TokenMask - Code Metrics - Inspection of "Fix #3: adjust naming" - yiisoft/security - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 8f2aab...3e2247 )

by Alexander

created 2019-09-16 19:25 UTC

TokenMask A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	31
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	8
c	0
b	0
f	0
dl	0
loc	31
rs	10
wmc	3

2 Methods

Rating	Name	Duplication	Size	Complexity
A	unmask()	0	10	2
A	apply()	0	5	1

<?php declare(strict_types=1);

namespace Yiisoft\Security;

use Yiisoft\Strings\StringHelper;

/**
 * TokenMask helps to mitigate BREACH attack by randomizing how token is outputted on each request.
 * A random mask is applied to the token making the string always unique.
 */
final class TokenMask
{
    /**
     * Masks a token to make it uncompressible.
     * Applies a random mask to the token and prepends the mask used to the result making the string always unique.
     * @param string $token An unmasked token.
     * @return string A masked token.
     * @throws \Exception if unable to securely generate random bytes
     */
    public static function apply(string $token): string
    {
        // The number of bytes in a mask is always equal to the number of bytes in a token.
        $mask = random_bytes(StringHelper::byteLength($token));
        return StringHelper::base64UrlEncode($mask . ($mask ^ $token));
    }

    /**
     * Unmasks a token previously masked by `mask`.
     * @param string $maskedToken A masked token.
     * @return string An unmasked token, or an empty string in case of token format is invalid.
     */
    public static function unmask(string $maskedToken): string
    {
        $decoded = StringHelper::base64UrlDecode($maskedToken);
        $length = StringHelper::byteLength($decoded) / 2;
        // Check if the masked token has an even length.
        if (!is_int($length)) {

            return '';
        }

        return StringHelper::byteSubstr($decoded, $length, $length) ^ StringHelper::byteSubstr($decoded, 0, $length);
    }
}


1			<?php declare(strict_types=1);
2
3			namespace Yiisoft\Security;
4
5			use Yiisoft\Strings\StringHelper;
6
7			/**
8			* TokenMask helps to mitigate BREACH attack by randomizing how token is outputted on each request.
9			* A random mask is applied to the token making the string always unique.
10			*/
11			final class TokenMask
12			{
13			/**
14			* Masks a token to make it uncompressible.
15			* Applies a random mask to the token and prepends the mask used to the result making the string always unique.
16			* @param string $token An unmasked token.
17			* @return string A masked token.
18			* @throws \Exception if unable to securely generate random bytes
19			*/
20			public static function apply(string $token): string
21			{
22			// The number of bytes in a mask is always equal to the number of bytes in a token.
23			$mask = random_bytes(StringHelper::byteLength($token));
24			return StringHelper::base64UrlEncode($mask . ($mask ^ $token));
25			}
26
27			/**
28			* Unmasks a token previously masked by `mask`.
29			* @param string $maskedToken A masked token.
30			* @return string An unmasked token, or an empty string in case of token format is invalid.
31			*/
32			public static function unmask(string $maskedToken): string
33			{
34			$decoded = StringHelper::base64UrlDecode($maskedToken);
35			$length = StringHelper::byteLength($decoded) / 2;
36			// Check if the masked token has an even length.
37			if (!is_int($length)) {
			0 ignored issues – show introduced 2019-06-27 22:30 UTC by Report Bug Copy Issue Report The condition `is_int($length)` is always `true`. Loading history...
38			return '';
39			}
40
41			return StringHelper::byteSubstr($decoded, $length, $length) ^ StringHelper::byteSubstr($decoded, 0, $length);
42			}
43			}
44

yiisoft / security

Push — master ( 8f2aab...3e2247 )

TokenMask A

Complexity

Size/Duplication

Importance

2 Methods

Duplication Side-by-Side

Filter issues like