Consider named argument flags:JSON_THROW_ON_ERROR for json_ functions as "Safe"

shish · shish · commit 4e0c969562a3 · 2025-02-19T23:26:27.000Z
Manually rebasing, adding unit tests, and fixing the tests, for #33
diff --git a/src/Rules/UseSafeFunctionsRule.php b/src/Rules/UseSafeFunctionsRule.php
@@ -33,6 +33,19 @@ public function processNode(Node $node, Scope $scope): array
         $unsafeFunctions = FunctionListLoader::getFunctionList();
 
         if (isset($unsafeFunctions[$functionName])) {
+            if ($functionName === "json_decode" || $functionName === "json_encode") {
+                foreach ($node->args as $arg) {
+                    if ($arg instanceof Node\Arg &&
+                        $arg->name instanceof Node\Identifier &&
+                        $arg->name->toLowerString() === "flags"
+                    ) {
+                        if ($this->argValueIncludeJSONTHROWONERROR($arg)) {
+                            return [];
+                        }
+                    }
+                }
+            }
+
             if ($functionName === "json_decode"
                 && $this->argValueIncludeJSONTHROWONERROR($node->getArgs()[3] ?? null)
             ) {
diff --git a/tests/Rules/UseSafeFunctionsRuleTest.php b/tests/Rules/UseSafeFunctionsRuleTest.php
@@ -37,11 +37,11 @@ public function testExprCall(): void
 
     public function testJSONDecodeNoCatchSafe(): void
     {
-        $this->analyse([__DIR__ . '/data/safe_json_decode_for_7.3.0.php'], []);
+        $this->analyse([__DIR__ . '/data/safe_json_decode.php'], []);
     }
 
     public function testJSONEncodeNoCatchSafe(): void
     {
-        $this->analyse([__DIR__ . '/data/safe_json_encode_for_7.3.0.php'], []);
+        $this->analyse([__DIR__ . '/data/safe_json_encode.php'], []);
     }
 }
diff --git a/tests/Rules/data/safe_json_decode.php b/tests/Rules/data/safe_json_decode.php
@@ -1,9 +1,14 @@
 <?php
 
+// Test various combinations of flags
 json_decode("{}", true, 512, JSON_THROW_ON_ERROR);
 json_decode("{}", true, 512, JSON_INVALID_UTF8_IGNORE | JSON_THROW_ON_ERROR);
 json_decode("{}", true, 512, JSON_INVALID_UTF8_IGNORE | JSON_OBJECT_AS_ARRAY | JSON_THROW_ON_ERROR);
 
+// Test raw integers too
 json_decode("{}", true, 512, 4194304);
 json_decode("{}", true, 512, 1048576 | 4194304);
 json_decode("{}", true, 512, 1048576 | 1 | 4194304);
+
+// Test named arguments instead of positional
+json_decode("{}", flags: JSON_THROW_ON_ERROR);
diff --git a/tests/Rules/data/safe_json_encode.php b/tests/Rules/data/safe_json_encode.php
@@ -3,3 +3,5 @@
 json_encode([], JSON_THROW_ON_ERROR, 512);
 json_encode([], JSON_FORCE_OBJECT | JSON_THROW_ON_ERROR, 512);
 json_encode([], JSON_FORCE_OBJECT | JSON_INVALID_UTF8_IGNORE | JSON_THROW_ON_ERROR, 512);
+
+json_encode([], flags: JSON_THROW_ON_ERROR);

Original file line number	Diff line number	Diff line change
`@@ -37,11 +37,11 @@ public function testExprCall(): void`
`37`	`37`
`38`	`38`	`public function testJSONDecodeNoCatchSafe(): void`
`39`	`39`	`{`
`40`		`- $this->analyse([__DIR__ . '/data/safe_json_decode_for_7.3.0.php'], []);`
	`40`	`+ $this->analyse([__DIR__ . '/data/safe_json_decode.php'], []);`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`public function testJSONEncodeNoCatchSafe(): void`
`44`	`44`	`{`
`45`		`- $this->analyse([__DIR__ . '/data/safe_json_encode_for_7.3.0.php'], []);`
	`45`	`+ $this->analyse([__DIR__ . '/data/safe_json_encode.php'], []);`
`46`	`46`	`}`
`47`	`47`	`}`