1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-15 10:57:08 +01:00
psalm/src/Psalm/Internal/Analyzer/Statements/EchoAnalyzer.php

137 lines
4.6 KiB
PHP
Raw Normal View History

2020-05-19 18:56:23 +02:00
<?php
namespace Psalm\Internal\Analyzer\Statements;
use PhpParser;
2021-06-08 04:55:21 +02:00
use Psalm\CodeLocation;
use Psalm\Context;
2020-05-19 18:56:23 +02:00
use Psalm\Internal\Analyzer\Statements\Expression\Call\ArgumentAnalyzer;
use Psalm\Internal\Analyzer\Statements\Expression\CastAnalyzer;
2020-05-19 18:56:23 +02:00
use Psalm\Internal\Analyzer\StatementsAnalyzer;
use Psalm\Internal\Codebase\TaintFlowGraph;
2021-06-08 04:55:21 +02:00
use Psalm\Internal\DataFlow\TaintSink;
2020-05-19 18:56:23 +02:00
use Psalm\Issue\ForbiddenCode;
use Psalm\Issue\ForbiddenEcho;
use Psalm\Issue\ImpureFunctionCall;
use Psalm\IssueBuffer;
use Psalm\Storage\FunctionLikeParameter;
use Psalm\Type;
class EchoAnalyzer
{
public static function analyze(
StatementsAnalyzer $statements_analyzer,
PhpParser\Node\Stmt\Echo_ $stmt,
Context $context
) : bool {
$echo_param = new FunctionLikeParameter(
'var',
false
);
2020-05-22 04:47:58 +02:00
$codebase = $statements_analyzer->getCodebase();
2020-05-19 18:56:23 +02:00
foreach ($stmt->exprs as $i => $expr) {
$context->inside_call = true;
ExpressionAnalyzer::analyze($statements_analyzer, $expr, $context);
$context->inside_call = false;
2020-11-08 16:18:32 +01:00
$expr_type = $statements_analyzer->node_data->getType($expr);
if ($statements_analyzer->data_flow_graph instanceof TaintFlowGraph) {
if ($expr_type) {
$expr_type = CastAnalyzer::castStringAttempt(
$statements_analyzer,
$context,
$expr_type,
$expr,
false
);
}
2020-05-22 04:47:58 +02:00
$call_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
$echo_param_sink = TaintSink::getForMethodArgument(
2020-05-22 04:47:58 +02:00
'echo',
'echo',
(int) $i,
2020-06-22 08:10:03 +02:00
null,
2020-05-22 04:47:58 +02:00
$call_location
);
$echo_param_sink->taints = [
Type\TaintKind::INPUT_HTML,
Type\TaintKind::INPUT_HAS_QUOTES,
Type\TaintKind::USER_SECRET,
Type\TaintKind::SYSTEM_SECRET
2020-05-22 04:47:58 +02:00
];
$statements_analyzer->data_flow_graph->addSink($echo_param_sink);
2020-05-22 04:47:58 +02:00
}
if (ArgumentAnalyzer::verifyType(
$statements_analyzer,
$expr_type ?: Type::getMixed(),
Type::getString(),
null,
'echo',
null,
(int)$i,
new CodeLocation($statements_analyzer->getSource(), $expr),
$expr,
$context,
$echo_param,
false,
null,
true,
true,
new CodeLocation($statements_analyzer, $stmt)
) === false) {
return false;
2020-05-19 18:56:23 +02:00
}
}
if ($codebase->config->forbid_echo) {
if (IssueBuffer::accepts(
new ForbiddenEcho(
'Use of echo',
new CodeLocation($statements_analyzer, $stmt)
),
$statements_analyzer->getSource()->getSuppressedIssues()
)) {
return false;
}
} elseif (isset($codebase->config->forbidden_functions['echo'])) {
if (IssueBuffer::accepts(
new ForbiddenCode(
'Use of echo',
new CodeLocation($statements_analyzer, $stmt)
),
$statements_analyzer->getSource()->getSuppressedIssues()
)) {
// continue
}
}
if (!$context->collect_initializations && !$context->collect_mutations) {
if ($context->mutation_free || $context->external_mutation_free) {
if (IssueBuffer::accepts(
new ImpureFunctionCall(
'Cannot call echo from a mutation-free context',
new CodeLocation($statements_analyzer, $stmt)
),
$statements_analyzer->getSuppressedIssues()
)) {
// fall through
}
} elseif ($statements_analyzer->getSource() instanceof \Psalm\Internal\Analyzer\FunctionLikeAnalyzer
&& $statements_analyzer->getSource()->track_mutations
) {
$statements_analyzer->getSource()->inferred_has_mutation = true;
$statements_analyzer->getSource()->inferred_impure = true;
2020-05-19 18:56:23 +02:00
}
}
return true;
}
}