Implement new rule to warn about unsafe strict groups calls

Seldaek · Seldaek · commit 1126fb49b135 · 2024-07-12T10:40:41.000+02:00
diff --git a/extension.neon b/extension.neon
@@ -8,9 +8,14 @@ conditionalTags:
         phpstan.staticMethodParameterOutTypeExtension: %featureToggles.narrowPregMatches%
     Composer\Pcre\PHPStan\PregMatchTypeSpecifyingExtension:
         phpstan.typeSpecifier.staticMethodTypeSpecifyingExtension: %featureToggles.narrowPregMatches%
+    Composer\Pcre\PHPStan\UnsafeStrictGroupsCallRule:
+        phpstan.rules.rule: %featureToggles.narrowPregMatches%
 
 services:
     -
         class: Composer\Pcre\PHPStan\PregMatchParameterOutTypeExtension
     -
         class: Composer\Pcre\PHPStan\PregMatchTypeSpecifyingExtension
+
+rules:
+    - Composer\Pcre\PHPStan\UnsafeStrictGroupsCallRule
diff --git a/src/PHPStan/PregMatchTypeSpecifyingExtension.php b/src/PHPStan/PregMatchTypeSpecifyingExtension.php
@@ -78,11 +78,15 @@ public function specifyTypes(MethodReflection $methodReflection, StaticCall $nod
             && count($matchedType->getConstantArrays()) === 1
         ) {
             $matchedType = $matchedType->getConstantArrays()[0];
-            foreach ($matchedType as $type) {
-                if ($type->containsNull()) {
-                    // TODO trigger an error here that $methodReflection->getName() should not be used, or the pattern needs to make sure that $type->?? get key name is not nullable
-                }
-            }
+            $matchedType = new ConstantArrayType(
+                $matchedType->getKeyTypes(),
+                array_map(static function (Type $valueType): Type {
+                    return TypeCombinator::removeNull($valueType);
+                }, $matchedType->getValueTypes()),
+                $matchedType->getNextAutoIndexes(),
+                [],
+                $matchedType->isList()
+            );
         }
 
         $overwrite = false;
diff --git a/src/PHPStan/UnsafeStrictGroupsCallRule.php b/src/PHPStan/UnsafeStrictGroupsCallRule.php
@@ -0,0 +1,113 @@
+<?php declare(strict_types=1);
+
+namespace Composer\Pcre\PHPStan;
+
+use Composer\Pcre\Preg;
+use Composer\Pcre\Regex;
+use PhpParser\Node;
+use PhpParser\Node\Expr\StaticCall;
+use PhpParser\Node\Name\FullyQualified;
+use PHPStan\Analyser\Scope;
+use PHPStan\Analyser\SpecifiedTypes;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleErrorBuilder;
+use PHPStan\TrinaryLogic;
+use PHPStan\Type\ObjectType;
+use PHPStan\Type\Type;
+use PHPStan\Type\TypeCombinator;
+use PHPStan\Type\Php\RegexArrayShapeMatcher;
+use function sprintf;
+
+/**
+ * @implements Rule<StaticCall>
+ */
+final class UnsafeStrictGroupsCallRule implements Rule
+{
+    /**
+     * @var RegexArrayShapeMatcher
+     */
+    private $regexShapeMatcher;
+
+    public function __construct(RegexArrayShapeMatcher $regexShapeMatcher)
+    {
+        $this->regexShapeMatcher = $regexShapeMatcher;
+    }
+
+    public function getNodeType(): string
+    {
+        return StaticCall::class;
+    }
+
+    public function processNode(Node $node, Scope $scope): array
+    {
+        if (!$node->class instanceof FullyQualified) {
+            return [];
+        }
+        $isRegex = $node->class->toString() === Regex::class;
+        $isPreg = $node->class->toString() === Preg::class;
+        if (!$isRegex && !$isPreg) {
+            return [];
+        }
+        if (!$node->name instanceof Node\Identifier || !in_array($node->name->name, ['matchStrictGroups', 'isMatchStrictGroups', 'matchAllStrictGroups', 'isMatchAllStrictGroups'], true)) {
+            return [];
+        }
+
+        $args = $node->getArgs();
+        if (!isset($args[0])) {
+            return [];
+        }
+
+        $patternArg = $args[0] ?? null;
+        if ($isPreg) {
+            if (!isset($args[2])) { // no matches set, skip as the matches won't be used anyway
+                return [];
+            }
+            $flagsArg = $args[3] ?? null;
+        } else {
+            $flagsArg = $args[2] ?? null;
+        }
+
+        if ($patternArg === null) {
+            return [];
+        }
+
+        $flagsType = PregMatchFlags::getType($flagsArg, $scope);
+        if ($flagsType === null) {
+            return [];
+        }
+        $patternType = $scope->getType($patternArg->value);
+
+        $matchedType = $this->regexShapeMatcher->matchType($patternType, $flagsType, TrinaryLogic::createFromBoolean(true));
+        if ($matchedType === null) {
+            return [
+                RuleErrorBuilder::message(sprintf('The %s call is potentially unsafe as $matches\' type could not be inferred.', $node->name->name))
+                    ->identifier('composerPcre.maybeUnsafeStrictGroups')
+                    ->build(),
+            ];
+        }
+
+        if (count($matchedType->getConstantArrays()) === 1) {
+            $matchedType = $matchedType->getConstantArrays()[0];
+            $nullableGroups = [];
+            foreach ($matchedType->getValueTypes() as $index => $type) {
+                if (TypeCombinator::containsNull($type)) {
+                    $nullableGroups[] = $matchedType->getKeyTypes()[$index]->getValue();
+                }
+            }
+
+            if (\count($nullableGroups) > 0) {
+                return [
+                    RuleErrorBuilder::message(sprintf(
+                        'The %s call is unsafe as match group%s "%s" %s optional and may be null.',
+                        $node->name->name,
+                        \count($nullableGroups) > 1 ? 's' : '',
+                        implode('", "', $nullableGroups),
+                        \count($nullableGroups) > 1 ? 'are' : 'is',
+                    ))->identifier('composerPcre.unsafeStrictGroups')->build(),
+                ];
+            }
+        }
+
+        return [];
+    }
+}
diff --git a/src/Regex.php b/src/Regex.php
@@ -43,6 +43,7 @@ public static function match(string $pattern, string $subject, int $flags = 0, i
      */
     public static function matchStrictGroups(string $pattern, string $subject, int $flags = 0, int $offset = 0): MatchStrictGroupsResult
     {
+        // @phpstan-ignore composerPcre.maybeUnsafeStrictGroups
         $count = Preg::matchStrictGroups($pattern, $subject, $matches, $flags, $offset);
 
         return new MatchStrictGroupsResult($count, $matches);
@@ -87,6 +88,7 @@ public static function matchAllStrictGroups(string $pattern, string $subject, in
         self::checkOffsetCapture($flags, 'matchAllWithOffsets');
         self::checkSetOrder($flags);
 
+        // @phpstan-ignore composerPcre.maybeUnsafeStrictGroups
         $count = Preg::matchAllStrictGroups($pattern, $subject, $matches, $flags, $offset);
 
         return new MatchAllStrictGroupsResult($count, $matches);
diff --git a/tests/PHPStanTests/TypeInferenceTest.php b/tests/PHPStanTests/TypeInferenceTest.php
@@ -17,8 +17,6 @@
  * Run with "vendor/bin/phpunit --testsuite phpstan"
  *
  * This is excluded by default to avoid side effects with the library tests
- *
- * @group phpstan
  */
 class TypeInferenceTest extends TypeInferenceTestCase
 {
diff --git a/tests/PHPStanTests/UnsafeStrictGroupsCallRuleTest.php b/tests/PHPStanTests/UnsafeStrictGroupsCallRuleTest.php
@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * This file is part of composer/pcre.
+ *
+ * (c) Composer <https://github.com/composer>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Composer\Pcre\PHPStanTests;
+
+use PHPStan\Testing\RuleTestCase;
+use Composer\Pcre\PHPStan\UnsafeStrictGroupsCallRule;
+use PHPStan\Type\Php\RegexArrayShapeMatcher;
+use PHPStan\Php\PhpVersion;
+
+/**
+ * Run with "vendor/bin/phpunit --testsuite phpstan"
+ *
+ * This is excluded by default to avoid side effects with the library tests
+ *
+ * @extends RuleTestCase<UnsafeStrictGroupsCallRule>
+ */
+class UnsafeStrictGruopsCallRuleTest extends RuleTestCase
+{
+    protected function getRule(): \PHPStan\Rules\Rule
+    {
+        // @phpstan-ignore phpstanApi.constructor,phpstanApi.constructor
+        return new UnsafeStrictGroupsCallRule(new RegexArrayShapeMatcher(new PhpVersion(PHP_VERSION_ID, PhpVersion::SOURCE_RUNTIME)));
+    }
+
+    public function testRule(): void
+    {
+        $this->analyse([__DIR__ . '/nsrt/preg-match.php'], [
+            [
+                'The matchStrictGroups call is unsafe as match group "1" is optional and may be null.',
+                80,
+            ],
+            [
+                'The matchAllStrictGroups call is unsafe as match groups "foo", "2" are optional and may be null.',
+                82,
+            ],
+            [
+                'The isMatchStrictGroups call is potentially unsafe as $matches\' type could not be inferred.',
+                86,
+            ],
+        ]);
+    }
+
+    public static function getAdditionalConfigFiles(): array
+    {
+        return [
+            'phar://' . __DIR__ . '/../../vendor/phpstan/phpstan/phpstan.phar/conf/bleedingEdge.neon',
+            __DIR__ . '/../../extension.neon',
+        ];
+    }
+}
diff --git a/tests/PHPStanTests/nsrt/preg-match.php b/tests/PHPStanTests/nsrt/preg-match.php
@@ -3,6 +3,7 @@
 namespace PregMatchShapes;
 
 use Composer\Pcre\Preg;
+use Composer\Pcre\Regex;
 use function PHPStan\Testing\assertType;
 
 function doMatch(string $s): void
@@ -75,8 +76,15 @@ function doMatchStrictGroupsUnsafe(string $s): void
         assertType('array{string, string}', $matches);
     }
 
-    if (Preg::isMatchStrictGroups('{Configure Command(?: *</td><td class="v">| *=> *)(.*)?(?:</td>|$)}m', $s, $matches)) {
-        // should error as it is unsafe due to the optional group
+    // should error as it is unsafe due to the optional group 1
+    Regex::matchStrictGroups('{Configure Command(?: *</td><td class="v">| *=> *)(.*)?(?:</td>|$)}m', $s);
+
+    if (Preg::matchAllStrictGroups('{((?<foo>.)?z)}m', $s, $matches)) {
+        // should error as it is unsafe due to the optional group foo/2
+    }
+
+    if (Preg::isMatchStrictGroups('{'.$s.'}', $s, $matches)) {
+        // should error as it is unsafe due not being introspectable with the dynamic string
     }
 }
 
diff --git a/tests/PregTests/MatchAllTest.php b/tests/PregTests/MatchAllTest.php
@@ -44,7 +44,7 @@ public function testFailure(): void
 
     public function testSuccessStrictGroups(): void
     {
-        $count = Preg::matchAllStrictGroups('{(?P<m>\d)(?<matched>a)?}', '3a', $matches);
+        $count = Preg::matchAllStrictGroups('{(?<m>\d)(?<matched>a)}', '3a', $matches);
         self::assertSame(1, $count);
         self::assertSame(array(0 => ['3a'], 'm' => ['3'], 1 => ['3'], 'matched' => ['a'], 2 => ['a']), $matches);
     }
@@ -53,7 +53,8 @@ public function testFailStrictGroups(): void
     {
         self::expectException(UnexpectedNullMatchException::class);
         self::expectExceptionMessage('Pattern "{(?P<m>\d)(?<unmatched>b)?}" had an unexpected unmatched group "unmatched", make sure the pattern always matches or use matchAll() instead.');
-        Preg::matchAllStrictGroups('{(?P<m>\d)(?<unmatched>b)?}', '123', $matches);
+        // @phpstan-ignore composerPcre.unsafeStrictGroups
+        Preg::matchAllStrictGroups('{(?<m>\d)(?<unmatched>b)?}', '123', $matches);
     }
 
     public function testBadPatternThrowsIfWarningsAreNotThrowing(): void
diff --git a/tests/PregTests/MatchTest.php b/tests/PregTests/MatchTest.php
@@ -38,7 +38,7 @@ public function testSuccessWithInt(): void
 
     public function testSuccessStrictGroups(): void
     {
-        $count = Preg::matchStrictGroups('{(?P<m>\d)(?<matched>a)?}', '3a', $matches);
+        $count = Preg::matchStrictGroups('{(?<m>\d)(?<matched>a)}', '3a', $matches);
         self::assertSame(1, $count);
         self::assertSame(array(0 => '3a', 'm' => '3', 1 => '3', 'matched' => 'a', 2 => 'a'), $matches);
     }
@@ -47,7 +47,8 @@ public function testFailStrictGroups(): void
     {
         self::expectException(UnexpectedNullMatchException::class);
         self::expectExceptionMessage('Pattern "{(?P<m>\d)(?<unmatched>b)?}" had an unexpected unmatched group "unmatched", make sure the pattern always matches or use match() instead.');
-        Preg::matchStrictGroups('{(?P<m>\d)(?<unmatched>b)?}', '123', $matches);
+        // @phpstan-ignore composerPcre.unsafeStrictGroups
+        Preg::matchStrictGroups('{(?<m>\d)(?<unmatched>b)?}', '123', $matches);
     }
 
     public function testTypeErrorWithNull(): void
diff --git a/tests/RegexTests/MatchTest.php b/tests/RegexTests/MatchTest.php
@@ -40,15 +40,16 @@ public function testFailure(): void
 
     public function testSuccessStrictGroups(): void
     {
-        $result = Regex::matchStrictGroups('{(?P<m>\d)(?<matched>a)?}', '3a');
+        $result = Regex::matchStrictGroups('{(?<m>\d)(?<matched>a)}', '3a');
         self::assertSame(array(0 => '3a', 'm' => '3', 1 => '3', 'matched' => 'a', 2 => 'a'), $result->matches);
     }
 
     public function testFailStrictGroups(): void
     {
         self::expectException(UnexpectedNullMatchException::class);
         self::expectExceptionMessage('Pattern "{(?P<m>\d)(?<unmatched>b)?}" had an unexpected unmatched group "unmatched", make sure the pattern always matches or use match() instead.');
-        Regex::matchStrictGroups('{(?P<m>\d)(?<unmatched>b)?}', '123');
+        // @phpstan-ignore composerPcre.unsafeStrictGroups
+        Regex::matchStrictGroups('{(?<m>\d)(?<unmatched>b)?}', '123');
     }
 
     public function testBadPatternThrowsIfWarningsAreNotThrowing(): void

Original file line number	Diff line number	Diff line change
`@@ -8,9 +8,14 @@ conditionalTags:`
`8`	`8`	`phpstan.staticMethodParameterOutTypeExtension: %featureToggles.narrowPregMatches%`
`9`	`9`	`Composer\Pcre\PHPStan\PregMatchTypeSpecifyingExtension:`
`10`	`10`	`phpstan.typeSpecifier.staticMethodTypeSpecifyingExtension: %featureToggles.narrowPregMatches%`
	`11`	`+ Composer\Pcre\PHPStan\UnsafeStrictGroupsCallRule:`
	`12`	`+ phpstan.rules.rule: %featureToggles.narrowPregMatches%`
`11`	`13`
`12`	`14`	`services:`
`13`	`15`	`-`
`14`	`16`	`class: Composer\Pcre\PHPStan\PregMatchParameterOutTypeExtension`
`15`	`17`	`-`
`16`	`18`	`class: Composer\Pcre\PHPStan\PregMatchTypeSpecifyingExtension`
	`19`	`+`
	`20`	`+rules:`
	`21`	`+ - Composer\Pcre\PHPStan\UnsafeStrictGroupsCallRule`
Original file line number	Diff line number	Diff line change
`@@ -17,8 +17,6 @@`
`17`	`17`	`* Run with "vendor/bin/phpunit --testsuite phpstan"`
`18`	`18`	`*`
`19`	`19`	`* This is excluded by default to avoid side effects with the library tests`
`20`		`- *`
`21`		`- * @group phpstan`
`22`	`20`	`*/`
`23`	`21`	`class TypeInferenceTest extends TypeInferenceTestCase`
`24`	`22`	`{`
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ public function testFailure(): void`
`44`	`44`
`45`	`45`	`public function testSuccessStrictGroups(): void`
`46`	`46`	`{`
`47`		`- $count = Preg::matchAllStrictGroups('{(?P<m>\d)(?<matched>a)?}', '3a', $matches);`
	`47`	`+ $count = Preg::matchAllStrictGroups('{(?<m>\d)(?<matched>a)}', '3a', $matches);`
`48`	`48`	`self::assertSame(1, $count);`
`49`	`49`	`self::assertSame(array(0 => ['3a'], 'm' => ['3'], 1 => ['3'], 'matched' => ['a'], 2 => ['a']), $matches);`
`50`	`50`	`}`
`@@ -53,7 +53,8 @@ public function testFailStrictGroups(): void`
`53`	`53`	`{`
`54`	`54`	`self::expectException(UnexpectedNullMatchException::class);`
`55`	`55`	`self::expectExceptionMessage('Pattern "{(?P<m>\d)(?<unmatched>b)?}" had an unexpected unmatched group "unmatched", make sure the pattern always matches or use matchAll() instead.');`
`56`		`- Preg::matchAllStrictGroups('{(?P<m>\d)(?<unmatched>b)?}', '123', $matches);`
	`56`	`+ // @phpstan-ignore composerPcre.unsafeStrictGroups`
	`57`	`+ Preg::matchAllStrictGroups('{(?<m>\d)(?<unmatched>b)?}', '123', $matches);`
`57`	`58`	`}`
`58`	`59`
`59`	`60`	`public function testBadPatternThrowsIfWarningsAreNotThrowing(): void`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public function testSuccessWithInt(): void`
`38`	`38`
`39`	`39`	`public function testSuccessStrictGroups(): void`
`40`	`40`	`{`
`41`		`- $count = Preg::matchStrictGroups('{(?P<m>\d)(?<matched>a)?}', '3a', $matches);`
	`41`	`+ $count = Preg::matchStrictGroups('{(?<m>\d)(?<matched>a)}', '3a', $matches);`
`42`	`42`	`self::assertSame(1, $count);`
`43`	`43`	`self::assertSame(array(0 => '3a', 'm' => '3', 1 => '3', 'matched' => 'a', 2 => 'a'), $matches);`
`44`	`44`	`}`
`@@ -47,7 +47,8 @@ public function testFailStrictGroups(): void`
`47`	`47`	`{`
`48`	`48`	`self::expectException(UnexpectedNullMatchException::class);`
`49`	`49`	`self::expectExceptionMessage('Pattern "{(?P<m>\d)(?<unmatched>b)?}" had an unexpected unmatched group "unmatched", make sure the pattern always matches or use match() instead.');`
`50`		`- Preg::matchStrictGroups('{(?P<m>\d)(?<unmatched>b)?}', '123', $matches);`
	`50`	`+ // @phpstan-ignore composerPcre.unsafeStrictGroups`
	`51`	`+ Preg::matchStrictGroups('{(?<m>\d)(?<unmatched>b)?}', '123', $matches);`
`51`	`52`	`}`
`52`	`53`
`53`	`54`	`public function testTypeErrorWithNull(): void`
Original file line number	Diff line number	Diff line change
`@@ -40,15 +40,16 @@ public function testFailure(): void`
`40`	`40`
`41`	`41`	`public function testSuccessStrictGroups(): void`
`42`	`42`	`{`
`43`		`- $result = Regex::matchStrictGroups('{(?P<m>\d)(?<matched>a)?}', '3a');`
	`43`	`+ $result = Regex::matchStrictGroups('{(?<m>\d)(?<matched>a)}', '3a');`
`44`	`44`	`self::assertSame(array(0 => '3a', 'm' => '3', 1 => '3', 'matched' => 'a', 2 => 'a'), $result->matches);`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`public function testFailStrictGroups(): void`
`48`	`48`	`{`
`49`	`49`	`self::expectException(UnexpectedNullMatchException::class);`
`50`	`50`	`self::expectExceptionMessage('Pattern "{(?P<m>\d)(?<unmatched>b)?}" had an unexpected unmatched group "unmatched", make sure the pattern always matches or use match() instead.');`
`51`		`- Regex::matchStrictGroups('{(?P<m>\d)(?<unmatched>b)?}', '123');`
	`51`	`+ // @phpstan-ignore composerPcre.unsafeStrictGroups`
	`52`	`+ Regex::matchStrictGroups('{(?<m>\d)(?<unmatched>b)?}', '123');`
`52`	`53`	`}`
`53`	`54`
`54`	`55`	`public function testBadPatternThrowsIfWarningsAreNotThrowing(): void`