function coder_security_reviews in Coder 5.2
Same name and namespace in other branches
- 5 includes/coder_security.inc \coder_security_reviews()
- 6.2 includes/coder_security.inc \coder_security_reviews()
- 6 includes/coder_security.inc \coder_security_reviews()
Implementation of hook_reviews().
File
- includes/
coder_security.inc, line 13 - This include file implements coder functionality for Drupal Standards.
Code
function coder_security_reviews() {
$table = '\\{[A-Za-z_]+\\}';
// table-regex
$rules = array(
array(
'#type' => 'regex',
'#value' => 'l\\(check_plain\\(',
'#warning_callback' => '_coder_security_l_check_plain_warning',
),
/* array(
'#type' => 'callback',
'#value' => _coder_security_callback,
), */
array(
'#type' => 'regex',
'#value' => '(?-i)\\$REQUEST_URI',
'#warning_callback' => '_coder_security_request_uri_warning',
),
array(
'#type' => 'regex',
'#source' => 'allphp',
'#value' => '(?-i)\\"REQUEST_URI\\"|\'REQUEST_URI\'',
'#warning_callback' => '_coder_security_request_uri_warning',
),
array(
'#type' => 'regex',
'#value' => '(db_query|db_query_range)\\s*\\(\\s*"(select\\s+.*\\s+from\\s+' . $table . '|insert\\s+into\\s+' . $table . '|update\\s+' . $table . '\\s+set|delete\\s+from\\s' . $table . ')\\s+[^"]*\\$[^\'].*".*\\)',
'#source' => 'allphp',
'#warning_callback' => '_coder_security_sql_var_warning',
),
array(
'#type' => 'regex',
'#value' => '^(select\\s+.*\\s+from\\s+' . $table . '|insert\\s+into\\s+' . $table . '|update\\s+' . $table . '\\s+set|delete\\s+from\\s' . $table . ')\\s+.*?(\\s+|\\(|=|,)\\%s',
'#source' => 'quote',
'#warning_callback' => '_coder_6x_unquoted_sql_placeholders',
),
);
$review = array(
'#title' => 'Drupal Security Checks',
'#link' => 'http://drupal.org/node/28984',
'#rules' => $rules,
'#severity' => 'critical',
'#description' => t('very basic, needs work, but what it finds is good'),
);
return array(
'security' => $review,
);
}