-
-
Notifications
You must be signed in to change notification settings - Fork 24
Expand file tree
/
Copy pathPdoStatementExecuteMethodRule.php
More file actions
125 lines (106 loc) · 4.07 KB
/
PdoStatementExecuteMethodRule.php
File metadata and controls
125 lines (106 loc) · 4.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
declare(strict_types=1);
namespace staabm\PHPStanDba\Rules;
use PDOStatement;
use PhpParser\Node;
use PhpParser\Node\Expr\MethodCall;
use PHPStan\Analyser\Scope;
use PHPStan\Reflection\MethodReflection;
use PHPStan\Rules\Rule;
use PHPStan\Rules\RuleError;
use PHPStan\Rules\RuleErrorBuilder;
use PHPStan\Type\Constant\ConstantArrayType;
use PHPStan\Type\Constant\ConstantIntegerType;
use PHPStan\Type\Constant\ConstantStringType;
use PHPStan\Type\MixedType;
use staabm\PHPStanDba\PdoReflection\PdoStatementReflection;
use staabm\PHPStanDba\QueryReflection\PlaceholderValidation;
use staabm\PHPStanDba\QueryReflection\QueryReflection;
use staabm\PHPStanDba\UnresolvableQueryException;
/**
* @implements Rule<MethodCall>
*
* @see PdoStatementExecuteErrorMethodRuleTest
*/
final class PdoStatementExecuteMethodRule implements Rule
{
public function getNodeType(): string
{
return MethodCall::class;
}
public function processNode(Node $methodCall, Scope $scope): array
{
if (!$methodCall->name instanceof Node\Identifier) {
return [];
}
$methodReflection = $scope->getMethodReflection($scope->getType($methodCall->var), $methodCall->name->toString());
if (null === $methodReflection) {
return [];
}
if (PdoStatement::class !== $methodReflection->getDeclaringClass()->getName()) {
return [];
}
if ('execute' !== strtolower($methodReflection->getName())) {
return [];
}
return $this->checkErrors($methodReflection, $methodCall, $scope);
}
/**
* @return RuleError[]
*/
private function checkErrors(MethodReflection $methodReflection, MethodCall $methodCall, Scope $scope): array
{
$queryReflection = new QueryReflection();
$stmtReflection = new PdoStatementReflection();
$queryExpr = $stmtReflection->findPrepareQueryStringExpression($methodCall);
if (null === $queryExpr) {
return [];
}
if ($scope->getType($queryExpr) instanceof MixedType) {
return [];
}
$args = $methodCall->getArgs();
if (\count($args) < 1) {
$parameterKeys = [];
$parameterValues = [];
$calls = $stmtReflection->findPrepareBindCalls($methodCall);
foreach ($calls as $bindCall) {
$args = $bindCall->getArgs();
if (\count($args) >= 2) {
$keyType = $scope->getType($args[0]->value);
if ($keyType instanceof ConstantIntegerType || $keyType instanceof ConstantStringType) {
$parameterKeys[] = $keyType;
$parameterValues[] = $scope->getType($args[1]->value);
}
}
}
$parameterTypes = new ConstantArrayType($parameterKeys, $parameterValues);
} else {
$parameterTypes = $scope->getType($args[0]->value);
}
try {
$parameters = $queryReflection->resolveParameters($parameterTypes, null) ?? [];
} catch (UnresolvableQueryException $exception) {
return [
RuleErrorBuilder::message($exception->asRuleMessage())->tip(UnresolvableQueryException::RULE_TIP)->line($methodCall->getLine())->build(),
];
}
try {
$errors = [];
$placeholderValidation = new PlaceholderValidation();
foreach ($placeholderValidation->checkQuery($queryExpr, $scope, $parameters) as $error) {
// make error messages unique
$errors[$error] = $error;
}
} catch (UnresolvableQueryException $exception) {
return [
RuleErrorBuilder::message($exception->asRuleMessage())->tip(UnresolvableQueryException::RULE_TIP)->line($methodCall->getLine())->build(),
];
}
$ruleErrors = [];
foreach ($errors as $error) {
$ruleErrors[] = RuleErrorBuilder::message($error)->line($methodCall->getLine())->build();
}
return $ruleErrors;
}
}