Skip to content

Commit

Permalink
Remove instanceof ConstantArrayType (#765)
Browse files Browse the repository at this point in the history
  • Loading branch information
@staabm
staabm authored Nov 1, 2024
1 parent 16eac8a commit 7655124
Showing 1 changed file with 19 additions and 16 deletions.
35 changes: 19 additions & 16 deletions lib/rule/RexSqlInjectionRule.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,26 +261,29 @@ private function isSafeCallable(Type $callableType, Scope $scope): bool
throw new ShouldNotHappenException();
}

if ($callableType instanceof ConstantArrayType) {
$valueTypes = $callableType->getValueTypes();

if (count($valueTypes) === 2) {
[$objectType, $methodType] = $valueTypes;

$classReflections = $objectType->getObjectClassReflections();
$methodNames = $methodType->getConstantStrings();
foreach ($classReflections as $classReflection) {
foreach ($methodNames as $methodStringType) {
$methodReflection = $classReflection->getMethod($methodStringType->getValue(), $scope);
$constArrays = $callableType->getConstantArrays();
if ($constArrays !== []) {
foreach($constArrays as $constArray) {
foreach($constArray->findTypeAndMethodNames() as $typeAndMethod) {
if ($typeAndMethod->isUnknown()) {
continue;
}
if (!$typeAndMethod->getCertainty()->yes()) {
continue;
}

if (PhpDocUtil::matchTaintEscape($methodReflection, $scope) !== 'sql') {
return false;
}
$calledOnType = $typeAndMethod->getType();
$methodReflection = $scope->getMethodReflection($calledOnType, $typeAndMethod->getMethod());
if ($methodReflection === null) {
continue;
}
if (PhpDocUtil::matchTaintEscape($methodReflection, $scope) !== 'sql') {
return false;
}
}

return true;
}

return true;
}

$parameterAcceptors = $callableType->getCallableParametersAcceptors($scope);
Expand Down

0 comments on commit 7655124

Please sign in to comment.