1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-16 03:17:02 +01:00
psalm/src/Psalm/Internal/Analyzer/Statements/Expression/ExitAnalyzer.php

87 lines
2.6 KiB
PHP
Raw Normal View History

2020-06-25 23:17:08 +02:00
<?php
namespace Psalm\Internal\Analyzer\Statements\Expression;
use PhpParser;
use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
use Psalm\Internal\Analyzer\Statements\Expression\Call\ArgumentAnalyzer;
use Psalm\Internal\Analyzer\StatementsAnalyzer;
use Psalm\Internal\Taint\Sink;
use Psalm\CodeLocation;
use Psalm\Context;
use Psalm\Storage\FunctionLikeParameter;
use Psalm\Type;
use Psalm\Type\Atomic\TInt;
use Psalm\Type\Atomic\TString;
class ExitAnalyzer
{
public static function analyze(
StatementsAnalyzer $statements_analyzer,
PhpParser\Node\Expr\Exit_ $stmt,
Context $context
) : bool {
if ($stmt->expr) {
$context->inside_call = true;
if (ExpressionAnalyzer::analyze($statements_analyzer, $stmt->expr, $context) === false) {
return false;
}
$codebase = $statements_analyzer->getCodebase();
2020-09-21 00:27:02 +02:00
if ($codebase->taint_graph
2020-06-25 23:17:08 +02:00
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
) {
$call_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
$echo_param_sink = Sink::getForMethodArgument(
'exit',
'exit',
0,
null,
$call_location
);
$echo_param_sink->taints = [
Type\TaintKind::INPUT_HTML,
Type\TaintKind::USER_SECRET,
Type\TaintKind::SYSTEM_SECRET
];
2020-09-21 00:27:02 +02:00
$codebase->taint_graph->addSink($echo_param_sink);
2020-06-25 23:17:08 +02:00
}
if ($expr_type = $statements_analyzer->node_data->getType($stmt->expr)) {
$exit_param = new FunctionLikeParameter(
'var',
false
);
if (ArgumentAnalyzer::verifyType(
$statements_analyzer,
$expr_type,
new Type\Union([new TInt(), new TString()]),
null,
'exit',
0,
new CodeLocation($statements_analyzer->getSource(), $stmt->expr),
$stmt->expr,
$context,
$exit_param,
false,
null,
true,
true,
new CodeLocation($statements_analyzer, $stmt)
) === false) {
return false;
}
}
$context->inside_call = false;
}
return true;
}
}