Merge branch 'master' into backed-enum-value-changed-to-atomic

.circleci/config.yml

@@ -2,18 +2,15 @@
 # See https://app.circleci.com/pipelines/github/vimeo/psalm
 version: 2.1
 executors:
-  php-74:
-    docker:
-      - image: thecodingmachine/php:7.4-v4-cli
-  php-80:
-    docker:
-      - image: thecodingmachine/php:8.0-v4-cli
   php-81:
     docker:
       - image: thecodingmachine/php:8.1-v4-cli
+  php-82:
+    docker:
+      - image: thecodingmachine/php:8.2-v4-cli
 jobs:
   "Code Style Analysis":
-    executor: php-74
+    executor: php-81
     steps:
       - checkout
 
@@ -41,7 +38,7 @@ jobs:
           command: vendor/bin/phpcs -d memory_limit=512M
 
   phar-build:
-    executor: php-74
+    executor: php-81
     steps:
       - attach_workspace:
           at: /home/docker/project/

.github/workflows/build-phar.yml

@@ -38,7 +38,7 @@ jobs:
       - name: Set up PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '7.4'
+          php-version: '8.1'
           tools: composer:v2
           coverage: none
         env:

.github/workflows/ci.yml

@@ -12,7 +12,7 @@ jobs:
       - name: Set up PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '7.4'
+          php-version: '8.1'
           tools: composer:v2
           coverage: none
         env:
@@ -57,7 +57,7 @@ jobs:
       - name: Set up PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '7.4'
+          php-version: '8.1'
           tools: composer:v2
           coverage: none
         env:
@@ -125,7 +125,6 @@ jobs:
       fail-fast: false
       matrix:
         php-version:
-          - "8.0"
           - "8.1"
           - "8.2"
           - "8.3"

.github/workflows/windows-ci.yml

@@ -54,14 +54,19 @@ jobs:
       - name: Set up PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '8.0'
+          php-version: '8.1'
           ini-values: zend.assertions=1, assert.exception=1, opcache.enable_cli=1, opcache.jit=function, opcache.jit_buffer_size=512M
           tools: composer:v2
           coverage: none
           extensions: none, curl, dom, filter, intl, json, libxml, mbstring, openssl, opcache, pcre, phar, reflection, simplexml, spl, tokenizer, xml, xmlwriter
         env:
           fail-fast: true
 
+      - name: PHP Version
+        run: |
+          php -v
+          php -r 'var_dump(PHP_VERSION_ID);'
+
       - uses: actions/checkout@v3
 
       - name: Get Composer Cache Directories

UPGRADING.md

@@ -1,6 +1,8 @@
 # Upgrading from Psalm 5 to Psalm 6
 ## Changed
 
+- The minimum PHP version was raised to PHP 8.1.17.
+
 - [BC] Switched the internal representation of `list<T>` and `non-empty-list<T>` from the TList and TNonEmptyList classes to an unsealed list shape: the TList, TNonEmptyList and TCallableList classes were removed.
   Nothing will change for users: the `list<T>` and `non-empty-list<T>` syntax will remain supported and its semantics unchanged.
   Psalm 5 already deprecates the `TList`, `TNonEmptyList` and `TCallableList` classes: use `\Psalm\Type::getListAtomic`, `\Psalm\Type::getNonEmptyListAtomic` and `\Psalm\Type::getCallableListAtomic` to instantiate list atomics, or directly instantiate TKeyedArray objects with `is_list=true` where appropriate.
@@ -9,6 +11,28 @@
 
 - [BC] The `TDependentListKey` type was removed and replaced with an optional property of the `TIntRange` type.
 
+- [BC] Value of constant `Psalm\Type\TaintKindGroup::ALL_INPUT` changed to reflect a new `TaintKind::INPUT_XPATH` have been added. Accordingly, default values for `$taint` parameters of `Psalm\Codebase::addTaintSource()` and `Psalm\Codebase::addTaintSink()` have been changed as well.
+
+- [BC] Property `Config::$shepherd_host` was replaced with `Config::$shepherd_endpoint`
+
+- [BC] Methods `Codebase::getSymbolLocation()` and `Codebase::getSymbolInformation()` were replaced with `Codebase::getSymbolLocationByReference()`
+
+- [BC] Method `Psalm\Type\Atomic\TKeyedArray::getList()` was removed
+
+- [BC] Method `Psalm\Storage\FunctionLikeStorage::getSignature()` was replaced with `FunctionLikeStorage::getCompletionSignature()`
+
+- [BC] Property `Psalm\Storage\FunctionLikeStorage::$unused_docblock_params` was replaced with `FunctionLikeStorage::$unused_docblock_parameters`
+
+- [BC] Method `Plugin\Shepherd::getCurlErrorMessage()` was removed
+
+- [BC] Property `Config::$find_unused_code` changed default value from false to true
+
+- [BC] Property `Config::$find_unused_baseline_entry` changed default value from false to true
+
+- [BC] The return type of `Psalm\Internal\LanguageServer\ProtocolWriter#write() changed from `Amp\Promise` to `void` due to the switch to Amp v3
+
+- [BC] Properties `Psalm\Type\Atomic\TLiteralFloat::$value` and `Psalm\Type\Atomic\TLiteralInt::$value` became typed (`float` and `int` respectively)
+
 # Upgrading from Psalm 4 to Psalm 5
 ## Changed
 

composer.json

@@ -15,7 +15,7 @@
         }
     ],
     "require": {
-        "php": "^7.4 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0",
+        "php": "~8.1.17 || ~8.2.4 || ~8.3.0",
         "ext-SimpleXML": "*",
         "ext-ctype": "*",
         "ext-dom": "*",
@@ -24,8 +24,8 @@
         "ext-mbstring": "*",
         "ext-tokenizer": "*",
         "composer-runtime-api": "^2",
-        "amphp/amp": "^2.4.2",
-        "amphp/byte-stream": "^1.5",
+        "amphp/amp": "^3",
+        "amphp/byte-stream": "^2",
         "composer/semver": "^1.4 || ^2.0 || ^3.0",
         "composer/xdebug-handler": "^2.0 || ^3.0",
         "dnoegel/php-xdg-base-dir": "^0.1.1",
@@ -47,7 +47,7 @@
     },
     "require-dev": {
         "ext-curl": "*",
-        "amphp/phpunit-util": "^2.0",
+        "amphp/phpunit-util": "^3",
         "bamarni/composer-bin-plugin": "^1.4",
         "brianium/paratest": "^6.9",
         "mockery/mockery": "^1.5",
@@ -77,7 +77,8 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "5.x-dev",
+            "dev-master": "6.x-dev",
+            "dev-5.x": "5.x-dev",
             "dev-4.x": "4.x-dev",
             "dev-3.x": "3.x-dev",
             "dev-2.x": "2.x-dev",

config.xsd

@@ -444,6 +444,7 @@
             <xs:element name="TaintedTextWithQuotes" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TaintedUnserialize" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TaintedUserSecret" type="IssueHandlerType" minOccurs="0" />
+            <xs:element name="TaintedXpath" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TooFewArguments" type="ArgumentIssueHandlerType" minOccurs="0" />
             <xs:element name="TooManyArguments" type="ArgumentIssueHandlerType" minOccurs="0" />
             <xs:element name="TooManyTemplateParams" type="FunctionIssueHandlerType" minOccurs="0" />

docs/running_psalm/error_levels.md

@@ -297,6 +297,7 @@ Level 5 and above allows a more non-verifiable code, and higher levels are even
  - [TaintedSystemSecret](issues/TaintedSystemSecret.md)
  - [TaintedUnserialize](issues/TaintedUnserialize.md)
  - [TaintedUserSecret](issues/TaintedUserSecret.md)
+ - [TaintedXpath](issues/TaintedXpath.md)
  - [UncaughtThrowInGlobalScope](issues/UncaughtThrowInGlobalScope.md)
  - [UnevaluatedCode](issues/UnevaluatedCode.md)
  - [UnnecessaryVarAnnotation](issues/UnnecessaryVarAnnotation.md)

docs/running_psalm/issues.md

@@ -246,6 +246,7 @@
  - [TaintedTextWithQuotes](issues/TaintedTextWithQuotes.md)
  - [TaintedUnserialize](issues/TaintedUnserialize.md)
  - [TaintedUserSecret](issues/TaintedUserSecret.md)
+ - [TaintedXpath](issues/TaintedXpath.md)
  - [TooFewArguments](issues/TooFewArguments.md)
  - [TooManyArguments](issues/TooManyArguments.md)
  - [TooManyTemplateParams](issues/TooManyTemplateParams.md)

docs/running_psalm/issues/TaintedXpath.md

@@ -0,0 +1,12 @@
+# TaintedXpath
+
+Emitted when user-controlled input can be passed into to a xpath query.
+
+```php
+<?php
+
+function queryExpression(SimpleXMLElement $xml) : array|false|null {
+    $expression = $_GET["expression"];
+    return $xml->xpath($expression);
+}
+```

psalm-baseline.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.x-dev@9bc98ecd47a4b83a663783c5a4744d48605d3eba">
+<files psalm-version="dev-master@f799b68a3cbc91e9056bb972cfe66b7ae0da3f76">
   <file src="examples/TemplateChecker.php">
     <PossiblyUndefinedIntArrayOffset>
       <code><![CDATA[$comment_block->tags['variablesfrom'][0]]]></code>
@@ -12,14 +12,6 @@
       <code>$matches[1]</code>
     </PossiblyUndefinedIntArrayOffset>
   </file>
-  <file src="src/Psalm/Codebase.php">
-    <PossiblyUndefinedIntArrayOffset>
-      <code>$const_name</code>
-      <code>$const_name</code>
-      <code>$symbol_name</code>
-      <code>$symbol_parts[1]</code>
-    </PossiblyUndefinedIntArrayOffset>
-  </file>
   <file src="src/Psalm/Config/FileFilter.php">
     <PossiblyUndefinedIntArrayOffset>
       <code><![CDATA[explode('::', $method_id)[1]]]></code>
@@ -290,6 +282,19 @@
       <code><![CDATA[$stmt->props[0]]]></code>
     </PossiblyUndefinedIntArrayOffset>
   </file>
+  <file src="src/Psalm/Internal/LanguageServer/LanguageClient.php">
+    <InvalidArrayAccess>
+      <code>$config</code>
+    </InvalidArrayAccess>
+    <InvalidArrayOffset>
+      <code>[$config]</code>
+    </InvalidArrayOffset>
+  </file>
+  <file src="src/Psalm/Internal/LanguageServer/LanguageServer.php">
+    <MixedAssignment>
+      <code>$result</code>
+    </MixedAssignment>
+  </file>
   <file src="src/Psalm/Internal/MethodIdentifier.php">
     <PossiblyUndefinedIntArrayOffset>
       <code>$method_id_parts[1]</code>
@@ -366,9 +371,6 @@
     </PossiblyUndefinedIntArrayOffset>
   </file>
   <file src="src/Psalm/Internal/Type/Comparator/AtomicTypeComparator.php">
-    <ComplexMethod>
-      <code>isContainedBy</code>
-    </ComplexMethod>
     <PossiblyUndefinedIntArrayOffset>
       <code><![CDATA[$array->properties[0]]]></code>
       <code><![CDATA[$array->properties[0]]]></code>
@@ -486,11 +488,6 @@
       <code>getMostSpecificTypeFromBounds</code>
     </ImpureMethodCall>
   </file>
-  <file src="src/Psalm/Type/Atomic/TCallableList.php">
-    <DeprecatedClass>
-      <code>TNonEmptyList</code>
-    </DeprecatedClass>
-  </file>
   <file src="src/Psalm/Type/Atomic/TClassString.php">
     <ImpureMethodCall>
       <code>replace</code>
@@ -512,17 +509,7 @@
       <code>replace</code>
     </ImpureMethodCall>
   </file>
-  <file src="src/Psalm/Type/Atomic/TDependentListKey.php">
-    <PossiblyUnusedMethod>
-      <code>__construct</code>
-    </PossiblyUnusedMethod>
-  </file>
   <file src="src/Psalm/Type/Atomic/TKeyedArray.php">
-    <DeprecatedClass>
-      <code>TList</code>
-      <code><![CDATA[new TList($this->getGenericValueType())]]></code>
-      <code><![CDATA[new TNonEmptyList($this->getGenericValueType())]]></code>
-    </DeprecatedClass>
     <ImpureMethodCall>
       <code>combine</code>
       <code>combine</code>
@@ -545,26 +532,6 @@
       <code><![CDATA[$this->properties[0]]]></code>
       <code><![CDATA[$this->properties[0]]]></code>
     </PossiblyUndefinedIntArrayOffset>
-    <PossiblyUnusedMethod>
-      <code>getList</code>
-    </PossiblyUnusedMethod>
-  </file>
-  <file src="src/Psalm/Type/Atomic/TList.php">
-    <ImpureMethodCall>
-      <code>replace</code>
-      <code>replace</code>
-    </ImpureMethodCall>
-    <ImpurePropertyAssignment>
-      <code><![CDATA[$cloned->type_param]]></code>
-    </ImpurePropertyAssignment>
-  </file>
-  <file src="src/Psalm/Type/Atomic/TNonEmptyList.php">
-    <DeprecatedClass>
-      <code>TList</code>
-    </DeprecatedClass>
-    <PossiblyUnusedMethod>
-      <code>setCount</code>
-    </PossiblyUnusedMethod>
   </file>
   <file src="src/Psalm/Type/Atomic/TObjectWithProperties.php">
     <ImpureMethodCall>