Enable sgrep to match Booleans and Ints in PHP.

facebookarchive / pfff

Tools for code analysis, visualizations, or style-preserving source transformation.

http://github.com/facebook/pfff/wiki/Main

Other

2.44k stars 204 forks source link

Enable sgrep to match Booleans and Ints in PHP. #117

Closed mutantzombie closed 9 years ago

mutantzombie commented 9 years ago

When using sgrep to scan for insecure code I've found it useful to let patterns match Boolean and integer conversions to Boolean, such as a common misuse of curl:

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);

This PR specifically enables integer 0 to match false and integer non-zero to match true.

Thanks, Mike

aryx commented 9 years ago

looks good to me. Might be good to extend the documentation too: https://github.com/facebook/pfff/wiki/Sgrep#isomorphisms