2020-05-18 21:13:27 +02:00
|
|
|
<?php
|
2021-12-15 04:58:32 +01:00
|
|
|
|
2020-05-18 21:13:27 +02:00
|
|
|
namespace Psalm\Internal\Analyzer\Statements\Expression;
|
|
|
|
|
|
|
|
use PhpParser;
|
2022-06-25 00:24:34 +02:00
|
|
|
use PhpParser\Node\Scalar\EncapsedStringPart;
|
2021-06-08 04:55:21 +02:00
|
|
|
use Psalm\CodeLocation;
|
|
|
|
use Psalm\Context;
|
2020-05-18 21:13:27 +02:00
|
|
|
use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
|
|
|
|
use Psalm\Internal\Analyzer\StatementsAnalyzer;
|
2020-10-13 22:49:03 +02:00
|
|
|
use Psalm\Internal\DataFlow\DataFlowNode;
|
2021-03-20 03:41:41 +01:00
|
|
|
use Psalm\Plugin\EventHandler\Event\AddRemoveTaintsEvent;
|
2020-05-18 21:13:27 +02:00
|
|
|
use Psalm\Type;
|
2022-06-25 02:22:59 +02:00
|
|
|
use Psalm\Type\Atomic\TLiteralFloat;
|
|
|
|
use Psalm\Type\Atomic\TLiteralInt;
|
|
|
|
use Psalm\Type\Atomic\TLiteralString;
|
2021-12-13 04:45:57 +01:00
|
|
|
use Psalm\Type\Atomic\TNonEmptyNonspecificLiteralString;
|
|
|
|
use Psalm\Type\Atomic\TNonEmptyString;
|
2022-06-25 02:22:59 +02:00
|
|
|
use Psalm\Type\Atomic\TNonspecificLiteralInt;
|
2022-06-25 03:28:04 +02:00
|
|
|
use Psalm\Type\Atomic\TNonspecificLiteralString;
|
2021-12-13 16:28:14 +01:00
|
|
|
use Psalm\Type\Union;
|
2020-05-18 21:13:27 +02:00
|
|
|
|
2022-06-25 04:03:33 +02:00
|
|
|
use function assert;
|
2021-12-03 21:07:25 +01:00
|
|
|
use function in_array;
|
|
|
|
|
2022-01-03 07:55:32 +01:00
|
|
|
/**
|
|
|
|
* @internal
|
|
|
|
*/
|
2020-05-18 21:13:27 +02:00
|
|
|
class EncapsulatedStringAnalyzer
|
|
|
|
{
|
|
|
|
public static function analyze(
|
|
|
|
StatementsAnalyzer $statements_analyzer,
|
|
|
|
PhpParser\Node\Scalar\Encapsed $stmt,
|
|
|
|
Context $context
|
2021-12-05 18:51:26 +01:00
|
|
|
): bool {
|
2020-06-23 22:38:59 +02:00
|
|
|
$stmt_type = Type::getString();
|
|
|
|
|
2020-11-11 06:38:26 +01:00
|
|
|
$non_empty = false;
|
|
|
|
|
2021-06-14 21:30:25 +02:00
|
|
|
$all_literals = true;
|
|
|
|
|
2022-06-25 00:24:34 +02:00
|
|
|
$literal_string = "";
|
2020-11-11 06:38:26 +01:00
|
|
|
|
2020-05-18 21:13:27 +02:00
|
|
|
foreach ($stmt->parts as $part) {
|
|
|
|
if (ExpressionAnalyzer::analyze($statements_analyzer, $part, $context) === false) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2020-06-23 22:38:59 +02:00
|
|
|
$part_type = $statements_analyzer->node_data->getType($part);
|
|
|
|
|
2022-06-25 00:24:34 +02:00
|
|
|
if ($part_type !== null) {
|
2020-06-29 19:21:33 +02:00
|
|
|
$casted_part_type = CastAnalyzer::castStringAttempt(
|
|
|
|
$statements_analyzer,
|
|
|
|
$context,
|
|
|
|
$part_type,
|
|
|
|
$part
|
|
|
|
);
|
2020-06-23 22:38:59 +02:00
|
|
|
|
2021-06-14 21:30:25 +02:00
|
|
|
if (!$casted_part_type->allLiterals()) {
|
|
|
|
$all_literals = false;
|
2022-06-25 02:22:59 +02:00
|
|
|
} elseif (!$non_empty) {
|
|
|
|
// Check if all literals are nonempty
|
2022-06-25 03:28:04 +02:00
|
|
|
$non_empty = true;
|
2022-06-25 02:22:59 +02:00
|
|
|
foreach ($casted_part_type->getAtomicTypes() as $atomic_literal) {
|
2022-06-25 03:28:04 +02:00
|
|
|
if (!$atomic_literal instanceof TLiteralInt
|
|
|
|
&& !$atomic_literal instanceof TNonspecificLiteralInt
|
|
|
|
&& !$atomic_literal instanceof TLiteralFloat
|
|
|
|
&& !$atomic_literal instanceof TNonEmptyNonspecificLiteralString
|
|
|
|
&& !($atomic_literal instanceof TLiteralString && $atomic_literal->value !== "")
|
|
|
|
) {
|
|
|
|
$non_empty = false;
|
|
|
|
break;
|
|
|
|
}
|
2022-06-25 02:22:59 +02:00
|
|
|
}
|
2021-06-14 21:30:25 +02:00
|
|
|
}
|
|
|
|
|
2022-06-25 00:24:34 +02:00
|
|
|
if ($literal_string !== null) {
|
|
|
|
if ($casted_part_type->isSingleLiteral()) {
|
2022-06-25 02:22:59 +02:00
|
|
|
$literal_string .= $casted_part_type->getSingleLiteral()->value;
|
2022-06-25 00:24:34 +02:00
|
|
|
} else {
|
|
|
|
$literal_string = null;
|
|
|
|
}
|
2021-06-14 21:30:25 +02:00
|
|
|
}
|
|
|
|
|
2020-10-13 23:28:12 +02:00
|
|
|
if ($statements_analyzer->data_flow_graph
|
2021-12-03 21:07:25 +01:00
|
|
|
&& !in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
|
2020-06-23 22:38:59 +02:00
|
|
|
) {
|
|
|
|
$var_location = new CodeLocation($statements_analyzer, $part);
|
|
|
|
|
2020-10-13 22:49:03 +02:00
|
|
|
$new_parent_node = DataFlowNode::getForAssignment('concat', $var_location);
|
2020-10-13 23:28:12 +02:00
|
|
|
$statements_analyzer->data_flow_graph->addNode($new_parent_node);
|
2020-06-23 22:38:59 +02:00
|
|
|
|
2020-09-28 06:45:02 +02:00
|
|
|
$stmt_type->parent_nodes[$new_parent_node->id] = $new_parent_node;
|
2020-06-23 22:38:59 +02:00
|
|
|
|
2021-03-20 03:41:41 +01:00
|
|
|
$codebase = $statements_analyzer->getCodebase();
|
|
|
|
$event = new AddRemoveTaintsEvent($stmt, $context, $statements_analyzer, $codebase);
|
|
|
|
|
|
|
|
$added_taints = $codebase->config->eventDispatcher->dispatchAddTaints($event);
|
|
|
|
$removed_taints = $codebase->config->eventDispatcher->dispatchRemoveTaints($event);
|
|
|
|
|
2020-06-29 15:13:19 +02:00
|
|
|
if ($casted_part_type->parent_nodes) {
|
|
|
|
foreach ($casted_part_type->parent_nodes as $parent_node) {
|
2021-03-20 03:41:41 +01:00
|
|
|
$statements_analyzer->data_flow_graph->addPath(
|
|
|
|
$parent_node,
|
|
|
|
$new_parent_node,
|
|
|
|
'concat',
|
|
|
|
$added_taints,
|
|
|
|
$removed_taints
|
|
|
|
);
|
2020-06-23 22:38:59 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2022-06-25 00:24:34 +02:00
|
|
|
} elseif ($part instanceof EncapsedStringPart) {
|
|
|
|
if ($literal_string !== null) {
|
|
|
|
$literal_string .= $part->value;
|
|
|
|
}
|
2022-06-25 02:22:59 +02:00
|
|
|
$non_empty = $non_empty || $part->value !== "";
|
2022-06-25 00:24:34 +02:00
|
|
|
} else {
|
|
|
|
$all_literals = false;
|
|
|
|
$literal_string = null;
|
2020-05-18 21:13:27 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-11 06:38:26 +01:00
|
|
|
if ($non_empty) {
|
2022-06-25 00:24:34 +02:00
|
|
|
if ($literal_string !== null) {
|
|
|
|
$new_type = Type::getString($literal_string);
|
|
|
|
} elseif ($all_literals) {
|
2021-12-13 16:28:14 +01:00
|
|
|
$new_type = new Union([new TNonEmptyNonspecificLiteralString()]);
|
2021-06-14 21:30:25 +02:00
|
|
|
} else {
|
2021-12-13 16:28:14 +01:00
|
|
|
$new_type = new Union([new TNonEmptyString()]);
|
2021-06-14 21:30:25 +02:00
|
|
|
}
|
2022-06-25 03:28:04 +02:00
|
|
|
} elseif ($all_literals) {
|
|
|
|
$new_type = new Union([new TNonspecificLiteralString()]);
|
|
|
|
}
|
|
|
|
if (isset($new_type)) {
|
|
|
|
assert($new_type instanceof Union);
|
2020-11-11 06:38:26 +01:00
|
|
|
$new_type->parent_nodes = $stmt_type->parent_nodes;
|
|
|
|
$stmt_type = $new_type;
|
|
|
|
}
|
|
|
|
|
2020-06-23 22:38:59 +02:00
|
|
|
$statements_analyzer->node_data->setType($stmt, $stmt_type);
|
2020-05-18 21:13:27 +02:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|