From a7d3a76ca0e247c71e3c580be15148ae04b95528 Mon Sep 17 00:00:00 2001
From: Adrien LUCAS <adrien.lucas@smile.fr>
Date: Tue, 15 Dec 2020 08:52:58 +0100
Subject: [PATCH] [tainting] improve twig template names resolving (#122)

---
 src/Twig/TwigUtils.php               | 12 ++++++++++++
 tests/unit/Symfony/TwigUtilsTest.php |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/src/Twig/TwigUtils.php b/src/Twig/TwigUtils.php
index 775dca0..3e0c9d9 100644
--- a/src/Twig/TwigUtils.php
+++ b/src/Twig/TwigUtils.php
@@ -17,6 +17,18 @@ class TwigUtils
 {
     public static function extractTemplateNameFromExpression(Expr $templateName, StatementsSource $source): string
     {
+        return self::resolveStringFromExpression($templateName, $source);
+    }
+
+    private static function resolveStringFromExpression(Expr $templateName, StatementsSource $source): string
+    {
+        if ($templateName instanceof Expr\BinaryOp\Concat) {
+            $right = self::resolveStringFromExpression($templateName->right, $source);
+            $left = self::resolveStringFromExpression($templateName->left, $source);
+
+            return $left.$right;
+        }
+
         if ($templateName instanceof Variable) {
             $type = $source->getNodeTypeProvider()->getType($templateName) ?? new Union([new TNull()]);
             $templateName = array_values($type->getAtomicTypes())[0];
diff --git a/tests/unit/Symfony/TwigUtilsTest.php b/tests/unit/Symfony/TwigUtilsTest.php
index 42a6581..7dbb0d7 100644
--- a/tests/unit/Symfony/TwigUtilsTest.php
+++ b/tests/unit/Symfony/TwigUtilsTest.php
@@ -50,6 +50,8 @@ class TwigUtilsTest extends TestCase
             ['dummy("expected.twig");'],
             ['dummy(\'expected.twig\');'],
             ['$a = "expected.twig"; dummy($a);'],
+            ['$a = "expected"; $b = ".twig"; dummy($a.$b);'],
+            ['$a = "pected"; dummy("ex".$a.".twig");'],
         ];
     }