phpstan-drupal icon indicating copy to clipboard operation
phpstan-drupal copied to clipboard

Published 20 hours ago verified publisher icon mglaman

fix: Fix unpredictable false positive/negative of missing entity access check in function scope due to cache key conflict

Open driskell opened this issue 3 years ago • 1 comments

Fixes #475

The EntityQueryType was getting cached in function scope for a condition call and because it wasn't handled by dynamic return it reused. So if you had condition before accessCheck and then later on after it, the latter one could fail because it would return the cached without access check and there would be no subsequent access check (it happens before).

Added test case.

Still examining why this doesn't occur in class scope but it seems phpstan has additional cache key when it is just not sure of its granularity.

driskell avatar Sep 15 '22 11:09 driskell

It did happen in class scope - PR has tests for both that reproduce and the fix solve

driskell avatar Sep 16 '22 17:09 driskell

Tested the fix on those false positives that we got reported and the patch did silence them. RTBC

(The pipeline looks broken at this moment, I made an attempt to fix one issue in #485, but other skeletons popped up.)

mxr576 avatar Nov 24 '22 08:11 mxr576

thanks, everyone!

mglaman avatar Dec 22 '22 14:12 mglaman

@mglaman Thanks! I read the two commits and they definitely improvements :)

Really happy this got in - it was a super hard one to track down!!!

driskell avatar Dec 22 '22 15:12 driskell

Really happy this got in - it was a super hard one to track down!!!

Thanks for tracking this down! It was driving me wild.

mglaman avatar Dec 22 '22 15:12 mglaman