1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-14 18:36:58 +01:00
psalm/tests/ForbiddenCodeTest.php

351 lines
9.5 KiB
PHP
Raw Normal View History

2016-12-12 05:41:11 +01:00
<?php
2016-12-12 05:41:11 +01:00
namespace Psalm\Tests;
use Psalm\Config;
use Psalm\Context;
2021-12-03 20:29:06 +01:00
use Psalm\Exception\CodeException;
2021-12-03 20:11:20 +01:00
use Psalm\Internal\Analyzer\ProjectAnalyzer;
use Psalm\Internal\Provider\Providers;
2021-12-04 21:55:53 +01:00
use Psalm\Tests\Internal\Provider\FakeParserCacheProvider;
use Psalm\Tests\Traits\InvalidCodeAnalysisTestTrait;
use Psalm\Tests\Traits\ValidCodeAnalysisTestTrait;
use function dirname;
use function getcwd;
class ForbiddenCodeTest extends TestCase
2016-12-12 05:41:11 +01:00
{
2021-12-04 21:55:53 +01:00
use InvalidCodeAnalysisTestTrait;
use ValidCodeAnalysisTestTrait;
2016-12-12 05:41:11 +01:00
/**
Add support for strict arrays, fix type alias intersection, fix array_is_list assertion on non-lists (#8395) * Immutable CodeLocation * Remove excess clones * Remove external clones * Remove leftover clones * Fix final clone issue * Immutable storages * Refactoring * Fixes * Fixes * Fix * Fix * Fixes * Simplify * Fixes * Fix * Fixes * Update * Fix * Cache global types * Fix * Update * Update * Fixes * Fixes * Refactor * Fixes * Fix * Fix * More caching * Fix * Fix * Update * Update * Fix * Fixes * Update * Refactor * Update * Fixes * Break one more test * Fix * FIx * Fix * Fix * Fix * Fix * Improve performance and readability * Equivalent logic * Fixes * Revert * Revert "Revert" This reverts commit f9175100c8452c80559234200663fd4c4f4dd889. * Fix * Fix reference bug * Make default TypeVisitor immutable * Bugfix * Remove clones * Partial refactoring * Refactoring * Fixes * Fix * Fixes * Fixes * cs-fix * Fix final bugs * Add test * Misc fixes * Update * Fixes * Experiment with removing different property * revert "Experiment with removing different property" This reverts commit ac1156e077fc4ea633530d51096d27b6e88bfdf9. * Uniform naming * Uniform naming * Hack hotfix * Clean up $_FILES ref #8621 * Undo hack, try fixing properly * Helper method * Remove redundant call * Partially fix bugs * Cleanup * Change defaults * Fix bug * Fix (?, hope this doesn't break anything else) * cs-fix * Review fixes * Bugfix * Bugfix * Improve logic * Add support for list{} and callable-list{} types, properly implement array_is_list assertions (fixes #8389) * Default to sealed arrays * Fix array_merge bug * Fixes * Fix * Sealed type checks * Properly infer properties-of and get_object_vars on final classes * Fix array_map zipping * Fix tests * Fixes * Fixes * Fix more stuff * Recursively resolve type aliases * Fix typo * Fixes * Fix array_is_list assertion on keyed array * Add BC docs * Fixes * fix * Update * Update * Update * Update * Seal arrays with count assertions * Fix #8528 * Fix * Update * Improve sealed array foreach logic * get_object_vars on template properties * Fix sealed array assertion reconciler logic * Improved reconciler * Add tests * Single source of truth for test types * Fix tests * Fixup tests * Fixup tests * Fixup tests * Update * Fix tests * Fix tests * Final fixes * Fixes * Use list syntax only when needed * Fix tests * Cs-fix * Update docs * Update docs * Update docs * Update docs * Update docs * Document missing types * Update docs * Improve class-string-map docs * Update * Update * I love working on psalm :) * Keep arrays unsealed by default * Fixup tests * Fix syntax mistake * cs-fix * Fix typo * Re-import missing types * Keep strict types only in return types * argc/argv fixes * argc/argv fixes * Fix test * Comment-out valinor code, pinging @romm pls merge https://github.com/CuyZ/Valinor/pull/246 so we can add valinor to the psalm docs :)
2022-11-05 22:34:42 +01:00
*
2016-12-12 05:41:11 +01:00
*/
public function providerInvalidCodeParse(): iterable
2016-12-12 05:41:11 +01:00
{
return [
'varDump' => [
'code' => '<?php
var_dump("hello");',
2017-05-27 02:05:57 +02:00
'error_message' => 'ForbiddenCode',
],
'varDumpCased' => [
'code' => '<?php
vAr_dUMp("hello");',
'error_message' => 'ForbiddenCode',
],
'execTicks' => [
'code' => '<?php
`rm -rf`;',
2017-05-27 02:05:57 +02:00
'error_message' => 'ForbiddenCode',
],
'exec' => [
'code' => '<?php
shell_exec("rm -rf");',
2017-05-27 02:05:57 +02:00
'error_message' => 'ForbiddenCode',
],
'execCased' => [
'code' => '<?php
sHeLl_EXeC("rm -rf");',
'error_message' => 'ForbiddenCode',
],
];
2016-12-12 05:41:11 +01:00
}
/**
Add support for strict arrays, fix type alias intersection, fix array_is_list assertion on non-lists (#8395) * Immutable CodeLocation * Remove excess clones * Remove external clones * Remove leftover clones * Fix final clone issue * Immutable storages * Refactoring * Fixes * Fixes * Fix * Fix * Fixes * Simplify * Fixes * Fix * Fixes * Update * Fix * Cache global types * Fix * Update * Update * Fixes * Fixes * Refactor * Fixes * Fix * Fix * More caching * Fix * Fix * Update * Update * Fix * Fixes * Update * Refactor * Update * Fixes * Break one more test * Fix * FIx * Fix * Fix * Fix * Fix * Improve performance and readability * Equivalent logic * Fixes * Revert * Revert "Revert" This reverts commit f9175100c8452c80559234200663fd4c4f4dd889. * Fix * Fix reference bug * Make default TypeVisitor immutable * Bugfix * Remove clones * Partial refactoring * Refactoring * Fixes * Fix * Fixes * Fixes * cs-fix * Fix final bugs * Add test * Misc fixes * Update * Fixes * Experiment with removing different property * revert "Experiment with removing different property" This reverts commit ac1156e077fc4ea633530d51096d27b6e88bfdf9. * Uniform naming * Uniform naming * Hack hotfix * Clean up $_FILES ref #8621 * Undo hack, try fixing properly * Helper method * Remove redundant call * Partially fix bugs * Cleanup * Change defaults * Fix bug * Fix (?, hope this doesn't break anything else) * cs-fix * Review fixes * Bugfix * Bugfix * Improve logic * Add support for list{} and callable-list{} types, properly implement array_is_list assertions (fixes #8389) * Default to sealed arrays * Fix array_merge bug * Fixes * Fix * Sealed type checks * Properly infer properties-of and get_object_vars on final classes * Fix array_map zipping * Fix tests * Fixes * Fixes * Fix more stuff * Recursively resolve type aliases * Fix typo * Fixes * Fix array_is_list assertion on keyed array * Add BC docs * Fixes * fix * Update * Update * Update * Update * Seal arrays with count assertions * Fix #8528 * Fix * Update * Improve sealed array foreach logic * get_object_vars on template properties * Fix sealed array assertion reconciler logic * Improved reconciler * Add tests * Single source of truth for test types * Fix tests * Fixup tests * Fixup tests * Fixup tests * Update * Fix tests * Fix tests * Final fixes * Fixes * Use list syntax only when needed * Fix tests * Cs-fix * Update docs * Update docs * Update docs * Update docs * Update docs * Document missing types * Update docs * Improve class-string-map docs * Update * Update * I love working on psalm :) * Keep arrays unsealed by default * Fixup tests * Fix syntax mistake * cs-fix * Fix typo * Re-import missing types * Keep strict types only in return types * argc/argv fixes * argc/argv fixes * Fix test * Comment-out valinor code, pinging @romm pls merge https://github.com/CuyZ/Valinor/pull/246 so we can add valinor to the psalm docs :)
2022-11-05 22:34:42 +01:00
*
*/
public function providerValidCodeParse(): iterable
{
return [
'execWithSuppression' => [
'code' => '<?php
@exec("pwd 2>&1", $output, $returnValue);
if ($returnValue === 0) {
echo "success";
}',
],
'execWithoutSuppression' => [
'code' => '<?php
exec("pwd 2>&1", $output, $returnValue);
if ($returnValue === 0) {
echo "success";
}',
],
];
}
public function testAllowedEchoFunction(): void
{
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm></psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
echo "hello";'
);
$this->analyzeFile($file_path, new Context());
}
2022-01-18 18:25:18 +01:00
public function testForbiddenCodeFunctionViaFunctions(): void
{
$this->expectExceptionMessage('ForbiddenCode');
2021-12-03 20:29:06 +01:00
$this->expectException(CodeException::class);
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm>
<forbiddenFunctions>
<function name="echo" />
</forbiddenFunctions>
</psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
echo "hello";'
);
$this->analyzeFile($file_path, new Context());
}
public function testAllowedPrintFunction(): void
{
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm></psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
print "hello";'
);
$this->analyzeFile($file_path, new Context());
}
public function testForbiddenPrintFunction(): void
{
$this->expectExceptionMessage('ForbiddenCode');
2021-12-03 20:29:06 +01:00
$this->expectException(CodeException::class);
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm>
<forbiddenFunctions>
<function name="print" />
</forbiddenFunctions>
</psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
print "hello";'
);
$this->analyzeFile($file_path, new Context());
}
public function testAllowedVarExportFunction(): void
{
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm></psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
$a = [1, 2, 3];
var_export($a);'
);
$this->analyzeFile($file_path, new Context());
}
public function testForbiddenVarExportFunction(): void
{
$this->expectExceptionMessage('ForbiddenCode');
2021-12-03 20:29:06 +01:00
$this->expectException(CodeException::class);
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm>
<forbiddenFunctions>
<function name="var_export" />
</forbiddenFunctions>
</psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
$a = [1, 2, 3];
var_export($a);'
);
$this->analyzeFile($file_path, new Context());
}
public function testForbiddenEmptyFunction(): void
{
$this->expectExceptionMessage('ForbiddenCode');
2021-12-03 20:29:06 +01:00
$this->expectException(CodeException::class);
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm>
<forbiddenFunctions>
<function name="empty" />
</forbiddenFunctions>
</psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
empty(false);'
);
$this->analyzeFile($file_path, new Context());
}
2021-10-31 02:02:16 +02:00
public function testForbiddenExitFunction(): void
{
$this->expectExceptionMessage('ForbiddenCode');
2021-12-03 20:29:06 +01:00
$this->expectException(CodeException::class);
2021-10-31 02:02:16 +02:00
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm>
<forbiddenFunctions>
<function name="exit" />
</forbiddenFunctions>
</psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
exit(2);
'
);
$this->analyzeFile($file_path, new Context());
}
public function testForbiddenDieFunction(): void
{
$this->expectExceptionMessage('ForbiddenCode');
2021-12-03 20:29:06 +01:00
$this->expectException(CodeException::class);
2021-10-31 02:02:16 +02:00
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm>
<forbiddenFunctions>
<function name="die" />
</forbiddenFunctions>
</psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
die(2);
'
);
$this->analyzeFile($file_path, new Context());
}
public function testForbiddenEvalExpression(): void
{
$this->expectExceptionMessage('ForbiddenCode');
2021-12-03 20:29:06 +01:00
$this->expectException(CodeException::class);
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
TestConfig::loadFromXML(
dirname(__DIR__, 2),
'<?xml version="1.0"?>
<psalm>
<forbiddenFunctions>
<function name="eval" />
</forbiddenFunctions>
</psalm>'
)
);
$file_path = getcwd() . '/src/somefile.php';
$this->addFile(
$file_path,
'<?php
eval("foo bar");
'
);
$this->analyzeFile($file_path, new Context());
}
2021-10-31 02:02:16 +02:00
2021-12-03 20:11:20 +01:00
private function getProjectAnalyzerWithConfig(Config $config): ProjectAnalyzer
{
2021-12-03 20:11:20 +01:00
$p = new ProjectAnalyzer(
$config,
2021-12-03 20:11:20 +01:00
new Providers(
$this->file_provider,
2021-12-04 21:55:53 +01:00
new FakeParserCacheProvider()
)
);
$p->setPhpVersion('7.4', 'tests');
return $p;
}
2016-12-12 05:41:11 +01:00
}