Possibility to re-allow disallowed call or attribute when used in a c…

…lass with specified attribute
spaze · Jan 26, 2025 · d299254 · d299254
1 parent 2228b2e
commit d299254
Show file tree

Hide file tree

Showing 11 changed files with 298 additions and 0 deletions.
diff --git a/src/Allowed/Allowed.php b/src/Allowed/Allowed.php
@@ -5,6 +5,8 @@
 
 use PhpParser\Node\Arg;
 use PHPStan\Analyser\Scope;
+use PHPStan\BetterReflection\Reflection\Adapter\FakeReflectionAttribute;
+use PHPStan\BetterReflection\Reflection\Adapter\ReflectionAttribute;
 use PHPStan\Reflection\FunctionReflection;
 use PHPStan\Reflection\MethodReflection;
 use PHPStan\Type\Type;
@@ -68,6 +70,18 @@ public function isAllowed(Scope $scope, ?array $args, DisallowedWithParams $disa
 		if ($disallowed->getAllowParamsAnywhere()) {
 			return $this->hasAllowedParams($scope, $args, $disallowed->getAllowParamsAnywhere(), true);
 		}
+		if ($disallowed->getAllowInClassWithAttributes() && $scope->isInClass()) {
+			return $this->hasAllowedAttribute(
+				$scope->getClassReflection()->getNativeReflection()->getAttributes(),
+				$disallowed->getAllowInClassWithAttributes(),
+			);
+		}
+		if ($disallowed->getAllowExceptInClassWithAttributes() && $scope->isInClass()) {
+			return !$this->hasAllowedAttribute(
+				$scope->getClassReflection()->getNativeReflection()->getAttributes(),
+				$disallowed->getAllowExceptInClassWithAttributes(),
+			);
+		}
 		return false;
 	}
 
@@ -139,6 +153,28 @@ private function hasAllowedParamsInAllowed(Scope $scope, ?array $args, Disallowe
 	}
 
 
+	/**
+	 * @param list<ReflectionAttribute|FakeReflectionAttribute> $attributes
+	 * @param list<string> $allowConfig
+	 * @return bool
+	 */
+	private function hasAllowedAttribute(array $attributes, array $allowConfig): bool
+	{
+		$names = [];
+		foreach ($attributes as $attribute) {
+			$names[] = $attribute->getName();
+		}
+		foreach ($allowConfig as $allowAttribute) {
+			foreach ($names as $name) {
+				if (fnmatch($allowAttribute, $name, FNM_NOESCAPE | FNM_CASEFOLD)) {
+					return true;
+				}
+			}
+		}
+		return false;
+	}
+
+
 	/**
 	 * @param array<Arg> $args
 	 * @param Scope $scope

diff --git a/src/Disallowed.php b/src/Disallowed.php
@@ -29,4 +29,16 @@ public function getAllowInCalls(): array;
 	 */
 	public function getAllowExceptInCalls(): array;
 
+
+	/**
+	 * @return list<string>
+	 */
+	public function getAllowInClassWithAttributes(): array;
+
+
+	/**
+	 * @return list<string>
+	 */
+	public function getAllowExceptInClassWithAttributes(): array;
+
 }
diff --git a/src/DisallowedAttribute.php b/src/DisallowedAttribute.php
@@ -118,6 +118,18 @@ public function getAllowExceptParams(): array
 	}
 
 
+	public function getAllowInClassWithAttributes(): array
+	{
+		return $this->allowedConfig->getAllowInClassWithAttributes();
+	}
+
+
+	public function getAllowExceptInClassWithAttributes(): array
+	{
+		return $this->allowedConfig->getAllowExceptInClassWithAttributes();
+	}
+
+
 	public function getErrorIdentifier(): ?string
 	{
 		return $this->errorIdentifier;

diff --git a/src/DisallowedCall.php b/src/DisallowedCall.php
@@ -133,6 +133,18 @@ public function getAllowExceptParams(): array
 	}
 
 
+	public function getAllowInClassWithAttributes(): array
+	{
+		return $this->allowedConfig->getAllowInClassWithAttributes();
+	}
+
+
+	public function getAllowExceptInClassWithAttributes(): array
+	{
+		return $this->allowedConfig->getAllowExceptInClassWithAttributes();
+	}
+
+
 	public function getErrorIdentifier(): ?string
 	{
 		return $this->errorIdentifier;

diff --git a/src/DisallowedConstant.php b/src/DisallowedConstant.php
@@ -86,6 +86,18 @@ public function getAllowExceptInCalls(): array
 	}
 
 
+	public function getAllowInClassWithAttributes(): array
+	{
+		throw new NotImplementedYetException();
+	}
+
+
+	public function getAllowExceptInClassWithAttributes(): array
+	{
+		throw new NotImplementedYetException();
+	}
+
+
 	public function getErrorIdentifier(): ?string
 	{
 		return $this->errorIdentifier;

diff --git a/src/DisallowedControlStructure.php b/src/DisallowedControlStructure.php
@@ -86,6 +86,18 @@ public function getAllowExceptInCalls(): array
 	}
 
 
+	public function getAllowInClassWithAttributes(): array
+	{
+		throw new NotImplementedYetException();
+	}
+
+
+	public function getAllowExceptInClassWithAttributes(): array
+	{
+		throw new NotImplementedYetException();
+	}
+
+
 	public function getErrorIdentifier(): ?string
 	{
 		return $this->errorIdentifier;

diff --git a/src/DisallowedNamespace.php b/src/DisallowedNamespace.php
@@ -101,6 +101,18 @@ public function getAllowExceptInCalls(): array
 	}
 
 
+	public function getAllowInClassWithAttributes(): array
+	{
+		throw new NotImplementedYetException();
+	}
+
+
+	public function getAllowExceptInClassWithAttributes(): array
+	{
+		throw new NotImplementedYetException();
+	}
+
+
 	public function getErrorIdentifier(): ?string
 	{
 		return $this->errorIdentifier;

diff --git a/src/DisallowedVariable.php b/src/DisallowedVariable.php
@@ -86,6 +86,18 @@ public function getAllowExceptInCalls(): array
 	}
 
 
+	public function getAllowInClassWithAttributes(): array
+	{
+		throw new NotImplementedYetException();
+	}
+
+
+	public function getAllowExceptInClassWithAttributes(): array
+	{
+		throw new NotImplementedYetException();
+	}
+
+
 	public function getErrorIdentifier(): ?string
 	{
 		return $this->errorIdentifier;

diff --git a/tests/Calls/FunctionCallsAllowInClassWithAttributesTest.php b/tests/Calls/FunctionCallsAllowInClassWithAttributesTest.php
@@ -0,0 +1,73 @@
+<?php
+declare(strict_types = 1);
+
+namespace Spaze\PHPStan\Rules\Disallowed\Calls;
+
+use PHPStan\Rules\Rule;
+use PHPStan\ShouldNotHappenException;
+use PHPStan\Testing\RuleTestCase;
+use Spaze\PHPStan\Rules\Disallowed\DisallowedCallFactory;
+use Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedCallableParameterRuleErrors;
+use Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedFunctionRuleErrors;
+
+class FunctionCallsAllowInClassWithAttributesTest extends RuleTestCase
+{
+
+	/**
+	 * @throws ShouldNotHappenException
+	 */
+	protected function getRule(): Rule
+	{
+		$container = self::getContainer();
+		return new FunctionCalls(
+			$container->getByType(DisallowedFunctionRuleErrors::class),
+			$container->getByType(DisallowedCallableParameterRuleErrors::class),
+			$container->getByType(DisallowedCallFactory::class),
+			[
+				[
+					'function' => 'md5()',
+					'allowInClassWithAttributes' => [
+						'\Attribute',
+					],
+				],
+				[
+					'function' => 'sha1()',
+					'allowInClassWithAttributes' => [
+						'\Attributes\Attribute2',
+						'\Attributes\Attribute3',
+					],
+				],
+				[
+					'function' => 'strlen()',
+					'allowExceptInClassWithAttributes' => [
+						'\Attributes\Attribute3',
+					],
+				],
+			]
+		);
+	}
+
+
+	public function testRule(): void
+	{
+		$this->analyse([__DIR__ . '/../src/AttributeClass.php'], [
+			[
+				'Calling strlen() is forbidden.',
+				30,
+			],
+			[
+				'Calling md5() is forbidden.',
+				41,
+			],
+		]);
+	}
+
+
+	public static function getAdditionalConfigFiles(): array
+	{
+		return [
+			__DIR__ . '/../../extension.neon',
+		];
+	}
+
+}
diff --git a/tests/Usages/AttributeUsagesAllowInClassWithAttributesTest.php b/tests/Usages/AttributeUsagesAllowInClassWithAttributesTest.php
@@ -0,0 +1,60 @@
+<?php
+declare(strict_types = 1);
+
+namespace Spaze\PHPStan\Rules\Disallowed\Usages;
+
+use PHPStan\Rules\Rule;
+use PHPStan\Testing\RuleTestCase;
+use Spaze\PHPStan\Rules\Disallowed\DisallowedAttributeFactory;
+use Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedAttributeRuleErrors;
+
+class AttributeUsagesAllowInClassWithAttributesTest extends RuleTestCase
+{
+
+	protected function getRule(): Rule
+	{
+		$container = self::getContainer();
+		return new AttributeUsages(
+			$container->getByType(DisallowedAttributeRuleErrors::class),
+			$container->getByType(DisallowedAttributeFactory::class),
+			[
+				[
+					'attribute' => '\Attributes\Attribute4',
+					'allowInClassWithAttributes' => [
+						'\Attributes\Attribute2',
+					],
+				],
+				[
+					'attribute' => '\Attributes\Attribute5',
+					'allowExceptInClassWithAttributes' => [
+						'\Attributes\Attribute3',
+					],
+				],
+			]
+		);
+	}
+
+
+	public function testRule(): void
+	{
+		$this->analyse([__DIR__ . '/../src/AttributeClass.php'], [
+			[
+				'Attribute Attributes\Attribute5 is forbidden.',
+				27,
+			],
+			[
+				'Attribute Attributes\Attribute4 is forbidden.',
+				38,
+			],
+		]);
+	}
+
+
+	public static function getAdditionalConfigFiles(): array
+	{
+		return [
+			__DIR__ . '/../../extension.neon',
+		];
+	}
+
+}
diff --git a/tests/src/AttributeClass.php b/tests/src/AttributeClass.php
@@ -6,6 +6,51 @@
 use Attribute;
 
 #[Attribute]
+#[Attribute2]
 class AttributeClass
 {
+
+	#[Attribute4]
+	public function method(): void
+	{
+		md5('QNKCDZO');
+		sha1('aaroZmOk');
+		strlen('anazgoh');
+	}
+
+}
+
+#[Attribute3]
+class AttributeClass2
+{
+
+	#[Attribute5]
+	public function method(): void
+	{
+		strlen('anazgoh');
+	}
+
+}
+
+class ChildAttributeClass extends AttributeClass
+{
+
+	#[Attribute4]
+	public function method(): void
+	{
+		md5('QNKCDZO');
+		strlen('anazgoh');
+	}
+
+}
+
+class ChildAttributeClass2
+{
+
+	#[Attribute5]
+	public function method(): void
+	{
+		strlen('anazgoh');
+	}
+
 }