BadFunctions/EasyRFI: bug fix - fix detecting of start/end of the statement [1]

jrfnl · jrfnl · commit 19a21315316f · 2020-03-17T07:26:57.000+01:00
Prevent false negatives when an `include`/`require` statement combines parentheses with concatentation outside parentheses.

Checking whether the next non-empty token is an open parenthesis could cause false negatives as there may be additional paths of the path _after_ the parenthesized part of the statement.

The only reason why this wasn't a problem up to now is because of a bug in the sniff determining `$s`.

The `findNext()` function searches in the token stack and treats the `$start` parameter as _inclusive_.

That means that when searching for the next non-empty token, passing the `$stackPtr` to an include/require statement would _always_ return the `$stackPtr` and not the next non-empty token _after_ the `$stackPtr` which could have been an open parenthesis (or not).

Taking the logic related to the parentheses out of the sniff prevents this issue.
diff --git a/Security/Sniffs/BadFunctions/EasyRFISniff.php b/Security/Sniffs/BadFunctions/EasyRFISniff.php
@@ -38,16 +38,12 @@ public function register() {
 	* @return void
 	*/
 	public function process(File $phpcsFile, $stackPtr) {
-		$utils = \PHPCS_SecurityAudit\Security\Sniffs\UtilsFactory::getInstance();
+		$closer = $phpcsFile->findNext(T_SEMICOLON, ($stackPtr + 1));
+
+		$utils  = \PHPCS_SecurityAudit\Security\Sniffs\UtilsFactory::getInstance();
 		$tokens = $phpcsFile->getTokens();
-		$s = $phpcsFile->findNext(\PHP_CodeSniffer\Util\Tokens::$emptyTokens, $stackPtr, null, true, null, true);
+		$s      = $stackPtr;
 
-		if ($tokens[$s]['code'] == T_OPEN_PARENTHESIS) {
-			$closer = $tokens[$s]['parenthesis_closer'];
-		} else {
-			$closer = $phpcsFile->findNext(T_SEMICOLON, $stackPtr);
-			$s = $stackPtr;
-		}
 		while ($s) {
 			$s = $phpcsFile->findNext($this->search, $s + 1, $closer, true);
 
diff --git a/Security/Tests/BadFunctions/EasyRFIUnitTest.0.inc b/Security/Tests/BadFunctions/EasyRFIUnitTest.0.inc
@@ -6,7 +6,7 @@
 
 // Base.
 include ( 'path/to/' . $_GET['filename'] ); // Error.
-include_once 'path/to/' . "$filename" . '.' . $extension;
+include_once ('path/to/' . "$filename") . '.' . $extension;
 require getenv('PATHTOFILE'); // Error.
 
 // Drupal 7.
diff --git a/Security/Tests/BadFunctions/EasyRFIUnitTest.1.inc b/Security/Tests/BadFunctions/EasyRFIUnitTest.1.inc
@@ -6,7 +6,7 @@
  
 // Base.
 include ( 'path/to/' . $_GET['filename'] ); // Error.
-include 'path/to/' . "$filename" . '.' . $extension; // Warning x 2.
+include ('path/to/' . "$filename") . '.' . $extension; // Warning x 2.
 include getenv('PATHTOFILE'); // Error.
 
 // Drupal 7.
diff --git a/Security/Tests/BadFunctions/EasyRFIUnitTest.Drupal7.1.inc b/Security/Tests/BadFunctions/EasyRFIUnitTest.Drupal7.1.inc
@@ -6,7 +6,7 @@
  
 // Base.
 include ( 'path/to/' . $_GET['filename'] ); // Error.
-include 'path/to/' . "$filename" . '.' . $extension; // Warning x 2.
+include ('path/to/' . "$filename") . '.' . $extension; // Warning x 2.
 include getenv('PATHTOFILE'); // Error.
 
 // Drupal 7.
