added solution prototype for '&&' conditions

VKCOM · Mar 19, 2024 · 31ac033 · 31ac033
1 parent b0460a8
commit 31ac033
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 14 deletions.
diff --git a/src/linter/block_linter.go b/src/linter/block_linter.go
@@ -3,7 +3,6 @@ package linter
 import (
 	"bytes"
 	"fmt"
-	"reflect"
 	"strings"
 
 	"github.com/VKCOM/noverify/src/constfold"
@@ -764,40 +763,57 @@ func (b *blockLinter) checkIfStmt(s *ir.IfStmt) {
 }
 
 func (b *blockLinter) checkDangerousBoolCond(s *ir.IfStmt) {
-
 	cond, ok := s.Cond.(*ir.BooleanOrExpr)
 	if !ok {
+		switch c := s.Cond.(type) {
+		case *ir.ConstFetchExpr:
+			if c.Constant.Value == "true" || c.Constant.Value == "false" {
+				b.report(s, LevelWarning, "DangerousCondition", "Potential dangerous bool value: you have constant bool value in condition")
+				fmt.Println("Bad")
+			}
+
+		case *ir.Lnumber:
+			if c.Value == "0" || c.Value == "1" {
+				b.report(s, LevelWarning, "DangerousCondition", "Potential dangerous value: you have constant int value that interpreted as bool")
+				fmt.Println("Bad")
+			}
+		case *ir.BooleanAndExpr:
+			checkIfStatementConditionBool(c.Left, c.Right, b)
+		}
 		return
 	}
 
-	println(cond)
-	checkIfStatementConditionBool(cond.Left, cond.Right)
+	checkIfStatementConditionBool(cond.Left, cond.Right, b)
 }
-func checkIfStatementConditionBool(left ir.Node, right ir.Node) {
-	checkNode(left)
-
-	checkNode(right)
+func checkIfStatementConditionBool(left ir.Node, right ir.Node, b *blockLinter) {
+	checkNode(left, b)
+	checkNode(right, b)
 }
 
-func checkNode(node ir.Node) {
+func checkNode(node ir.Node, b *blockLinter) {
 	switch n := node.(type) {
 	case *ir.SimpleVar:
 		fmt.Println("SimpleVar:", n)
 	case *ir.ConstFetchExpr:
-
 		if n.Constant.Value == "true" || n.Constant.Value == "false" {
+			b.report(node, LevelWarning, "DangerousCondition", "Potential dangerous bool value: you have constant bool value in condition")
 			fmt.Println("Bad")
 		}
 
 	case *ir.Lnumber:
 		if n.Value == "0" || n.Value == "1" {
+			b.report(node, LevelWarning, "DangerousCondition", "Potential dangerous value: you have constant int value that interpreted as bool")
 			fmt.Println("Bad")
 		}
 	case *ir.BooleanOrExpr:
-		checkNode(n.Left)
-		checkNode(n.Right)
-	default:
-		fmt.Println("Unknown type:", reflect.TypeOf(node))
+		checkNode(n.Left, b)
+		checkNode(n.Right, b)
+
+	case *ir.BooleanAndExpr:
+		checkNode(n.Left, b)
+		checkNode(n.Right, b)
+		/*default:
+		fmt.Println("Unknown type:", reflect.TypeOf(node))*/
 	}
 
 }

diff --git a/src/linter/report.go b/src/linter/report.go
@@ -1012,6 +1012,16 @@ function main(): void {
 			After:    `(string)$x`,
 		},
 
+		{
+			Name:     "DangerousCondition",
+			Default:  true,
+			Quickfix: false,
+			Comment:  "Report a dangerous condition",
+			Before:   "if(true){}",
+			After: `$a = getCond(); // get bool value from some func
+				if($a){}`,
+		},
+
 		{
 			Name:     "reverseAssign",
 			Default:  true,

diff --git a/src/tests/checkers/dangerouse_condition_test.go b/src/tests/checkers/dangerouse_condition_test.go
@@ -0,0 +1,59 @@
+package checkers
+
+import (
+	"github.com/VKCOM/noverify/src/linttest"
+	"testing"
+)
+
+func TestDangerousCondition1(t *testing.T) {
+	test := linttest.NewSuite(t)
+	test.AddFile(`<?php
+if(true){
+}
+`)
+	test.Expect = []string{
+		`Potential dangerous bool value: you have constant bool value in condition at _file0.php:2`,
+	}
+	test.RunAndMatch()
+}
+
+func TestDangerousCondition2(t *testing.T) {
+	test := linttest.NewSuite(t)
+	test.AddFile(`<?php
+
+$a = true;
+if(true||$a){
+echo "test";
+}
+
+if(1||$a||1||true||false||0){
+}
+`)
+	test.Expect = []string{
+		`Potential dangerous bool value: you have constant bool value in condition at _file0.php:4`,
+		`Potential dangerous value: you have constant int value that interpreted as bool at _file0.php:8`,
+		`Potential dangerous value: you have constant int value that interpreted as bool at _file0.php:8`,
+		`Potential dangerous bool value: you have constant bool value in condition at _file0.php:8`,
+		`Potential dangerous bool value: you have constant bool value in condition at _file0.php:8`,
+		`Potential dangerous value: you have constant int value that interpreted as bool at _file0.php:8`,
+	}
+	test.RunAndMatch()
+}
+
+func TestDangerousCondition3(t *testing.T) {
+	test := linttest.NewSuite(t)
+	test.AddFile(`<?php
+
+$a = true;
+if($a && false && true && 1 && 0){
+}
+
+`)
+	test.Expect = []string{
+		`Potential dangerous bool value: you have constant bool value in condition at _file0.php:4`,
+		`Potential dangerous bool value: you have constant bool value in condition at _file0.php:4`,
+		`Potential dangerous value: you have constant int value that interpreted as bool at _file0.php:4`,
+		`Potential dangerous value: you have constant int value that interpreted as bool at _file0.php:4`,
+	}
+	test.RunAndMatch()
+}