Security - Code Metrics - Inspection of "Improve code quality" - terrylinooo/shieldon - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 2.x ( d1e533...30af3d )

by Terry

created 2020-08-04 06:54 UTC

Security A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	128
Duplicated Lines	0 %

Importance

Changes	3
Bugs	0	Features	0

Metric	Value
eloc	55
c	3
b	0
f	0
dl	0
loc	128
rs	10
wmc	11

3 Methods

Rating	Name	Size	Complexity
A	__construct()	3	1
B	xssProtection()	51	6
A	authentication()	47	4

<?php
/**
 * This file is part of the Shieldon package.
 *
 * (c) Terry L. <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 * 
 * php version 7.1.0
 * 
 * @category  Web-security
 * @package   Shieldon
 * @author    Terry Lin <[email protected]>
 * @copyright 2019 terrylinooo
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
 * @link      https://github.com/terrylinooo/shieldon
 * @see       https://shieldon.io
 */

declare(strict_types=1);

namespace Shieldon\Firewall\Panel;

use Psr\Http\Message\ResponseInterface;
use Shieldon\Firewall\Panel\BaseController;
use function Shieldon\Firewall\__;
use function Shieldon\Firewall\get_request;
use function Shieldon\Firewall\unset_superglobal;

use function array_push;
use function array_values;
use function ctype_alnum;
use function str_replace;

/**
 * Security
 */
class Security extends BaseController
{
    /**
     *   Public methods       | Desctiotion
     *  ----------------------|---------------------------------------------
     *   authentication       | The page for managing page authentication.
     *   actionLog            | The page for managing XSS protection.
     *  ----------------------|---------------------------------------------
     */

    /**
     * Constructor
     */
    public function __construct() 
    {
        parent::__construct();
    }

    /**
     * WWW-Authenticate.
     *
     * @return ResponseInterface
     */
    public function authentication(): ResponseInterface
    {
        $postParams = get_request()->getParsedBody();

        if ($this->checkPostParamsExist('url', 'user', 'pass', 'action')) {

            $url = $postParams['url'];
            $user = $postParams['user'];
            $pass = $postParams['pass'];
            $action = $postParams['action'];
            $order = (int) $postParams['order'];

            $authenticatedList = (array) $this->getConfig('www_authenticate');

            if ('add' === $action) {
                array_push(
                    $authenticatedList,
                    [
                        'url' => $url,
                        'user' => $user,
                        'pass' => password_hash($pass, PASSWORD_BCRYPT),
                    ]
                );

            } elseif ('remove' === $action) {
                unset($authenticatedList[$order]);
                $authenticatedList = array_values($authenticatedList);
            }

            $this->setConfig('www_authenticate', $authenticatedList);

            unset_superglobal('url', 'post');
            unset_superglobal('user', 'post');
            unset_superglobal('pass', 'post');
            unset_superglobal('action', 'post');
            unset_superglobal('order', 'post');

            $this->saveConfig();
        }

        $data = [];

        $data['authentication_list'] = $this->getConfig('www_authenticate');

        $data['title'] = __('panel', 'title_web_authentication', 'Web Page Authentication');

        return $this->renderPage('panel/authentication', $data);
    }

    /**
     * XSS Protection.
     *
     * @return ResponseInterface
     */
    public function xssProtection(): ResponseInterface
    {
        $postParams = get_request()->getParsedBody();

        if ($this->checkPostParamsExist('xss')) {
            unset_superglobal('xss', 'post');

            $type     = $postParams['type']     ?? '';
            $variable = $postParams['variable'] ?? '';
            $action   = $postParams['action']   ?? '';

            // The index number in the $xssProtectedList, see below.
            $order = (int) $postParams['order'];

            // Check variable name. Should be mixed with a-zA-Z and underscore.
            if (!ctype_alnum(str_replace('_', '', $variable))) {

                // @codeCoverageIgnoreStart
                // Ignore the `add` process.
                $action = 'undefined';
                // @codeCoverageIgnoreEnd
            }

            $xssProtectedList = (array) $this->getConfig('xss_protected_list');

            if ('add' === $action) {
                if (in_array($type, ['get', 'post', 'cookie'])) {
                    array_push($xssProtectedList, ['type' => $type, 'variable' => $variable]);
                }
            } elseif ('remove' === $action) {
                unset($xssProtectedList[$order]);
                $xssProtectedList = array_values($xssProtectedList);
            }

            $this->setConfig('xss_protected_list', $xssProtectedList);

            unset_superglobal('type', 'post');
            unset_superglobal('variable', 'post');
            unset_superglobal('action', 'post');
            unset_superglobal('order', 'post');

            $this->saveConfig();
        }

        $data = [];

        $data['xss_protected_list'] = $this->getConfig('xss_protected_list');

        $data['title'] = __('panel', 'title_xss_protection', 'XSS Protection');

        return $this->renderPage('panel/xss_protection', $data);
    }
}


1			<?php
2			/**
3			* This file is part of the Shieldon package.
4			*
5			* (c) Terry L. <[email protected]>
6			*
7			* For the full copyright and license information, please view the LICENSE
8			* file that was distributed with this source code.
9			*
10			* php version 7.1.0
11			*
12			* @category Web-security
13			* @package Shieldon
14			* @author Terry Lin <[email protected]>
15			* @copyright 2019 terrylinooo
16			* @license https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17			* @link https://github.com/terrylinooo/shieldon
18			* @see https://shieldon.io
19			*/
20
21			declare(strict_types=1);
22
23			namespace Shieldon\Firewall\Panel;
24
25			use Psr\Http\Message\ResponseInterface;
26			use Shieldon\Firewall\Panel\BaseController;
27			use function Shieldon\Firewall\__;
28			use function Shieldon\Firewall\get_request;
29			use function Shieldon\Firewall\unset_superglobal;
30
31			use function array_push;
32			use function array_values;
33			use function ctype_alnum;
34			use function str_replace;
35
36			/**
37			* Security
38			*/
39			class Security extends BaseController
40			{
41			/**
42			* Public methods \| Desctiotion
43			* ----------------------\|---------------------------------------------
44			* authentication \| The page for managing page authentication.
45			* actionLog \| The page for managing XSS protection.
46			* ----------------------\|---------------------------------------------
47			*/
48
49			/**
50			* Constructor
51			*/
52			public function __construct()
53			{
54			parent::__construct();
55			}
56
57			/**
58			* WWW-Authenticate.
59			*
60			* @return ResponseInterface
61			*/
62			public function authentication(): ResponseInterface
63			{
64			$postParams = get_request()->getParsedBody();
65
66			if ($this->checkPostParamsExist('url', 'user', 'pass', 'action')) {
67
68			$url = $postParams['url'];
69			$user = $postParams['user'];
70			$pass = $postParams['pass'];
71			$action = $postParams['action'];
72			$order = (int) $postParams['order'];
73
74			$authenticatedList = (array) $this->getConfig('www_authenticate');
75
76			if ('add' === $action) {
77			array_push(
78			$authenticatedList,
79			[
80			'url' => $url,
81			'user' => $user,
82			'pass' => password_hash($pass, PASSWORD_BCRYPT),
83			]
84			);
85
86			} elseif ('remove' === $action) {
87			unset($authenticatedList[$order]);
88			$authenticatedList = array_values($authenticatedList);
89			}
90
91			$this->setConfig('www_authenticate', $authenticatedList);
92
93			unset_superglobal('url', 'post');
94			unset_superglobal('user', 'post');
95			unset_superglobal('pass', 'post');
96			unset_superglobal('action', 'post');
97			unset_superglobal('order', 'post');
98
99			$this->saveConfig();
100			}
101
102			$data = [];
103
104			$data['authentication_list'] = $this->getConfig('www_authenticate');
105
106			$data['title'] = __('panel', 'title_web_authentication', 'Web Page Authentication');
107
108			return $this->renderPage('panel/authentication', $data);
109			}
110
111			/**
112			* XSS Protection.
113			*
114			* @return ResponseInterface
115			*/
116			public function xssProtection(): ResponseInterface
117			{
118			$postParams = get_request()->getParsedBody();
119
120			if ($this->checkPostParamsExist('xss')) {
121			unset_superglobal('xss', 'post');
122
123			$type = $postParams['type'] ?? '';
124			$variable = $postParams['variable'] ?? '';
125			$action = $postParams['action'] ?? '';
126
127			// The index number in the $xssProtectedList, see below.
128			$order = (int) $postParams['order'];
129
130			// Check variable name. Should be mixed with a-zA-Z and underscore.
131			if (!ctype_alnum(str_replace('_', '', $variable))) {
132
133			// @codeCoverageIgnoreStart
134			// Ignore the `add` process.
135			$action = 'undefined';
136			// @codeCoverageIgnoreEnd
137			}
138
139			$xssProtectedList = (array) $this->getConfig('xss_protected_list');
140
141			if ('add' === $action) {
142			if (in_array($type, ['get', 'post', 'cookie'])) {
143			array_push($xssProtectedList, ['type' => $type, 'variable' => $variable]);
144			}
145			} elseif ('remove' === $action) {
146			unset($xssProtectedList[$order]);
147			$xssProtectedList = array_values($xssProtectedList);
148			}
149
150			$this->setConfig('xss_protected_list', $xssProtectedList);
151
152			unset_superglobal('type', 'post');
153			unset_superglobal('variable', 'post');
154			unset_superglobal('action', 'post');
155			unset_superglobal('order', 'post');
156
157			$this->saveConfig();
158			}
159
160			$data = [];
161
162			$data['xss_protected_list'] = $this->getConfig('xss_protected_list');
163
164			$data['title'] = __('panel', 'title_xss_protection', 'XSS Protection');
165
166			return $this->renderPage('panel/xss_protection', $data);
167			}
168			}
169

terrylinooo / shieldon

Push — 2.x ( d1e533...30af3d )

Security A

Complexity

Size/Duplication

Importance

3 Methods

Duplication Side-by-Side

Filter issues like