Hooks/RestrictedHooks: bug fix - false positives for dynamic name with concatenation

As things were, the code in the `normalize_hook_name_from_parameter()` method would check for concatenation and if found, would gather the contents of all `T_CONSTANT_ENCAPSED_STRING` tokens found in the parameter.

However, this presumes all the concatenated parts are text strings and disregards the possibility that variables would be concatenated in, leading to false positives.

Fixed now.

Includes tests.

Author: jrfnl

WordPressVIPMinimum/Sniffs/Hooks/RestrictedHooksSniff.php

@@ -9,6 +9,7 @@
 
 namespace WordPressVIPMinimum\Sniffs\Hooks;
 
+use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\Utils\MessageHelper;
 use PHPCSUtils\Utils\PassedParameters;
 use WordPressCS\WordPress\AbstractFunctionParameterSniff;
@@ -91,6 +92,10 @@ public function process_parameters( $stackPtr, $group_name, $matched_content, $p
 		}
 
 		$normalized_hook_name = $this->normalize_hook_name_from_parameter( $hook_name_param );
+		if ( $normalized_hook_name === '' ) {
+			// Dynamic hook name. Cannot reliably determine if it's one of the targets. Bow out.
+			return;
+		}
 
 		foreach ( $this->restricted_hook_groups as $group => $group_args ) {
 			foreach ( $group_args['hooks'] as $hook ) {
@@ -107,31 +112,27 @@ public function process_parameters( $stackPtr, $group_name, $matched_content, $p
 	 *
 	 * @param array $parameter Array with information about a parameter.
 	 *
-	 * @return string Normalized hook name.
+	 * @return string Normalized hook name or an empty string if the hook name could not be determined.
 	 */
 	private function normalize_hook_name_from_parameter( $parameter ) {
-		// If concatenation is found, build hook name.
-		$concat_ptr = $this->phpcsFile->findNext(
-			T_STRING_CONCAT,
-			$parameter['start'],
-			$parameter['end'],
-			false,
-			null,
-			true
-		);
+		$allowed_tokens  = Tokens::$emptyTokens;
+		$allowed_tokens += [
+			T_STRING_CONCAT            => T_STRING_CONCAT,
+			T_CONSTANT_ENCAPSED_STRING => T_CONSTANT_ENCAPSED_STRING,
+		];
 
-		if ( $concat_ptr ) {
-			$hook_name = '';
-			for ( $i = $parameter['start']; $i <= $parameter['end']; $i++ ) {
-				if ( $this->tokens[ $i ]['code'] === T_CONSTANT_ENCAPSED_STRING ) {
-					$hook_name .= str_replace( [ "'", '"' ], '', $this->tokens[ $i ]['content'] );
-				}
+		$has_disallowed_token = $this->phpcsFile->findNext( $allowed_tokens, $parameter['start'], ( $parameter['end'] + 1 ), true );
+		if ( $has_disallowed_token !== false ) {
+			return '';
+		}
+
+		$hook_name = '';
+		for ( $i = $parameter['start']; $i <= $parameter['end']; $i++ ) {
+			if ( $this->tokens[ $i ]['code'] === T_CONSTANT_ENCAPSED_STRING ) {
+				$hook_name .= str_replace( [ "'", '"' ], '', $this->tokens[ $i ]['content'] );
 			}
-		} else {
-			$hook_name = $parameter['clean'];
 		}
 
-		// Remove quotes (double and single).
-		return str_replace( [ "'", '"' ], '', $hook_name );
+		return $hook_name;
 	}
 }

WordPressVIPMinimum/Tests/Hooks/RestrictedHooksUnitTest.inc

@@ -74,3 +74,7 @@ add_filter( 'upLoad_mimeS' , $callback); // OK, not our target.
 
 // Bug fix - spacing vs concatenation.
 add_filter('do_' . 'robots' . 'txt', 'bad_example_function'); // Warning.
+
+// Ignore partially dynamic hook names.
+add_filter( 'robots_' . $something . 'txt' , $callback); // OK, ignored as undetermined.
+add_filter( 'http_request_timeout' . $something, $callback); // OK, ignored as undetermined.