1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
<?php
/**
* Ensures that eval() is not used to create objects.
*
* PHP version 5
*
* @category PHP
* @package PHP_CodeSniffer_MySource
* @author Greg Sherwood <gsherwood@squiz.net>
* @copyright 2006-2011 Squiz Pty Ltd (ABN 77 084 670 600)
* @license http://matrix.squiz.net/developer/tools/php_cs/licence BSD Licence
* @link http://pear.php.net/package/PHP_CodeSniffer
*/
/**
* Ensures that eval() is not used to create objects.
*
* @category PHP
* @package PHP_CodeSniffer_MySource
* @author Greg Sherwood <gsherwood@squiz.net>
* @copyright 2006-2011 Squiz Pty Ltd (ABN 77 084 670 600)
* @license http://matrix.squiz.net/developer/tools/php_cs/licence BSD Licence
* @version Release: 1.3.3
* @link http://pear.php.net/package/PHP_CodeSniffer
*/
class MySource_Sniffs_PHP_EvalObjectFactorySniff implements PHP_CodeSniffer_Sniff
{
/**
* Returns an array of tokens this test wants to listen for.
*
* @return array
*/
public function register()
{
return array(T_EVAL);
}//end register()
/**
* Processes this sniff, when one of its tokens is encountered.
*
* @param PHP_CodeSniffer_File $phpcsFile The file being scanned.
* @param int $stackPtr The position of the current token in
* the stack passed in $tokens.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$tokens = $phpcsFile->getTokens();
/*
We need to find all strings that will be in the eval
to determine if the "new" keyword is being used.
*/
$openBracket = $phpcsFile->findNext(T_OPEN_PARENTHESIS, ($stackPtr + 1));
$closeBracket = $tokens[$openBracket]['parenthesis_closer'];
$strings = array();
$vars = array();
for ($i = ($openBracket + 1); $i < $closeBracket; $i++) {
if (in_array($tokens[$i]['code'], PHP_CodeSniffer_Tokens::$stringTokens) === true) {
$strings[$i] = $tokens[$i]['content'];
} else if ($tokens[$i]['code'] === T_VARIABLE) {
$vars[$i] = $tokens[$i]['content'];
}
}
/*
We now have some variables that we need to expand into
the strings that were assigned to them, if any.
*/
foreach ($vars as $varPtr => $varName) {
while (($prev = $phpcsFile->findPrevious(T_VARIABLE, ($varPtr - 1))) !== false) {
// Make sure this is an assignment of the variable. That means
// it will be the first thing on the line.
$prevContent = $phpcsFile->findPrevious(T_WHITESPACE, ($prev - 1), null, true);
if ($tokens[$prevContent]['line'] === $tokens[$prev]['line']) {
$varPtr = $prevContent;
continue;
}
if ($tokens[$prev]['content'] !== $varName) {
// This variable has a different name.
$varPtr = $prevContent;
continue;
}
// We found one.
break;
}//end while
if ($prev !== false) {
// Find all strings on the line.
$lineEnd = $phpcsFile->findNext(T_SEMICOLON, ($prev + 1));
for ($i = ($prev + 1); $i < $lineEnd; $i++) {
if (in_array($tokens[$i]['code'], PHP_CodeSniffer_Tokens::$stringTokens) === true) {
$strings[$i] = $tokens[$i]['content'];
}
}
}
}//end foreach
foreach ($strings as $string) {
// If the string has "new" in it, it is not allowed.
// We don't bother checking if the word "new" is echo'd
// because that is unlikely to happen. We assume the use
// of "new" is for object instantiation.
if (strstr($string, ' new ') !== false) {
$error = 'Do not use eval() to create objects dynamically; use reflection instead';
$phpcsFile->addWarning($error, $stackPtr, 'Found');
}
}
}//end process()
}//end class
?>
|