TASK: Adjust phpstan config to apply level 8 rules to the Flow/Security context and remove breaking changes

Author: mficzel

Neos.Flow/Classes/Security/Authentication/Provider/FileBasedSimpleKeyProvider.php

@@ -107,7 +107,7 @@ public function authenticate(TokenInterface $authenticationToken)
     protected function validateCredentials(PasswordTokenInterface $authenticationToken): void
     {
         $key = $this->fileBasedSimpleKeyService->getKey($this->options['keyName']);
-        if (!$this->hashService->validatePassword($authenticationToken->getPassword(),$key)) {
+        if (!$this->hashService->validatePassword($authenticationToken->getPassword(), $key)) {
             $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
             return;
         }

Neos.Flow/Classes/Security/Authorization/Privilege/Entity/Doctrine/EntityPrivilege.php

@@ -11,7 +11,6 @@
  * source code.
  */
 
-use Doctrine\Persistence\Mapping\ClassMetadata;
 use Doctrine\ORM\EntityManager;
 use Doctrine\ORM\EntityManagerInterface;
 use Neos\Eel\Context as EelContext;

Neos.Flow/Classes/Security/Authorization/Privilege/Entity/Doctrine/EntityPrivilegeExpressionParser.php

@@ -25,8 +25,9 @@ class EntityPrivilegeExpressionParser extends CompilingEelParser
     /**
      * @param array<string,mixed> $result
      * @param array<string,mixed> $sub
+     * @return void
      */
-    public function NotExpression_exp(&$result, $sub): void
+    public function NotExpression_exp(&$result, $sub)
     {
         if (!isset($result['code'])) {
             $result['code'] = '$context';
@@ -37,27 +38,30 @@ public function NotExpression_exp(&$result, $sub): void
     /**
      * @param array<string,mixed> $result
      * @param array<string,mixed> $sub
+     * @return void
      */
-    public function Disjunction_rgt(&$result, $sub): void
+    public function Disjunction_rgt(&$result, $sub)
     {
         $result['code'] = '$context->callAndWrap(\'disjunction\', array(' . $this->unwrapExpression($result['code']) . ', ' . $this->unwrapExpression($sub['code']) . '))';
     }
 
     /**
      * @param array<string,mixed> $result
      * @param array<string,mixed> $sub
+     * @return
      */
-    public function Conjunction_rgt(&$result, $sub): void
+    public function Conjunction_rgt(&$result, $sub)
     {
         $result['code'] = '$context->callAndWrap(\'conjunction\', array(' . $this->unwrapExpression($result['code']) . ', ' . $this->unwrapExpression($sub['code']) . '))';
     }
 
     /**
      * @param array<string,mixed> $result
      * @param array<string,mixed> $sub
+     * @return void
      * @throws ParserException
      */
-    public function Comparison_rgt(&$result, $sub): void
+    public function Comparison_rgt(&$result, $sub)
     {
         $lval = $result['code'];
         $rval = $sub['code'];

Neos.Flow/Classes/Security/Authorization/Privilege/Entity/Doctrine/PropertyConditionGenerator.php

@@ -254,8 +254,8 @@ public function getSql(DoctrineSqlFilter $sqlFilter, ORMClassMetadata $targetEnt
         } elseif ($targetEntity->isSingleValuedAssociation($targetEntityPropertyName) === true && $targetEntity->isAssociationInverseSide($targetEntityPropertyName) === true) {
             throw new InvalidQueryRewritingConstraintException(
                 'Single valued properties from the inverse side are not supported in a content security constraint path! Got: "'
-                    . $this->path . ' ' . $this->operator . ' ' . json_encode($this->operandDefinition) . '"'
-                , 1416397754
+                    . $this->path . ' ' . $this->operator . ' ' . json_encode($this->operandDefinition) . '"',
+                1416397754
             );
         } elseif ($targetEntity->isCollectionValuedAssociation($targetEntityPropertyName) === true) {
             return $this->getSqlForPropertyContains($sqlFilter, $quoteStrategy, $targetEntity, $targetTableAlias, $targetEntityPropertyName);

Neos.Flow/Classes/Security/Cryptography/HashService.php

@@ -72,7 +72,7 @@ public function injectSettings(array $settings)
      * @return string The hash of the string
      * @throws InvalidArgumentForHashGenerationException if something else than a string was given as parameter
      */
-    public function generateHmac(string $string): string
+    public function generateHmac(string $string)
     {
         return hash_hmac('sha1', $string, $this->getEncryptionKey());
     }
@@ -117,7 +117,7 @@ public function validateHmac($string, $hmac)
      * @throws InvalidHashException if the hash did not fit to the data.
      * @todo Mark as API once it is more stable
      */
-    public function validateAndStripHmac(string $string): string
+    public function validateAndStripHmac(string $string)
     {
         if (strlen($string) < 40) {
             throw new InvalidArgumentForHashGenerationException('A hashed string must contain at least 40 characters, the given string was only ' . strlen($string) . ' characters long.', 1320830276);

Neos.Flow/Classes/Security/Cryptography/RsaWalletServiceInterface.php

@@ -54,7 +54,7 @@ public function registerPublicKeyFromString($publicKeyString);
      * @return OpenSslRsaKey The public key
      * @throws InvalidKeyPairIdException If the given fingerprint identifies no valid key pair
      */
-    public function getPublicKey(string $fingerprint): OpenSslRsaKey;
+    public function getPublicKey($fingerprint);
 
     /**
      * Decrypts the given cypher with the private key identified by the given fingerprint
@@ -67,7 +67,7 @@ public function getPublicKey(string $fingerprint): OpenSslRsaKey;
      * @throws InvalidKeyPairIdException If the given fingerprint identifies no valid keypair
      * @throws DecryptionNotAllowedException If the given fingerprint identifies a keypair for encrypted passwords
      */
-    public function decrypt(string $cypher, string $fingerprint): string;
+    public function decrypt($cypher, $fingerprint);
 
     /**
      * Signs the given plaintext with the private key identified by the given fingerprint
@@ -77,7 +77,7 @@ public function decrypt(string $cypher, string $fingerprint): string;
      * @return string The signature of the given plaintext
      * @throws InvalidKeyPairIdException If the given fingerprint identifies no valid keypair
      */
-    public function sign(string $plaintext, string $fingerprint): string;
+    public function sign($plaintext, $fingerprint);
 
     /**
      * Checks whether the given signature is valid for the given plaintext
@@ -88,7 +88,7 @@ public function sign(string $plaintext, string $fingerprint): string;
      * @param string $fingerprint The fingerprint to identify to correct public key
      * @return boolean true if the signature is correct for the given plaintext and public key
      */
-    public function verifySignature(string $plaintext, string $signature, string $fingerprint): bool;
+    public function verifySignature($plaintext, $signature, $fingerprint);
 
     /**
      * Encrypts the given plaintext with the public key identified by the given fingerprint
@@ -109,12 +109,13 @@ public function encryptWithPublicKey($plaintext, $fingerprint);
      * @param string $fingerprint The fingerprint to identify to correct private key
      * @return boolean true if the password is correct
      */
-    public function checkRSAEncryptedPassword(string $encryptedPassword, string $passwordHash, string $salt, string $fingerprint): bool;
+    public function checkRSAEncryptedPassword($encryptedPassword, $passwordHash, $salt, $fingerprint);
 
     /**
      * Destroys the keypair identified by the given fingerprint
      *
+     * @return void
      * @throws InvalidKeyPairIdException If the given fingerprint identifies no valid key pair
      */
-    public function destroyKeypair(string $fingerprint): void;
+    public function destroyKeypair($fingerprint);
 }

Neos.Flow/Classes/Security/Cryptography/RsaWalletServicePhp.php

@@ -169,7 +169,7 @@ public function registerPublicKeyFromString($publicKeyString)
      * @return OpenSslRsaKey The public key
      * @throws InvalidKeyPairIdException If the given fingerprint identifies no valid key pair
      */
-    public function getPublicKey(string $fingerprint): OpenSslRsaKey
+    public function getPublicKey($fingerprint)
     {
         if (!isset($this->keys[$fingerprint])) {
             throw new InvalidKeyPairIdException('Invalid keypair fingerprint given', 1231438860);
@@ -212,7 +212,7 @@ public function encryptWithPublicKey($plaintext, $fingerprint)
      * @throws DecryptionNotAllowedException If the given fingerprint identifies a keypair for encrypted passwords
      * @throws SecurityException If decryption failed for some other reason
      */
-    public function decrypt(string $cypher, string $fingerprint): string
+    public function decrypt($cypher, $fingerprint)
     {
         if (!isset($this->keys[$fingerprint])) {
             throw new InvalidKeyPairIdException('Invalid keypair fingerprint given', 1231438861);
@@ -235,7 +235,7 @@ public function decrypt(string $cypher, string $fingerprint): string
      * @return string The signature of the given plaintext
      * @throws InvalidKeyPairIdException If the given fingerprint identifies no valid keypair
      */
-    public function sign(string $plaintext, string $fingerprint): string
+    public function sign($plaintext, $fingerprint)
     {
         if (!isset($this->keys[$fingerprint])) {
             throw new InvalidKeyPairIdException('Invalid keypair fingerprint given', 1299095799);
@@ -257,7 +257,7 @@ public function sign(string $plaintext, string $fingerprint): string
      * @return boolean true if the signature is correct for the given plaintext and public key
      * @throws InvalidKeyPairIdException
      */
-    public function verifySignature(string $plaintext, string $signature, string $fingerprint): bool
+    public function verifySignature($plaintext, $signature, $fingerprint)
     {
         if (!isset($this->keys[$fingerprint])) {
             throw new InvalidKeyPairIdException('Invalid keypair fingerprint given', 1304959763);
@@ -279,7 +279,7 @@ public function verifySignature(string $plaintext, string $signature, string $fi
      * @return boolean true if the password is correct
      * @throws InvalidKeyPairIdException If the given fingerprint identifies no valid keypair
      */
-    public function checkRSAEncryptedPassword(string $encryptedPassword, string $passwordHash, string $salt, string $fingerprint): bool
+    public function checkRSAEncryptedPassword($encryptedPassword, $passwordHash, $salt, $fingerprint)
     {
         if (!isset($this->keys[$fingerprint])) {
             throw new InvalidKeyPairIdException('Invalid keypair fingerprint given', 1233655216);
@@ -296,7 +296,7 @@ public function checkRSAEncryptedPassword(string $encryptedPassword, string $pas
      * @param string $fingerprint The fingerprint
      * @throws InvalidKeyPairIdException If the given fingerprint identifies no valid key pair
      */
-    public function destroyKeypair(string $fingerprint): void
+    public function destroyKeypair($fingerprint): void
     {
         if (!isset($this->keys[$fingerprint])) {
             throw new InvalidKeyPairIdException('Invalid keypair fingerprint given', 1231438863);

Neos.Flow/Classes/Security/SessionDataContainer.php

@@ -47,8 +47,9 @@ public function getSecurityTokens(): array
      * Set the current list of security tokens with their data.
      *
      * @param array<TokenInterface> $securityTokens
+     * @return void
      */
-    public function setSecurityTokens(array $securityTokens): void
+    public function setSecurityTokens(array $securityTokens)
     {
         foreach ($securityTokens as $token) {
             if ($token instanceof SessionlessTokenInterface) {
@@ -72,8 +73,9 @@ public function getCsrfProtectionTokens(): array
      * set the list of currently active CSRF tokens.
      *
      * @param array<string,string|bool> $csrfProtectionTokens
+     * @return void
      */
-    public function setCsrfProtectionTokens(array $csrfProtectionTokens): void
+    public function setCsrfProtectionTokens(array $csrfProtectionTokens)
     {
         $this->csrfProtectionTokens = $csrfProtectionTokens;
     }

phpstan.neon.dist

@@ -1,6 +1,7 @@
 parameters:
     level: 8
     paths:
+        - Neos.Flow/Classes/Security
         - Neos.Flow/Classes/Session
         - Neos.Flow/Classes/SignalSlot
         - Neos.Flow/Classes/Utility