From e54db42cf5da1a151d24cf255e5c5294c7cf2b6e Mon Sep 17 00:00:00 2001
From: bug-tape <bgr@escapio.com>
Date: Mon, 6 Aug 2018 12:18:44 +0200
Subject: [PATCH] Don't recognize object method as filesystem func

If you have a class with a method e.g. *delete* this sniff will give a warning when used with dynamic parameter. As long as only global functions must be checked this makes no sense.
---
 Security/Sniffs/BadFunctions/FilesystemFunctionsSniff.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Security/Sniffs/BadFunctions/FilesystemFunctionsSniff.php b/Security/Sniffs/BadFunctions/FilesystemFunctionsSniff.php
index bbcabd2..fc20315 100644
--- a/Security/Sniffs/BadFunctions/FilesystemFunctionsSniff.php
+++ b/Security/Sniffs/BadFunctions/FilesystemFunctionsSniff.php
@@ -32,6 +32,11 @@ public function process(File $phpcsFile, $stackPtr) {
 			if ($tokens[$stackPtr]['content'] == 'symlink') {
 				$phpcsFile->addWarning('Allowing symlink() while open_basedir is used is actually a security risk. Disabled by default in Suhosin >= 0.9.6', $stackPtr, 'WarnSymlink');
 			}
+			
+			if ($tokens[$stackPtr - 1]['code'] == T_OBJECT_OPERATOR) {
+				return;
+			}
+			
             $s = $stackPtr + 1;
 			$opener = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr, null, false, null, true);
 			if (!$opener) {