Differential D21453 Diff 51066 src/lint/linter/xhpast/rules/ArcanistFormattedStringXHPASTLinterRule.php
Changeset View
Changeset View
Standalone View
Standalone View
src/lint/linter/xhpast/rules/ArcanistFormattedStringXHPASTLinterRule.php
Show First 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | foreach ($function_calls as $call) { | ||||
if ($argc < 1) { | if ($argc < 1) { | ||||
$this->raiseLintAtNode( | $this->raiseLintAtNode( | ||||
$call, | $call, | ||||
pht('This function is expected to have a format string.')); | pht('This function is expected to have a format string.')); | ||||
continue; | continue; | ||||
} | } | ||||
$format = $parameters->getChildByIndex($start); | $format = $parameters->getChildByIndex($start); | ||||
if ($format->getTypeName() != 'n_STRING_SCALAR') { | if (!$format->isConstantString()) { | ||||
// TODO: When this parameter is not a constant string, the call may | |||||
// be unsafe. We should make some attempt to warn about this for | |||||
// "qsprintf()" and other security-sensitive functions. | |||||
continue; | continue; | ||||
} | } | ||||
$argv = array($format->evalStatic()) + array_fill(0, $argc, null); | $argv = array($format->evalStatic()) + array_fill(0, $argc, null); | ||||
try { | try { | ||||
xsprintf(null, null, $argv); | xsprintf(null, null, $argv); | ||||
} catch (BadFunctionCallException $ex) { | } catch (BadFunctionCallException $ex) { | ||||
Show All 10 Lines |