Fix phpstan/phpstan#14063: Readonly property modification through clone() not reported outside allowed scope

- Fixed PhpPropertyReflection::isProtectedSet() to handle readonly class promoted properties
- BetterReflection's computeModifiers misses implicit protected(set) when readonly comes from the class rather than the property node
- Added regression test in AccessPropertiesInAssignRuleTest and ReadOnlyPropertyAssignRuleTest

Author: VincentLanglet

src/Reflection/Php/PhpPropertyReflection.php

@@ -312,7 +312,24 @@ public function getHook(string $hookType): ExtendedMethodReflection
 
 	public function isProtectedSet(): bool
 	{
-		return $this->reflection->isProtectedSet();
+		if ($this->reflection->isProtectedSet()) {
+			return true;
+		}
+
+		// Workaround: BetterReflection's computeModifiers only checks the property
+		// node's readonly flag when adding implicit protected(set) for public readonly
+		// properties. For promoted properties in readonly classes, the readonly flag
+		// is on the class, not the property node, so the implicit protected(set) is missed.
+		if (
+			$this->declaringClass->isReadOnly()
+			&& $this->reflection->isPublic()
+			&& !$this->reflection->isPrivateSet()
+			&& ($this->reflection->getModifiers() & ReflectionProperty::IS_READONLY_COMPATIBILITY) === 0
+		) {
+			return true;
+		}
+
+		return false;
 	}
 
 	public function isPrivateSet(): bool

tests/PHPStan/Rules/Properties/AccessPropertiesInAssignRuleTest.php

@@ -234,4 +234,31 @@ public function testCloneWith(): void
 		]);
 	}
 
+	#[RequiresPhp('>= 8.5')]
+	public function testBug14063(): void
+	{
+		$this->analyse([__DIR__ . '/data/bug-14063.php'], [
+			[
+				'Assign to protected(set) property Bug14063\Obj::$value.',
+				51,
+			],
+			[
+				'Assign to protected(set) property Bug14063\Bar::$value.',
+				54,
+			],
+			[
+				'Assign to protected(set) property Bug14063\Baz::$pub.',
+				57,
+			],
+			[
+				'Access to protected property Bug14063\Baz::$prot.',
+				57,
+			],
+			[
+				'Access to private property Bug14063\Baz::$priv.',
+				57,
+			],
+		]);
+	}
+
 }

tests/PHPStan/Rules/Properties/ReadOnlyPropertyAssignRuleTest.php

@@ -180,4 +180,10 @@ public function testCloneWith(): void
 		$this->analyse([__DIR__ . '/data/readonly-property-assign-clone-with.php'], []);
 	}
 
+	#[RequiresPhp('>= 8.5')]
+	public function testBug14063(): void
+	{
+		$this->analyse([__DIR__ . '/data/bug-14063.php'], []);
+	}
+
 }

tests/PHPStan/Rules/Properties/data/bug-14063.php

@@ -0,0 +1,62 @@
+<?php // lint >= 8.5
+
+declare(strict_types = 1);
+
+namespace Bug14063;
+
+final readonly class Obj
+{
+	public function __construct(public string $value) {}
+
+	public function doFoo(): void
+	{
+		clone($this, ['value' => 'newVal']);
+	}
+}
+
+class Bar
+{
+	public readonly string $value;
+
+	public function __construct(string $value)
+	{
+		$this->value = $value;
+	}
+
+	public function doFoo(): void
+	{
+		clone($this, ['value' => 'newVal']);
+	}
+}
+
+readonly class Baz
+{
+	public function __construct(
+		public string $pub,
+		protected string $prot,
+		private string $priv,
+	) {}
+
+	public function doFoo(): void
+	{
+		clone($this, [
+			'pub' => 'newVal',
+			'prot' => 'newVal',
+			'priv' => 'newVal',
+		]);
+	}
+}
+
+$obj = new Obj('val');
+$newObj = clone($obj, ['value' => 'newVal']);
+
+$bar = new Bar('val');
+$newBar = clone($bar, ['value' => 'newVal']);
+
+function (Baz $baz): void {
+	clone($baz, [
+		'pub' => 'newVal',
+		'prot' => 'newVal',
+		'priv' => 'newVal',
+	]);
+};