diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2016-12-27 22:10:46 +0300 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2016-12-27 22:42:09 +0300 |
commit | 7f284a4c82b877752a6f8f8426ce4d68d261114b (patch) | |
tree | fb53da1025573565ac37c2d862ab7c354703b869 | |
parent | ba5d3f22c2f9f62293aff071fbb658d10c6bf8a3 (diff) |
Adjust JSON Response to echo
Fixes https://github.com/nextcloud/php-static-scanner-instrumentalization/issues/1
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
-rw-r--r-- | src/Visitor/PublicFunctionVisitor.php | 66 | ||||
-rw-r--r-- | tests/integration/input/controller.php | 5 | ||||
-rw-r--r-- | tests/integration/output/controller.php | 8 |
3 files changed, 68 insertions, 11 deletions
diff --git a/src/Visitor/PublicFunctionVisitor.php b/src/Visitor/PublicFunctionVisitor.php index bdeb388..72c8dd3 100644 --- a/src/Visitor/PublicFunctionVisitor.php +++ b/src/Visitor/PublicFunctionVisitor.php @@ -25,25 +25,69 @@ use PhpParser\Node; use PhpParser\NodeVisitorAbstract; class PublicFunctionVisitor extends NodeVisitorAbstract { + /** + * @param array $originalArray + * @param mixed $value + * @param int $key + * @return array + */ + private function insertBeforeKey(array $originalArray, $value, $key) { + $newArray = []; + for ($i = 0; $i <= count($originalArray) - 1; $i++) { + $originalKey = $i; + if($i === $key) { + $newArray[$i] = $value; + $originalKey = $i; + $i++; + } + $newArray[$i] = $originalArray[$originalKey]; + } + + return $newArray; + } + public function enterNode(Node $node) { - if( - $node instanceof Node\Stmt\ClassMethod && - $node->name !== '__construct' && - $node->flags === Node\Stmt\Class_::MODIFIER_PUBLIC - ) { + if($node instanceof Node\Stmt\ClassMethod) { /** @var Node\Param[] $params */ $params = $node->getParams(); - foreach($params as $param) { - $var = new Node\Expr\Variable($param->name); - $expr = new Node\Expr\Variable('_GET'); - $expr = new Node\Expr\ArrayDimFetch($expr, new Node\Scalar\String_($param->name)); - array_unshift($node->stmts, new Node\Expr\Assign($var, $expr)); + + // Replaces the parameters in a function call with an injected GET parameter + if($node->name !== '__construct' && + $node->flags === Node\Stmt\Class_::MODIFIER_PUBLIC) { + foreach ($params as $param) { + $var = new Node\Expr\Variable($param->name); + $expr = new Node\Expr\Variable('_GET'); + $expr = new Node\Expr\ArrayDimFetch($expr, new Node\Scalar\String_($param->name)); + array_unshift($node->stmts, new Node\Expr\Assign($var, $expr)); + } + + $node->params = []; } - $node->params = []; + // Replaces the "return new JSONResponse" with an actual echo of the value + /** @var Node\Stmt $subNode */ + foreach($node->getStmts() as $key => $subNode) { + if($subNode instanceof Node\Stmt\Return_) { + /** @var Node\Expr $newNode */ + $newNode = $subNode->expr; + $className = $newNode->class->parts[0]; + if($className === 'JSONResponse') { + $args = new Node\Arg(new Node\Expr\FuncCall(new Node\Name('json_encode'), $newNode->args)); + $node->stmts[$key] = new Node\Stmt\Echo_([$args]); + } + + $arg = new Node\Arg(new Node\Scalar\String_('Content-Type:application/json; charset=utf-8')); + $header = new Node\Expr\FuncCall(new Node\Name('header'), [$arg]); + $node->stmts = $this->insertBeforeKey($node->stmts, $header, $key); + $arg = new Node\Arg(new Node\Scalar\String_('X-Content-Type-Options: nosniff')); + $header = new Node\Expr\FuncCall(new Node\Name('header'), [$arg]); + $node->stmts = $this->insertBeforeKey($node->stmts, $header, $key + 1); + } + } } + return $node; } } diff --git a/tests/integration/input/controller.php b/tests/integration/input/controller.php index 13766f6..351c691 100644 --- a/tests/integration/input/controller.php +++ b/tests/integration/input/controller.php @@ -20,9 +20,14 @@ */ use OCP\AppFramework\Controller; +use \OCP\AppFramework\Http\JSONResponse; class Foo extends Controller { public function list($index, $bar) { // Logic of the code } + + public function jsonResponse($name) { + return new JSONResponse("This is my $name"); + } } diff --git a/tests/integration/output/controller.php b/tests/integration/output/controller.php index c819228..13c49e6 100644 --- a/tests/integration/output/controller.php +++ b/tests/integration/output/controller.php @@ -19,6 +19,7 @@ * */ use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\JSONResponse; class Foo extends Controller { public function list() @@ -27,4 +28,11 @@ class Foo extends Controller $index = $_GET['index']; // Logic of the code } + public function jsonResponse() + { + $name = $_GET['name']; + header('Content-Type:application/json; charset=utf-8'); + header('X-Content-Type-Options: nosniff'); + echo json_encode("This is my {$name}"); + } }
\ No newline at end of file |