Merge pull request #6376 from orklah/use-variable-in-backtick

2025-01-22 05:41:20 +01:00 · 2021-08-29 04:39:13 +03:00 · 2021-08-29 04:39:13 +03:00 · 624246b996
commit 624246b996
parent b4f4c94f77 27b6d5ad3b
3 changed files with 35 additions and 0 deletions
--- a/dictionaries/PropertyMap.php
+++ b/dictionaries/PropertyMap.php
@ -517,6 +517,9 @@ return [
    'phpparser\\node\\matcharm' => [
        'conds' => 'null|non-empty-list<PhpParser\Node\Expr>',
    ],
+    'phpparser\\node\\expr\\shellexec' => [
+        'parts' => 'list<PhpParser\Node>',
+    ],
    'rdkafka\\message' => [
        'err' => 'int',
        'topic_name' => 'string',
--- a/src/Psalm/Internal/Analyzer/Statements/ExpressionAnalyzer.php
+++ b/src/Psalm/Internal/Analyzer/Statements/ExpressionAnalyzer.php
@ -11,6 +11,8 @@ use Psalm\Internal\Analyzer\Statements\Expression\Call\MethodCallAnalyzer;
 use Psalm\Internal\Analyzer\Statements\Expression\Call\NewAnalyzer;
 use Psalm\Internal\Analyzer\Statements\Expression\Call\StaticCallAnalyzer;
 use Psalm\Internal\Analyzer\StatementsAnalyzer;
+use Psalm\Internal\Codebase\VariableUseGraph;
+use Psalm\Internal\DataFlow\DataFlowNode;
 use Psalm\Internal\FileManipulation\FileManipulationBuffer;
 use Psalm\Issue\ForbiddenCode;
 use Psalm\Issue\UnrecognizedExpression;
@ -340,6 +342,29 @@ class ExpressionAnalyzer
        }

        if ($stmt instanceof PhpParser\Node\Expr\ShellExec) {
+            if ($statements_analyzer->data_flow_graph instanceof VariableUseGraph) {
+                foreach ($stmt->parts as $part) {
+                    if ($part instanceof PhpParser\Node\Expr\Variable) {
+                        if (self::analyze($statements_analyzer, $part, $context) === false) {
+                            break;
+                        }
+
+                        $expr_type = $statements_analyzer->node_data->getType($part);
+                        if ($expr_type === null) {
+                            break;
+                        }
+
+                        foreach ($expr_type->parent_nodes as $parent_node) {
+                            $statements_analyzer->data_flow_graph->addPath(
+                                $parent_node,
+                                new DataFlowNode('variable-use', 'variable use', null),
+                                'variable-use'
+                            );
+                        }
+                    }
+                }
+            }
+
            if (IssueBuffer::accepts(
                new ForbiddenCode(
                    'Use of shell_exec',
--- a/tests/UnusedCodeTest.php
+++ b/tests/UnusedCodeTest.php
@ -1049,6 +1049,13 @@ class UnusedCodeTest extends TestCase
                    }
                ',
            ],
+            'variableUsedInBacktick' => [
+                '<?php
+                    $used = "echo";
+                    /** @psalm-suppress ForbiddenCode */
+                    `$used`;
+                ',
+            ],
        ];
    }