Merge pull request #104 from magento/insecure-sev-10

lenaorobei · web-flow · commit 180c715a15bb · 2019-05-30T09:35:35.000-05:00
REPO-209: [EQP] Increase the severity level to 10 for insecure functions
diff --git a/Magento2/Sniffs/Security/InsecureFunctionSniff.php b/Magento2/Sniffs/Security/InsecureFunctionSniff.php
@@ -12,13 +12,6 @@
  */
 class InsecureFunctionSniff extends ForbiddenFunctionsSniff
 {
-    /**
-     * If true, an error will be thrown; otherwise a warning.
-     *
-     * @var boolean
-     */
-    public $error = false;
-
     /**
      * List of patterns for forbidden functions.
      *
@@ -38,7 +31,7 @@ class InsecureFunctionSniff extends ForbiddenFunctionsSniff
         'system' => null,
         'unserialize' => '\Magento\Framework\Serialize\SerializerInterface::unserialize',
         'srand' => null,
-        'mt_srand'=> null,
+        'mt_srand' => null,
         'mt_rand' => 'random_int',
     ];
 }
diff --git a/Magento2/Tests/Security/InsecureFunctionUnitTest.php b/Magento2/Tests/Security/InsecureFunctionUnitTest.php
@@ -3,6 +3,7 @@
  * Copyright © Magento. All rights reserved.
  * See COPYING.txt for license details.
  */
+
 namespace Magento2\Tests\Security;
 
 use PHP_CodeSniffer\Tests\Standards\AbstractSniffUnitTest;
@@ -16,14 +17,6 @@ class InsecureFunctionUnitTest extends AbstractSniffUnitTest
      * @inheritdoc
      */
     public function getErrorList()
-    {
-        return [];
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function getWarningList()
     {
         return [
             3 => 1,
@@ -43,4 +36,12 @@ public function getWarningList()
             31 => 1,
         ];
     }
+
+    /**
+     * @inheritdoc
+     */
+    public function getWarningList()
+    {
+        return [];
+    }
 }
diff --git a/Magento2/ruleset.xml b/Magento2/ruleset.xml
@@ -65,6 +65,10 @@
         <exclude-pattern>*/Test/*</exclude-pattern>
         <exclude-pattern>*Test.php</exclude-pattern>
     </rule>
+    <rule ref="Magento2.Security.InsecureFunction">
+        <severity>10</severity>
+        <type>error</type>
+    </rule>
     <rule ref="Magento2.Security.LanguageConstruct">
         <severity>10</severity>
         <type>error</type>
@@ -104,10 +108,6 @@
         <severity>9</severity>
         <type>warning</type>
     </rule>
-    <rule ref="Magento2.Security.InsecureFunction">
-        <severity>9</severity>
-        <type>warning</type>
-    </rule>
     <rule ref="Magento2.Security.Superglobal.SuperglobalUsageWarning">
         <severity>9</severity>
         <type>warning</type>
