Skip to content

Commit

Permalink
OIS-417: Upgrade phpstan to 0.12.* for SQL Injection testing - fixed …
Browse files Browse the repository at this point in the history
…Internal error during checks for ->() checks
  • Loading branch information
x86demon committed Jan 15, 2021
1 parent 023e899 commit 788d515
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/Oro/Rules/Methods/QueryBuilderInjectionRule.php
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,10 @@ private function isUnsafeStaticMethodCall(Node\Expr $value, Scope $scope): bool
if ($className === 'self') {
$className = $scope->getClassReflection()->getName();
}

if ($value->name instanceof \PhpParser\Node\Expr\Variable) {
return false;
}
$methodName = \strtolower((string)$value->name);

// Whitelisted methods are safe
Expand Down Expand Up @@ -659,7 +663,8 @@ private function processStaticMethodCall(Node $node, Scope $scope)
*/
private function checkClearMethodCall($type, $className, Node $value, Scope $scope)
{
if (!empty($this->trustedData[$type][$className][\strtolower((string)$value->name)])
if (!$value->name instanceof \PhpParser\Node\Expr\Variable
&& !empty($this->trustedData[$type][$className][\strtolower((string)$value->name)])
&& $value->args[0]->value instanceof Node\Expr\Variable
) {
$this->trustVariable($value->args[0]->value, $scope);
Expand Down

0 comments on commit 788d515

Please sign in to comment.