mirror of
https://github.com/danog/psalm.git
synced 2024-12-15 10:57:08 +01:00
4aabb411a8
* Added event to prevent tainting. * Remove optional codebase parameter. * Removed falsy check for codebase. * Use two separate hooks for adding and removing taints * Add slashes * Update add/remove taint test name. * Cleaned up SafeArrayKeyChecker example plugin. * Added more AddRemoveTaintsEvent calls to codebase. * Fix type check error with $added_taints param. * Added AddRemoveTaintsEvent to remaining classes. * Fix post-merge error. * Add comma * Remove $int_offset that never existed Co-authored-by: Matt Brown <github@muglug.com>
87 lines
3.0 KiB
PHP
87 lines
3.0 KiB
PHP
<?php
|
|
namespace Psalm\Internal\Analyzer\Statements\Expression;
|
|
|
|
use PhpParser;
|
|
use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
|
|
use Psalm\Internal\Analyzer\StatementsAnalyzer;
|
|
use Psalm\Internal\DataFlow\DataFlowNode;
|
|
use Psalm\CodeLocation;
|
|
use Psalm\Context;
|
|
use Psalm\Plugin\EventHandler\Event\AddRemoveTaintsEvent;
|
|
use Psalm\Type;
|
|
|
|
class EncapsulatedStringAnalyzer
|
|
{
|
|
public static function analyze(
|
|
StatementsAnalyzer $statements_analyzer,
|
|
PhpParser\Node\Scalar\Encapsed $stmt,
|
|
Context $context
|
|
) : bool {
|
|
$stmt_type = Type::getString();
|
|
|
|
$non_empty = false;
|
|
|
|
foreach ($stmt->parts as $part) {
|
|
if ($part instanceof PhpParser\Node\Scalar\EncapsedStringPart
|
|
&& $part->value
|
|
) {
|
|
$non_empty = true;
|
|
}
|
|
|
|
if (ExpressionAnalyzer::analyze($statements_analyzer, $part, $context) === false) {
|
|
return false;
|
|
}
|
|
|
|
$part_type = $statements_analyzer->node_data->getType($part);
|
|
|
|
if ($part_type) {
|
|
$casted_part_type = CastAnalyzer::castStringAttempt(
|
|
$statements_analyzer,
|
|
$context,
|
|
$part_type,
|
|
$part
|
|
);
|
|
|
|
if ($statements_analyzer->data_flow_graph
|
|
&& !\in_array('TaintedInput', $statements_analyzer->getSuppressedIssues())
|
|
) {
|
|
$var_location = new CodeLocation($statements_analyzer, $part);
|
|
|
|
$new_parent_node = DataFlowNode::getForAssignment('concat', $var_location);
|
|
$statements_analyzer->data_flow_graph->addNode($new_parent_node);
|
|
|
|
$stmt_type->parent_nodes[$new_parent_node->id] = $new_parent_node;
|
|
|
|
$codebase = $statements_analyzer->getCodebase();
|
|
$event = new AddRemoveTaintsEvent($stmt, $context, $statements_analyzer, $codebase);
|
|
|
|
$added_taints = $codebase->config->eventDispatcher->dispatchAddTaints($event);
|
|
$removed_taints = $codebase->config->eventDispatcher->dispatchRemoveTaints($event);
|
|
|
|
if ($casted_part_type->parent_nodes) {
|
|
foreach ($casted_part_type->parent_nodes as $parent_node) {
|
|
$statements_analyzer->data_flow_graph->addPath(
|
|
$parent_node,
|
|
$new_parent_node,
|
|
'concat',
|
|
$added_taints,
|
|
$removed_taints
|
|
);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($non_empty) {
|
|
$new_type = new Type\Union([new Type\Atomic\TNonEmptyString()]);
|
|
$new_type->parent_nodes = $stmt_type->parent_nodes;
|
|
$stmt_type = $new_type;
|
|
}
|
|
|
|
$statements_analyzer->node_data->setType($stmt, $stmt_type);
|
|
|
|
return true;
|
|
}
|
|
}
|