New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return false
for hash_hmac/hash_hmac_file on invalid algorithm
#328
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Otherwise this looks great 👍
|
||
public function isFunctionSupported(FunctionReflection $functionReflection): bool | ||
{ | ||
return in_array($functionReflection->getName(), $this->functions, true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This array can be here statically, it's not referenced anywhere else in the extension.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have inlined the value, hope this is correct?
I had orientated on other instances like ArrayPointerFunctionsDynamicReturnTypeExtension
which also uses the private array $functions = []
notation.
public function getTypeFromFunctionCall(FunctionReflection $functionReflection, FuncCall $functionCall, Scope $scope): Type | ||
{ | ||
$algo = $functionCall->args[0]->value; | ||
if (!in_array($algo, hash_hmac_algos(), true)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There needs to be a fallback for PHP 7.1 using https://www.php.net/manual/en/function.hash-algos.php
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have added function_exists('hash_hmac_algos') ? hash_hmac_algos() : hash_algos()
check but sadly PHPStan doesn't care. Any suggestion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's fine, just make the tests pass and I'll fix the PHPStan issue just before merging :) Thanks.
111870c
to
c72db7f
Compare
c72db7f
to
4a24397
Compare
Just a 2 cents: Maybe it might make more sense to specify the |
@ondrejmirtes I have replaced the conditional declaration of those supported algorithms with a static one like @dktapps suggested. As the behaviour seems to change from return |
Thank you! |
I'll handle that case when I'll be adding support for PHP 8. |
This PR adds a dynamic function return type extension for both
hash_hmac
andhash_hmac_file
as both functions can returnfalse
in certain circumstances. For both functions this means providing an invalid algorithm as first parameter will statically return false, otherwisestring
forhash_hmac
andstring|false
forhash_hmac_file
(we can't check for file readability in static analysis, and you should always check for file errors anyway).There has been a PR more than 1.5 years ago that tried to fix this within static functions map but that would lead to far more false positives.