Merge pull request #2615 from rodrigoprimo/direct-database-query-fix-false-positive

DB/DirectDatabaseQuery: fix false negatives when cache function names are not a function call

Author: dingo-d

WordPress/Sniffs/DB/DirectDatabaseQuerySniff.php

@@ -229,6 +229,12 @@ public function process_token( $stackPtr ) {
 
 			for ( $i = ( $scopeStart + 1 ); $i < $scopeEnd; $i++ ) {
 				if ( \T_STRING === $this->tokens[ $i ]['code'] ) {
+					$nextNonEmpty = $this->phpcsFile->findNext( Tokens::$emptyTokens, ( $i + 1 ), null, true );
+
+					if ( \T_OPEN_PARENTHESIS !== $this->tokens[ $nextNonEmpty ]['code'] ) {
+						continue;
+					}
+
 					$content = strtolower( $this->tokens[ $i ]['content'] );
 
 					if ( isset( $this->cacheDeleteFunctions[ $content ] ) ) {

WordPress/Tests/DB/DirectDatabaseQueryUnitTest.1.inc

@@ -354,3 +354,28 @@ function cache_custom_mixed_case_B() {
 // phpcs:set WordPress.DB.DirectDatabaseQuery customCacheGetFunctions[]
 // phpcs:set WordPress.DB.DirectDatabaseQuery customCacheSetFunctions[]
 // phpcs:set WordPress.DB.DirectDatabaseQuery customCacheDeleteFunctions[]
+
+// Protect against false negatives where the cache function names are used as the content
+// of a T_STRING token that is not a function call.
+function notCacheFunctionCalls() {
+    global $wpdb;
+
+    $bar->wp_cache_get = 'something';
+    $listofthings = $wpdb->get_col( 'SELECT something FROM somewhere WHERE someotherthing = 1' ); // Warning x 2.
+    $foo = wp_cache_set;
+
+    return $listofthings;
+}
+
+// The sniff deliberately does not distinguish between calls to cache functions and calls to methods with the same name as the functions,
+// as those method calls are likely custom cache functions.
+function methodNamesSameAsCacheFunctions() {
+	global $wpdb, $bar;
+
+	if ( ! ( $listofthings = $bar->wp_cache_get( 'foo' ) ) ) {
+		$listofthings = $wpdb->get_col( 'SELECT something FROM somewhere WHERE someotherthing = 1' ); // Warning direct DB call.
+		$bar->wp_cache_set( 'foo', $listofthings );
+	}
+
+	return $listofthings;
+}

WordPress/Tests/DB/DirectDatabaseQueryUnitTest.php

@@ -97,6 +97,8 @@ public function getWarningList( $testFile = '' ) {
 					333 => 2,
 					343 => 1,
 					350 => 1,
+					364 => 2,
+					376 => 1,
 				);
 			default:
 				return array();