psalm-plugin-symfony Switch to Psalm v5

Dec 01 '22 17:12 danog

This would very much tick this issue: https://github.com/psalm/psalm-plugin-symfony/issues/285

Dec 01 '22 18:12 schodemeiss

@danog you should also fix https://github.com/psalm/psalm-plugin-symfony/actions/runs/3596019841/jobs/6062735638 , i.e. remove

use ReflectionClass;
use ReflectionException;

and escape them in code with leading \ in src/Handler/DoctrineRepositoryHandler.php

Dec 04 '22 14:12 michnovka

Or I could also just run cs-fix, but there's still some work to be done on the psalm side :)

Dec 04 '22 16:12 danog

@danog thank you very much for taking time to work on this. Do you have any time estimate when you can finish? Thanks!

Dec 12 '22 12:12 michnovka

I'm afraid the taint issues are caused by the same stubs issue caused by this plugin, that's causing issues upstream with user_defined classes.

Dec 17 '22 17:12 danog

In fact, analyzing this standalone code returns the taint issues as expected, but running psalm with the plugin enabled on the same file but without the class declarations doesn't:

<?php

class Response
{
    /**
     * @var array<int, string>
     */
    public static $statusTexts;

    /**
     * @throws \InvalidArgumentException When the HTTP status code is not valid
     * @psalm-taint-sink html $content
     */
    public function __construct(?string $content = '', int $status = 200, array $headers = []) {}
}

/**
 * HeaderBag is a container for HTTP headers.
 *
 * @author Fabien Potencier <[email protected]>
 */
class HeaderBag implements \IteratorAggregate, \Countable
{
    /**
     * Returns the headers as a string.
     *
     * @return string The headers
     *
     * @psalm-taint-source input
     */
    public function __toString() {}

    /**
     * @psalm-taint-source input
     * @psalm-mutation-free
     */
    public function get(string $key, string $default = null): ?string {}
}

/** @var HeaderBag */
$a = null;


new Response($a->get('test'));

Dec 17 '22 17:12 danog