-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathruleset.xml
More file actions
91 lines (79 loc) · 4.06 KB
/
ruleset.xml
File metadata and controls
91 lines (79 loc) · 4.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<?xml version="1.0"?>
<!--suppress XmlUnboundNsPrefix, XmlUnboundNsPrefix -->
<ruleset name="WordPress PSR and PHPCompatibility">
<description>Best practices beyond core WordPress Coding Standards and PSR</description>
<rule ref="PSR2"/>
<rule ref="Generic.PHP.DeprecatedFunctions"/>
<rule ref="Generic.PHP.ForbiddenFunctions"/>
<rule ref="Generic.Functions.CallTimePassByReference"/>
<rule ref="Generic.Formatting.DisallowMultipleStatements"/>
<rule ref="Generic.CodeAnalysis.EmptyStatement"/>
<rule ref="Generic.CodeAnalysis.ForLoopShouldBeWhileLoop"/>
<rule ref="Generic.CodeAnalysis.ForLoopWithTestFunctionCall"/>
<rule ref="Generic.CodeAnalysis.JumbledIncrementer"/>
<rule ref="Generic.CodeAnalysis.UnconditionalIfStatement"/>
<rule ref="Generic.CodeAnalysis.UnnecessaryFinalModifier"/>
<rule ref="Generic.CodeAnalysis.UselessOverridingMethod"/>
<rule ref="Generic.Classes.DuplicateClassName"/>
<rule ref="Generic.Strings.UnnecessaryStringConcat"/>
<rule ref="Generic.NamingConventions.UpperCaseConstantName"/>
<rule ref="WordPress.PHP.DiscouragedFunctions"/>
<rule ref="WordPress.PHP.POSIXFunctions"/>
<rule ref="WordPress.PHP.StrictComparisons"/>
<!-- http://make.wordpress.org/core/handbook/coding-standards/php/#remove-trailing-spaces -->
<rule ref="Squiz.WhiteSpace.SuperfluousWhitespace"/>
<rule ref="WordPress.Functions.DontExtract"/>
<rule ref="WordPress.NamingConventions.ValidHookName"/>
<rule ref="WordPress.XSS.EscapeOutput"/>
<rule ref="WordPress.CSRF.NonceVerification"/>
<rule ref="WordPress.WP.PreparedSQL"/>
<rule ref="WordPress.Variables.GlobalVariables"/>
<rule ref="WordPress.WP.EnqueuedResources"/>
<rule ref="WordPress.WP.I18n"/>
<!-- https://vip.wordpress.com/documentation/code-review-what-we-look-for/#using-in_array-without-strict-parameter -->
<rule ref="WordPress.PHP.StrictInArray"/>
<rule ref="Squiz.Commenting.BlockComment" />
<rule ref="Squiz.Commenting.DocCommentAlignment" />
<rule ref="Squiz.Commenting.EmptyCatchComment" />
<rule ref="Squiz.Commenting.InlineComment" />
<rule ref="Squiz.Commenting.LongConditionClosingComment" />
<rule ref="Squiz.Commenting.PostStatementComment" />
<!-- Run against the PHPCompatibility ruleset -->
<rule ref="PHPCompatibility"/>
<config name="testVersion" value="5.6"/>
<!-- Security Code Reviews Rules -->
<!-- Global properties -->
<!-- Please note that not every sniff uses them and they can be overwritten by rule -->
<!-- Paranoya mode: Will generate more alerts but will miss less vulnerabilities. Good for assisting manual code review. -->
<config name="ParanoiaMode" value="1"/>
<!-- BadFunctions -->
<!-- PHP functions that can lead to security issues -->
<rule ref="Security.BadFunctions.Asserts"/>
<rule ref="Security.BadFunctions.Backticks"/>
<rule ref="Security.BadFunctions.CallbackFunctions"/>
<rule ref="Security.BadFunctions.CryptoFunctions"/>
<rule ref="Security.BadFunctions.EasyRFI"/>
<rule ref="Security.BadFunctions.EasyXSS">
<properties>
<!-- Comment out to follow global ParanoiaMode -->
<property name="forceParanoia" value="1"/>
</properties>
</rule>
<rule ref="Security.BadFunctions.ErrorHandling"/>
<rule ref="Security.BadFunctions.FilesystemFunctions"/>
<rule ref="Security.BadFunctions.FringeFunctions"/>
<rule ref="Security.BadFunctions.FunctionHandlingFunctions"/>
<rule ref="Security.BadFunctions.Mysqli"/>
<rule ref="Security.BadFunctions.NoEvals"/>
<rule ref="Security.BadFunctions.Phpinfos"/>
<rule ref="Security.BadFunctions.PregReplace"/>
<rule ref="Security.BadFunctions.SQLFunctions"/>
<rule ref="Security.BadFunctions.SystemExecFunctions"/>
<!-- CVE -->
<!-- Entries from CVE database from vendor PHP and bugs.php.net -->
<rule ref="Security.CVE.20132110"/>
<rule ref="Security.CVE.20134113"/>
<!-- Misc -->
<rule ref="Security.Misc.BadCorsHeader"/>
<rule ref="Security.Misc.IncludeMismatch"/>
</ruleset>