Merge pull request #53 from kevcooper/type-juggle

add TypeJuggleSniff.php

Author: jmarcil

Security/Sniffs/Misc/TypeJuggleSniff.php

@@ -0,0 +1,38 @@
+<?php
+namespace PHPCS_SecurityAudit\Security\Sniffs\Misc;
+
+use PHP_CodeSniffer\Sniffs\Sniff;
+use PHP_CodeSniffer\Files\File;
+
+
+class TypeJuggleSniff implements Sniff {
+
+	/**
+	* Returns the token types that this sniff is interested in.
+	*
+	* @return array(int)
+	*/
+	public function register() {
+		return array(T_IS_EQUAL, T_IS_NOT_EQUAL);
+	}
+
+	/**
+	* Processes the tokens that this sniff is interested in.
+	*
+	* @param File $phpcsFile The file where the token was found.
+	* @param int                  $stackPtr  The position in the stack where
+	*                                        the token was found.
+	*
+	* @return void
+	*/
+	public function process(File $phpcsFile, $stackPtr) {
+		$tokens = $phpcsFile->getTokens();
+		if (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode')) {
+			$warning = 'You are using the comparison operator "'. $tokens[$stackPtr]['content'] .'" that converts type and may cause unintended results.';
+			$phpcsFile->addWarning($warning, $stackPtr, 'TypeJuggle');
+		}
+	}
+
+}
+
+?>

example_base_ruleset.xml

@@ -47,6 +47,7 @@
 <!-- Misc -->
 <rule ref="Security.Misc.BadCorsHeader"/>
 <rule ref="Security.Misc.IncludeMismatch"/>
+<rule ref="Security.Misc.TypeJuggle"/>
 
 </ruleset>
 

tests.php

@@ -11,7 +11,7 @@
 	preg_replace($_GET['b'], $_GET['a'], $_GET['c']);
 	preg_replace($b, $_GET['a'], 'aaaaaa');
 	preg_replace("aaa", $_GET['a'], 'ababaaa');
-	
+
 
 	// BadFunctions
 	md5();
@@ -44,6 +44,7 @@
 	$a->withHeader('Access-Control-Allow-Origin', '*');
 	include('abc.xyz');
 	require_once EXTENSION_PATH . '/path/to' . $name . '.jkl';
+	0 == '0 cats';
 
 	// Easy user input
 	$_GET['a'] = 'xss';