[Enhancement] DiscouragedFunction rule improvement

lenaorobei · lenaorobei · commit e8d0916abd83 · 2019-03-19T14:28:13.000-05:00
diff --git a/Magento2/Sniffs/Functions/DiscouragedFunctionSniff.php b/Magento2/Sniffs/Functions/DiscouragedFunctionSniff.php
@@ -44,7 +44,6 @@ class DiscouragedFunctionSniff extends ForbiddenFunctionsSniff
         '^chroot$' => null,
         '^com_load_typelib$' => null,
         '^copy$' => null,
-        '^create_function$' => null,
         '^curl_.*$' => null,
         '^cyrus_connect$' => null,
         '^dba_.*$' => null,
@@ -104,10 +103,8 @@ class DiscouragedFunctionSniff extends ForbiddenFunctionsSniff
         '^pfsockopen$' => null,
         '^pg_.*$' => null,
         '^php_check_syntax$' => null,
-        '^popen$' => null,
         '^print_r$' => null,
         '^printf$' => null,
-        '^proc_open$' => null,
         '^putenv$' => null,
         '^readfile$' => null,
         '^readgzfile$' => null,
diff --git a/Magento2/Sniffs/Security/InsecureFunctionSniff.php b/Magento2/Sniffs/Security/InsecureFunctionSniff.php
@@ -3,7 +3,7 @@
  * Copyright © Magento. All rights reserved.
  * See COPYING.txt for license details.
  */
-namespace Magento2\Sniffs\Functions;
+namespace Magento2\Sniffs\Security;
 
 use PHP_CodeSniffer\Standards\Generic\Sniffs\PHP\ForbiddenFunctionsSniff;
 
@@ -26,12 +26,16 @@ class InsecureFunctionSniff extends ForbiddenFunctionsSniff
      */
     public $forbiddenFunctions = [
         'assert' => null,
+        'create_function' => null,
         'exec' => null,
+        'md5' => 'improved hash functions (SHA-256, SHA-512 etc.)',
         'passthru' => null,
+        'pcntl_exec' => null,
+        'popen' => null,
+        'proc_open' => null,
+        'serialize' => 'json_encode',
         'shell_exec' => null,
         'system' => null,
-        'md5' => 'improved hash functions (SHA-256, SHA-512 etc.)',
-        'serialize' => 'json_encode',
         'unserialize' => 'json_decode',
     ];
 }
diff --git a/Magento2/Tests/Functions/DiscouragedFunctionUnitTest.php b/Magento2/Tests/Functions/DiscouragedFunctionUnitTest.php
@@ -39,7 +39,6 @@ public function getWarningList()
             28 => 1,
             30 => 1,
             32 => 1,
-            34 => 1,
             36 => 1,
             37 => 1,
             38 => 1,
@@ -128,10 +127,8 @@ public function getWarningList()
             184 => 1,
             185 => 1,
             187 => 1,
-            189 => 1,
             191 => 1,
             193 => 1,
-            195 => 1,
             197 => 1,
             199 => 1,
             201 => 1,
diff --git a/Magento2/Tests/Security/InsecureFunctionUnitTest.inc b/Magento2/Tests/Security/InsecureFunctionUnitTest.inc
@@ -16,3 +16,10 @@ serialize([]);
 
 unserialize('');
 
+popen('echo 1;');
+
+proc_open('echo 1;');
+
+create_function('args', 'code');
+
+pcntl_exec('path/goes/here');
diff --git a/Magento2/Tests/Security/InsecureFunctionUnitTest.php b/Magento2/Tests/Security/InsecureFunctionUnitTest.php
@@ -3,7 +3,7 @@
  * Copyright © Magento. All rights reserved.
  * See COPYING.txt for license details.
  */
-namespace Magento2\Tests\Functions;
+namespace Magento2\Tests\Security;
 
 use PHP_CodeSniffer\Tests\Standards\AbstractSniffUnitTest;
 
@@ -34,6 +34,10 @@ public function getWarningList()
             13 => 1,
             15 => 1,
             17 => 1,
+            19 => 1,
+            21 => 1,
+            23 => 1,
+            25 => 1,
         ];
     }
 }
diff --git a/Magento2/ruleset.xml b/Magento2/ruleset.xml
@@ -59,6 +59,7 @@
     <rule ref="Magento2.Security.Superglobal.SuperglobalUsageError">
         <severity>10</severity>
         <type>error</type>
+        <exclude-pattern>*/lib/*</exclude-pattern>
     </rule>
     <rule ref="Magento2.Strings.ExecutableRegEx">
         <severity>10</severity>
@@ -86,6 +87,7 @@
     <rule ref="Magento2.PHP.DateTime">
         <severity>9</severity>
         <type>warning</type>
+        <exclude-pattern>*/lib/*</exclude-pattern>
     </rule>
     <rule ref="Magento2.Security.InsecureFunction">
         <severity>9</severity>
@@ -94,6 +96,7 @@
     <rule ref="Magento2.Security.Superglobal.SuperglobalUsageWarning">
         <severity>9</severity>
         <type>warning</type>
+        <exclude-pattern>*/lib/*</exclude-pattern>
     </rule>
     <rule ref="Magento2.Security.XssTemplate">
         <include-pattern>*.phtml</include-pattern>
@@ -137,6 +140,7 @@
         <severity>8</severity>
         <type>warning</type>
         <exclude-pattern>*/Test/*</exclude-pattern>
+        <exclude-pattern>*/Setup/*</exclude-pattern>
     </rule>
     <rule ref="Magento2.Files.LineLength">
         <severity>8</severity>
