getAllowExceptInCalls loop to check all entries before allowing

Copilot · spaze · commit 6f83846e44ad · 2026-04-24T17:31:29.000+02:00
diff --git a/src/Allowed/Allowed.php b/src/Allowed/Allowed.php
@@ -64,10 +64,13 @@ public function isAllowed(?Node $node, Scope $scope, ?array $args, Disallowed $d
 				return !$hasParams || $this->hasAllowedParamsInAllowed($scope, $args, $disallowed);
 			}
 		}
-		foreach ($disallowed->getAllowExceptInCalls() as $call) {
-			if (!$this->callMatches($scope, $call)) {
-				return true;
+		if ($disallowed->getAllowExceptInCalls()) {
+			foreach ($disallowed->getAllowExceptInCalls() as $call) {
+				if ($this->callMatches($scope, $call)) {
+					return false;
+				}
 			}
+			return true;
 		}
 		foreach ($disallowed->getAllowIn() as $allowedPath) {
 			if ($this->allowedPath->matches($scope, $allowedPath)) {
diff --git a/tests/Calls/FunctionCallsAllowExceptInMultipleMethodsTest.php b/tests/Calls/FunctionCallsAllowExceptInMultipleMethodsTest.php
@@ -0,0 +1,67 @@
+<?php
+declare(strict_types = 1);
+
+namespace Spaze\PHPStan\Rules\Disallowed\Calls;
+
+use PHPStan\Rules\Rule;
+use PHPStan\ShouldNotHappenException;
+use PHPStan\Testing\RuleTestCase;
+use Spaze\PHPStan\Rules\Disallowed\DisallowedCallFactory;
+use Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedCallableParameterRuleErrors;
+use Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedFunctionRuleErrors;
+
+/**
+ * @extends RuleTestCase<FunctionCalls>
+ */
+class FunctionCallsAllowExceptInMultipleMethodsTest extends RuleTestCase
+{
+
+	/**
+	 * @throws ShouldNotHappenException
+	 */
+	protected function getRule(): Rule
+	{
+		$container = self::getContainer();
+		return new FunctionCalls(
+			$container->getByType(DisallowedFunctionRuleErrors::class),
+			$container->getByType(DisallowedCallableParameterRuleErrors::class),
+			$container->getByType(DisallowedCallFactory::class),
+			[
+				[
+					'function' => 'crc32()',
+					'allowExceptInMethods' => [
+						'\\Fiction\\Pulp\\RoyaleMultiple::methodA()',
+						'\\Fiction\\Pulp\\RoyaleMultiple::methodB()',
+					],
+				],
+			]
+		);
+	}
+
+
+	public function testRule(): void
+	{
+		// Based on the configuration above, in this file:
+		$this->analyse([__DIR__ . '/../src/RoyaleMultiple.php'], [
+			[
+				// expect this error message:
+				'Calling crc32() is forbidden.',
+				// on this line:
+				11,
+			],
+			[
+				'Calling crc32() is forbidden.',
+				17,
+			],
+		]);
+	}
+
+
+	public static function getAdditionalConfigFiles(): array
+	{
+		return [
+			__DIR__ . '/../../extension.neon',
+		];
+	}
+
+}
diff --git a/tests/src/RoyaleMultiple.php b/tests/src/RoyaleMultiple.php
@@ -0,0 +1,26 @@
+<?php
+declare(strict_types = 1);
+
+namespace Fiction\Pulp;
+
+class RoyaleMultiple
+{
+
+	public function methodA(): void
+	{
+		$foo = crc32('a');
+	}
+
+
+	public function methodB(): void
+	{
+		$foo = crc32('b');
+	}
+
+
+	public function methodC(): void
+	{
+		$foo = crc32('c');
+	}
+
+}

Original file line number	Diff line number	Diff line change
`@@ -64,10 +64,13 @@ public function isAllowed(?Node $node, Scope $scope, ?array $args, Disallowed $d`
`64`	`64`	`return !$hasParams \|\| $this->hasAllowedParamsInAllowed($scope, $args, $disallowed);`
`65`	`65`	`}`
`66`	`66`	`}`
`67`		`- foreach ($disallowed->getAllowExceptInCalls() as $call) {`
`68`		`- if (!$this->callMatches($scope, $call)) {`
`69`		`- return true;`
	`67`	`+ if ($disallowed->getAllowExceptInCalls()) {`
	`68`	`+ foreach ($disallowed->getAllowExceptInCalls() as $call) {`
	`69`	`+ if ($this->callMatches($scope, $call)) {`
	`70`	`+ return false;`
	`71`	`+ }`
`70`	`72`	`}`
	`73`	`+ return true;`
`71`	`74`	`}`
`72`	`75`	`foreach ($disallowed->getAllowIn() as $allowedPath) {`
`73`	`76`	`if ($this->allowedPath->matches($scope, $allowedPath)) {`