Merge pull request #1879 from magento-honey-badgers/MAGETWO-83266-Sniffs

buskamuza · web-flow · commit 2c0a91c6c07d · 2017-12-22T20:43:20.000-06:00
MAGETWO-83266: Prohibit global variables and output buffering with Code Sniffer
diff --git a/app/code/Magento/CatalogImportExport/Model/Import/Product.php b/app/code/Magento/CatalogImportExport/Model/Import/Product.php
@@ -2001,12 +2001,10 @@ protected function _getUploader()
             $dirConfig = DirectoryList::getDefaultConfig();
             $dirAddon = $dirConfig[DirectoryList::MEDIA][DirectoryList::PATH];
 
-            $DS = DIRECTORY_SEPARATOR;
-
             if (!empty($this->_parameters[Import::FIELD_NAME_IMG_FILE_DIR])) {
                 $tmpPath = $this->_parameters[Import::FIELD_NAME_IMG_FILE_DIR];
             } else {
-                $tmpPath = $dirAddon . $DS . $this->_mediaDirectory->getRelativePath('import');
+                $tmpPath = $dirAddon . '/' . $this->_mediaDirectory->getRelativePath('import');
             }
 
             if (!$this->_fileUploader->setTmpDir($tmpPath)) {
@@ -2015,7 +2013,7 @@ protected function _getUploader()
                 );
             }
             $destinationDir = "catalog/product";
-            $destinationPath = $dirAddon . $DS . $this->_mediaDirectory->getRelativePath($destinationDir);
+            $destinationPath = $dirAddon . '/' . $this->_mediaDirectory->getRelativePath($destinationDir);
 
             $this->_mediaDirectory->create($destinationPath);
             if (!$this->_fileUploader->setDestDir($destinationPath)) {
diff --git a/app/code/Magento/DownloadableImportExport/Helper/Uploader.php b/app/code/Magento/DownloadableImportExport/Helper/Uploader.php
@@ -77,12 +77,10 @@ public function getUploader($type, $parameters)
         $dirConfig = DirectoryList::getDefaultConfig();
         $dirAddon = $dirConfig[DirectoryList::MEDIA][DirectoryList::PATH];
 
-        $DS = DIRECTORY_SEPARATOR;
-
         if (!empty($parameters[\Magento\ImportExport\Model\Import::FIELD_NAME_IMG_FILE_DIR])) {
             $tmpPath = $parameters[\Magento\ImportExport\Model\Import::FIELD_NAME_IMG_FILE_DIR];
         } else {
-            $tmpPath = $dirAddon . $DS . $this->mediaDirectory->getRelativePath('import');
+            $tmpPath = $dirAddon . '/' . $this->mediaDirectory->getRelativePath('import');
         }
 
         if (!$this->fileUploader->setTmpDir($tmpPath)) {
@@ -91,7 +89,7 @@ public function getUploader($type, $parameters)
             );
         }
         $destinationDir = "downloadable/files/" . $type;
-        $destinationPath = $dirAddon . $DS . $this->mediaDirectory->getRelativePath($destinationDir);
+        $destinationPath = $dirAddon . '/' . $this->mediaDirectory->getRelativePath($destinationDir);
 
         $this->mediaDirectory->create($destinationPath);
         if (!$this->fileUploader->setDestDir($destinationPath)) {
diff --git a/app/code/Magento/TaxImportExport/Controller/Adminhtml/Rate/ImportPost.php b/app/code/Magento/TaxImportExport/Controller/Adminhtml/Rate/ImportPost.php
@@ -16,13 +16,14 @@ class ImportPost extends \Magento\TaxImportExport\Controller\Adminhtml\Rate
      */
     public function execute()
     {
-        if ($this->getRequest()->isPost() && !empty($_FILES['import_rates_file']['tmp_name'])) {
+        $importRatesFile = $this->getRequest()->getFiles('import_rates_file');
+        if ($this->getRequest()->isPost() && isset($importRatesFile['tmp_name'])) {
             try {
                 /** @var $importHandler \Magento\TaxImportExport\Model\Rate\CsvImportHandler */
                 $importHandler = $this->_objectManager->create(
                     \Magento\TaxImportExport\Model\Rate\CsvImportHandler::class
                 );
-                $importHandler->importFromCsvFile($this->getRequest()->getFiles('import_rates_file'));
+                $importHandler->importFromCsvFile($importRatesFile);
 
                 $this->messageManager->addSuccess(__('The tax rate has been imported.'));
             } catch (\Magento\Framework\Exception\LocalizedException $e) {
diff --git a/dev/tests/static/framework/Magento/Sniffs/Functions/OutputBufferingSniff.php b/dev/tests/static/framework/Magento/Sniffs/Functions/OutputBufferingSniff.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Sniffs\Functions;
+
+/**
+ * Sniff prohibiting usage of output buffering functions.
+ */
+class OutputBufferingSniff extends \PHP_CodeSniffer\Standards\Generic\Sniffs\PHP\ForbiddenFunctionsSniff
+{
+    public $forbiddenFunctions = ['ob_start' => null];
+
+    /**
+     * @inheritdoc
+     */
+    protected function addError($phpcsFile, $stackPtr, $function, $pattern = null)
+    {
+        $data = [$function];
+        $error = 'The usage of %s() is forbidden';
+        $type = 'Found';
+
+        if ($this->error === true) {
+            $phpcsFile->addError($error, $stackPtr, $type, $data);
+        } else {
+            $phpcsFile->addWarning($error, $stackPtr, $type, $data);
+        }
+    }
+}
diff --git a/dev/tests/static/framework/Magento/Sniffs/Variables/GlobalVariablesSniff.php b/dev/tests/static/framework/Magento/Sniffs/Variables/GlobalVariablesSniff.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Sniffs\Variables;
+
+use PHP_CodeSniffer\Sniffs\Sniff;
+use PHP_CodeSniffer\Files\File;
+
+/**
+ * Sniff prohibiting usage of global variables.
+ */
+class GlobalVariablesSniff implements Sniff
+{
+    /**
+     * @inheritdoc
+     */
+    public function register()
+    {
+        return [T_VARIABLE];
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function process(File $phpcsFile, $stackPtr)
+    {
+        $tokens = $phpcsFile->getTokens();
+        if (preg_match('/^\$[_A-Z0-9]+$/', $tokens[$stackPtr]['content'])) {
+            $phpcsFile->addError(
+                'Usage of global variables is not allowed: ' . $tokens[$stackPtr]['content'],
+                $stackPtr,
+                'ERROR'
+            );
+            return;
+        }
+    }
+}
diff --git a/dev/tests/static/framework/Magento/ruleset.xml b/dev/tests/static/framework/Magento/ruleset.xml
@@ -22,6 +22,37 @@
     <rule ref="Magento.LiteralNamespaces.LiteralNamespaces">
         <exclude-pattern>*/_files/*</exclude-pattern>
     </rule>
+    <rule ref="Magento.Functions.OutputBuffering">
+        <include-pattern>*/(app/code|vendor|setup/src|lib/internal/Magento)/*</include-pattern>
+        <exclude-pattern>*/lib/internal/Magento/Framework/Image/Adapter/Gd2.php</exclude-pattern>
+        <exclude-pattern>*/lib/internal/Magento/Framework/View/Result/Page.php</exclude-pattern>
+        <exclude-pattern>*/lib/internal/Magento/Framework/View/TemplateEngine/Php.php</exclude-pattern>
+        <exclude-pattern>*/Test/Unit/*</exclude-pattern>
+    </rule>
+    <rule ref="Magento.Variables.GlobalVariables">
+        <include-pattern>*/(app/code|vendor|setup/src)/*</include-pattern>
+        <exclude-pattern>*/setup/src/Magento/Setup/Controller/WebConfiguration.php</exclude-pattern>
+        <exclude-pattern>*/setup/src/Magento/Setup/Mvc/Bootstrap/InitParamListener.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Eav/Model/Attribute/Data/File.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Config/Model/Config/Reader/Source/Deployed/SettingChecker.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Backend/App/Area/FrontNameResolver.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Indexer/Console/Command/AbstractIndexerCommand.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorFile.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Cron/Console/Command/CronCommand.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/ImportExport/Controller/Adminhtml/Import/Validate.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/OfflineShipping/Model/ResourceModel/Carrier/Tablerate.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Store/Model/Store.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Config/Model/Config/Processor/EnvironmentPlaceholder.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Config/Model/Config/Backend/Email/Logo.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Config/Model/Config/Backend/File/RequestData.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Config/App/Config/Source/EnvironmentConfigSource.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Theme/Controller/Adminhtml/Design/Config/FileUploader/Save.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Customer/Model/Metadata/Form/File.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Customer/Model/FileUploader.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Customer/Controller/Adminhtml/File/Address/Upload.php</exclude-pattern>
+        <exclude-pattern>*/app/code/Magento/Customer/Controller/Adminhtml/File/Customer/Upload.php</exclude-pattern>
+        <exclude-pattern>*/Test/Unit/*</exclude-pattern>
+    </rule>
 
     <rule ref="Generic.PHP.CharacterBeforePHPOpeningTag"/>
     <rule ref="Generic.Functions.CallTimePassByReference"/>
diff --git a/setup/src/Magento/Setup/Module.php b/setup/src/Magento/Setup/Module.php
@@ -52,8 +52,10 @@ public function onBootstrap(EventInterface $e)
                 $headers->addHeaderLine('Expires', '1970-01-01');
                 $headers->addHeaderLine('X-Frame-Options: SAMEORIGIN');
                 $headers->addHeaderLine('X-Content-Type-Options: nosniff');
-                $xssHeaderValue = !empty($_SERVER['HTTP_USER_AGENT'])
-                    && strpos($_SERVER['HTTP_USER_AGENT'], XssProtection::IE_8_USER_AGENT) === false
+                /** @var \Zend\Http\Header\UserAgent $userAgentHeader */
+                $userAgentHeader = $e->getRequest()->getHeader('User-Agent');
+                $xssHeaderValue = $userAgentHeader && $userAgentHeader->getFieldValue()
+                    && strpos($userAgentHeader->getFieldValue(), XssProtection::IE_8_USER_AGENT) === false
                     ? XssProtection::HEADER_ENABLED : XssProtection::HEADER_DISABLED;
                 $headers->addHeaderLine('X-XSS-Protection: ' . $xssHeaderValue);
             }
diff --git a/setup/src/Magento/Setup/Module/Di/Code/Reader/FileScanner.php b/setup/src/Magento/Setup/Module/Di/Code/Reader/FileScanner.php
@@ -54,7 +54,7 @@ protected function scan()
         /*
          * MACRO creation
          */
-        $MACRO_TOKEN_ADVANCE = function () use (&$tokens, &$tokenIndex, &$token, &$tokenContent, &$tokenLine) {
+        $macroTokenAdvance = function () use (&$tokens, &$tokenIndex, &$token, &$tokenContent, &$tokenLine) {
             $tokenIndex = ($tokenIndex === null) ? 0 : $tokenIndex + 1;
             if (!isset($tokens[$tokenIndex])) {
                 $token = false;
@@ -79,15 +79,15 @@ protected function scan()
 
             return $tokenIndex;
         };
-        $MACRO_TOKEN_LOGICAL_START_INDEX = function () use (&$tokenIndex, &$docCommentIndex) {
+        $macroTokenLogicalStartIndex = function () use (&$tokenIndex, &$docCommentIndex) {
             return ($docCommentIndex === false) ? $tokenIndex : $docCommentIndex;
         };
-        $MACRO_DOC_COMMENT_START = function () use (&$tokenIndex, &$docCommentIndex) {
+        $macroDocCommentStart = function () use (&$tokenIndex, &$docCommentIndex) {
             $docCommentIndex = $tokenIndex;
 
             return $docCommentIndex;
         };
-        $MACRO_DOC_COMMENT_VALIDATE = function () use (&$docCommentIndex) {
+        $macroDocCommentValidate = function () use (&$docCommentIndex) {
             static $validTrailingTokens = null;
             if ($validTrailingTokens === null) {
                 $validTrailingTokens = [T_WHITESPACE, T_FINAL, T_ABSTRACT, T_INTERFACE, T_CLASS, T_FUNCTION];
@@ -98,7 +98,7 @@ protected function scan()
 
             return $docCommentIndex;
         };
-        $MACRO_INFO_ADVANCE = function () use (&$infoIndex, &$infos, &$tokenIndex, &$tokenLine) {
+        $macroInfoAdvance = function () use (&$infoIndex, &$infos, &$tokenIndex, &$tokenLine) {
             $infos[$infoIndex]['tokenEnd'] = $tokenIndex;
             $infos[$infoIndex]['lineEnd'] = $tokenLine;
             $infoIndex++;
@@ -111,7 +111,7 @@ protected function scan()
          */
 
         // Initialize token
-        $MACRO_TOKEN_ADVANCE();
+        $macroTokenAdvance();
 
         SCANNER_TOP:
 
@@ -120,26 +120,26 @@ protected function scan()
         }
 
         // Validate current doc comment index
-        $MACRO_DOC_COMMENT_VALIDATE();
+        $macroDocCommentValidate();
 
         switch ($this->tokenType) {
             case T_DOC_COMMENT:
-                $MACRO_DOC_COMMENT_START();
+                $macroDocCommentStart();
                 goto SCANNER_CONTINUE;
             //goto no break needed
 
             case T_NAMESPACE:
                 $infos[$infoIndex] = [
                     'type' => 'namespace',
-                    'tokenStart' => $MACRO_TOKEN_LOGICAL_START_INDEX(),
+                    'tokenStart' => $macroTokenLogicalStartIndex(),
                     'tokenEnd' => null,
                     'lineStart' => $token[2],
                     'lineEnd' => null,
                     'namespace' => null,
                 ];
 
                 // start processing with next token
-                if ($MACRO_TOKEN_ADVANCE() === false) {
+                if ($macroTokenAdvance() === false) {
                     goto SCANNER_END;
                 }
 
@@ -159,7 +159,7 @@ protected function scan()
 
                 SCANNER_NAMESPACE_CONTINUE:
 
-                if ($MACRO_TOKEN_ADVANCE() === false) {
+                if ($macroTokenAdvance() === false) {
                     goto SCANNER_END;
                 }
                 goto SCANNER_NAMESPACE_TOP;
@@ -168,14 +168,14 @@ protected function scan()
 
                 $namespace = $infos[$infoIndex]['namespace'];
 
-                $MACRO_INFO_ADVANCE();
+                $macroInfoAdvance();
                 goto SCANNER_CONTINUE;
             //goto no break needed
 
             case T_USE:
                 $infos[$infoIndex] = [
                     'type' => 'use',
-                    'tokenStart' => $MACRO_TOKEN_LOGICAL_START_INDEX(),
+                    'tokenStart' => $macroTokenLogicalStartIndex(),
                     'tokenEnd' => null,
                     'lineStart' => $tokens[$tokenIndex][2],
                     'lineEnd' => null,
@@ -187,7 +187,7 @@ protected function scan()
                 $useAsContext = false;
 
                 // start processing with next token
-                if ($MACRO_TOKEN_ADVANCE() === false) {
+                if ($macroTokenAdvance() === false) {
                     goto SCANNER_END;
                 }
 
@@ -221,14 +221,14 @@ protected function scan()
 
                 SCANNER_USE_CONTINUE:
 
-                if ($MACRO_TOKEN_ADVANCE() === false) {
+                if ($macroTokenAdvance() === false) {
                     goto SCANNER_END;
                 }
                 goto SCANNER_USE_TOP;
 
                 SCANNER_USE_END:
 
-                $MACRO_INFO_ADVANCE();
+                $macroInfoAdvance();
                 goto SCANNER_CONTINUE;
             //goto no break needed
 
@@ -246,7 +246,7 @@ protected function scan()
 
                 $infos[$infoIndex] = [
                     'type' => 'include',
-                    'tokenStart' => $MACRO_TOKEN_LOGICAL_START_INDEX(),
+                    'tokenStart' => $macroTokenLogicalStartIndex(),
                     'tokenEnd' => null,
                     'lineStart' => $tokens[$tokenIndex][2],
                     'lineEnd' => null,
@@ -255,7 +255,7 @@ protected function scan()
                 ];
 
                 // start processing with next token
-                if ($MACRO_TOKEN_ADVANCE() === false) {
+                if ($macroTokenAdvance() === false) {
                     goto SCANNER_END;
                 }
 
@@ -269,14 +269,14 @@ protected function scan()
 
                 SCANNER_INCLUDE_CONTINUE:
 
-                if ($MACRO_TOKEN_ADVANCE() === false) {
+                if ($macroTokenAdvance() === false) {
                     goto SCANNER_END;
                 }
                 goto SCANNER_INCLUDE_TOP;
 
                 SCANNER_INCLUDE_END:
 
-                $MACRO_INFO_ADVANCE();
+                $macroInfoAdvance();
                 goto SCANNER_CONTINUE;
             //goto no break needed
 
@@ -288,7 +288,7 @@ protected function scan()
             case T_TRAIT:
                 $infos[$infoIndex] = [
                     'type' => ($this->tokenType === T_FUNCTION) ? 'function' : 'class',
-                    'tokenStart' => $MACRO_TOKEN_LOGICAL_START_INDEX(),
+                    'tokenStart' => $macroTokenLogicalStartIndex(),
                     'tokenEnd' => null,
                     'lineStart' => $tokens[$tokenIndex][2],
                     'lineEnd' => null,
@@ -333,20 +333,20 @@ protected function scan()
 
                 SCANNER_CLASS_CONTINUE:
 
-                if ($MACRO_TOKEN_ADVANCE() === false) {
+                if ($macroTokenAdvance() === false) {
                     goto SCANNER_END;
                 }
                 goto SCANNER_CLASS_TOP;
 
                 SCANNER_CLASS_END:
 
-                $MACRO_INFO_ADVANCE();
+                $macroInfoAdvance();
                 goto SCANNER_CONTINUE;
         }
 
         SCANNER_CONTINUE:
 
-        if ($MACRO_TOKEN_ADVANCE() === false) {
+        if ($macroTokenAdvance() === false) {
             goto SCANNER_END;
         }
         goto SCANNER_TOP;
