Level 7 static analysis

Author: Jonathon Hill

phpstan.neon

@@ -1,5 +1,5 @@
 parameters:
-    level: 6
+    level: 7
     paths:
         - src
         - tests

src/Factory.php

@@ -92,27 +92,59 @@ public function configFromSystem(): Config
         $config = new Config();
 
         $config->setSerializeHandler(
-            Serializers\Factory::auto(ini_get('session.serialize_handler'))
+            Serializers\Factory::auto(ini_get('session.serialize_handler') ?: null)
         );
 
-        $config->setName(ini_get('session.name'));
+        if (ini_get('session.name') !== false) {
+            $config->setName(ini_get('session.name'));
+        }
+
+        if (ini_get('session.cookie_lifetime') !== false) {
+            $config->setCookieLifetime((int) ini_get('session.cookie_lifetime'));
+        }
+
+        if (ini_get('session.cookie_path') !== false) {
+            $config->setCookiePath(ini_get('session.cookie_path'));
+        }
+
+        if (ini_get('session.cookie_domain') !== false) {
+            $config->setCookieDomain(ini_get('session.cookie_domain'));
+        }
 
-        $config->setCookieLifetime((int) ini_get('session.cookie_lifetime'));
-        $config->setCookiePath(ini_get('session.cookie_path'));
-        $config->setCookieDomain(ini_get('session.cookie_domain'));
         $config->setCookieSecure((bool) ini_get('session.cookie_secure'));
         $config->setCookieHttpOnly((bool) ini_get('session.cookie_httponly'));
-        $config->setCookieSameSite(ini_get('session.cookie_samesite'));
 
-        $config->setCacheLimiter(ini_get('session.cache_limiter'));
-        $config->setCacheExpire((int) ini_get('session.cache_expire'));
+        if (ini_get('session.cookie_samesite') !== false) {
+            $config->setCookieSameSite(ini_get('session.cookie_samesite'));
+        }
+
+        if (ini_get('session.cache_limiter') !== false) {
+            $config->setCacheLimiter(ini_get('session.cache_limiter'));
+        }
+
+        if (ini_get('session.cache_expire') !== false) {
+            $config->setCacheExpire((int) ini_get('session.cache_expire'));
+        }
+
+        if (ini_get('session.gc_probability') !== false) {
+            $config->setGcProbability((int) ini_get('session.gc_probability'));
+        }
+
+        if (ini_get('session.gc_divisor') !== false) {
+            $config->setGcDivisor((int) ini_get('session.gc_divisor'));
+        }
 
-        $config->setGcProbability((int) ini_get('session.gc_probability'));
-        $config->setGcDivisor((int) ini_get('session.gc_divisor'));
-        $config->setGcMaxLifetime((int) ini_get('session.gc_maxlifetime'));
+        if (ini_get('session.gc_maxlifetime') !== false) {
+            $config->setGcMaxLifetime((int) ini_get('session.gc_maxlifetime'));
+        }
 
-        $config->setSidLength((int) ini_get('session.sid_length'));
-        $config->setSidBitsPerCharacter((int) ini_get('session.sid_bits_per_character'));
+        if (ini_get('session.sid_length') !== false) {
+            $config->setSidLength((int) ini_get('session.sid_length'));
+        }
+
+        if (ini_get('session.sid_bits_per_character') !== false) {
+            $config->setSidBitsPerCharacter((int) ini_get('session.sid_bits_per_character'));
+        }
 
         $config->setLazyWrite((bool) ini_get('session.lazy_write'));
 

src/Handlers/ArrayHandler.php

@@ -29,12 +29,12 @@ class ArrayHandler implements
     private SessionId $sid;
 
     /**
-     * @var array<string, array{data: mixed, meta: array{id: string, last_modified: float, destroyed?: float}}>
+     * @var array<string, array{data: mixed, meta: array{id: string, last_modified: float, destroyed?: bool}}>
      */
     private array $store;
 
     /**
-     * @param array<string, array{data: mixed, meta: array{id: string, last_modified: float, destroyed?: float}}> $store
+     * @param array<string, array{data: mixed, meta: array{id: string, last_modified: float, destroyed?: bool}}> $store
      */
     public function __construct(Config $config, array $store = [])
     {
@@ -196,7 +196,7 @@ public function count(): int
     }
 
     /**
-     * @return array<string, array{data: mixed, meta: array{id: string, last_modified: float, destroyed?: float}}>
+     * @return array<string, array{data: mixed, meta: array{id: string, last_modified: float, destroyed?: bool}}>
      */
     public function toArray(): array
     {

src/Handlers/FileHandler.php

@@ -31,7 +31,6 @@ class FileHandler implements
 
     public function __construct(Config $config)
     {
-        // required for SessionIdTrait
         $this->sid = new SessionId($config);
     }
 
@@ -89,7 +88,9 @@ public function destroy($id): bool
 
     public function gc($maxlifetime): bool
     {
-        foreach (glob($this->getFilePath('*')) as $file) {
+        $files = glob($this->getFilePath('*')) ?: [];
+
+        foreach ($files as $file) {
             if (file_exists($file) && time() > filemtime($file) + $maxlifetime) {
                 unlink($file);
             }
@@ -120,7 +121,7 @@ public function updateTimestamp($id, $data): bool
 
     public function count(): int
     {
-        return count(glob($this->getFilePath('*')));
+        return count(glob($this->getFilePath('*')) ?: []);
     }
 
     /**

src/Handlers/RedisHandler.php

@@ -8,6 +8,7 @@
 
 use Compwright\PhpSession\Config;
 use Compwright\PhpSession\SessionId;
+use InvalidArgumentException;
 use MatthiasMullie\Scrapbook\Adapters\Redis as RedisKeyValueStore;
 use Redis;
 use RuntimeException;
@@ -38,24 +39,41 @@ public function open($path, $name): bool
         // Parse redis connection settings from save path
         $query = [];
         $config = parse_url($path);
+        if ($config === false) {
+            throw new InvalidArgumentException('Invalid $path');
+        }
         if (!empty($config['query'])) {
             parse_str($config['query'], $query);
         }
 
         $redis = new Redis();
 
-        if (!$redis->connect($config['host'], (int) $config['port'])) {
+        if (empty($config['host'])) {
+            throw new InvalidArgumentException('Missing host or socket in $path');
+        }
+
+        $port = isset($config['port']) && !is_null($config['port'])
+            ? (int) $config['port']
+            : null;
+
+        if (!$redis->connect($config['host'], $port)) {
             unset($redis);
             return false;
         }
 
-        if (!$redis->select((int) ($query['database'] ?? 0))) {
+        $database = isset($query['database']) && !is_null($query['database'])
+            ? (int) $query['database']
+            : 0;
+
+        if (!$redis->select($database)) {
             $redis->close();
             unset($redis);
             return false;
         }
 
-        $redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_NONE);
+        if (!$redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_NONE)) {
+            return false;
+        }
 
         $this->redis = $redis;
         $this->store = new RedisKeyValueStore($redis);

src/Manager.php

@@ -2,8 +2,6 @@
 
 declare(strict_types=1);
 
-// phpcs:ignoreFile PSR1.Methods.CamelCapsMethodName.NotCamelCaps
-
 namespace Compwright\PhpSession;
 
 use InvalidArgumentException;
@@ -346,7 +344,11 @@ public function start(): bool
                 $this->sid->create_sid(),
                 []
             );
-            $handler->write($this->currentSession->getId(), $this->encode());
+            $encoded = $this->encode();
+            if ($encoded === false) {
+                return false;
+            }
+            $handler->write($this->currentSession->getId(), $encoded);
         }
 
         $id = $this->currentSession->getId();

src/Middleware/SessionCacheControlMiddleware.php

@@ -33,9 +33,14 @@ public function process(
 
             $handler = $config->getSaveHandler();
 
-            $lastUpdated = $handler instanceof SessionLastModifiedTimestampHandlerInterface
-                ? (int) ceil($handler->getTimestamp($manager->id()))
-                : time();
+            if ($handler instanceof SessionLastModifiedTimestampHandlerInterface) {
+                $lastUpdated = $handler->getTimestamp($manager->id()) ?: time();
+                if (is_float($lastUpdated)) {
+                    $lastUpdated = (int) ceil($lastUpdated);
+                }
+            } else {
+                $lastUpdated = time();
+            }
 
             $cacheControl = CacheControl::createHeaders(
                 $config->getCacheLimiter(),

src/Middleware/SessionCookieMiddleware.php

@@ -37,7 +37,7 @@ public function process(
         if ($manager->id() !== $sid) {
             $config = $manager->getConfig();
             return FigResponseCookies::set($response, SessionCookie::create(
-                $manager->name(),
+                $manager->name() ?: '',
                 $manager->id(),
                 $config->getCookieLifetime(),
                 $config->getCookieDomain(),

src/SessionId.php

@@ -2,8 +2,6 @@
 
 declare(strict_types=1);
 
-// phpcs:ignoreFile PSR1.Methods.CamelCapsMethodName.NotCamelCaps
-
 namespace Compwright\PhpSession;
 
 use SessionIdInterface;
@@ -25,11 +23,11 @@ public function __toString(): string
     public function create_sid(): string
     {
         $prefix = $this->config->getSidPrefix();
-        $desired_output_length = $this->config->getSidLength() - strlen($prefix);
-        $bits_per_character = $this->config->getSidBitsPerCharacter();
+        $desiredOutputLength = $this->config->getSidLength() - strlen($prefix);
+        $bitsPerCharacter = $this->config->getSidBitsPerCharacter();
 
-        $bytes_needed = ceil($desired_output_length * $bits_per_character / 8);
-        $random_input_bytes = random_bytes((int) $bytes_needed);
+        $bytesNeeded = (int) ceil($desiredOutputLength * $bitsPerCharacter / 8);
+        $randomInputBytes = random_bytes(max(1, $bytesNeeded));
 
         // The below is translated from function bin_to_readable in the PHP source
         // (ext/session/session.c)
@@ -38,17 +36,17 @@ public function create_sid(): string
         $out = '';
 
         $p = 0;
-        $q = strlen($random_input_bytes);
+        $q = strlen($randomInputBytes);
         $w = 0;
         $have = 0;
 
-        $mask = (1 << $bits_per_character) - 1;
+        $mask = (1 << $bitsPerCharacter) - 1;
 
-        $chars_remaining = $desired_output_length;
-        while ($chars_remaining--) {
-            if ($have < $bits_per_character) {
+        $charsRemaining = $desiredOutputLength;
+        while ($charsRemaining--) {
+            if ($have < $bitsPerCharacter) {
                 if ($p < $q) {
-                    $byte = ord($random_input_bytes[$p++]);
+                    $byte = ord($randomInputBytes[$p++]);
                     $w |= ($byte << $have);
                     $have += 8;
                 } else {
@@ -57,10 +55,10 @@ public function create_sid(): string
                 }
             }
 
-            // consume $bits_per_character bits
+            // consume $bitsPerCharacter bits
             $out .= $hexconvtab[$w & $mask];
-            $w >>= $bits_per_character;
-            $have -= $bits_per_character;
+            $w >>= $bitsPerCharacter;
+            $have -= $bitsPerCharacter;
         }
 
         return $prefix . $out;

tests/integration/server/App/config.php

@@ -13,7 +13,7 @@
 return [
     LoggerInterface::class => DI\factory(function () {
         $logger = new Logger('access');
-        $logHandler = new StreamHandler(fopen('php://stdout', 'r+'));
+        $logHandler = new StreamHandler(STDOUT);
         $logHandler->setFormatter(new ColoredLineFormatter());
         $logger->pushHandler($logHandler);
         return $logger;