Merge branch 'master' into andrei/php-implement-use-trait

Author: AndreiDreyer

joern-cli/frontends/kotlin2cpg/src/main/scala/io/joern/kotlin2cpg/ast/AstCreator.scala

@@ -382,7 +382,7 @@ class AstCreator(
     val declarationsAsts = ktFile.getDeclarations.asScala.flatMap(astsForDeclaration)
     val fileNode         = NewFile().name(fileWithMeta.relativizedPath)
     if (!disableFileContent) {
-      fileNode.content(code(fileWithMeta.f))
+      fileNode.content(fileWithMeta.f.getText)
     }
     val lambdaTypeDecls =
       lambdaBindingInfoQueue.flatMap(_.edgeMeta.collect { case (node: NewTypeDecl, _, _) => Ast(node) })

joern-cli/frontends/php2cpg/src/main/scala/io/joern/php2cpg/astcreation/AstCreatorHelper.scala

@@ -213,4 +213,19 @@ trait AstCreatorHelper(disableFileContent: Boolean)(implicit withSchemaValidatio
   }
 
   protected def isBuiltinFunc(name: String): Boolean = PhpBuiltins.FuncNames.contains(name)
+
+  protected def createListExprCodeField(listExpr: PhpListExpr): String = {
+    val name = PhpOperators.listFunc
+    val args = listExpr.items.flatten
+      .map {
+        case PhpArrayItem(_, _ @PhpVariable(name: PhpNameExpr, _), _, _, _) => s"$$${name.name}"
+        case PhpArrayItem(_, value: PhpListExpr, _, _, _)                   => createListExprCodeField(value)
+        case x =>
+          logger.warn(s"Invalid arg type for code field: ${x.getClass}")
+          ""
+      }
+      .mkString(",")
+
+    s"$name($args)"
+  }
 }

joern-cli/frontends/php2cpg/src/main/scala/io/joern/php2cpg/astcreation/AstForControlStructuresCreator.scala

@@ -179,9 +179,13 @@ trait AstForControlStructuresCreator(implicit withSchemaValidation: ValidationMo
     val localN         = handleVariableOccurrence(stmt, iterIdentifier.name)
 
     // keep this just used to construct the `code` field
-    val assignItemTargetAst = stmt.keyVar match {
-      case Some(key) => astForKeyValPair(stmt, key, stmt.valueVar)
-      case None      => astForExpr(stmt.valueVar)
+    val assignItemTargetString = stmt.keyVar match {
+      case Some(key) => astForKeyValPair(stmt, key, stmt.valueVar).rootCodeOrEmpty
+      case None =>
+        stmt.valueVar match {
+          case x: PhpListExpr => createListExprCodeField(x)
+          case x              => astForExpr(x).rootCodeOrEmpty
+        }
     }
 
     // Initializer asts
@@ -193,15 +197,57 @@ trait AstForControlStructuresCreator(implicit withSchemaValidation: ValidationMo
     // - Assigned item assign
     val itemInitAst = getItemAssignAstForForeach(stmt, iterIdentifier.copy)
 
-    // Condition ast
     val isNullName = PhpOperators.isNull
-    val valueAst   = astForExpr(stmt.valueVar)
-    val isNullCode = s"$isNullName(${valueAst.rootCodeOrEmpty})"
-    val isNullCall = operatorCallNode(stmt, isNullCode, isNullName, Some(TypeConstants.Bool))
-      .methodFullName(PhpOperators.isNull)
-    val notIsNull    = operatorCallNode(stmt, s"!$isNullCode", Operators.logicalNot, None)
-    val isNullAst    = callAst(isNullCall, valueAst :: Nil)
-    val conditionAst = callAst(notIsNull, isNullAst :: Nil)
+
+    def createNotNullChecks(valueVar: PhpExpr): Ast = {
+      valueVar match {
+        case x: PhpListExpr =>
+          x.items match {
+            case List(None, _*)    => Ast()
+            case Some(head) :: Nil => createNotNullChecks(head) // only one item in the listExpr
+            case Some(head) :: tail =>
+              val headItem = createNotNullChecks(head)
+              tail
+                .filter(_.isDefined)
+                .foldLeft(headItem)((previousVar, currentVar) => {
+                  currentVar.get match {
+                    case PhpArrayItem(_, value: (PhpVariable | PhpListExpr), _, _, _) =>
+                      val notCall = value match {
+                        case _: PhpVariable => createNotNullCall(value)
+                        case _: PhpListExpr => createNotNullChecks(value)
+                      }
+                      val callNode = operatorCallNode(
+                        currentVar.get,
+                        s"${previousVar.rootCodeOrEmpty} || ${notCall.rootCodeOrEmpty}",
+                        Operators.or,
+                        None
+                      )
+                      callAst(callNode, List(previousVar, notCall))
+                    case x =>
+                      logger.warn(s"Invalid PhpArrayItem.Value: ${x.value.getClass}")
+                      Ast()
+                  }
+                })
+            case Nil => Ast()
+          }
+        case PhpArrayItem(_, value: PhpVariable, _, _, _) => createNotNullCall(value)
+        case PhpArrayItem(_, value: PhpListExpr, _, _, _) => createNotNullChecks(value)
+        case x =>
+          createNotNullCall(x)
+      }
+    }
+
+    def createNotNullCall(valueVar: PhpExpr): Ast = {
+      val valueAst   = astForExpr(valueVar)
+      val isNullCode = s"$isNullName(${valueAst.rootCodeOrEmpty})"
+      val isNullCall = operatorCallNode(stmt, isNullCode, isNullName, Some(TypeConstants.Bool))
+        .methodFullName(PhpOperators.isNull)
+      val notIsNull = operatorCallNode(stmt, s"!$isNullCode", Operators.logicalNot, None)
+      val isNullAst = callAst(isNullCall, valueAst :: Nil)
+      callAst(notIsNull, isNullAst :: Nil)
+    }
+
+    val conditionAst = createNotNullChecks(stmt.valueVar)
 
     // Update asts
     val nextIterIdent = astForIdentifierWithLocalRef(iterIdentifier.copy, localN)
@@ -219,7 +265,7 @@ trait AstForControlStructuresCreator(implicit withSchemaValidation: ValidationMo
     val bodyAst = stmtBodyBlockAst(stmt)
 
     val ampPrefix   = if (stmt.assignByRef) "&" else ""
-    val foreachCode = s"foreach (${iterValue.rootCodeOrEmpty} as $ampPrefix${assignItemTargetAst.rootCodeOrEmpty})"
+    val foreachCode = s"foreach (${iterValue.rootCodeOrEmpty} as $ampPrefix${assignItemTargetString})"
     val foreachNode = controlStructureNode(stmt, ControlStructureTypes.FOR, foreachCode)
     Ast(foreachNode)
       .withChild(wrapMultipleInBlock(iteratorAssignAst :: itemInitAst :: Nil, line(stmt)))
@@ -258,7 +304,13 @@ trait AstForControlStructuresCreator(implicit withSchemaValidation: ValidationMo
       } else {
         currentCallAst
       }
-      simpleAssignAst(stmt, astForExpr(stmt.valueVar), valueAst)
+
+      stmt.valueVar match {
+        case target: PhpListExpr =>
+          astForArrayUnpack(stmt, target, valueAst)
+        case target =>
+          simpleAssignAst(stmt, astForExpr(target), valueAst)
+      }
     }
 
     // try to create assignment for key-part

joern-cli/frontends/php2cpg/src/main/scala/io/joern/php2cpg/astcreation/AstForExpressionsCreator.scala

@@ -33,7 +33,6 @@ trait AstForExpressionsCreator(implicit withSchemaValidation: ValidationMode) {
       case evalExpr: PhpEvalExpr                       => astForEval(evalExpr)
       case exitExpr: PhpExitExpr                       => astForExit(exitExpr)
       case arrayExpr: PhpArrayExpr                     => astForArrayExpr(arrayExpr)
-      case listExpr: PhpListExpr                       => astForListExpr(listExpr)
       case newExpr: PhpNewExpr                         => astForNewExpr(newExpr)
       case matchExpr: PhpMatchExpr                     => astForMatchExpr(matchExpr)
       case yieldExpr: PhpYieldExpr                     => astForYieldExpr(yieldExpr)
@@ -147,7 +146,7 @@ trait AstForExpressionsCreator(implicit withSchemaValidation: ValidationMode) {
         // Rewrite `$xs[] = <value_expr>` as `array_push($xs, <value_expr>)` to simplify finding dataflows.
         astForEmptyArrayDimAssign(assignment, arrayDimFetch)
       case arrayExpr: (PhpArrayExpr | PhpListExpr) =>
-        astForArrayUnpack(assignment, arrayExpr)
+        astForArrayUnpack(assignment, arrayExpr, astForExpr(assignment.source))
       case _ =>
         val operatorName = assignment.assignOp
 
@@ -241,7 +240,7 @@ trait AstForExpressionsCreator(implicit withSchemaValidation: ValidationMode) {
 
   /** Lower the array/list unpack. For example `[$a, $b] = $arr;` will be lowered to `$a = $arr[0]; $b = $arr[1];`
     */
-  private def astForArrayUnpack(assignment: PhpAssignment, target: PhpArrayExpr | PhpListExpr): Ast = {
+  protected def astForArrayUnpack(assignment: PhpNode, target: PhpArrayExpr | PhpListExpr, sourceAst: Ast): Ast = {
     val loweredAssignNodes = mutable.ListBuffer.empty[Ast]
 
     // create a Identifier ast for given name
@@ -316,7 +315,6 @@ trait AstForExpressionsCreator(implicit withSchemaValidation: ValidationMode) {
       }
     }
 
-    val sourceAst = astForExpr(assignment.source)
     val itemsOf = (exp: PhpArrayExpr | PhpListExpr) =>
       exp match {
         case x: PhpArrayExpr => x.items
@@ -513,22 +511,32 @@ trait AstForExpressionsCreator(implicit withSchemaValidation: ValidationMode) {
       case other => (other, None)
     }
 
-    val fieldAst = fieldNodeAndName(expr.name) match {
-      case (other, None) =>
-        logger.warn(s"Unable to determine field identifier node from ${other.getClass} (parent node $expr)")
-        astForExpr(other)
-      case (expr, Some(name)) => Ast(fieldIdentifierNode(expr, name.stripPrefix("$"), name))
+    val (fieldNode, fieldName) = fieldNodeAndName(expr.name)
+
+    val fieldAst = fieldName match {
+      case None =>
+        astForExpr(fieldNode)
+      case Some(name) => Ast(fieldIdentifierNode(expr, name.stripPrefix("$"), name))
+    }
+
+    val operatorName = fieldName match {
+      case Some(_) => Operators.fieldAccess
+      case None    => Operators.indexAccess
     }
 
     val accessSymbol =
       if (expr.isStatic) StaticMethodDelimiter
       else if (expr.isNullsafe) s"?$InstanceMethodDelimiter"
       else InstanceMethodDelimiter
 
-    val targetAst       = astForExpr(expr.expr)
-    val targetCode      = targetAst.rootCodeOrEmpty
-    val code            = s"$targetCode$accessSymbol${fieldAst.rootCodeOrEmpty}"
-    val fieldAccessNode = operatorCallNode(expr, code, Operators.fieldAccess, None)
+    val targetAst  = astForExpr(expr.expr)
+    val targetCode = targetAst.rootCodeOrEmpty
+    val fieldAstCode = fieldName match {
+      case Some(_) => fieldAst.rootCodeOrEmpty
+      case None    => s"{${fieldAst.rootCodeOrEmpty}}"
+    }
+    val code            = s"$targetCode$accessSymbol$fieldAstCode"
+    val fieldAccessNode = operatorCallNode(expr, code, operatorName, None)
     callAst(fieldAccessNode, Seq(targetAst, fieldAst))
   }
 
@@ -695,39 +703,6 @@ trait AstForExpressionsCreator(implicit withSchemaValidation: ValidationMode) {
     }
   }
 
-  private def astForListExpr(expr: PhpListExpr): Ast = {
-    /* TODO: Handling list in a way that will actually work with dataflow tracking is somewhat more complicated than
-     *  this and will likely need a fairly ugly lowering.
-     *
-     * In short, the case:
-     *   list($a, $b) = $arr;
-     * can be lowered to:
-     *   $a = $arr[0];
-     *   $b = $arr[1];
-     *
-     * the case:
-     *   list("id" => $a, "name" => $b) = $arr;
-     * can be lowered to:
-     *   $a = $arr["id"];
-     *   $b = $arr["name"];
-     *
-     * and the case:
-     *   foreach ($arr as list($a, $b)) { ... }
-     * can be lowered as above for each $arr[i];
-     *
-     * The below is just a placeholder to prevent crashes while figuring out the cleanest way to
-     * implement the above lowering or to think of a better way to do it.
-     */
-
-    val name     = PhpOperators.listFunc
-    val args     = expr.items.flatten.map { item => astForExpr(item.value) }
-    val listCode = s"$name(${args.map(_.rootCodeOrEmpty).mkString(",")})"
-    val listNode = operatorCallNode(expr, listCode, name, None)
-      .methodFullName(PhpOperators.listFunc)
-
-    callAst(listNode, args)
-  }
-
   private def astForNewExpr(expr: PhpNewExpr): Ast = {
     expr.className match {
       case classLikeStmt: PhpClassLikeStmt =>

joern-cli/frontends/php2cpg/src/test/scala/io/joern/php2cpg/dataflow/IntraMethodDataflowTests.scala

@@ -75,4 +75,32 @@ class IntraMethodDataflowTests extends PhpCode2CpgFixture(runOssDataflow = true)
     val flows  = sink.reachableByFlows(source)
     flows.size shouldBe 2
   }
+
+  "flow from list unpacking in foreach loop" in {
+    val cpg = code("""<?php
+        |foreach($arr as list($a, $b)) {
+        | echo $a;
+        | echo $b;
+        |}
+        |""".stripMargin)
+    val source = cpg.identifier("arr")
+    val sink   = cpg.call("echo").argument(1)
+    val flows  = sink.reachableByFlows(source)
+    flows.size shouldBe 2
+  }
+
+  "flow from nested list unpacking in foreach loop" in {
+    val cpg = code("""<?php
+        |foreach($arr as list($a, list($b, $c))) {
+        |   echo $a;
+        |   echo $b;
+        |   echo $c;
+        | }
+        |""".stripMargin)
+
+    val source = cpg.identifier("arr")
+    val sink   = cpg.call("echo").argument(1)
+    val flows  = sink.reachableByFlows(source)
+    flows.size shouldBe 3
+  }
 }