Add skip for non native functions to lower false positives

FloeDesignTechnologies / phpcs-security-audit

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

GNU General Public License v3.0

710 stars 86 forks source link

Add skip for non native functions to lower false positives #31

Open jmarcil opened 5 years ago

jmarcil commented 5 years ago

Following PR #20, we have other sniffers that could benefit from suppressing issues when ParanoiaMode == 0.

Watch out to not touch things such as mysqli::query (valid equivalent of mysqli_query).

jmarcil commented 5 years ago

Looks like the solution from #20 and #42 could be applied to all non object based functions:

Validate if the token before is a T_OBJECT_OPERATOR and then skip it if it is.

On thing I need to put emphasis here for later: on a per bunch of function basis it's okay to remove even if paranoia is enabled, but for more broad changes I'd like it not to suppress results.