From 8dc3f7b71596bf07ee1c32e8f04da9fd98deb7df Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 16 Mar 2020 07:04:11 +0100 Subject: [PATCH 1/2] Misc/TypeJuggle: add unit tests --- Security/Tests/Misc/TypeJuggleUnitTest.1.inc | 21 ++++++++ Security/Tests/Misc/TypeJuggleUnitTest.inc | 13 +++++ Security/Tests/Misc/TypeJuggleUnitTest.php | 52 ++++++++++++++++++++ 3 files changed, 86 insertions(+) create mode 100644 Security/Tests/Misc/TypeJuggleUnitTest.1.inc create mode 100644 Security/Tests/Misc/TypeJuggleUnitTest.inc create mode 100644 Security/Tests/Misc/TypeJuggleUnitTest.php diff --git a/Security/Tests/Misc/TypeJuggleUnitTest.1.inc b/Security/Tests/Misc/TypeJuggleUnitTest.1.inc new file mode 100644 index 0000000..db55499 --- /dev/null +++ b/Security/Tests/Misc/TypeJuggleUnitTest.1.inc @@ -0,0 +1,21 @@ + $true ) { // Warning. + echo 'False'; +} elseif ( false !== $true ) { // Ok. + echo 'False'; +} diff --git a/Security/Tests/Misc/TypeJuggleUnitTest.inc b/Security/Tests/Misc/TypeJuggleUnitTest.inc new file mode 100644 index 0000000..935bd56 --- /dev/null +++ b/Security/Tests/Misc/TypeJuggleUnitTest.inc @@ -0,0 +1,13 @@ + $true ) { + echo 'False'; +} diff --git a/Security/Tests/Misc/TypeJuggleUnitTest.php b/Security/Tests/Misc/TypeJuggleUnitTest.php new file mode 100644 index 0000000..cfe13cc --- /dev/null +++ b/Security/Tests/Misc/TypeJuggleUnitTest.php @@ -0,0 +1,52 @@ + + */ + public function getErrorList() + { + return []; + } + + /** + * Returns the lines where warnings should occur. + * + * The key of the array should represent the line number and the value + * should represent the number of warnings that should occur on that line. + * + * @param string $testFile The name of the file being tested. + * + * @return array + */ + public function getWarningList($testFile = '') + { + switch ($testFile) { + case 'TypeJuggleUnitTest.1.inc': + return [ + 8 => 1, + 15 => 1, + 17 => 1, + ]; + + default: + return []; + } + } +} From 5d700de7f1c25b7cfa2f140b78c4bc0ba5d529ce Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 16 Mar 2020 07:23:51 +0100 Subject: [PATCH 2/2] Misc/TypeJuggle: use the build-in PHPCS functionality The PHPCS [`addError()`](https://pear.php.net/package/PHP_CodeSniffer/docs/3.5.4/apidoc/PHP_CodeSniffer/File.html#methodaddError) and [`addWarning()`](https://pear.php.net/package/PHP_CodeSniffer/docs/3.5.4/apidoc/PHP_CodeSniffer/File.html#methodaddWarning) functions have a build-in string replacement `sprintf()`-like functionality, so let's use it. --- Security/Sniffs/Misc/TypeJuggleSniff.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Security/Sniffs/Misc/TypeJuggleSniff.php b/Security/Sniffs/Misc/TypeJuggleSniff.php index db77eb7..bea687d 100644 --- a/Security/Sniffs/Misc/TypeJuggleSniff.php +++ b/Security/Sniffs/Misc/TypeJuggleSniff.php @@ -26,10 +26,10 @@ public function register() { * @return void */ public function process(File $phpcsFile, $stackPtr) { - $tokens = $phpcsFile->getTokens(); if (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode')) { - $warning = 'You are using the comparison operator "'. $tokens[$stackPtr]['content'] .'" that converts type and may cause unintended results.'; - $phpcsFile->addWarning($warning, $stackPtr, 'TypeJuggle'); + $tokens = $phpcsFile->getTokens(); + $warning = 'You are using the comparison operator "%s" that converts type and may cause unintended results.'; + $phpcsFile->addWarning($warning, $stackPtr, 'TypeJuggle', array($tokens[$stackPtr]['content'])); } }