2016-12-12 05:41:11 +01:00
|
|
|
<?php
|
2021-10-31 01:43:17 +02:00
|
|
|
|
2016-12-12 05:41:11 +01:00
|
|
|
namespace Psalm\Tests;
|
|
|
|
|
|
2021-10-31 01:43:17 +02:00
|
|
|
use Psalm\Config;
|
|
|
|
|
use Psalm\Context;
|
2021-12-03 20:29:06 +01:00
|
|
|
use Psalm\Exception\CodeException;
|
2021-12-03 20:11:20 +01:00
|
|
|
use Psalm\Internal\Analyzer\ProjectAnalyzer;
|
|
|
|
|
use Psalm\Internal\Provider\Providers;
|
2021-12-04 21:55:53 +01:00
|
|
|
use Psalm\Tests\Internal\Provider\FakeParserCacheProvider;
|
|
|
|
|
use Psalm\Tests\Traits\InvalidCodeAnalysisTestTrait;
|
|
|
|
|
use Psalm\Tests\Traits\ValidCodeAnalysisTestTrait;
|
2021-10-31 01:43:17 +02:00
|
|
|
|
|
|
|
|
use function dirname;
|
|
|
|
|
use function getcwd;
|
|
|
|
|
|
2017-04-25 05:45:02 +02:00
|
|
|
class ForbiddenCodeTest extends TestCase
|
2016-12-12 05:41:11 +01:00
|
|
|
{
|
2021-12-04 21:55:53 +01:00
|
|
|
use InvalidCodeAnalysisTestTrait;
|
|
|
|
|
use ValidCodeAnalysisTestTrait;
|
2016-12-12 05:41:11 +01:00
|
|
|
|
|
|
|
|
/**
|
2022-01-13 20:38:17 +01:00
|
|
|
* @return iterable<string,array{code:string,error_message:string,ignored_issues?:list<string>,php_version?:string}>
|
2016-12-12 05:41:11 +01:00
|
|
|
*/
|
2020-09-12 17:24:05 +02:00
|
|
|
public function providerInvalidCodeParse(): iterable
|
2016-12-12 05:41:11 +01:00
|
|
|
{
|
2017-04-25 05:45:02 +02:00
|
|
|
return [
|
|
|
|
|
'varDump' => [
|
2022-01-13 19:49:37 +01:00
|
|
|
'code' => '<?php
|
2017-04-25 05:45:02 +02:00
|
|
|
var_dump("hello");',
|
2017-05-27 02:05:57 +02:00
|
|
|
'error_message' => 'ForbiddenCode',
|
2017-04-25 05:45:02 +02:00
|
|
|
],
|
2019-04-13 17:20:02 +02:00
|
|
|
'varDumpCased' => [
|
2022-01-13 19:49:37 +01:00
|
|
|
'code' => '<?php
|
2019-04-13 17:20:02 +02:00
|
|
|
vAr_dUMp("hello");',
|
|
|
|
|
'error_message' => 'ForbiddenCode',
|
|
|
|
|
],
|
2017-04-25 05:45:02 +02:00
|
|
|
'execTicks' => [
|
2022-01-13 19:49:37 +01:00
|
|
|
'code' => '<?php
|
2017-04-25 05:45:02 +02:00
|
|
|
`rm -rf`;',
|
2017-05-27 02:05:57 +02:00
|
|
|
'error_message' => 'ForbiddenCode',
|
2017-04-25 05:45:02 +02:00
|
|
|
],
|
|
|
|
|
'exec' => [
|
2022-01-13 19:49:37 +01:00
|
|
|
'code' => '<?php
|
2017-04-25 05:45:02 +02:00
|
|
|
shell_exec("rm -rf");',
|
2017-05-27 02:05:57 +02:00
|
|
|
'error_message' => 'ForbiddenCode',
|
|
|
|
|
],
|
2019-04-13 17:20:02 +02:00
|
|
|
'execCased' => [
|
2022-01-13 19:49:37 +01:00
|
|
|
'code' => '<?php
|
2019-04-13 17:20:02 +02:00
|
|
|
sHeLl_EXeC("rm -rf");',
|
|
|
|
|
'error_message' => 'ForbiddenCode',
|
|
|
|
|
],
|
2017-04-25 05:45:02 +02:00
|
|
|
];
|
2016-12-12 05:41:11 +01:00
|
|
|
}
|
2018-03-13 04:48:10 +01:00
|
|
|
|
|
|
|
|
/**
|
2022-01-13 20:38:17 +01:00
|
|
|
* @return iterable<string,array{code:string,assertions?:array<string,string>,ignored_issues?:list<string>}>
|
2018-03-13 04:48:10 +01:00
|
|
|
*/
|
2020-09-12 17:24:05 +02:00
|
|
|
public function providerValidCodeParse(): iterable
|
2018-03-13 04:48:10 +01:00
|
|
|
{
|
|
|
|
|
return [
|
|
|
|
|
'execWithSuppression' => [
|
2022-01-13 19:49:37 +01:00
|
|
|
'code' => '<?php
|
2018-03-13 04:48:10 +01:00
|
|
|
@exec("pwd 2>&1", $output, $returnValue);
|
|
|
|
|
if ($returnValue === 0) {
|
|
|
|
|
echo "success";
|
|
|
|
|
}',
|
|
|
|
|
],
|
|
|
|
|
'execWithoutSuppression' => [
|
2022-01-13 19:49:37 +01:00
|
|
|
'code' => '<?php
|
2018-03-13 04:48:10 +01:00
|
|
|
exec("pwd 2>&1", $output, $returnValue);
|
|
|
|
|
if ($returnValue === 0) {
|
|
|
|
|
echo "success";
|
|
|
|
|
}',
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
2021-10-31 01:43:17 +02:00
|
|
|
|
|
|
|
|
public function testAllowedEchoFunction(): void
|
|
|
|
|
{
|
|
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm></psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
echo "hello";'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-18 18:25:18 +01:00
|
|
|
public function testForbiddenCodeFunctionViaFunctions(): void
|
2021-10-31 01:43:17 +02:00
|
|
|
{
|
|
|
|
|
$this->expectExceptionMessage('ForbiddenCode');
|
2021-12-03 20:29:06 +01:00
|
|
|
$this->expectException(CodeException::class);
|
2021-10-31 01:43:17 +02:00
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm>
|
|
|
|
|
<forbiddenFunctions>
|
|
|
|
|
<function name="echo" />
|
|
|
|
|
</forbiddenFunctions>
|
|
|
|
|
</psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
echo "hello";'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAllowedPrintFunction(): void
|
|
|
|
|
{
|
|
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm></psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
print "hello";'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testForbiddenPrintFunction(): void
|
|
|
|
|
{
|
|
|
|
|
$this->expectExceptionMessage('ForbiddenCode');
|
2021-12-03 20:29:06 +01:00
|
|
|
$this->expectException(CodeException::class);
|
2021-10-31 01:43:17 +02:00
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm>
|
|
|
|
|
<forbiddenFunctions>
|
|
|
|
|
<function name="print" />
|
|
|
|
|
</forbiddenFunctions>
|
|
|
|
|
</psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
print "hello";'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAllowedVarExportFunction(): void
|
|
|
|
|
{
|
|
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm></psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
$a = [1, 2, 3];
|
|
|
|
|
var_export($a);'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testForbiddenVarExportFunction(): void
|
|
|
|
|
{
|
|
|
|
|
$this->expectExceptionMessage('ForbiddenCode');
|
2021-12-03 20:29:06 +01:00
|
|
|
$this->expectException(CodeException::class);
|
2021-10-31 01:43:17 +02:00
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm>
|
|
|
|
|
<forbiddenFunctions>
|
|
|
|
|
<function name="var_export" />
|
|
|
|
|
</forbiddenFunctions>
|
|
|
|
|
</psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
$a = [1, 2, 3];
|
|
|
|
|
var_export($a);'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testForbiddenEmptyFunction(): void
|
|
|
|
|
{
|
|
|
|
|
$this->expectExceptionMessage('ForbiddenCode');
|
2021-12-03 20:29:06 +01:00
|
|
|
$this->expectException(CodeException::class);
|
2021-10-31 01:43:17 +02:00
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm>
|
|
|
|
|
<forbiddenFunctions>
|
|
|
|
|
<function name="empty" />
|
|
|
|
|
</forbiddenFunctions>
|
|
|
|
|
</psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
empty(false);'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-31 02:02:16 +02:00
|
|
|
public function testForbiddenExitFunction(): void
|
|
|
|
|
{
|
|
|
|
|
$this->expectExceptionMessage('ForbiddenCode');
|
2021-12-03 20:29:06 +01:00
|
|
|
$this->expectException(CodeException::class);
|
2021-10-31 02:02:16 +02:00
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm>
|
|
|
|
|
<forbiddenFunctions>
|
|
|
|
|
<function name="exit" />
|
|
|
|
|
</forbiddenFunctions>
|
|
|
|
|
</psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
exit(2);
|
|
|
|
|
'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testForbiddenDieFunction(): void
|
|
|
|
|
{
|
|
|
|
|
$this->expectExceptionMessage('ForbiddenCode');
|
2021-12-03 20:29:06 +01:00
|
|
|
$this->expectException(CodeException::class);
|
2021-10-31 02:02:16 +02:00
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm>
|
|
|
|
|
<forbiddenFunctions>
|
|
|
|
|
<function name="die" />
|
|
|
|
|
</forbiddenFunctions>
|
|
|
|
|
</psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
die(2);
|
|
|
|
|
'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-07 21:06:22 +01:00
|
|
|
public function testForbiddenEvalExpression(): void
|
|
|
|
|
{
|
|
|
|
|
$this->expectExceptionMessage('ForbiddenCode');
|
2021-12-03 20:29:06 +01:00
|
|
|
$this->expectException(CodeException::class);
|
2021-11-07 21:06:22 +01:00
|
|
|
$this->project_analyzer = $this->getProjectAnalyzerWithConfig(
|
|
|
|
|
TestConfig::loadFromXML(
|
|
|
|
|
dirname(__DIR__, 2),
|
|
|
|
|
'<?xml version="1.0"?>
|
|
|
|
|
<psalm>
|
|
|
|
|
<forbiddenFunctions>
|
|
|
|
|
<function name="eval" />
|
|
|
|
|
</forbiddenFunctions>
|
|
|
|
|
</psalm>'
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$file_path = getcwd() . '/src/somefile.php';
|
|
|
|
|
|
|
|
|
|
$this->addFile(
|
|
|
|
|
$file_path,
|
|
|
|
|
'<?php
|
|
|
|
|
eval("foo bar");
|
|
|
|
|
'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->analyzeFile($file_path, new Context());
|
|
|
|
|
}
|
2021-10-31 02:02:16 +02:00
|
|
|
|
2021-12-03 20:11:20 +01:00
|
|
|
private function getProjectAnalyzerWithConfig(Config $config): ProjectAnalyzer
|
2021-10-31 01:43:17 +02:00
|
|
|
{
|
2021-12-03 20:11:20 +01:00
|
|
|
$p = new ProjectAnalyzer(
|
2021-10-31 01:43:17 +02:00
|
|
|
$config,
|
2021-12-03 20:11:20 +01:00
|
|
|
new Providers(
|
2021-10-31 01:43:17 +02:00
|
|
|
$this->file_provider,
|
2021-12-04 21:55:53 +01:00
|
|
|
new FakeParserCacheProvider()
|
2021-10-31 01:43:17 +02:00
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
2021-11-27 01:06:33 +01:00
|
|
|
$p->setPhpVersion('7.4', 'tests');
|
2021-10-31 01:43:17 +02:00
|
|
|
|
|
|
|
|
return $p;
|
|
|
|
|
}
|
2016-12-12 05:41:11 +01:00
|
|
|
}
|
