add csp javadoc

Author: jcheron

src/Ubiquity/security/csp/ContentSecurity.php

@@ -22,12 +22,24 @@ class ContentSecurity {
 
 	private $header = self::HEADER;
 
+	/**
+	 * ContentSecurity constructor.
+	 *
+	 * @param bool|null $reportOnly
+	 */
 	public function __construct(?bool $reportOnly = null) {
 		if (isset($reportOnly)) {
 			$this->reportOnly($reportOnly);
 		}
 	}
 
+	/**
+	 * Adds new values to a directive.
+	 *
+	 * @param string $directive
+	 * @param string ...$values
+	 * @return $this
+	 */
 	public function addPolicy(string $directive, string ...$values): self {
 		$policies = $this->policies[$directive] ?? [];
 		foreach ($values as $v) {
@@ -40,31 +52,63 @@ public function addPolicy(string $directive, string ...$values): self {
 		return $this;
 	}
 
+	/**
+	 * Adds new values to a directive, re-using default-src actual values.
+	 *
+	 * @param string $directive
+	 * @param string ...$values
+	 * @return $this
+	 */
 	public function addPolicyDefault(string $directive, string ...$values): self {
 		$default = \array_keys($this->policies[CspDirectives::DEFAULT_SRC] ?? []);
 		$values = \array_merge($default, $values);
 		$this->addPolicy($directive, ...$values);
 		return $this;
 	}
 
+	/**
+	 * Adds a nonce to the directives.
+	 *
+	 * @param string $nonce
+	 * @param string ...$directives
+	 * @return $this
+	 */
 	public function addNonce(string $nonce, string ...$directives): self {
 		foreach ($directives as $directive) {
 			$this->addPolicy($directive, "'nonce-$nonce'", CspValues::STRICT_DYNAMIC);
 		}
 		return $this;
 	}
 
+	/**
+	 * Adds a nonce to a directive, re-using default-src actual values.
+	 *
+	 * @param string $nonce
+	 * @param string ...$directives
+	 * @return $this
+	 */
 	public function addNonceDefault(string $nonce, string ...$directives): self {
 		foreach ($directives as $directive) {
 			$this->addPolicyDefault($directive, "'nonce-$nonce'", CspValues::STRICT_DYNAMIC);
 		}
 		return $this;
 	}
 
-	public function setDefaultSrc(string ...$policies) {
+	/**
+	 * Defines the policies for default-src directive.
+	 *
+	 * @param string ...$policies
+	 * @return $this
+	 */
+	public function setDefaultSrc(string ...$policies): self {
 		return $this->addPolicy(CspDirectives::DEFAULT_SRC, ...$policies);
 	}
 
+	/**
+	 * Generates the header string.
+	 *
+	 * @return string
+	 */
 	public function generate(): string {
 		$strs = '';
 		foreach ($this->policies as $directive => $policy) {
@@ -74,37 +118,84 @@ public function generate(): string {
 		return $strs;
 	}
 
+	/**
+	 * Display a ContentSecurity object.
+	 *
+	 * @param callable $directiveCall
+	 * @param callable $policyCall
+	 * @return string
+	 */
+	public function display(callable $directiveCall, callable $policyCall): string {
+		$strs = '';
+		foreach ($this->policies as $directive => $policy) {
+			$policies = \array_keys($policy);
+			$strs .= $directiveCall($directive) . $policyCall(\implode(' ', $policies));
+		}
+		return $strs;
+	}
+
+	/**
+	 * Sets reportOnly.
+	 *
+	 * @param bool|null $reportOnly
+	 * @return $this
+	 */
 	public function reportOnly(?bool $reportOnly = true): self {
 		if (isset($reportOnly)) {
 			$this->header = $reportOnly ? self::DEBUG_HEADER : self::HEADER;
 		}
 		return $this;
 	}
 
+	/**
+	 * Adds headers to the response.
+	 *
+	 * @param bool|null $reportOnly
+	 */
 	public function addHeaderToResponse(?bool $reportOnly = null): void {
 		if (isset($reportOnly)) {
 			$this->reportOnly($reportOnly);
 		}
 		UResponse::header($this->header, $this->generate(), false);
 	}
 
+	/**
+	 * Creates a nonce and add it to some directives.
+	 *
+	 * @param
+	 *        	$nonce
+	 * @param string ...$directives
+	 * @return ContentSecurity
+	 */
 	public static function nonce($nonce, string ...$directives): ContentSecurity {
 		$csp = new self();
 		return $csp->addNonce($nonce, ...$directives);
 	}
 
+	/**
+	 * Creates a new ContentSecurity object, with self in default-src.
+	 *
+	 * @return ContentSecurity
+	 */
 	public static function all(): ContentSecurity {
 		$csp = new self();
 		return $csp->addPolicy(CspDirectives::DEFAULT_SRC, CspValues::SELF);
 	}
 
 	/**
+	 * Returns the actual policies.
+	 *
 	 * @return array
 	 */
 	public function getPolicies(): array {
 		return $this->policies;
 	}
 
+	/**
+	 * Creates a new ContentSecurity object for Ubiquity Webtools.
+	 *
+	 * @return ContentSecurity
+	 */
 	public static function defaultUbiquity(): ContentSecurity {
 		$csp = new self();
 		$csp->addPolicy(CspDirectives::DEFAULT_SRC, 'self', 'cdn.jsdelivr.net', 'cdnjs.cloudflare.com');
@@ -114,12 +205,4 @@ public static function defaultUbiquity(): ContentSecurity {
 		$csp->addPolicy(CspDirectives::IMG_SRC, 'data:');
 		return $csp;
 	}
-
-	/**
-	 * @param array $policies
-	 */
-	public function setPolicies(array $policies): void {
-		$this->policies = $policies;
-	}
-
 }

src/Ubiquity/security/csp/ContentSecurityManager.php

@@ -18,32 +18,72 @@ class ContentSecurityManager {
 
 	private static bool $reportOnly;
 
-	public static function start(string $nonceGeneratorClass = null, bool $reportOnly = false, ?callable $onNonce = null) {
+	/**
+	 * Starts the Content Security Policies manager.
+	 *
+	 * @param string|null $nonceGeneratorClass
+	 *        	The class used for generating nonces.
+	 * @param bool $reportOnly
+	 * @param callable|null $onNonce
+	 */
+	public static function start(string $nonceGeneratorClass = null, bool $reportOnly = false, ?callable $onNonce = null): void {
 		$nonceGeneratorClass ??= NonceGenerator::class;
 		self::$nonceGenerator = new $nonceGeneratorClass($onNonce);
 		self::$reportOnly = $reportOnly;
 	}
 
-	public static function getNonce(string $name) {
+	/**
+	 * Returns a new or an existing nonce.
+	 *
+	 * @param string $name
+	 *        	The nonce to create
+	 * @return string
+	 */
+	public static function getNonce(string $name): string {
 		return self::$nonceGenerator->getNonce($name);
 	}
 
+	/**
+	 * Checks if the manager is started.
+	 *
+	 * @return bool
+	 */
 	public static function isStarted(): bool {
 		return isset(self::$nonceGenerator);
 	}
 
+	/**
+	 * Creates and returns a new ContentSecurity object.
+	 *
+	 * @param bool|null $reportOnly
+	 * @return ContentSecurity
+	 */
 	public static function addCsp(?bool $reportOnly = null): ContentSecurity {
 		return self::$csp[] = new ContentSecurity($reportOnly ?? self::$reportOnly);
 	}
 
-	public static function clearCsp() {
+	/**
+	 * Removes all CSP objects.
+	 */
+	public static function clearCsp(): void {
 		self::$csp = [];
 	}
 
+	/**
+	 * Creates a new ContentSecurity object for Ubiquity Webtools.
+	 *
+	 * @param bool|null $reportOnly
+	 * @return ContentSecurity
+	 */
 	public static function defaultUbiquity(?bool $reportOnly = null): ContentSecurity {
 		return self::$csp[] = ContentSecurity::defaultUbiquity()->reportOnly($reportOnly);
 	}
 
+	/**
+	 * Adds all Content security policies to headers.
+	 *
+	 * @param bool|null $reportOnly
+	 */
 	public static function addHeadersToResponse(?bool $reportOnly = null): void {
 		$reportOnly ??= self::$reportOnly;
 		foreach (self::$csp as $csp) {
@@ -52,26 +92,28 @@ public static function addHeadersToResponse(?bool $reportOnly = null): void {
 	}
 
 	/**
+	 * Returns the NonceGenerator instance.
+	 *
 	 * @return NonceGenerator
 	 */
 	public static function getNonceGenerator(): NonceGenerator {
 		return self::$nonceGenerator;
 	}
 
 	/**
+	 *
 	 * @return array
 	 */
 	public static function getCsp(): array {
 		return self::$csp;
 	}
-	
 
 	/**
+	 * Returns true if reportOnly header is activated.
+	 *
 	 * @return bool
 	 */
 	public static function isReportOnly(): bool {
 		return self::$reportOnly;
 	}
-	
 }
-

src/Ubiquity/security/csp/CspDirectives.php

@@ -1,6 +1,15 @@
 <?php
 namespace Ubiquity\security\csp;
 
+/**
+ * Ubiquity\security\cspCspDirectives
+ * This class is part of Ubiquity
+ *
+ * @author jc
+ * @version 1.0.0
+ *
+ *
+ */
 class CspDirectives {
 
 	const DEFAULT_SRC = 'default-src';
@@ -51,4 +60,3 @@ class CspDirectives {
 
 	const NAVIGATE_TO = 'navigate-to';
 }
-

src/Ubiquity/security/csp/CspValues.php

@@ -35,4 +35,3 @@ class CspValues {
 		self::UNSAFE_HASHES
 	];
 }
-

src/Ubiquity/security/csp/NonceGenerator.php

@@ -17,18 +17,24 @@ protected function _generateNonce(string $name, ?int $value = null): string {
 		$bytes = \random_bytes((int) ($value ?? 32));
 		$nonce = \base64_encode($bytes);
 		if (isset($this->onNonce) && ! URequest::isAjax()) {
-			$onNonce=$this->onNonce;
+			$onNonce = $this->onNonce;
 			$onNonce($name, $nonce);
 		}
 		return $nonce;
 	}
 
-	public function getNonce(string $name,int $size=32) {
+	/**
+	 * Returns a new or an existing nonce value.
+	 *
+	 * @param string $name
+	 * @param int $size
+	 * @return string
+	 */
+	public function getNonce(string $name, int $size = 32): string {
 		return $this->nonces[$name] ??= self::_generateNonce($name, $size);
 	}
-	
-	public function __toString(){
+
+	public function __toString() {
 		return \count($this->nonces);
 	}
 }
-

src/Ubiquity/security/shieldon/ShieldonManager.php

@@ -22,7 +22,12 @@ public static function getFirewall(): Firewall {
 		return self::$firewall;
 	}
 
-	public static function start(string $writable = null) {
+	/**
+	 * Starts th Shieldon service.
+	 *
+	 * @param string $writable
+	 */
+	public static function start(string $writable = null): void {
 		$writable ??= \ROOT . \DS . 'cache' . \DS . 'shieldon';
 		self::$firewall = new Firewall();
 		self::$firewall->configure($writable);
@@ -33,12 +38,19 @@ public static function start(string $writable = null) {
 		}
 	}
 
+	/**
+	 * Creates the admin panel.
+	 */
 	public static function createPanel(string $uri): Panel {
 		$panel = new Panel();
 		self::$firewall->controlPanel($uri);
 		return $panel;
 	}
 
+	/**
+	 *
+	 * @return ResponseInterface
+	 */
 	public static function run(): ResponseInterface {
 		return self::$firewall->run();
 	}