Comments (2)
jmarcil
commented on July 17, 2024
Hey,
this example look like it's from the Slim Framework, which is unsupported.
As for the suggestion, PHP CodeSniffer works with tokens and not lines, so it would have to be two T_CONSTANT_ENCAPSED_STRING or T_DOUBLE_QUOTED_STRING ($stringTokens in phpcs actually) token next together (in phpcs . That would actually cover the case of Slim and Symfony There's also as one string as header('Access-Control-Allow-Origin: *); is normal PHP.
Working on implementing something quick..
Thanks for the suggestion!
from phpcs-security-audit.
jmarcil
commented on July 17, 2024
Added as a Misc one (and found that I wasn't loading the one rule in Misc):
<!-- Misc -->
<rule ref="Security.Misc.BadCorsHeader"/>
<rule ref="Security.Misc.IncludeMismatch"/>
from phpcs-security-audit.
Related Issues (20)
- Fix compliance of project with PHPCS HOT 10
- Strings as assert expressions are deprecated. HOT 4
- Figure out repo organization and ownership for the future
- Add CI/build testing HOT 6
- Add sniff specific unit tests HOT 6
- PR #50 breaks drupal7 usage HOT 1
- phpcs built from Dockerfile gives an error HOT 9
- $utils::is_token_false_positive is fiddly and unstable HOT 1
- Solving EasyRFI via new EasyRFINotice severity HOT 7
- Create new release to fix deprecation warnings HOT 8
- Unable to view Security coding standard after Composer install HOT 3
- ERROR: Referenced sniff "Security.BadFunctions.Asserts" does not exist HOT 2
- Windows user, Unable to find phpcs command or bin file HOT 1
- Update security rulesets
- Potential vulnerabilities are being hidden with concatenation
- Installation instructions not working HOT 1
- Add support for native function imports
- Callback functions warnings
- file_put_contents warning about dynamic parameter
- Question for ErrMiscIncludeMismatchNoExt
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phpcs-security-audit.