Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
chengwenliang
/
newsupernova
2
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: c9405dd336
Atzari Tagi
newsupernova
/
dev
/
tests
/
static
/
framework
/
Magento
/
Sniffs
/
Security
/
ExecutableRegExSniff.php

ExecutableRegExSniff.php 2.1 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * Copyright © Magento, Inc. All rights reserved.
    4. 

  4.  * See COPYING.txt for license details.
    5. 

  5.  */
    6. 

  6. namespace Magento\Sniffs\Security;
    7. 

  7. 

  8. use PHP_CodeSniffer\Sniffs\Sniff;
    9. 

  9. use PHP_CodeSniffer\Files\File;
    10. 

  10. use PHP_CodeSniffer\Util\Tokens;
    11. 

  11. 

  12. /**
    13. 

  13.  * Detects executable regular expressions.
    14. 

  14.  *
    15. 

  15.  * Example: echo preg_replace('|^(.*)$|ei', '"\1"', 'get_input');
    16. 

  16.  */
    17. 

  17. class ExecutableRegExSniff implements Sniff
    18. 

  18. {
    19. 

  19.     /**
    20. 

  20.      * String representation of error.
    21. 

  21.      *
    22. 

  22.      * @var string
    23. 

  23.      */
    24. 

  24.     // @codingStandardsIgnoreLine
    25. 

  25.     protected $errorMessage = "Possible executable regular expression in %s. Make sure that the pattern doesn't contain 'e' modifier";
    26. 

  26. 

  27.     /**
    28. 

  28.      * Error violation code.
    29. 

  29.      *
    30. 

  30.      * @var string
    31. 

  31.      */
    32. 

  32.     protected $errorCode = 'PossibleExecutableRegEx';
    33. 

  33. 

  34.     /**
    35. 

  35.      * Observed function.
    36. 

  36.      *
    37. 

  37.      * @var array
    38. 

  38.      */
    39. 

  39.     protected $function = 'preg_replace';
    40. 

  40. 

  41.     /**
    42. 

  42.      * List of ignored tokens.
    43. 

  43.      *
    44. 

  44.      * @var array
    45. 

  45.      */
    46. 

  46.     protected $ignoreTokens = [
    47. 

  47.         T_DOUBLE_COLON,
    48. 

  48.         T_OBJECT_OPERATOR,
    49. 

  49.         T_FUNCTION,
    50. 

  50.         T_CONST,
    51. 

  51.         T_CLASS,
    52. 

  52.     ];
    53. 

  53. 

  54.     /**
    55. 

  55.      * @inheritdoc
    56. 

  56.      */
    57. 

  57.     public function register()
    58. 

  58.     {
    59. 

  59.         return [T_STRING];
    60. 

  60.     }
    61. 

  61. 

  62.     /**
    63. 

  63.      * @inheritdoc
    64. 

  64.      */
    65. 

  65.     public function process(File $phpcsFile, $stackPtr)
    66. 

  66.     {
    67. 

  67.         $tokens = $phpcsFile->getTokens();
    68. 

  68.         if ($tokens[$stackPtr]['content'] !== $this->function) {
    69. 

  69.             return;
    70. 

  70.         }
    71. 

  71.         $prevToken = $phpcsFile->findPrevious(T_WHITESPACE, $stackPtr - 1, null, true);
    72. 

  72.         if (in_array($tokens[$prevToken]['code'], $this->ignoreTokens)) {
    73. 

  73.             return;
    74. 

  74.         }
    75. 

  75.         $nextToken = $phpcsFile->findNext([T_WHITESPACE, T_OPEN_PARENTHESIS], $stackPtr + 1, null, true);
    76. 

  76.         if (in_array($tokens[$nextToken]['code'], Tokens::$stringTokens)
    77. 

  77.             && preg_match('/[#\/|~\}\)][imsxADSUXJu]*e[imsxADSUXJu]*.$/', $tokens[$nextToken]['content'])
    78. 

  78.         ) {
    79. 

  79.             $phpcsFile->addError(
    80. 

  80.                 $this->errorMessage,
    81. 

  81.                 $stackPtr,
    82. 

  82.                 $this->errorCode,
    83. 

  83.                 [$tokens[$stackPtr]['content']]
    84. 

  84.             );
    85. 

  85.         }
    86. 

  86.     }
    87. 

  87. }
    88.