Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Unknown node error #13

Closed
BafS opened this issue Dec 18, 2018 · 16 comments
Closed

Unknown node error #13

BafS opened this issue Dec 18, 2018 · 16 comments

Comments

@BafS
Copy link

BafS commented Dec 18, 2018

Some node types are not handle, I tried to run progpilot on some projects using nullable type or group use and I have those errors:

  • Unknown Stmt Node Encountered : Stmt_GroupUse
  • Unknown Expr Type NullableType
@eric-therond
Copy link
Collaborator

Hello @BafS
could you share your inputs / files / codes you are trying to analyze if I want to reproduce the bugs

Eric

@BafS
Copy link
Author

BafS commented Dec 19, 2018

Unfortunately it's private code but

<?php

function test(): ?int {
    return 1;
}

is enough to trigger Unknown Expr Type NullableType

eric-therond added a commit that referenced this issue Dec 20, 2018
@eric-therond
tests #13
8eb189d
@eric-therond
Copy link
Collaborator

eric-therond commented Dec 20, 2018
edited
Loading

it's a bug in a dependency used by progpilot : https://github.com/ircmaxell/php-cfg

the test cases I have developed with your help to reproduce the bugs :
https://github.com/designsecurity/progpilot/blob/master/projects/tests/tests/negative/parser_error2.php
https://github.com/designsecurity/progpilot/blob/master/projects/tests/tests/negative/parser_error3.php

cd designsecurity/progpilot/project/tests/
php testphpcfg.php ./tests/negative/parser_error2.php
PHP Fatal error:  Uncaught RuntimeException: Unknown Expr Type NullableType in /home/eric/dev/designsecurity/progpilot/projects/tests/vendor/ircmaxell/php-cfg/lib/PHPCfg/Parser.php:799

Could you submit these issues in the ircmaxell/php-cfg repository ?

@BafS
Copy link
Author

BafS commented Dec 21, 2018

Thanks ! I see that someone have the same problem already ircmaxell/php-cfg#49

@NicolasCARPi
Copy link
Contributor

@eric-therond Why isn't progpilot using your fork of php-cfg with the fix you made?

@NicolasCARPi
Copy link
Contributor

Someone asked how to include the fork instead, but deleted their question. So here it is anyway:

diff --git a/composer.json b/composer.json
index 4b77081..b34d0ec 100644
--- a/composer.json
+++ b/composer.json
@@ -8,9 +8,15 @@
             "email": "eric.therond.fr@gmail.com"
         }
     ],
+    "repositories": [
+          {
+              "type": "vcs",
+              "url": "https://github.com/eric-therond/php-cfg"
+          }
+    ],
     "require": {
         "php": "^7.0",
-        "ircmaxell/php-cfg": "^0.5",
+        "ircmaxell/php-cfg": "dev-master",
         "symfony/yaml": ">=3.3.6",
         "symfony/console": ">=3.3.5"
     },

@phackt
Copy link

phackt commented Jul 24, 2019

yep it s me because i though i found the solution trying the latest ircmaxwell (@dev) in composer.json because according to me it was fixed in latest release but got another issue. Thanks @NicolasCARPi, gonna test it with the fork.

@phackt
Copy link

phackt commented Jul 25, 2019

Still got Unknown Unknown Expr Type NullableType with this root composer.json:

{
    "name": "designsecurity/progpilot",
    "description": "A Static Analyser for security",
    "license": "MIT",
    "authors": [
        {
            "name": "Eric Therond",
            "email": "eric.therond.fr@gmail.com"
        }
    ],
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/eric-therond/php-cfg"
        }
    ],
    "require": {
        "php": "^7.3",
        "ircmaxell/php-cfg": "dev-master",
        "symfony/yaml": ">=3.3.6",
        "symfony/console": ">=3.3.5"
    },
    "require-dev": {
        "phpunit/phpunit": "@dev"
    },
    "bin": ["projects/phar/progpilot"],
    "autoload": {
        "psr-0": {
            "progpilot": "package/src"
        }
    }
}

and last progpilot release 0.6.0. I'm trying to audit a Zend application.

php progpilot_v0.6.0.phar /path/to/app

Unknown Expr Type NullableType

How i installed it:

composer install
wget https://github.com/designsecurity/progpilot/releases/download/v0.6.0/progpilot_v0.6.0.phar

Thanks,

@NicolasCARPi
Copy link
Contributor

Well, if you use the .phar, the custom composer.json has no effect!

@phackt
Copy link

phackt commented Jul 25, 2019
edited
Loading

My bad i was meaning i tried the released one (failed) and this one:

composer install
php launch.php

With launch.php:

<?php

require_once './vendor/autoload.php';

$context = new \progpilot\Context;
$analyzer = new \progpilot\Analyzer;

$context->inputs->setFolder("/path/to/root/");

$analyzer->run($context);
$results = $context->outputs->getResults();

var_dump($results);

?>

Just got:

PHP Fatal error:  Uncaught Error: Call to a member function getAssignDef() on null in /home/user/Documents/repo/progpilot/package/src/progpilot/Analysis/VisitorAnalysis.php:522
Stack trace:
#0 /home/user/Documents/repo/progpilot/package/src/progpilot/Analyzer.php(116): progpilot\Analysis\VisitorAnalysis->analyze(Object(progpilot\Code\MyCode))
#1 /home/user/Documents/repo/progpilot/package/src/progpilot/Analyzer.php(168): progpilot\Analyzer->runInternalFunction(Object(progpilot\Context), Object(progpilot\Objects\MyFunction))
#2 /home/user/Documents/repo/progpilot/package/src/progpilot/Analyzer.php(225): progpilot\Analyzer->runInternalAnalysis(Object(progpilot\Context), NULL)
#3 /home/user/Documents/repo/progpilot/package/src/progpilot/Analyzer.php(294): progpilot\Analyzer->runInternalPhp(Object(progpilot\Context))
#4 /home/user/Documents/repo/progpilot/package/src/progpilot/Analyzer.php(399): progpilot\Analyzer->runAllInternal(Object(progpilot\Context))
#5 /home/user/Documents/repo/progpilot/launch.php(10): progpilot\Analyzer-> in /home/user/Documents/repo/progpilot/package/src/progpilot/Analysis/VisitorAnalysis.php on line 522

$ php --version
PHP 7.3.7

Pretty weirdo, it works on a simple php test file.

btw thanks for your quick replies @NicolasCARPi

@eric-therond
Copy link
Collaborator

@phackt which file are you trying to analyze ?
I can't reproduce the bug without this information

@NicolasCARPi
Copy link
Contributor

@eric-therond Any code with a nullable type hint:

a.php:

<?php

function blah(?string $nullable): string
{
    if ($nullable) {
        return 'yep';
    }
    return 'nope';
}
./progpilot_v0.6.0.phar a.php


Unknown Expr Type NullableType

@eric-therond
Copy link
Collaborator

yes for this one it's corrected in the v1.0 ircmaxell/php-cfg branch but there is no stable version for the moment and there are other similar bugs like ircmaxell/php-cfg#58

but it seems @phackt has a different issue related to progpilot itself:

PHP Fatal error: Uncaught Error: Call to a member function getAssignDef() on null in /home/user/Documents/repo/progpilot/package/src/progpilot/Analysis/VisitorAnalysis.php:522

I can't reproduce this bug without your inputs

@athanasius-kircher
Copy link

I can reproduce the error

PHP Fatal error: Uncaught Error: Call to a member function getAssignDef() on null in /home/user/Documents/repo/progpilot/package/src/progpilot/Analysis/VisitorAnalysis.php:522

with the following code:

$foo = $ba->r() ? $ba->r() : '';

@eric-therond
Copy link
Collaborator

I have updated dependency ircmaxell/php-cfg to 1.0.x-dev even if it is not a stable version.
It allows to fix some significant bugs.
You can test progpilot v0.8.0 and let me know if these errors are still present.

Thanks
Eric

@NicolasCARPi
Copy link
Contributor

@eric-therond Looks like it works now :) 👍

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@BafS @athanasius-kircher @NicolasCARPi @eric-therond @phackt