Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
100.00% |
11 / 11 |
|
100.00% |
2 / 2 |
CRAP | |
100.00% |
1 / 1 |
| HSTSPreloadLookup | |
100.00% |
11 / 11 |
|
100.00% |
2 / 2 |
5 | |
100.00% |
1 / 1 |
| __construct | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
| isPreloaded | |
100.00% |
10 / 10 |
|
100.00% |
1 / 1 |
4 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * Copyright (C) 2018 Kunal Mehta <legoktm@debian.org> |
| 4 | * |
| 5 | * This program is free software; you can redistribute it and/or modify |
| 6 | * it under the terms of the GNU General Public License as published by |
| 7 | * the Free Software Foundation; either version 3 of the License, or |
| 8 | * (at your option) any later version. |
| 9 | * |
| 10 | * This program is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | * GNU General Public License for more details. |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License |
| 16 | * along with this program. If not, see <https://www.gnu.org/licenses/>. |
| 17 | */ |
| 18 | |
| 19 | namespace MediaWiki\SecureLinkFixer; |
| 20 | |
| 21 | class HSTSPreloadLookup { |
| 22 | |
| 23 | private string $path; |
| 24 | /** @var array<string,int> */ |
| 25 | private array $domains; |
| 26 | |
| 27 | public function __construct( string $path ) { |
| 28 | $this->path = $path; |
| 29 | } |
| 30 | |
| 31 | /** |
| 32 | * @param string $host Hostname |
| 33 | * |
| 34 | * @return bool |
| 35 | */ |
| 36 | public function isPreloaded( string $host ): bool { |
| 37 | // Lazy-load the domain mapping if it's not already set |
| 38 | $this->domains ??= require $this->path; |
| 39 | |
| 40 | if ( isset( $this->domains[$host] ) ) { |
| 41 | // Host is directly in the preload list |
| 42 | return true; |
| 43 | } |
| 44 | // Check if parent subdomains are preloaded |
| 45 | $offset = strpos( $host, '.' ); |
| 46 | while ( $offset !== false ) { |
| 47 | $parentdomain = substr( $host, $offset + 1 ); |
| 48 | if ( isset( $this->domains[$parentdomain] ) ) { |
| 49 | // This subdomain is directly in the preload list, returns true when subdomains supports https |
| 50 | return (bool)$this->domains[$parentdomain]; |
| 51 | } |
| 52 | // else it's not in the db, we might need to look it up again |
| 53 | |
| 54 | // Find the next parent subdomain |
| 55 | $offset = strpos( $host, '.', $offset + 1 ); |
| 56 | } |
| 57 | |
| 58 | // @todo should we keep a negative cache? |
| 59 | |
| 60 | return false; |
| 61 | } |
| 62 | } |