2015-01-28 21:08:50 +00:00
|
|
|
<?php
|
|
|
|
/**
|
2015-03-26 10:44:34 +00:00
|
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
|
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
|
|
|
*
|
|
|
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
|
|
|
* @license AGPL-3.0
|
|
|
|
*
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*
|
2015-01-28 21:08:50 +00:00
|
|
|
*/
|
2015-02-26 10:37:37 +00:00
|
|
|
|
2015-01-28 21:08:50 +00:00
|
|
|
namespace OC\App;
|
|
|
|
|
|
|
|
use PhpParser\Node;
|
|
|
|
use PhpParser\Node\Name;
|
|
|
|
use PhpParser\NodeVisitorAbstract;
|
|
|
|
|
|
|
|
class CodeCheckVisitor extends NodeVisitorAbstract {
|
2015-06-15 10:51:22 +00:00
|
|
|
/** @var string */
|
|
|
|
protected $blackListDescription;
|
|
|
|
/** @var string[] */
|
|
|
|
protected $blackListedClassNames;
|
2015-06-15 15:20:38 +00:00
|
|
|
/** @var string[] */
|
|
|
|
protected $blackListedConstants;
|
2015-06-15 15:50:37 +00:00
|
|
|
/** @var string[] */
|
|
|
|
protected $blackListedFunctions;
|
2015-06-15 10:51:22 +00:00
|
|
|
/** @var bool */
|
|
|
|
protected $checkEqualOperatorUsage;
|
|
|
|
/** @var string[] */
|
|
|
|
protected $errorMessages;
|
2015-01-28 21:08:50 +00:00
|
|
|
|
2015-06-15 10:51:22 +00:00
|
|
|
/**
|
|
|
|
* @param string $blackListDescription
|
2015-06-15 14:08:54 +00:00
|
|
|
* @param array $blackListedClassNames
|
2015-06-15 15:20:38 +00:00
|
|
|
* @param array $blackListedConstants
|
2015-06-15 15:50:37 +00:00
|
|
|
* @param array $blackListedFunctions
|
2015-06-15 10:51:22 +00:00
|
|
|
* @param bool $checkEqualOperatorUsage
|
|
|
|
*/
|
2015-06-15 15:50:37 +00:00
|
|
|
public function __construct($blackListDescription, $blackListedClassNames, $blackListedConstants, $blackListedFunctions, $checkEqualOperatorUsage) {
|
2015-06-15 10:51:22 +00:00
|
|
|
$this->blackListDescription = $blackListDescription;
|
2015-06-15 13:24:45 +00:00
|
|
|
|
|
|
|
$this->blackListedClassNames = [];
|
2015-06-15 14:08:54 +00:00
|
|
|
foreach ($blackListedClassNames as $class => $blackListInfo) {
|
|
|
|
if (is_numeric($class) && is_string($blackListInfo)) {
|
|
|
|
$class = $blackListInfo;
|
|
|
|
$blackListInfo = null;
|
|
|
|
}
|
|
|
|
|
2015-06-15 13:24:45 +00:00
|
|
|
$class = strtolower($class);
|
|
|
|
$this->blackListedClassNames[$class] = $class;
|
|
|
|
}
|
2015-06-15 15:20:38 +00:00
|
|
|
|
|
|
|
$this->blackListedConstants = [];
|
2015-06-15 15:50:37 +00:00
|
|
|
foreach ($blackListedConstants as $constantName => $blackListInfo) {
|
|
|
|
$constantName = strtolower($constantName);
|
|
|
|
$this->blackListedConstants[$constantName] = $constantName;
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->blackListedFunctions = [];
|
|
|
|
foreach ($blackListedFunctions as $functionName => $blackListInfo) {
|
|
|
|
$functionName = strtolower($functionName);
|
|
|
|
$this->blackListedFunctions[$functionName] = $functionName;
|
2015-06-15 15:20:38 +00:00
|
|
|
}
|
|
|
|
|
2015-06-15 10:51:22 +00:00
|
|
|
$this->checkEqualOperatorUsage = $checkEqualOperatorUsage;
|
|
|
|
|
|
|
|
$this->errorMessages = [
|
|
|
|
CodeChecker::CLASS_EXTENDS_NOT_ALLOWED => "{$this->blackListDescription} class must not be extended",
|
|
|
|
CodeChecker::CLASS_IMPLEMENTS_NOT_ALLOWED => "{$this->blackListDescription} interface must not be implemented",
|
|
|
|
CodeChecker::STATIC_CALL_NOT_ALLOWED => "Static method of {$this->blackListDescription} class must not be called",
|
|
|
|
CodeChecker::CLASS_CONST_FETCH_NOT_ALLOWED => "Constant of {$this->blackListDescription} class must not not be fetched",
|
|
|
|
CodeChecker::CLASS_NEW_FETCH_NOT_ALLOWED => "{$this->blackListDescription} class must not be instanciated",
|
2015-06-15 13:24:45 +00:00
|
|
|
CodeChecker::CLASS_USE_NOT_ALLOWED => "{$this->blackListDescription} class must not be imported with a use statement",
|
2015-06-15 10:51:22 +00:00
|
|
|
|
|
|
|
CodeChecker::OP_OPERATOR_USAGE_DISCOURAGED => "is discouraged",
|
|
|
|
];
|
2015-01-28 21:08:50 +00:00
|
|
|
}
|
|
|
|
|
2015-06-15 10:51:22 +00:00
|
|
|
/** @var array */
|
2015-01-28 21:08:50 +00:00
|
|
|
public $errors = [];
|
|
|
|
|
|
|
|
public function enterNode(Node $node) {
|
2015-06-15 10:51:22 +00:00
|
|
|
if ($this->checkEqualOperatorUsage && $node instanceof Node\Expr\BinaryOp\Equal) {
|
2015-05-05 10:59:33 +00:00
|
|
|
$this->errors[]= [
|
|
|
|
'disallowedToken' => '==',
|
|
|
|
'errorCode' => CodeChecker::OP_OPERATOR_USAGE_DISCOURAGED,
|
|
|
|
'line' => $node->getLine(),
|
|
|
|
'reason' => $this->buildReason('==', CodeChecker::OP_OPERATOR_USAGE_DISCOURAGED)
|
|
|
|
];
|
|
|
|
}
|
2015-06-15 10:51:22 +00:00
|
|
|
if ($this->checkEqualOperatorUsage && $node instanceof Node\Expr\BinaryOp\NotEqual) {
|
2015-05-05 10:59:33 +00:00
|
|
|
$this->errors[]= [
|
|
|
|
'disallowedToken' => '!=',
|
|
|
|
'errorCode' => CodeChecker::OP_OPERATOR_USAGE_DISCOURAGED,
|
|
|
|
'line' => $node->getLine(),
|
|
|
|
'reason' => $this->buildReason('!=', CodeChecker::OP_OPERATOR_USAGE_DISCOURAGED)
|
|
|
|
];
|
|
|
|
}
|
2015-01-28 21:08:50 +00:00
|
|
|
if ($node instanceof Node\Stmt\Class_) {
|
|
|
|
if (!is_null($node->extends)) {
|
|
|
|
$this->checkBlackList($node->extends->toString(), CodeChecker::CLASS_EXTENDS_NOT_ALLOWED, $node);
|
|
|
|
}
|
|
|
|
foreach ($node->implements as $implements) {
|
|
|
|
$this->checkBlackList($implements->toString(), CodeChecker::CLASS_IMPLEMENTS_NOT_ALLOWED, $node);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($node instanceof Node\Expr\StaticCall) {
|
|
|
|
if (!is_null($node->class)) {
|
|
|
|
if ($node->class instanceof Name) {
|
|
|
|
$this->checkBlackList($node->class->toString(), CodeChecker::STATIC_CALL_NOT_ALLOWED, $node);
|
|
|
|
}
|
|
|
|
if ($node->class instanceof Node\Expr\Variable) {
|
|
|
|
/**
|
|
|
|
* TODO: find a way to detect something like this:
|
|
|
|
* $c = "OC_API";
|
|
|
|
* $n = $i::call();
|
|
|
|
*/
|
|
|
|
}
|
2015-06-15 15:50:37 +00:00
|
|
|
|
|
|
|
$this->checkBlackListFunction($node->class->toString(), $node->name, $node);
|
2015-01-28 21:08:50 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($node instanceof Node\Expr\ClassConstFetch) {
|
|
|
|
if (!is_null($node->class)) {
|
|
|
|
if ($node->class instanceof Name) {
|
|
|
|
$this->checkBlackList($node->class->toString(), CodeChecker::CLASS_CONST_FETCH_NOT_ALLOWED, $node);
|
|
|
|
}
|
|
|
|
if ($node->class instanceof Node\Expr\Variable) {
|
|
|
|
/**
|
|
|
|
* TODO: find a way to detect something like this:
|
|
|
|
* $c = "OC_API";
|
|
|
|
* $n = $i::ADMIN_AUTH;
|
|
|
|
*/
|
|
|
|
}
|
2015-06-15 15:20:38 +00:00
|
|
|
|
|
|
|
$this->checkBlackListConstant($node->class->toString(), $node->name, $node);
|
2015-01-28 21:08:50 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($node instanceof Node\Expr\New_) {
|
|
|
|
if (!is_null($node->class)) {
|
|
|
|
if ($node->class instanceof Name) {
|
|
|
|
$this->checkBlackList($node->class->toString(), CodeChecker::CLASS_NEW_FETCH_NOT_ALLOWED, $node);
|
|
|
|
}
|
|
|
|
if ($node->class instanceof Node\Expr\Variable) {
|
|
|
|
/**
|
|
|
|
* TODO: find a way to detect something like this:
|
|
|
|
* $c = "OC_API";
|
|
|
|
* $n = new $i;
|
|
|
|
*/
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2015-06-15 13:24:45 +00:00
|
|
|
if ($node instanceof Node\Stmt\UseUse) {
|
|
|
|
$this->checkBlackList($node->name->toString(), CodeChecker::CLASS_USE_NOT_ALLOWED, $node);
|
|
|
|
if ($node->alias) {
|
|
|
|
$this->addUseNameToBlackList($node->name->toString(), $node->alias);
|
|
|
|
} else {
|
|
|
|
$this->addUseNameToBlackList($node->name->toString(), $node->name->getLast());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check whether an alias was introduced for a namespace of a blacklisted class
|
|
|
|
*
|
|
|
|
* Example:
|
|
|
|
* - Blacklist entry: OCP\AppFramework\IApi
|
|
|
|
* - Name: OCP\AppFramework
|
|
|
|
* - Alias: OAF
|
|
|
|
* => new blacklist entry: OAF\IApi
|
|
|
|
*
|
|
|
|
* @param string $name
|
|
|
|
* @param string $alias
|
|
|
|
*/
|
|
|
|
private function addUseNameToBlackList($name, $alias) {
|
|
|
|
$name = strtolower($name);
|
|
|
|
$alias = strtolower($alias);
|
|
|
|
|
|
|
|
foreach ($this->blackListedClassNames as $blackListedAlias => $blackListedClassName) {
|
|
|
|
if (strpos($blackListedClassName, $name . '\\') === 0) {
|
|
|
|
$aliasedClassName = str_replace($name, $alias, $blackListedClassName);
|
|
|
|
$this->blackListedClassNames[$aliasedClassName] = $blackListedClassName;
|
|
|
|
}
|
|
|
|
}
|
2015-06-15 15:20:38 +00:00
|
|
|
|
|
|
|
foreach ($this->blackListedConstants as $blackListedAlias => $blackListedConstant) {
|
|
|
|
if (strpos($blackListedConstant, $name . '\\') === 0 || strpos($blackListedConstant, $name . '::') === 0) {
|
2015-06-15 15:50:37 +00:00
|
|
|
$aliasedConstantName = str_replace($name, $alias, $blackListedConstant);
|
|
|
|
$this->blackListedConstants[$aliasedConstantName] = $blackListedConstant;
|
2015-06-15 15:20:38 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-15 15:50:37 +00:00
|
|
|
foreach ($this->blackListedFunctions as $blackListedAlias => $blackListedFunction) {
|
|
|
|
if (strpos($blackListedFunction, $name . '\\') === 0 || strpos($blackListedFunction, $name . '::') === 0) {
|
|
|
|
$aliasedFunctionName = str_replace($name, $alias, $blackListedFunction);
|
|
|
|
$this->blackListedFunctions[$aliasedFunctionName] = $blackListedFunction;
|
|
|
|
}
|
|
|
|
}
|
2015-01-28 21:08:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
private function checkBlackList($name, $errorCode, Node $node) {
|
2015-06-15 15:20:38 +00:00
|
|
|
$lowerName = strtolower($name);
|
|
|
|
|
|
|
|
if (isset($this->blackListedClassNames[$lowerName])) {
|
2015-01-28 21:08:50 +00:00
|
|
|
$this->errors[]= [
|
|
|
|
'disallowedToken' => $name,
|
|
|
|
'errorCode' => $errorCode,
|
|
|
|
'line' => $node->getLine(),
|
2015-06-15 15:20:38 +00:00
|
|
|
'reason' => $this->buildReason($this->blackListedClassNames[$lowerName], $errorCode)
|
|
|
|
];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-15 15:50:37 +00:00
|
|
|
private function checkBlackListConstant($class, $constantName, Node $node) {
|
|
|
|
$name = $class . '::' . $constantName;
|
2015-06-15 15:20:38 +00:00
|
|
|
$lowerName = strtolower($name);
|
|
|
|
|
|
|
|
if (isset($this->blackListedConstants[$lowerName])) {
|
|
|
|
$this->errors[]= [
|
|
|
|
'disallowedToken' => $name,
|
|
|
|
'errorCode' => CodeChecker::CLASS_CONST_FETCH_NOT_ALLOWED,
|
|
|
|
'line' => $node->getLine(),
|
|
|
|
'reason' => $this->buildReason($this->blackListedConstants[$lowerName], CodeChecker::CLASS_CONST_FETCH_NOT_ALLOWED)
|
2015-01-28 21:08:50 +00:00
|
|
|
];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-15 15:50:37 +00:00
|
|
|
private function checkBlackListFunction($class, $functionName, Node $node) {
|
|
|
|
$name = $class . '::' . $functionName;
|
|
|
|
$lowerName = strtolower($name);
|
|
|
|
|
|
|
|
if (isset($this->blackListedFunctions[$lowerName])) {
|
|
|
|
$this->errors[]= [
|
|
|
|
'disallowedToken' => $name,
|
|
|
|
'errorCode' => CodeChecker::STATIC_CALL_NOT_ALLOWED,
|
|
|
|
'line' => $node->getLine(),
|
|
|
|
'reason' => $this->buildReason($this->blackListedFunctions[$lowerName], CodeChecker::STATIC_CALL_NOT_ALLOWED)
|
|
|
|
];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-28 21:08:50 +00:00
|
|
|
private function buildReason($name, $errorCode) {
|
2015-06-15 10:51:22 +00:00
|
|
|
if (isset($this->errorMessages[$errorCode])) {
|
|
|
|
return $this->errorMessages[$errorCode];
|
2015-01-28 21:08:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return "$name usage not allowed - error: $errorCode";
|
|
|
|
}
|
|
|
|
}
|