1
0
mirror of https://github.com/danog/psalm.git synced 2025-01-10 06:58:41 +01:00
psalm/src/Psalm/Internal/Analyzer/Statements/Expression/PrintAnalyzer.php

110 lines
3.7 KiB
PHP
Raw Normal View History

2020-05-18 21:13:27 +02:00
<?php
2020-05-18 21:13:27 +02:00
namespace Psalm\Internal\Analyzer\Statements\Expression;
use PhpParser;
2021-06-08 04:55:21 +02:00
use Psalm\CodeLocation;
use Psalm\Context;
use Psalm\Internal\Analyzer\FunctionLikeAnalyzer;
use Psalm\Internal\Analyzer\Statements\Expression\Call\ArgumentAnalyzer;
2020-05-18 21:13:27 +02:00
use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
use Psalm\Internal\Analyzer\StatementsAnalyzer;
use Psalm\Internal\Codebase\TaintFlowGraph;
2021-06-08 04:55:21 +02:00
use Psalm\Internal\DataFlow\TaintSink;
2020-05-18 21:13:27 +02:00
use Psalm\Issue\ForbiddenCode;
use Psalm\Issue\ImpureFunctionCall;
2020-05-18 21:13:27 +02:00
use Psalm\IssueBuffer;
use Psalm\Storage\FunctionLikeParameter;
use Psalm\Type;
2021-12-13 16:28:14 +01:00
use Psalm\Type\TaintKind;
2020-05-18 21:13:27 +02:00
class PrintAnalyzer
{
public static function analyze(
StatementsAnalyzer $statements_analyzer,
PhpParser\Node\Expr\Print_ $stmt,
Context $context
): bool {
2020-05-18 21:13:27 +02:00
$codebase = $statements_analyzer->getCodebase();
if (ExpressionAnalyzer::analyze($statements_analyzer, $stmt->expr, $context) === false) {
return false;
}
if ($statements_analyzer->data_flow_graph instanceof TaintFlowGraph) {
$call_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
$print_param_sink = TaintSink::getForMethodArgument(
'print',
'print',
0,
null,
$call_location
);
$print_param_sink->taints = [
2021-12-13 16:28:14 +01:00
TaintKind::INPUT_HTML,
TaintKind::INPUT_HAS_QUOTES,
TaintKind::USER_SECRET,
TaintKind::SYSTEM_SECRET
];
$statements_analyzer->data_flow_graph->addSink($print_param_sink);
}
2020-05-18 21:13:27 +02:00
if ($stmt_expr_type = $statements_analyzer->node_data->getType($stmt->expr)) {
if (ArgumentAnalyzer::verifyType(
2020-05-18 21:13:27 +02:00
$statements_analyzer,
$stmt_expr_type,
Type::getString(),
null,
'print',
null,
2020-05-18 21:13:27 +02:00
0,
new CodeLocation($statements_analyzer->getSource(), $stmt->expr),
$stmt->expr,
$context,
new FunctionLikeParameter('var', false),
false,
null,
2020-05-22 04:47:58 +02:00
true,
2020-05-18 21:13:27 +02:00
true,
new CodeLocation($statements_analyzer->getSource(), $stmt)
) === false) {
return false;
}
}
if (isset($codebase->config->forbidden_functions['print'])) {
IssueBuffer::maybeAdd(
2020-05-18 21:13:27 +02:00
new ForbiddenCode(
'You have forbidden the use of print',
new CodeLocation($statements_analyzer->getSource(), $stmt)
),
$statements_analyzer->getSuppressedIssues()
);
2020-05-18 21:13:27 +02:00
}
if (!$context->collect_initializations && !$context->collect_mutations) {
if ($context->mutation_free || $context->external_mutation_free) {
IssueBuffer::maybeAdd(
new ImpureFunctionCall(
'Cannot call print from a mutation-free context',
new CodeLocation($statements_analyzer, $stmt)
),
$statements_analyzer->getSuppressedIssues()
);
} elseif ($statements_analyzer->getSource() instanceof FunctionLikeAnalyzer
&& $statements_analyzer->getSource()->track_mutations
) {
$statements_analyzer->getSource()->inferred_has_mutation = true;
$statements_analyzer->getSource()->inferred_impure = true;
}
}
2020-05-18 21:13:27 +02:00
$statements_analyzer->node_data->setType($stmt, Type::getInt(false, 1));
return true;
}
}