From 64e267cf969b78d13c198bca4230cc789778f60b Mon Sep 17 00:00:00 2001
From: Rebecca Hum <16962021+rebeccahum@users.noreply.github.com>
Date: Tue, 23 Feb 2021 12:25:29 -0700
Subject: [PATCH] Add new sniff InlineScriptEscaping
---
.../Security/InlineScriptEscapingSniff.php | 82 +++++++++++++++++++
.../Security/InlineScriptEscapingUnitTest.inc | 30 +++++++
.../Security/InlineScriptEscapingUnitTest.php | 43 ++++++++++
3 files changed, 155 insertions(+)
create mode 100644 WordPressVIPMinimum/Sniffs/Security/InlineScriptEscapingSniff.php
create mode 100644 WordPressVIPMinimum/Tests/Security/InlineScriptEscapingUnitTest.inc
create mode 100644 WordPressVIPMinimum/Tests/Security/InlineScriptEscapingUnitTest.php
diff --git a/WordPressVIPMinimum/Sniffs/Security/InlineScriptEscapingSniff.php b/WordPressVIPMinimum/Sniffs/Security/InlineScriptEscapingSniff.php
new file mode 100644
index 00000000..88c8e27f
--- /dev/null
+++ b/WordPressVIPMinimum/Sniffs/Security/InlineScriptEscapingSniff.php
@@ -0,0 +1,82 @@
+ T_INLINE_HTML,
+ 'T_STRING' => T_STRING,
+ ];
+ }
+
+ /**
+ * Process this test when one of its tokens is encountered
+ *
+ * @param int $stackPtr The position of the current token in the stack passed in $tokens.
+ *
+ * @return void
+ */
+ public function process_token( $stackPtr ) {
+ $content = trim( $this->tokens[ $stackPtr ]['content'] );
+
+ if ( $content === '' ) {
+ return;
+ }
+
+ if ( $this->has_open_script_tag( $content ) === true ) {
+ $this->in_script = true;
+ } elseif ( strpos( '', $content ) !== false ) {
+ $this->in_script = false;
+ }
+
+ if ( $this->in_script === true && $this->tokens[ $stackPtr ]['content'] === 'esc_js' ) {
+ $message = 'Please do not use `esc_js()` for inline script escaping. See our code repository for
+ examples on how to escape within: https://github.com/Automattic/vip-code-samples/blob/master/10-security/js-dynamic.php';
+ $this->phpcsFile->addError( $message, $stackPtr, 'InlineScriptEsc' );
+ return;
+ }
+ }
+
+ /**
+ * Check if a content string contains
+
+
+
+
+
diff --git a/WordPressVIPMinimum/Tests/Security/InlineScriptEscapingUnitTest.php b/WordPressVIPMinimum/Tests/Security/InlineScriptEscapingUnitTest.php
new file mode 100644
index 00000000..cef1ea7b
--- /dev/null
+++ b/WordPressVIPMinimum/Tests/Security/InlineScriptEscapingUnitTest.php
@@ -0,0 +1,43 @@
+ =>
+ */
+ public function getErrorList() {
+ return [
+ 9 => 1,
+ 14 => 1,
+ 15 => 1,
+ ];
+ }
+
+ /**
+ * Returns the lines where warnings should occur.
+ *
+ * @return array =>
+ */
+ public function getWarningList() {
+ return [];
+ }
+
+}