BadFunctions/EasyRFI: minor code simplification [2]

jrfnl · jrfnl · commit e12a51bedc4f · 2020-03-16T07:13:48.000+01:00
The only token which can have a `content` of `.` is the `T_STRING_CONCAT` token, so we may as well exclude it from being found.
diff --git a/Security/Sniffs/BadFunctions/EasyRFISniff.php b/Security/Sniffs/BadFunctions/EasyRFISniff.php
@@ -24,6 +24,7 @@ public function register() {
 		$this->search  = \PHP_CodeSniffer\Util\Tokens::$emptyTokens;
 		$this->search += \PHP_CodeSniffer\Util\Tokens::$bracketTokens;
 		$this->search += \PHPCS_SecurityAudit\Security\Sniffs\Utils::$staticTokens;
+		$this->search[T_STRING_CONCAT] = T_STRING_CONCAT;
 
 		return array(T_INCLUDE, T_INCLUDE_ONCE, T_REQUIRE, T_REQUIRE_ONCE);
 	}
@@ -59,7 +60,7 @@ public function process(File $phpcsFile, $stackPtr) {
 				if (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') || !$utils::is_token_false_positive($tokens[$s], $tokens[$s+2])) {
 					$phpcsFile->addError('Easy RFI detected because of direct user input with %s on %s', $s, 'ErrEasyRFI', $data);
 				}
-			} elseif (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') && $tokens[$s]['content'] != '.') {
+			} elseif (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode')) {
 				$phpcsFile->addWarning('Possible RFI detected with %s on %s', $s, 'WarnEasyRFI', $data);
 			}
 		}

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ public function register() {`
`24`	`24`	`$this->search = \PHP_CodeSniffer\Util\Tokens::$emptyTokens;`
`25`	`25`	`$this->search += \PHP_CodeSniffer\Util\Tokens::$bracketTokens;`
`26`	`26`	`$this->search += \PHPCS_SecurityAudit\Security\Sniffs\Utils::$staticTokens;`
	`27`	`+ $this->search[T_STRING_CONCAT] = T_STRING_CONCAT;`
`27`	`28`
`28`	`29`	`return array(T_INCLUDE, T_INCLUDE_ONCE, T_REQUIRE, T_REQUIRE_ONCE);`
`29`	`30`	`}`
`@@ -59,7 +60,7 @@ public function process(File $phpcsFile, $stackPtr) {`
`59`	`60`	`if (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') \|\| !$utils::is_token_false_positive($tokens[$s], $tokens[$s+2])) {`
`60`	`61`	`$phpcsFile->addError('Easy RFI detected because of direct user input with %s on %s', $s, 'ErrEasyRFI', $data);`
`61`	`62`	`}`
`62`		`- } elseif (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') && $tokens[$s]['content'] != '.') {`
	`63`	`+ } elseif (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode')) {`
`63`	`64`	`$phpcsFile->addWarning('Possible RFI detected with %s on %s', $s, 'WarnEasyRFI', $data);`
`64`	`65`	`}`
`65`	`66`	`}`