Closed mutantzombie closed 9 years ago
When using sgrep to scan for insecure code I've found it useful to let patterns match Boolean and integer conversions to Boolean, such as a common misuse of curl:
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
This PR specifically enables integer 0 to match false and integer non-zero to match true.
Thanks, Mike
looks good to me. Might be good to extend the documentation too: https://github.com/facebook/pfff/wiki/Sgrep#isomorphisms
When using sgrep to scan for insecure code I've found it useful to let patterns match Boolean and integer conversions to Boolean, such as a common misuse of curl:
This PR specifically enables integer 0 to match false and integer non-zero to match true.
Thanks, Mike