-
Notifications
You must be signed in to change notification settings - Fork 86
/
SystemExecFunctionsSniff.php
58 lines (48 loc) · 1.82 KB
/
SystemExecFunctionsSniff.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?php
namespace PHPCS_SecurityAudit\Security\Sniffs\BadFunctions;
use PHP_CodeSniffer\Sniffs\Sniff;
use PHP_CodeSniffer\Files\File;
class SystemExecFunctionsSniff implements Sniff {
/**
* Returns the token types that this sniff is interested in.
*
* @return array(int)
*/
public function register() {
return array(T_STRING);
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(File $phpcsFile, $stackPtr) {
$utils = \PHPCS_SecurityAudit\Security\Sniffs\UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
if (in_array($tokens[$stackPtr]['content'], $utils::getSystemexecFunctions())) {
if ($tokens[$stackPtr - 1]['code'] == T_OBJECT_OPERATOR) {
return;
}
$opener = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr, null, false, null, true);
if (!$opener) {
return;
}
$closer = $tokens[$opener]['parenthesis_closer'];
$s = $stackPtr + 1;
$s = $phpcsFile->findNext(array_merge(\PHP_CodeSniffer\Util\Tokens::$emptyTokens, \PHP_CodeSniffer\Util\Tokens::$bracketTokens, \PHPCS_SecurityAudit\Security\Sniffs\Utils::$staticTokens, array(T_STRING_CONCAT)), $s, $closer, true);
if ($s) {
$msg = 'System program execution function ' . $tokens[$stackPtr]['content'] . '() detected with dynamic parameter';
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError($msg . ' directly from user input', $stackPtr, 'ErrSystemExec');
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnSystemExec');
}
}
}
}
}
?>