Can specify params with a doctype in typeString config option

Close #233
spaze · Dec 22, 2023 · 29a5955 · 29a5955
1 parent ee8ec5f
commit 29a5955
Show file tree

Hide file tree

Showing 20 changed files with 665 additions and 151 deletions.
diff --git a/docs/allow-attributes.md b/docs/allow-attributes.md
@@ -12,3 +12,5 @@ parameters:
                     position: 1
                     name: repositoryClass
 ```
+
+You can also use `value` or `typeString` directives, just like with functions or methods.
diff --git a/docs/allow-with-flags.md b/docs/allow-with-flags.md
@@ -26,3 +26,6 @@ parameters:
                     position: 2
                     value: ::JSON_HEX_APOS
 ```
+
+Just like with regular parameters, you can also use `typeString` instead of `value`.
+The extra bonus this brings is unions: if you want to (dis)allow a parameter when either the flag `1` or `2` is set, use `typeString: 1 | 2`. Note that the `|` operator here is not the PHP's _bitwise or_ operator.
diff --git a/docs/allow-with-parameters.md b/docs/allow-with-parameters.md
@@ -1,6 +1,9 @@
 ## Allow with specified parameters only
 
-You can also narrow down the allowed items when called with some parameters (applies only to disallowed method, static & function calls, for obvious reasons). _Please note that for now, only scalar values are supported in the configuration, not arrays._
+You can also narrow down the allowed items when called with some parameters (applies only to disallowed method, static & function calls, for obvious reasons).
+Only scalar values and no arrays are supported with the `value` configuration directive, but with the `typeString` directive,
+arrays and unions are also supported, and generally anything you can express with a PHPDoc type string, if it makes sense.
+When `typeString` is specified, `value` directive is ignored for the given parameter.
 
 For example, you want to disallow calling `print_r()` but want to allow `print_r(..., true)`.
 This can be done with optional `allowParamsInAllowed` or `allowParamsAnywhere` configuration keys:
@@ -184,3 +187,28 @@ parameters:
 ```
 
 But because the "positional _or_ named" limitation described above applies here as well, I generally don't recommend using these shortcuts and instead recommend specifying both `position` and `name` keys.
+
+### PHPDoc type strings
+
+Instead of the `value` directive, you can use the `typeString` directive which allows you to specify arrays, unions, and anything that can be expressed with PHPDoc:
+
+```neon
+parameters:
+    disallowedFunctionCalls:
+            # ...
+            allowParamsInAllowed:
+                -
+                    position: 1
+                    name: 'message'
+                    typeString: "'foo'"
+```
+
+The above example is the same as writing `value: foo` but because you want to specify a literal type string, you need to enclose the string in single quotes to indicate it's a string, not a class name.  With integers, `typeString: 1` is the same as `value: 1`.
+
+Type string allows you to specify:
+- Arrays, e.g. `typeString: array{}` meaning empty array, or vice versa with `typeString: non-empty-array`, or even `typeString: array{foo:'bar'}` meaning an array with a `foo` key and `bar` string value
+- Unions, e.g. `typeString: 1|2`, `typeString: "'foo'|'bar'"`, where the former example means the value must be an integer `1` or an integer `2`, and the latter means the value must be a string `foo` or `bar`
+- Classes, e.g. `typeString: DateTime` which means an object of that class, or a child class od that class
+- Any type as [understood by PHPStan](https://phpstan.org/writing-php-code/phpdoc-types), but not everything may make sense in your case
+
+If both `typeString` and `value` directives are specified, the `value` directive is ignored.
diff --git a/extension.neon b/extension.neon
diff --git a/src/Allowed/Allowed.php b/src/Allowed/Allowed.php
@@ -5,8 +5,13 @@
 
 use PhpParser\Node\Arg;
 use PHPStan\Analyser\Scope;
+use PHPStan\PhpDoc\TypeStringResolver;
 use PHPStan\Reflection\FunctionReflection;
 use PHPStan\Reflection\MethodReflection;
+use PHPStan\Type\Constant\ConstantBooleanType;
+use PHPStan\Type\Constant\ConstantIntegerType;
+use PHPStan\Type\Constant\ConstantStringType;
+use PHPStan\Type\NullType;
 use PHPStan\Type\Type;
 use PHPStan\Type\UnionType;
 use Spaze\PHPStan\Rules\Disallowed\DisallowedWithParams;
@@ -36,12 +41,20 @@ class Allowed
 	/** @var AllowedPath */
 	private $allowedPath;
 
+	/** @var TypeStringResolver */
+	private $typeStringResolver;
 
-	public function __construct(Formatter $formatter, Normalizer $normalizer, AllowedPath $allowedPath)
-	{
+
+	public function __construct(
+		Formatter $formatter,
+		Normalizer $normalizer,
+		AllowedPath $allowedPath,
+		TypeStringResolver $typeStringResolver
+	) {
 		$this->formatter = $formatter;
 		$this->normalizer = $normalizer;
 		$this->allowedPath = $allowedPath;
+		$this->typeStringResolver = $typeStringResolver;
 	}
 
 
@@ -242,7 +255,7 @@ public function getConfig(array $allowed): AllowedConfig
 	 * @template T of ParamValue
 	 * @param class-string<T> $class
 	 * @param int|string $key
-	 * @param int|bool|string|null|array{position:int, value?:int|bool|string, name?:string} $value
+	 * @param int|bool|string|null|array{position:int, value?:int|bool|string, typeString?:string, name?:string} $value
 	 * @return T
 	 * @throws UnsupportedParamTypeInConfigException
 	 */
@@ -253,6 +266,7 @@ private function paramFactory(string $class, $key, $value): ParamValue
 				$paramPosition = $value['position'];
 				$paramName = $value['name'] ?? null;
 				$paramValue = $value['value'] ?? null;
+				$typeString = $value['typeString'] ?? null;
 			} elseif (in_array($class, [ParamValueAny::class, ParamValueExceptAny::class], true)) {
 				if (is_numeric($value)) {
 					$paramPosition = (int)$value;
@@ -261,22 +275,34 @@ private function paramFactory(string $class, $key, $value): ParamValue
 					$paramPosition = null;
 					$paramName = (string)$value;
 				}
-				$paramValue = null;
+				$paramValue = $typeString = null;
 			} else {
 				$paramPosition = (int)$key;
 				$paramName = null;
 				$paramValue = $value;
+				$typeString = null;
 			}
 		} else {
 			$paramPosition = null;
 			$paramName = $key;
 			$paramValue = $value;
+			$typeString = null;
 		}
 
-		if (!is_int($paramValue) && !is_bool($paramValue) && !is_string($paramValue) && !is_null($paramValue)) {
+		if ($typeString) {
+			$type = $this->typeStringResolver->resolve($typeString);
+		} elseif (is_int($paramValue)) {
+			$type = new ConstantIntegerType($paramValue);
+		} elseif (is_bool($paramValue)) {
+			$type = new ConstantBooleanType($paramValue);
+		} elseif (is_string($paramValue)) {
+			$type = new ConstantStringType($paramValue);
+		} elseif (is_null($paramValue)) {
+			$type = new NullType();
+		} else {
 			throw new UnsupportedParamTypeInConfigException($paramPosition, $paramName, gettype($paramValue));
 		}
-		return new $class($paramPosition, $paramName, $paramValue);
+		return new $class($paramPosition, $paramName, $type);
 	}
 
 }
diff --git a/src/Params/Param.php b/src/Params/Param.php
@@ -21,9 +21,6 @@ public function getPosition(): ?int;
 	public function getName(): ?string;
 
 
-	/**
-	 * @return int|bool|string|null
-	 */
-	public function getValue();
+	public function getType(): Type;
 
 }
diff --git a/src/Params/ParamValue.php b/src/Params/ParamValue.php
@@ -5,9 +5,6 @@
 
 use PHPStan\Type\Type;
 
-/**
- * @template T of int|bool|string|null
- */
 abstract class ParamValue implements Param
 {
 
@@ -17,8 +14,8 @@ abstract class ParamValue implements Param
 	/** @var ?string */
 	private $name;
 
-	/** @var T */
-	private $value;
+	/** @var Type */
+	private $type;
 
 
 	abstract public function matches(Type $type): bool;
@@ -27,13 +24,13 @@ abstract public function matches(Type $type): bool;
 	/**
 	 * @param int|null $position
 	 * @param string|null $name
-	 * @param T $value
+	 * @param Type $type
 	 */
-	final public function __construct(?int $position, ?string $name, $value)
+	final public function __construct(?int $position, ?string $name, Type $type)
 	{
 		$this->position = $position;
 		$this->name = $name;
-		$this->value = $value;
+		$this->type = $type;
 	}
 
 
@@ -49,12 +46,9 @@ public function getName(): ?string
 	}
 
 
-	/**
-	 * @return T
-	 */
-	public function getValue()
+	public function getType(): Type
 	{
-		return $this->value;
+		return $this->type;
 	}
 
 }
diff --git a/src/Params/ParamValueAny.php b/src/Params/ParamValueAny.php
@@ -5,9 +5,6 @@
 
 use PHPStan\Type\Type;
 
-/**
- * @extends ParamValue<int|bool|string|null>
- */
 final class ParamValueAny extends ParamValue
 {
 

diff --git a/src/Params/ParamValueCaseInsensitiveExcept.php b/src/Params/ParamValueCaseInsensitiveExcept.php
@@ -3,38 +3,18 @@
 
 namespace Spaze\PHPStan\Rules\Disallowed\Params;
 
+use PHPStan\Type\Constant\ConstantStringType;
 use PHPStan\Type\Type;
-use Spaze\PHPStan\Rules\Disallowed\Exceptions\UnsupportedParamTypeException;
 
-/**
- * @extends ParamValue<int|bool|string|null>
- */
 class ParamValueCaseInsensitiveExcept extends ParamValue
 {
 
-	/**
-	 * @throws UnsupportedParamTypeException
-	 */
 	public function matches(Type $type): bool
 	{
-		if (!$type->isConstantScalarValue()->yes()) {
-			throw new UnsupportedParamTypeException();
-		}
-		$values = [];
-		foreach ($type->getConstantScalarValues() as $value) {
-			$values[] = $this->getLowercaseValue($value);
-		}
-		return !in_array($this->getLowercaseValue($this->getValue()), $values, true);
-	}
-
-
-	/**
-	 * @param mixed $value
-	 * @return mixed
-	 */
-	private function getLowercaseValue($value)
-	{
-		return is_string($value) ? strtolower($value) : $value;
+		$fn = function (ConstantStringType $string): string {
+			return strtolower($string->getValue());
+		};
+		return array_intersect(array_map($fn, $type->getConstantStrings()), array_map($fn, $this->getType()->getConstantStrings())) === [];
 	}
 
 }
diff --git a/src/Params/ParamValueExcept.php b/src/Params/ParamValueExcept.php
@@ -4,23 +4,13 @@
 namespace Spaze\PHPStan\Rules\Disallowed\Params;
 
 use PHPStan\Type\Type;
-use Spaze\PHPStan\Rules\Disallowed\Exceptions\UnsupportedParamTypeException;
 
-/**
- * @extends ParamValue<int|bool|string|null>
- */
 class ParamValueExcept extends ParamValue
 {
 
-	/**
-	 * @throws UnsupportedParamTypeException
-	 */
 	public function matches(Type $type): bool
 	{
-		if (!$type->isConstantScalarValue()->yes()) {
-			throw new UnsupportedParamTypeException();
-		}
-		return !in_array($this->getValue(), $type->getConstantScalarValues(), true);
+		return !$this->getType()->isSuperTypeOf($type)->yes();
 	}
 
 }
diff --git a/src/Params/ParamValueExceptAny.php b/src/Params/ParamValueExceptAny.php
@@ -5,9 +5,6 @@
 
 use PHPStan\Type\Type;
 
-/**
- * @extends ParamValue<int|bool|string|null>
- */
 final class ParamValueExceptAny extends ParamValue
 {
 

diff --git a/src/Params/ParamValueFlag.php b/src/Params/ParamValueFlag.php
@@ -0,0 +1,35 @@
+<?php
+declare(strict_types = 1);
+
+namespace Spaze\PHPStan\Rules\Disallowed\Params;
+
+use PHPStan\Type\Constant\ConstantIntegerType;
+use PHPStan\Type\Type;
+use PHPStan\Type\VerbosityLevel;
+use Spaze\PHPStan\Rules\Disallowed\Exceptions\UnsupportedParamTypeException;
+use Spaze\PHPStan\Rules\Disallowed\Exceptions\UnsupportedParamTypeInConfigException;
+
+abstract class ParamValueFlag extends ParamValue
+{
+
+	/**
+	 * @throws UnsupportedParamTypeException
+	 * @throws UnsupportedParamTypeInConfigException
+	 */
+	protected function isFlagSet(Type $type): bool
+	{
+		if (!$type instanceof ConstantIntegerType) {
+			throw new UnsupportedParamTypeException();
+		}
+		foreach ($this->getType()->getConstantScalarValues() as $value) {
+			if (!is_int($value)) {
+				throw new UnsupportedParamTypeInConfigException($this->getPosition(), $this->getName(), gettype($value) . ' of ' . $this->getType()->describe(VerbosityLevel::precise()));
+			}
+			if (($value & $type->getValue()) !== 0) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+}
diff --git a/src/Params/ParamValueFlagExcept.php b/src/Params/ParamValueFlagExcept.php
@@ -3,25 +3,20 @@
 
 namespace Spaze\PHPStan\Rules\Disallowed\Params;
 
-use PHPStan\Type\Constant\ConstantIntegerType;
 use PHPStan\Type\Type;
 use Spaze\PHPStan\Rules\Disallowed\Exceptions\UnsupportedParamTypeException;
+use Spaze\PHPStan\Rules\Disallowed\Exceptions\UnsupportedParamTypeInConfigException;
 
-/**
- * @extends ParamValue<int>
- */
-class ParamValueFlagExcept extends ParamValue
+class ParamValueFlagExcept extends ParamValueFlag
 {
 
 	/**
 	 * @throws UnsupportedParamTypeException
+	 * @throws UnsupportedParamTypeInConfigException
 	 */
 	public function matches(Type $type): bool
 	{
-		if (!$type instanceof ConstantIntegerType) {
-			throw new UnsupportedParamTypeException();
-		}
-		return ($this->getValue() & $type->getValue()) === 0;
+		return !$this->isFlagSet($type);
 	}
 
 }
diff --git a/src/Params/ParamValueFlagSpecific.php b/src/Params/ParamValueFlagSpecific.php
@@ -3,25 +3,20 @@
 
 namespace Spaze\PHPStan\Rules\Disallowed\Params;
 
-use PHPStan\Type\Constant\ConstantIntegerType;
 use PHPStan\Type\Type;
 use Spaze\PHPStan\Rules\Disallowed\Exceptions\UnsupportedParamTypeException;
+use Spaze\PHPStan\Rules\Disallowed\Exceptions\UnsupportedParamTypeInConfigException;
 
-/**
- * @extends ParamValue<int>
- */
-class ParamValueFlagSpecific extends ParamValue
+class ParamValueFlagSpecific extends ParamValueFlag
 {
 
 	/**
 	 * @throws UnsupportedParamTypeException
+	 * @throws UnsupportedParamTypeInConfigException
 	 */
 	public function matches(Type $type): bool
 	{
-		if (!$type instanceof ConstantIntegerType) {
-			throw new UnsupportedParamTypeException();
-		}
-		return ($this->getValue() & $type->getValue()) !== 0;
+		return $this->isFlagSet($type);
 	}
 
 }