Jonathan Marcil

Thanks for your contrib and to the maintainer, as I really like having Jekyll in Docker.. saved me a lot of time! I'd like to try to bump/upvote this because...

not a bad idea.. this will need to be done after #4 is closed.

Fair point. However, those variables, especially _FILES and _SERVER can actually have user input, so we can't really suppress them just like that. One thing that could be done would...

Oh wow I'm so consistent without remembering anything it's scary. See https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/BadFunctions/EasyRFISniff.php#L42 We do are using `is_token_false_positive` in utils with some of those safe SERVER vars I was talking about....

I think that this is a valid way of diminishing false positives. But why just limit it to filesystem functions? I can see this one giving false positive too: ```...

Looks like the solution from #20 and #42 could be applied to all non object based functions: Validate if the token before is a T_OBJECT_OPERATOR and then skip it if...

Hello, thank you for your feedback! Glad this tool is still useful nowadays. It appears to me that the rule might be bugged. This goes even bigger than the assert()...

Note to self: We can quick patch this in AssertsSniff by checking if `strtolower($tokens[$s])` is true or false. Might be good to do before closing this issue.

Thank you for the detailed examples! I'd like to put the emphasis that the goal of this tool is to be overzealous about everything when Paranoia mode is turned on...

A little bit of history of how things work in this tool. First of all, it clearly says on the README that it is a generator of false positive 😅....