forked from az-digital/az_quickstart
-
Notifications
You must be signed in to change notification settings - Fork 0
/
phpcs.xml.dist
92 lines (76 loc) · 3.54 KB
/
phpcs.xml.dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?xml version="1.0" encoding="UTF-8"?>
<ruleset name="az-quickstart">
<description>PHPCS configuration for AZ QuickStart</description>
<!-- Check all files within the AZ QuickStart installation profile. -->
<file>.</file>
<arg name="extensions" value="php,install,module,profile,inc"/>
<arg name="cache" value=".phpcs-cache"/>
<arg name="parallel" value="10"/>
<exclude-pattern>*min.css</exclude-pattern>
<exclude-pattern>*min.js</exclude-pattern>
<exclude-pattern>*/arizona-bootstrap/*</exclude-pattern>
<exclude-pattern>*/ua-brand-icons/*</exclude-pattern>
<exclude-pattern>*/node_modules/*</exclude-pattern>
<!-- Code is to be tested as Drupal 8. -->
<config name="drupal_core_version" value="8"/>
<!-- Set configuration so that warnings should not cause error exit status. -->
<config name="ignore_warnings_on_exit" value="1"/>
<!-- Framework or CMS used. Must be a class under Security_Sniffs. -->
<!-- TODO: Investigate this missing class -->
<!-- <config name="CmsFramework" value="Drupal8"/> -->
<!-- Internal sniffs -->
<rule ref="Internal.NoCodeFound">
<!-- No PHP code in *.md *.txt *.yml -->
<exclude-pattern>*.md</exclude-pattern>
<exclude-pattern>*.txt</exclude-pattern>
<exclude-pattern>*.yml</exclude-pattern>
</rule>
<!-- Drupal sniffs. -->
<rule ref="Drupal">
<!-- Remove warnings in regard to Drupal.org .info file generation. -->
<exclude name="Drupal.InfoFiles.AutoAddedKeys"/>
<!-- TagsNotGrouped has false positives. See https://www.drupal.org/node/2502837 -->
<exclude name="Drupal.Commenting.DocComment.TagsNotGrouped"/>
<!-- MissingShort has false positives. See https://www.drupal.org/project/drupal/issues/2572635 -->
<exclude name="Drupal.Commenting.DocComment.MissingShort"/>
</rule>
<!-- Security Code Reviews Rules -->
<!-- Global properties -->
<!-- Please note that not every sniff uses them and they can be overwritten by rule -->
<!-- Paranoya mode: Will generate more alerts but will miss less vulnerabilites. Good for assisting manual code review. -->
<config name="ParanoiaMode" value="1"/>
<!-- BadFunctions -->
<!-- PHP functions that can lead to security issues -->
<rule ref="Security.BadFunctions.Asserts"/>
<rule ref="Security.BadFunctions.Backticks"/>
<rule ref="Security.BadFunctions.CallbackFunctions"/>
<rule ref="Security.BadFunctions.CryptoFunctions"/>
<rule ref="Security.BadFunctions.EasyRFI"/>
<rule ref="Security.BadFunctions.EasyXSS">
<properties>
<!-- Comment out to follow global ParanoiaMode -->
<property name="forceParanoia" value="1"/>
</properties>
</rule>
<rule ref="Security.BadFunctions.ErrorHandling"/>
<rule ref="Security.BadFunctions.FilesystemFunctions"/>
<rule ref="Security.BadFunctions.FringeFunctions"/>
<rule ref="Security.BadFunctions.FunctionHandlingFunctions"/>
<rule ref="Security.BadFunctions.Mysqli"/>
<rule ref="Security.BadFunctions.NoEvals"/>
<rule ref="Security.BadFunctions.Phpinfos"/>
<rule ref="Security.BadFunctions.PregReplace"/>
<rule ref="Security.BadFunctions.SQLFunctions"/>
<rule ref="Security.BadFunctions.SystemExecFunctions"/>
<!-- CVE -->
<!-- Entries from CVE database from vendor PHP and bugs.php.net -->
<rule ref="Security.CVE.CVE20132110"/>
<rule ref="Security.CVE.CVE20134113"/>
<!-- Misc -->
<rule ref="Security.Misc.BadCorsHeader"/>
<rule ref="Security.Misc.IncludeMismatch"/>
<rule ref="Security.Misc.TypeJuggle"/>
<!-- PHPCompatibility -->
<rule ref="PHPCompatibility"/>
<config name="testVersion" value="7.3-"/>
</ruleset>