feature #35849 [ExpressionLanguage] Added expression language syntax validator (Andrej-in-ua)

fabpot · fabpot · commit efc711692663 · 2020-05-05T07:59:29.000+02:00
This PR was squashed before being merged into the 5.1-dev branch.

Discussion
----------

[ExpressionLanguage] Added expression language syntax validator

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Tickets       | #35700
| License       | MIT
| Doc PR        | N/A &lt;!-- required for new features --&gt;

Proposal implementation #35700

The current solution is a compromise between support complexity and cleanliness.

I tried different solutions to the issue. A beautiful solution was obtained only with full duplication of the parser code. That is unacceptable because parser complexity is quite high.

The main problem in this solution is that nodes instances are created which are then not used. I do not think that linter can be a bottleneck and will greatly affect performance. If this is corrected, the parser code becomes a bunch of if's.

JFI: I did not added parsing without variable names, because this breaks caching and potential location for vulnerabilities.

Commits
-------

a5cd965494 [ExpressionLanguage] Added expression language syntax validator
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+5.1.0
+-----
+
+ * added `lint` method to `ExpressionLanguage` class
+ * added `lint` method to `Parser` class
+
 4.0.0
 -----
 
diff --git a/ExpressionLanguage.php b/ExpressionLanguage.php
@@ -100,6 +100,23 @@ public function parse($expression, array $names)
         return $parsedExpression;
     }
 
+    /**
+     * Validates the syntax of an expression.
+     *
+     * @param Expression|string $expression The expression to validate
+     * @param array|null        $names      The list of acceptable variable names in the expression, or null to accept any names
+     *
+     * @throws SyntaxError When the passed expression is invalid
+     */
+    public function lint($expression, ?array $names): void
+    {
+        if ($expression instanceof ParsedExpression) {
+            return;
+        }
+
+        $this->getParser()->lint($this->getLexer()->tokenize((string) $expression), $names);
+    }
+
     /**
      * Registers a function.
      *
diff --git a/Parser.php b/Parser.php
@@ -31,6 +31,7 @@ class Parser
     private $binaryOperators;
     private $functions;
     private $names;
+    private $lint;
 
     public function __construct(array $functions)
     {
@@ -90,6 +91,30 @@ public function __construct(array $functions)
      * @throws SyntaxError
      */
     public function parse(TokenStream $stream, array $names = [])
+    {
+        $this->lint = false;
+
+        return $this->doParse($stream, $names);
+    }
+
+    /**
+     * Validates the syntax of an expression.
+     *
+     * The syntax of the passed expression will be checked, but not parsed.
+     * If you want to skip checking dynamic variable names, pass `null` instead of the array.
+     *
+     * @throws SyntaxError When the passed expression is invalid
+     */
+    public function lint(TokenStream $stream, ?array $names = []): void
+    {
+        $this->lint = true;
+        $this->doParse($stream, $names);
+    }
+
+    /**
+     * @throws SyntaxError
+     */
+    private function doParse(TokenStream $stream, ?array $names = []): Node\Node
     {
         $this->stream = $stream;
         $this->names = $names;
@@ -197,13 +222,17 @@ public function parsePrimaryExpression()
 
                             $node = new Node\FunctionNode($token->value, $this->parseArguments());
                         } else {
-                            if (!\in_array($token->value, $this->names, true)) {
-                                throw new SyntaxError(sprintf('Variable "%s" is not valid.', $token->value), $token->cursor, $this->stream->getExpression(), $token->value, $this->names);
-                            }
-
-                            // is the name used in the compiled code different
-                            // from the name used in the expression?
-                            if (\is_int($name = array_search($token->value, $this->names))) {
+                            if (!$this->lint || \is_array($this->names)) {
+                                if (!\in_array($token->value, $this->names, true)) {
+                                    throw new SyntaxError(sprintf('Variable "%s" is not valid.', $token->value), $token->cursor, $this->stream->getExpression(), $token->value, $this->names);
+                                }
+
+                                // is the name used in the compiled code different
+                                // from the name used in the expression?
+                                if (\is_int($name = array_search($token->value, $this->names))) {
+                                    $name = $token->value;
+                                }
+                            } else {
                                 $name = $token->value;
                             }
 
diff --git a/Tests/ParserTest.php b/Tests/ParserTest.php
@@ -15,6 +15,7 @@
 use Symfony\Component\ExpressionLanguage\Lexer;
 use Symfony\Component\ExpressionLanguage\Node;
 use Symfony\Component\ExpressionLanguage\Parser;
+use Symfony\Component\ExpressionLanguage\SyntaxError;
 
 class ParserTest extends TestCase
 {
@@ -234,4 +235,98 @@ public function testNameProposal()
 
         $parser->parse($lexer->tokenize('foo > bar'), ['foo', 'baz']);
     }
+
+    /**
+     * @dataProvider getLintData
+     */
+    public function testLint($expression, $names, ?string $exception = null)
+    {
+        if ($exception) {
+            $this->expectException(SyntaxError::class);
+            $this->expectExceptionMessage($exception);
+        }
+
+        $lexer = new Lexer();
+        $parser = new Parser([]);
+        $parser->lint($lexer->tokenize($expression), $names);
+
+        // Parser does't return anything when the correct expression is passed
+        $this->expectNotToPerformAssertions();
+    }
+
+    public function getLintData(): array
+    {
+        return [
+            'valid expression' => [
+                'expression' => 'foo["some_key"].callFunction(a ? b)',
+                'names' => ['foo', 'a', 'b'],
+            ],
+            'allow expression without names' => [
+                'expression' => 'foo.bar',
+                'names' => null,
+            ],
+            'disallow expression without names' => [
+                'expression' => 'foo.bar',
+                'names' => [],
+                'exception' => 'Variable "foo" is not valid around position 1 for expression `foo.bar',
+            ],
+            'operator collisions' => [
+                'expression' => 'foo.not in [bar]',
+                'names' => ['foo', 'bar'],
+            ],
+            'incorrect expression ending' => [
+                'expression' => 'foo["a"] foo["b"]',
+                'names' => ['foo'],
+                'exception' => 'Unexpected token "name" of value "foo" '.
+                    'around position 10 for expression `foo["a"] foo["b"]`.',
+            ],
+            'incorrect operator' => [
+                'expression' => 'foo["some_key"] // 2',
+                'names' => ['foo'],
+                'exception' => 'Unexpected token "operator" of value "/" '.
+                    'around position 18 for expression `foo["some_key"] // 2`.',
+            ],
+            'incorrect array' => [
+                'expression' => '[value1, value2 value3]',
+                'names' => ['value1', 'value2', 'value3'],
+                'exception' => 'An array element must be followed by a comma. '.
+                    'Unexpected token "name" of value "value3" ("punctuation" expected with value ",") '.
+                    'around position 17 for expression `[value1, value2 value3]`.',
+            ],
+            'incorrect array element' => [
+                'expression' => 'foo["some_key")',
+                'names' => ['foo'],
+                'exception' => 'Unclosed "[" around position 3 for expression `foo["some_key")`.',
+            ],
+            'missed array key' => [
+                'expression' => 'foo[]',
+                'names' => ['foo'],
+                'exception' => 'Unexpected token "punctuation" of value "]" around position 5 for expression `foo[]`.',
+            ],
+            'missed closing bracket in sub expression' => [
+                'expression' => 'foo[(bar ? bar : "default"]',
+                'names' => ['foo', 'bar'],
+                'exception' => 'Unclosed "(" around position 4 for expression `foo[(bar ? bar : "default"]`.',
+            ],
+            'incorrect hash following' => [
+                'expression' => '{key: foo key2: bar}',
+                'names' => ['foo', 'bar'],
+                'exception' => 'A hash value must be followed by a comma. '.
+                    'Unexpected token "name" of value "key2" ("punctuation" expected with value ",") '.
+                    'around position 11 for expression `{key: foo key2: bar}`.',
+            ],
+            'incorrect hash assign' => [
+                'expression' => '{key => foo}',
+                'names' => ['foo'],
+                'exception' => 'Unexpected character "=" around position 5 for expression `{key => foo}`.',
+            ],
+            'incorrect array as hash using' => [
+                'expression' => '[foo: foo]',
+                'names' => ['foo'],
+                'exception' => 'An array element must be followed by a comma. '.
+                    'Unexpected token "punctuation" of value ":" ("punctuation" expected with value ",") '.
+                    'around position 5 for expression `[foo: foo]`.',
+            ],
+        ];
+    }
 }
