->template instanceof UnsafeTemplate))

		{
			$template = (string) $tag->template;
			$this->checkTemplate($template, $tag);
		}
	}

	/**
	* Check a given template for disallowed content
	*
	* @param  string $template Template
	* @param  Tag    $tag      Tag this template belongs to
	* @return void
	*/
	public function checkTemplate($template, Tag $tag = null)
	{
		if ($this->disabled)
		{
			return;
		}

		if (!isset($tag))
		{
			$tag = new Tag;
		}

		// Load the template into a DOMDocument
		$dom = TemplateLoader::load($template);

		foreach ($this->collection as $check)
		{
			$check->check($dom->documentElement, $tag);
		}
	}

	/**
	* Disable all checks
	*
	* @deprecated 2.2.0 Use UnsafeTemplate instead
	*
	* @return void
	*/
	public function disable()
	{
		$this->disabled = true;
	}

	/**
	* Enable all checks
	*
	* @deprecated 2.2.0
	*
	* @return void
	*/
	public function enable()
	{
		$this->disabled = false;
	}
}

1		<?php
2
3		/**
4		* @package s9e\TextFormatter
5		* @copyright Copyright (c) 2010-2020 The s9e authors
6		* @license http://www.opensource.org/licenses/mit-license.php The MIT License
7		*/
8		namespace s9e\TextFormatter\Configurator;
9
10		use ArrayAccess;
11		use Iterator;
12		use s9e\TextFormatter\Configurator\Collections\TemplateCheckList;
13		use s9e\TextFormatter\Configurator\Helpers\TemplateLoader;
14		use s9e\TextFormatter\Configurator\Items\Tag;
15		use s9e\TextFormatter\Configurator\Items\UnsafeTemplate;
16		use s9e\TextFormatter\Configurator\TemplateChecks\DisallowElementNS;
17		use s9e\TextFormatter\Configurator\TemplateChecks\DisallowXPathFunction;
18		use s9e\TextFormatter\Configurator\TemplateChecks\RestrictFlashScriptAccess;
19		use s9e\TextFormatter\Configurator\Traits\CollectionProxy;
20
21		/**
22		* @method mixed add(mixed $value, null $void) Add (append) a value to this list
23		* @method mixed append(mixed $value) Append a value to this list
24		* @method array asConfig()
25		* @method void clear() Empty this collection
26		* @method bool contains(mixed $value) Test whether a given value is present in this collection
27		* @method integer count()
28		* @method mixed current()
29		* @method void delete(string $key) Delete a value from this list and remove gaps in keys
30		* @method bool exists(string $key) Test whether an item of given key exists
31		* @method mixed get(string $key) Return a value from this collection
32		* @method mixed indexOf(mixed $value) Find the index of a given value
33		* @method mixed insert(integer $offset, mixed $value) Insert a value at an arbitrary 0-based position
34		* @method integer\|string key()
35		* @method mixed next()
36		* @method integer normalizeKey(mixed $key) Ensure that the key is a valid offset
37		* @method TemplateCheck normalizeValue(mixed $check) Normalize the value to an instance of TemplateCheck
38		* @method bool offsetExists(string\|integer $offset)
39		* @method mixed offsetGet(string\|integer $offset)
40		* @method void offsetSet(mixed $offset, mixed $value) Custom offsetSet() implementation to allow assignment with a null offset to append to the
41		* @method void offsetUnset(string\|integer $offset)
42		* @method string onDuplicate(string\|null $action) Query and set the action to take when add() is called with a key that already exists
43		* @method mixed prepend(mixed $value) Prepend a value to this list
44		* @method integer remove(mixed $value) Remove all items matching given value
45		* @method void rewind()
46		* @method mixed set(string $key, mixed $value) Set and overwrite a value in this collection
47		* @method bool valid()
48		*/
49		class TemplateChecker implements ArrayAccess, Iterator
50		{
51		use CollectionProxy;
52
53		/**
54		* @var TemplateCheckList Collection of TemplateCheck instances
55		*/
56		protected $collection;
57
58		/**
59		* @var bool Whether checks are currently disabled
60		*/
61		protected $disabled = false;
62
63		/**
64		* Constructor
65		*
66		* Will load the default checks
67		*/
68	20	public function __construct()
69		{
70	20	$this->collection = new TemplateCheckList;
71	20	$this->collection->append('DisallowAttributeSets');
72	20	$this->collection->append('DisallowCopy');
73	20	$this->collection->append('DisallowDisableOutputEscaping');
74	20	$this->collection->append('DisallowDynamicAttributeNames');
75	20	$this->collection->append('DisallowDynamicElementNames');
76	20	$this->collection->append('DisallowObjectParamsWithGeneratedName');
77	20	$this->collection->append('DisallowPHPTags');
78	20	$this->collection->append('DisallowUnsafeCopyOf');
79	20	$this->collection->append('DisallowUnsafeDynamicCSS');
80	20	$this->collection->append('DisallowUnsafeDynamicJS');
81	20	$this->collection->append('DisallowUnsafeDynamicURL');
82	20	$this->collection->append(new DisallowElementNS('http://icl.com/saxon', 'output'));
83	20	$this->collection->append(new DisallowElementNS('http://www.w3.org/1999/XSL/Transform', 'import'));
84	20	$this->collection->append(new DisallowElementNS('http://www.w3.org/1999/XSL/Transform', 'include'));
85	20	$this->collection->append(new DisallowXPathFunction('document'));
86	20	$this->collection->append(new RestrictFlashScriptAccess('sameDomain', true));
87		}
88
89		/**
90		* Check a given tag's templates for disallowed content
91		*
92		* @param Tag $tag Tag whose templates will be checked
93		* @return void
94		*/
95	1	public function checkTag(Tag $tag)
96		{
97	1	if (isset($tag->template) && !($tag->template instanceof UnsafeTemplate))
		0 ignored issues – show introduced 2019-07-23 19:33 UTC by Report Bug Copy Issue Report The property `template` is declared write-only in `s9e\TextFormatter\Configurator\Items\Tag`. Loading history...
98		{
99	1	$template = (string) $tag->template;
100	1	$this->checkTemplate($template, $tag);
101		}
102		}
103
104		/**
105		* Check a given template for disallowed content
106		*
107		* @param string $template Template
108		* @param Tag $tag Tag this template belongs to
109		* @return void
110		*/
111	18	public function checkTemplate($template, Tag $tag = null)
112		{
113	18	if ($this->disabled)
114		{
115		return;
116		}
117
118	18	if (!isset($tag))
119		{
120	17	$tag = new Tag;
121		}
122
123		// Load the template into a DOMDocument
124	18	$dom = TemplateLoader::load($template);
125
126	18	foreach ($this->collection as $check)
127		{
128	18	$check->check($dom->documentElement, $tag);
129		}
130		}
131
132		/**
133		* Disable all checks
134		*
135		* @deprecated 2.2.0 Use UnsafeTemplate instead
136		*
137		* @return void
138		*/
139	1	public function disable()
140		{
141	1	$this->disabled = true;
142		}
143
144		/**
145		* Enable all checks
146		*
147		* @deprecated 2.2.0
148		*
149		* @return void
150		*/
151	1	public function enable()
152		{
153	1	$this->disabled = false;
154		}
155		}

s9e / TextFormatter

Push — master ( 2eb814...27f51a )

TemplateChecker A

Complexity

Size/Duplication

Test Coverage

Importance

5 Methods

Duplication Side-by-Side

Filter issues like