psalm/src/Psalm/Internal/Analyzer/Statements/Expression/EvalAnalyzer.php

<?php

namespace Psalm\Internal\Analyzer\Statements\Expression;

use PhpParser;
use Psalm\CodeLocation;
use Psalm\Context;
use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
use Psalm\Internal\Analyzer\StatementsAnalyzer;
use Psalm\Internal\Codebase\TaintFlowGraph;
use Psalm\Internal\DataFlow\TaintSink;
use Psalm\Issue\ForbiddenCode;
use Psalm\IssueBuffer;
use Psalm\Plugin\EventHandler\Event\AddRemoveTaintsEvent;
use Psalm\Type\TaintKind;

use function in_array;

/**
 * @internal
 */
class EvalAnalyzer
{
    public static function analyze(
        StatementsAnalyzer $statements_analyzer,
        PhpParser\Node\Expr\Eval_ $stmt,
        Context $context
    ): void {
        ExpressionAnalyzer::analyze($statements_analyzer, $stmt->expr, $context);

        $codebase = $statements_analyzer->getCodebase();

        $expr_type = $statements_analyzer->node_data->getType($stmt->expr);

        if ($expr_type) {
            if ($statements_analyzer->data_flow_graph instanceof TaintFlowGraph
                && $expr_type->parent_nodes
                && !in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
            ) {
                $arg_location = new CodeLocation($statements_analyzer->getSource(), $stmt->expr);

                $eval_param_sink = TaintSink::getForMethodArgument(
                    'eval',
                    'eval',
                    0,
                    $arg_location,
                    $arg_location,
                );

                $eval_param_sink->taints = [TaintKind::INPUT_EVAL];

                $statements_analyzer->data_flow_graph->addSink($eval_param_sink);

                $codebase = $statements_analyzer->getCodebase();
                $event = new AddRemoveTaintsEvent($stmt, $context, $statements_analyzer, $codebase);

                $added_taints = $codebase->config->eventDispatcher->dispatchAddTaints($event);
                $removed_taints = $codebase->config->eventDispatcher->dispatchRemoveTaints($event);

                foreach ($expr_type->parent_nodes as $parent_node) {
                    $statements_analyzer->data_flow_graph->addPath(
                        $parent_node,
                        $eval_param_sink,
                        'arg',
                        $added_taints,
                        $removed_taints,
                    );
                }
            }
        }

        if (isset($codebase->config->forbidden_functions['eval'])) {
            IssueBuffer::maybeAdd(
                new ForbiddenCode(
                    'You have forbidden the use of eval',
                    new CodeLocation($statements_analyzer, $stmt),
                ),
                $statements_analyzer->getSuppressedIssues(),
            );
        }

        $context->check_classes = false;
        $context->check_variables = false;
    }
}
Add eval sink 2020-05-23 06:03:29 +02:00			`<?php`
Set number of lines before and after namespace. 2021-12-15 04:58:32 +01:00
Add eval sink 2020-05-23 06:03:29 +02:00			`namespace Psalm\Internal\Analyzer\Statements\Expression;`

			`use PhpParser;`
Enforce `use` sort (#5900) 2021-06-08 04:55:21 +02:00			`use Psalm\CodeLocation;`
			`use Psalm\Context;`
Add eval sink 2020-05-23 06:03:29 +02:00			`use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;`
			`use Psalm\Internal\Analyzer\StatementsAnalyzer;`
4.x - refactor unused variable detection This turns unused variable detection into an explicit control-flow problem, where before we had a more simplistic mark-and-sweep algorithm 2020-09-30 18:28:13 +02:00			`use Psalm\Internal\Codebase\TaintFlowGraph;`
Enforce `use` sort (#5900) 2021-06-08 04:55:21 +02:00			`use Psalm\Internal\DataFlow\TaintSink;`
Added option to forbid eval() in codebase #6855 2021-11-07 21:06:22 +01:00			`use Psalm\Issue\ForbiddenCode;`
			`use Psalm\IssueBuffer;`
Added event to prevent tainting. (#5398) * Added event to prevent tainting. * Remove optional codebase parameter. * Removed falsy check for codebase. * Use two separate hooks for adding and removing taints * Add slashes * Update add/remove taint test name. * Cleaned up SafeArrayKeyChecker example plugin. * Added more AddRemoveTaintsEvent calls to codebase. * Fix type check error with $added_taints param. * Added AddRemoveTaintsEvent to remaining classes. * Fix post-merge error. * Add comma * Remove $int_offset that never existed Co-authored-by: Matt Brown <github@muglug.com> 2021-03-20 03:41:41 +01:00			`use Psalm\Plugin\EventHandler\Event\AddRemoveTaintsEvent;`
Import instead of using fqn 2021-12-03 20:11:20 +01:00			`use Psalm\Type\TaintKind;`
Add eval sink 2020-05-23 06:03:29 +02:00
Import instead of using fqn functions 2021-12-03 21:07:25 +01:00			`use function in_array;`

Add eval sink 2020-05-23 06:03:29 +02:00			`/**`
			`* @internal`
			`*/`
			`class EvalAnalyzer`
			`{`
			`public static function analyze(`
			`StatementsAnalyzer $statements_analyzer,`
			`PhpParser\Node\Expr\Eval_ $stmt,`
Fix bugs 2020-05-23 06:08:16 +02:00			`Context $context`
Return type hints (#7065) Co-authored-by: ralila <> 2021-12-05 18:51:26 +01:00			`): void {`
Add eval sink 2020-05-23 06:03:29 +02:00			`ExpressionAnalyzer::analyze($statements_analyzer, $stmt->expr, $context);`

Added option to forbid eval() in codebase #6855 2021-11-07 21:06:22 +01:00			`$codebase = $statements_analyzer->getCodebase();`

Add eval sink 2020-05-23 06:03:29 +02:00			`$expr_type = $statements_analyzer->node_data->getType($stmt->expr);`

			`if ($expr_type) {`
Change control_flow_graph to data_flow_graph 2020-10-13 23:28:12 +02:00			`if ($statements_analyzer->data_flow_graph instanceof TaintFlowGraph`
Allow limiting connected taint paths 2020-05-26 05:28:11 +02:00			`&& $expr_type->parent_nodes`
Import instead of using fqn functions 2021-12-03 21:07:25 +01:00			`&& !in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())`
Allow limiting connected taint paths 2020-05-26 05:28:11 +02:00			`) {`
Add eval sink 2020-05-23 06:03:29 +02:00			`$arg_location = new CodeLocation($statements_analyzer->getSource(), $stmt->expr);`

Rename TaintGraph to ControlFlowGraph because it’s about to do more 2020-09-21 05:59:52 +02:00			`$eval_param_sink = TaintSink::getForMethodArgument(`
Add eval sink 2020-05-23 06:03:29 +02:00			`'eval',`
			`'eval',`
			`0,`
			`$arg_location,`
Require trailing commas 2022-12-18 17:15:15 +01:00			`$arg_location,`
Add eval sink 2020-05-23 06:03:29 +02:00			`);`

Import instead of using fqn 2021-12-03 20:11:20 +01:00			`$eval_param_sink->taints = [TaintKind::INPUT_EVAL];`
Add eval sink 2020-05-23 06:03:29 +02:00
Change control_flow_graph to data_flow_graph 2020-10-13 23:28:12 +02:00			`$statements_analyzer->data_flow_graph->addSink($eval_param_sink);`
Add eval sink 2020-05-23 06:03:29 +02:00
Added event to prevent tainting. (#5398) * Added event to prevent tainting. * Remove optional codebase parameter. * Removed falsy check for codebase. * Use two separate hooks for adding and removing taints * Add slashes * Update add/remove taint test name. * Cleaned up SafeArrayKeyChecker example plugin. * Added more AddRemoveTaintsEvent calls to codebase. * Fix type check error with $added_taints param. * Added AddRemoveTaintsEvent to remaining classes. * Fix post-merge error. * Add comma * Remove $int_offset that never existed Co-authored-by: Matt Brown <github@muglug.com> 2021-03-20 03:41:41 +01:00			`$codebase = $statements_analyzer->getCodebase();`
			`$event = new AddRemoveTaintsEvent($stmt, $context, $statements_analyzer, $codebase);`

			`$added_taints = $codebase->config->eventDispatcher->dispatchAddTaints($event);`
			`$removed_taints = $codebase->config->eventDispatcher->dispatchRemoveTaints($event);`

Add eval sink 2020-05-23 06:03:29 +02:00			`foreach ($expr_type->parent_nodes as $parent_node) {`
Added event to prevent tainting. (#5398) * Added event to prevent tainting. * Remove optional codebase parameter. * Removed falsy check for codebase. * Use two separate hooks for adding and removing taints * Add slashes * Update add/remove taint test name. * Cleaned up SafeArrayKeyChecker example plugin. * Added more AddRemoveTaintsEvent calls to codebase. * Fix type check error with $added_taints param. * Added AddRemoveTaintsEvent to remaining classes. * Fix post-merge error. * Add comma * Remove $int_offset that never existed Co-authored-by: Matt Brown <github@muglug.com> 2021-03-20 03:41:41 +01:00			`$statements_analyzer->data_flow_graph->addPath(`
			`$parent_node,`
			`$eval_param_sink,`
			`'arg',`
			`$added_taints,`
Require trailing commas 2022-12-18 17:15:15 +01:00			`$removed_taints,`
Added event to prevent tainting. (#5398) * Added event to prevent tainting. * Remove optional codebase parameter. * Removed falsy check for codebase. * Use two separate hooks for adding and removing taints * Add slashes * Update add/remove taint test name. * Cleaned up SafeArrayKeyChecker example plugin. * Added more AddRemoveTaintsEvent calls to codebase. * Fix type check error with $added_taints param. * Added AddRemoveTaintsEvent to remaining classes. * Fix post-merge error. * Add comma * Remove $int_offset that never existed Co-authored-by: Matt Brown <github@muglug.com> 2021-03-20 03:41:41 +01:00			`);`
Add eval sink 2020-05-23 06:03:29 +02:00			`}`
			`}`
			`}`

Added option to forbid eval() in codebase #6855 2021-11-07 21:06:22 +01:00			`if (isset($codebase->config->forbidden_functions['eval'])) {`
Migrate most IssueBuffer::accepts calls to IssueBuffer::maybeAdd (#7020) 2021-11-29 20:54:17 +01:00			`IssueBuffer::maybeAdd(`
Added option to forbid eval() in codebase #6855 2021-11-07 21:06:22 +01:00			`new ForbiddenCode(`
			`'You have forbidden the use of eval',`
Require trailing commas 2022-12-18 17:15:15 +01:00			`new CodeLocation($statements_analyzer, $stmt),`
Added option to forbid eval() in codebase #6855 2021-11-07 21:06:22 +01:00			`),`
Require trailing commas 2022-12-18 17:15:15 +01:00			`$statements_analyzer->getSuppressedIssues(),`
Migrate most IssueBuffer::accepts calls to IssueBuffer::maybeAdd (#7020) 2021-11-29 20:54:17 +01:00			`);`
Added option to forbid eval() in codebase #6855 2021-11-07 21:06:22 +01:00			`}`

Add eval sink 2020-05-23 06:03:29 +02:00			`$context->check_classes = false;`
			`$context->check_variables = false;`
			`}`
			`}`