Fix PHPStan Level 4-5

lib/php72compat.php

@@ -107,7 +107,7 @@ function sodium_compare($a, $b)
      * @param string $assocData
      * @param string $nonce
      * @param string $key
-     * @return string
+     * @return string|bool
      */
     function sodium_crypto_aead_aes256gcm_decrypt($message, $assocData, $nonce, $key)
     {
@@ -153,7 +153,7 @@ function sodium_crypto_aead_aes256gcm_is_available()
      * @param string $assocData
      * @param string $nonce
      * @param string $key
-     * @return string
+     * @return string|bool
      */
     function sodium_crypto_aead_chacha20poly1305_decrypt($message, $assocData, $nonce, $key)
     {
@@ -199,7 +199,7 @@ function sodium_crypto_aead_chacha20poly1305_keygen()
      * @param string $assocData
      * @param string $nonce
      * @param string $key
-     * @return string
+     * @return string|bool
      */
     function sodium_crypto_aead_chacha20poly1305_ietf_decrypt($message, $assocData, $nonce, $key)
     {
@@ -245,7 +245,7 @@ function sodium_crypto_aead_chacha20poly1305_ietf_keygen()
      * @param string $assocData
      * @param string $nonce
      * @param string $key
-     * @return string
+     * @return string|bool
      */
     function sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($message, $assocData, $nonce, $key)
     {
@@ -952,7 +952,7 @@ function sodium_hex2bin($string)
 if (!is_callable('sodium_increment')) {
     /**
      * @see ParagonIE_Sodium_Compat::increment()
-     * @param &string $string
+     * @param string $string
      * @return void
      * @throws SodiumException
      * @throws TypeError
@@ -1009,7 +1009,7 @@ function sodium_memcmp($a, $b)
 if (!is_callable('sodium_memzero')) {
     /**
      * @see ParagonIE_Sodium_Compat::memzero()
-     * @param string &$str
+     * @param string $str
      * @return void
      * @throws SodiumException
      * @throws TypeError

lib/sodium_compat.php

@@ -45,16 +45,14 @@ function compare($a, $b)
      * @param string $nonce
      * @param string $key
      * @return string|bool
-     * @throws \SodiumException
-     * @throws \TypeError
      */
     function crypto_aead_aes256gcm_decrypt($message, $assocData, $nonce, $key)
     {
         try {
             return ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_decrypt($message, $assocData, $nonce, $key);
-        } catch (Error $ex) {
+        } catch (\TypeError $ex) {
             return false;
-        } catch (Exception $ex) {
+        } catch (\SodiumException $ex) {
             return false;
         }
     }
@@ -93,16 +91,14 @@ function crypto_aead_aes256gcm_is_available()
      * @param string $nonce
      * @param string $key
      * @return string|bool
-     * @throws \SodiumException
-     * @throws \TypeError
      */
     function crypto_aead_chacha20poly1305_decrypt($message, $assocData, $nonce, $key)
     {
         try {
             return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_decrypt($message, $assocData, $nonce, $key);
-        } catch (Error $ex) {
+        } catch (\TypeError $ex) {
             return false;
-        } catch (Exception $ex) {
+        } catch (\SodiumException $ex) {
             return false;
         }
     }
@@ -131,16 +127,14 @@ function crypto_aead_chacha20poly1305_encrypt($message, $assocData, $nonce, $key
      * @param string $nonce
      * @param string $key
      * @return string|bool
-     * @throws \SodiumException
-     * @throws \TypeError
      */
     function crypto_aead_chacha20poly1305_ietf_decrypt($message, $assocData, $nonce, $key)
     {
         try {
             return ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_decrypt($message, $assocData, $nonce, $key);
-        } catch (Error $ex) {
+        } catch (\TypeError $ex) {
             return false;
-        } catch (Exception $ex) {
+        } catch (\SodiumException $ex) {
             return false;
         }
     }
@@ -238,16 +232,14 @@ function crypto_box_keypair_from_secretkey_and_publickey($sk, $pk)
      * @param string $nonce
      * @param string $kp
      * @return string|bool
-     * @throws \SodiumException
-     * @throws \TypeError
      */
     function crypto_box_open($message, $nonce, $kp)
     {
         try {
             return ParagonIE_Sodium_Compat::crypto_box_open($message, $nonce, $kp);
-        } catch (Error $ex) {
+        } catch (\TypeError $ex) {
             return false;
-        } catch (Exception $ex) {
+        } catch (\SodiumException $ex) {
             return false;
         }
     }
@@ -298,15 +290,14 @@ function crypto_box_seal($message, $publicKey)
      * @param string $message
      * @param string $kp
      * @return string|bool
-     * @throws \TypeError
      */
     function crypto_box_seal_open($message, $kp)
     {
         try {
             return ParagonIE_Sodium_Compat::crypto_box_seal_open($message, $kp);
-        } catch (\Error $ex) {
+        } catch (\TypeError $ex) {
             return false;
-        } catch (\Exception $ex) {
+        } catch (\SodiumException $ex) {
             return false;
         }
     }
@@ -543,16 +534,14 @@ function crypto_secretbox($message, $nonce, $key)
      * @param string $nonce
      * @param string $key
      * @return string|bool
-     * @throws \SodiumException
-     * @throws \TypeError
      */
     function crypto_secretbox_open($message, $nonce, $key)
     {
         try {
             return ParagonIE_Sodium_Compat::crypto_secretbox_open($message, $nonce, $key);
-        } catch (Error $ex) {
+        } catch (\TypeError $ex) {
             return false;
-        } catch (Exception $ex) {
+        } catch (\SodiumException $ex) {
             return false;
         }
     }
@@ -622,9 +611,9 @@ function crypto_sign_open($signedMessage, $pk)
     {
         try {
             return ParagonIE_Sodium_Compat::crypto_sign_open($signedMessage, $pk);
-        } catch (\Error $ex) {
+        } catch (\TypeError $ex) {
             return false;
-        } catch (\Exception $ex) {
+        } catch (\SodiumException $ex) {
             return false;
         }
     }
@@ -810,7 +799,7 @@ function randombytes_buf($amount)
      * @see ParagonIE_Sodium_Compat::randombytes_uniform()
      * @param int $upperLimit
      * @return int
-     * @throws \Exception
+     * @throws \SodiumException
      * @throws \Error
      */
     function randombytes_uniform($upperLimit)

namespaced/Core/Xsalsa20.php

@@ -1,7 +1,7 @@
 <?php
 namespace ParagonIE\Sodium\Core;
 
-class Xsalsa20 extends \ParagonIE_Sodium_Core_Xsalsa20
+class Xsalsa20 extends \ParagonIE_Sodium_Core_XSalsa20
 {
 
 }

phpstan.neon.dist

@@ -0,0 +1,18 @@
+parameters:
+    level: max
+    paths:
+        - %currentWorkingDirectory%/src/
+        - %currentWorkingDirectory%/lib/
+        - %currentWorkingDirectory%/namespaced/
+#    excludes_analyse:
+    ignoreErrors:
+        # sodium_crypto_pwhash is a built-in function
+        - '/^Default value of the parameter #6 \$algo \(null\) of function sodium_crypto_pwhash\(\) is incompatible with type int\.$/'
+        # PHPStan issue #2124
+        - '#^Function sodium_crypto_scalarmult_base invoked with 1 parameter, 2 required\.$#'
+        # On PHP >=7.2 there is HashContext
+        - '/^Parameter #1 \$context of function hash_final expects HashContext, resource given\.$/'
+        # People call generichash() with all kinds of rubish
+        -
+            message: '#^Else branch is unreachable because previous condition is always true\.$#'
+            path: %currentWorkingDirectory%/src/File.php

src/Compat.php

@@ -144,9 +144,9 @@ public static function bin2hex($string)
      *
      * @param string $left  The left operand; must be a string
      * @param string $right The right operand; must be a string
-     * @return int          < 0 if the left operand is less than the right
-     *                      = 0 if both strings are equal
-     *                      > 0 if the right operand is less than the left
+     * @return int          If < 0 if the left operand is less than the right
+     *                      If = 0 if both strings are equal
+     *                      If > 0 if the right operand is less than the left
      * @throws SodiumException
      * @throws TypeError
      * @psalm-suppress MixedArgument
@@ -1303,9 +1303,9 @@ public static function crypto_generichash($message, $key = '', $length = self::C
     /**
      * Get the final BLAKE2b hash output for a given context.
      *
-     * @param string &$ctx BLAKE2 hashing context. Generated by crypto_generichash_init().
-     * @param int $length  Hash output size.
-     * @return string      Final BLAKE2b hash.
+     * @param string $ctx BLAKE2 hashing context. Generated by crypto_generichash_init().
+     * @param int $length Hash output size.
+     * @return string     Final BLAKE2b hash.
      * @throws SodiumException
      * @throws TypeError
      * @psalm-suppress MixedArgument
@@ -1382,8 +1382,8 @@ public static function crypto_generichash_init($key = '', $length = self::CRYPTO
     /**
      * Update a BLAKE2b hashing context with additional data.
      *
-     * @param string &$ctx    BLAKE2 hashing context. Generated by crypto_generichash_init().
-     *                        $ctx is passed by reference and gets updated in-place.
+     * @param string $ctx    BLAKE2 hashing context. Generated by crypto_generichash_init().
+     *                       $ctx is passed by reference and gets updated in-place.
      * @param-out string $ctx
      * @param string $message The message to append to the existing hash state.
      * @return void

src/Core/BLAKE2b.php

@@ -643,7 +643,7 @@ public static function SplFixedArrayToString(SplFixedArray $a)
     /**
      * @internal You should not use this directly from another application
      *
-     * @param SplFixedArray[SplFixedArray] $ctx
+     * @param SplFixedArray $ctx
      * @return string
      * @throws TypeError
      * @psalm-suppress MixedArgument

src/Core/Curve25519/Fe.php

@@ -55,7 +55,7 @@ public static function fromArray($array, $save_indexes = null)
     /**
      * @internal You should not use this directly from another application
      *
-     * @param int $offset
+     * @param int|null $offset
      * @param int $value
      * @return void
      * @psalm-suppress MixedArrayOffset

src/Core/Util.php

@@ -817,7 +817,7 @@ public static function substr($str, $start = 0, $length = null)
         } else {
             $sub = (string) substr($str, $start, $length);
         }
-        if (isset($sub)) {
+        if ($sub !== '') {
             return $sub;
         }
         return '';

src/Core32/BLAKE2b.php

@@ -574,7 +574,7 @@ public static function SplFixedArrayToString(SplFixedArray $a)
     /**
      * @internal You should not use this directly from another application
      *
-     * @param SplFixedArray[SplFixedArray] $ctx
+     * @param SplFixedArray $ctx
      * @return string
      * @throws TypeError
      * @psalm-suppress MixedArgument

src/File.php

@@ -1076,7 +1076,7 @@ protected static function onetimeauth_verify(
      * @param resource|object $hash
      * @param resource $fp
      * @param int $size
-     * @return mixed (resource on PHP < 7.2, object on PHP >= 7.2)
+     * @return resource|object Resource on PHP < 7.2, HashContext object on PHP >= 7.2
      * @throws SodiumException
      * @throws TypeError
      * @psalm-suppress PossiblyInvalidArgument
@@ -1092,12 +1092,12 @@ public static function updateHashWithFile($hash, $fp, $size = 0)
             if (!is_resource($hash)) {
                 throw new TypeError('Argument 1 must be a resource, ' . gettype($hash) . ' given.');
             }
-
         } else {
             if (!is_object($hash)) {
                 throw new TypeError('Argument 1 must be an object (PHP 7.2+), ' . gettype($hash) . ' given.');
             }
         }
+
         if (!is_resource($fp)) {
             throw new TypeError('Argument 2 must be a resource, ' . gettype($fp) . ' given.');
         }

tests/unit/XSalsa20Test.php

@@ -3,7 +3,7 @@
 class XSalsa20Test extends PHPUnit_Framework_TestCase
 {
     /**
-     * @oovers ParagonIE_Sodium_Core_Xsalsa20::xsalsa20()
+     * @oovers ParagonIE_Sodium_Core_XSalsa20::xsalsa20()
      * @throws SodiumException
      * @throws TypeError
      */