Merge pull request #73 from magento/update-functions

Made InsecureFunctionSniff in line with UnsecureFunctionsUsageTest

Author: lenaorobei

Magento2/Sniffs/Security/InsecureFunctionSniff.php

@@ -33,9 +33,11 @@ class InsecureFunctionSniff extends ForbiddenFunctionsSniff
         'pcntl_exec' => null,
         'popen' => null,
         'proc_open' => null,
-        'serialize' => 'json_encode',
+        'serialize' => '\Magento\Framework\Serialize\SerializerInterface::serialize',
         'shell_exec' => null,
         'system' => null,
-        'unserialize' => 'json_decode',
+        'unserialize' => '\Magento\Framework\Serialize\SerializerInterface::unserialize',
+        'srand' => null,
+        'mt_srand'=> null,
     ];
 }

Magento2/Tests/Security/InsecureFunctionUnitTest.inc

@@ -23,3 +23,7 @@ proc_open('echo 1;');
 create_function('args', 'code');
 
 pcntl_exec('path/goes/here');
+
+srand();
+
+mt_srand();

Magento2/Tests/Security/InsecureFunctionUnitTest.php

@@ -38,6 +38,8 @@ public function getWarningList()
             21 => 1,
             23 => 1,
             25 => 1,
+            27 => 1,
+            29 => 1,
         ];
     }
 }