DOMDocumentFactory::fromString() - Code Metrics - simplesamlphp/xml-common - Measure and Improve Code Quality continuously with Scrutinizer

DOMDocumentFactory::fromString() A
last analyzed 2025-09-29 19:28 UTC

↳ Parent: DOMDocumentFactory

Complexity

Conditions	5
Paths	6

Size

Total Lines	44
Code Lines	25

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	5
eloc	25
nc	6
nop	2
dl	0
loc	44
rs	9.2088
c	0
b	0
f	0

<?php

declare(strict_types=1);

namespace SimpleSAML\XML;

use DOMDocument;
use SimpleSAML\XML\Assert\Assert;
use SimpleSAML\XML\Exception\IOException;
use SimpleSAML\XML\Exception\RuntimeException;
use SimpleSAML\XML\Exception\UnparseableXMLException;

use function file_get_contents;
use function func_num_args;
use function libxml_clear_errors;
use function libxml_set_external_entity_loader;
use function libxml_use_internal_errors;
use function sprintf;

/**
 * @package simplesamlphp/xml-common
 */
final class DOMDocumentFactory
{
    /**
     * @var non-negative-int
     * TODO: Add LIBXML_NO_XXE to the defaults when PHP 8.4.0 + libxml 2.13.0 become generally available
     */
    public const DEFAULT_OPTIONS = \LIBXML_COMPACT | \LIBXML_NONET | \LIBXML_NSCLEAN;


    /**
     * @param string $xml
     * @param non-negative-int $options
     *
     * @return \DOMDocument
     */
    public static function fromString(
        string $xml,
        int $options = self::DEFAULT_OPTIONS,
    ): DOMDocument {
        libxml_set_external_entity_loader(null);
        Assert::notWhitespaceOnly($xml);
        Assert::notRegex(
            $xml,
            '/<(\s*)!(\s*)DOCTYPE/',
            'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body',
            RuntimeException::class,
        );

        $internalErrors = libxml_use_internal_errors(true);
        libxml_clear_errors();

        // If LIBXML_NO_XXE is available and option not set
        if (func_num_args() === 1 && defined('LIBXML_NO_XXE')) {
            $options |= \LIBXML_NO_XXE;
        }

        $domDocument = self::create();
        $loaded = $domDocument->loadXML($xml, $options);

        libxml_use_internal_errors($internalErrors);

        if (!$loaded) {
            $error = libxml_get_last_error();
            libxml_clear_errors();

            throw new UnparseableXMLException($error);
        }

        libxml_clear_errors();

        foreach ($domDocument->childNodes as $child) {
            Assert::false(
                $child->nodeType === \XML_DOCUMENT_TYPE_NODE,
                'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body',
                RuntimeException::class,
            );
        }

        return $domDocument;
    }


    /**
     * @param string $file
     * @param non-negative-int $options
     *
     * @return \DOMDocument
     */
    public static function fromFile(
        string $file,
        int $options = self::DEFAULT_OPTIONS,
    ): DOMDocument {
        error_clear_last();
        $xml = @file_get_contents($file);
        if ($xml === false) {
            $e = error_get_last();
            $error = $e['message'] ?? "Check that the file exists and can be read.";

            throw new IOException("File '$file' was not loaded;  $error");
        }

        Assert::notWhitespaceOnly($xml, sprintf('File "%s" does not have content', $file), RuntimeException::class);
        return (func_num_args() < 2) ? static::fromString($xml) : static::fromString($xml, $options);
    }


    /**
     * @param string $version
     * @param string $encoding
     * @return \DOMDocument
     */
    public static function create(string $version = '1.0', string $encoding = 'UTF-8'): DOMDocument
    {
        return new DOMDocument($version, $encoding);
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\XML;
6
7			use DOMDocument;
8			use SimpleSAML\XML\Assert\Assert;
9			use SimpleSAML\XML\Exception\IOException;
10			use SimpleSAML\XML\Exception\RuntimeException;
11			use SimpleSAML\XML\Exception\UnparseableXMLException;
12
13			use function file_get_contents;
14			use function func_num_args;
15			use function libxml_clear_errors;
16			use function libxml_set_external_entity_loader;
17			use function libxml_use_internal_errors;
18			use function sprintf;
19
20			/**
21			* @package simplesamlphp/xml-common
22			*/
23			final class DOMDocumentFactory
24			{
25			/**
26			* @var non-negative-int
27			* TODO: Add LIBXML_NO_XXE to the defaults when PHP 8.4.0 + libxml 2.13.0 become generally available
28			*/
29			public const DEFAULT_OPTIONS = \LIBXML_COMPACT \| \LIBXML_NONET \| \LIBXML_NSCLEAN;
30
31
32			/**
33			* @param string $xml
34			* @param non-negative-int $options
35			*
36			* @return \DOMDocument
37			*/
38			public static function fromString(
39			string $xml,
40			int $options = self::DEFAULT_OPTIONS,
41			): DOMDocument {
42			libxml_set_external_entity_loader(null);
43			Assert::notWhitespaceOnly($xml);
44			Assert::notRegex(
45			$xml,
46			'/<(\s)!(\s)DOCTYPE/',
47			'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body',
48			RuntimeException::class,
49			);
50
51			$internalErrors = libxml_use_internal_errors(true);
52			libxml_clear_errors();
53
54			// If LIBXML_NO_XXE is available and option not set
55			if (func_num_args() === 1 && defined('LIBXML_NO_XXE')) {
56			$options \|= \LIBXML_NO_XXE;
57			}
58
59			$domDocument = self::create();
60			$loaded = $domDocument->loadXML($xml, $options);
61
62			libxml_use_internal_errors($internalErrors);
63
64			if (!$loaded) {
65			$error = libxml_get_last_error();
66			libxml_clear_errors();
67
68			throw new UnparseableXMLException($error);
69			}
70
71			libxml_clear_errors();
72
73			foreach ($domDocument->childNodes as $child) {
74			Assert::false(
75			$child->nodeType === \XML_DOCUMENT_TYPE_NODE,
76			'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body',
77			RuntimeException::class,
78			);
79			}
80
81			return $domDocument;
82			}
83
84
85			/**
86			* @param string $file
87			* @param non-negative-int $options
88			*
89			* @return \DOMDocument
90			*/
91			public static function fromFile(
92			string $file,
93			int $options = self::DEFAULT_OPTIONS,
94			): DOMDocument {
95			error_clear_last();
96			$xml = @file_get_contents($file);
97			if ($xml === false) {
98			$e = error_get_last();
99			$error = $e['message'] ?? "Check that the file exists and can be read.";
100
101			throw new IOException("File '$file' was not loaded; $error");
102			}
103
104			Assert::notWhitespaceOnly($xml, sprintf('File "%s" does not have content', $file), RuntimeException::class);
105			return (func_num_args() < 2) ? static::fromString($xml) : static::fromString($xml, $options);
106			}
107
108
109			/**
110			* @param string $version
111			* @param string $encoding
112			* @return \DOMDocument
113			*/
114			public static function create(string $version = '1.0', string $encoding = 'UTF-8'): DOMDocument
115			{
116			return new DOMDocument($version, $encoding);
117			}
118			}
119

simplesamlphp / xml-common

DOMDocumentFactory::fromString() A last analyzed 2025-09-29 19:28 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

DOMDocumentFactory::fromString() A
last analyzed 2025-09-29 19:28 UTC