phpstan-drupal
phpstan-drupal copied to clipboard
mglaman
`RenderCallbackRule` ignores `::trustedCallbacks()`
Bug report
(Now that all Entity Query problems seem to be solved, I looked a bit closer at the Trusted Callbacks, so expect some more issues on that)
Currently \mglaman\PHPStanDrupal\Rules\Drupal\RenderCallbackRule only checks if the class implements TrustedCallbackInterface.
However the callbacks should also be in the return array from trustedCallbacks() to be trusted.
Now I highly doubt that people "in the wild" go through the trouble of creating callbacks and making sure the containing class implements TrustedCallbackInterface and finally don't add the callback to trustedCallbacks(), so the impact seems low.
However what we're currently doing seems incorrect.
Code snippet that reproduces the problem
See testcases in (extended) tests/src/Rules/data/bug-543.php
Yep, this is a big gap. I thought I had documented it in the code with a @todo but I did not!
Problem: we would need to call the method to get its values. I think. Even though the method is static, I don't believe it's return values can be parsed that way.
Ideas:
preg_match('#^([a-zA-Z_\\x7f-\\xff\\\\][a-zA-Z0-9_\\x7f-\\xff\\\\]*)::([a-zA-Z_\\x7f-\\xff][a-zA-Z0-9_\\x7f-\\xff]*)\\z#', $constantStringType->getValue(), $matches);
$foo = (new ObjectType($matches[1]))->getClassReflection()
->getNativeReflection()->getMethod($matches[2])
We can then do \ReflectionMethod::invoke with null for first param.
So:
$foo = (new ObjectType($matches[1]))->getClassReflection()
->getNativeReflection()
->getMethod($matches[2])
->invoke(null)
$foo should have the method names, then.
The PR is almost ready, but it crashes on Drupal core due to the way a class fixture is defined.