Skip to content

[Enhancement] DiscouragedFunction rule improvement #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 20, 2019
Merged

[Enhancement] DiscouragedFunction rule improvement #63

merged 2 commits into from
Mar 20, 2019

Conversation

lenaorobei
Copy link
Contributor

@lenaorobei lenaorobei requested a review from paliarush March 19, 2019 18:56
paliarush
paliarush reviewed Mar 19, 2019
View reviewed changes
Magento2/Sniffs/Functions/DiscouragedFunctionSniff.php
*
* @var boolean
*/
public $error = false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please validate the list against https://stackoverflow.com/questions/3115559/exploitable-php-functions and ask security team to review.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added.

paliarush
paliarush reviewed Mar 19, 2019
View reviewed changes
Magento2/Sniffs/Security/InsecureFunctionSniff.php
*
* @var boolean
*/
public $error = false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is it a warning?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's under Severity 9 warnings: Possible security and issues that may cause bugs. section.
We cannot reject extensions because of such functions right now. We will work iteratively to make rules stricter.

@lenaorobei lenaorobei merged commit 6d3cf93 into develop Mar 20, 2019
@lenaorobei lenaorobei deleted the DiscouragedFunction-improvement branch March 20, 2019 16:47
magento-devops-reposync-svc pushed a commit that referenced this pull request Sep 14, 2021
@svera
Merge pull request #63 from magento-commerce/imported-svera-magento-c…
a25482e 
…oding-standard-270

[Imported] Fixed wrongly returning error for valid descriptions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paliarush paliarush paliarush approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Enhancement] DiscouragedFunction rule improvement
2 participants
@lenaorobei @paliarush