1
0
mirror of https://github.com/danog/psalm.git synced 2025-01-22 13:51:54 +01:00

12405 Commits

Author SHA1 Message Date
kkmuffme
d3ec894175 use safeFileGetContents in ProjectCacheProvider too 2022-12-07 19:57:52 +01:00
Marco Pivetta
042305107e Always load preloaded stub files when the analysis version is compatible
Before this change, preloaded stubs would only be loaded when running on a PHP version lower than
the one that is in the stubs.

With this change, the analysis PHP version (defined via config, input parameter, or inferred from
the runtime) becomes authoritative.

Since the PHP-version-specific stubs are not just polyfills, but actually type refinements on top
of the PHP core symbols at hand, this change always loads them, so that it is possible to get more
precise type inference downstream.

This will likely lead to downstream breakages, because the stubs do indeed provide better type
resolution, but indeed formalizes the idea that these stubs will provide better value for finding
problems in analyzed code.
2022-12-07 15:48:59 +01:00
Marco Pivetta
30a49633a5 Corrected AttributeTest expectation: ReflectionAttributes always come in a list 2022-12-07 15:44:38 +01:00
Marco Pivetta
ed2cde1b93 Mark Reflection(Method|Property)#setAccessible() as pure starting from PHP 8.1 onwards
This will highlight unused code.

Ref: https://github.com/php/php-src/pull/5412
Ref: https://wiki.php.net/rfc/make-reflection-setaccessible-no-op
Ref: https://github.com/php/php-src/pull/5411

Example https://3v4l.org/PNeeZ

```php
<?php

class Foo {
    private $bar = 'baz';
    private function taz() { return 'waz'; }
}

//var_dump((new ReflectionProperty(Foo::class, 'bar'))->getValue(new Foo));
//var_dump((new ReflectionMethod(Foo::class, 'taz'))->invoke(new Foo));
```

Produces (starting from PHP 8.1):

```
string(3) "baz"
string(3) "waz"
```
2022-12-07 14:22:15 +01:00
kkmuffme
1ee4b4aefa remove file_get_contents that was incorrectly put in v5 2022-12-07 11:47:59 +01:00
Marco Pivetta
93c5df6bfc Refine ReflectionUnionType and ReflectionIntersectionType for PHP 8.1 and PHP 8.2
* in PHP 8.0, `ReflectionUnionType` is composed on `ReflectionNamedType`s
* in PHP 8.1, `ReflectionIntersectionType` is composed of `ReflectionNamedType`s
* in PHP 8.2, `ReflectionUnionType` is composed of `ReflectionIntersectionType|ReflectionNamedType`s

Slight variations for each PHP version.

As per local testing, this doesn't work yet.

## Local testing setup:
I did some digging to make sure that the stubs work as expected.

Here's what I did to validate this patch locally (since I don't think it can really be fully automated)

## Create a dummy file to verify used symbols

```php
<?php

namespace Testing;

/** @return \ReflectionClass<\stdClass> */
function getAClass(): \ReflectionClass { throw new \Exception('irrelevant'); }
function getAnUnionType(): \ReflectionUnionType { throw new \Exception('irrelevant'); }
function getAnIntersectionType(): \ReflectionIntersectionType { throw new \Exception('irrelevant'); }

// verifying that `getName()` is stubbed in all versions: this should always be a `class-string<\stdClass>`
$name = getAClass()->getName();
// union types should appear starting with PHP 8.0. Starting with PHP 8.2, they allow for intersections.
$unionTypes = getAnUnionType()->getTypes();
// intersection types should appear starting with PHP 8.1
$intersectionTypes = getAnIntersectionType()->getTypes();

$results = [$name, $unionTypes, $intersectionTypes];

/** @psalm-trace $results */ // tracing this will show us the differences between versions
return $results;
```

## Run the script against various `vimeo/psalm` versions

```sh
docker run --rm -ti -v $(pwd):/app -w /app php:7.4 ./psalm --php-version=7.4 --no-cache reflection-test.php | grep Trace

docker run --rm -ti -v $(pwd):/app -w /app php:8.0 ./psalm --php-version=8.0 --no-cache reflection-test.php | grep Trace

docker run --rm -ti -v $(pwd):/app -w /app php:8.1 ./psalm --php-version=8.1 --no-cache reflection-test.php | grep Trace

docker run --rm -ti -v $(pwd):/app -w /app php:8.2.0RC7-cli ./psalm --php-version=8.2 --no-cache reflection-test.php | grep Trace

```

## Evaluate output

```
❯ docker run --rm -ti -v $(pwd):/app -w /app php:7.4 ./psalm --php-version=7.4 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, mixed, mixed} (see https://psalm.dev/224)

❯ docker run --rm -ti -v $(pwd):/app -w /app php:8.0 ./psalm --php-version=8.0 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, non-empty-list<ReflectionNamedType>, mixed} (see https://psalm.dev/224)

❯ docker run --rm -ti -v $(pwd):/app -w /app php:8.1 ./psalm --php-version=8.1 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, non-empty-list<ReflectionNamedType>, non-empty-list<ReflectionNamedType>} (see https://psalm.dev/224)

psalm on  feature/#8720-improve-types-and-purity-for-reflection-symbols [!?] via 🐘 v8.1.13 via ❄️  impure (nix-shell) took 4s
❯ docker run --rm -ti -v $(pwd):/app -w /app php:8.2.0RC7-cli ./psalm --php-version=8.2 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, non-empty-list<ReflectionNamedType>, non-empty-list<ReflectionNamedType>} (see https://psalm.dev/224)
```
2022-12-06 18:26:50 +01:00
Marco Pivetta
79a1a8b26c Removed templated parameters from ReflectionClass#isInstance()
These templates were leading to false positives: assuming
an `object` is given as input, the inferred return
type would always have been `true`, which is obviously
not valid.

Removing them is the healthier alternative, for now.

Ref: https://github.com/vimeo/psalm/pull/8722#discussion_r1027102713
2022-12-06 11:21:09 +01:00
Marco Pivetta
d9a0cc5311 Prevent usage of callable objects in ReflectionFunction::__construct()
As per @weirdan's feedback, we can prevent
the usage of `object` instances that
implement `__invoke()`, as well as `array`
callables, by declaring the ctor argument of
`ReflectionFunction` to be either a real `Closure`,
or a `callable-string`.

While this may not be 100% of scenarios, it is a
healthy way to identify errors in userland.

Ref: https://github.com/vimeo/psalm/pull/8722#discussion_r1027151421
2022-12-06 11:19:16 +01:00
Marco Pivetta
d5cccbade2 Marking ReflectionProperty#$name as string rather than non-empty-string
Because @weirdan is a party pooper (they poop at the parties)

Ref: https://www.youtube.com/watch?v=gjwofYhUJEM
Ref: https://github.com/vimeo/psalm/pull/8722#discussion_r1027151708
2022-12-06 11:12:01 +01:00
Marco Pivetta
322cff6f43 Declaring more precise types and purity boundaries on ext-reflection symbols in .phpstub files
Also:

 * added PHP 8.2 stubs
 * refined types to make impossible scenarios more clear (like `ReflectionIntersectionType#allowsNull()`)

This is a first attempt at refining these types: the structure of these stubs is quite confusing to me,
so I don't know if this approach is correct, and if the stubs are merged together, or if entire symbols
need to be completely re-declared for each PHP version.
2022-12-06 11:08:30 +01:00
Bruce Weirdan
4dc969b887
Merge pull request #8848 from mmcev106/urlencode 2022-12-05 21:17:34 -04:00
Mark McEver
9764803c55 Allowed taints to pass through urlencode() 2022-12-05 17:25:36 -06:00
orklah
1cd10c3344
Merge pull request #8837 from vimeo/dependabot/github_actions/fkirc/skip-duplicate-actions-5.3.0
Bump fkirc/skip-duplicate-actions from 4.0.0 to 5.3.0
2022-12-05 10:06:17 +01:00
dependabot[bot]
a30622bfb5
Bump fkirc/skip-duplicate-actions from 4.0.0 to 5.3.0
Bumps [fkirc/skip-duplicate-actions](https://github.com/fkirc/skip-duplicate-actions) from 4.0.0 to 5.3.0.
- [Release notes](https://github.com/fkirc/skip-duplicate-actions/releases)
- [Commits](https://github.com/fkirc/skip-duplicate-actions/compare/v4.0.0...v5.3.0)

---
updated-dependencies:
- dependency-name: fkirc/skip-duplicate-actions
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 07:05:39 +00:00
orklah
d2f7d86aee
Merge pull request #8835 from lptn/8818-extend-impure_functions-by-socket-functions
Extend impure_functions list by socket functions
2022-12-05 00:34:53 +01:00
Alies Lapatsin
4b4b36df7d Extend impure_functions list by socket functions
all of them returns boolean and can be ignored.
This prevents UnusedFunctionCall.
Note, socket errors can be fetched by:
 - socket_strerror
 - socket_last_error
2022-12-05 00:25:19 +01:00
orklah
cc9c67d7ee
Merge pull request #8834 from danog/fix_class_string_unions
Fix parsing of class string of unions
2022-12-04 20:44:41 +01:00
orklah
f3e1a2c0e4 impossible constructor 2022-12-04 20:33:05 +01:00
4c277052e3 Fix parsing of class string of unions 2022-12-04 20:28:53 +01:00
Théo FIDRY
a444f286bb
Integrate FidryCpuCoreCounter 2022-12-04 20:24:18 +01:00
orklah
83ba661135
Merge pull request #8832 from kamil-tekiela/mysqli_execute_query
mysqli_execute_query accepts any type of param
2022-12-04 18:39:25 +01:00
Kamil Tekiela
ace5743c99 mysqli_execute_query accepts any type of param 2022-12-04 17:29:50 +00:00
orklah
16d81aadd1
Merge pull request #8831 from orklah/propertymap
capitalize properties
2022-12-04 17:26:14 +01:00
orklah
5c46c45057 capitalize properties 2022-12-04 17:18:24 +01:00
orklah
929723a133 capitalize properties 2022-12-04 17:10:40 +01:00
orklah
df4d3692ab
Merge pull request #8828 from orklah/generator
fix missing break handling in loop
2022-12-04 16:38:37 +01:00
orklah
496b71d6d8
Merge pull request #8827 from weirdan/improve-source-autodiscovery-failure-message
Improve source autodiscovery failure message
2022-12-04 14:18:33 +01:00
orklah
2490230f1f fix missing break handling in loop 2022-12-04 13:57:59 +01:00
Bruce Weirdan
45bf0d961c
Improve source autodiscovery failure message
The message we emitted previously did not provide any instructions on
how to resolve the issue, leaving users to guess what they need to do.
2022-12-04 04:34:08 -04:00
orklah
4a77f24869
Merge pull request #8825 from othercorey/fix-returns
Fix return types for date functions in callmap
2022-12-04 01:07:33 +01:00
orklah
d409da2be0
Merge pull request #8823 from lptn/more-specific-return-types
Update dictionaries: use more specific boolean types
2022-12-04 01:05:34 +01:00
Corey Taylor
d9b651a126 Fix return types for date functions in callmap 2022-12-03 17:55:29 -06:00
Alies Lapatsin
e0a7df4bad Update dictionaties: use more specific boolean types 2022-12-03 21:28:03 +01:00
Bruce Weirdan
14d48a0dde
Merge pull request #8817 from weirdan/fix-7863
Fixes https://github.com/vimeo/psalm/issues/7863
2022-12-03 01:29:01 -04:00
Bruce Weirdan
a157743140
Prevent crashes on conditional traits
Fixes vimeo/psalm#7863
2022-12-03 01:21:10 -04:00
Bruce Weirdan
e64913c377
Merge pull request #8816 from weirdan/fix-8313
Fixes https://github.com/vimeo/psalm/issues/8313
2022-12-03 01:00:23 -04:00
Bruce Weirdan
4d8af74d92
Don't crash when accessing immutable static property
Fixes vimeo/psalm#8313
2022-12-03 00:51:22 -04:00
Bruce Weirdan
35822f14d9
Merge pull request #8814 from weirdan/fix-8377
Fixes https://github.com/vimeo/psalm/issues/8377
2022-12-02 23:38:57 -04:00
Bruce Weirdan
7364988934
Fix crash when using phantom methods as first-class callable
Fixes vimeo/psalm#8377
2022-12-02 23:28:22 -04:00
Bruce Weirdan
4defa177c8
Merge pull request #8774 from bdsl/report-by-issue-type-severity 2022-12-01 21:23:35 -04:00
Barney Laurance
1dbdf7882c Code style fix 2022-12-02 00:40:01 +00:00
Barney Laurance
ad57727593 Sort issue by position in codebase in ByIssueLevelAndTypeReport if level & type equal
PHP sorting only became stable in 8.0. For previous versions we would
still like duplicate issues to be sorted into a logical order.
2022-12-02 00:27:51 +00:00
Barney Laurance
a29f65ecfe Fix too lax function visibility in test 2022-12-02 00:24:44 +00:00
Barney Laurance
6693421379 Code style fix 2022-12-02 00:24:05 +00:00
Barney Laurance
54239838fe Fix error in ByIssueLvelAndTypeReport heading 2022-12-02 00:17:27 +00:00
Barney Laurance
699ee344d4 Indent heredoc in test 2022-12-02 00:14:43 +00:00
Barney Laurance
d6c7c86362 Remove unecassary subheadings in error levels documentation 2022-12-02 00:07:37 +00:00
Barney Laurance
cd18cdc554 Re-order list of errors in docs
I think it makes more sense to have the errors that almost always appear
(level 7 errors) next to the errors that always appear, instead of
the level 1, least likely to appear errors being next to the ones that
always appear.

This also makes the order more similar to that output by the new
--by-issue-level format report.

Some time it might be nice to see if there's a way to auto generate most
of this docs page from the actual issue class definitions, or have
a test that checks the list of issues for each level is accurate and
complete.
2022-12-02 00:04:43 +00:00
Barney Laurance
9e63bf6a4d Minor code edits in ByIssueLevelAndType 2022-12-02 00:04:43 +00:00
Bruce Weirdan
c1d2e5618a
Set vimeo/psalm version explicitly 2022-12-01 19:59:51 -04:00