Fix filter var on uncertainty flags

Author: VincentLanglet

src/Type/Php/FilterFunctionReturnTypeHelper.php

@@ -26,6 +26,7 @@
 use PHPStan\Type\StringType;
 use PHPStan\Type\Type;
 use PHPStan\Type\TypeCombinator;
+use PHPStan\Type\UnionType;
 use function array_key_exists;
 use function array_merge;
 use function hexdec;
@@ -57,9 +58,14 @@ public function __construct(private ReflectionProvider $reflectionProvider, priv
 
 	private function getOffsetValueType(Type $inputType, Type $offsetType, ?Type $filterType, ?Type $flagsType): Type
 	{
-		$inexistentOffsetType = $this->hasFlag('FILTER_NULL_ON_FAILURE', $flagsType)
-			? new ConstantBooleanType(false)
-			: new NullType();
+		$hasNullOnFailure = $this->hasFlag('FILTER_NULL_ON_FAILURE', $flagsType);
+		if ($hasNullOnFailure->yes()) {
+			$inexistentOffsetType = new ConstantBooleanType(false);
+		} elseif ($hasNullOnFailure->no()) {
+			$inexistentOffsetType = new NullType();
+		} else {
+			$inexistentOffsetType = new UnionType([new ConstantBooleanType(false), new NullType()]);
+		}
 
 		$hasOffsetValueType = $inputType->hasOffsetValueType($offsetType);
 		if ($hasOffsetValueType->no()) {
@@ -123,22 +129,42 @@ public function getType(Type $inputType, ?Type $filterType, ?Type $flagsType): T
 		$hasOptions = $this->hasOptions($flagsType);
 		$options = $hasOptions->yes() ? $this->getOptions($flagsType, $filterValue) : [];
 
-		$defaultType = $options['default'] ?? ($this->hasFlag('FILTER_NULL_ON_FAILURE', $flagsType)
-			? new NullType()
-			: new ConstantBooleanType(false));
+		if (isset($options['default'])) {
+			$defaultType = $options['default'];
+		} else {
+			$hasNullOnFailure = $this->hasFlag('FILTER_NULL_ON_FAILURE', $flagsType);
+			if ($hasNullOnFailure->yes()) {
+				$defaultType = new NullType();
+			} elseif ($hasNullOnFailure->no()) {
+				$defaultType = new ConstantBooleanType(false);
+			} else {
+				$defaultType = new UnionType([new ConstantBooleanType(false), new NullType()]);
+			}
+		}
+
+		$hasRequireArrayFlag = $this->hasFlag('FILTER_REQUIRE_ARRAY', $flagsType);
+		if ($hasRequireArrayFlag->maybe()) {
+			// Too complicated
+			return $mixedType;
+		}
 
 		$inputIsArray = $inputType->isArray();
 		$hasRequireArrayFlag = $this->hasFlag('FILTER_REQUIRE_ARRAY', $flagsType);
-		if ($inputIsArray->no() && $hasRequireArrayFlag) {
-			if ($this->hasFlag('FILTER_THROW_ON_FAILURE', $flagsType)) {
+		if ($inputIsArray->no() && $hasRequireArrayFlag->yes()) {
+			if ($this->hasFlag('FILTER_THROW_ON_FAILURE', $flagsType)->yes()) {
 				return new ErrorType();
 			}
 
 			return $defaultType;
 		}
 
 		$hasForceArrayFlag = $this->hasFlag('FILTER_FORCE_ARRAY', $flagsType);
-		if ($inputIsArray->yes() && ($hasRequireArrayFlag || $hasForceArrayFlag)) {
+		if ($hasRequireArrayFlag->no() && $hasForceArrayFlag->maybe()) {
+			// Too complicated
+			return $mixedType;
+		}
+
+		if ($inputIsArray->yes() && ($hasRequireArrayFlag->yes() || $hasForceArrayFlag->yes())) {
 			$inputArrayKeyType = $inputType->getIterableKeyType();
 			$inputType = $inputType->getIterableValueType();
 		}
@@ -152,9 +178,11 @@ public function getType(Type $inputType, ?Type $filterType, ?Type $flagsType): T
 		$type = $exactType ?? $this->getFilterTypeMap()[$filterValue] ?? $mixedType;
 		$type = $this->applyRangeOptions($type, $options, $defaultType);
 
-		if ($inputType->isNonEmptyString()->yes()
+		if (
+			$inputType->isNonEmptyString()->yes()
 			&& $type->isString()->yes()
-			&& !$this->canStringBeSanitized($filterValue, $flagsType)) {
+			&& $this->canStringBeSanitized($filterValue, $flagsType)->no()
+		) {
 			$accessory = new AccessoryNonEmptyStringType();
 			if ($inputType->isNonFalsyString()->yes()) {
 				$accessory = new AccessoryNonFalsyStringType();
@@ -168,18 +196,18 @@ public function getType(Type $inputType, ?Type $filterType, ?Type $flagsType): T
 			}
 		}
 
-		if ($hasRequireArrayFlag) {
+		if ($hasRequireArrayFlag->yes()) {
 			$type = new ArrayType($inputArrayKeyType ?? $mixedType, $type);
 			if (!$inputIsArray->yes()) {
 				$type = TypeCombinator::union($type, $defaultType);
 			}
 		}
 
-		if (!$hasRequireArrayFlag && $hasForceArrayFlag) {
+		if ($hasRequireArrayFlag->no() && $hasForceArrayFlag->yes()) {
 			return new ArrayType($inputArrayKeyType ?? $mixedType, $type);
 		}
 
-		if ($this->hasFlag('FILTER_THROW_ON_FAILURE', $flagsType)) {
+		if ($this->hasFlag('FILTER_THROW_ON_FAILURE', $flagsType)->yes()) {
 			$type = TypeCombinator::remove($type, $defaultType);
 		}
 
@@ -338,16 +366,19 @@ private function determineExactType(Type $in, int $filterValue, Type $defaultTyp
 			}
 
 			if ($in instanceof ConstantStringType) {
-				$value = $in->getValue();
 				$allowOctal = $this->hasFlag('FILTER_FLAG_ALLOW_OCTAL', $flagsType);
 				$allowHex = $this->hasFlag('FILTER_FLAG_ALLOW_HEX', $flagsType);
+				if ($allowOctal->maybe() || $allowHex->maybe()) {
+					return null;
+				}
 
-				if ($allowOctal && preg_match('/\A0[oO][0-7]+\z/', $value) === 1) {
+				$value = $in->getValue();
+				if ($allowOctal->yes() && preg_match('/\A0[oO][0-7]+\z/', $value) === 1) {
 					$octalValue = octdec($value);
 					return is_int($octalValue) ? new ConstantIntegerType($octalValue) : $defaultType;
 				}
 
-				if ($allowHex && preg_match('/\A0[xX][0-9A-Fa-f]+\z/', $value) === 1) {
+				if ($allowHex->yes() && preg_match('/\A0[xX][0-9A-Fa-f]+\z/', $value) === 1) {
 					$hexValue = hexdec($value);
 					return is_int($hexValue) ? new ConstantIntegerType($hexValue) : $defaultType;
 				}
@@ -357,7 +388,7 @@ private function determineExactType(Type $in, int $filterValue, Type $defaultTyp
 		}
 
 		if ($filterValue === $this->getConstant('FILTER_DEFAULT')) {
-			if (!$this->canStringBeSanitized($filterValue, $flagsType) && $in->isString()->yes()) {
+			if ($this->canStringBeSanitized($filterValue, $flagsType)->no() && $in->isString()->yes()) {
 				return $in;
 			}
 
@@ -452,20 +483,23 @@ private function getOptions(Type $flagsType, int $filterValue): array
 	/**
 	 * @param non-empty-string $flagName
 	 */
-	private function hasFlag(string $flagName, ?Type $flagsType): bool
+	private function hasFlag(string $flagName, ?Type $flagsType): TrinaryLogic
 	{
 		$flag = $this->getConstant($flagName);
 		if ($flag === null) {
-			return false;
+			return TrinaryLogic::createNo();
 		}
 
-		if ($flagsType === null) {
-			return false;
+		if ($flagsType === null) { // Will default to 0
+			return TrinaryLogic::createNo();
 		}
 
 		$type = $this->getFlagsValue($flagsType);
+		if (!$type instanceof ConstantIntegerType) {
+			return TrinaryLogic::createMaybe();
+		}
 
-		return $type instanceof ConstantIntegerType && ($type->getValue() & $flag) === $flag;
+		return TrinaryLogic::createFromBoolean(($type->getValue() & $flag) === $flag);
 	}
 
 	private function getFlagsValue(Type $exprType): Type
@@ -474,25 +508,36 @@ private function getFlagsValue(Type $exprType): Type
 			return $exprType;
 		}
 
-		return $exprType->getOffsetValueType($this->flagsString);
+		$hasOffsetValue = $exprType->hasOffsetValueType($this->flagsString);
+		if ($hasOffsetValue->no()) {
+			return new ConstantIntegerType(0);
+		}
+		if ($hasOffsetValue->yes()) {
+			return $exprType->getOffsetValueType($this->flagsString);
+		}
+
+		return TypeCombinator::union(
+			new ConstantIntegerType(0),
+			$exprType->getOffsetValueType($this->flagsString),
+		);
 	}
 
-	private function canStringBeSanitized(int $filterValue, ?Type $flagsType): bool
+	private function canStringBeSanitized(int $filterValue, ?Type $flagsType): TrinaryLogic
 	{
 		// If it is a validation filter, the string will not be changed
 		if (($filterValue & self::VALIDATION_FILTER_BITMASK) !== 0) {
-			return false;
+			return TrinaryLogic::createNo();
 		}
 
 		// FILTER_DEFAULT will not sanitize, unless it has FILTER_FLAG_STRIP_LOW,
 		// FILTER_FLAG_STRIP_HIGH, or FILTER_FLAG_STRIP_BACKTICK
 		if ($filterValue === $this->getConstant('FILTER_DEFAULT')) {
 			return $this->hasFlag('FILTER_FLAG_STRIP_LOW', $flagsType)
-				|| $this->hasFlag('FILTER_FLAG_STRIP_HIGH', $flagsType)
-				|| $this->hasFlag('FILTER_FLAG_STRIP_BACKTICK', $flagsType);
+				->or($this->hasFlag('FILTER_FLAG_STRIP_HIGH', $flagsType))
+				->or($this->hasFlag('FILTER_FLAG_STRIP_BACKTICK', $flagsType));
 		}
 
-		return true;
+		return TrinaryLogic::createYes();
 	}
 
 }

tests/PHPStan/Analyser/LegacyNodeScopeResolverTest.php

@@ -7354,8 +7354,8 @@ public static function dataFilterVar(): Generator
 
 		$typeAndFlags = [
 			['%s|false', ''],
-			['%s|false', ', $mixed'],
-			['%s|false', ', ["flags" => $mixed]'],
+			['mixed', ', $mixed'],
+			['mixed', ', ["flags" => $mixed]'],
 			['%s|null', ', FILTER_NULL_ON_FAILURE'],
 			['%s|null', ', ["flags" => FILTER_NULL_ON_FAILURE]'],
 			['%s|null', ', ["flags" => FILTER_NULL_ON_FAILURE | FILTER_FLAG_IPV4]'],
@@ -7384,8 +7384,8 @@ public static function dataFilterVar(): Generator
 
 		$boolFlags = [
 			['bool', ''],
-			['bool', ', $mixed'],
-			['bool', ', ["flags" => $mixed]'],
+			['mixed', ', $mixed'],
+			['mixed', ', ["flags" => $mixed]'],
 			['bool|null', ', FILTER_NULL_ON_FAILURE'],
 			['bool|null', ', ["flags" => FILTER_NULL_ON_FAILURE]'],
 			['bool|null', ', ["flags" => FILTER_NULL_ON_FAILURE | FILTER_FLAG_IPV4]'],

tests/PHPStan/Analyser/nsrt/filter-var.php

@@ -90,7 +90,7 @@ public function invalidInput(array $arr, object $object, $resource): void
 	public function intToInt(int $int, array $options): void
 	{
 		assertType('int', filter_var($int, FILTER_VALIDATE_INT));
-		assertType('int|false', filter_var($int, FILTER_VALIDATE_INT, $options));
+		assertType('mixed', filter_var($int, FILTER_VALIDATE_INT, $options));
 		assertType('int<0, max>|false', filter_var($int, FILTER_VALIDATE_INT, ['options' => ['min_range' => 0]]));
 	}
 

tests/PHPStan/Rules/Comparison/StrictComparisonOfDifferentTypesRuleTest.php

@@ -1009,6 +1009,11 @@ public function testBug11019(): void
 		$this->analyse([__DIR__ . '/data/bug-11019.php'], []);
 	}
 
+	public function testBug11485(): void
+	{
+		$this->analyse([__DIR__ . '/data/bug-11485.php'], []);
+	}
+
 	public function testBug12946(): void
 	{
 		$this->analyse([__DIR__ . '/data/bug-12946.php'], []);

tests/PHPStan/Rules/Comparison/data/bug-11485.php

@@ -0,0 +1,18 @@
+<?php declare(strict_types = 1);
+
+namespace Bug11485;
+
+class Foo {
+
+	public function bar(string $value, bool $strict = true): bool	{
+
+		$flags = $strict ? FILTER_NULL_ON_FAILURE : 0;
+		$result = filter_var($value, FILTER_VALIDATE_BOOLEAN, $flags);
+		if ($result === null) throw new \Exception("not a boolean");
+
+		$result = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+		if ($result === null) throw new \Exception("not a boolean");
+
+		return $result;
+	}
+}