Whitelist functions as soon as they are used (#269)

humbug · Oct 24, 2018 · c800372 · c800372
1 parent a514ed6
commit c800372
Show file tree

Hide file tree

Showing 19 changed files with 466 additions and 29 deletions.
diff --git a/specs/const/const-declaration-with-global-whitelisting.php b/specs/const/const-declaration-with-global-whitelisting.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],

diff --git a/specs/const/const-declaration.php b/specs/const/const-declaration.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => false,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],

diff --git a/specs/function/global-scope-global-func-with-single-level-use-statement-and-alias.php b/specs/function/global-scope-global-func-with-single-level-use-statement-and-alias.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],
@@ -42,6 +42,28 @@
 PHP
     ,
 
+    'Global function call imported with a use statement in the global scope with global functions whitelisted' => [
+        'whitelist-global-functions' => true,
+        'registered-functions' => [
+            ['main', 'Humbug\main'],
+        ],
+        'payload' => <<<'PHP'
+<?php
+
+use function main as foo;
+
+foo();
+----
+<?php
+
+namespace Humbug;
+
+use function Humbug\main as foo;
+\Humbug\main();
+
+PHP
+    ],
+
     'Global FQ function call imported with a use statement in the global scope' => <<<'PHP'
 <?php
 
@@ -58,4 +80,26 @@
 
 PHP
     ,
+
+    'Global FQ function call imported with a use statement in the global scope with global functions whitelisted' => [
+        'whitelist-global-functions' => true,
+        'registered-functions' => [
+            ['foo', 'Humbug\foo'],
+        ],
+        'payload' => <<<'PHP'
+<?php
+
+use function main as foo;
+
+\foo();
+----
+<?php
+
+namespace Humbug;
+
+use function Humbug\main as foo;
+\Humbug\foo();
+
+PHP
+    ],
 ];
diff --git a/specs/function/global-scope-global-func-with-single-level-use-statement.php b/specs/function/global-scope-global-func-with-single-level-use-statement.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],
@@ -42,6 +42,28 @@
 PHP
     ,
 
+    'Global function call imported with a use statement in the global scope with global functions whitelisted' => [
+        'whitelist-global-functions' => true,
+        'registered-functions' => [
+            ['main', 'Humbug\main'],
+        ],
+        'payload' => <<<'PHP'
+<?php
+
+use function main;
+
+main();
+----
+<?php
+
+namespace Humbug;
+
+use function Humbug\main;
+\Humbug\main();
+
+PHP
+    ],
+
     'Global FQ function call imported with a use statement in the global scope' => <<<'PHP'
 <?php
 
@@ -58,4 +80,26 @@
 
 PHP
     ,
+
+    'Global FQ function call imported with a use statement in the global scope with global functions whitelisted' => [
+        'whitelist-global-functions' => true,
+        'registered-functions' => [
+            ['main', 'Humbug\main'],
+        ],
+        'payload' => <<<'PHP'
+<?php
+
+use function main;
+
+\main();
+----
+<?php
+
+namespace Humbug;
+
+use function Humbug\main;
+\Humbug\main();
+
+PHP
+    ],
 ];
diff --git a/specs/function/global-scope-global-func.php b/specs/function/global-scope-global-func.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],

diff --git a/specs/function/global-scope-single-part-namespaced-func.php b/specs/function/global-scope-single-part-namespaced-func.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],
@@ -55,6 +55,9 @@
 
     'Whitelisted namespaced function call' => [
         'whitelist' => ['PHPUnit\main'],
+        'registered-functions' => [
+            ['PHPUnit\main', 'Humbug\PHPUnit\main'],
+        ],
         'payload' => <<<'PHP'
 <?php
 
@@ -71,6 +74,9 @@
 
     'FQ whitelisted namespaced function call' => [
         'whitelist' => ['PHPUnit\main'],
+        'registered-functions' => [
+            ['PHPUnit\main', 'Humbug\PHPUnit\main'],
+        ],
         'payload' => <<<'PHP'
 <?php
 

diff --git a/specs/function/namespace-global-func-with-single-level-use-statement-and-alias.php b/specs/function/namespace-global-func-with-single-level-use-statement-and-alias.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],

diff --git a/specs/function/namespace-global-func-with-single-level-use-statement.php b/specs/function/namespace-global-func-with-single-level-use-statement.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],

diff --git a/specs/function/namespace-global-func.php b/specs/function/namespace-global-func.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],

diff --git a/specs/function/namespace-global-scope-func.php b/specs/function/namespace-global-scope-func.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],

diff --git a/specs/function/namespace-single-part-namespaced-func.php b/specs/function/namespace-single-part-namespaced-func.php
@@ -20,7 +20,7 @@
         'whitelist' => [],
         'whitelist-global-constants' => true,
         'whitelist-global-classes' => false,
-        'whitelist-global-functions' => true,
+        'whitelist-global-functions' => false,
         'registered-classes' => [],
         'registered-functions' => [],
     ],
@@ -59,6 +59,7 @@
 
     'Whitelisted namespaced function call' => [
         'whitelist' => ['PHPUnit\X\main'],
+        // No function registered to the whitelist here since no FQ could be resolved
         'payload' => <<<'PHP'
 <?php
 
@@ -77,6 +78,9 @@
 
     'FQ whitelisted namespaced function call' => [
         'whitelist' => ['PHPUnit\main'],
+        'registered-functions' => [
+            ['PHPUnit\main', 'Humbug\PHPUnit\main'],
+        ],
         'payload' => <<<'PHP'
 <?php
 

diff --git a/specs/function/whitelist-func-existence-checked.php b/specs/function/whitelist-func-existence-checked.php
@@ -0,0 +1,114 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of the humbug/php-scoper package.
+ *
+ * Copyright (c) 2017 Théo FIDRY <[email protected]>,
+ *                    Pádraic Brady <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+return [
+    'meta' => [
+        'title' => 'Whitelisting functions which are never declared but for which the existence is checked',
+        // Default values. If not specified will be the one used
+        'prefix' => 'Humbug',
+        'whitelist' => [],
+        'whitelist-global-constants' => false,
+        'whitelist-global-classes' => false,
+        'whitelist-global-functions' => false,
+        'registered-classes' => [],
+        'registered-functions' => [],
+    ],
+
+    'Non whitelisted global function call' => <<<'PHP'
+<?php
+
+function_exists('main');
+----
+<?php
+
+namespace Humbug;
+
+\function_exists('Humbug\\main');
+
+PHP
+    ,
+
+    'Whitelisted global function call' => [
+        'whitelist' => ['main'],
+        'registered-functions' => [
+            ['main', 'Humbug\main'],
+        ],
+        'payload' => <<<'PHP'
+<?php
+
+function_exists('main');
+----
+<?php
+
+namespace Humbug;
+
+\function_exists('Humbug\\main');
+
+PHP
+    ],
+
+    'Global function call with whitelisted global functions' => [
+        'whitelist-global-functions' => true,
+        'registered-functions' => [
+            ['main', 'Humbug\main'],
+        ],
+        'payload' => <<<'PHP'
+<?php
+
+function_exists('main');
+----
+<?php
+
+namespace Humbug;
+
+\function_exists('Humbug\\main');
+
+PHP
+    ],
+
+    'Global function call with non-whitelisted global functions' => <<<'PHP'
+<?php
+
+function_exists('main');
+----
+<?php
+
+namespace Humbug;
+
+\function_exists('Humbug\\main');
+
+PHP
+    ,
+
+    'Whitelisted namespaced function call' => [
+        'whitelist' => ['Acme\main'],
+        'registered-functions' => [
+            ['Acme\main', 'Humbug\Acme\main'],
+        ],
+        'payload' => <<<'PHP'
+<?php
+
+namespace Acme;
+
+function_exists('Acme\main');
+----
+<?php
+
+namespace Humbug\Acme;
+
+\function_exists('Humbug\\Acme\\main');
+
+PHP
+    ],
+];