fix(console): prevent unknown console arguments (#1238)

Author: brendt

packages/console/src/Exceptions/UnknownArgumentsException.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace Tempest\Console\Exceptions;
+
+use Tempest\Console\Console;
+use Tempest\Console\ConsoleCommand;
+use Tempest\Console\Input\ConsoleInputArgument;
+use Tempest\Support\Arr\ImmutableArray;
+
+final class UnknownArgumentsException extends ConsoleException
+{
+    public function __construct(
+        private readonly ConsoleCommand $consoleCommand,
+        /** @var \Tempest\Console\Input\ConsoleInputArgument[] $invalidArguments */
+        private readonly ImmutableArray $invalidArguments,
+    ) {}
+
+    public function render(Console $console): void
+    {
+        $console->error(sprintf(
+            'Unknown arguments: %s',
+            $this->invalidArguments
+                ->map(fn (ConsoleInputArgument $argument) => sprintf(
+                    '<code>%s</code>',
+                    $argument->name,
+                ))
+                ->implode(', '),
+        ));
+    }
+}

packages/console/src/GenericConsole.php

@@ -310,7 +310,7 @@ public function supportsPrompting(): bool
             return false;
         }
 
-        if ($this->argumentBag->get('interaction')?->value === false) {
+        if ($this->argumentBag->get(GlobalFlags::INTERACTION->value)?->value === false) {
             return false;
         }
 

packages/console/src/GlobalFlags.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace Tempest\Console;
+
+use Tempest\Support\IsEnumHelper;
+
+enum GlobalFlags: string
+{
+    use IsEnumHelper;
+
+    case FORCE = 'force';
+    case FORCE_SHORTHAND = '-f';
+    case HELP = 'help';
+    case HELP_SHORTHAND = '-h';
+    case INTERACTION = 'interaction';
+}

packages/console/src/Input/ConsoleArgumentBag.php

@@ -11,7 +11,7 @@
 final class ConsoleArgumentBag
 {
     /** @var ConsoleInputArgument[] */
-    private array $arguments = [];
+    private(set) array $arguments = [];
 
     /** @var string[] */
     private array $path = [];
@@ -152,14 +152,16 @@ public function addMany(array $arguments): self
         }
 
         // Otherwise, $arguments is an array of flags or positional argument.
-        foreach ($arguments as $argument) {
+        foreach ($arguments as $key => $argument) {
             if (str_starts_with($argument, '-') && ! str_starts_with($argument, '--')) {
                 $flags = str_split($argument);
                 unset($flags[0]);
 
                 foreach ($flags as $flag) {
                     $arguments[] = "-{$flag}";
                 }
+
+                unset($arguments[$key]);
             }
         }
 

packages/console/src/Middleware/ForceMiddleware.php

@@ -9,6 +9,7 @@
 use Tempest\Console\ConsoleMiddlewareCallable;
 use Tempest\Console\ExitCode;
 use Tempest\Console\GenericConsole;
+use Tempest\Console\GlobalFlags;
 use Tempest\Console\Initializers\Invocation;
 use Tempest\Discovery\SkipDiscovery;
 
@@ -21,7 +22,7 @@ public function __construct(
 
     public function __invoke(Invocation $invocation, ConsoleMiddlewareCallable $next): ExitCode|int
     {
-        if ($invocation->argumentBag->get('-f') || $invocation->argumentBag->get('force')) {
+        if ($invocation->argumentBag->get(GlobalFlags::FORCE_SHORTHAND->value) || $invocation->argumentBag->get(GlobalFlags::FORCE->value)) {
             if ($this->console instanceof GenericConsole) {
                 $this->console->setForced();
             }

packages/console/src/Middleware/HelpMiddleware.php

@@ -10,6 +10,7 @@
 use Tempest\Console\ConsoleMiddleware;
 use Tempest\Console\ConsoleMiddlewareCallable;
 use Tempest\Console\ExitCode;
+use Tempest\Console\GlobalFlags;
 use Tempest\Console\Initializers\Invocation;
 use Tempest\Core\Priority;
 
@@ -22,7 +23,7 @@ public function __construct(
 
     public function __invoke(Invocation $invocation, ConsoleMiddlewareCallable $next): ExitCode|int
     {
-        if ($invocation->argumentBag->get('-h') || $invocation->argumentBag->get('help')) {
+        if ($invocation->argumentBag->get(GlobalFlags::HELP_SHORTHAND->value) || $invocation->argumentBag->get(GlobalFlags::HELP->value)) {
             $this->renderHelp($invocation->consoleCommand);
 
             return ExitCode::SUCCESS;

packages/console/src/Middleware/InvalidCommandMiddleware.php

@@ -61,12 +61,12 @@ private function retry(Invocation $invocation, InvalidCommandException $exceptio
             } else {
                 $value = $this->console->ask(
                     question: $name,
-                    default: $argument->default,
-                    hint: $argument->help ?: $argument->description,
                     options: match (true) {
                         $isEnum => $argument->type::cases(),
                         default => null,
                     },
+                    default: $argument->default,
+                    hint: $argument->help ?: $argument->description,
                     validation: array_filter([
                         $isEnum
                             ? new IsEnum($argument->type)

packages/console/src/Middleware/ValidateNamedArgumentsMiddleware.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace Tempest\Console\Middleware;
+
+use Tempest\Console\ConsoleMiddleware;
+use Tempest\Console\ConsoleMiddlewareCallable;
+use Tempest\Console\Exceptions\UnknownArgumentsException;
+use Tempest\Console\ExitCode;
+use Tempest\Console\GlobalFlags;
+use Tempest\Console\Initializers\Invocation;
+use Tempest\Console\Input\ConsoleArgumentDefinition;
+use Tempest\Console\Input\ConsoleInputArgument;
+use Tempest\Core\Priority;
+
+use function Tempest\Support\arr;
+
+#[Priority(Priority::FRAMEWORK - 6)]
+final class ValidateNamedArgumentsMiddleware implements ConsoleMiddleware
+{
+    public function __invoke(Invocation $invocation, ConsoleMiddlewareCallable $next): ExitCode|int
+    {
+        $allowedParameterNames = arr($invocation->consoleCommand->getArgumentDefinitions())
+            ->flatMap(function (ConsoleArgumentDefinition $definition) {
+                return [$definition->name, ...$definition->aliases];
+            })
+            ->map(function (string $name) {
+                return ltrim($name, '-');
+            });
+
+        $invalidInput = arr($invocation->argumentBag->arguments)
+            ->filter(fn (ConsoleInputArgument $argument) => $argument->name !== null)
+            ->filter(fn (ConsoleInputArgument $argument) => ! $allowedParameterNames->contains(ltrim($argument->name, '-')))
+            ->filter(fn (ConsoleInputArgument $argument) => ! in_array($argument->name, GlobalFlags::values(), strict: true));
+
+        if ($invalidInput->isNotEmpty()) {
+            throw new UnknownArgumentsException(
+                consoleCommand: $invocation->consoleCommand,
+                invalidArguments: $invalidInput,
+            );
+        }
+
+        return $next($invocation);
+    }
+}

tests/Integration/Console/Fixtures/TestCommand.php

@@ -34,4 +34,14 @@ public function test(): void
     {
         $this->console->confirm('yes or no?');
     }
+
+    #[ConsoleCommand]
+    public function flags(bool $flag = false, bool $foo = false): void
+    {
+        if ($flag && $foo) {
+            $this->console->writeln('ok');
+        }
+
+        $this->console->confirm('yes or no?');
+    }
 }

tests/Integration/Console/Middleware/ValidateNamedArgumentsMiddlewareTest.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace Integration\Console\Middleware;
+
+use Tests\Tempest\Integration\FrameworkIntegrationTestCase;
+
+final class ValidateNamedArgumentsMiddlewareTest extends FrameworkIntegrationTestCase
+{
+    public function test_invalid_parameters_throw_exception(): void
+    {
+        $this->console
+            ->call('test:flags --unknown --foo --no-flag --help --force --no-interaction')
+            ->assertError()
+            ->assertContains('unknown')
+            ->assertDoesNotContain('foo')
+            ->assertDoesNotContain('flag')
+            ->assertDoesNotContain('force')
+            ->assertDoesNotContain('help')
+            ->assertDoesNotContain('interaction');
+    }
+}