PHPSA\Analyzer\Pass\Expression\FunctionCall\UnsafeUnserialize::pass PHP Method

UnsafeUnserialize Class Documentation Show file Open project: ovr/phpsa

pass() public method

public pass ( PhpParser\Node\Expr\FuncCall $funcCall, Context $context )
$funcCall	PhpParser\Node\Expr\FuncCall
$context	PHPSA\Context

    public function pass(FuncCall $funcCall, Context $context)
    {
        $functionName = $this->resolveFunctionName($funcCall, $context);
        if ($functionName !== 'unserialize') {
            return false;
        }
        if (count($funcCall->args) < 2) {
            $context->notice('unsafe.unserialize', sprintf('unserialize() should be used with a list of allowed classes or false as 2nd parameter.'), $funcCall);
            return true;
        }
        return false;
    }

UnsafeUnserialize

getMetadata

pass