support prepared statement analysis of construct()-methods in SyntaxErrorInPreparedStatementMethodRule (#88)

Co-authored-by: Markus Staab <[email protected]>

Author: staabm

README.md

@@ -112,6 +112,7 @@ services:
 		arguments:
 			classMethods:
 				- 'My\Connection::preparedQuery'
+				- 'My\PreparedStatement::__construct'
 ```
 
 __the callable format is `class::method`. phpstan-dba assumes the method takes a query-string as a 1st and the parameter-values as a 2nd argument.__

src/Rules/SyntaxErrorInPreparedStatementMethodRule.php

@@ -5,15 +5,21 @@
 namespace staabm\PHPStanDba\Rules;
 
 use PhpParser\Node;
+use PhpParser\Node\Expr\CallLike;
 use PhpParser\Node\Expr\MethodCall;
+use PhpParser\Node\Expr\New_;
+use PhpParser\Node\Name;
+use PhpParser\Node\Name\FullyQualified;
 use PHPStan\Analyser\Scope;
 use PHPStan\Rules\Rule;
 use PHPStan\Rules\RuleError;
 use PHPStan\Rules\RuleErrorBuilder;
+use PHPStan\Type\ObjectType;
+use Prophecy\Call\Call;
 use staabm\PHPStanDba\QueryReflection\QueryReflection;
 
 /**
- * @implements Rule<MethodCall>
+ * @implements Rule<CallLike>
  *
  * @see SyntaxErrorInPreparedStatementMethodRuleTest
  */
@@ -34,16 +40,26 @@ public function __construct(array $classMethods)
 
     public function getNodeType(): string
     {
-        return MethodCall::class;
+        return CallLike::class;
     }
 
-    public function processNode(Node $methodCall, Scope $scope): array
+    public function processNode(Node $callLike, Scope $scope): array
     {
-        if (!$methodCall->name instanceof Node\Identifier) {
+        if ($callLike instanceof MethodCall) {
+            if (!$callLike->name instanceof Node\Identifier) {
+                return [];
+            }
+
+            $methodReflection = $scope->getMethodReflection($scope->getType($callLike->var), $callLike->name->toString());
+        } elseif ($callLike instanceof New_) {
+            if (!$callLike->class instanceof FullyQualified) {
+                return [];
+            }
+            $methodReflection = $scope->getMethodReflection(new ObjectType($callLike->class->toCodeString()), '__construct');
+        } else {
             return [];
         }
 
-        $methodReflection = $scope->getMethodReflection($scope->getType($methodCall->var), $methodCall->name->toString());
         if (null === $methodReflection) {
             return [];
         }
@@ -62,15 +78,16 @@ public function processNode(Node $methodCall, Scope $scope): array
             return [];
         }
 
-        return $this->checkErrors($methodCall, $scope);
+        return $this->checkErrors($callLike, $scope);
     }
 
     /**
+     * @param MethodCall|New_ $callLike
      * @return RuleError[]
      */
-    private function checkErrors(MethodCall $methodCall, Scope $scope): array
+    private function checkErrors(CallLike $callLike, Scope $scope): array
     {
-        $args = $methodCall->getArgs();
+        $args = $callLike->getArgs();
 
         if (\count($args) < 2) {
             return [];
@@ -88,7 +105,7 @@ private function checkErrors(MethodCall $methodCall, Scope $scope): array
         $error = $queryReflection->validateQueryString($queryString);
         if (null !== $error) {
             return [
-                RuleErrorBuilder::message('Query error: '.$error->getMessage().' ('.$error->getCode().').')->line($methodCall->getLine())->build(),
+                RuleErrorBuilder::message('Query error: '.$error->getMessage().' ('.$error->getCode().').')->line($callLike->getLine())->build(),
             ];
         }
 

tests/Fixture/PreparedStatement.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace staabm\PHPStanDba\Tests\Fixture;
+
+class PreparedStatement
+{
+    public function __construct(string $queryString, array $params)
+    {
+    }
+}

tests/SyntaxErrorInPreparedStatementMethodRuleTest.php

@@ -23,7 +23,11 @@ public function testSyntaxErrorInQueryRule(): void
         $this->analyse([__DIR__.'/data/syntax-error-in-prepared-statement.php'], [
             [
                 "Query error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near 'freigabe1u1 FROM ada LIMIT 0' at line 1 (1064).",
-                11,
+                12,
+            ],
+            [
+                "Query error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near 'freigabe1u1 FROM ada LIMIT 0' at line 1 (1064).",
+                17,
             ],
         ]);
     }

tests/config/syntax-error-in-prepared-statement.neon

@@ -9,3 +9,4 @@ services:
 		arguments:
 			classMethods:
 				- 'staabm\PHPStanDba\Tests\Fixture\Connection::preparedQuery'
+				- 'staabm\PHPStanDba\Tests\Fixture\PreparedStatement::__construct'

tests/data/syntax-error-in-prepared-statement.php

@@ -3,6 +3,7 @@
 namespace SyntaxErrorInPreparedStatementMethodRuleTest;
 
 use staabm\PHPStanDba\Tests\Fixture\Connection;
+use staabm\PHPStanDba\Tests\Fixture\PreparedStatement;
 
 class Foo
 {
@@ -11,6 +12,11 @@ public function syntaxError(Connection $connection)
         $connection->preparedQuery('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada', []);
     }
 
+    public function syntaxErrorInConstruct()
+    {
+        $stmt = new PreparedStatement('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada', []);
+    }
+
     public function preparedParams(Connection $connection)
     {
         $connection->preparedQuery('SELECT email, adaid FROM ada WHERE gesperrt = ?', [1]);