1
0
mirror of https://github.com/danog/psalm.git synced 2025-01-09 14:38:37 +01:00
psalm/src/Psalm/Internal/Analyzer/Statements/Expression/IncludeAnalyzer.php

424 lines
15 KiB
PHP
Raw Normal View History

2018-01-14 18:09:40 +01:00
<?php
2018-11-06 03:57:36 +01:00
namespace Psalm\Internal\Analyzer\Statements\Expression;
2018-01-14 18:09:40 +01:00
use PhpParser;
use Psalm\CodeLocation;
use Psalm\Config;
use Psalm\Context;
use Psalm\Exception\FileIncludeException;
2021-12-03 20:29:06 +01:00
use Psalm\Exception\UnpreparedAnalysisException;
2021-12-03 20:11:20 +01:00
use Psalm\Internal\Analyzer\FileAnalyzer;
2021-06-08 04:55:21 +02:00
use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
use Psalm\Internal\Analyzer\StatementsAnalyzer;
use Psalm\Internal\Codebase\TaintFlowGraph;
use Psalm\Internal\DataFlow\TaintSink;
2021-12-03 20:11:20 +01:00
use Psalm\Internal\Provider\NodeDataProvider;
2018-01-14 18:09:40 +01:00
use Psalm\Issue\MissingFile;
use Psalm\Issue\UnresolvableInclude;
use Psalm\IssueBuffer;
use Psalm\Plugin\EventHandler\Event\AddRemoveTaintsEvent;
2021-12-03 20:11:20 +01:00
use Psalm\Type\TaintKind;
2021-06-08 04:55:21 +02:00
use function constant;
use function defined;
use function dirname;
2021-06-08 04:55:21 +02:00
use function explode;
use function file_exists;
use function get_include_path;
use function get_included_files;
use function implode;
2021-06-08 04:55:21 +02:00
use function in_array;
use function is_string;
use function preg_match;
use function preg_replace;
use function preg_split;
2021-06-08 04:55:21 +02:00
use function realpath;
use function str_repeat;
use function str_replace;
use function substr;
2021-06-08 04:55:21 +02:00
use const DIRECTORY_SEPARATOR;
use const PATH_SEPARATOR;
use const PHP_EOL;
2018-01-14 18:09:40 +01:00
/**
* @internal
*/
2018-11-06 03:57:36 +01:00
class IncludeAnalyzer
2018-01-14 18:09:40 +01:00
{
public static function analyze(
2018-11-11 18:01:14 +01:00
StatementsAnalyzer $statements_analyzer,
2018-01-14 18:09:40 +01:00
PhpParser\Node\Expr\Include_ $stmt,
Context $context,
?Context $global_context = null
): bool {
2018-11-11 18:01:14 +01:00
$codebase = $statements_analyzer->getCodebase();
2018-11-06 03:57:36 +01:00
$config = $codebase->config;
2018-01-14 18:09:40 +01:00
if (!$config->allow_includes) {
throw new FileIncludeException(
'File includes are not allowed per your Psalm config - check the allowFileIncludes flag.'
);
}
$was_inside_call = $context->inside_call;
$context->inside_call = true;
2018-11-11 18:01:14 +01:00
if (ExpressionAnalyzer::analyze($statements_analyzer, $stmt->expr, $context) === false) {
2018-01-14 18:09:40 +01:00
return false;
}
if (!$was_inside_call) {
$context->inside_call = false;
}
2020-06-19 00:48:19 +02:00
$stmt_expr_type = $statements_analyzer->node_data->getType($stmt->expr);
if ($stmt->expr instanceof PhpParser\Node\Scalar\String_
2020-06-19 00:48:19 +02:00
|| ($stmt_expr_type && $stmt_expr_type->isSingleStringLiteral())
) {
if ($stmt->expr instanceof PhpParser\Node\Scalar\String_) {
$path_to_file = $stmt->expr->value;
} else {
$path_to_file = $stmt_expr_type->getSingleStringLiteral()->value;
}
$path_to_file = str_replace('/', DIRECTORY_SEPARATOR, $path_to_file);
2018-01-14 18:09:40 +01:00
// attempts to resolve using get_include_path dirs
$include_path = self::resolveIncludePath($path_to_file, dirname($statements_analyzer->getFilePath()));
2021-09-26 21:49:00 +02:00
$path_to_file = $include_path ?: $path_to_file;
2018-01-14 18:09:40 +01:00
if (DIRECTORY_SEPARATOR === '/') {
$is_path_relative = $path_to_file[0] !== DIRECTORY_SEPARATOR;
} else {
$is_path_relative = !preg_match('~^[A-Z]:\\\\~i', $path_to_file);
}
if ($is_path_relative) {
$path_to_file = $config->base_dir . DIRECTORY_SEPARATOR . $path_to_file;
2018-01-14 18:09:40 +01:00
}
} else {
$path_to_file = self::getPathTo(
$stmt->expr,
$statements_analyzer->node_data,
2020-05-23 05:53:37 +02:00
$statements_analyzer,
$statements_analyzer->getFileName(),
$config
);
2018-01-14 18:09:40 +01:00
}
2020-06-19 00:48:19 +02:00
if ($stmt_expr_type
&& $statements_analyzer->data_flow_graph instanceof TaintFlowGraph
2020-06-19 00:48:19 +02:00
&& $stmt_expr_type->parent_nodes
2021-12-03 21:07:25 +01:00
&& !in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
2020-06-19 00:48:19 +02:00
) {
$arg_location = new CodeLocation($statements_analyzer->getSource(), $stmt->expr);
$include_param_sink = TaintSink::getForMethodArgument(
2020-06-19 00:48:19 +02:00
'include',
'include',
0,
$arg_location,
2020-06-19 00:48:19 +02:00
$arg_location
);
2021-12-03 20:11:20 +01:00
$include_param_sink->taints = [TaintKind::INPUT_INCLUDE];
2020-06-19 00:48:19 +02:00
$statements_analyzer->data_flow_graph->addSink($include_param_sink);
2020-06-19 00:48:19 +02:00
$codebase = $statements_analyzer->getCodebase();
$event = new AddRemoveTaintsEvent($stmt, $context, $statements_analyzer, $codebase);
$added_taints = $codebase->config->eventDispatcher->dispatchAddTaints($event);
$removed_taints = $codebase->config->eventDispatcher->dispatchRemoveTaints($event);
2020-06-19 00:48:19 +02:00
foreach ($stmt_expr_type->parent_nodes as $parent_node) {
$statements_analyzer->data_flow_graph->addPath(
$parent_node,
$include_param_sink,
'arg',
$added_taints,
$removed_taints
);
2020-06-19 00:48:19 +02:00
}
}
2018-01-14 18:09:40 +01:00
if ($path_to_file) {
$path_to_file = self::normalizeFilePath($path_to_file);
2018-01-14 18:09:40 +01:00
// if the file is already included, we can't check much more
if (in_array(realpath($path_to_file), get_included_files(), true)) {
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
2018-11-11 18:01:14 +01:00
$current_file_analyzer = $statements_analyzer->getFileAnalyzer();
2018-01-14 18:09:40 +01:00
2018-11-11 18:01:14 +01:00
if ($current_file_analyzer->project_analyzer->fileExists($path_to_file)) {
if ($statements_analyzer->hasParentFilePath($path_to_file)
|| !$codebase->file_storage_provider->has($path_to_file)
2018-11-11 18:01:14 +01:00
|| ($statements_analyzer->hasAlreadyRequiredFilePath($path_to_file)
&& !$codebase->file_storage_provider->get($path_to_file)->has_extra_statements)
) {
2020-05-18 21:13:27 +02:00
return true;
}
if ($config->mustBeIgnored($path_to_file)) {
return true;
}
2018-11-11 18:01:14 +01:00
$current_file_analyzer->addRequiredFilePath($path_to_file);
$file_name = $config->shortenFileName($path_to_file);
$nesting = $statements_analyzer->getRequireNesting() + 1;
$current_file_analyzer->project_analyzer->progress->debug(
str_repeat(' ', $nesting) . 'checking ' . $file_name . PHP_EOL
);
2021-12-03 20:11:20 +01:00
$include_file_analyzer = new FileAnalyzer(
2018-11-11 18:01:14 +01:00
$current_file_analyzer->project_analyzer,
$path_to_file,
$file_name
);
2018-11-11 18:01:14 +01:00
$include_file_analyzer->setRootFilePath(
$current_file_analyzer->getRootFilePath(),
$current_file_analyzer->getRootFileName()
);
2018-11-11 18:01:14 +01:00
$include_file_analyzer->addParentFilePath($current_file_analyzer->getFilePath());
$include_file_analyzer->addRequiredFilePath($current_file_analyzer->getFilePath());
2018-11-11 18:01:14 +01:00
foreach ($current_file_analyzer->getRequiredFilePaths() as $required_file_path) {
$include_file_analyzer->addRequiredFilePath($required_file_path);
}
2018-11-11 18:01:14 +01:00
foreach ($current_file_analyzer->getParentFilePaths() as $parent_file_path) {
$include_file_analyzer->addParentFilePath($parent_file_path);
}
try {
2018-11-11 18:01:14 +01:00
$include_file_analyzer->analyze(
$context,
$global_context
);
2021-12-03 20:29:06 +01:00
} catch (UnpreparedAnalysisException $e) {
if ($config->skip_checks_on_unresolvable_includes) {
$context->check_classes = false;
$context->check_variables = false;
$context->check_functions = false;
}
}
2020-06-13 21:48:12 +02:00
$included_return_type = $include_file_analyzer->getReturnType();
if ($included_return_type) {
$statements_analyzer->node_data->setType($stmt, $included_return_type);
}
2020-03-17 14:19:39 +01:00
$context->has_returned = false;
2018-11-11 18:01:14 +01:00
foreach ($include_file_analyzer->getRequiredFilePaths() as $required_file_path) {
$current_file_analyzer->addRequiredFilePath($required_file_path);
2018-01-14 18:09:40 +01:00
}
2019-08-02 07:55:24 +02:00
$include_file_analyzer->clearSourceBeforeDestruction();
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
2018-11-11 18:01:14 +01:00
$source = $statements_analyzer->getSource();
2018-01-14 18:09:40 +01:00
IssueBuffer::maybeAdd(
2018-01-14 18:09:40 +01:00
new MissingFile(
'Cannot find file ' . $path_to_file . ' to include',
new CodeLocation($source, $stmt)
),
$source->getSuppressedIssues()
);
2018-01-14 18:09:40 +01:00
} else {
2020-05-18 21:13:27 +02:00
$var_id = ExpressionIdentifier::getArrayVarId($stmt->expr, null);
if (!$var_id || !isset($context->phantom_files[$var_id])) {
2018-11-11 18:01:14 +01:00
$source = $statements_analyzer->getSource();
IssueBuffer::maybeAdd(
new UnresolvableInclude(
'Cannot resolve the given expression to a file path',
new CodeLocation($source, $stmt)
),
$source->getSuppressedIssues()
);
2018-01-14 18:09:40 +01:00
}
}
if ($config->skip_checks_on_unresolvable_includes) {
$context->check_classes = false;
$context->check_variables = false;
$context->check_functions = false;
}
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
/**
* @psalm-suppress MixedAssignment
*/
public static function getPathTo(
PhpParser\Node\Expr $stmt,
2021-12-03 20:11:20 +01:00
?NodeDataProvider $type_provider,
2020-05-23 05:53:37 +02:00
?StatementsAnalyzer $statements_analyzer,
string $file_name,
Config $config
): ?string {
if (DIRECTORY_SEPARATOR === '/') {
$is_path_relative = $file_name[0] !== DIRECTORY_SEPARATOR;
} else {
$is_path_relative = !preg_match('~^[A-Z]:\\\\~i', $file_name);
}
if ($is_path_relative) {
$file_name = $config->base_dir . DIRECTORY_SEPARATOR . $file_name;
2018-01-14 18:09:40 +01:00
}
if ($stmt instanceof PhpParser\Node\Scalar\String_) {
2018-11-18 23:06:11 +01:00
if (DIRECTORY_SEPARATOR !== '/') {
return str_replace('/', DIRECTORY_SEPARATOR, $stmt->value);
}
2018-01-14 18:09:40 +01:00
return $stmt->value;
}
2020-05-23 05:53:37 +02:00
$stmt_type = $type_provider ? $type_provider->getType($stmt) : null;
if ($stmt_type && $stmt_type->isSingleStringLiteral()) {
2018-11-18 23:06:11 +01:00
if (DIRECTORY_SEPARATOR !== '/') {
return str_replace(
'/',
DIRECTORY_SEPARATOR,
$stmt_type->getSingleStringLiteral()->value
2018-11-18 23:06:11 +01:00
);
}
return $stmt_type->getSingleStringLiteral()->value;
}
2018-10-01 19:50:55 +02:00
if ($stmt instanceof PhpParser\Node\Expr\ArrayDimFetch) {
if ($stmt->var instanceof PhpParser\Node\Expr\Variable
&& $stmt->var->name === 'GLOBALS'
&& $stmt->dim instanceof PhpParser\Node\Scalar\String_
) {
2018-10-01 21:14:39 +02:00
if (isset($GLOBALS[$stmt->dim->value]) && is_string($GLOBALS[$stmt->dim->value])) {
/** @var string */
2018-10-01 19:50:55 +02:00
return $GLOBALS[$stmt->dim->value];
}
}
} elseif ($stmt instanceof PhpParser\Node\Expr\BinaryOp\Concat) {
2020-05-23 05:53:37 +02:00
$left_string = self::getPathTo($stmt->left, $type_provider, $statements_analyzer, $file_name, $config);
$right_string = self::getPathTo($stmt->right, $type_provider, $statements_analyzer, $file_name, $config);
2018-01-14 18:09:40 +01:00
if ($left_string && $right_string) {
return $left_string . $right_string;
}
} elseif ($stmt instanceof PhpParser\Node\Expr\FuncCall &&
$stmt->name instanceof PhpParser\Node\Name &&
$stmt->name->parts === ['dirname']
) {
2021-10-09 23:37:04 +02:00
if ($stmt->getArgs()) {
$dir_level = 1;
2021-10-09 23:37:04 +02:00
if (isset($stmt->getArgs()[1])) {
if ($stmt->getArgs()[1]->value instanceof PhpParser\Node\Scalar\LNumber) {
$dir_level = $stmt->getArgs()[1]->value->value;
} else {
return null;
}
}
2020-05-23 05:53:37 +02:00
$evaled_path = self::getPathTo(
2021-10-09 23:37:04 +02:00
$stmt->getArgs()[0]->value,
2020-05-23 05:53:37 +02:00
$type_provider,
$statements_analyzer,
$file_name,
$config
);
2018-01-14 18:09:40 +01:00
if (!$evaled_path) {
return null;
}
return dirname($evaled_path, $dir_level);
2018-01-14 18:09:40 +01:00
}
} elseif ($stmt instanceof PhpParser\Node\Expr\ConstFetch) {
2018-01-14 18:09:40 +01:00
$const_name = implode('', $stmt->name->parts);
if (defined($const_name)) {
$constant_value = constant($const_name);
if (is_string($constant_value)) {
return $constant_value;
}
}
} elseif ($stmt instanceof PhpParser\Node\Scalar\MagicConst\Dir) {
return dirname($file_name);
} elseif ($stmt instanceof PhpParser\Node\Scalar\MagicConst\File) {
return $file_name;
}
return null;
}
public static function resolveIncludePath(string $file_name, string $current_directory): ?string
2018-01-14 18:09:40 +01:00
{
if (!$current_directory) {
return $file_name;
}
$paths = PATH_SEPARATOR === ':'
2018-01-14 18:09:40 +01:00
? preg_split('#(?<!phar):#', get_include_path())
: explode(PATH_SEPARATOR, get_include_path());
foreach ($paths as $prefix) {
$ds = substr($prefix, -1) === DIRECTORY_SEPARATOR ? '' : DIRECTORY_SEPARATOR;
2018-01-14 18:09:40 +01:00
if ($prefix === '.') {
$prefix = $current_directory;
}
$file = $prefix . $ds . $file_name;
if (file_exists($file)) {
return $file;
}
}
return null;
}
2020-08-23 19:52:31 +02:00
/**
* @psalm-pure
*/
public static function normalizeFilePath(string $path_to_file): string
{
// replace all \ with / for normalization
$path_to_file = str_replace('\\', '/', $path_to_file);
$path_to_file = str_replace('/./', '/', $path_to_file);
// first remove unnecessary / duplicates
$path_to_file = preg_replace('/\/[\/]+/', '/', $path_to_file);
$reduce_pattern = '/\/[^\/]+\/\.\.\//';
while (preg_match($reduce_pattern, $path_to_file)) {
2019-07-21 17:03:02 +02:00
$path_to_file = preg_replace($reduce_pattern, '/', $path_to_file, 1);
}
if (DIRECTORY_SEPARATOR !== '/') {
$path_to_file = str_replace('/', DIRECTORY_SEPARATOR, $path_to_file);
}
return $path_to_file;
}
2018-01-14 18:09:40 +01:00
}