AllowedHostsMiddleware::process() - Code Metrics - Inspection of "Merge branch '4'" - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 9b9c6c...ef704e )

by Daniel

created 2018-02-21 14:00 UTC

AllowedHostsMiddleware::process() A

↳ Parent: AllowedHostsMiddleware

Complexity

Conditions	4
Paths	2

Size

Total Lines	13
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	4
eloc	6
nc	2
nop	2
dl	0
loc	13
rs	9.2
c	0
b	0
f	0

<?php

namespace SilverStripe\Control\Middleware;

use SilverStripe\Control\Director;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\HTTPResponse;

/**
 * Secures requests by only allowing a whitelist of Host values
 */
class AllowedHostsMiddleware implements HTTPMiddleware
{
    /**
     * List of allowed hosts
     *
     * @var array
     */
    private $allowedHosts = [];

    /**
     * @return array List of allowed Host header values
     */
    public function getAllowedHosts()
    {
        return $this->allowedHosts;
    }

    /**
     * Sets the list of allowed Host header values
     * Can also specify a comma separated list
     *
     * @param array|string $allowedHosts
     * @return $this
     */
    public function setAllowedHosts($allowedHosts)
    {
        if (is_string($allowedHosts)) {
            $allowedHosts = preg_split('/ *, */', $allowedHosts);
        }
        $this->allowedHosts = $allowedHosts;
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}
        return $this;
    }

    /**
     * @inheritdoc
     */
    public function process(HTTPRequest $request, callable $delegate)
    {
        $allowedHosts = $this->getAllowedHosts();

        // check allowed hosts
        if ($allowedHosts

            && !Director::is_cli()
            && !in_array($request->getHeader('Host'), $allowedHosts)
        ) {
            return new HTTPResponse('Invalid Host', 400);
        }

        return $delegate($request);
    }
}


1			<?php
2
3			namespace SilverStripe\Control\Middleware;
4
5			use SilverStripe\Control\Director;
6			use SilverStripe\Control\HTTPRequest;
7			use SilverStripe\Control\HTTPResponse;
8
9			/**
10			* Secures requests by only allowing a whitelist of Host values
11			*/
12			class AllowedHostsMiddleware implements HTTPMiddleware
13			{
14			/**
15			* List of allowed hosts
16			*
17			* @var array
18			*/
19			private $allowedHosts = [];
20
21			/**
22			* @return array List of allowed Host header values
23			*/
24			public function getAllowedHosts()
25			{
26			return $this->allowedHosts;
27			}
28
29			/**
30			* Sets the list of allowed Host header values
31			* Can also specify a comma separated list
32			*
33			* @param array\|string $allowedHosts
34			* @return $this
35			*/
36			public function setAllowedHosts($allowedHosts)
37			{
38			if (is_string($allowedHosts)) {
39			$allowedHosts = preg_split('/ , /', $allowedHosts);
40			}
41			$this->allowedHosts = $allowedHosts;
			0 ignored issues – show Documentation Bug introduced 2017-12-01 02:09 UTC by Report Bug Copy Issue Report It seems like `$allowedHosts` can also be of type `false`. However, the property `$allowedHosts` is declared as type `array`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
42			return $this;
43			}
44
45			/**
46			* @inheritdoc
47			*/
48			public function process(HTTPRequest $request, callable $delegate)
49			{
50			$allowedHosts = $this->getAllowedHosts();
51
52			// check allowed hosts
53			if ($allowedHosts
			0 ignored issues – show Bug Best Practice introduced 2017-11-28 04:26 UTC by Report Bug Copy Issue Report The expression `$allowedHosts` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
54			&& !Director::is_cli()
55			&& !in_array($request->getHeader('Host'), $allowedHosts)
56			) {
57			return new HTTPResponse('Invalid Host', 400);
58			}
59
60			return $delegate($request);
61			}
62			}
63

silverstripe / silverstripe-framework

Push — master ( 9b9c6c...ef704e )

AllowedHostsMiddleware::process() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like