Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PHPStan Fixes #4136

Merged
merged 14 commits into from
Jan 22, 2021
Merged

PHPStan Fixes #4136

merged 14 commits into from
Jan 22, 2021

Conversation

MGatner
Copy link
Member

@MGatner MGatner commented Jan 19, 2021

Description

  • Adds composer.json to the path list for PHPStan Action
  • Specifies the Same Site Cookie string values for PHPStan compliance
  • Removes the ignore line for a now-passing check

See #4134

Checklist:

  • Securely signed commits
  • Component(s) with PHPdocs
  • Unit testing, with >80% coverage
  • n/a User guide updated
  • Conforms to style guide

@MGatner
Copy link
Member Author

MGatner commented Jan 19, 2021

It appears that Rector does not understand explicit strings for PHPDoc types, which PHPStan requires. @samsonasik or @paulbalandan have any suggestions?

@MGatner
Copy link
Member Author

MGatner commented Jan 19, 2021
edited
Loading

E.g.

2) app/Config/Security.php
28 
29     ---------- begin diff ----------
30 --- Original
31 +++ New
32 @@ -86,7 +86,7 @@
33  	 * Defaults to `Lax` as recommended in this link:
34  	 * @see https://portswigger.net/web-security/csrf/samesite-cookies
35  	 *
36 -	 * @var 'Lax'|'None'|'Strict'
37 +	 * @var Lax|None|Strict
38  	 */
39  	public $samesite = 'Lax';
40  }
41     ----------- end diff -----------

@samsonasik
Copy link
Member

samsonasik commented Jan 19, 2021
edited
Loading

That seems related to Format preserving doc, ref :

I may create a workaround patch for this in rector side, eg in the ContentPatcher class when I have a chance:

https://github.com/rectorphp/rector/blob/133322cc658fcd8d5ba162b4a18c7d9d88eba714/src/PhpParser/Printer/ContentPatcher.php#L142-L147

For now, I think we can do with:

/** @var string 'Lax'|'None'|'Strict' */

ref :

@paulbalandan
Copy link
Member

paulbalandan commented Jan 19, 2021
edited
Loading

Try this if you need to be explicit of the type in phpstan.

// for vars
 * @var string
 * @phpstan-var 'Lax'|'None'|'Strict'

// for returns
 * @return object
 * @phpstan-return TObject

Seems phpstan understand those pseudo-docblocks just like in psalm.

Deeper fix for the cookie samesite issue is to let phpstan know that we are actually filtering and formatting the allowed values to samesite. This way it can infer that samesite is indeed within the allowed values and the @var string would still be allowed. For the meantime, the fix is unexpected and very clever. 😂

@samsonasik
Copy link
Member

@paulbalandan the @phpstan-var 'Lax'|'None'|'Strict' is not work for rector post -processing right now ref https://getrector.org/demo/1d208398-63da-4f18-8e44-00e16b72bb3e

Need a workaround patch in rector side while wait for a real fix in nikic/php-parser side.

@paulbalandan
Copy link
Member

paulbalandan commented Jan 19, 2021
edited
Loading

It actually works for me though. You need to have both @var and @phpstan-var.

https://getrector.org/demo/7ed7b50f-7193-4f45-bade-322d372d7343
https://phpstan.org/r/5f71cef4-03ec-4adf-8ca4-4d126af63830

@samsonasik
Copy link
Member

Ok, that seems a solution, but need different /* */ block to make work in phpstan ref

https://phpstan.org/r/15ddc4ad-57a1-4d3b-ac04-bbb2075dda73

vs

https://phpstan.org/r/421f43cf-2eac-4f5f-98c2-929fbca30543

@paulbalandan
Copy link
Member

No need. You just have a typo in your second phpstan ref

@samsonasik
Copy link
Member

@paulbalandan oh yeah, you're correct 👍

@MGatner
Copy link
Member Author

MGatner commented Jan 19, 2021

Thanks for taking a look guys. Can someone either push the final version you agreed on or suggest it in a review?

paulbalandan
paulbalandan reviewed Jan 19, 2021
View reviewed changes
app/Config/App.php Outdated Show resolved Hide resolved
app/Config/Security.php Outdated Show resolved Hide resolved
system/Security/Security.php Outdated Show resolved Hide resolved
system/Session/Session.php Outdated Show resolved Hide resolved
samsonasik
samsonasik reviewed Jan 19, 2021
View reviewed changes
app/Config/Security.php Outdated Show resolved Hide resolved
@MGatner
Copy link
Member Author

MGatner commented Jan 19, 2021

Thank you both. GitHub is not allowing me to commit revisions for some reason, looks like a bug, but I will get these applied later when I can get back to my server with this branch.

MGatner and others added 4 commits January 19, 2021 18:10
@MGatner @paulbalandan
Update app/Config/App.php
2cf5b27 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@MGatner @paulbalandan
Update app/Config/Security.php
19dcda4 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@MGatner @paulbalandan
Update system/Security/Security.php
384dd96 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@MGatner @paulbalandan
Update system/Session/Session.php
97d1e3b 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@totoprayogo1916
Copy link
Contributor

Is it possible to use this : @var string[Lax|None|Strict] ?

@samsonasik
Copy link
Member

samsonasik commented Jan 20, 2021
edited
Loading

@MGatner @paulbalandan the @phpstan-var 'Lax'|'None'|'Strict' seems only working in rector 0.9 (require php 7.3 in 4.1 branch). I think for now, we can use:

/** @var string 'Lax'|'None'|'Strict' */

as I previously suggested for develop branch ( php 7.2 ).

@totoprayogo1916 this patch want a quoted doc.

samsonasik
samsonasik reviewed Jan 22, 2021
View reviewed changes
app/Config/App.php Outdated Show resolved Hide resolved
samsonasik
samsonasik reviewed Jan 22, 2021
View reviewed changes
app/Config/Security.php Outdated Show resolved Hide resolved
samsonasik
samsonasik reviewed Jan 22, 2021
View reviewed changes
app/Config/App.php Outdated Show resolved Hide resolved
samsonasik
samsonasik reviewed Jan 22, 2021
View reviewed changes
app/Config/Security.php Outdated Show resolved Hide resolved
@samsonasik
Copy link
Member

samsonasik commented Jan 22, 2021
edited
Loading

I am going to merge it right now, I will try to fix the error affected in system/Security/Security.php and system/Session/Session.php in separate PR

@samsonasik samsonasik merged commit 2da3a86 into codeigniter4:develop Jan 22, 2021
@samsonasik
Copy link
Member

Thank you all, I created new PR for temporary ignore the phpstan notice in Security and Session class, with @todo to clean up in 4.1 for rector 0.9 #4146

@MGatner
Copy link
Member Author

MGatner commented Jan 22, 2021

Thanks all. Sorry to be MIA finishing this up - special thanks to @samsonasik

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulbalandan paulbalandan paulbalandan left review comments

@totoprayogo1916 totoprayogo1916 totoprayogo1916 left review comments

@samsonasik samsonasik samsonasik left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MGatner @samsonasik @paulbalandan @totoprayogo1916