Issues in ForbiddenCallTimePassByReferenceSniff.php - New Issues - Inspection of "Improve the `ForbiddenCallTimePassByReference` sni..." - wimg/PHPCompatibility - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#203)

by Juliette

created 2016-08-22 21:45 UTC

PHP/ForbiddenCallTimePassByReferenceSniff.php (1 issue)

Labels

Duplication 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * PHPCompatibility_Sniffs_PHP_ForbiddenCallTimePassByReference.
 *
 * PHP version 5.4
 *
 * @category  PHP
 * @package   PHPCompatibility
 * @author    Gary Rogers <[email protected]>
 * @author    Florian Grandel <[email protected]>
 * @copyright 2009 Florian Grandel
 * @license   https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt BSD Licence
 */

/**
 * PHPCompatibility_Sniffs_PHP_ForbiddenCallTimePassByReference.
 *
 * Discourages the use of call time pass by references
 *
 * PHP version 5.4
 *
 * @category  PHP
 * @package   PHPCompatibility
 * @author    Gary Rogers <[email protected]>
 * @author    Florian Grandel <[email protected]>
 * @copyright 2009 Florian Grandel
 * @license   https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt BSD Licence
 */
class PHPCompatibility_Sniffs_PHP_ForbiddenCallTimePassByReferenceSniff extends PHPCompatibility_Sniff
{

    /**
     * Returns an array of tokens this test wants to listen for.
     *
     * @return array
     */
    public function register()
    {
        return array(T_STRING);

    }//end register()

    /**
     * Processes this test, when one of its tokens is encountered.
     *
     * @param PHP_CodeSniffer_File $phpcsFile The file being scanned.
     * @param int                  $stackPtr  The position of the current token
     *                                        in the stack passed in $tokens.
     *
     * @return void
     */
    public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
    {
        if ($this->supportsAbove('5.3') === false) {
            return;
        }

        $tokens = $phpcsFile->getTokens();

        // Skip tokens that are the names of functions or classes
        // within their definitions. For example: function myFunction...
        // "myFunction" is T_STRING but we should skip because it is not a
        // function or method *call*.
        $findTokens = array_merge(
            PHP_CodeSniffer_Tokens::$emptyTokens,
            array(T_BITWISE_AND)
        );

        $prevNonEmpty = $phpcsFile->findPrevious(
            $findTokens,
            ($stackPtr - 1),
            null,
            true
        );

        if ($prevNonEmpty !== false && in_array($tokens[$prevNonEmpty]['code'], array(T_FUNCTION, T_CLASS, T_INTERFACE, T_TRAIT), true)) {
            return;
        }

        // If the next non-whitespace token after the function or method call
        // is not an opening parenthesis then it can't really be a *call*.
        $openBracket = $phpcsFile->findNext(
            PHP_CodeSniffer_Tokens::$emptyTokens,
            ($stackPtr + 1),
            null,
            true
        );

        if ($openBracket === false || $tokens[$openBracket]['code'] !== T_OPEN_PARENTHESIS
           || isset($tokens[$openBracket]['parenthesis_closer']) === false
        ) {
            return;
        }

        // Get the function call parameters.
        $parameters = $this->getFunctionCallParameters($phpcsFile, $stackPtr);
        if (count($parameters) === 0) {
            return;
        }

        // Which nesting level is the one we are interested in ?
        $nestedParenthesisCount = 1;
        if (isset($tokens[$openBracket]['nested_parenthesis'])) {

            $nestedParenthesisCount = count($tokens[$openBracket]['nested_parenthesis']) + 1;
        }

        foreach ($parameters as $parameter) {
            if ($this->isCallTimePassByReferenceParam($phpcsFile, $parameter, $nestedParenthesisCount) === true) {
                // T_BITWISE_AND represents a pass-by-reference.
                $error = 'Using a call-time pass-by-reference is deprecated since PHP 5.3';
                if($this->supportsAbove('5.4')) {
                    $error .= ' and prohibited since PHP 5.4';
                }
                $phpcsFile->addError($error, $parameter['start'], 'NotAllowed');
            }
        }
    }//end process()


    protected function isCallTimePassByReferenceParam(PHP_CodeSniffer_File $phpcsFile, $parameter, $nestingLevel)
    {
        $tokens   = $phpcsFile->getTokens();

        $searchStartToken = $parameter['start'] - 1;
        $searchEndToken   = $parameter['end'] + 1;
        $nextVariable     = $searchStartToken;
        do {
            $nextVariable = $phpcsFile->findNext(T_VARIABLE, ($nextVariable + 1), $searchEndToken);
            if ($nextVariable === false) {
                return false;
            }

            // Make sure the variable belongs directly to this function call
            // and is not inside a nested function call or array.
            if (isset($tokens[$nextVariable]['nested_parenthesis']) === false ||
               (count($tokens[$nextVariable]['nested_parenthesis']) !== $nestingLevel)
            ) {
                continue;
            }


            // Checking this: $value = my_function(...[*]$arg...).
            $tokenBefore = $phpcsFile->findPrevious(
                PHP_CodeSniffer_Tokens::$emptyTokens,
                ($nextVariable - 1),
                $searchStartToken,
                true
            );

            if ($tokenBefore === false || $tokens[$tokenBefore]['code'] !== T_BITWISE_AND) {
                // Nothing before the token or no &.
                continue;
            }

            // Checking this: $value = my_function(...[*]&$arg...).
            $tokenBefore = $phpcsFile->findPrevious(
                PHP_CodeSniffer_Tokens::$emptyTokens,
                ($tokenBefore - 1),
                $searchStartToken,
                true
            );

            // We have to exclude all uses of T_BITWISE_AND that are not
            // references. We use a blacklist approach as we prefer false
            // positives to not identifying a pass-by-reference call at all.
            // The blacklist may not yet be complete.
            switch ($tokens[$tokenBefore]['code']) {
                // In these cases T_BITWISE_AND represents
                // the bitwise and operator.
                case T_LNUMBER:
                case T_VARIABLE:
                case T_CLOSE_SQUARE_BRACKET:
                case T_CLOSE_PARENTHESIS:
                    break;

                // Unfortunately the tokenizer fails to recognize global constants,
                // class-constants and -attributes. Any of these are returned is
                // treated as T_STRING.
                // So we step back another token and check if it is a class
                // operator (-> or ::), which means we have a false positive.
                // Global constants still remain uncovered.
                case T_STRING:
                    $tokenBeforePlus = $phpcsFile->findPrevious(
                        PHP_CodeSniffer_Tokens::$emptyTokens,
                        ($tokenBefore - 1),
                        $searchStartToken,
                        true
                    );
                    if ($tokens[$tokenBeforePlus]['code'] === T_DOUBLE_COLON ||
                        $tokens[$tokenBeforePlus]['code'] === T_OBJECT_OPERATOR
                    ) {
                        break;
                    }
                    // If not a class constant: fall through.

                default:
                    // The found T_BITWISE_AND represents a pass-by-reference.
                    return true;
            }

        } while($nextVariable < $searchEndToken);

        // This code should never be reached, but here in case of weird bugs ;-)
        return false;
    }

}//end class


1		<?php
2		/**
3		* PHPCompatibility_Sniffs_PHP_ForbiddenCallTimePassByReference.
4		*
5		* PHP version 5.4
6		*
7		* @category PHP
8		* @package PHPCompatibility
9		* @author Gary Rogers <[email protected]>
10		* @author Florian Grandel <[email protected]>
11		* @copyright 2009 Florian Grandel
12		* @license https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt BSD Licence
13		*/
14
15		/**
16		* PHPCompatibility_Sniffs_PHP_ForbiddenCallTimePassByReference.
17		*
18		* Discourages the use of call time pass by references
19		*
20		* PHP version 5.4
21		*
22		* @category PHP
23		* @package PHPCompatibility
24		* @author Gary Rogers <[email protected]>
25		* @author Florian Grandel <[email protected]>
26		* @copyright 2009 Florian Grandel
27		* @license https://github.com/squizlabs/PHP_CodeSniffer/blob/master/licence.txt BSD Licence
28		*/
29		class PHPCompatibility_Sniffs_PHP_ForbiddenCallTimePassByReferenceSniff extends PHPCompatibility_Sniff
30		{
31
32		/**
33		* Returns an array of tokens this test wants to listen for.
34		*
35		* @return array
36		*/
37		public function register()
38		{
39		return array(T_STRING);
40
41		}//end register()
42
43		/**
44		* Processes this test, when one of its tokens is encountered.
45		*
46		* @param PHP_CodeSniffer_File $phpcsFile The file being scanned.
47		* @param int $stackPtr The position of the current token
48		* in the stack passed in $tokens.
49		*
50		* @return void
51		*/
52		public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
53		{
54		if ($this->supportsAbove('5.3') === false) {
55		return;
56		}
57
58		$tokens = $phpcsFile->getTokens();
59
60		// Skip tokens that are the names of functions or classes
61		// within their definitions. For example: function myFunction...
62		// "myFunction" is T_STRING but we should skip because it is not a
63		// function or method call.
64		$findTokens = array_merge(
65		PHP_CodeSniffer_Tokens::$emptyTokens,
66		array(T_BITWISE_AND)
67		);
68
69		$prevNonEmpty = $phpcsFile->findPrevious(
70		$findTokens,
71		($stackPtr - 1),
72		null,
73		true
74		);
75
76		if ($prevNonEmpty !== false && in_array($tokens[$prevNonEmpty]['code'], array(T_FUNCTION, T_CLASS, T_INTERFACE, T_TRAIT), true)) {
77		return;
78		}
79
80		// If the next non-whitespace token after the function or method call
81		// is not an opening parenthesis then it can't really be a call.
82		$openBracket = $phpcsFile->findNext(
83		PHP_CodeSniffer_Tokens::$emptyTokens,
84		($stackPtr + 1),
85		null,
86		true
87		);
88
89		if ($openBracket === false \|\| $tokens[$openBracket]['code'] !== T_OPEN_PARENTHESIS
90		\|\| isset($tokens[$openBracket]['parenthesis_closer']) === false
91		) {
92		return;
93		}
94
95		// Get the function call parameters.
96		$parameters = $this->getFunctionCallParameters($phpcsFile, $stackPtr);
97		if (count($parameters) === 0) {
98		return;
99		}
100
101		// Which nesting level is the one we are interested in ?
102		$nestedParenthesisCount = 1;
103	View Code Duplication	if (isset($tokens[$openBracket]['nested_parenthesis'])) {
		1 ignored issue – show Duplication introduced 2016-08-22 21:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
104		$nestedParenthesisCount = count($tokens[$openBracket]['nested_parenthesis']) + 1;
105		}
106
107		foreach ($parameters as $parameter) {
108		if ($this->isCallTimePassByReferenceParam($phpcsFile, $parameter, $nestedParenthesisCount) === true) {
109		// T_BITWISE_AND represents a pass-by-reference.
110		$error = 'Using a call-time pass-by-reference is deprecated since PHP 5.3';
111		if($this->supportsAbove('5.4')) {
112		$error .= ' and prohibited since PHP 5.4';
113		}
114		$phpcsFile->addError($error, $parameter['start'], 'NotAllowed');
115		}
116		}
117		}//end process()
118
119
120		protected function isCallTimePassByReferenceParam(PHP_CodeSniffer_File $phpcsFile, $parameter, $nestingLevel)
121		{
122		$tokens = $phpcsFile->getTokens();
123
124		$searchStartToken = $parameter['start'] - 1;
125		$searchEndToken = $parameter['end'] + 1;
126		$nextVariable = $searchStartToken;
127		do {
128		$nextVariable = $phpcsFile->findNext(T_VARIABLE, ($nextVariable + 1), $searchEndToken);
129		if ($nextVariable === false) {
130		return false;
131		}
132
133		// Make sure the variable belongs directly to this function call
134		// and is not inside a nested function call or array.
135		if (isset($tokens[$nextVariable]['nested_parenthesis']) === false \|\|
136		(count($tokens[$nextVariable]['nested_parenthesis']) !== $nestingLevel)
137		) {
138		continue;
139		}
140
141
142		// Checking this: $value = my_function(...[*]$arg...).
143		$tokenBefore = $phpcsFile->findPrevious(
144		PHP_CodeSniffer_Tokens::$emptyTokens,
145		($nextVariable - 1),
146		$searchStartToken,
147		true
148		);
149
150		if ($tokenBefore === false \|\| $tokens[$tokenBefore]['code'] !== T_BITWISE_AND) {
151		// Nothing before the token or no &.
152		continue;
153		}
154
155		// Checking this: $value = my_function(...[*]&$arg...).
156		$tokenBefore = $phpcsFile->findPrevious(
157		PHP_CodeSniffer_Tokens::$emptyTokens,
158		($tokenBefore - 1),
159		$searchStartToken,
160		true
161		);
162
163		// We have to exclude all uses of T_BITWISE_AND that are not
164		// references. We use a blacklist approach as we prefer false
165		// positives to not identifying a pass-by-reference call at all.
166		// The blacklist may not yet be complete.
167		switch ($tokens[$tokenBefore]['code']) {
168		// In these cases T_BITWISE_AND represents
169		// the bitwise and operator.
170		case T_LNUMBER:
171		case T_VARIABLE:
172		case T_CLOSE_SQUARE_BRACKET:
173		case T_CLOSE_PARENTHESIS:
174		break;
175
176		// Unfortunately the tokenizer fails to recognize global constants,
177		// class-constants and -attributes. Any of these are returned is
178		// treated as T_STRING.
179		// So we step back another token and check if it is a class
180		// operator (-> or ::), which means we have a false positive.
181		// Global constants still remain uncovered.
182		case T_STRING:
183		$tokenBeforePlus = $phpcsFile->findPrevious(
184		PHP_CodeSniffer_Tokens::$emptyTokens,
185		($tokenBefore - 1),
186		$searchStartToken,
187		true
188		);
189		if ($tokens[$tokenBeforePlus]['code'] === T_DOUBLE_COLON \|\|
190		$tokens[$tokenBeforePlus]['code'] === T_OBJECT_OPERATOR
191		) {
192		break;
193		}
194		// If not a class constant: fall through.
195
196		default:
197		// The found T_BITWISE_AND represents a pass-by-reference.
198		return true;
199		}
200
201		} while($nextVariable < $searchEndToken);
202
203		// This code should never be reached, but here in case of weird bugs ;-)
204		return false;
205		}
206
207		}//end class
208

wimg / PHPCompatibility

Pull Request — master (#203)

PHP/ForbiddenCallTimePassByReferenceSniff.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like