Policy - Code Metrics - Inspection of "Add possibility to change value to no value" - spatie/laravel-csp - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#44)

unknown

created 2018-08-21 13:30 UTC

Policy A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	137
Duplicated Lines	0 %

Coupling/Cohesion

Components	2
Dependencies	4

Importance

Changes

Metric	Value
dl	0
loc	137
rs	10
c	0
b	0
f	0
wmc	23
lcom	2
cbo	4

14 Methods

Rating	Name	Size	Complexity
	configure()	1	?
A	reportOnly()	6	1
A	enforce()	6	1
A	reportTo()	6	1
A	shouldBeApplied()	4	1
A	addNonceForDirective()	4	1
A	applyTo()	14	3
A	guardAgainstInvalidDirectives()	6	2
A	isHash()	10	1
A	isSpecialDirective()	13	1
A	sanitizeValue()	8	3
A	addDirective()	18	4
A	__toString()	10	2
A	arr_wrap()	3	2

<?php

namespace Spatie\Csp\Policies;

use Spatie\Csp\Value;
use Spatie\Csp\Directive;
use Illuminate\Http\Request;
use Spatie\Csp\Exceptions\InvalidDirective;
use Symfony\Component\HttpFoundation\Response;

abstract class Policy
{
    protected $directives = [];

    protected $reportOnly = false;

    abstract public function configure();

    /**
     * @param string $directive
     * @param string|array $values
     *
     * @return \Spatie\Csp\Policies\Policy
     *
     * @throws \Spatie\Csp\Exceptions\InvalidDirective
     */
    public function addDirective(string $directive, $values): self
    {
        $this->guardAgainstInvalidDirectives($directive);

        $rules = array_flatten(array_map(function ($values) {
            return empty($values) ? $values : array_filter(explode(' ', $values));
        }, $this->arr_wrap($values)));

        foreach ($rules as $rule) {
            $sanitizedValue = $this->sanitizeValue($rule);

            if (! in_array($sanitizedValue, $this->directives[$directive] ?? [])) {
                $this->directives[$directive][] = $sanitizedValue;
            }
        }

        return $this;
    }

    public function reportOnly(): self
    {
        $this->reportOnly = true;

        return $this;
    }

    public function enforce(): self
    {
        $this->reportOnly = false;

        return $this;
    }

    public function reportTo(string $uri): self
    {
        $this->directives['report-uri'] = [$uri];

        return $this;
    }

    public function shouldBeApplied(Request $request, Response $response): bool

    {
        return config('csp.enabled');
    }

    public function addNonceForDirective(string $directive): self
    {
        return $this->addDirective($directive, "'nonce-".app('csp-nonce')."'");
    }

    public function applyTo(Response $response)
    {
        $this->configure();

        $headerName = $this->reportOnly
            ? 'Content-Security-Policy-Report-Only'
            : 'Content-Security-Policy';

        if ($response->headers->has($headerName)) {
            return;
        }

        $response->headers->set($headerName, (string) $this);
    }

    public function __toString()
    {
        return collect($this->directives)
            ->map(function (array $values, string $directive) {
                $valueString = implode(' ', $values);

                return empty($valueString) ? "{$directive}" : "{$directive} {$valueString}";
            })
            ->implode(';');
    }

    protected function guardAgainstInvalidDirectives(string $directive)
    {
        if (! Directive::isValid($directive)) {
            throw InvalidDirective::notSupported($directive);
        }
    }

    protected function isHash(string $value): bool
    {
        $acceptableHashingAlgorithms = [
          'sha256-',
          'sha384-',
          'sha512-',
        ];

        return starts_with($value, $acceptableHashingAlgorithms);
    }

    protected function isSpecialDirective(string $value): bool
    {
        $specialDirectiveValues = [
            Value::NONE,
            Value::REPORT_SAMPLE,
            Value::SELF,
            Value::STRICT_DYNAMIC,
            Value::UNSAFE_EVAL,
            Value::UNSAFE_INLINE,
        ];

        return in_array($value, $specialDirectiveValues);
    }

    protected function sanitizeValue(string $value): string
    {
        if ($this->isSpecialDirective($value) || $this->isHash($value)) {
            return "'{$value}'";
        }

        return $value;
    }
    
    protected function arr_wrap($value) {
	    return ! is_array($value) ? [$value] : $value;
    }
}


1			<?php
2
3			namespace Spatie\Csp\Policies;
4
5			use Spatie\Csp\Value;
6			use Spatie\Csp\Directive;
7			use Illuminate\Http\Request;
8			use Spatie\Csp\Exceptions\InvalidDirective;
9			use Symfony\Component\HttpFoundation\Response;
10
11			abstract class Policy
12			{
13			protected $directives = [];
14
15			protected $reportOnly = false;
16
17			abstract public function configure();
18
19			/**
20			* @param string $directive
21			* @param string\|array $values
22			*
23			* @return \Spatie\Csp\Policies\Policy
24			*
25			* @throws \Spatie\Csp\Exceptions\InvalidDirective
26			*/
27			public function addDirective(string $directive, $values): self
28			{
29			$this->guardAgainstInvalidDirectives($directive);
30
31			$rules = array_flatten(array_map(function ($values) {
32			return empty($values) ? $values : array_filter(explode(' ', $values));
33			}, $this->arr_wrap($values)));
34
35			foreach ($rules as $rule) {
36			$sanitizedValue = $this->sanitizeValue($rule);
37
38			if (! in_array($sanitizedValue, $this->directives[$directive] ?? [])) {
39			$this->directives[$directive][] = $sanitizedValue;
40			}
41			}
42
43			return $this;
44			}
45
46			public function reportOnly(): self
47			{
48			$this->reportOnly = true;
49
50			return $this;
51			}
52
53			public function enforce(): self
54			{
55			$this->reportOnly = false;
56
57			return $this;
58			}
59
60			public function reportTo(string $uri): self
61			{
62			$this->directives['report-uri'] = [$uri];
63
64			return $this;
65			}
66
67			public function shouldBeApplied(Request $request, Response $response): bool
			0 ignored issues – show Unused Code introduced 2018-02-17 01:16 UTC by Report Bug Copy Issue Report The parameter `$request` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2018-02-17 01:16 UTC by Report Bug Copy Issue Report The parameter `$response` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
68			{
69			return config('csp.enabled');
70			}
71
72			public function addNonceForDirective(string $directive): self
73			{
74			return $this->addDirective($directive, "'nonce-".app('csp-nonce')."'");
75			}
76
77			public function applyTo(Response $response)
78			{
79			$this->configure();
80
81			$headerName = $this->reportOnly
82			? 'Content-Security-Policy-Report-Only'
83			: 'Content-Security-Policy';
84
85			if ($response->headers->has($headerName)) {
86			return;
87			}
88
89			$response->headers->set($headerName, (string) $this);
90			}
91
92			public function __toString()
93			{
94			return collect($this->directives)
95			->map(function (array $values, string $directive) {
96			$valueString = implode(' ', $values);
97
98			return empty($valueString) ? "{$directive}" : "{$directive} {$valueString}";
99			})
100			->implode(';');
101			}
102
103			protected function guardAgainstInvalidDirectives(string $directive)
104			{
105			if (! Directive::isValid($directive)) {
106			throw InvalidDirective::notSupported($directive);
107			}
108			}
109
110			protected function isHash(string $value): bool
111			{
112			$acceptableHashingAlgorithms = [
113			'sha256-',
114			'sha384-',
115			'sha512-',
116			];
117
118			return starts_with($value, $acceptableHashingAlgorithms);
119			}
120
121			protected function isSpecialDirective(string $value): bool
122			{
123			$specialDirectiveValues = [
124			Value::NONE,
125			Value::REPORT_SAMPLE,
126			Value::SELF,
127			Value::STRICT_DYNAMIC,
128			Value::UNSAFE_EVAL,
129			Value::UNSAFE_INLINE,
130			];
131
132			return in_array($value, $specialDirectiveValues);
133			}
134
135			protected function sanitizeValue(string $value): string
136			{
137			if ($this->isSpecialDirective($value) \|\| $this->isHash($value)) {
138			return "'{$value}'";
139			}
140
141			return $value;
142			}
143
144			protected function arr_wrap($value) {
145			return ! is_array($value) ? [$value] : $value;
146			}
147			}
148

spatie / laravel-csp

Pull Request — master (#44)

Policy A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

14 Methods

Duplication Side-by-Side

Filter issues like