search

FloeDesignTechnologies / phpcs-security-audit

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
GNU General Public License v3.0
712 stars 85 forks source link

ErrorHandlingSniff.process crashes in PHP 7.2 #17

Closed abeger closed 5 years ago

abeger commented 6 years ago

Running under PHP 7.2, the ErrorHandlingSniff can emit this error if there are no param tokens:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
 1 | ERROR | An error occurred during processing; checking has been aborted. The error message was: count(): Parameter must be an array or an object that implements
   |       | Countable in /path/to/vendor/pheromone/phpcs-security-audit/Security/Sniffs/BadFunctions/ErrorHandlingSniff.php on
   |       | line 34 (Internal.Exception)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

In the process method, the count($p) crashes if $p is NULL:

$p = $utils::get_param_tokens($phpcsFile, $stackPtr, 1);
if (count($p) == 1 && $p[0]['content'] === '0') {

Add a null check to make sure that $p is countable.