search

mortenson / psalm-plugin-drupal

A project to add Psalm support for Drupal for security testing, focused only on taint analysis.
Other
43 stars 7 forks source link

Issue #9: Use the latest version of psalm/plugin-symfony compatible with Symfony 6 and Psalm 4. #10

Closed FlorentTorregrosa closed 1 year ago

FlorentTorregrosa commented 1 year ago

I tried to execute PHPUnit tests locally, but for that I had to change PHPUnit version because PHPUnit 7 is not compatible with PHP 8.1, so I tried with PHPUnit 8.

After that I got some tests in error (the error was the same for all tests):

Fail  Failed to parse output: Fatal error: Declaration of Drupal\Core\DrupalKernel::handle(Symfony\Component\HttpFoundation\Request $request, $type = self::MASTER_REQUEST, $catch = true) must be compatible with Symfony\Component\HttpKernel\HttpKernelInterface::handle(Symfony\Component\HttpFoundation\Request $request, int $type = self::MAIN_REQUEST, bool $catch = true): Symfony\Component\HttpFoundation\Response in /project/contrib/psalm-plugin-drupal/tests/_tmp/drupal/core/lib/Drupal/Core/DrupalKernel.php on line 691

So I tried to use Drupal 10.0.0 in pretest.php, less tests in error, new error:

1) Psalm Plugin Drupal: ContainerHandler works
 Test  tests/acceptance/PsalmPluginDrupal.feature:ContainerHandler works
 Step  I see these errors 
   | Type       | Message              |
   | TaintedSql | Detected tainted SQL |
 Fail  Failed to parse output: Error: Call to undefined method Symfony\Component\DependencyInjection\Definition::getClassName() in /project/contrib/psalm-plugin-drupal/ContainerHandler.php on line 61 #0 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/EventDispatcher.php(319): mortenson\PsalmPluginDrupal\ContainerHandler::afterMethodCallAnalysis(Object(PhpParser\Node\Expr\StaticCall), 'Drupal::service', 'Drupal::service', 'Drupal::service', Object(Psalm\Context), Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(Psalm\Codebase), Array, Object(Psalm\Type\Union))
#1 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/Expression/Call/StaticMethod/ExistingAtomicStaticCallAnalyzer.php(409): Psalm\Internal\EventDispatcher->dispatchAfterMethodCallAnalysis(Object(Psalm\Plugin\EventHandler\Event\AfterMethodCallAnalysisEvent))
#2 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/Expression/Call/StaticMethod/AtomicStaticCallAnalyzer.php(877): Psalm\Internal\Analyzer\Statements\Expression\Call\StaticMethod\ExistingAtomicStaticCallAnalyzer::analyze(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Expr\StaticCall), Object(PhpParser\Node\Identifier), Array, Object(Psalm\Context), Object(Psalm\Type\Atomic\TNamedObject), Object(Psalm\Internal\MethodIdentifier), 'Drupal::service', Object(Psalm\Storage\ClassLikeStorage), false)
#3 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/Expression/Call/StaticMethod/AtomicStaticCallAnalyzer.php(202): Psalm\Internal\Analyzer\Statements\Expression\Call\StaticMethod\AtomicStaticCallAnalyzer::handleNamedCall(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Expr\StaticCall), Object(PhpParser\Node\Identifier), Object(Psalm\Context), Object(Psalm\Type\Atomic\TNamedObject), Array, 'Drupal', false, true)
#4 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/Expression/Call/StaticCallAnalyzer.php(215): Psalm\Internal\Analyzer\Statements\Expression\Call\StaticMethod\AtomicStaticCallAnalyzer::analyze(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Expr\StaticCall), Object(Psalm\Context), Object(Psalm\Type\Atomic\TNamedObject), false, false, false, true)
#5 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/ExpressionAnalyzer.php(190): Psalm\Internal\Analyzer\Statements\Expression\Call\StaticCallAnalyzer::analyze(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Expr\StaticCall), Object(Psalm\Context))
#6 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/ExpressionAnalyzer.php(78): Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer::handleExpression(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Expr\StaticCall), Object(Psalm\Context), false, NULL, false)
#7 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/Expression/Call/MethodCallAnalyzer.php(60): Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer::analyze(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Expr\StaticCall), Object(Psalm\Context))
#8 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/ExpressionAnalyzer.php(186): Psalm\Internal\Analyzer\Statements\Expression\Call\MethodCallAnalyzer::analyze(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Expr\MethodCall), Object(Psalm\Context))
#9 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/ExpressionAnalyzer.php(78): Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer::handleExpression(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Expr\MethodCall), Object(Psalm\Context), false, NULL, true)
#10 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/StatementsAnalyzer.php(572): Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer::analyze(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Expr\MethodCall), Object(Psalm\Context), false, NULL, true)
#11 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/StatementsAnalyzer.php(207): Psalm\Internal\Analyzer\StatementsAnalyzer::analyzeStatement(Object(Psalm\Internal\Analyzer\StatementsAnalyzer), Object(PhpParser\Node\Stmt\Expression), Object(Psalm\Context), NULL)
#12 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/FileAnalyzer.php(205): Psalm\Internal\Analyzer\StatementsAnalyzer->analyze(Array, Object(Psalm\Context), NULL, true)
#13 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Codebase/Analyzer.php(362): Psalm\Internal\Analyzer\FileAnalyzer->analyze()
#14 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Codebase/Analyzer.php(619): Psalm\Internal\Codebase\Analyzer->Psalm\Internal\Codebase\{closure}(0, '/project/contri...')
#15 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Codebase/Analyzer.php(291): Psalm\Internal\Codebase\Analyzer->doAnalysis(Object(Psalm\Internal\Analyzer\ProjectAnalyzer), 7)
#16 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/ProjectAnalyzer.php(691): Psalm\Internal\Codebase\Analyzer->analyzeFiles(Object(Psalm\Internal\Analyzer\ProjectAnalyzer), 7, false, true)
#17 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/src/Psalm/Internal/Cli/Psalm.php(373): Psalm\Internal\Analyzer\ProjectAnalyzer->check('/project/contri...', false)
#18 /project/contrib/psalm-plugin-drupal/vendor/vimeo/psalm/psalm(7): Psalm\Internal\Cli\Psalm::run(Array)
#19 /project/contrib/psalm-plugin-drupal/vendor/bin/psalm(120): include('/project/contri...')
#20 {main}
Error: Call to undefined method Symfony\Component\DependencyInjection\Definition::getClassName() in mortenson\PsalmPluginDrupal\ContainerHandler::afterMethodCallAnalysis() (line 61 of /project/contrib/psalm-plugin-drupal/ContainerHandler.php).
Error:Syntax error

Scenario Steps:

 14. $I->seeTheseErrors("| Type       | Message              |\n| TaintedSql | Detected tainted SQL |")
 13. $I->runPsalmIn("tests/_tmp/drupal") at tests/_support/AcceptanceTester.php:38
 12. $I->runShellCommand("cd tests/_tmp/drupal && php ../../../scripts/generate_entrypoint.php ../../../tests/_run") at tests/_support/AcceptanceTester.php:36
 11. $I->haveTheFollowingCode("\\Drupal::service('database')->query($_GET['input']);")
 10. $I->haveTheFollowingConfig("<?xml version="1.0"?>\n<psalm\n  errorLevel="6"\n  resolveFromConfigFile="true"\n  runTaintAnalysis="true"\n  autoloader="../../../scripts/autoload.php"\n>\n    <fileExtensi...")
 9. $I->haveTheFollowingCodePreamble("<?php\n")

Finally got it!

But I think it will require a new major version...

mortenson commented 1 year ago

We don't have many users now, and I haven't officially done a release at all, so I think I will merge this now and ask people to pin to old commits if they are running old versions of Drupal.

FlorentTorregrosa commented 1 year ago

Thanks for the merges :)

I confirm that the latest dev version of psalm-plugin-drupal is ok for:

Do not mind the failing pipelines on my skeleton, it is because I no more have free Gitlab CI minutes this month.