Showing 121 of 145 total issues
Function toYml has a Cognitive Complexity of 25 (exceeds 5 allowed). Consider refactoring. Open
public static function toYml($response, $return = false)
{
$cspHeader = $response->getHeader('content-security-policy') ?? $response->getHeader('content-security-policy-report-only');
$asArray = explode(';', $cspHeader);- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
The class ControllerCSPExtension has an overall complexity of 86 which is very high. The configured complexity threshold is 50. Open
class ControllerCSPExtension extends Extension
{
public static $isTesting = false;
/**
* Base CSP configuration- Exclude checks
Function onBeforeInit has a Cognitive Complexity of 19 (exceeds 5 allowed). Consider refactoring. Open
public function onBeforeInit()
{
if (self::$isTesting || !DB::is_active() || !ClassInfo::hasTable('Member') || Director::is_cli()) {
return;
}- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
File ControllerCSPExtension.php has 273 lines of code (exceeds 250 allowed). Consider refactoring. Open
<?php
namespace Firesphere\CSPHeaders\Extensions;
Method addPermissionsHeaders has 58 lines of code (exceeds 25 allowed). Consider refactoring. Open
private function addPermissionsHeaders(mixed $ymlConfig, Controller $controller)
{
$config = Injector::inst()->convertServiceProperty($ymlConfig);
$policies = [];
foreach ($config as $key => $value) {Method toYml has 53 lines of code (exceeds 25 allowed). Consider refactoring. Open
public static function toYml($response, $return = false)
{
$cspHeader = $response->getHeader('content-security-policy') ?? $response->getHeader('content-security-policy-report-only');
$asArray = explode(';', $cspHeader);Method onBeforeInit has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
public function onBeforeInit()
{
if (self::$isTesting || !DB::is_active() || !ClassInfo::hasTable('Member') || Director::is_cli()) {
return;
}Function addPermissionsHeaders has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring. Open
private function addPermissionsHeaders(mixed $ymlConfig, Controller $controller)
{
$config = Injector::inst()->convertServiceProperty($ymlConfig);
$policies = [];
foreach ($config as $key => $value) {- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Function onBeforeWrite has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring. Open
public function onBeforeWrite()
{
$body = null;
// Since this is called from CSP Backend, an SRI for external files is automatically created
if (!Director::is_site_url($this->File)) {- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Avoid variables with short names like $db. Configured minimum length is 3. Open
private static $db = [
'AllowCSSInline' => DBBoolean::class,
'AllowJSInline' => DBBoolean::class,
];- Read upRead up
- Exclude checks
ShortVariable
Since: 0.2
Detects when a field, local, or parameter has a very short name.
Example
class Something {
private $q = 15; // VIOLATION - Field
public static function main( array $as ) { // VIOLATION - Formal
$r = 20 + $this->q; // VIOLATION - Local
for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
$r += $this->q;
}
}
}Source https://phpmd.org/rules/naming.html#shortvariable
The property $non_url_args is not named in camelCase. Open
class CSPConvertor
{
/**
* @var string[] default values allowed- Read upRead up
- Exclude checks
CamelCasePropertyName
Since: 0.2
It is considered best practice to use the camelCase notation to name attributes.
Example
class ClassName {
protected $property_name;
}Source
Avoid variables with short names like $db. Configured minimum length is 3. Open
private static $db = [
'Domain' => DBVarchar::class,
'Source' => DBEnum::class . '("default,script,style,img,media,font,form,frame,ancestor,worker,connect")'
];- Read upRead up
- Exclude checks
ShortVariable
Since: 0.2
Detects when a field, local, or parameter has a very short name.
Example
class Something {
private $q = 15; // VIOLATION - Field
public static function main( array $as ) { // VIOLATION - Formal
$r = 20 + $this->q; // VIOLATION - Local
for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
$r += $this->q;
}
}
}Source https://phpmd.org/rules/naming.html#shortvariable
Avoid variables with short names like $db. Configured minimum length is 3. Open
private static $db = [
'File' => DBVarchar::class,
'SRI' => DBVarchar::class
];- Read upRead up
- Exclude checks
ShortVariable
Since: 0.2
Detects when a field, local, or parameter has a very short name.
Example
class Something {
private $q = 15; // VIOLATION - Field
public static function main( array $as ) { // VIOLATION - Formal
$r = 20 + $this->q; // VIOLATION - Local
for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
$r += $this->q;
}
}
}Source https://phpmd.org/rules/naming.html#shortvariable
The property $non_url_defaults is not named in camelCase. Open
class CSPConvertor
{
/**
* @var string[] default values allowed- Read upRead up
- Exclude checks
CamelCasePropertyName
Since: 0.2
It is considered best practice to use the camelCase notation to name attributes.
Example
class ClassName {
protected $property_name;
}Source
Avoid variables with short names like $js. Configured minimum length is 3. Open
public function customScript($js, $uniquenessID = null): void- Read upRead up
- Exclude checks
ShortVariable
Since: 0.2
Detects when a field, local, or parameter has a very short name.
Example
class Something {
private $q = 15; // VIOLATION - Field
public static function main( array $as ) { // VIOLATION - Formal
$r = 20 + $this->q; // VIOLATION - Local
for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
$r += $this->q;
}
}
}Source https://phpmd.org/rules/naming.html#shortvariable
The property $skip_domains is not named in camelCase. Open
class SRIBuilder
{
use Configurable;
/**- Read upRead up
- Exclude checks
CamelCasePropertyName
Since: 0.2
It is considered best practice to use the camelCase notation to name attributes.
Example
class ClassName {
protected $property_name;
}Source
The class ControllerCSPExtension has a coupling between objects value of 15. Consider to reduce the number of dependencies under 13. Open
class ControllerCSPExtension extends Extension
{
public static $isTesting = false;
/**
* Base CSP configuration- Read upRead up
- Exclude checks
CouplingBetweenObjects
Since: 1.1.0
A class with too many dependencies has negative impacts on several quality aspects of a class. This includes quality criteria like stability, maintainability and understandability
Example
class Foo {
/**
* @var \foo\bar\X
*/
private $x = null;
/**
* @var \foo\bar\Y
*/
private $y = null;
/**
* @var \foo\bar\Z
*/
private $z = null;
public function setFoo(\Foo $foo) {}
public function setBar(\Bar $bar) {}
public function setBaz(\Baz $baz) {}
/**
* @return \SplObjectStorage
* @throws \OutOfRangeException
* @throws \InvalidArgumentException
* @throws \ErrorException
*/
public function process(\Iterator $it) {}
// ...
}Source https://phpmd.org/rules/design.html#couplingbetweenobjects
Function addCSPHeaders has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
private function addCSPHeaders(mixed $ymlConfig, Controller $owner): void
{
$config = Injector::inst()->convertServiceProperty($ymlConfig);
$legacy = $config['legacy'] ?? true;
$unsafeCSSInline = $config['style-src']['unsafe-inline'];- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Function buildSRI has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
public function buildSRI($file, array $htmlAttributes): array
{
$skipFiles = $this->config()->get('skip_domains') ?? [];
foreach ($skipFiles as $filename) {
if (strpos($file, $filename) === 0) {- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
The method toYml has a boolean flag argument $return, which is a certain sign of a Single Responsibility Principle violation. Open
public static function toYml($response, $return = false)- Read upRead up
- Exclude checks
BooleanArgumentFlag
Since: 1.4.0
A boolean flag argument is a reliable indicator for a violation of the Single Responsibility Principle (SRP). You can fix this problem by extracting the logic in the boolean flag into its own class or method.
Example
class Foo {
public function bar($flag = true) {
}
}