[php2cpg] feat: support scope resolution operators#5782
[php2cpg] feat: support scope resolution operators#5782
Conversation
| } | ||
|
|
||
| "have 'this' as the call receiver" in { | ||
| inside(cpg.call("bar").receiver.isIdentifier.l) { case (identifier: Identifier) :: Nil => |
There was a problem hiding this comment.
Please check that the this argument has a REF edge to the this parameter of the enclosing method
| } | ||
| } | ||
|
|
||
| "contain <staticReceiver> as argument 0 of static functions" in { |
There was a problem hiding this comment.
| "contain <staticReceiver> as argument 0 of static functions" in { | |
| "contain <staticReceiver> as parameter 0 of static functions" in { |
| identifier.name shouldBe NameConstants.StaticReceiver | ||
| identifier.code shouldBe NameConstants.Static |
There was a problem hiding this comment.
Are we going to add special support for this to the dataflow engine? I could be missing something, but it looks like the <staticReceiver> call receiver will be a dead-end for dataflow tracking as it is currently
There was a problem hiding this comment.
Yeah, but the details I discussed with @ml86 around this are escaping me :D. I'm gonna chat about it in my 1-on-1 with him later today.
There was a problem hiding this comment.
<staticReceiver> is from the data flow engines perspective just a normal parameter and static:: calls are normal dynamic call sites. This is just a big fat misnomer from the PHP people.
| fooMethod.parameter.headOption.map(_.name) shouldBe Some(NameConstants.StaticReceiver) | ||
|
|
||
| barMethod.name shouldBe "bar" | ||
| barMethod.parameter.headOption.map(_.name) shouldBe Some(NameConstants.StaticReceiver) |
There was a problem hiding this comment.
First parameter returned by .parameter step is not guaranteed to be the one with order 0. You have to filter for that.
| inside(cpg.call("bar").l) { case (call: Call) :: Nil => | ||
| call.staticReceiver shouldBe Some("Foo") | ||
| } | ||
| } |
There was a problem hiding this comment.
<staticReceiver> parameter of foo needs to be argument 0 to bar call. At least the check for that is missing.
| inside(cpg.call("bar").l) { case (call: Call) :: Nil => | ||
| call.staticReceiver shouldBe Some("Foo") | ||
| } | ||
| } |
There was a problem hiding this comment.
$this parameter of foo needs to be argument 0 to bar call. At least the check for that is missing.
| inside(cpg.call("bar").l) { case (call: Call) :: Nil => | ||
| call.staticReceiver shouldBe Some("Foo") | ||
| } | ||
| } |
There was a problem hiding this comment.
$this parameter of foo needs to be argument 0 to bar call. At least the check for that is missing.
| inside(cpg.call("bar").l) { case (call: Call) :: Nil => | ||
| call.staticReceiver shouldBe Some("Base") | ||
| } | ||
| } |
There was a problem hiding this comment.
Like above the argument 0 check is missing.
| inside(cpg.call("bar").l) { case (call: Call) :: Nil => | ||
| call.staticReceiver shouldBe Some("Base") | ||
| } | ||
| } |
There was a problem hiding this comment.
Like above the argument 0 check is missing.
| inside(cpg.call("bar").l) { case (call: Call) :: Nil => | ||
| call.staticReceiver shouldBe Some("Base") | ||
| } | ||
| } |
There was a problem hiding this comment.
Like above the argument 0 check is missing.
| inside(cpg.call("bar").l) { case (call: Call) :: Nil => | ||
| call.staticReceiver shouldBe Some("Base") | ||
| } | ||
| } |
There was a problem hiding this comment.
Like above the argument 0 check is missing.
| } | ||
| } | ||
|
|
||
| "have the correct receivers" in { |
There was a problem hiding this comment.
Here and in all the other tests above: Please change the test name to "have the correct staticReceiver property."
|
|
||
| inside(call.receiver.isIdentifier.l) { case (identifier: Identifier) :: Nil => | ||
| identifier.name shouldBe NameConstants.StaticReceiver | ||
| identifier.code shouldBe NameConstants.Static |
There was a problem hiding this comment.
For the slightly extended example
<?php
class Foo {
public static function foo($test) {
static::bar($test);
}
private static function bar($value) { echo $value; }
}
Foo::foo("hello");
my concern is how we get the type of <staticReceiver> from the Foo::foo call. I spoke @TNSelahle and I did miss the fact that static functions now have the <staticReceiver> parameter 0, but I don't think we're adding a corresponding argument at the call site. We have the STATIC_RECEIVER field which we could use for this, but we'd need to add special backend handling for that, as far as I am aware.
There was a problem hiding this comment.
In this example we use TYPE_REF Foo as argument 0 for the Foo::foo call.
There was a problem hiding this comment.
That is missing from this PR (foo only has the literal argument). @TNSelahle could you please add a testcase for the static call arguments, along with providing the type ref for that?
TNSelahle
force-pushed
the
tebogo/php-improvements
branch
2 times, most recently
from
44106fb to
f672d27
Compare
TNSelahle
force-pushed
the
tebogo/php-improvements
branch
from
f672d27 to
87723f5
Compare
TNSelahle
force-pushed
the
tebogo/php-improvements
branch
from
87723f5 to
2874a68
Compare
3 participants
Add support for
staticandparentclass scope resolution operators.Relates to https://github.com/ShiftLeftSecurity/codescience/issues/8640