psalm/tests/ForbiddenCodeTest.php

<?php

namespace Psalm\Tests;

use Psalm\Config;
use Psalm\Context;
use Psalm\Tests\Internal\Provider;

use function dirname;
use function getcwd;

class ForbiddenCodeTest extends TestCase
{
    use Traits\InvalidCodeAnalysisTestTrait;
    use Traits\ValidCodeAnalysisTestTrait;

    /**
     * @return iterable<string,array{string,error_message:string,1?:string[],2?:bool,3?:string}>
     */
    public function providerInvalidCodeParse(): iterable
    {
        return [
            'varDump' => [
                '<?php
                    var_dump("hello");',
                'error_message' => 'ForbiddenCode',
            ],
            'varDumpCased' => [
                '<?php
                    vAr_dUMp("hello");',
                'error_message' => 'ForbiddenCode',
            ],
            'execTicks' => [
                '<?php
                    `rm -rf`;',
                'error_message' => 'ForbiddenCode',
            ],
            'exec' => [
                '<?php
                    shell_exec("rm -rf");',
                'error_message' => 'ForbiddenCode',
            ],
            'execCased' => [
                '<?php
                    sHeLl_EXeC("rm -rf");',
                'error_message' => 'ForbiddenCode',
            ],
        ];
    }

    /**
     * @return iterable<string,array{string,assertions?:array<string,string>,error_levels?:string[]}>
     */
    public function providerValidCodeParse(): iterable
    {
        return [
            'execWithSuppression' => [
                '<?php
                    @exec("pwd 2>&1", $output, $returnValue);
                    if ($returnValue === 0) {
                        echo "success";
                    }',
            ],
            'execWithoutSuppression' => [
                '<?php
                    exec("pwd 2>&1", $output, $returnValue);
                    if ($returnValue === 0) {
                        echo "success";
                    }',
            ],
        ];
    }

    public function testAllowedEchoFunction(): void
    {
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm></psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                echo "hello";'
        );

        $this->analyzeFile($file_path, new Context());
    }

    public function testForbiddenEchoFunctionViaFunctions(): void
    {
        $this->expectExceptionMessage('ForbiddenCode');
        $this->expectException(\Psalm\Exception\CodeException::class);
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm>
                    <forbiddenFunctions>
                        <function name="echo" />
                    </forbiddenFunctions>
                </psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                echo "hello";'
        );

        $this->analyzeFile($file_path, new Context());
    }

    public function testForbiddenEchoFunctionViaFlag(): void
    {
        $this->expectExceptionMessage('ForbiddenEcho');
        $this->expectException(\Psalm\Exception\CodeException::class);
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm forbidEcho="true"></psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                echo "hello";'
        );

        $this->analyzeFile($file_path, new Context());
    }

    public function testAllowedPrintFunction(): void
    {
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm></psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                print "hello";'
        );

        $this->analyzeFile($file_path, new Context());
    }

    public function testForbiddenPrintFunction(): void
    {
        $this->expectExceptionMessage('ForbiddenCode');
        $this->expectException(\Psalm\Exception\CodeException::class);
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm>
                    <forbiddenFunctions>
                        <function name="print" />
                    </forbiddenFunctions>
                </psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                print "hello";'
        );

        $this->analyzeFile($file_path, new Context());
    }

    public function testAllowedVarExportFunction(): void
    {
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm></psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                $a = [1, 2, 3];
                var_export($a);'
        );

        $this->analyzeFile($file_path, new Context());
    }

    public function testForbiddenVarExportFunction(): void
    {
        $this->expectExceptionMessage('ForbiddenCode');
        $this->expectException(\Psalm\Exception\CodeException::class);
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm>
                    <forbiddenFunctions>
                        <function name="var_export" />
                    </forbiddenFunctions>
                </psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                $a = [1, 2, 3];
                var_export($a);'
        );

        $this->analyzeFile($file_path, new Context());
    }

    public function testForbiddenEmptyFunction(): void
    {
        $this->expectExceptionMessage('ForbiddenCode');
        $this->expectException(\Psalm\Exception\CodeException::class);
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm>
                    <forbiddenFunctions>
                        <function name="empty" />
                    </forbiddenFunctions>
                </psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                empty(false);'
        );

        $this->analyzeFile($file_path, new Context());
    }

    public function testForbiddenExitFunction(): void
    {
        $this->expectExceptionMessage('ForbiddenCode');
        $this->expectException(\Psalm\Exception\CodeException::class);
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm>
                    <forbiddenFunctions>
                        <function name="exit" />
                    </forbiddenFunctions>
                </psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                exit(2);
            '
        );

        $this->analyzeFile($file_path, new Context());
    }

    public function testForbiddenDieFunction(): void
    {
        $this->expectExceptionMessage('ForbiddenCode');
        $this->expectException(\Psalm\Exception\CodeException::class);
        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
            TestConfig::loadFromXML(
                dirname(__DIR__, 2),
                '<?xml version="1.0"?>
                <psalm>
                    <forbiddenFunctions>
                        <function name="die" />
                    </forbiddenFunctions>
                </psalm>'
            )
        );

        $file_path = getcwd() . '/src/somefile.php';

        $this->addFile(
            $file_path,
            '<?php
                die(2);
            '
        );

        $this->analyzeFile($file_path, new Context());
    }


    private function getProjectAnalyzerWithConfig(Config $config): \Psalm\Internal\Analyzer\ProjectAnalyzer
    {
        $p = new \Psalm\Internal\Analyzer\ProjectAnalyzer(
            $config,
            new \Psalm\Internal\Provider\Providers(
                $this->file_provider,
                new Provider\FakeParserCacheProvider()
            )
        );

        $p->setPhpVersion('7.4');

        return $p;
    }
}
Add so many new tests 2016-12-11 23:41:11 -05:00			`<?php`
Move ForbiddenCode-related tests to the corresponding test file 2021-10-31 02:43:17 +03:00
Add so many new tests 2016-12-11 23:41:11 -05:00			`namespace Psalm\Tests;`

Move ForbiddenCode-related tests to the corresponding test file 2021-10-31 02:43:17 +03:00			`use Psalm\Config;`
			`use Psalm\Context;`
			`use Psalm\Tests\Internal\Provider;`

			`use function dirname;`
			`use function getcwd;`

Rewriting and streamlining every unit test with data providers. (#147) * Rewriting and streamlining every unit test with data providers. All unit tests have been rewritten into PHPUnit data providers to reduce the amount of unnecessary code-reuse through out the test suite. 2017-04-24 23:45:02 -04:00			`class ForbiddenCodeTest extends TestCase`
Add so many new tests 2016-12-11 23:41:11 -05:00			`{`
Move internal classes to own namespace 2018-11-05 21:57:36 -05:00			`use Traits\InvalidCodeAnalysisTestTrait;`
			`use Traits\ValidCodeAnalysisTestTrait;`
Add so many new tests 2016-12-11 23:41:11 -05:00
			`/**`
Fix object-like array keys when combining string and automatic keys (fixes #5427). (#5428) * Fix object-like array keys (fixes #5427). * Fix incorrect return types for tests. * Fix false positive list with literal int key. 2021-03-19 20:44:44 -05:00			`* @return iterable<string,array{string,error_message:string,1?:string[],2?:bool,3?:string}>`
Add so many new tests 2016-12-11 23:41:11 -05:00			`*/`
More return types (#4173) * add native return types * redundant phpdoc 2020-09-12 17:24:05 +02:00			`public function providerInvalidCodeParse(): iterable`
Add so many new tests 2016-12-11 23:41:11 -05:00			`{`
Rewriting and streamlining every unit test with data providers. (#147) * Rewriting and streamlining every unit test with data providers. All unit tests have been rewritten into PHPUnit data providers to reduce the amount of unnecessary code-reuse through out the test suite. 2017-04-24 23:45:02 -04:00			`return [`
			`'varDump' => [`
			`'<?php`
			`var_dump("hello");',`
Add additional formatting changes 2017-05-26 20:05:57 -04:00			`'error_message' => 'ForbiddenCode',`
Rewriting and streamlining every unit test with data providers. (#147) * Rewriting and streamlining every unit test with data providers. All unit tests have been rewritten into PHPUnit data providers to reduce the amount of unnecessary code-reuse through out the test suite. 2017-04-24 23:45:02 -04:00			`],`
Case-insensitive checks for var_dump and shell_exec Fixes vimeo/psalm#1547 2019-04-13 18:20:02 +03:00			`'varDumpCased' => [`
			`'<?php`
			`vAr_dUMp("hello");',`
			`'error_message' => 'ForbiddenCode',`
			`],`
Rewriting and streamlining every unit test with data providers. (#147) * Rewriting and streamlining every unit test with data providers. All unit tests have been rewritten into PHPUnit data providers to reduce the amount of unnecessary code-reuse through out the test suite. 2017-04-24 23:45:02 -04:00			`'execTicks' => [`
			`'<?php`
			`rm -rf`;',
Add additional formatting changes 2017-05-26 20:05:57 -04:00			`'error_message' => 'ForbiddenCode',`
Rewriting and streamlining every unit test with data providers. (#147) * Rewriting and streamlining every unit test with data providers. All unit tests have been rewritten into PHPUnit data providers to reduce the amount of unnecessary code-reuse through out the test suite. 2017-04-24 23:45:02 -04:00			`],`
			`'exec' => [`
			`'<?php`
			`shell_exec("rm -rf");',`
Add additional formatting changes 2017-05-26 20:05:57 -04:00			`'error_message' => 'ForbiddenCode',`
			`],`
Case-insensitive checks for var_dump and shell_exec Fixes vimeo/psalm#1547 2019-04-13 18:20:02 +03:00			`'execCased' => [`
			`'<?php`
			`sHeLl_EXeC("rm -rf");',`
			`'error_message' => 'ForbiddenCode',`
			`],`
Rewriting and streamlining every unit test with data providers. (#147) * Rewriting and streamlining every unit test with data providers. All unit tests have been rewritten into PHPUnit data providers to reduce the amount of unnecessary code-reuse through out the test suite. 2017-04-24 23:45:02 -04:00			`];`
Add so many new tests 2016-12-11 23:41:11 -05:00			`}`
Don’t ignore @function calls Fixes #570 2018-03-12 23:48:10 -04:00
			`/**`
More provider typing 2019-03-01 22:55:20 +02:00			`* @return iterable<string,array{string,assertions?:array<string,string>,error_levels?:string[]}>`
Don’t ignore @function calls Fixes #570 2018-03-12 23:48:10 -04:00			`*/`
More return types (#4173) * add native return types * redundant phpdoc 2020-09-12 17:24:05 +02:00			`public function providerValidCodeParse(): iterable`
Don’t ignore @function calls Fixes #570 2018-03-12 23:48:10 -04:00			`{`
			`return [`
			`'execWithSuppression' => [`
			`'<?php`
			`@exec("pwd 2>&1", $output, $returnValue);`
			`if ($returnValue === 0) {`
			`echo "success";`
			`}',`
			`],`
			`'execWithoutSuppression' => [`
			`'<?php`
			`exec("pwd 2>&1", $output, $returnValue);`
			`if ($returnValue === 0) {`
			`echo "success";`
			`}',`
			`],`
			`];`
			`}`
Move ForbiddenCode-related tests to the corresponding test file 2021-10-31 02:43:17 +03:00
			`public function testAllowedEchoFunction(): void`
			`{`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm></psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`echo "hello";'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`

			`public function testForbiddenEchoFunctionViaFunctions(): void`
			`{`
			`$this->expectExceptionMessage('ForbiddenCode');`
			`$this->expectException(\Psalm\Exception\CodeException::class);`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm>`
			`<forbiddenFunctions>`
			`<function name="echo" />`
			`</forbiddenFunctions>`
			`</psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`echo "hello";'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`

			`public function testForbiddenEchoFunctionViaFlag(): void`
			`{`
			`$this->expectExceptionMessage('ForbiddenEcho');`
			`$this->expectException(\Psalm\Exception\CodeException::class);`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm forbidEcho="true"></psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`echo "hello";'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`

			`public function testAllowedPrintFunction(): void`
			`{`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm></psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`print "hello";'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`

			`public function testForbiddenPrintFunction(): void`
			`{`
			`$this->expectExceptionMessage('ForbiddenCode');`
			`$this->expectException(\Psalm\Exception\CodeException::class);`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm>`
			`<forbiddenFunctions>`
			`<function name="print" />`
			`</forbiddenFunctions>`
			`</psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`print "hello";'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`

			`public function testAllowedVarExportFunction(): void`
			`{`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm></psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`$a = [1, 2, 3];`
			`var_export($a);'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`

			`public function testForbiddenVarExportFunction(): void`
			`{`
			`$this->expectExceptionMessage('ForbiddenCode');`
			`$this->expectException(\Psalm\Exception\CodeException::class);`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm>`
			`<forbiddenFunctions>`
			`<function name="var_export" />`
			`</forbiddenFunctions>`
			`</psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`$a = [1, 2, 3];`
			`var_export($a);'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`

			`public function testForbiddenEmptyFunction(): void`
			`{`
			`$this->expectExceptionMessage('ForbiddenCode');`
			`$this->expectException(\Psalm\Exception\CodeException::class);`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm>`
			`<forbiddenFunctions>`
			`<function name="empty" />`
			`</forbiddenFunctions>`
			`</psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`empty(false);'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`

Allow to forbid `exit()` and `die()` 2021-10-31 03:02:16 +03:00			`public function testForbiddenExitFunction(): void`
			`{`
			`$this->expectExceptionMessage('ForbiddenCode');`
			`$this->expectException(\Psalm\Exception\CodeException::class);`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm>`
			`<forbiddenFunctions>`
			`<function name="exit" />`
			`</forbiddenFunctions>`
			`</psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`exit(2);`
			`'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`

			`public function testForbiddenDieFunction(): void`
			`{`
			`$this->expectExceptionMessage('ForbiddenCode');`
			`$this->expectException(\Psalm\Exception\CodeException::class);`
			`$this->project_analyzer = $this->getProjectAnalyzerWithConfig(`
			`TestConfig::loadFromXML(`
			`dirname(__DIR__, 2),`
			`'<?xml version="1.0"?>`
			`<psalm>`
			`<forbiddenFunctions>`
			`<function name="die" />`
			`</forbiddenFunctions>`
			`</psalm>'`
			`)`
			`);`

			`$file_path = getcwd() . '/src/somefile.php';`

			`$this->addFile(`
			`$file_path,`
			`'<?php`
			`die(2);`
			`'`
			`);`

			`$this->analyzeFile($file_path, new Context());`
			`}`


Move ForbiddenCode-related tests to the corresponding test file 2021-10-31 02:43:17 +03:00			`private function getProjectAnalyzerWithConfig(Config $config): \Psalm\Internal\Analyzer\ProjectAnalyzer`
			`{`
			`$p = new \Psalm\Internal\Analyzer\ProjectAnalyzer(`
			`$config,`
			`new \Psalm\Internal\Provider\Providers(`
			`$this->file_provider,`
			`new Provider\FakeParserCacheProvider()`
			`)`
			`);`

			`$p->setPhpVersion('7.4');`

			`return $p;`
			`}`
Add so many new tests 2016-12-11 23:41:11 -05:00			`}`