wishthis/vendor/wp-coding-standards/wpcs/WordPress/Sniffs/DB/DirectDatabaseQuerySniff.php

266 lines
7.3 KiB
PHP
Raw Normal View History

2022-06-21 16:04:22 +00:00
<?php
/**
* WordPress Coding Standard.
*
* @package WPCS\WordPressCodingStandards
* @link https://github.com/WordPress/WordPress-Coding-Standards
* @license https://opensource.org/licenses/MIT MIT
*/
namespace WordPressCS\WordPress\Sniffs\DB;
use WordPressCS\WordPress\Sniff;
use PHP_CodeSniffer\Util\Tokens;
/**
* Flag Database direct queries.
*
* @link https://vip.wordpress.com/documentation/vip-go/code-review-blockers-warnings-notices/#direct-database-queries
*
* @package WPCS\WordPressCodingStandards
*
* @since 0.3.0
* @since 0.6.0 Removed the add_unique_message() function as it is no longer needed.
* @since 0.11.0 This class now extends the WordPressCS native `Sniff` class.
* @since 0.13.0 Class name changed: this class is now namespaced.
* @since 1.0.0 This sniff has been moved from the `VIP` category to the `DB` category.
*/
class DirectDatabaseQuerySniff extends Sniff {
/**
* List of custom cache get functions.
*
* @since 0.6.0
*
* @var string|string[]
*/
public $customCacheGetFunctions = array();
/**
* List of custom cache set functions.
*
* @since 0.6.0
*
* @var string|string[]
*/
public $customCacheSetFunctions = array();
/**
* List of custom cache delete functions.
*
* @since 0.6.0
*
* @var string|string[]
*/
public $customCacheDeleteFunctions = array();
/**
* Cache of previously added custom functions.
*
* Prevents having to do the same merges over and over again.
*
* @since 0.11.0
*
* @var array
*/
protected $addedCustomFunctions = array(
'cacheget' => array(),
'cacheset' => array(),
'cachedelete' => array(),
);
/**
* The lists of $wpdb methods.
*
* @since 0.6.0
* @since 0.11.0 Changed from static to non-static.
*
* @var array[]
*/
protected $methods = array(
'cachable' => array(
'delete' => true,
'get_var' => true,
'get_col' => true,
'get_row' => true,
'get_results' => true,
'query' => true,
'replace' => true,
'update' => true,
),
'noncachable' => array(
'insert' => true,
),
);
/**
* Returns an array of tokens this test wants to listen for.
*
* @return array
*/
public function register() {
return array(
\T_VARIABLE,
);
}
/**
* Processes this test, when one of its tokens is encountered.
*
* @param int $stackPtr The position of the current token in the stack.
*
* @return int|void Integer stack pointer to skip forward or void to continue
* normal file processing.
*/
public function process_token( $stackPtr ) {
// Check for $wpdb variable.
if ( '$wpdb' !== $this->tokens[ $stackPtr ]['content'] ) {
return;
}
$is_object_call = $this->phpcsFile->findNext( \T_OBJECT_OPERATOR, ( $stackPtr + 1 ), null, false, null, true );
if ( false === $is_object_call ) {
return; // This is not a call to the wpdb object.
}
$methodPtr = $this->phpcsFile->findNext( array( \T_WHITESPACE ), ( $is_object_call + 1 ), null, true, null, true );
$method = $this->tokens[ $methodPtr ]['content'];
$this->mergeFunctionLists();
if ( ! isset( $this->methods['all'][ $method ] ) ) {
return;
}
$endOfStatement = $this->phpcsFile->findNext( \T_SEMICOLON, ( $stackPtr + 1 ), null, false, null, true );
$endOfLineComment = '';
for ( $i = ( $endOfStatement + 1 ); $i < $this->phpcsFile->numTokens; $i++ ) {
if ( $this->tokens[ $i ]['line'] !== $this->tokens[ $endOfStatement ]['line'] ) {
break;
}
if ( \T_COMMENT === $this->tokens[ $i ]['code'] ) {
$endOfLineComment .= $this->tokens[ $i ]['content'];
}
}
$whitelisted_db_call = false;
if ( preg_match( '/db call\W*(?:ok|pass|clear|whitelist)/i', $endOfLineComment ) ) {
$whitelisted_db_call = true;
}
// Check for Database Schema Changes.
for ( $_pos = ( $stackPtr + 1 ); $_pos < $endOfStatement; $_pos++ ) {
$_pos = $this->phpcsFile->findNext( Tokens::$textStringTokens, $_pos, $endOfStatement, false, null, true );
if ( false === $_pos ) {
break;
}
if ( preg_match( '#\b(?:ALTER|CREATE|DROP)\b#i', $this->tokens[ $_pos ]['content'] ) > 0 ) {
$this->phpcsFile->addWarning( 'Attempting a database schema change is discouraged.', $_pos, 'SchemaChange' );
}
}
// Flag instance if not whitelisted.
if ( ! $whitelisted_db_call ) {
$this->phpcsFile->addWarning( 'Usage of a direct database call is discouraged.', $stackPtr, 'DirectQuery' );
}
if ( ! isset( $this->methods['cachable'][ $method ] ) ) {
return $endOfStatement;
}
$whitelisted_cache = false;
$cached = false;
$wp_cache_get = false;
if ( preg_match( '/cache\s+(?:ok|pass|clear|whitelist)/i', $endOfLineComment ) ) {
$whitelisted_cache = true;
}
if ( ! $whitelisted_cache && ! empty( $this->tokens[ $stackPtr ]['conditions'] ) ) {
$scope_function = $this->phpcsFile->getCondition( $stackPtr, \T_FUNCTION );
if ( false === $scope_function ) {
$scope_function = $this->phpcsFile->getCondition( $stackPtr, \T_CLOSURE );
}
if ( false !== $scope_function ) {
$scopeStart = $this->tokens[ $scope_function ]['scope_opener'];
$scopeEnd = $this->tokens[ $scope_function ]['scope_closer'];
for ( $i = ( $scopeStart + 1 ); $i < $scopeEnd; $i++ ) {
if ( \T_STRING === $this->tokens[ $i ]['code'] ) {
if ( isset( $this->cacheDeleteFunctions[ $this->tokens[ $i ]['content'] ] ) ) {
if ( \in_array( $method, array( 'query', 'update', 'replace', 'delete' ), true ) ) {
$cached = true;
break;
}
} elseif ( isset( $this->cacheGetFunctions[ $this->tokens[ $i ]['content'] ] ) ) {
$wp_cache_get = true;
} elseif ( isset( $this->cacheSetFunctions[ $this->tokens[ $i ]['content'] ] ) ) {
if ( $wp_cache_get ) {
$cached = true;
break;
}
}
}
}
}
}
if ( ! $cached && ! $whitelisted_cache ) {
$message = 'Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().';
$this->phpcsFile->addWarning( $message, $stackPtr, 'NoCaching' );
}
return $endOfStatement;
}
/**
* Merge custom functions provided via a custom ruleset with the defaults, if we haven't already.
*
* @since 0.11.0 Split out from the `process()` method.
*
* @return void
*/
protected function mergeFunctionLists() {
if ( ! isset( $this->methods['all'] ) ) {
$this->methods['all'] = array_merge( $this->methods['cachable'], $this->methods['noncachable'] );
}
if ( $this->customCacheGetFunctions !== $this->addedCustomFunctions['cacheget'] ) {
$this->cacheGetFunctions = $this->merge_custom_array(
$this->customCacheGetFunctions,
$this->cacheGetFunctions
);
$this->addedCustomFunctions['cacheget'] = $this->customCacheGetFunctions;
}
if ( $this->customCacheSetFunctions !== $this->addedCustomFunctions['cacheset'] ) {
$this->cacheSetFunctions = $this->merge_custom_array(
$this->customCacheSetFunctions,
$this->cacheSetFunctions
);
$this->addedCustomFunctions['cacheset'] = $this->customCacheSetFunctions;
}
if ( $this->customCacheDeleteFunctions !== $this->addedCustomFunctions['cachedelete'] ) {
$this->cacheDeleteFunctions = $this->merge_custom_array(
$this->customCacheDeleteFunctions,
$this->cacheDeleteFunctions
);
$this->addedCustomFunctions['cachedelete'] = $this->customCacheDeleteFunctions;
}
}
}