From e999edd1261477e59a4b7dd0a82d7df60d1c1e3e Mon Sep 17 00:00:00 2001 From: Markus Staab Date: Thu, 3 Oct 2024 11:10:28 +0200 Subject: [PATCH 1/6] Test with bleeding edge --- phpstan.dev.neon | 3 +++ 1 file changed, 3 insertions(+) diff --git a/phpstan.dev.neon b/phpstan.dev.neon index 89554861e..995367b78 100644 --- a/phpstan.dev.neon +++ b/phpstan.dev.neon @@ -1,3 +1,6 @@ +includes: + - phar://phpstan.phar/conf/bleedingEdge.neon + parameters: level: 8 paths: From 71c9313d2697b740e219868ac86d35135277e3b8 Mon Sep 17 00:00:00 2001 From: Markus Staab Date: Thu, 3 Oct 2024 11:12:18 +0200 Subject: [PATCH 2/6] Update RexSqlFactoryDynamicReturnTypeExtension.php --- lib/extension/RexSqlFactoryDynamicReturnTypeExtension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/extension/RexSqlFactoryDynamicReturnTypeExtension.php b/lib/extension/RexSqlFactoryDynamicReturnTypeExtension.php index 9627f9bbc..84b3689a1 100644 --- a/lib/extension/RexSqlFactoryDynamicReturnTypeExtension.php +++ b/lib/extension/RexSqlFactoryDynamicReturnTypeExtension.php @@ -23,7 +23,7 @@ public function isStaticMethodSupported(MethodReflection $methodReflection): boo return strtolower($methodReflection->getName()) === 'factory'; } - public function getTypeFromStaticMethodCall(MethodReflection $methodReflection, StaticCall $methodCall, Scope $scope): ?Type + public function getTypeFromStaticMethodCall(MethodReflection $methodReflection, StaticCall $methodCall, Scope $scope): Type { return new RexSqlObjectType(); } From 170b1881cdfc6c074e4887d1a8feac5b601de3e6 Mon Sep 17 00:00:00 2001 From: Markus Staab Date: Thu, 3 Oct 2024 11:22:07 +0200 Subject: [PATCH 3/6] fix --- lib/rule/RexSqlInjectionRule.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/rule/RexSqlInjectionRule.php b/lib/rule/RexSqlInjectionRule.php index c349116c5..c9d83ee04 100644 --- a/lib/rule/RexSqlInjectionRule.php +++ b/lib/rule/RexSqlInjectionRule.php @@ -82,11 +82,7 @@ public function processNode(Node $methodCall, Scope $scope): array } $callerType = $scope->getType($methodCall->var); - if (!$callerType instanceof TypeWithClassName) { - return []; - } - - if ($callerType->getClassName() !== rex_sql::class) { + if ($callerType->getObjectClassNames() !== [rex_sql::class]) { return []; } From 79dabeb2033418ed7e9300674c2cbb44f0ee9975 Mon Sep 17 00:00:00 2001 From: Markus Staab Date: Thu, 3 Oct 2024 11:26:58 +0200 Subject: [PATCH 4/6] Update expected.out --- tests/expected.out | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/expected.out b/tests/expected.out index 03dc1850c..39d519a48 100644 --- a/tests/expected.out +++ b/tests/expected.out @@ -6,6 +6,7 @@ /tests/data/addons/developer/Module Navigationspunkt (Anker).input.php:-1:Module "Module Navigationspunkt (Anker)" contains ouput value "REX_LINK[1]" which is not used in module input. /tests/data/addons/developer/Module Navigationspunkt (Anker).input.php:-1:Module "Module Navigationspunkt (Anker)" contains ouput value "REX_MEDIA[2]" which is not used in module input. /tests/data/addons/developer/Module Navigationspunkt (Anker).input.php:-1:Module "Module Navigationspunkt (Anker)" contains ouput value "REX_VALUE[10]" which is not used in module input. +/tests/data/addons/developer/Module Navigationspunkt (Anker).input.php:43:Expression "$x + []" on a separate line does not do anything. /tests/data/addons/developer/Module Navigationspunkt (Anker).output.php:44:Loose comparison via "==" is not allowed. /tests/data/addons/developer/Module Navigationspunkt (Anker).output.php:47:Loose comparison via "==" is not allowed. /tests/data/addons/developer/Template ctypes.template.php:-1:Template "Template ctypes" includes invalid template by ID "REX_TEMPLATE[99999999]" @@ -15,6 +16,7 @@ /tests/data/any-get.php:13:No rex_media found with id 'does-not-exist.jpg'. /tests/data/any-get.php:14:No rex_article found with id 9999999. /tests/data/any-get.php:15:No rex_category found with id 9999999. +/tests/data/multi-use.php:14:Expression on left side of ?? is not nullable. /tests/data/object-oriented-framework.php:22:Unknown name 'unknownColumn' given to rex_user::getValue(). /tests/data/object-oriented-framework.php:24:No rex_media found with id 'markus.jpg'. /tests/data/object-oriented-framework.php:30:Unknown name 'unknownColumn' given to rex_media::getValue(). From 49c79737b6ae84f021e0e2fcc2ee67326c0c8357 Mon Sep 17 00:00:00 2001 From: Markus Staab Date: Thu, 3 Oct 2024 11:29:49 +0200 Subject: [PATCH 5/6] simplify --- lib/rule/RexSqlInjectionRule.php | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/lib/rule/RexSqlInjectionRule.php b/lib/rule/RexSqlInjectionRule.php index c9d83ee04..2d1f965c7 100644 --- a/lib/rule/RexSqlInjectionRule.php +++ b/lib/rule/RexSqlInjectionRule.php @@ -240,18 +240,15 @@ private function isSafeType(Type $type): bool return true; } - $integer = new IntegerType(); - if ($integer->isSuperTypeOf($type)->yes()) { + if ($type->isInteger()->yes()) { return true; } - $bool = new BooleanType(); - if ($bool->isSuperTypeOf($type)->yes()) { + if ($type->isBoolean()->yes()) { return true; } - $float = new FloatType(); - if ($float->isSuperTypeOf($type)->yes()) { + if ($type->isFloat()->yes()) { return true; } From debc1c716d5c48080503b4e0a033c047188863a3 Mon Sep 17 00:00:00 2001 From: Markus Staab Date: Thu, 3 Oct 2024 11:31:50 +0200 Subject: [PATCH 6/6] Discard changes to phpstan.dev.neon --- phpstan.dev.neon | 3 --- 1 file changed, 3 deletions(-) diff --git a/phpstan.dev.neon b/phpstan.dev.neon index 995367b78..89554861e 100644 --- a/phpstan.dev.neon +++ b/phpstan.dev.neon @@ -1,6 +1,3 @@ -includes: - - phar://phpstan.phar/conf/bleedingEdge.neon - parameters: level: 8 paths: