phpstan: Streamline vendor file location with local dev-env

.github/workflows/php.yml

@@ -33,12 +33,12 @@ jobs:
 
       - name: Setup dependencies
         run: |
-          composer require -n --no-progress overtrue/phplint
-          git clone --depth 1 -b snapshot/nightly https://github.com/Icinga/icinga-php-library.git vendor/icinga-php-library
-          git clone --depth 1 -b snapshot/nightly https://github.com/Icinga/icinga-php-thirdparty.git vendor/icinga-php-thirdparty
-          git clone --depth 1 https://github.com/Icinga/icingaweb2-module-x509.git vendor/modules/x509-web 
-          git clone --depth 1 https://github.com/Icinga/icingadb-web.git vendor/modules/icingadb-web
-          git clone --depth 1 https://github.com/Icinga/icingaweb2-module-pdfexport.git vendor/modules/pdfexport-web
+          composer require -n --no-progress overtrue/phplint phpstan/phpstan
+          sudo git clone --depth 1 -b snapshot/nightly https://github.com/Icinga/icinga-php-library.git /usr/share/icinga-php/ipl
+          sudo git clone --depth 1 -b snapshot/nightly https://github.com/Icinga/icinga-php-thirdparty.git /usr/share/icinga-php/vendor
+          sudo git clone --depth 1 https://github.com/Icinga/icingaweb2-module-x509.git /usr/share/icingaweb2-modules/x509
+          sudo git clone --depth 1 https://github.com/Icinga/icingadb-web.git /usr/share/icingaweb2-modules/icingadb
+          sudo git clone --depth 1 https://github.com/Icinga/icingaweb2-module-pdfexport.git /usr/share/icingaweb2-modules/pdfexport
 
       - name: PHP Lint
         if: ${{ ! cancelled() }}
@@ -50,7 +50,7 @@ jobs:
 
       - name: PHPStan
         if: ${{ ! cancelled() }}
-        uses: php-actions/phpstan@v3
+        run: ./vendor/bin/phpstan analyse
 
   test:
     name: Unit tests with php ${{ matrix.php }} on ${{ matrix.os }}

library/Icinga/Cli/Documentation/CommentParser.php

@@ -10,6 +10,7 @@ class CommentParser
     protected $raw;
     protected $plain;
     protected $title;
+    /** @var array $paragraphs */
     protected $paragraphs = array();
 
     public function __construct($raw)
@@ -37,6 +38,7 @@ protected function parse()
         $p = null;
         foreach (preg_split('~\n~', $plain) as $line) {
             // Strip * at line start
+            /** @var string $line */
             $line = preg_replace('~^\s*\*\s?~', '', $line);
             $line = rtrim($line);
             if ($this->title === null) {

library/Icinga/Protocol/Ldap/LdapConnection.php

@@ -89,8 +89,6 @@ class LdapConnection implements Selectable, Inspectable
 
     /**
      * The LDAP link identifier being used
-     *
-     * @var resource
      */
     protected $ds;
 
@@ -248,7 +246,7 @@ public function root()
      *
      * Establishes a connection if necessary.
      *
-     * @return  resource
+     * @throws LdapException
      */
     public function getConnection()
     {
@@ -617,16 +615,22 @@ public function testCredentials($bindDn, $bindPw)
     /**
      * Return whether an entry identified by the given distinguished name exists
      *
-     * @param   string  $dn
+     * @param string $dn
      *
      * @return  bool
+     *
+     * @throws LdapException
      */
     public function hasDn($dn)
     {
         $ds = $this->getConnection();
         $this->bind();
 
         $result = ldap_read($ds, $dn, '(objectClass=*)', array('objectClass'));
+        if ($result === false) {
+            return false;
+        }
+
         return ldap_count_entries($ds, $result) > 0;
     }
 
@@ -654,6 +658,10 @@ public function deleteRecursively($dn)
         }
 
         $children = ldap_get_entries($ds, $result);
+        if ($children === false) {
+            return false;
+        }
+
         for ($i = 0; $i < $children['count']; $i++) {
             $result = $this->deleteRecursively($children[$i]['dn']);
             if (! $result) {
@@ -785,6 +793,10 @@ protected function runQuery(LdapQuery $query, array $fields = null)
         $count = 0;
         $entries = array();
         $entry = ldap_first_entry($ds, $results);
+        if ($entry === false) {
+            return [];
+        }
+
         do {
             if ($unfoldAttribute) {
                 $rows = $this->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields, $unfoldAttribute);
@@ -952,6 +964,10 @@ protected function runPagedQuery(LdapQuery $query, array $fields = null, $pageSi
             }
 
             $entry = ldap_first_entry($ds, $results);
+            if ($entry === false) {
+                return [];
+            }
+
             do {
                 if ($unfoldAttribute) {
                     $rows = $this->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields, $unfoldAttribute);
@@ -1184,9 +1200,7 @@ protected function encodeSortRules(array $sortRules)
     /**
      * Prepare and establish a connection with the LDAP server
      *
-     * @param   Inspection  $info   Optional inspection to fill with diagnostic info
-     *
-     * @return  resource            A LDAP link identifier
+     * @param   ?Inspection  $info   Optional inspection to fill with diagnostic info
      *
      * @throws  LdapException       In case the connection is not possible
      */
@@ -1199,6 +1213,9 @@ protected function prepareNewConnection(Inspection $info = null)
         $hostname = $this->normalizeHostname($this->hostname);
 
         $ds = ldap_connect($hostname);
+        if ($ds === false) {
+            throw new LdapException('Failed to connect to LDAP');
+        }
 
         // Set a proper timeout for each connection
         ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, $this->timeout);
@@ -1228,7 +1245,7 @@ protected function prepareNewConnection(Inspection $info = null)
     }
 
     /**
-     * Perform a LDAP search and return the result
+     * Perform a LDAP search and return the result or false on error
      *
      * @param   LdapQuery   $query
      * @param   array       $attributes     An array of the required attributes
@@ -1238,8 +1255,6 @@ protected function prepareNewConnection(Inspection $info = null)
      * @param   int         $deref
      * @param   array       $controls       LDAP Controls to send with the request (Only supported with PHP v7.3+)
      *
-     * @return  resource|bool               A search result identifier or false on error
-     *
      * @throws  LogicException              If the LDAP query search scope is unsupported
      */
     public function ldapSearch(
@@ -1553,6 +1568,13 @@ public function inspect()
         return $insp;
     }
 
+    /**
+     * Normalize all given hostnames to a valid LDAP URL
+     *
+     * @param string $hostname
+     *
+     * @return string
+     */
     protected function normalizeHostname($hostname)
     {
         $scheme = $this->encryption === static::LDAPS ? 'ldaps://' : 'ldap://';