UnsafeUnserialize::pass() - Code Metrics - Inspection of "Add UnsafeUnserialize analyzer" - ovr/phpsa - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#274)

by Enrico

created 2016-11-18 16:46 UTC

UnsafeUnserialize::pass() A

↳ Parent: UnsafeUnserialize

Complexity

Conditions	3
Paths	3

Size

Total Lines	18
Code Lines	11

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	12

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	3
eloc	11
c	1
b	0
f	0
nc	3
nop	2
dl	0
loc	18
ccs	0
cts	11
cp	0
crap	12
rs	9.4285

<?php

namespace PHPSA\Analyzer\Pass\Expression\FunctionCall;

use PhpParser\Node\Expr\FuncCall;
use PHPSA\Context;

class UnsafeUnserialize extends AbstractFunctionCallAnalyzer
{
    const DESCRIPTION = 'Checks for use of `unserialize()` without a 2nd parameter defining the allowed classes. Requires PHP 7.0+';

    public function pass(FuncCall $funcCall, Context $context)
    {
        $functionName = $this->resolveFunctionName($funcCall, $context);

        if ($functionName !== 'unserialize') {
            return false;
        }

        if (count($funcCall->args) < 2) {
            $context->notice(
                'unsafe.unserialize',
                sprintf('unserialize() should be used with a list of allowed classes or false as 2nd parameter.'),
                $funcCall
            );
            return true;
        }
        return false;
    }

    /**
     * {@inheritdoc}
     */
    public static function getMetadata()
    {
        $metaData = parent::getMetadata();
        $metaData->setRequiredPhpVersion('7.0');

        return $metaData;
    }
}


1		<?php
2
3		namespace PHPSA\Analyzer\Pass\Expression\FunctionCall;
4
5		use PhpParser\Node\Expr\FuncCall;
6		use PHPSA\Context;
7
8		class UnsafeUnserialize extends AbstractFunctionCallAnalyzer
9		{
10		const DESCRIPTION = 'Checks for use of `unserialize()` without a 2nd parameter defining the allowed classes. Requires PHP 7.0+';
11
12		public function pass(FuncCall $funcCall, Context $context)
13		{
14		$functionName = $this->resolveFunctionName($funcCall, $context);
15
16		if ($functionName !== 'unserialize') {
17		return false;
18		}
19
20		if (count($funcCall->args) < 2) {
21		$context->notice(
22		'unsafe.unserialize',
23		sprintf('unserialize() should be used with a list of allowed classes or false as 2nd parameter.'),
24		$funcCall
25		);
26		return true;
27		}
28		return false;
29		}
30
31		/**
32		* {@inheritdoc}
33		*/
34	46	public static function getMetadata()
35		{
36	46	$metaData = parent::getMetadata();
37	46	$metaData->setRequiredPhpVersion('7.0');
38
39	46	return $metaData;
40		}
41		}
42

ovr / phpsa

Pull Request — master (#274)

UnsafeUnserialize::pass() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like