Add DoctrineKeyValueStyleRule (#529)

Co-authored-by: Markus Staab <[email protected]>

Author: hemberger

.phpstan-dba-mysqli.cache

@@ -62,6 +62,18 @@ services:
                 - 'mysqli_query#1'
                 - 'mysqli_execute_query#1'
 
+    -
+        class: staabm\PHPStanDba\Rules\DoctrineKeyValueStyleRule
+        tags: [phpstan.rules.rule]
+        arguments:
+            classMethods:
+                - 'staabm\PHPStanDba\Tests\Fixture\Connection::assembleNoArrays'
+                - 'staabm\PHPStanDba\Tests\Fixture\Connection::assembleOneArray#1'
+                - 'staabm\PHPStanDba\Tests\Fixture\Connection::assembleTwoArrays#1,2'
+                - 'Doctrine\DBAL\Connection::insert#1'
+                - 'Doctrine\DBAL\Connection::delete#1'
+                - 'Doctrine\DBAL\Connection::update#1,2'
+
     -
         class: staabm\PHPStanDba\Rules\QueryPlanAnalyzerRule
         tags: [phpstan.rules.rule]

.phpstan-dba-pdo-mysql.cache

@@ -52,6 +52,27 @@ services:
 
 __the callable format is `funtionName#parameterIndex`, while the parameter-index defines the position of the query-string argument.__
 
+## use `DoctrineKeyValueStyleRule` for your custom classes
+
+Reuse the `DoctrineKeyValueStyleRule` within your PHPStan configuration to detect syntax errors in class methods that construct queries from table and column name variables, by registering a service:
+The rule is designed around doctrine's [data-retrieval-and-manipulation-api](https://www.doctrine-project.org/projects/doctrine-dbal/en/current/reference/data-retrieval-and-manipulation.html#insert).
+
+```
+services:
+    -
+        class: staabm\PHPStanDba\Rules\DoctrineKeyValueStyleRule
+        tags: [phpstan.rules.rule]
+        arguments:
+            classMethods:
+                - 'My\Connection::truncate'
+                - 'My\Connection::insert#1'
+                - 'My\Connection::delete#1'
+                - 'My\Connection::update#1,2'
+```
+
+__the callable format is `class::method#arrayArgIndex,arrayArgIndex`. phpstan-dba assumes the method takes a table name as the 1st argument and any listed argument indices are arrays with column name keys and column value values.__
+
+
 ## use `QueryPlanAnalyzerRule` for your custom classes
 
 Reuse the `QueryPlanAnalyzerRule` within your PHPStan configuration to detect syntax errors in queries, by registering a service:

config/rules.neon

@@ -176,7 +176,7 @@ private function stringifyType(Type $type): Type
         return $type;
     }
 
-    private function getSchemaReflection(): SchemaReflection
+    public function getSchemaReflection(): SchemaReflection
     {
         if (null === $this->schemaReflection) {
             $this->schemaReflection = new SchemaReflection(function ($queryString) {

docs/rules.md

@@ -0,0 +1,181 @@
+<?php
+
+declare(strict_types=1);
+
+namespace staabm\PHPStanDba\Rules;
+
+use PhpParser\Node;
+use PhpParser\Node\Expr\CallLike;
+use PhpParser\Node\Expr\MethodCall;
+use PhpParser\Node\Expr\New_;
+use PhpParser\Node\Name\FullyQualified;
+use PHPStan\Analyser\Scope;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleError;
+use PHPStan\Rules\RuleErrorBuilder;
+use PHPStan\ShouldNotHappenException;
+use PHPStan\Type\Constant\ConstantArrayType;
+use PHPStan\Type\Constant\ConstantStringType;
+use PHPStan\Type\ObjectType;
+use PHPStan\Type\VerbosityLevel;
+use staabm\PHPStanDba\QueryReflection\QueryReflection;
+
+/**
+ * @implements Rule<CallLike>
+ *
+ * @see DoctrineKeyValueStyleRuleTest
+ */
+final class DoctrineKeyValueStyleRule implements Rule
+{
+    /**
+     * @var array<array{string, string, list<int>}>
+     */
+    private $classMethods;
+
+    /**
+     * @var QueryReflection
+     */
+    private $queryReflection;
+
+    /**
+     * @param list<string> $classMethods
+     */
+    public function __construct(array $classMethods)
+    {
+        $this->classMethods = [];
+        foreach ($classMethods as $classMethod) {
+            sscanf($classMethod, '%[^::]::%[^#]#%[0-9,]', $className, $methodName, $arrayArgPositions);
+            if (! \is_string($className) || ! \is_string($methodName)) {
+                throw new ShouldNotHappenException('Invalid classMethod definition');
+            }
+            if ($arrayArgPositions !== null) {
+                $arrayArgPositions = array_map('intval', explode(',', strval($arrayArgPositions)));
+            } else {
+                $arrayArgPositions = [];
+            }
+            $this->classMethods[] = [$className, $methodName, $arrayArgPositions];
+        }
+        $this->queryReflection = new QueryReflection();
+    }
+
+    public function getNodeType(): string
+    {
+        return CallLike::class;
+    }
+
+    /**
+     * @return RuleError[]
+     */
+    public function processNode(Node $callLike, Scope $scope): array
+    {
+        if ($callLike instanceof MethodCall) {
+            if (! $callLike->name instanceof Node\Identifier) {
+                return [];
+            }
+
+            $methodReflection = $scope->getMethodReflection($scope->getType($callLike->var), $callLike->name->toString());
+        } elseif ($callLike instanceof New_) {
+            if (! $callLike->class instanceof FullyQualified) {
+                return [];
+            }
+            $methodReflection = $scope->getMethodReflection(new ObjectType($callLike->class->toCodeString()), '__construct');
+        } else {
+            return [];
+        }
+
+        if (null === $methodReflection) {
+            return [];
+        }
+
+        $unsupportedMethod = true;
+        $arrayArgPositions = [];
+        foreach ($this->classMethods as [$className, $methodName, $arrayArgPositionsConfig]) {
+            if ($methodName === $methodReflection->getName() &&
+                ($methodReflection->getDeclaringClass()->getName() === $className || $methodReflection->getDeclaringClass()->isSubclassOf($className))) {
+                $arrayArgPositions = $arrayArgPositionsConfig;
+                $unsupportedMethod = false;
+                break;
+            }
+        }
+
+        if ($unsupportedMethod) {
+            return [];
+        }
+
+        $args = $callLike->getArgs();
+
+        if (\count($args) < 1) {
+            return [];
+        }
+
+        $tableExpr = $args[0]->value;
+        $tableType = $scope->getType($tableExpr);
+        if (! $tableType instanceof ConstantStringType) {
+            return [
+                RuleErrorBuilder::message('Argument #0 expects a literal string, got ' . $tableType->describe(VerbosityLevel::precise()))->line($callLike->getLine())->build(),
+            ];
+        }
+
+        $schemaReflection = $this->queryReflection->getSchemaReflection();
+
+        // Table name may be escaped with backticks
+        $argTableName = trim($tableType->getValue(), '`');
+        $table = $schemaReflection->getTable($argTableName);
+        if (null === $table) {
+            return [
+                RuleErrorBuilder::message('Query error: Table "' . $argTableName . '" does not exist')->line($callLike->getLine())->build(),
+            ];
+        }
+
+        // All array arguments should have table columns as keys
+        $errors = [];
+        foreach ($arrayArgPositions as $arrayArgPosition) {
+            // If the argument doesn't exist, just skip it since we don't want
+            // to error in case it has a default value
+            if (! \array_key_exists($arrayArgPosition, $args)) {
+                continue;
+            }
+
+            $argType = $scope->getType($args[$arrayArgPosition]->value);
+            if (! $argType instanceof ConstantArrayType) {
+                $errors[] = 'Argument #' . $arrayArgPosition . ' is not a constant array, got ' . $argType->describe(VerbosityLevel::precise());
+                continue;
+            }
+
+            foreach ($argType->getKeyTypes() as $keyIndex => $keyType) {
+                if (! $keyType instanceof ConstantStringType) {
+                    $errors[] = 'Element #' . $keyIndex . ' of argument #' . $arrayArgPosition . ' must have a string key, got ' . $keyType->describe(VerbosityLevel::precise());
+                    continue;
+                }
+
+                // Column name may be escaped with backticks
+                $argColumnName = trim($keyType->getValue(), '`');
+
+                $argColumn = null;
+                foreach ($table->getColumns() as $column) {
+                    if ($argColumnName === $column->getName()) {
+                        $argColumn = $column;
+                    }
+                }
+                if (null === $argColumn) {
+                    $errors[] = 'Column "' . $table->getName() . '.' . $argColumnName . '" does not exist';
+                    continue;
+                }
+
+                // Be a bit generous here by allowing column value types that
+                // are *maybe* accepted. If we want to be strict, we can warn
+                // unless they are *definitely* accepted.
+                $valueType = $argType->getValueTypes()[$keyIndex];
+                if ($argColumn->getType()->accepts($valueType, true)->no()) {
+                    $errors[] = 'Column "' . $table->getName() . '.' . $argColumnName . '" expects value type ' . $argColumn->getType()->describe(VerbosityLevel::precise()) . ', got type ' . $valueType->describe(VerbosityLevel::precise());
+                }
+            }
+        }
+
+        $ruleErrors = [];
+        foreach ($errors as $error) {
+            $ruleErrors[] = RuleErrorBuilder::message('Query error: ' . $error)->line($callLike->getLine())->build();
+        }
+        return $ruleErrors;
+    }
+}

src/QueryReflection/QueryReflection.php

@@ -9,4 +9,16 @@ class Connection
     public function preparedQuery(string $queryString, array $params)
     {
     }
+
+    public function assembleNoArrays(string $tableName)
+    {
+    }
+
+    public function assembleOneArray(string $tableName, $cols)
+    {
+    }
+
+    public function assembleTwoArrays(string $tableName, $cols1, $cols2)
+    {
+    }
 }

src/Rules/DoctrineKeyValueStyleRule.php

@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+namespace staabm\PHPStanDba\Tests;
+
+use PHPStan\Rules\Rule;
+use PHPStan\Testing\RuleTestCase;
+use staabm\PHPStanDba\Rules\DoctrineKeyValueStyleRule;
+
+/**
+ * @extends RuleTestCase<DoctrineKeyValueStyleRule>
+ */
+class DoctrineKeyValueStyleRuleTest extends RuleTestCase
+{
+    protected function getRule(): Rule
+    {
+        return self::getContainer()->getByType(DoctrineKeyValueStyleRule::class);
+    }
+
+    public static function getAdditionalConfigFiles(): array
+    {
+        return [
+            __DIR__ . '/../../config/dba.neon',
+        ];
+    }
+
+    public function testSyntaxErrorInMethod(): void
+    {
+        $expectedErrors = [
+            [
+                'Argument #0 expects a literal string, got string',
+                11,
+            ],
+            [
+                'Query error: Table "not_a_table" does not exist',
+                16,
+            ],
+            [
+                'Query error: Argument #1 is not a constant array, got \'not_an_array\'',
+                21,
+            ],
+            [
+                'Query error: Argument #2 is not a constant array, got \'not_an_array\'',
+                26,
+            ],
+            [
+                'Query error: Argument #1 is not a constant array, got non-empty-array<string, \'foo\'>',
+                31,
+            ],
+            [
+                'Query error: Element #0 of argument #1 must have a string key, got 42',
+                36,
+            ],
+            [
+                'Query error: Column "ada.not_a_column" does not exist',
+                41,
+            ],
+            [
+                'Query error: Column "ada.adaid" expects value type int<-32768, 32767>, got type string',
+                46,
+            ],
+        ];
+
+        $this->analyse([__DIR__ . '/data/doctrine-key-value-style.php'], $expectedErrors);
+    }
+}