1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-16 19:36:59 +01:00
psalm/src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/VariableFetchAnalyzer.php

430 lines
16 KiB
PHP
Raw Normal View History

2018-01-14 18:09:40 +01:00
<?php
2018-11-06 03:57:36 +01:00
namespace Psalm\Internal\Analyzer\Statements\Expression\Fetch;
2018-01-14 18:09:40 +01:00
use PhpParser;
2018-11-06 03:57:36 +01:00
use Psalm\Internal\Analyzer\FunctionLikeAnalyzer;
2020-05-18 21:13:27 +02:00
use Psalm\Internal\Analyzer\Statements\Expression\AssignmentAnalyzer;
2018-11-06 03:57:36 +01:00
use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
use Psalm\Internal\Analyzer\StatementsAnalyzer;
2020-06-18 19:45:58 +02:00
use Psalm\Internal\Taint\Source;
2018-01-14 18:09:40 +01:00
use Psalm\CodeLocation;
use Psalm\Context;
use Psalm\Issue\InvalidScope;
use Psalm\Issue\PossiblyUndefinedGlobalVariable;
use Psalm\Issue\PossiblyUndefinedVariable;
use Psalm\Issue\UndefinedGlobalVariable;
use Psalm\Issue\UndefinedVariable;
use Psalm\IssueBuffer;
use Psalm\Type;
use function is_string;
2020-05-19 18:56:23 +02:00
use function in_array;
2018-01-14 18:09:40 +01:00
/**
* @internal
*/
2018-11-06 03:57:36 +01:00
class VariableFetchAnalyzer
2018-01-14 18:09:40 +01:00
{
2020-05-19 18:56:23 +02:00
const SUPER_GLOBALS = [
'$GLOBALS',
'$_SERVER',
'$_GET',
'$_POST',
'$_FILES',
'$_COOKIE',
'$_SESSION',
'$_REQUEST',
'$_ENV',
'$http_response_header',
];
2018-01-14 18:09:40 +01:00
/**
2018-11-11 18:01:14 +01:00
* @param StatementsAnalyzer $statements_analyzer
2018-01-14 18:09:40 +01:00
* @param PhpParser\Node\Expr\Variable $stmt
* @param Context $context
* @param bool $passed_by_reference
* @param Type\Union|null $by_ref_type
* @param bool $array_assignment
* @param bool $from_global - when used in a global keyword
2018-01-14 18:09:40 +01:00
*/
public static function analyze(
2018-11-11 18:01:14 +01:00
StatementsAnalyzer $statements_analyzer,
2018-01-14 18:09:40 +01:00
PhpParser\Node\Expr\Variable $stmt,
Context $context,
$passed_by_reference = false,
Type\Union $by_ref_type = null,
$array_assignment = false,
$from_global = false
2020-05-18 21:13:27 +02:00
) : bool {
2018-11-11 18:01:14 +01:00
$project_analyzer = $statements_analyzer->getFileAnalyzer()->project_analyzer;
$codebase = $statements_analyzer->getCodebase();
2018-10-07 02:11:19 +02:00
2018-01-14 18:09:40 +01:00
if ($stmt->name === 'this') {
2018-11-11 18:01:14 +01:00
if ($statements_analyzer->isStatic()) {
2018-01-14 18:09:40 +01:00
if (IssueBuffer::accepts(
new InvalidScope(
'Invalid reference to $this in a static context',
2018-11-11 18:01:14 +01:00
new CodeLocation($statements_analyzer->getSource(), $stmt)
2018-01-14 18:09:40 +01:00
),
2018-11-11 18:01:14 +01:00
$statements_analyzer->getSuppressedIssues()
2018-01-14 18:09:40 +01:00
)) {
return false;
}
2020-05-18 21:13:27 +02:00
return true;
}
if (!isset($context->vars_in_scope['$this'])) {
2018-01-14 18:09:40 +01:00
if (IssueBuffer::accepts(
new InvalidScope(
'Invalid reference to $this in a non-class context',
2018-11-11 18:01:14 +01:00
new CodeLocation($statements_analyzer->getSource(), $stmt)
2018-01-14 18:09:40 +01:00
),
2018-11-11 18:01:14 +01:00
$statements_analyzer->getSuppressedIssues()
2018-01-14 18:09:40 +01:00
)) {
return false;
}
$context->vars_in_scope['$this'] = Type::getMixed();
$context->vars_possibly_in_scope['$this'] = true;
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
$statements_analyzer->node_data->setType($stmt, clone $context->vars_in_scope['$this']);
2018-01-14 18:09:40 +01:00
2019-02-24 07:33:25 +01:00
if ($codebase->store_node_types
&& !$context->collect_initializations
&& !$context->collect_mutations
&& ($stmt_type = $statements_analyzer->node_data->getType($stmt))
) {
$codebase->analyzer->addNodeType(
2018-11-11 18:01:14 +01:00
$statements_analyzer->getFilePath(),
$stmt,
2020-02-23 23:03:27 +01:00
$stmt_type->getId()
);
}
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
if (!$context->check_variables) {
if (is_string($stmt->name)) {
$var_name = '$' . $stmt->name;
2018-11-11 18:01:14 +01:00
if (!$context->hasVariable($var_name, $statements_analyzer)) {
2018-01-14 18:09:40 +01:00
$context->vars_in_scope[$var_name] = Type::getMixed();
$context->vars_possibly_in_scope[$var_name] = true;
$statements_analyzer->node_data->setType($stmt, Type::getMixed());
2018-01-14 18:09:40 +01:00
} else {
$statements_analyzer->node_data->setType($stmt, clone $context->vars_in_scope[$var_name]);
2018-01-14 18:09:40 +01:00
}
} else {
$statements_analyzer->node_data->setType($stmt, Type::getMixed());
2018-01-14 18:09:40 +01:00
}
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
2020-05-19 18:56:23 +02:00
if (is_string($stmt->name) && self::isSuperGlobal('$' . $stmt->name)) {
2019-03-06 00:14:07 +01:00
$var_name = '$' . $stmt->name;
if (isset($context->vars_in_scope[$var_name])) {
2020-06-18 19:45:58 +02:00
$type = clone $context->vars_in_scope[$var_name];
self::taintVariable($statements_analyzer, $var_name, $type, $stmt);
$statements_analyzer->node_data->setType($stmt, $type);
2020-05-18 21:13:27 +02:00
return true;
}
2020-05-19 18:56:23 +02:00
$type = self::getGlobalType($var_name);
2019-03-06 00:14:07 +01:00
2020-06-18 19:45:58 +02:00
self::taintVariable($statements_analyzer, $var_name, $type, $stmt);
$statements_analyzer->node_data->setType($stmt, $type);
2019-03-06 00:14:07 +01:00
$context->vars_in_scope[$var_name] = clone $type;
$context->vars_possibly_in_scope[$var_name] = true;
2018-01-14 18:09:40 +01:00
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
if (!is_string($stmt->name)) {
2018-11-11 18:01:14 +01:00
return ExpressionAnalyzer::analyze($statements_analyzer, $stmt->name, $context);
2018-01-14 18:09:40 +01:00
}
if ($passed_by_reference && $by_ref_type) {
2020-05-18 21:13:27 +02:00
AssignmentAnalyzer::assignByRefParam(
$statements_analyzer,
$stmt,
$by_ref_type,
$by_ref_type,
$context
);
2018-01-14 18:09:40 +01:00
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
$var_name = '$' . $stmt->name;
if (!$context->hasVariable($var_name, !$array_assignment ? $statements_analyzer : null)) {
2018-01-14 18:09:40 +01:00
if (!isset($context->vars_possibly_in_scope[$var_name]) ||
2018-11-11 18:01:14 +01:00
!$statements_analyzer->getFirstAppearance($var_name)
2018-01-14 18:09:40 +01:00
) {
if ($array_assignment) {
// if we're in an array assignment, let's assign the variable
// because PHP allows it
$context->vars_in_scope[$var_name] = Type::getArray();
$context->vars_possibly_in_scope[$var_name] = true;
// it might have been defined first in another if/else branch
2018-11-11 18:01:14 +01:00
if (!$statements_analyzer->hasVariable($var_name)) {
$statements_analyzer->registerVariable(
2018-01-14 18:09:40 +01:00
$var_name,
2018-11-11 18:01:14 +01:00
new CodeLocation($statements_analyzer, $stmt),
$context->branch_point
2018-01-14 18:09:40 +01:00
);
}
2018-05-01 04:13:13 +02:00
} elseif (!$context->inside_isset
2018-11-11 18:01:14 +01:00
|| $statements_analyzer->getSource() instanceof FunctionLikeAnalyzer
2018-05-01 04:13:13 +02:00
) {
if ($context->is_global || $from_global) {
2018-01-14 18:09:40 +01:00
if (IssueBuffer::accepts(
new UndefinedGlobalVariable(
'Cannot find referenced variable ' . $var_name . ' in global scope',
new CodeLocation($statements_analyzer->getSource(), $stmt),
$var_name
2018-01-14 18:09:40 +01:00
),
2018-11-11 18:01:14 +01:00
$statements_analyzer->getSuppressedIssues()
2018-01-14 18:09:40 +01:00
)) {
// fall through
2018-01-14 18:09:40 +01:00
}
$statements_analyzer->node_data->setType($stmt, Type::getMixed());
2018-01-14 18:09:40 +01:00
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
if (IssueBuffer::accepts(
2018-01-14 18:09:40 +01:00
new UndefinedVariable(
'Cannot find referenced variable ' . $var_name,
2018-11-11 18:01:14 +01:00
new CodeLocation($statements_analyzer->getSource(), $stmt)
),
2018-11-11 18:01:14 +01:00
$statements_analyzer->getSuppressedIssues()
)) {
// fall through
}
2018-01-14 18:09:40 +01:00
$statements_analyzer->node_data->setType($stmt, Type::getMixed());
2018-01-14 18:09:40 +01:00
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
}
2018-11-11 18:01:14 +01:00
$first_appearance = $statements_analyzer->getFirstAppearance($var_name);
2018-01-14 18:09:40 +01:00
if ($first_appearance && !$context->inside_isset && !$context->inside_unset) {
if ($context->is_global) {
2018-11-06 03:57:36 +01:00
if ($codebase->alter_code) {
2018-11-11 18:01:14 +01:00
if (!isset($project_analyzer->getIssuesToFix()['PossiblyUndefinedGlobalVariable'])) {
2020-05-18 21:13:27 +02:00
return true;
}
2018-11-11 18:01:14 +01:00
$branch_point = $statements_analyzer->getBranchPoint($var_name);
if ($branch_point) {
2018-11-11 18:01:14 +01:00
$statements_analyzer->addVariableInitialization($var_name, $branch_point);
}
2020-05-18 21:13:27 +02:00
return true;
}
2018-01-14 18:09:40 +01:00
if (IssueBuffer::accepts(
new PossiblyUndefinedGlobalVariable(
'Possibly undefined global variable ' . $var_name . ', first seen on line ' .
$first_appearance->getLineNumber(),
new CodeLocation($statements_analyzer->getSource(), $stmt),
$var_name
2018-01-14 18:09:40 +01:00
),
$statements_analyzer->getSuppressedIssues(),
(bool) $statements_analyzer->getBranchPoint($var_name)
2018-01-14 18:09:40 +01:00
)) {
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
} else {
2018-11-06 03:57:36 +01:00
if ($codebase->alter_code) {
2018-11-11 18:01:14 +01:00
if (!isset($project_analyzer->getIssuesToFix()['PossiblyUndefinedVariable'])) {
2020-05-18 21:13:27 +02:00
return true;
}
2018-11-11 18:01:14 +01:00
$branch_point = $statements_analyzer->getBranchPoint($var_name);
if ($branch_point) {
2018-11-11 18:01:14 +01:00
$statements_analyzer->addVariableInitialization($var_name, $branch_point);
}
2020-05-18 21:13:27 +02:00
return true;
}
2018-01-14 18:09:40 +01:00
if (IssueBuffer::accepts(
new PossiblyUndefinedVariable(
'Possibly undefined variable ' . $var_name . ', first seen on line ' .
$first_appearance->getLineNumber(),
2018-11-11 18:01:14 +01:00
new CodeLocation($statements_analyzer->getSource(), $stmt)
2018-01-14 18:09:40 +01:00
),
$statements_analyzer->getSuppressedIssues(),
(bool) $statements_analyzer->getBranchPoint($var_name)
2018-01-14 18:09:40 +01:00
)) {
return false;
}
}
2019-07-02 00:48:33 +02:00
if ($codebase->store_node_types
&& !$context->collect_initializations
&& !$context->collect_mutations
) {
$codebase->analyzer->addNodeReference(
$statements_analyzer->getFilePath(),
$stmt,
$first_appearance->raw_file_start . '-' . $first_appearance->raw_file_end . ':mixed'
);
}
2018-11-11 18:01:14 +01:00
$statements_analyzer->registerVariableUses([$first_appearance->getHash() => $first_appearance]);
2018-01-14 18:09:40 +01:00
}
} else {
$stmt_type = clone $context->vars_in_scope[$var_name];
$statements_analyzer->node_data->setType($stmt, $stmt_type);
if ($stmt_type->possibly_undefined_from_try && !$context->inside_isset) {
if ($context->is_global) {
if (IssueBuffer::accepts(
new PossiblyUndefinedGlobalVariable(
'Possibly undefined global variable ' . $var_name . ' defined in try block',
new CodeLocation($statements_analyzer->getSource(), $stmt),
$var_name
),
$statements_analyzer->getSuppressedIssues()
)) {
// fall through
}
} else {
if (IssueBuffer::accepts(
new PossiblyUndefinedVariable(
'Possibly undefined variable ' . $var_name . ' defined in try block',
new CodeLocation($statements_analyzer->getSource(), $stmt)
),
$statements_analyzer->getSuppressedIssues()
)) {
// fall through
}
}
}
2019-02-24 07:33:25 +01:00
if ($codebase->store_node_types
&& !$context->collect_initializations
&& !$context->collect_mutations
) {
$codebase->analyzer->addNodeType(
2018-11-11 18:01:14 +01:00
$statements_analyzer->getFilePath(),
$stmt,
2020-02-23 23:03:27 +01:00
$stmt_type->getId()
);
}
2019-07-02 00:48:33 +02:00
if ($codebase->store_node_types
&& !$context->collect_initializations
&& !$context->collect_mutations
) {
$first_appearance = $statements_analyzer->getFirstAppearance($var_name);
if ($first_appearance) {
$codebase->analyzer->addNodeReference(
$statements_analyzer->getFilePath(),
$stmt,
$first_appearance->raw_file_start
. '-' . $first_appearance->raw_file_end
. ':' . $stmt_type->getId()
2019-07-02 00:48:33 +02:00
);
}
}
2018-01-14 18:09:40 +01:00
}
2020-05-18 21:13:27 +02:00
return true;
2018-01-14 18:09:40 +01:00
}
2020-05-19 18:56:23 +02:00
2020-06-18 19:45:58 +02:00
private static function taintVariable(
StatementsAnalyzer $statements_analyzer,
string $var_name,
Type\Union $type,
PhpParser\Node\Expr\Variable $stmt
) : void {
$codebase = $statements_analyzer->getCodebase();
if ($codebase->taint
&& $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
) {
if ($var_name === '$_GET'
|| $var_name === '$_POST'
|| $var_name === '$_COOKIE'
|| $var_name === '$_REQUEST'
) {
2020-06-18 19:45:58 +02:00
$taint_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
$server_taint_source = new Source(
$var_name . ':' . $taint_location->file_name . ':' . $taint_location->raw_file_start,
$var_name,
2020-06-19 00:48:19 +02:00
null,
2020-06-18 19:45:58 +02:00
null,
Type\TaintKindGroup::ALL_INPUT
);
$codebase->taint->addSource($server_taint_source);
$type->parent_nodes = [
$server_taint_source
];
}
}
}
2020-05-19 18:56:23 +02:00
public static function isSuperGlobal(string $var_id) : bool
{
return in_array(
$var_id,
self::SUPER_GLOBALS,
true
);
}
public static function getGlobalType(string $var_id) : Type\Union
{
$config = \Psalm\Config::getInstance();
if (isset($config->globals[$var_id])) {
return Type::parseString($config->globals[$var_id]);
}
if ($var_id === '$argv') {
return new Type\Union([
new Type\Atomic\TArray([Type::getInt(), Type::getString()]),
]);
}
if ($var_id === '$argc') {
return Type::getInt();
}
if (self::isSuperGlobal($var_id)) {
$type = Type::getArray();
return $type;
}
return Type::getMixed();
}
2018-01-14 18:09:40 +01:00
}