1
0
mirror of https://github.com/danog/psalm.git synced 2025-01-10 06:58:41 +01:00
psalm/src/Psalm/Internal/Analyzer/Statements/Expression/EvalAnalyzer.php

85 lines
2.8 KiB
PHP
Raw Normal View History

2020-05-23 06:03:29 +02:00
<?php
namespace Psalm\Internal\Analyzer\Statements\Expression;
use PhpParser;
2021-06-08 04:55:21 +02:00
use Psalm\CodeLocation;
use Psalm\Context;
2020-05-23 06:03:29 +02:00
use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
use Psalm\Internal\Analyzer\StatementsAnalyzer;
use Psalm\Internal\Codebase\TaintFlowGraph;
2021-06-08 04:55:21 +02:00
use Psalm\Internal\DataFlow\TaintSink;
use Psalm\Issue\ForbiddenCode;
use Psalm\IssueBuffer;
use Psalm\Plugin\EventHandler\Event\AddRemoveTaintsEvent;
2021-12-03 20:11:20 +01:00
use Psalm\Type\TaintKind;
2020-05-23 06:03:29 +02:00
2021-12-03 21:07:25 +01:00
use function in_array;
2020-05-23 06:03:29 +02:00
/**
* @internal
*/
class EvalAnalyzer
{
public static function analyze(
StatementsAnalyzer $statements_analyzer,
PhpParser\Node\Expr\Eval_ $stmt,
2020-05-23 06:08:16 +02:00
Context $context
): void {
2020-05-23 06:03:29 +02:00
ExpressionAnalyzer::analyze($statements_analyzer, $stmt->expr, $context);
$codebase = $statements_analyzer->getCodebase();
2020-05-23 06:03:29 +02:00
$expr_type = $statements_analyzer->node_data->getType($stmt->expr);
if ($expr_type) {
if ($statements_analyzer->data_flow_graph instanceof TaintFlowGraph
2020-05-26 05:28:11 +02:00
&& $expr_type->parent_nodes
2021-12-03 21:07:25 +01:00
&& !in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
2020-05-26 05:28:11 +02:00
) {
2020-05-23 06:03:29 +02:00
$arg_location = new CodeLocation($statements_analyzer->getSource(), $stmt->expr);
$eval_param_sink = TaintSink::getForMethodArgument(
2020-05-23 06:03:29 +02:00
'eval',
'eval',
0,
$arg_location,
$arg_location
);
2021-12-03 20:11:20 +01:00
$eval_param_sink->taints = [TaintKind::INPUT_EVAL];
2020-05-23 06:03:29 +02:00
$statements_analyzer->data_flow_graph->addSink($eval_param_sink);
2020-05-23 06:03:29 +02:00
$codebase = $statements_analyzer->getCodebase();
$event = new AddRemoveTaintsEvent($stmt, $context, $statements_analyzer, $codebase);
$added_taints = $codebase->config->eventDispatcher->dispatchAddTaints($event);
$removed_taints = $codebase->config->eventDispatcher->dispatchRemoveTaints($event);
2020-05-23 06:03:29 +02:00
foreach ($expr_type->parent_nodes as $parent_node) {
$statements_analyzer->data_flow_graph->addPath(
$parent_node,
$eval_param_sink,
'arg',
$added_taints,
$removed_taints
);
2020-05-23 06:03:29 +02:00
}
}
}
if (isset($codebase->config->forbidden_functions['eval'])) {
IssueBuffer::maybeAdd(
new ForbiddenCode(
'You have forbidden the use of eval',
new CodeLocation($statements_analyzer, $stmt)
),
$statements_analyzer->getSuppressedIssues()
);
}
2020-05-23 06:03:29 +02:00
$context->check_classes = false;
$context->check_variables = false;
}
}