1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-14 18:36:58 +01:00
Commit Graph

12702 Commits

Author SHA1 Message Date
dependabot[bot]
478422e010
Bump mheap/github-action-required-labels from 2 to 3
Bumps [mheap/github-action-required-labels](https://github.com/mheap/github-action-required-labels) from 2 to 3.
- [Release notes](https://github.com/mheap/github-action-required-labels/releases)
- [Commits](https://github.com/mheap/github-action-required-labels/compare/v2...v3)

---
updated-dependencies:
- dependency-name: mheap/github-action-required-labels
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-02 07:04:00 +00:00
orklah
e81823e193
Merge pull request #9035 from othercorey/iterator-returns
Fix iterator and exception callmaps
2023-01-01 11:22:39 +01:00
Corey Taylor
e779c5f741 Fix iterator and exception callmaps 2022-12-31 11:34:48 -06:00
orklah
ef1264bd46
Merge pull request #9030 from kkmuffme/psalm-scope-this-doesnt-work-with-FQCN-leading-backslash
fix @psalm-scope-this not working with FQCN with leading backslash
2022-12-31 12:08:20 +01:00
kkmuffme
82f71a7ccb add test 2022-12-31 00:18:08 +01:00
orklah
01078766bb
Merge pull request #9033 from danog/misc_fixes
Fix remaining markdown issues
2022-12-30 22:59:52 +01:00
0f7eed0dca fixes 2022-12-30 21:51:27 +01:00
9b4857a606 Fix 2022-12-30 21:48:28 +01:00
2a7043a7fb Fix remaining markdown header 2022-12-30 21:46:54 +01:00
orklah
406946d4c4
Merge pull request #9031 from danog/misc_fixes
Misc fixes
2022-12-30 21:28:11 +01:00
4b00095b31 cs-fix 2022-12-30 21:06:03 +01:00
9684be9d73 More markdown fixes 2022-12-30 21:02:59 +01:00
0b67844420 Improve variable naming and improve docs 2022-12-30 21:00:38 +01:00
kkmuffme
fcf42840f3 fix @psalm-scope-this not working with FQCN with leading backslash 2022-12-30 18:30:31 +01:00
orklah
6353143eaf
Merge pull request #9021 from orklah/nonempty-reconcile
Non empty reconciliation
2022-12-29 22:35:12 +01:00
orklah
2efa6aefac
Merge pull request #9025 from kkmuffme/fix-method-phpdoc-errors-reported-for-stubs-instead-of-files
fixes return type issues of methods reported for the wrong file
2022-12-29 20:13:38 +01:00
orklah
5a6e8cb8e7
Merge pull request #9023 from kkmuffme/fix-union-never-wrong-return-type
Fix never return union type wrong condition
2022-12-29 20:11:38 +01:00
orklah
0101a9f483
Merge pull request #9024 from kkmuffme/fix-never-method-calls
fix never return for MethodCalls
2022-12-29 20:11:10 +01:00
kkmuffme
9130ee2614 fixes return type issues of methods reported for the wrong file
fixes return type issues of methods reported for the wrong file

Fix #8457

See https://github.com/vimeo/psalm/pull/8503 which fixed this issue for functions
2022-12-29 18:55:15 +01:00
kkmuffme
ac8f892d13 Fix never return union type wrong condition
Fix never return union type wrong condition

Related https://github.com/vimeo/psalm/pull/8624
2022-12-29 18:50:58 +01:00
kkmuffme
efc87277d1 fix never return for MethodCalls
Related:
https://github.com/vimeo/psalm/pull/8902 https://github.com/vimeo/psalm/pull/8624
2022-12-29 18:49:58 +01:00
orklah
5bfb87c624
Merge pull request #9022 from Ocramius/fix/#8983-allow-large-union-types-in-array-type-inference
Better type inference and type checking for large union types used in array keys/values
2022-12-29 10:48:05 +01:00
orklah
790c30959d
Merge pull request #9016 from Ocramius/feature/#5039-more-refined-types-for-explode-core-function
Refined `explode()` types
2022-12-29 10:23:18 +01:00
Marco Pivetta
e6600fea21 Better type inference and type checking for large union types used in array keys/values
Fixes #8983

This patch adds a basic test showing that, when reaching a union type with 30 elements
or more, Psalm used to fail with an error, because the large union type got simplified
into a more general type as part of performance optimizations done in `TypeCombiner::combine()`.

This means that a type like `array<1|2|3|(etcetera...)|100, mixed>` was internally
simplified to `array<int, mixed>`, after reaching 30 elements or more, which in turn
led to problems and confusing errors when large union types are in play.

Such union types are relatively common in lookup-table-alike value objects.

By removing the hardcoded call-time limit of `30` types to be combined, we hereby
rely on the default `TypeCombiner::combine()` limit of `500` items, which is more
healthy.

This may come with some performance implications, but it is worth trying out, for
now.

Further parameters passed to `TypeCombiner::combine()` that were already matching
parameter default values were also omitted from the call-sites.
2022-12-29 10:05:23 +01:00
orklah
907729d83a remove useless imports 2022-12-29 01:00:06 +01:00
orklah
ee98fac581 use Atomic to create the types 2022-12-29 00:51:09 +01:00
orklah
5a002c448b fix non-empty reconciliation 2022-12-29 00:49:31 +01:00
orklah
9770e113c3
Merge pull request #9020 from orklah/isContainedbug
Is containedbug
2022-12-28 23:46:38 +01:00
orklah
a290729087 fix test 2022-12-28 23:33:28 +01:00
orklah
a8fd349e07 fix #7809 2022-12-28 23:29:33 +01:00
orklah
94f9d48bca
Merge pull request #9019 from mmcev106/prevent-erroneous-escapes
Prevent DB escaping functions from affecting non-sql taints
2022-12-28 21:32:12 +01:00
Mark McEver
53c3f1ebb3 Prevent other DB escaping functions from escaping non-sql taints 2022-12-28 14:19:01 -06:00
orklah
435acb823c
Merge pull request #9018 from orklah/TClosure
create proper TClosure instead of TNamedObject with a Closure value
2022-12-28 20:53:52 +01:00
orklah
a0a9d979d5 remove useless import 2022-12-28 20:47:50 +01:00
orklah
fa4891ce58 create proper TClosure instead of TNamedObject with a Closure value 2022-12-28 20:42:59 +01:00
Mark McEver
69f31dcd4a Prevent mysqli escaping functions from escaping non-sql taints 2022-12-28 13:39:01 -06:00
orklah
1bd0644124
Merge pull request #9017 from orklah/isnotaclass
Add getAtomicType to IsNotAClass for proper negation Reconciliation
2022-12-28 19:22:48 +01:00
orklah
58853c00f8 add test 2022-12-28 19:13:03 +01:00
orklah
e52664deea Add getAtomicType for IsNotAClass for proper negation Reconciliation 2022-12-28 19:04:23 +01:00
Marco Pivetta
45f743f851 Adjusted assertDifferentTypeOfArray test to avoid intersecting incompatible string arrays
Getting one interesting failure caused by the `lowercase-string` refinement done before:

```
  There was 1 error:

  1) Psalm\Tests\AssertAnnotationTest::testValidCode with data set "assertDifferentTypeOfArray" ('<?php\n                    /*...ts[1];')
  Psalm\Exception\CodeException: DocblockTypeContradiction - src/somefile.php:21:21 - Cannot resolve types for $parts - docblock-defined type list{0: lowercase-string, 1?: lowercase-string} does not contain list{string, string}
```

Happens on this bit:

```php
           'assertDifferentTypeOfArray' => [
                'code' => '<?php
                    /**
                     * @psalm-assert list{string, string} $value
                     * @param mixed $value
                     */
                    function isStringTuple($value): void {
                        if (!is_array($value)
                            || !isset($value[0])
                            || !isset($value[1])
                            || !is_string($value[0])
                            || !is_string($value[1])
                        ) {
                            throw new \Exception("bad");
                        }
                    }

                    $s = "";

                    $parts = explode(":", $s, 2);

                    isStringTuple($parts);

                    echo $parts[0];
                    echo $parts[1];',
            ],
```

If I change this to:

```
@psalm-assert list{lowercase-string, lowercase-string} $value
```

Then everything works: I'm wondering if this error has to do with array intersections, and whether suppressing it suffices.

For now, changing the input string, so it is not a `lowercase-string`, is sufficient.
2022-12-28 17:57:33 +01:00
Marco Pivetta
c0c0116809 Using list{0: string, 1?: string} syntax for more precise array key types
Thanks to @orklah's feedback, the `explode()` return type is now much more precise too.

Ref: https://github.com/vimeo/psalm/pull/9016#discussion_r1058458616
2022-12-28 17:48:33 +01:00
Marco Pivetta
6341d7fef0 Adjusted existing tests to the new signature of explode()
Note how the signature became `array{0: string, 1?: string, 2?: string, array<int, string>}`,
which may be a side-effect of unions between a defined hashmap structure with array
keys, and `list<string>`.
2022-12-28 17:39:06 +01:00
Marco Pivetta
bfded43614 Ensure that explode($d, lowercase-string) produces list<lowercase-string> types
This specific distinction seems to be very important for Psalm, as `explode()` and
`lowercase-string` are used aggressively across the codebase.

Also, this change expands the baseline by a few entries, since some of the code locations
instide Psalm itself have un-checked list destructuring operations, as well as array
access calls on potentially undefined array keys produced by `explode()`, which were
previously just `list<string>`, and are now `array{0: string, 1?: string}`, which is
a bit more precise.
2022-12-28 17:26:25 +01:00
Marco Pivetta
04999b172a Refined explode() types
Fixes #5039

This patch removes the need for a custom function return type
provider for `explode()`, and instead replaces all that with a single
stub for the `explode()` function, which provides types for some of
the most common `$limit` input values.

With this change, the `$delimiter` is enforced to be a `non-empty-string`,
which will lead to downstream consumers having to adjust some code accordingly,
but that shouldn't affect the most common scenario of exploding a string
based with a constant `literal-string` delimiter, which most PHP devs tend to do.

This change didn't come with an accompanying test, since that would be a bit
wasteful, but it was verified locally with following script:

```php
<?php

$possible0  = explode(',', 'hello, world', -100);
$possible1  = explode(',', 'hello, world', -1);
$possible2  = explode(',', 'hello, world', 0);
$possible3  = explode(',', 'hello, world', 1);
$possible4  = explode(',', 'hello, world', 2);
$possible5  = explode(',', 'hello, world', 3);
$possible6  = explode(',', 'hello, world', 4);
try {
    $impossible1 = explode('', '', -1);
} catch (Throwable $impossible1) {}

$traced = [$possible0, $possible1, $possible2, $possible3, $possible4, $possible5, $possible6, $impossible1];

/** @psalm-trace $traced */

var_dump($traced);

return $traced;
```

Running psalm locally, this produces:

```
psalm on  feature/#5039-more-refined-types-for-explode-core-function [?] via 🐘 v8.1.13 via ❄️  impure (nix-shell)
❯ ./psalm --no-cache explode.php
Target PHP version: 7.4 (inferred from composer.json) Extensions enabled: dom, simplexml (unsupported extensions: ctype, json, libxml, mbstring, tokenizer)
Scanning files...
Analyzing files...

░

To whom it may concern: Psalm cannot detect unused classes, methods and properties
when analyzing individual files and folders. Run on the full project to enable
complete unused code detection.

ERROR: InvalidArgument - explode.php:11:28 - Argument 1 of explode expects non-empty-string, but '' provided (see https://psalm.dev/004)
    $impossible1 = explode('', '', -1);

ERROR: PossiblyUndefinedGlobalVariable - explode.php:14:96 - Possibly undefined global variable $impossible1 defined in try block (see https://psalm.dev/126)
$traced = [$possible0, $possible1, $possible2, $possible3, $possible4, $possible5, $possible6, $impossible1];

ERROR: ForbiddenCode - explode.php:18:1 - Unsafe var_dump (see https://psalm.dev/002)
/** @psalm-trace $traced */

var_dump($traced);

ERROR: Trace - explode.php:18:1 - $traced: list{0: array<never, never>, 1: non-empty-list<string>, 2: list{string}, 3: list{string}, 4: array{0: string, 1?: string}, 5: array{0: string, 1?: string, 2?: string}, 6: non-empty-list<string>, 7?: Throwable|non-empty-list<string>} (see https://psalm.dev/224)
/** @psalm-trace $traced */

var_dump($traced);

------------------------------
4 errors found
------------------------------

Checks took 6.31 seconds and used 265.386MB of memory
Psalm was unable to infer types in the codebase
```

The actual runtime behavior on PHP 8.x: https://3v4l.org/0NKlW

```
array(8) {
  [0]=>
  array(0) {
  }
  [1]=>
  array(1) {
    [0]=>
    string(5) "hello"
  }
  [2]=>
  array(1) {
    [0]=>
    string(12) "hello, world"
  }
  [3]=>
  array(1) {
    [0]=>
    string(12) "hello, world"
  }
  [4]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [5]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [6]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [7]=>
  object(ValueError)#1 (7) {
    ["message":protected]=>
    string(51) "explode(): Argument #1 ($separator) cannot be empty"
    ["string":"Error":private]=>
    string(0) ""
    ["code":protected]=>
    int(0)
    ["file":protected]=>
    string(9) "/in/0NKlW"
    ["line":protected]=>
    int(11)
    ["trace":"Error":private]=>
    array(1) {
      [0]=>
      array(4) {
        ["file"]=>
        string(9) "/in/0NKlW"
        ["line"]=>
        int(11)
        ["function"]=>
        string(7) "explode"
        ["args"]=>
        array(3) {
          [0]=>
          string(0) ""
          [1]=>
          string(0) ""
          [2]=>
          int(-1)
        }
      }
    }
    ["previous":"Error":private]=>
    NULL
  }
}
```

On PHP 7:

```
Warning: explode(): Empty delimiter in /in/0NKlW on line 11
array(8) {
  [0]=>
  array(0) {
  }
  [1]=>
  array(1) {
    [0]=>
    string(5) "hello"
  }
  [2]=>
  array(1) {
    [0]=>
    string(12) "hello, world"
  }
  [3]=>
  array(1) {
    [0]=>
    string(12) "hello, world"
  }
  [4]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [5]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [6]=>
  array(2) {
    [0]=>
    string(5) "hello"
    [1]=>
    string(6) " world"
  }
  [7]=>
  bool(false)
}
```
2022-12-28 17:11:40 +01:00
orklah
7b8b44ca21
Merge pull request #9014 from theodorejb/patch-1
Fix PHPCS trailing comma
2022-12-28 16:55:51 +01:00
Theodore Brown
e4b0343f76
Fix PHPCS trailing comma 2022-12-28 09:35:34 -06:00
orklah
dbcfe62c52
Merge pull request #8987 from jack-worman/Always_check_unused_methods_and_properties
Add @psalm-api annotation
2022-12-28 15:20:48 +01:00
orklah
d338b00cb7
Merge pull request #8999 from VincentLanglet/union
Preserve from_docblock in TypeCombiner
2022-12-28 10:08:12 +01:00
Vincent Langlet
a263e5d42c Simplify 2022-12-28 09:30:41 +01:00
orklah
41ae518800
Merge pull request #9001 from fluffycondor/http_response_header-non-empty-list
Make `$http_response_header` a non-empty-list
2022-12-28 00:27:30 +01:00