RequestFlushDiscoverer - Code Metrics - Inspection of "[CVE-2019-12246] Denial of Service on flush and de..." - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 4.2 ( 7f69cc...ca56e8 )

unknown

created 2019-06-10 05:24 UTC

RequestFlushDiscoverer A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	71
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	13
dl	0
loc	71
rs	10
c	0
b	0
f	0
wmc	9

4 Methods

Rating	Name	Size	Complexity
A	shouldFlush()	7	2
A	__construct()	4	1
A	lookupRequest()	11	3
A	isAllowed()	6	3

<?php

namespace SilverStripe\Core\Startup;

use SilverStripe\Control\HTTPRequest;
use SilverStripe\Core\Kernel;
use SilverStripe\Core\Environment;

/**
 * The default flush discovery implementation
 *
 * - if request has `flush` or URL is `dev/build`
 * - AND in CLI or DEV mode
 * - then flush
 */
class RequestFlushDiscoverer implements FlushDiscoverer
{
    /**
     * Environment type (dev, test or live)
     *
     * @var string
     */
    protected $env;

    /**
     * Active request instance (session is not initialized yet!)
     *
     * @var HTTPRequest
     */
    protected $request;

    /**
     * Initialize it with active Request and Kernel
     *
     * @param HTTPRequest $request instance of the request (session is not initialized yet!)
     * @param string $env Environment type (dev, test or live)
     */
    public function __construct(HTTPRequest $request, $env)
    {
        $this->env = $env;
        $this->request = $request;
    }

    /**
     * Checks whether the request contains any flush indicators
     *
     * @param HTTPRequest $request active request
     *
     * @return null|bool flush or don't care
     */
    protected function lookupRequest()
    {
        $request = $this->request;

        $getVar = array_key_exists('flush', $request->getVars());
        $devBuild = $request->getURL() === 'dev/build';

        // WARNING!
        // We specifically return `null` and not `false` here so that
        // it does not override other FlushDiscoverers
        return ($getVar || $devBuild) ? true : null;
    }

    /**
     * Checks for permission to flush
     *
     * Startup flush through a request is only allowed
     * to CLI or DEV modes for security reasons
     *
     * @return bool|null true for allow, false for denying, or null if don't care
     */
    protected function isAllowed()
    {
        // WARNING!
        // We specifically return `null` and not `false` here so that
        // it does not override other FlushDiscoverers
        return (Environment::isCli() || $this->env === Kernel::DEV) ? true : null;
    }

    public function shouldFlush()
    {
        if (!$allowed = $this->isAllowed()) {
            return $allowed;
        }

        return $this->lookupRequest();
    }
}


1			<?php
2
3			namespace SilverStripe\Core\Startup;
4
5			use SilverStripe\Control\HTTPRequest;
6			use SilverStripe\Core\Kernel;
7			use SilverStripe\Core\Environment;
8
9			/**
10			* The default flush discovery implementation
11			*
12			* - if request has `flush` or URL is `dev/build`
13			* - AND in CLI or DEV mode
14			* - then flush
15			*/
16			class RequestFlushDiscoverer implements FlushDiscoverer
17			{
18			/**
19			* Environment type (dev, test or live)
20			*
21			* @var string
22			*/
23			protected $env;
24
25			/**
26			* Active request instance (session is not initialized yet!)
27			*
28			* @var HTTPRequest
29			*/
30			protected $request;
31
32			/**
33			* Initialize it with active Request and Kernel
34			*
35			* @param HTTPRequest $request instance of the request (session is not initialized yet!)
36			* @param string $env Environment type (dev, test or live)
37			*/
38			public function __construct(HTTPRequest $request, $env)
39			{
40			$this->env = $env;
41			$this->request = $request;
42			}
43
44			/**
45			* Checks whether the request contains any flush indicators
46			*
47			* @param HTTPRequest $request active request
48			*
49			* @return null\|bool flush or don't care
50			*/
51			protected function lookupRequest()
52			{
53			$request = $this->request;
54
55			$getVar = array_key_exists('flush', $request->getVars());
56			$devBuild = $request->getURL() === 'dev/build';
57
58			// WARNING!
59			// We specifically return `null` and not `false` here so that
60			// it does not override other FlushDiscoverers
61			return ($getVar \|\| $devBuild) ? true : null;
62			}
63
64			/**
65			* Checks for permission to flush
66			*
67			* Startup flush through a request is only allowed
68			* to CLI or DEV modes for security reasons
69			*
70			* @return bool\|null true for allow, false for denying, or null if don't care
71			*/
72			protected function isAllowed()
73			{
74			// WARNING!
75			// We specifically return `null` and not `false` here so that
76			// it does not override other FlushDiscoverers
77			return (Environment::isCli() \|\| $this->env === Kernel::DEV) ? true : null;
78			}
79
80			public function shouldFlush()
81			{
82			if (!$allowed = $this->isAllowed()) {
83			return $allowed;
84			}
85
86			return $this->lookupRequest();
87			}
88			}
89

silverstripe / silverstripe-framework

Push — 4.2 ( 7f69cc...ca56e8 )

RequestFlushDiscoverer A

Complexity

Size/Duplication

Importance

4 Methods

Duplication Side-by-Side

Filter issues like