Sign upLogin

Firesphere/silverstripe-csp-headers

View on GitHub
Star

Showing 121 of 145 total issues

Avoid using static access to class '\Firesphere\CSPHeaders\View\CSPBackend' in method 'buildTags'.
Open

        if (CSPBackend::isCssSRI() || $cookieSet) {
Severity: Minor
Found in src/Builders/CSSBuilder.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

The method onBeforeInit uses an else expression. Else clauses are basically not necessary and you can simplify the code by not using them.
Open

            } else {
                $origin = (string)$owner->getRequest()->getHeader('origin');
                $base = Director::absoluteBaseURL();
                $trimmedOrigin = $this->trimDomain($origin);
                $trimmedBase = $this->trimDomain($base);
Severity: Minor
Found in src/Extensions/ControllerCSPExtension.php by phpmd

ElseExpression

Since: 1.4.0

An if expression with an else branch is basically not necessary. You can rewrite the conditions in a way that the else clause is not necessary and the code becomes simpler to read. To achieve this, use early return statements, though you may need to split the code it several smaller methods. For very simple assignments you could also use the ternary operations.

Example

class Foo
{
    public function bar($flag)
    {
        if ($flag) {
            // one branch
        } else {
            // another branch
        }
    }
}

Source https://phpmd.org/rules/cleancode.html#elseexpression

Avoid using static access to class '\SilverStripe\Control\Director' in method 'onBeforeInit'.
Open

                $base = Director::absoluteBaseURL();
Severity: Minor
Found in src/Extensions/ControllerCSPExtension.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

Avoid using static access to class '\Firesphere\CSPHeaders\Models\CSPDomain' in method 'addCSP'.
Open

        $cspDomains = CSPDomain::get();
Severity: Minor
Found in src/Extensions/ControllerCSPExtension.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

Avoid unused parameters such as '$context'.
Open

    public function canCreate($member = null, $context = array())
Severity: Minor
Found in src/Models/SRI.php by phpmd

UnusedFormalParameter

Since: 0.2

Avoid passing parameters to methods or constructors and then not using those parameters.

Example

class Foo
{
    private function bar($howdy)
    {
        // $howdy is not used
    }
}

Source https://phpmd.org/rules/unusedcode.html#unusedformalparameter

Avoid using static access to class '\Firesphere\CSPHeaders\Extensions\ControllerCSPExtension' in method 'customScript'.
Open

        ControllerCSPExtension::addJS($js);
Severity: Minor
Found in src/View/CSPBackend.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

Avoid using static access to class '\SilverStripe\Control\Controller' in method 'getNonce'.
Open

            $ctrl = Controller::curr();
Severity: Minor
Found in src/Builders/BaseBuilder.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

Avoid using static access to class '\SilverStripe\ORM\ArrayList' in method 'buildSRI'.
Open

            self::$sri = ArrayList::create(SRI::get()->toArray());
Severity: Minor
Found in src/Builders/SRIBuilder.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

Avoid assigning values to variables in if clauses and the like (line '137', column '13').
Open

    public function onBeforeInit()
    {
        if (self::$isTesting || !DB::is_active() || !ClassInfo::hasTable('Member') || Director::is_cli()) {
            return;
        }
Severity: Minor
Found in src/Extensions/ControllerCSPExtension.php by phpmd

IfStatementAssignment

Since: 2.7.0

Assignments in if clauses and the like are considered a code smell. Assignments in PHP return the right operand as their result. In many cases, this is an expected behavior, but can lead to many difficult to spot bugs, especially when the right operand could result in zero, null or an empty string and the like.

Example

class Foo
{
    public function bar($flag)
    {
        if ($foo = 'bar') { // possible typo
            // ...
        }
        if ($baz = 0) { // always false
            // ...
        }
    }
}

Source http://phpmd.org/rules/cleancode.html#ifstatementassignment

Avoid using static access to class '\SilverStripe\Forms\GridField\GridField' in method 'updateSettingsFields'.
Open

        $gridfield = GridField::create(
            'CSPDomains',
            _t(__CLASS__ . '.CSP_DOMAINS', 'Content Security Policy Domains'),
            $this->owner->CSPDomains(),
            $config
Severity: Minor
Found in src/Extensions/PageExtension.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

Avoid using static access to class '\SilverStripe\Control\Director' in method 'onBeforeWrite'.
Open

                Director::publicFolder(),
Severity: Minor
Found in src/Models/SRI.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

Avoid using static access to class '\SilverStripe\Control\Director' in method 'onBeforeWrite'.
Open

                Director::publicFolder() . '/resources',
Severity: Minor
Found in src/Models/SRI.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

Avoid unused private fields such as '$skip_domains'.
Open

    private static $skip_domains = [];
Severity: Minor
Found in src/Builders/SRIBuilder.php by phpmd

UnusedPrivateField

Since: 0.2

Detects when a private field is declared and/or assigned a value, but not used.

Example

class Something
{
    private static $FOO = 2; // Unused
    private $i = 5; // Unused
    private $j = 6;
    public function addOne()
    {
        return $this->j++;
    }
}

Source https://phpmd.org/rules/unusedcode.html#unusedprivatefield

Avoid using static access to class '\SilverStripe\Control\Director' in method 'onBeforeInit'.
Open

        if (self::$isTesting || !DB::is_active() || !ClassInfo::hasTable('Member') || Director::is_cli()) {
Severity: Minor
Found in src/Extensions/ControllerCSPExtension.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

Avoid using static access to class '\Firesphere\CSPHeaders\Extensions\ControllerCSPExtension' in method 'customCSS'.
Open

        ControllerCSPExtension::addCSS($css);
Severity: Minor
Found in src/View/CSPBackend.php by phpmd

StaticAccess

Since: 1.4.0

Static access causes unexchangeable dependencies to other classes and leads to hard to test code. Avoid using static access at all costs and instead inject dependencies through the constructor. The only case when static access is acceptable is when used for factory methods.

Example

class Foo
{
    public function bar()
    {
        Bar::baz();
    }
}

Source https://phpmd.org/rules/cleancode.html#staticaccess

The method toYml() has a Cyclomatic Complexity of 13. The configured cyclomatic complexity threshold is 10.
Open

    public static function toYml($response, $return = false)
    {
        $cspHeader = $response->getHeader('content-security-policy') ?? $response->getHeader('content-security-policy-report-only');

        $asArray = explode(';', $cspHeader);
Severity: Minor
Found in src/Helpers/CSPConvertor.php by phpmd

CyclomaticComplexity

Since: 0.1

Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.

Example

// Cyclomatic Complexity = 11
class Foo {
1   public function example() {
2       if ($a == $b) {
3           if ($a1 == $b1) {
                fiddle();
4           } elseif ($a2 == $b2) {
                fiddle();
            } else {
                fiddle();
            }
5       } elseif ($c == $d) {
6           while ($c == $d) {
                fiddle();
            }
7        } elseif ($e == $f) {
8           for ($n = 0; $n < $h; $n++) {
                fiddle();
            }
        } else {
            switch ($z) {
9               case 1:
                    fiddle();
                    break;
10              case 2:
                    fiddle();
                    break;
11              case 3:
                    fiddle();
                    break;
                default:
                    fiddle();
                    break;
            }
        }
    }
}

Source https://phpmd.org/rules/codesize.html#cyclomaticcomplexity

The method onBeforeInit() has a Cyclomatic Complexity of 22. The configured cyclomatic complexity threshold is 10.
Open

    public function onBeforeInit()
    {
        if (self::$isTesting || !DB::is_active() || !ClassInfo::hasTable('Member') || Director::is_cli()) {
            return;
        }
Severity: Minor
Found in src/Extensions/ControllerCSPExtension.php by phpmd

CyclomaticComplexity

Since: 0.1

Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.

Example

// Cyclomatic Complexity = 11
class Foo {
1   public function example() {
2       if ($a == $b) {
3           if ($a1 == $b1) {
                fiddle();
4           } elseif ($a2 == $b2) {
                fiddle();
            } else {
                fiddle();
            }
5       } elseif ($c == $d) {
6           while ($c == $d) {
                fiddle();
            }
7        } elseif ($e == $f) {
8           for ($n = 0; $n < $h; $n++) {
                fiddle();
            }
        } else {
            switch ($z) {
9               case 1:
                    fiddle();
                    break;
10              case 2:
                    fiddle();
                    break;
11              case 3:
                    fiddle();
                    break;
                default:
                    fiddle();
                    break;
            }
        }
    }
}

Source https://phpmd.org/rules/codesize.html#cyclomaticcomplexity

The method addPermissionsHeaders() has a Cyclomatic Complexity of 26. The configured cyclomatic complexity threshold is 10.
Open

    private function addPermissionsHeaders(mixed $ymlConfig, Controller $controller)
    {
        $config = Injector::inst()->convertServiceProperty($ymlConfig);
        $policies = [];
        foreach ($config as $key => $value) {
Severity: Minor
Found in src/Extensions/ControllerCSPExtension.php by phpmd

CyclomaticComplexity

Since: 0.1

Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.

Example

// Cyclomatic Complexity = 11
class Foo {
1   public function example() {
2       if ($a == $b) {
3           if ($a1 == $b1) {
                fiddle();
4           } elseif ($a2 == $b2) {
                fiddle();
            } else {
                fiddle();
            }
5       } elseif ($c == $d) {
6           while ($c == $d) {
                fiddle();
            }
7        } elseif ($e == $f) {
8           for ($n = 0; $n < $h; $n++) {
                fiddle();
            }
        } else {
            switch ($z) {
9               case 1:
                    fiddle();
                    break;
10              case 2:
                    fiddle();
                    break;
11              case 3:
                    fiddle();
                    break;
                default:
                    fiddle();
                    break;
            }
        }
    }
}

Source https://phpmd.org/rules/codesize.html#cyclomaticcomplexity

The variable $ContentTypeOptions is not named in camelCase.
Open

    public function onBeforeInit()
    {
        if (self::$isTesting || !DB::is_active() || !ClassInfo::hasTable('Member') || Director::is_cli()) {
            return;
        }
Severity: Minor
Found in src/Extensions/ControllerCSPExtension.php by phpmd

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

The variable $non_url_args is not named in camelCase.
Open

    public static function toYml($response, $return = false)
    {
        $cspHeader = $response->getHeader('content-security-policy') ?? $response->getHeader('content-security-policy-report-only');

        $asArray = explode(';', $cspHeader);
Severity: Minor
Found in src/Helpers/CSPConvertor.php by phpmd

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

Severity
Category
Status
Source
Language