Merge remote-tracking branch 'upstream/main'

dantleech · dantleech · commit 70af07727d39 · 2024-01-06T17:41:14.000Z
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.8 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->
diff --git a/composer.json b/composer.json
@@ -18,5 +18,8 @@
     ],
     "autoload": {
         "psr-4": { "Microsoft\\PhpParser\\": ["src/"] }
+    },
+    "autoload-dev": {
+        "psr-4": { "Microsoft\\PhpParser\\Tests\\Unit\\": ["tests/unit/"] }
     }
 }
diff --git a/docs/HowItWorks.md b/docs/HowItWorks.md
@@ -306,7 +306,7 @@ Note that for this error case, it is more of an art than a science. That is to s
 would add special casing for anticipated scenarios, rather than construct some general-purpose rule.
 
 #### Other notes
-* Just as it's imporant to understand the assumptions that *will* hold true,
+* Just as it's important to understand the assumptions that *will* hold true,
 it is also important to understand the assumptions that will not hold true.
 One such **non-invariant** is that not every token generated by the lexer ends up in the tree.
 
@@ -387,6 +387,6 @@ existing, more battle-tested, work to validate our own correctness.
 degree of variance, we should set up some infrastructure to help us ensure that performance work results in a statistically
 significant boost and works on a wide variety of machine configurations.
 * Fuzz testing - test the parser against automatically generated inputs to exercise edge cases in a bulk fashion, and
-and ensure expected properties of the tree.
+ensure expected properties of the tree.
 * Community feedback - try and get the parser in the hands of as many people as possible so we can validate a
 wide range of use cases. The Syntax Visualizer tool is one tool to help us increase reach.
diff --git a/docs/Overview.md b/docs/Overview.md
@@ -75,5 +75,5 @@ all incorrect constructs (e.g. including a non-constant expression as the defaul
 a method parameter). Instead, it attaches these errors on a post-parse walk of the tree.
 
 ## Next Steps
-Check out the [Readme](../README.md) and [Getting Started](GettingStarted.md) pages for more information on how consume
-the parser, or the [How It Works](HowItWorks.md) section if you want to dive deeper into the implementation.
+Check out the [Readme](../README.md) and [Getting Started](GettingStarted.md) pages for more information on how to 
+consume the parser, or the [How It Works](HowItWorks.md) section if you want to dive deeper into the implementation.
diff --git a/phpstan.neon b/phpstan.neon
@@ -1,5 +1,5 @@
 parameters:
-    level: 3
+    level: 4
     paths:
         - src/
     ignoreErrors:
diff --git a/src/DiagnosticsProvider.php b/src/DiagnosticsProvider.php
@@ -51,6 +51,8 @@ public static function checkDiagnostics($node) {
         if ($node instanceof Node) {
             return $node->getDiagnosticForNode();
         }
+
+        /** @phpstan-ignore-next-line because it says "unreachable" statement */
         return null;
     }
 
diff --git a/src/Node.php b/src/Node.php
@@ -437,10 +437,7 @@ public function getLastChild() {
     public function getDescendantNodeAtPosition(int $pos) {
         foreach ($this->getChildNodes() as $child) {
             if ($child->containsPosition($pos)) {
-                $node = $child->getDescendantNodeAtPosition($pos);
-                if (!is_null($node)) {
-                    return $node;
-                }
+                return $child->getDescendantNodeAtPosition($pos);
             }
         }
 
@@ -590,6 +587,7 @@ public function getNamespaceDefinition() {
             ? $this
             : $this->getFirstAncestor(NamespaceDefinition::class, SourceFileNode::class);
 
+        /** @phpstan-ignore-next-line result is always false -- not sure this can happen */
         if ($namespaceDefinition instanceof NamespaceDefinition && !($namespaceDefinition->parent instanceof SourceFileNode)) {
             $namespaceDefinition = $namespaceDefinition->getFirstAncestor(SourceFileNode::class);
         }
diff --git a/src/Node/Expression/ArgumentExpression.php b/src/Node/Expression/ArgumentExpression.php
@@ -6,6 +6,7 @@
 
 namespace Microsoft\PhpParser\Node\Expression;
 
+use Microsoft\PhpParser\MissingToken;
 use Microsoft\PhpParser\Node\Expression;
 use Microsoft\PhpParser\Token;
 
@@ -19,7 +20,7 @@ class ArgumentExpression extends Expression {
     /** @var Token|null */
     public $dotDotDotToken;
 
-    /** @var Expression|null null for first-class callable syntax */
+    /** @var Expression|MissingToken|null for first-class callable syntax */
     public $expression;
 
     const CHILD_NAMES = [
diff --git a/src/Node/InterfaceBaseClause.php b/src/Node/InterfaceBaseClause.php
@@ -10,7 +10,7 @@
 use Microsoft\PhpParser\Token;
 
 class InterfaceBaseClause extends Node {
-    /** @var Token */
+    /** @var Token|null */
     public $extendsKeyword;
 
     /** @var DelimitedList\QualifiedNameList */
diff --git a/src/Node/NamespaceUseGroupClause.php b/src/Node/NamespaceUseGroupClause.php
@@ -11,7 +11,7 @@
 
 class NamespaceUseGroupClause extends Node {
 
-    /** @var Token */
+    /** @var Token|null */
     public $functionOrConst;
     /** @var QualifiedName */
     public $namespaceName;
diff --git a/src/Node/QualifiedName.php b/src/Node/QualifiedName.php
@@ -20,9 +20,9 @@
 class QualifiedName extends Node implements NamespacedNameInterface {
     use NamespacedNameTrait;
 
-    /** @var Token */
+    /** @var Token|null */
     public $globalSpecifier; // \_opt
-    /** @var RelativeSpecifier */
+    /** @var RelativeSpecifier|null */
     public $relativeSpecifier; // namespace\
     /** @var array */
     public $nameParts;
@@ -85,10 +85,7 @@ public function getResolvedName($namespaceDefinition = null) {
             $this->parent instanceof Node\Statement\NamespaceUseDeclaration ||
             $this->parent instanceof Node\NamespaceUseClause ||
             $this->parent instanceof Node\NamespaceUseGroupClause ||
-            $this->parent->parent instanceof Node\TraitUseClause ||
-            $this->parent instanceof Node\TraitSelectOrAliasClause ||
-            ($this->parent instanceof TraitSelectOrAliasClause &&
-            ($this->parent->asOrInsteadOfKeyword == null || $this->parent->asOrInsteadOfKeyword->kind === TokenKind::AsKeyword))
+            $this->parent instanceof Node\TraitSelectOrAliasClause
         ) {
             return null;
         }
@@ -157,10 +154,8 @@ public function getLastNamePart() {
 
     /**
      * @param ResolvedName[] $importTable
-     * @param bool $isCaseSensitive
-     * @return string|null
      */
-    private function tryResolveFromImportTable($importTable, bool $isCaseSensitive = false) {
+    private function tryResolveFromImportTable($importTable, bool $isCaseSensitive = false): ?ResolvedName {
         $content = $this->getFileContents();
         $index = $this->nameParts[0]->getText($content);
 //        if (!$isCaseSensitive) {
diff --git a/src/Node/RelativeSpecifier.php b/src/Node/RelativeSpecifier.php
@@ -13,7 +13,7 @@ class RelativeSpecifier extends Node {
     /** @var Token */
     public $namespaceKeyword;
 
-    /** @var Token */
+    /** @var Token|null */
     public $backslash;
 
     const CHILD_NAMES = [
diff --git a/src/Node/Statement/NamespaceUseDeclaration.php b/src/Node/Statement/NamespaceUseDeclaration.php
@@ -18,7 +18,7 @@ class NamespaceUseDeclaration extends StatementNode {
     public $useKeyword;
     /** @var Token */
     public $functionOrConst;
-    /** @var DelimitedList\NamespaceUseClauseList */
+    /** @var DelimitedList\NamespaceUseClauseList|null */
     public $useClauses;
     /** @var Token */
     public $semicolon;
diff --git a/src/Node/StringLiteral.php b/src/Node/StringLiteral.php
@@ -10,7 +10,7 @@
 use Microsoft\PhpParser\Token;
 
 class StringLiteral extends Expression {
-    /** @var Token */
+    /** @var Token|null */
     public $startQuote;
 
     /** @var Token[]|Node[]|Token */
@@ -25,17 +25,29 @@ class StringLiteral extends Expression {
         'endQuote',
     ];
 
-    public function getStringContentsText() {
-        // TODO add tests
+    public function getStringContentsText(): string {
         $stringContents = "";
         if (isset($this->startQuote)) {
             foreach ($this->children as $child) {
                 $contents = $this->getFileContents();
                 $stringContents .= $child->getFullText($contents);
             }
         } else {
-            // TODO ensure string consistency (all strings should have start / end quote)
-            $stringContents = trim($this->children->getText($this->getFileContents()), '"\'');
+            $children = $this->children;
+            if ($children instanceof Token) {
+                $value = (string)$children->getText($this->getFileContents());
+                $startQuote = substr($value, 0, 1);
+
+                if ($startQuote === '\'') {
+                    return rtrim(substr($value, 1), '\'');
+                }
+
+                if ($startQuote === '"') {
+                    return rtrim(substr($value, 1), '"');
+                }
+            }
+
+            return '';
         }
         return $stringContents;
     }
diff --git a/src/Parser.php b/src/Parser.php
@@ -1407,7 +1407,7 @@ private function parseStringLiteralExpression($parentNode) {
         return $expression;
     }
 
-    private function parseStringLiteralExpression2($parentNode) {
+    private function parseStringLiteralExpression2($parentNode): StringLiteral {
         // TODO validate input token
         $expression = new StringLiteral();
         $expression->parent = $parentNode;
@@ -1419,6 +1419,11 @@ private function parseStringLiteralExpression2($parentNode) {
                 case TokenKind::DollarOpenBraceToken:
                 case TokenKind::OpenBraceDollarToken:
                     $expression->children[] = $this->eat(TokenKind::DollarOpenBraceToken, TokenKind::OpenBraceDollarToken);
+                    /** 
+                     * @phpstan-ignore-next-line "Strict comparison using
+                     * === between 403|404 and 408 will always evaluate to
+                     * false" is wrong because those tokens were eaten above
+                     */
                     if ($this->getCurrentToken()->kind === TokenKind::StringVarname) {
                         $expression->children[] = $this->parseComplexDollarTemplateStringExpression($expression);
                     } else {
@@ -1657,7 +1662,7 @@ private function parseDelimitedList($className, $delimiter, $isElementStartFn, $
         do {
             if ($isElementStartFn($token)) {
                 $node->addElement($parseElementFn($node));
-            } elseif (!$allowEmptyElements || ($allowEmptyElements && !$this->checkAnyToken($delimiter))) {
+            } elseif (!$allowEmptyElements || !$this->checkAnyToken($delimiter)) {
                 break;
             }
 
@@ -1767,7 +1772,7 @@ function ($parentNode) {
         };
     }
 
-    private function parseRelativeSpecifier($parentNode) {
+    private function parseRelativeSpecifier($parentNode): ?RelativeSpecifier {
         $node = new RelativeSpecifier();
         $node->parent = $parentNode;
         $node->namespaceKeyword = $this->eatOptional1(TokenKind::NamespaceKeyword);
@@ -2116,7 +2121,7 @@ private function parseUnaryExpressionOrHigher($parentNode) {
     /**
      * @param int $precedence
      * @param Node $parentNode
-     * @return Expression
+     * @return Expression|MissingToken
      */
     private function parseBinaryExpressionOrHigher($precedence, $parentNode) {
         $leftOperand = $this->parseUnaryExpressionOrHigher($parentNode);
@@ -2217,6 +2222,7 @@ private function parseBinaryExpressionOrHigher($precedence, $parentNode) {
                     }
                     break;
                 case TokenKind::QuestionToken:
+                    /** @phpstan-ignore-next-line This seems impossible, questionToken is always set AFAICS but ignoring to be safe */
                     if ($parentNode instanceof TernaryExpression && !isset($parentNode->questionToken)) {
                         // Workaround to parse "a ? b : c ? d : e" as "(a ? b : c) ? d : e"
                         break 2;
@@ -3590,7 +3596,7 @@ private function parseNamespaceUseDeclaration($parentNode) {
         return $namespaceUseDeclaration;
     }
 
-    private function parseNamespaceUseClauseList($parentNode) {
+    private function parseNamespaceUseClauseList($parentNode): ?DelimitedList\NamespaceUseClauseList {
         return $this->parseDelimitedList(
             DelimitedList\NamespaceUseClauseList::class,
             TokenKind::CommaToken,
@@ -3620,7 +3626,7 @@ function ($parentNode) {
         );
     }
 
-    private function parseNamespaceUseGroupClauseList($parentNode) {
+    private function parseNamespaceUseGroupClauseList($parentNode): ?DelimitedList\NamespaceUseGroupClauseList {
         return $this->parseDelimitedList(
             DelimitedList\NamespaceUseGroupClauseList::class,
             TokenKind::CommaToken,
@@ -3750,11 +3756,27 @@ private function parseEnumDeclaration($parentNode) {
         }
         $enumDeclaration->enumInterfaceClause = $this->parseEnumInterfaceClause($enumDeclaration);
 
+        $enumDeclaration->enumInterfaceClause = $this->parseEnumInterfaceClause($enumDeclaration);
         $enumDeclaration->enumMembers = $this->parseEnumMembers($enumDeclaration);
 
         return $enumDeclaration;
     }
 
+    private function parseEnumInterfaceClause(EnumDeclaration $enumDeclaration): ?EnumInterfaceClause {
+        $enumInterfaceClause = new EnumInterfaceClause();
+        $enumInterfaceClause->parent = $enumDeclaration;
+        $enumInterfaceClause->implementsKeyword = $this->eatOptional1(TokenKind::ImplementsKeyword);
+
+        if ($enumInterfaceClause->implementsKeyword === null) {
+            return null;
+        }
+
+        $enumInterfaceClause->interfaceNameList =
+            $this->parseQualifiedNameList($enumInterfaceClause);
+        return $enumInterfaceClause;
+    }
+
+
     private function parseEnumMembers($parentNode) {
         $enumMembers = new EnumMembers();
         $enumMembers->parent = $parentNode;
diff --git a/tests/api/getResolvedName.php b/tests/api/getResolvedName.php
@@ -25,8 +25,6 @@ class GetResolvedNameTest extends TestCase {
         'use _A as C' => null,
         'use A\B\{C, D_}' => null,
         'use A\B\{C, D_}' => null,
-        'class Foo { use _BarTrait; }' => null,
-        'class Foo { use BarTrait, Baz_Trait; }' => null,
         'class Foo { use A, B { A::Foo as _foo }' => null,
 
         // Relative scope resolution qualifiers
@@ -39,7 +37,8 @@ class GetResolvedNameTest extends TestCase {
         '\Fo_o' => 'Foo',
         'use A\Foo;\_Foo\Bar' => 'Foo\Bar',
         '$f = new \_Foo\Bar()' => 'Foo\Bar',
-        'class Foo { use A, B { \Foo\_Bar::A as _foo }' => 'Foo\Bar',
+        'class Foo { use A, B { \Foo\_Bar::A as foo }' => 'Foo\Bar',
+        'class Foo { use \A\BTr_ait; }' => 'A\BTrait',
 
         // Relative name
         'namespace Foo; namespace\Bar_' => 'Foo\Bar',
@@ -65,6 +64,9 @@ class GetResolvedNameTest extends TestCase {
         'use A\B; new _B()' => 'A\B', // Class imported
         'use A\B; _B()' => 'B', // Not imported as function
         'use A\B; function xyz(): _B { };' => 'A\B',
+        'class Foo { use _BarTrait; }' => 'BarTrait',
+        'class Foo { use BarTrait, Baz_Trait; }' => 'BazTrait',
+        'use A\BarTrait; class Foo { use _BarTrait; }' => 'A\BarTrait',
     );
 
     public function dataProvider() {
diff --git a/tests/unit/Node/StringLiteralTest.php b/tests/unit/Node/StringLiteralTest.php

Original file line number	Diff line number	Diff line change
`@@ -18,5 +18,8 @@`
`18`	`18`	`],`
`19`	`19`	`"autoload": {`
`20`	`20`	`"psr-4": { "Microsoft\\PhpParser\\": ["src/"] }`
	`21`	`+ },`
	`22`	`+ "autoload-dev": {`
	`23`	`+ "psr-4": { "Microsoft\\PhpParser\\Tests\\Unit\\": ["tests/unit/"] }`
`21`	`24`	`}`
`22`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,8 @@ public static function checkDiagnostics($node) {`
`51`	`51`	`if ($node instanceof Node) {`
`52`	`52`	`return $node->getDiagnosticForNode();`
`53`	`53`	`}`
	`54`	`+`
	`55`	`+ /** @phpstan-ignore-next-line because it says "unreachable" statement */`
`54`	`56`	`return null;`
`55`	`57`	`}`
`56`	`58`
Original file line number	Diff line number	Diff line change
`@@ -437,10 +437,7 @@ public function getLastChild() {`
`437`	`437`	`public function getDescendantNodeAtPosition(int $pos) {`
`438`	`438`	`foreach ($this->getChildNodes() as $child) {`
`439`	`439`	`if ($child->containsPosition($pos)) {`
`440`		`- $node = $child->getDescendantNodeAtPosition($pos);`
`441`		`- if (!is_null($node)) {`
`442`		`- return $node;`
`443`		`- }`
	`440`	`+ return $child->getDescendantNodeAtPosition($pos);`
`444`	`441`	`}`
`445`	`442`	`}`
`446`	`443`
`@@ -590,6 +587,7 @@ public function getNamespaceDefinition() {`
`590`	`587`	`? $this`
`591`	`588`	`: $this->getFirstAncestor(NamespaceDefinition::class, SourceFileNode::class);`
`592`	`589`
	`590`	`+ /** @phpstan-ignore-next-line result is always false -- not sure this can happen */`
`593`	`591`	`if ($namespaceDefinition instanceof NamespaceDefinition && !($namespaceDefinition->parent instanceof SourceFileNode)) {`
`594`	`592`	`$namespaceDefinition = $namespaceDefinition->getFirstAncestor(SourceFileNode::class);`
`595`	`593`	`}`