public function CurlSslVerifierSniff::processFunctionCall in Coder 8.3

Same name and namespace in other branches

1. 8.2 coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/CurlSslVerifierSniff.php \DrupalPractice\Sniffs\FunctionCalls\CurlSslVerifierSniff::processFunctionCall()
2. 8.3.x coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/CurlSslVerifierSniff.php \DrupalPractice\Sniffs\FunctionCalls\CurlSslVerifierSniff::processFunctionCall()

Processes this function call.

Parameters

\PHP_CodeSniffer\Files\File $phpcsFile The file being scanned.:

int $stackPtr The position of the function call in: the stack.

int $openBracket The position of the opening: parenthesis in the stack.

int $closeBracket The position of the closing: parenthesis in the stack.

Return value

void

File

coder_sniffer/DrupalPractice/Sniffs/FunctionCalls/CurlSslVerifierSniff.php, line 52

Class

CurlSslVerifierSniff

Make sure that CURLOPT_SSL_VERIFYPEER is not disabled, since that is a security issue.

Namespace

DrupalPractice\Sniffs\FunctionCalls

Code

public function processFunctionCall(File $phpcsFile, $stackPtr, $openBracket, $closeBracket) {
  $tokens = $phpcsFile
    ->getTokens();
  $option = $this
    ->getArgument(2);
  if ($tokens[$option['start']]['content'] !== 'CURLOPT_SSL_VERIFYPEER') {
    return;
  }
  $value = $this
    ->getArgument(3);
  if ($tokens[$value['start']]['content'] === 'FALSE' || $tokens[$value['start']]['content'] === '0') {
    $warning = 'Potential security problem: SSL peer verification must not be disabled';
    $phpcsFile
      ->addWarning($warning, $value['start'], 'SslPeerVerificationDisabled');
  }
}