*/ protected $targetFunctions = [ 'hash_hmac' => true, 'hash_hmac_file' => true, 'hash_init' => true, 'hash_pbkdf2' => true, ]; /** * List of the non-cryptographic hashes. * * @since 9.0.0 * * @var array */ protected $disabledCryptos = [ 'adler32' => true, 'crc32' => true, 'crc32b' => true, 'fnv132' => true, 'fnv1a32' => true, 'fnv164' => true, 'fnv1a64' => true, 'joaat' => true, ]; /** * Do a version check to determine if this sniff needs to run at all. * * @since 9.0.0 * * @return bool */ protected function bowOutEarly() { return (ScannedCode::shouldRunOnOrAbove('7.2') === false); } /** * Process the parameters of a matched function. * * @since 9.0.0 * * @param \PHP_CodeSniffer\Files\File $phpcsFile The file being scanned. * @param int $stackPtr The position of the current token in the stack. * @param string $functionName The token content (function name) which was matched. * @param array $parameters Array with information about the parameters. * * @return int|void Integer stack pointer to skip forward or void to continue * normal file processing. */ public function processParameters(File $phpcsFile, $stackPtr, $functionName, $parameters) { $targetParam = PassedParameters::getParameterFromStack($parameters, 1, 'algo'); if ($targetParam === false) { return; } if (isset($this->disabledCryptos[TextStrings::stripQuotes($targetParam['clean'])]) === false) { return; } // For hash_init(), these hashes are only disabled with HASH_HMAC set. $functionLC = \strtolower($functionName); if ($functionLC === 'hash_init') { $secondParam = PassedParameters::getParameterFromStack($parameters, 2, 'flags'); if ($secondParam === false) { // $flags parameter not found. return; } $secondParamContent = \ltrim($secondParam['clean'], ' \\'); // Trim off potential leading namespace separator for FQN. if ($secondParamContent !== 'HASH_HMAC' && $secondParamContent !== (string) \HASH_HMAC ) { // $flags parameter not set to HASH_HMAC. return; } } $phpcsFile->addError( 'Non-cryptographic hashes are no longer accepted by function %s() since PHP 7.2. Found: %s', $targetParam['start'], MessageHelper::stringToErrorCode($functionLC), [ $functionName, $targetParam['clean'], ] ); } }