Skip to content

Fix allowExceptInFunctions/Methods with multiple entries — only first entry was enforced#405

Merged
spaze merged 1 commit into
mainfrom
copilot/resolve-issue-not-found
Apr 24, 2026
Merged

Fix allowExceptInFunctions/Methods with multiple entries — only first entry was enforced#405
spaze merged 1 commit into
mainfrom
copilot/resolve-issue-not-found

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 24, 2026
edited
Loading

When allowExceptInFunctions (or allowExceptInMethods / disallowInFunctions / disallowInMethods) contained more than one entry, only calls from functions not matching the very first entry were correctly disallowed. Any call from a function matching the first entry would pass through to the second entry, which wouldn't match, causing an early return true (allowed).

Root cause: the loop bailed out on the first non-match instead of continuing:

// Before — returns allowed on first non-match, never checks remaining entries
foreach ($disallowed->getAllowExceptInCalls() as $call) {
    if (!$this->callMatches($scope, $call)) {
        return true;
    }
}

Fix: restructured to match the identical pattern already used by getAllowExceptIn() (path-based checks):

// After — returns forbidden on any match; allowed only after all entries pass
if ($disallowed->getAllowExceptInCalls()) {
    foreach ($disallowed->getAllowExceptInCalls() as $call) {
        if ($this->callMatches($scope, $call)) {
            return false;
        }
    }
    return true;
}
  • src/Allowed/Allowed.php — restores the correct guard + loop logic
  • tests/Calls/FunctionCallsAllowExceptInMultipleMethodsTest.php — new test asserting that both entries in a two-element allowExceptInMethods list are enforced
  • tests/src/RoyaleMultiple.php — fixture: three methods calling crc32(), two in the except list (expect errors), one outside (expect silence)

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/0525c73950de35ded110cffafb9892946d7771b5
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/XSfaN1 /usr/bin/composer install (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/1P9UC8 /usr/bin/composer install --no-interaction gn/gh-gpgsign-linux-x86_64 (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/6hia0i /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/PHPCSStandards/composer-installer/zipball/845eb62303d2ca9b289ef216356568ccc075ffd1
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/XSfaN1 /usr/bin/composer install (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/1P9UC8 /usr/bin/composer install --no-interaction gn/gh-gpgsign-linux-x86_64 (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/6hia0i /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/myclabs/DeepCopy/zipball/07d290f0c47959fd5eed98c95ee5602db07e0b6a
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/nette/neon/zipball/cc96bf5264d721d0c102bb976272d3d001a23e65
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/XSfaN1 /usr/bin/composer install (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/1P9UC8 /usr/bin/composer install --no-interaction gn/gh-gpgsign-linux-x86_64 (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/6hia0i /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/nikic/PHP-Parser/zipball/dca41cd15c2ac9d055ad70dbfd011130757d1f82
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/phar-io/manifest/zipball/54750ef60c58e43759730615a392c31c80e23176
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/phar-io/version/zipball/4f7fd7836c6f332bb2933569e566a0d6c4cbed74
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/php-parallel-lint/PHP-Console-Color/zipball/7adfefd530aa2d7570ba87100a99e2483a543b88
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/XSfaN1 /usr/bin/composer install (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/1P9UC8 /usr/bin/composer install --no-interaction gn/gh-gpgsign-linux-x86_64 (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/6hia0i /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/php-parallel-lint/PHP-Console-Highlighter/zipball/5b4803384d3303cf8e84141039ef56c8a123138d
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/XSfaN1 /usr/bin/composer install (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/1P9UC8 /usr/bin/composer install --no-interaction gn/gh-gpgsign-linux-x86_64 (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/6hia0i /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/php-parallel-lint/PHP-Parallel-Lint/zipball/6db563514f27e19595a19f45a4bf757b6401194e
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/XSfaN1 /usr/bin/composer install (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/1P9UC8 /usr/bin/composer install --no-interaction gn/gh-gpgsign-linux-x86_64 (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/6hia0i /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/phpstan/phpdoc-parser/zipball/a004701b11273a26cd7955a61d67a7f1e525a45a
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/XSfaN1 /usr/bin/composer install (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/1P9UC8 /usr/bin/composer install --no-interaction gn/gh-gpgsign-linux-x86_64 (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/6hia0i /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/phpstan/phpstan-deprecation-rules/zipball/6b5571001a7f04fa0422254c30a0017ec2f2cacc
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/phpstan/phpstan/zipball/dc3b523c45e714c70de2ac5113b958223b55dc59
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/XSfaN1 /usr/bin/composer install (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/1P9UC8 /usr/bin/composer install --no-interaction gn/gh-gpgsign-linux-x86_64 (http block)
    • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/6hia0i /usr/bin/composer install --no-interaction (http block)
  • https://api.github.com/repos/sebastianbergmann/cli-parser/zipball/90f41072d220e5c40df6e8635f5dafba2d9d4d04
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/comparator/zipball/c769009dee98f494e0edc3fd4f4087501688f11e
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/complexity/zipball/bad4316aba5303d0221f43f8cee37eb58d384bbb
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/diff/zipball/7ab1ea946c012266ca32390913653d844ecd085f
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/environment/zipball/b121608b28a13f721e76ffbbd386d08eff58f3f6
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/exporter/zipball/016951ae10980765e4e7aee491eb288c64e505b7
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/global-state/zipball/ef1377171613d09edd25b7816f05be8313f9115d
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/lines-of-code/zipball/97ffee3bcfb5805568d6af7f0f893678fc076d2f
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/1effe8e9b8e068e9ae228e542d5d11b5d16db894
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/4bfa827c969c98be1e527abd576533293c634f6a
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/876099a072646c7745f673d7aeab5382c4439691
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/3d1cd096ef6bea4bf2762ba586e35dbd317cbfd5
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/php-invoker/zipball/12b54e689b07a25a9b41e57736dfab6ec9ae5406
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/php-text-template/zipball/e1367a453f0eda562eedb4f659e13aa900d66c53
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/php-timer/zipball/f258ce36aa457f3aa3339f9ed4c81fc66dc8c2cc
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/phpunit/zipball/c54fcf3d6bcb6e96ac2f7e40097dc37b5f139969
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/0b01998a7d5b1f122911a66bebcb8d46f0c82d8c
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/type/zipball/e549163b9760b8f71f191651d22acf32d56d6d4d
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/sebastianbergmann/version/zipball/3e6ccf7657d4f0a59200564b08cead899313b53c
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/shipmonk-rnd/dead-code-detector/zipball/e0e8d9ec48a60e4db5d54750e45196683e5f0a3c
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/slevomat/coding-standard/zipball/66151cfbd25b50e8becd9f809fb704f01fd4d6f2
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/spaze/coding-standard/zipball/f6e60556738d425bbd8f7b1e3c9c14459606dc6e
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/staabm/side-effects-detector/zipball/d8334211a140ce329c13726d4a715adbddd0a163
    • Triggering command: REDACTED, pid is -1 (http block)
  • https://api.github.com/repos/theseer/tokenizer/zipball/7989e43bf381af0eac72e4f0ca5bcbfa81658be4
    • Triggering command: REDACTED, pid is -1 (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue Apr 24, 2026 that may be closed by this pull request
Issue not found #404
Closed
Copilot AI changed the title [WIP] Fix issue not found by restoring Chesterston's fence Fix allowExceptInFunctions/Methods with multiple entries — only first entry was enforced Apr 24, 2026
Copilot AI requested a review from spaze April 24, 2026 03:23
@spaze spaze mentioned this pull request Apr 24, 2026
Closed
@spaze spaze removed a link to an issue Apr 24, 2026
Issue not found #404
Closed
@spaze spaze linked an issue Apr 24, 2026 that may be closed by this pull request
allowExceptInFunctions / disallowInFunctions silently ignores all but the first entry #400
Closed
spaze
spaze approved these changes Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@spaze spaze left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and LGT Claude Code as well.

@spaze spaze marked this pull request as ready for review April 24, 2026 12:20
Copilot AI review requested due to automatic review settings April 24, 2026 12:20
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a logic bug in Allowed::isAllowed() where allowExceptInFunctions/Methods (and related disallowIn* aliases) only effectively enforced the first configured entry, allowing calls that should have been forbidden when multiple entries were provided.

Changes:

  • Corrected allowExceptInCalls handling to only allow after checking all configured entries (forbid on any match).
  • Added a regression test covering multiple allowExceptInMethods entries.
  • Added a new fixture class with multiple methods to exercise the rule behavior.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
src/Allowed/Allowed.php Fixes the allowExceptInCalls loop/guard logic so multiple entries are evaluated correctly.
tests/Calls/FunctionCallsAllowExceptInMultipleMethodsTest.php Adds a regression test ensuring both entries in allowExceptInMethods are enforced.
tests/src/RoyaleMultiple.php New fixture with multiple methods calling crc32() to validate the rule behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/Calls/FunctionCallsAllowExceptInMultipleMethodsTest.php Outdated
@spaze spaze force-pushed the copilot/resolve-issue-not-found branch from 1f79fbf to 04dd1ca Compare April 24, 2026 15:23
@spaze spaze requested a review from Copilot April 24, 2026 15:24
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/Calls/FunctionCallsAllowExceptInMultipleMethodsTest.php Outdated
Comment thread src/Allowed/Allowed.php
@spaze spaze force-pushed the copilot/resolve-issue-not-found branch from 04dd1ca to 6f83846 Compare April 24, 2026 15:31
@spaze spaze requested a review from Copilot April 24, 2026 15:31
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@spaze spaze merged commit f0c9b22 into main Apr 24, 2026
154 checks passed
@spaze spaze deleted the copilot/resolve-issue-not-found branch April 24, 2026 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spaze spaze spaze approved these changes

Copilot code review Copilot Copilot left review comments

Assignees

@spaze spaze

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

allowExceptInFunctions / disallowInFunctions silently ignores all but the first entry

3 participants

@spaze