Specify return type for filter_input()

Author: herndlm

conf/config.neon

@@ -1456,6 +1456,11 @@ services:
 	-
 		class: PHPStan\Type\Php\FilterFunctionReturnTypeHelper
 
+	-
+		class: PHPStan\Type\Php\FilterInputDynamicReturnTypeExtension
+		tags:
+			- phpstan.broker.dynamicFunctionReturnTypeExtension
+
 	-
 		class: PHPStan\Type\Php\FilterVarDynamicReturnTypeExtension
 		tags:

src/Type/Php/FilterFunctionReturnTypeHelper.php

@@ -51,7 +51,25 @@ public function __construct(private ReflectionProvider $reflectionProvider)
 		$this->flagsString = new ConstantStringType('flags');
 	}
 
-	public function getTypeFromFunctionCall(Type $inputType, ?Type $filterType, ?Type $flagsType): Type
+	public function getOffsetValueType(Type $inputType, Type $offsetType, ?Type $filterType, ?Type $flagsType): ?Type
+	{
+		$inexistentOffsetType = $this->hasFlag($this->getConstant('FILTER_NULL_ON_FAILURE'), $flagsType)
+			? new ConstantBooleanType(false)
+			: new NullType();
+
+		$hasOffsetValueType = $inputType->hasOffsetValueType($offsetType);
+		if ($hasOffsetValueType->no()) {
+			return $inexistentOffsetType;
+		}
+
+		$filteredType = $this->getType($inputType->getOffsetValueType($offsetType), $filterType, $flagsType);
+
+		return $hasOffsetValueType->maybe()
+			? TypeCombinator::union($filteredType, $inexistentOffsetType)
+			: $filteredType;
+	}
+
+	public function getType(Type $inputType, ?Type $filterType, ?Type $flagsType): Type
 	{
 		$mixedType = new MixedType();
 

src/Type/Php/FilterInputDynamicReturnTypeExtension.php

@@ -0,0 +1,60 @@
+<?php declare(strict_types = 1);
+
+namespace PHPStan\Type\Php;
+
+use PhpParser\Node;
+use PhpParser\Node\Expr\FuncCall;
+use PHPStan\Analyser\Scope;
+use PHPStan\Reflection\FunctionReflection;
+use PHPStan\Reflection\ReflectionProvider;
+use PHPStan\Type\ArrayType;
+use PHPStan\Type\DynamicFunctionReturnTypeExtension;
+use PHPStan\Type\MixedType;
+use PHPStan\Type\StringType;
+use PHPStan\Type\Type;
+use PHPStan\Type\TypeCombinator;
+use function count;
+
+class FilterInputDynamicReturnTypeExtension implements DynamicFunctionReturnTypeExtension
+{
+
+	public function __construct(private FilterFunctionReturnTypeHelper $filterFunctionReturnTypeHelper, private ReflectionProvider $reflectionProvider)
+	{
+	}
+
+	public function isFunctionSupported(FunctionReflection $functionReflection): bool
+	{
+		return $functionReflection->getName() === 'filter_input';
+	}
+
+	public function getTypeFromFunctionCall(FunctionReflection $functionReflection, FuncCall $functionCall, Scope $scope): ?Type
+	{
+		if (count($functionCall->getArgs()) < 2) {
+			return null;
+		}
+
+		$supportedTypes = TypeCombinator::union(
+			$this->reflectionProvider->getConstant(new Node\Name('INPUT_GET'), null)->getValueType(),
+			$this->reflectionProvider->getConstant(new Node\Name('INPUT_POST'), null)->getValueType(),
+			$this->reflectionProvider->getConstant(new Node\Name('INPUT_COOKIE'), null)->getValueType(),
+			$this->reflectionProvider->getConstant(new Node\Name('INPUT_SERVER'), null)->getValueType(),
+			$this->reflectionProvider->getConstant(new Node\Name('INPUT_ENV'), null)->getValueType(),
+		);
+		$typeType = $scope->getType($functionCall->getArgs()[0]->value);
+		if (!$typeType->isInteger()->yes() || $supportedTypes->isSuperTypeOf($typeType)->no()) {
+			return null;
+		}
+
+		// Pragmatical solution since global expressions are not passed through the scope for performance reasons
+		// See https://github.com/phpstan/phpstan-src/pull/2012 for details
+		$inputType = new ArrayType(new StringType(), new MixedType());
+
+		return $this->filterFunctionReturnTypeHelper->getOffsetValueType(
+			$inputType,
+			$scope->getType($functionCall->getArgs()[1]->value),
+			isset($functionCall->getArgs()[2]) ? $scope->getType($functionCall->getArgs()[2]->value) : null,
+			isset($functionCall->getArgs()[3]) ? $scope->getType($functionCall->getArgs()[3]->value) : null,
+		);
+	}
+
+}

src/Type/Php/FilterVarDynamicReturnTypeExtension.php

@@ -32,7 +32,7 @@ public function getTypeFromFunctionCall(FunctionReflection $functionReflection,
 		$filterType = isset($functionCall->getArgs()[1]) ? $scope->getType($functionCall->getArgs()[1]->value) : null;
 		$flagsType = isset($functionCall->getArgs()[2]) ? $scope->getType($functionCall->getArgs()[2]->value) : null;
 
-		return $this->filterFunctionReturnTypeHelper->getTypeFromFunctionCall($inputType, $filterType, $flagsType);
+		return $this->filterFunctionReturnTypeHelper->getType($inputType, $filterType, $flagsType);
 	}
 
 }

tests/PHPStan/Analyser/NodeScopeResolverTest.php

@@ -623,6 +623,7 @@ public function dataFileAsserts(): iterable
 		}
 
 		yield from $this->gatherAssertTypes(__DIR__ . '/data/filesystem-functions.php');
+		yield from $this->gatherAssertTypes(__DIR__ . '/data/filter-input.php');
 		yield from $this->gatherAssertTypes(__DIR__ . '/data/filter-var.php');
 
 		if (PHP_VERSION_ID >= 80100) {

tests/PHPStan/Analyser/data/filter-input.php

@@ -0,0 +1,43 @@
+<?php declare(strict_types=1);
+
+namespace FilterInput;
+
+use function PHPStan\Testing\assertType;
+
+class FilterInput
+{
+
+	public function invalidTypesOrVarNames($mixed): void
+	{
+		assertType('int|false|null', filter_input(INPUT_GET, $mixed, FILTER_VALIDATE_INT));
+		assertType('mixed', filter_input(-1, 'foo', FILTER_VALIDATE_INT));
+		assertType('null', filter_input(INPUT_GET, 17, FILTER_VALIDATE_INT));
+		assertType('false', filter_input(INPUT_GET, 17, FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE));
+	}
+
+	public function supportedSuperGlobals(): void
+	{
+		assertType('int|false|null', filter_input(INPUT_GET, 'foo', FILTER_VALIDATE_INT));
+		assertType('int|false|null', filter_input(INPUT_POST, 'foo', FILTER_VALIDATE_INT));
+		assertType('int|false|null', filter_input(INPUT_COOKIE, 'foo', FILTER_VALIDATE_INT));
+		assertType('int|false|null', filter_input(INPUT_SERVER, 'foo', FILTER_VALIDATE_INT));
+		assertType('int|false|null', filter_input(INPUT_ENV, 'foo', FILTER_VALIDATE_INT));
+	}
+
+	public function inputTypeUnion(): void
+	{
+		assertType('int|false|null', filter_input(rand(0, 1) ? INPUT_GET : INPUT_POST, 'foo', FILTER_VALIDATE_INT));
+	}
+
+	public function doFoo(string $foo): void
+	{
+		assertType('int|false|null', filter_input(INPUT_GET, $foo, FILTER_VALIDATE_INT));
+		assertType('int|false|null', filter_input(INPUT_GET, 'foo', FILTER_VALIDATE_INT));
+		assertType('int|false|null', filter_input(INPUT_GET, 'foo', FILTER_VALIDATE_INT, ['flags' => FILTER_NULL_ON_FAILURE]));
+		assertType("'invalid'|int|null", filter_input(INPUT_GET, 'foo', FILTER_VALIDATE_INT, ['options' => ['default' => 'invalid']]));
+		assertType('array<int|false>|null', filter_input(INPUT_GET, 'foo', FILTER_VALIDATE_INT, ['flags' => FILTER_FORCE_ARRAY]));
+		assertType('array<int|null>|false', filter_input(INPUT_GET, 'foo', FILTER_VALIDATE_INT, ['flags' => FILTER_FORCE_ARRAY|FILTER_NULL_ON_FAILURE]));
+		assertType('0|int<17, 19>|null', filter_input(INPUT_GET, 'foo', FILTER_VALIDATE_INT, ['options' => ['default' => 0, 'min_range' => 17, 'max_range' => 19]]));
+	}
+
+}

tests/PHPStan/Rules/Functions/CallToFunctionParametersRuleTest.php

@@ -1130,6 +1130,12 @@ public function testBug5474(): void
 		]);
 	}
 
+	public function testBug6261(): void
+	{
+		$this->checkExplicitMixed = true;
+		$this->analyse([__DIR__ . '/data/bug-6261.php'], []);
+	}
+
 	public function testBug6781(): void
 	{
 		$this->analyse([__DIR__ . '/data/bug-6781.php'], []);

tests/PHPStan/Rules/Functions/data/bug-6261.php

@@ -0,0 +1,15 @@
+<?php declare(strict_types = 1);
+
+namespace Bug6261;
+
+function needs_int(int $x) : void {}
+
+function () {
+	$x = filter_input(INPUT_POST, 'row_id', FILTER_VALIDATE_INT);
+
+	if($x === false || $x === null) {
+		die("I expected a numeric string!\n");
+	}
+
+	needs_int($x);
+};