Sniff update WIP

Need to write a recursive method that will check the fully qualified class names and if they have a static method call in them. We should also be careful not to catch the throw Exception cases, as for those we do want to check the parameters of the static method if they are escaped or not.
WordPress · Aug 30, 2023 · ef75f3f · ef75f3f
1 parent d02caaf
commit ef75f3f
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/WordPress/Sniffs/Security/EscapeOutputSniff.php b/WordPress/Sniffs/Security/EscapeOutputSniff.php
@@ -738,13 +738,25 @@ protected function check_code_is_escaped( $start, $end ) {
 				$content = $functionName;
 
 				// Check if it's static method call.
-				$double_colon = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), $end, true );
-				if ( false !== $double_colon
+				$next_non_empty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), $end, true );
+				if ( false !== $next_non_empty
 					&& \T_DOUBLE_COLON === $this->tokens[ $double_colon ]['code']
 				) {
 					// Set the pointer to the end of the method.
 					$i = $this->phpcsFile->findNext( \T_CLOSE_PARENTHESIS, $i, $end );
 				}
+
+				// Check if the class is fully qualified (namespaced), then check for the double colon (static method).
+				if ( false !== $next_non_empty
+					&& \T_NS_SEPARATOR === $this->tokens[ $double_colon ]['code']
+				) {
+
+				}
+
+				// Checking for fully qualified name - go and find all the T_STRING and T_NS_SEPARATOR until the T_DOUBLE_COLON token.
+
+
+
 			} else {
 				$content = $this->tokens[ $i ]['content'];
 				$ptr     = $i;