BadFunctions/EasyRFI: minor code simplification [2]

The only token which can have a `content` of `.` is the `T_STRING_CONCAT` token, so we may as well exclude it from being found.
FloeDesignTechnologies · Mar 16, 2020 · e12a51b · e12a51b
1 parent cc89cb4
commit e12a51b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Security/Sniffs/BadFunctions/EasyRFISniff.php b/Security/Sniffs/BadFunctions/EasyRFISniff.php
@@ -24,6 +24,7 @@ public function register() {
 		$this->search  = \PHP_CodeSniffer\Util\Tokens::$emptyTokens;
 		$this->search += \PHP_CodeSniffer\Util\Tokens::$bracketTokens;
 		$this->search += \PHPCS_SecurityAudit\Security\Sniffs\Utils::$staticTokens;
+		$this->search[T_STRING_CONCAT] = T_STRING_CONCAT;
 
 		return array(T_INCLUDE, T_INCLUDE_ONCE, T_REQUIRE, T_REQUIRE_ONCE);
 	}
@@ -59,7 +60,7 @@ public function process(File $phpcsFile, $stackPtr) {
 				if (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') || !$utils::is_token_false_positive($tokens[$s], $tokens[$s+2])) {
 					$phpcsFile->addError('Easy RFI detected because of direct user input with %s on %s', $s, 'ErrEasyRFI', $data);
 				}
-			} elseif (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode') && $tokens[$s]['content'] != '.') {
+			} elseif (\PHP_CodeSniffer\Config::getConfigData('ParanoiaMode')) {
 				$phpcsFile->addWarning('Possible RFI detected with %s on %s', $s, 'WarnEasyRFI', $data);
 			}
 		}