You are here

function coder_security_reviews in Coder 5.2

Same name and namespace in other branches
  1. 5 includes/coder_security.inc \coder_security_reviews()
  2. 6.2 includes/coder_security.inc \coder_security_reviews()
  3. 6 includes/coder_security.inc \coder_security_reviews()

Implementation of hook_reviews().

File

includes/coder_security.inc, line 13
This include file implements coder functionality for Drupal Standards.

Code

function coder_security_reviews() {
  $table = '\\{[A-Za-z_]+\\}';

  // table-regex
  $rules = array(
    array(
      '#type' => 'regex',
      '#value' => 'l\\(check_plain\\(',
      '#warning_callback' => '_coder_security_l_check_plain_warning',
    ),
    /*  array(
          '#type' => 'callback',
          '#value' => _coder_security_callback,
        ), */
    array(
      '#type' => 'regex',
      '#value' => '(?-i)\\$REQUEST_URI',
      '#warning_callback' => '_coder_security_request_uri_warning',
    ),
    array(
      '#type' => 'regex',
      '#source' => 'allphp',
      '#value' => '(?-i)\\"REQUEST_URI\\"|\'REQUEST_URI\'',
      '#warning_callback' => '_coder_security_request_uri_warning',
    ),
    array(
      '#type' => 'regex',
      '#value' => '(db_query|db_query_range)\\s*\\(\\s*"(select\\s+.*\\s+from\\s+' . $table . '|insert\\s+into\\s+' . $table . '|update\\s+' . $table . '\\s+set|delete\\s+from\\s' . $table . ')\\s+[^"]*\\$[^\'].*".*\\)',
      '#source' => 'allphp',
      '#warning_callback' => '_coder_security_sql_var_warning',
    ),
    array(
      '#type' => 'regex',
      '#value' => '^(select\\s+.*\\s+from\\s+' . $table . '|insert\\s+into\\s+' . $table . '|update\\s+' . $table . '\\s+set|delete\\s+from\\s' . $table . ')\\s+.*?(\\s+|\\(|=|,)\\%s',
      '#source' => 'quote',
      '#warning_callback' => '_coder_6x_unquoted_sql_placeholders',
    ),
  );
  $review = array(
    '#title' => 'Drupal Security Checks',
    '#link' => 'http://drupal.org/node/28984',
    '#rules' => $rules,
    '#severity' => 'critical',
    '#description' => t('very basic, needs work, but what it finds is good'),
  );
  return array(
    'security' => $review,
  );
}