Downgrade file ops functions to warning (#415)

GaryJones · web-flow · commit 05a2f918d3d6 · 2019-07-10T13:48:23.000+01:00
Downgrade file ops functions to warning
diff --git a/WordPress-VIP-Go/ruleset-test.inc b/WordPress-VIP-Go/ruleset-test.inc
@@ -1,53 +1,53 @@
 <?php
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_delete
-delete( $file ); // Error + Message.
+delete( $file ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_file_put_contents
-file_put_contents( 'file.txt', '', FILE_APPEND ); // Error + Message.
+file_put_contents( 'file.txt', '', FILE_APPEND ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_flock
-if ( flock( $fp, LOCK_EX ) ) { // Error + Message.
+if ( flock( $fp, LOCK_EX ) ) { // Warning + Message.
 }
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_fputcsv
-fputcsv( $fp, $array ); // Error + Message.
+fputcsv( $fp, $array ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_fputs
-fputs( $fp, 'test' ); // Error + Message.
+fputs( $fp, 'test' ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_fwrite
-fwrite( $fp, 'test' ); // Error + Message.
+fwrite( $fp, 'test' ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_ftruncate
-ftruncate( $fp, 1 ); // Error + Message.
+ftruncate( $fp, 1 ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_is_writable
-is_writable( 'file.txt' ); // Error + Message.
+is_writable( 'file.txt' ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_is_writeable
-is_writeable( $file ); // Error + Message.
+is_writeable( $file ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_link
-link( 'file.txt', 'newfile.txt' ); // Error + Message.
+link( 'file.txt', 'newfile.txt' ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_rename
-rename( 'oldfile.txt', $file ); // Error + Message.
+rename( 'oldfile.txt', $file ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_symlink
-symlink( $file, 'file.txt' ); // Error + Message.
+symlink( $file, 'file.txt' ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_tempname
-tempnam( $dir, 'pre' ); // Error + Message.
+tempnam( $dir, 'pre' ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_touch
-touch( $file ); // Error + Message.
+touch( $file ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.file_ops_unlink
-unlink( $file ); // Error + Message.
+unlink( $file ); // Warning + Message.
 
 // WordPressVIPMinimum.Functions.RestrictedFunctions.cookies_setcookie
-setcookie( 'cookie[three]', 'cookiethree' ); // EError + Message.
+setcookie( 'cookie[three]', 'cookiethree' ); // Error + Message.
 
 // WordPressVIPMinimum.Variables.RestrictedVariables.cache_constraints___COOKIE
 $x = sanitize_key( $_COOKIE['bar'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated -- Error + Message.
@@ -57,13 +57,13 @@ if ( ! isset( $_SERVER['HTTP_USER_AGENT'] ) ) { // Error + Message.
 }
 
 // WordPress.WP.AlternativeFunctions.file_system_read_fclose
-fclose( $fp ); // Error + Message.
+fclose( $fp ); // Warning + Message.
 
 // WordPress.WP.AlternativeFunctions.file_system_read_fopen
-fopen( 'file.txt', 'r' ); // Error + Message.
+fopen( 'file.txt', 'r' ); // Warning + Message.
 
 // WordPressVIPMinimum.Performance.FetchingRemoteData.FileGetContentsUnknown
-$external_resource = file_get_contents( $test ); // Error + Message.
+$external_resource = file_get_contents( $test ); // Warning + Message.
 $file_content = file_get_contents( 'my-file.svg' ); // Ok.
 wpcom_vip_file_get_contents( $bar ); // Ok.
 
@@ -388,24 +388,24 @@ session_status(); // Error.
 session_unregister(); // Error.
 session_unset(); // Error.
 session_write_close(); // Error.
-delete(); // Error.
-file_put_contents( $file, $text, FILE_APPEND ); // Error.
+delete(); // Warning.
+file_put_contents( $file, $text, FILE_APPEND ); // Warning.
 while ( $count > $loop ) {
-	if ( flock( $fp, LOCK_EX ) ) { // Error.
-		fwrite( $fp, $text ); // Error.
+	if ( flock( $fp, LOCK_EX ) ) { // Warning.
+		fwrite( $fp, $text ); // Warning.
 	}
 }
-fputcsv(); // Error.
-fputs(); // Error.
-ftruncate(); // Error.
-is_writable(); // Error.
-is_writeable(); // Error.
-link(); // Error.
-rename(); // Error.
-symlink(); // Error.
-tempnam(); // Error.
-touch(); // Error.
-unlink(); // Error.
+fputcsv(); // Warning.
+fputs(); // Warning.
+ftruncate(); // Warning.
+is_writable(); // Warning.
+is_writeable(); // Warning.
+link(); // Warning.
+rename(); // Warning.
+symlink(); // Warning.
+tempnam(); // Warning.
+touch(); // Warning.
+unlink(); // Warning.
 mkdir(); // Error.
 rmdir(); // Error.
 chgrp(); // Error.
diff --git a/WordPress-VIP-Go/ruleset-test.php b/WordPress-VIP-Go/ruleset-test.php
@@ -15,27 +15,9 @@
 // Expected values.
 $expected = [
 	'errors'   => [
-		4   => 1,
-		7   => 1,
-		10  => 1,
-		14  => 1,
-		17  => 1,
-		20  => 1,
-		23  => 1,
-		26  => 1,
-		29  => 1,
-		32  => 1,
-		35  => 1,
-		38  => 1,
-		41  => 1,
-		44  => 1,
-		47  => 1,
 		50  => 1,
 		53  => 1,
 		56  => 1,
-		60  => 1,
-		63  => 1,
-		66  => 1,
 		72  => 1,
 		83  => 1,
 		165 => 1,
@@ -109,21 +91,6 @@
 		388 => 1,
 		389 => 1,
 		390 => 1,
-		391 => 1,
-		392 => 1,
-		394 => 1,
-		395 => 1,
-		398 => 1,
-		399 => 1,
-		400 => 1,
-		401 => 1,
-		402 => 1,
-		403 => 1,
-		404 => 1,
-		405 => 1,
-		406 => 1,
-		407 => 1,
-		408 => 1,
 		409 => 1,
 		410 => 1,
 		411 => 1,
@@ -164,6 +131,24 @@
 		575 => 1,
 	],
 	'warnings' => [
+		4   => 1,
+		7   => 1,
+		10  => 1,
+		14  => 1,
+		17  => 1,
+		20  => 1,
+		23  => 1,
+		26  => 1,
+		29  => 1,
+		32  => 1,
+		35  => 1,
+		38  => 1,
+		41  => 1,
+		44  => 1,
+		47  => 1,
+		60  => 1,
+		63  => 1,
+		66  => 1,
 		85  => 1,
 		90  => 1,
 		94  => 1,
@@ -218,6 +203,21 @@
 		322 => 1,
 		326 => 1,
 		332 => 1,
+		391 => 1,
+		392 => 1,
+		394 => 1,
+		395 => 1,
+		398 => 1,
+		399 => 1,
+		400 => 1,
+		401 => 1,
+		402 => 1,
+		403 => 1,
+		404 => 1,
+		405 => 1,
+		406 => 1,
+		407 => 1,
+		408 => 1,
 		416 => 1,
 		417 => 1,
 		418 => 1,
@@ -242,49 +242,49 @@
 	],
 	'messages' => [
 		4   => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as delete() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as delete(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		7   => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as file_put_contents() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as file_put_contents(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		10  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as flock() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as flock(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		14  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as fputcsv() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as fputcsv(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		17  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as fputs() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as fputs(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		20  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as fwrite() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as fwrite(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		23  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as ftruncate() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as ftruncate(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		26  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as is_writable() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as is_writable(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		29  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as is_writeable() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as is_writeable(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		32  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as link() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as link(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		35  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as rename() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as rename(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		38  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as symlink() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as symlink(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		41  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as tempnam() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as tempnam(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		44  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as touch() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as touch(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		47  => [
-			'File system writes only work in /tmp/ and inside the /uploads/ folder on VIP Go. To do filesystem writes you must use the WP_Filesystem class, using functions such as unlink() won\'t work or will return unexpected results. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as unlink(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		50  => [
 			'Due to server-side caching, server-side based client related logic might not work. We recommend implementing client side logic in JavaScript instead.',
@@ -296,13 +296,13 @@
 			'Due to server-side caching, server-side based client related logic might not work. We recommend implementing client side logic in JavaScript instead.',
 		],
 		60  => [
-			'File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose(). Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as fclose(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		63  => [
-			'File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen(). Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'File system operations only work on the `/tmp/` and `wp-content/uploads/` directories. To avoid unexpected results, please use helper functions like `get_temp_dir()`  or `wp_get_upload_dir()` to get the proper directory path when using functions such as fopen(). For more details, please see: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
 		],
 		66  => [
-			'file_get_contents() is uncached. If this is being used to query a remote file please use wpcom_vip_file_get_contents() instead. If it\'s used for a local file please use WP_Filesystem instead. Read more here: https://wpvip.com/documentation/vip-go/writing-files-on-vip-go/',
+			'file_get_contents() is uncached. If the function is being used to fetch a remote file (e.g. a URL starting with https://), please use wpcom_vip_file_get_contents() to ensure the results are cached. For more details, please see https://wpvip.com/documentation/vip-go/fetching-remote-data/',
 		],
 		90 => [
 			'Having more than 100 posts returned per page may lead to severe performance problems.',
diff --git a/WordPress-VIP-Go/ruleset.xml b/WordPress-VIP-Go/ruleset.xml
