1
0
mirror of https://github.com/danog/psalm.git synced 2025-01-08 05:58:38 +01:00
Commit Graph

14095 Commits

Author SHA1 Message Date
Bruce Weirdan
af549fa78a
Merge pull request #8854 from kkmuffme/fix-unsafe-file_get_contents 2022-12-09 23:20:10 -04:00
Bruce Weirdan
2a45f18e07
Merge pull request #8870 from lptn/add-missing-sodium-functions 2022-12-09 22:10:30 -04:00
Bruce Weirdan
1750ec1b8a
Merge pull request #8876 from weirdan/fix-8873
Fixes https://github.com/vimeo/psalm/issues/8873
2022-12-09 22:08:27 -04:00
Bruce Weirdan
d19759cc23
Suppress irrelevant Psalm issue
We're not defining this property to use it, we're defining it to
suppress PHP deprecation warning
2022-12-09 21:57:03 -04:00
Bruce Weirdan
94003a3885
Fixed dynamic property on LanguageServer
Fixes vimeo/psalm#8873
2022-12-09 21:50:10 -04:00
Alies Lapatsin
0afe0d54f2 Merge branch 'master' into add-missing-sodium-functions
# Conflicts:
#	dictionaries/CallMap_82_delta.php
2022-12-10 01:47:55 +01:00
Bruce Weirdan
16cdeb9e2c
Merge pull request #8875 from weirdan/fix-8872
Fixes https://github.com/vimeo/psalm/issues/8872
2022-12-09 20:25:28 -04:00
Bruce Weirdan
a4ff9eb204
Allow true in native types
Fixes vimeo/psalm#8872

For `null` and `false`, we already allowed them even as standalone
types, even though PHP before 8.2 only allowed them as part of a union.
2022-12-09 20:17:09 -04:00
Bruce Weirdan
a568b087a2
Merge pull request #8871 from lptn/libxml_get_external_entity_loader 2022-12-09 19:26:44 -04:00
Bruce Weirdan
0a2cfc62cf
Merge pull request #8869 from lptn/add-new-ZipArchive-methods 2022-12-09 19:21:33 -04:00
Alies Lapatsin
1d26ae6d38
Merge branch 'master' into libxml_get_external_entity_loader 2022-12-09 14:02:52 +03:00
Alies Lapatsin
aced00313b Add array shape for libxml_*et_external_entity_loader functions 2022-12-09 12:02:03 +01:00
Alies Lapatsin
1cbf45025c Add libxml_get_external_entity_loader to CallMap (PHP 8.2)
https://www.php.net/manual/en/function.libxml-get-external-entity-loader.php
2022-12-09 11:35:30 +01:00
Alies Lapatsin
ce3be3b6f5 Add some missing sodium functions to CallMap 2022-12-09 11:04:36 +01:00
Alies Lapatsin
676e120b49 Add missing ZipArchive method to CallMap (PHP 8.2) 2022-12-09 10:07:59 +01:00
orklah
e4b64af599
Merge pull request #8861 from VincentLanglet/count
Precise count range
2022-12-09 00:41:00 +01:00
Bruce Weirdan
18011eb232
Merge pull request #8864 from jrcii/patch-1 2022-12-08 16:38:02 -04:00
John Cornell
153f8224d1
Fixed typo 2022-12-08 14:42:56 -05:00
Marco Pivetta
68d88c546b Load PHP-version-specific stubs based on analysis PHP version, and only when visiting stub files
While `visitPreloadedStubFiles` seemed to work at first, it led to overriding symbols declared by
PHP itself too eagerly.

By only loading PHP-version-specific stubs in `visitStubFiles`, we ensure that the reflection-declared
symbols take priority, and that our stubs overlay on top of that, without actually replacing the
symbol entirely, but rather merging with its definition.

This fixes current test failures too, and works with the code examples
from https://github.com/vimeo/psalm/pull/8722#issuecomment-1339711882
2022-12-08 18:22:51 +01:00
Vincent Langlet
f6051bc417 Precise count range 2022-12-08 16:44:10 +01:00
Théo FIDRY
5d2b739a4e
Fix CS 2022-12-08 12:27:11 +01:00
Théo FIDRY
ba40e34947
Update to stable 2022-12-08 12:17:26 +01:00
Théo FIDRY
cfa570eba2
Merge remote-tracking branch 'upstream/master' into feature/cpu-counter 2022-12-08 12:15:09 +01:00
kkmuffme
d3ec894175 use safeFileGetContents in ProjectCacheProvider too 2022-12-07 19:57:52 +01:00
Marco Pivetta
042305107e Always load preloaded stub files when the analysis version is compatible
Before this change, preloaded stubs would only be loaded when running on a PHP version lower than
the one that is in the stubs.

With this change, the analysis PHP version (defined via config, input parameter, or inferred from
the runtime) becomes authoritative.

Since the PHP-version-specific stubs are not just polyfills, but actually type refinements on top
of the PHP core symbols at hand, this change always loads them, so that it is possible to get more
precise type inference downstream.

This will likely lead to downstream breakages, because the stubs do indeed provide better type
resolution, but indeed formalizes the idea that these stubs will provide better value for finding
problems in analyzed code.
2022-12-07 15:48:59 +01:00
Marco Pivetta
30a49633a5 Corrected AttributeTest expectation: ReflectionAttributes always come in a list 2022-12-07 15:44:38 +01:00
Marco Pivetta
ed2cde1b93 Mark Reflection(Method|Property)#setAccessible() as pure starting from PHP 8.1 onwards
This will highlight unused code.

Ref: https://github.com/php/php-src/pull/5412
Ref: https://wiki.php.net/rfc/make-reflection-setaccessible-no-op
Ref: https://github.com/php/php-src/pull/5411

Example https://3v4l.org/PNeeZ

```php
<?php

class Foo {
    private $bar = 'baz';
    private function taz() { return 'waz'; }
}

//var_dump((new ReflectionProperty(Foo::class, 'bar'))->getValue(new Foo));
//var_dump((new ReflectionMethod(Foo::class, 'taz'))->invoke(new Foo));
```

Produces (starting from PHP 8.1):

```
string(3) "baz"
string(3) "waz"
```
2022-12-07 14:22:15 +01:00
kkmuffme
1ee4b4aefa remove file_get_contents that was incorrectly put in v5 2022-12-07 11:47:59 +01:00
Marco Pivetta
93c5df6bfc Refine ReflectionUnionType and ReflectionIntersectionType for PHP 8.1 and PHP 8.2
* in PHP 8.0, `ReflectionUnionType` is composed on `ReflectionNamedType`s
* in PHP 8.1, `ReflectionIntersectionType` is composed of `ReflectionNamedType`s
* in PHP 8.2, `ReflectionUnionType` is composed of `ReflectionIntersectionType|ReflectionNamedType`s

Slight variations for each PHP version.

As per local testing, this doesn't work yet.

## Local testing setup:
I did some digging to make sure that the stubs work as expected.

Here's what I did to validate this patch locally (since I don't think it can really be fully automated)

## Create a dummy file to verify used symbols

```php
<?php

namespace Testing;

/** @return \ReflectionClass<\stdClass> */
function getAClass(): \ReflectionClass { throw new \Exception('irrelevant'); }
function getAnUnionType(): \ReflectionUnionType { throw new \Exception('irrelevant'); }
function getAnIntersectionType(): \ReflectionIntersectionType { throw new \Exception('irrelevant'); }

// verifying that `getName()` is stubbed in all versions: this should always be a `class-string<\stdClass>`
$name = getAClass()->getName();
// union types should appear starting with PHP 8.0. Starting with PHP 8.2, they allow for intersections.
$unionTypes = getAnUnionType()->getTypes();
// intersection types should appear starting with PHP 8.1
$intersectionTypes = getAnIntersectionType()->getTypes();

$results = [$name, $unionTypes, $intersectionTypes];

/** @psalm-trace $results */ // tracing this will show us the differences between versions
return $results;
```

## Run the script against various `vimeo/psalm` versions

```sh
docker run --rm -ti -v $(pwd):/app -w /app php:7.4 ./psalm --php-version=7.4 --no-cache reflection-test.php | grep Trace

docker run --rm -ti -v $(pwd):/app -w /app php:8.0 ./psalm --php-version=8.0 --no-cache reflection-test.php | grep Trace

docker run --rm -ti -v $(pwd):/app -w /app php:8.1 ./psalm --php-version=8.1 --no-cache reflection-test.php | grep Trace

docker run --rm -ti -v $(pwd):/app -w /app php:8.2.0RC7-cli ./psalm --php-version=8.2 --no-cache reflection-test.php | grep Trace

```

## Evaluate output

```
❯ docker run --rm -ti -v $(pwd):/app -w /app php:7.4 ./psalm --php-version=7.4 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, mixed, mixed} (see https://psalm.dev/224)

❯ docker run --rm -ti -v $(pwd):/app -w /app php:8.0 ./psalm --php-version=8.0 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, non-empty-list<ReflectionNamedType>, mixed} (see https://psalm.dev/224)

❯ docker run --rm -ti -v $(pwd):/app -w /app php:8.1 ./psalm --php-version=8.1 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, non-empty-list<ReflectionNamedType>, non-empty-list<ReflectionNamedType>} (see https://psalm.dev/224)

psalm on  feature/#8720-improve-types-and-purity-for-reflection-symbols [!?] via 🐘 v8.1.13 via ❄️  impure (nix-shell) took 4s
❯ docker run --rm -ti -v $(pwd):/app -w /app php:8.2.0RC7-cli ./psalm --php-version=8.2 --no-cache reflection-test.php | grep Trace
ERROR: Trace - reflection-test.php:20:1 - $results: list{class-string<stdClass>, non-empty-list<ReflectionNamedType>, non-empty-list<ReflectionNamedType>} (see https://psalm.dev/224)
```
2022-12-06 18:26:50 +01:00
Marco Pivetta
79a1a8b26c Removed templated parameters from ReflectionClass#isInstance()
These templates were leading to false positives: assuming
an `object` is given as input, the inferred return
type would always have been `true`, which is obviously
not valid.

Removing them is the healthier alternative, for now.

Ref: https://github.com/vimeo/psalm/pull/8722#discussion_r1027102713
2022-12-06 11:21:09 +01:00
Marco Pivetta
d9a0cc5311 Prevent usage of callable objects in ReflectionFunction::__construct()
As per @weirdan's feedback, we can prevent
the usage of `object` instances that
implement `__invoke()`, as well as `array`
callables, by declaring the ctor argument of
`ReflectionFunction` to be either a real `Closure`,
or a `callable-string`.

While this may not be 100% of scenarios, it is a
healthy way to identify errors in userland.

Ref: https://github.com/vimeo/psalm/pull/8722#discussion_r1027151421
2022-12-06 11:19:16 +01:00
Marco Pivetta
d5cccbade2 Marking ReflectionProperty#$name as string rather than non-empty-string
Because @weirdan is a party pooper (they poop at the parties)

Ref: https://www.youtube.com/watch?v=gjwofYhUJEM
Ref: https://github.com/vimeo/psalm/pull/8722#discussion_r1027151708
2022-12-06 11:12:01 +01:00
Marco Pivetta
322cff6f43 Declaring more precise types and purity boundaries on ext-reflection symbols in .phpstub files
Also:

 * added PHP 8.2 stubs
 * refined types to make impossible scenarios more clear (like `ReflectionIntersectionType#allowsNull()`)

This is a first attempt at refining these types: the structure of these stubs is quite confusing to me,
so I don't know if this approach is correct, and if the stubs are merged together, or if entire symbols
need to be completely re-declared for each PHP version.
2022-12-06 11:08:30 +01:00
Bruce Weirdan
4dc969b887
Merge pull request #8848 from mmcev106/urlencode 2022-12-05 21:17:34 -04:00
Mark McEver
9764803c55 Allowed taints to pass through urlencode() 2022-12-05 17:25:36 -06:00
orklah
1cd10c3344
Merge pull request #8837 from vimeo/dependabot/github_actions/fkirc/skip-duplicate-actions-5.3.0
Bump fkirc/skip-duplicate-actions from 4.0.0 to 5.3.0
2022-12-05 10:06:17 +01:00
dependabot[bot]
a30622bfb5
Bump fkirc/skip-duplicate-actions from 4.0.0 to 5.3.0
Bumps [fkirc/skip-duplicate-actions](https://github.com/fkirc/skip-duplicate-actions) from 4.0.0 to 5.3.0.
- [Release notes](https://github.com/fkirc/skip-duplicate-actions/releases)
- [Commits](https://github.com/fkirc/skip-duplicate-actions/compare/v4.0.0...v5.3.0)

---
updated-dependencies:
- dependency-name: fkirc/skip-duplicate-actions
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-05 07:05:39 +00:00
orklah
d2f7d86aee
Merge pull request #8835 from lptn/8818-extend-impure_functions-by-socket-functions
Extend impure_functions list by socket functions
2022-12-05 00:34:53 +01:00
Alies Lapatsin
4b4b36df7d Extend impure_functions list by socket functions
all of them returns boolean and can be ignored.
This prevents UnusedFunctionCall.
Note, socket errors can be fetched by:
 - socket_strerror
 - socket_last_error
2022-12-05 00:25:19 +01:00
orklah
cc9c67d7ee
Merge pull request #8834 from danog/fix_class_string_unions
Fix parsing of class string of unions
2022-12-04 20:44:41 +01:00
orklah
f3e1a2c0e4 impossible constructor 2022-12-04 20:33:05 +01:00
4c277052e3 Fix parsing of class string of unions 2022-12-04 20:28:53 +01:00
Théo FIDRY
a444f286bb
Integrate FidryCpuCoreCounter 2022-12-04 20:24:18 +01:00
orklah
83ba661135
Merge pull request #8832 from kamil-tekiela/mysqli_execute_query
mysqli_execute_query accepts any type of param
2022-12-04 18:39:25 +01:00
Kamil Tekiela
ace5743c99 mysqli_execute_query accepts any type of param 2022-12-04 17:29:50 +00:00
orklah
16d81aadd1
Merge pull request #8831 from orklah/propertymap
capitalize properties
2022-12-04 17:26:14 +01:00
orklah
5c46c45057 capitalize properties 2022-12-04 17:18:24 +01:00
orklah
929723a133 capitalize properties 2022-12-04 17:10:40 +01:00
orklah
df4d3692ab
Merge pull request #8828 from orklah/generator
fix missing break handling in loop
2022-12-04 16:38:37 +01:00
orklah
496b71d6d8
Merge pull request #8827 from weirdan/improve-source-autodiscovery-failure-message
Improve source autodiscovery failure message
2022-12-04 14:18:33 +01:00