Replace psalm with phpstan

Author: tvdijen

.github/workflows/php.yml

@@ -162,9 +162,8 @@ jobs:
         with:
           # Should be the higest supported version, so we can use the newest tools
           php-version: '8.4'
-          tools: composer, composer-require-checker, composer-unused, phpcs, psalm
-          # optional performance gain for psalm: opcache
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, opcache, openssl, pcre, posix, spl, xml
+          tools: composer, composer-require-checker, composer-unused, phpcs, phpstan
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
@@ -196,27 +195,13 @@ jobs:
       - name: PHP Code Sniffer
         run: phpcs
 
-      - name: Psalm
-        continue-on-error: true
-        run: |
-          psalm -c psalm.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
-
-      - name: Psalm (testsuite)
+      - name: PHPStan
         run: |
-          psalm -c psalm-dev.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan.neon
 
-      - name: Psalter
+      - name: PHPStan (testsuite)
         run: |
-          psalm --alter \
-          --issues=UnnecessaryVarAnnotation \
-          --dry-run \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          vendor/bin/phpstan analyze -c phpstan-dev.neon
 
   security:
     name: Security checks

phpstan-dev.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 9
+  paths:
+    - tests

phpstan.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 6
+  paths:
+    - src

psalm-dev.xml

@@ -12,17 +12,10 @@
 
 class Client
 {
-    /**
-     * Our CDC domain.
-     *
-     * @var string
-     */
-    private string $domain;
-
     /**
      * The CDC server we send requests to.
      *
-     * @var Server
+     * @var \SimpleSAML\Module\cdc\Server
      */
     private Server $server;
 
@@ -32,17 +25,17 @@ class Client
      *
      * @param string $domain  The domain we should query the server for.
      */
-    public function __construct(string $domain)
-    {
-        $this->domain = $domain;
+    public function __construct(
+        protected string $domain,
+    ) {
         $this->server = new Server($domain);
     }
 
 
     /**
      * Receive a CDC response.
      *
-     * @return array|null  The response, or NULL if no response is received.
+     * @return array<mixed>|null  The response, or NULL if no response is received.
      */
     public function getResponse(): ?array
     {
@@ -55,7 +48,7 @@ public function getResponse(): ?array
      *
      * @param string $returnTo  The URL we should return to afterwards.
      * @param string $op  The operation we are performing.
-     * @param array $params  Additional parameters.
+     * @param array<mixed> $params  Additional parameters.
      */
     public function sendRequest(string $returnTo, string $op, array $params = []): void
     {

psalm.xml

@@ -88,10 +88,6 @@ public function resume(Request $request): RunnableResponse
         }
 
         $state = Auth\State::loadState($response['id'], 'cdc:resume');
-        if (is_null($state)) {
-            throw new Error\NoState();
-        }
-
         return new RunnableResponse([Auth\ProcessingChain::class, 'resumeProcessing'], [$state]);
     }
 }

src/Client.php

@@ -11,6 +11,21 @@
 use SimpleSAML\SAML2\Exception\ProtocolViolationException;
 use SimpleSAML\Utils;
 
+use function array_search;
+use function base64_decode;
+use function base64_encode;
+use function explode;
+use function implode;
+use function intval;
+use function is_string;
+use function json_decode;
+use function json_encode;
+use function sha1;
+use function strlen;
+use function strval;
+use function time;
+use function var_export;
+
 /**
  * CDC server class.
  *
@@ -82,7 +97,7 @@ public function __construct(string $domain)
     /**
      * Send a request to this CDC server.
      *
-     * @param array $request  The CDC request.
+     * @param array $request<mixed>  The CDC request.
      */
     public function sendRequest(array $request): void
     {
@@ -97,7 +112,7 @@ public function sendRequest(array $request): void
     /**
      * Parse and validate response received from a CDC server.
      *
-     * @return array|null  The response, or NULL if no response is received.
+     * @return array<mixed>|null  The response, or NULL if no response is received.
      * @throws \SimpleSAML\Error\Exception
      */
     public function getResponse(): ?array
@@ -139,22 +154,22 @@ public static function processRequest(): void
     /**
      * Handle a parsed CDC requst.
      *
-     * @param array $request
+     * @param array<mixed> $request
      * @throws \SimpleSAML\Error\Exception
      */
     private function handleRequest(array $request): void
     {
         if (!isset($request['op'])) {
             throw new Error\BadRequest('Missing "op" in CDC request.');
         }
-        $op = (string) $request['op'];
+        $op = strval($request['op']);
 
         Logger::info('Received CDC request with "op": ' . var_export($op, true));
 
         if (!isset($request['return'])) {
             throw new Error\BadRequest('Missing "return" in CDC request.');
         }
-        $return = (string) $request['return'];
+        $ret = strval($request['return']);
 
         switch ($op) {
             case 'append':
@@ -178,18 +193,18 @@ private function handleRequest(array $request): void
 
         $response['op'] = $op;
         if (isset($request['id'])) {
-            $response['id'] = (string) $request['id'];
+            $response['id'] = strval($request['id']);
         }
         $response['domain'] = $this->domain;
 
-        $this->send($return, 'CDCResponse', $response);
+        $this->send($ret, 'CDCResponse', $response);
     }
 
 
     /**
      * Handle an append request.
      *
-     * @param array $request  The request.
+     * @param array<mixed> $request  The request.
      * @throws \SimpleSAML\Error\BadRequest
      * @return string The response.
      */
@@ -217,7 +232,7 @@ private function handleAppend(array $request): string
     /**
      * Handle a delete request.
      *
-     * @param array $request  The request.
+     * @param array<mixed> $request  The request.
      * @return string The response.
      */
     private function handleDelete(array $request): string
@@ -238,8 +253,8 @@ private function handleDelete(array $request): string
     /**
      * Handle a read request.
      *
-     * @param array $request  The request.
-     * @return array  The response.
+     * @param array<mixed> $request  The request.
+     * @return array<mixed>  The response.
      */
     private function handleRead(array $request): array
     {
@@ -257,7 +272,7 @@ private function handleRead(array $request): array
      *
      * @param string $parameter  The name of the query parameter.
      * @throws \SimpleSAML\Error\BadRequest
-     * @return array|null  The response, or NULL if no response is received.
+     * @return array<mixed>|null  The response, or NULL if no response is received.
      */
     private static function get(string $parameter): ?array
     {
@@ -267,7 +282,7 @@ private static function get(string $parameter): ?array
         $message = (string) $_REQUEST[$parameter];
         Assert::validBase64($message, ProtocolViolationException::class);
 
-        $message = @base64_decode($message);
+        $message = @base64_decode($message, true);
         if ($message === false) {
             throw new Error\BadRequest('Error base64-decoding CDC message.');
         }
@@ -280,7 +295,7 @@ private static function get(string $parameter): ?array
         if (!isset($message['timestamp'])) {
             throw new Error\BadRequest('Missing timestamp in CDC message.');
         }
-        $timestamp = (int) $message['timestamp'];
+        $timestamp = intval($message['timestamp']);
 
         if ($timestamp + 60 < time()) {
             throw new Error\BadRequest('CDC signature has expired.');
@@ -328,7 +343,7 @@ private function validate(string $parameter): void
      *
      * @param string $to  The URL the message should be delivered to.
      * @param string $parameter  The query parameter the message should be sent in.
-     * @param array $message  The CDC message.
+     * @param array<mixed> $message  The CDC message.
      */
     private function send(string $to, string $parameter, array $message): void
     {
@@ -368,20 +383,20 @@ private function calcSignature(string $rawMessage): string
     /**
      * Get the IdP entities saved in the common domain cookie.
      *
-     * @return array  List of IdP entities.
+     * @return string[]  List of IdP entities.
      */
     private function getCDC(): array
     {
         if (!isset($_COOKIE['_saml_idp'])) {
             return [];
         }
 
-        $ret = (string) $_COOKIE['_saml_idp'];
+        $ret = strval($_COOKIE['_saml_idp']);
 
         $ret = explode(' ', $ret);
         foreach ($ret as &$idp) {
             Assert::validBase64($idp, ProtocolViolationException::class);
-            $idp = base64_decode($idp);
+            $idp = base64_decode($idp, true);
             if ($idp === false) {
                 // Not properly base64 encoded
                 Logger::warning('CDC - Invalid base64-encoding of CDC entry.');