PMF_Network - Code Metrics - Inspection of "Fixed handling of banned IPv4 and IPv6 addresses" - thorsten/phpMyFAQ - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 2.9 ( 4b8d24...c7170e )

by Thorsten

created 2016-09-08 08:44 UTC

PMF_Network A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	130
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	1

Importance

Changes	1
Bugs	1	Features	0

Metric	Value
c	1
b	1
f	0
dl	0
loc	130
rs	10
wmc	18
lcom	1
cbo	1

4 Methods

Rating	Name	Size	Complexity
A	__construct()	4	1
C	checkIp()	27	7
B	checkForAddrMatchIpv4()	25	3
C	checkForAddrMatchIpv6()	31	7

<?php

/**
 * The network class for IPv4 and IPv6 handling.
 *
 * PHP Version 5.5
 *
 * This Source Code Form is subject to the terms of the Mozilla Public License,
 * v. 2.0. If a copy of the MPL was not distributed with this file, You can
 * obtain one at http://mozilla.org/MPL/2.0/.
 *
 * @category  phpMyFAQ
 *
 * @author    Thorsten Rinne <[email protected]>
 * @author    Matteo Scaramuccia <[email protected]>
 * @author    Kenneth Shaw <[email protected]>
 * @author    David Soria Parra <[email protected]>
 * @copyright 2011-2016 phpMyFAQ Team
 * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
 *
 * @link      http://www.phpmyfaq.de
 * @since     2011-02-04
 */
if (!defined('IS_VALID_PHPMYFAQ')) {
    exit();
}

/**
 * PMF_Network.
 *
 * @category  phpMyFAQ
 *
 * @author    Thorsten Rinne <[email protected]>
 * @author    Matteo Scaramuccia <[email protected]>
 * @author    Kenneth Shaw <[email protected]>
 * @author    David Soria Parra <[email protected]>
 * @copyright 2011-2016 phpMyFAQ Team
 * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
 *
 * @link      http://www.phpmyfaq.de
 * @since     2011-02-04
 */
class PMF_Network
{
    /**
     * @var PMF_Configuration
     */
    private $_config;

    /**
     * Constructor.
     *
     * @param PMF_Configuration $config
     *
     * @return PMF_Network
     */
    public function __construct(PMF_Configuration $config)
    {
        $this->_config = $config;
    }

    /**
     * Performs a check if an IPv4 or IPv6 address is banned.
     *
     * @param string $ip IPv4 or IPv6 address
     *
     * @return bool true, if not banned
     */
    public function checkIp($ip)
    {
        $bannedIps = explode(' ', $this->_config->get('security.bannedIPs'));

        foreach ($bannedIps as $ipAddress) {
            if (0 === strlen($ipAddress)) {
                continue;
            }

            if (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) &&
                false === filter_var($ipAddress, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
                // Handle IPv4
                if ($this->checkForAddrMatchIpv4($ip, $ipAddress)) {
                    return false;
                }
            } else {
                // Handle IPv6
                try {
                    return $this->checkForAddrMatchIpv6($ip, $ipAddress);
                } catch (InvalidArgumentException $e) {
                    return false;
                }
            }
        }

        return true;
    }

    /**
     * Checks for an address match (IPv4 or Network).
     *
     * @param string $ip      IPv4 Address
     * @param string $network Network Address or IPv4 Address
     *
     * @return bool true if IP matched
     */
    public function checkForAddrMatchIpv4($ip, $network)
    {
        // See also ip2long PHP online manual: Kenneth Shaw
        // coded a network matching function called net_match.
        // We use here his way of doing bit-by-bit network comparison

        // Start applying the discovering of the network mask
        $ip_arr = explode('/', $network);

        $network_long = ip2long($ip_arr[0]);
        $ip_long = ip2long($ip);

        if (!isset($ip_arr[1])) {
            // $network seems to be a simple ip address, instead of a network address
            $matched = ($network_long == $ip_long);
        } else {
            // $network seems to be a real network address
            $x = ip2long($ip_arr[1]);
            // Evaluate the netmask: <Network Mask> or <CIDR>
            $mask = (long2ip($x) == $ip_arr[1] ? $x : 0xffffffff << (32 - $ip_arr[1]));
            $matched = (($ip_long & $mask) == ($network_long & $mask));
        }

        return $matched;
    }

    /**
     * Checks for an address match (IPv6 or Network).
     *
     * @param string $ip      IPv6 Address
     * @param string $network Network Address or IPv6 Address
     *
     * @throws InvalidArgumentException
     *
     * @return bool true if IP matched
     */
    public function checkForAddrMatchIpv6($ip, $network)
    {
        if (false === strpos($network, '/')) {
            throw new InvalidArgumentException('Not a valid IPv6 subnet.');
        }

        list($addr, $preflen) = explode('/', $network);
        if (!is_numeric($preflen)) {
            throw new InvalidArgumentException('Not a valid IPv6 preflen.');
        }

        if (!filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
            throw new InvalidArgumentException('Not a valid IPv6 subnet.');
        }

        $bytes_addr = unpack('n*', inet_pton($addr));
        $bytes_test = unpack('n*', inet_pton($ip));

        for ($i = 1; $i <= ceil($preflen / 16); ++$i) {
            $left = $preflen - 16 * ($i - 1);
            if ($left > 16) {
                $left = 16;
            }
            $mask = ~(0xffff >> $left) & 0xffff;
            if (($bytes_addr[$i] & $mask) != ($bytes_test[$i] & $mask)) {
                return false;
            }
        }

        return true;
    }
}


1			<?php
2
3			/**
4			* The network class for IPv4 and IPv6 handling.
5			*
6			* PHP Version 5.5
7			*
8			* This Source Code Form is subject to the terms of the Mozilla Public License,
9			* v. 2.0. If a copy of the MPL was not distributed with this file, You can
10			* obtain one at http://mozilla.org/MPL/2.0/.
11			*
12			* @category phpMyFAQ
13			*
14			* @author Thorsten Rinne <[email protected]>
15			* @author Matteo Scaramuccia <[email protected]>
16			* @author Kenneth Shaw <[email protected]>
17			* @author David Soria Parra <[email protected]>
18			* @copyright 2011-2016 phpMyFAQ Team
19			* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
20			*
21			* @link http://www.phpmyfaq.de
22			* @since 2011-02-04
23			*/
24			if (!defined('IS_VALID_PHPMYFAQ')) {
25			exit();
26			}
27
28			/**
29			* PMF_Network.
30			*
31			* @category phpMyFAQ
32			*
33			* @author Thorsten Rinne <[email protected]>
34			* @author Matteo Scaramuccia <[email protected]>
35			* @author Kenneth Shaw <[email protected]>
36			* @author David Soria Parra <[email protected]>
37			* @copyright 2011-2016 phpMyFAQ Team
38			* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
39			*
40			* @link http://www.phpmyfaq.de
41			* @since 2011-02-04
42			*/
43			class PMF_Network
44			{
45			/**
46			* @var PMF_Configuration
47			*/
48			private $_config;
49
50			/**
51			* Constructor.
52			*
53			* @param PMF_Configuration $config
54			*
55			* @return PMF_Network
56			*/
57			public function __construct(PMF_Configuration $config)
58			{
59			$this->_config = $config;
60			}
61
62			/**
63			* Performs a check if an IPv4 or IPv6 address is banned.
64			*
65			* @param string $ip IPv4 or IPv6 address
66			*
67			* @return bool true, if not banned
68			*/
69			public function checkIp($ip)
70			{
71			$bannedIps = explode(' ', $this->_config->get('security.bannedIPs'));
72
73			foreach ($bannedIps as $ipAddress) {
74			if (0 === strlen($ipAddress)) {
75			continue;
76			}
77
78			if (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) &&
79			false === filter_var($ipAddress, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
80			// Handle IPv4
81			if ($this->checkForAddrMatchIpv4($ip, $ipAddress)) {
82			return false;
83			}
84			} else {
85			// Handle IPv6
86			try {
87			return $this->checkForAddrMatchIpv6($ip, $ipAddress);
88			} catch (InvalidArgumentException $e) {
89			return false;
90			}
91			}
92			}
93
94			return true;
95			}
96
97			/**
98			* Checks for an address match (IPv4 or Network).
99			*
100			* @param string $ip IPv4 Address
101			* @param string $network Network Address or IPv4 Address
102			*
103			* @return bool true if IP matched
104			*/
105			public function checkForAddrMatchIpv4($ip, $network)
106			{
107			// See also ip2long PHP online manual: Kenneth Shaw
108			// coded a network matching function called net_match.
109			// We use here his way of doing bit-by-bit network comparison
110
111			// Start applying the discovering of the network mask
112			$ip_arr = explode('/', $network);
113
114			$network_long = ip2long($ip_arr[0]);
115			$ip_long = ip2long($ip);
116
117			if (!isset($ip_arr[1])) {
118			// $network seems to be a simple ip address, instead of a network address
119			$matched = ($network_long == $ip_long);
120			} else {
121			// $network seems to be a real network address
122			$x = ip2long($ip_arr[1]);
123			// Evaluate the netmask: <Network Mask> or <CIDR>
124			$mask = (long2ip($x) == $ip_arr[1] ? $x : 0xffffffff << (32 - $ip_arr[1]));
125			$matched = (($ip_long & $mask) == ($network_long & $mask));
126			}
127
128			return $matched;
129			}
130
131			/**
132			* Checks for an address match (IPv6 or Network).
133			*
134			* @param string $ip IPv6 Address
135			* @param string $network Network Address or IPv6 Address
136			*
137			* @throws InvalidArgumentException
138			*
139			* @return bool true if IP matched
140			*/
141			public function checkForAddrMatchIpv6($ip, $network)
142			{
143			if (false === strpos($network, '/')) {
144			throw new InvalidArgumentException('Not a valid IPv6 subnet.');
145			}
146
147			list($addr, $preflen) = explode('/', $network);
148			if (!is_numeric($preflen)) {
149			throw new InvalidArgumentException('Not a valid IPv6 preflen.');
150			}
151
152			if (!filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
153			throw new InvalidArgumentException('Not a valid IPv6 subnet.');
154			}
155
156			$bytes_addr = unpack('n*', inet_pton($addr));
157			$bytes_test = unpack('n*', inet_pton($ip));
158
159			for ($i = 1; $i <= ceil($preflen / 16); ++$i) {
160			$left = $preflen - 16 * ($i - 1);
161			if ($left > 16) {
162			$left = 16;
163			}
164			$mask = ~(0xffff >> $left) & 0xffff;
165			if (($bytes_addr[$i] & $mask) != ($bytes_test[$i] & $mask)) {
166			return false;
167			}
168			}
169
170			return true;
171			}
172			}
173

thorsten / phpMyFAQ

GitHub Access Token became invalid

Push — 2.9 ( 4b8d24...c7170e )

PMF_Network A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

Duplication Side-by-Side

Filter issues like