From b48fe7dbd6e924832d26a22f5888e45a5e913e27 Mon Sep 17 00:00:00 2001
From: Evgenii Levinskii <el@ideal-code.ru>
Date: Sat, 27 Apr 2019 13:54:39 +0300
Subject: [PATCH] Added json_encode/json_decode to list of insecure functions

---
 Magento2/Sniffs/Security/InsecureFunctionSniff.php   | 6 ++++--
 Magento2/Tests/Security/InsecureFunctionUnitTest.inc | 4 ++++
 Magento2/Tests/Security/InsecureFunctionUnitTest.php | 2 ++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/Magento2/Sniffs/Security/InsecureFunctionSniff.php b/Magento2/Sniffs/Security/InsecureFunctionSniff.php
index 68b09382..7382bb3a 100644
--- a/Magento2/Sniffs/Security/InsecureFunctionSniff.php
+++ b/Magento2/Sniffs/Security/InsecureFunctionSniff.php
@@ -28,15 +28,17 @@ class InsecureFunctionSniff extends ForbiddenFunctionsSniff
         'assert' => null,
         'create_function' => null,
         'exec' => null,
+        'json_decode' => 'injection \Magento\Framework\Serialize\SerializerInterface to your construct and unserialize',
+        'json_encode' => 'injection \Magento\Framework\Serialize\SerializerInterface to your construct and serialize',
         'md5' => 'improved hash functions (SHA-256, SHA-512 etc.)',
         'passthru' => null,
         'pcntl_exec' => null,
         'popen' => null,
         'proc_open' => null,
-        'serialize' => '\Magento\Framework\Serialize\SerializerInterface::serialize',
+        'serialize' => 'injection \Magento\Framework\Serialize\SerializerInterface to your construct and serialize',
         'shell_exec' => null,
         'system' => null,
-        'unserialize' => '\Magento\Framework\Serialize\SerializerInterface::unserialize',
+        'unserialize' => 'injection \Magento\Framework\Serialize\SerializerInterface to your construct and unserialize',
         'srand' => null,
         'mt_srand'=> null,
     ];
diff --git a/Magento2/Tests/Security/InsecureFunctionUnitTest.inc b/Magento2/Tests/Security/InsecureFunctionUnitTest.inc
index a502580a..f2768050 100644
--- a/Magento2/Tests/Security/InsecureFunctionUnitTest.inc
+++ b/Magento2/Tests/Security/InsecureFunctionUnitTest.inc
@@ -27,3 +27,7 @@ pcntl_exec('path/goes/here');
 srand();
 
 mt_srand();
+
+json_encode([]);
+
+json_decode('[]');
diff --git a/Magento2/Tests/Security/InsecureFunctionUnitTest.php b/Magento2/Tests/Security/InsecureFunctionUnitTest.php
index 5a35a8d2..650f8a84 100644
--- a/Magento2/Tests/Security/InsecureFunctionUnitTest.php
+++ b/Magento2/Tests/Security/InsecureFunctionUnitTest.php
@@ -40,6 +40,8 @@ public function getWarningList()
             25 => 1,
             27 => 1,
             29 => 1,
+            31 => 1,
+            33 => 1
         ];
     }
 }