Add more defensive coding / improve type checking

Add more defensive coding against incorrect stack pointers being passed.

It is common to pass the result of a call to `File::findPrevious()` or `File::findNext()` to functions expecting a stack pointer, but these `File` functions can return `false`, which would be juggled to `0` when used in the typical `isset($tokens[$stackPtr])` checks.
This would then lead to that check passing, while the value should have been rejected, as the method may now try to act on a completely different token than intended (and more defensive coding should have been added to the originating sniff).

Adding a preliminary check to make sure the received parameter is an integer prevents this problem and should surface any such bugs in sniffs using the updated PHPCSUtils methods.

Includes tests.

Author: jrfnl

PHPCSUtils/Fixers/SpacesFixer.php

@@ -14,6 +14,7 @@
 use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\Exceptions\LogicException;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
+use PHPCSUtils\Exceptions\TypeError;
 use PHPCSUtils\Exceptions\UnexpectedTokenType;
 use PHPCSUtils\Exceptions\ValueError;
 use PHPCSUtils\Utils\Numbers;
@@ -83,6 +84,7 @@ final class SpacesFixer
      *
      * @return void
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr or $secondPtr parameters are not integers.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the tokens passed do not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the tokens passed are whitespace tokens.
      * @throws \PHPCSUtils\Exceptions\ValueError          If `$expectedSpaces` parameter is not a valid value.
@@ -106,6 +108,14 @@ public static function checkAndFix(
          * Validate the received function input.
          */
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
+        if (\is_int($secondPtr) === false) {
+            throw TypeError::create(3, '$secondPtr', 'integer', $secondPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$stackPtr', $stackPtr);
         }

PHPCSUtils/Internal/IsShortArrayOrList.php

@@ -14,6 +14,7 @@
 use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\BackCompat\Helper;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
+use PHPCSUtils\Exceptions\TypeError;
 use PHPCSUtils\Exceptions\UnexpectedTokenType;
 use PHPCSUtils\Internal\Cache;
 use PHPCSUtils\Internal\IsShortArrayOrListWithCache;
@@ -183,6 +184,7 @@ final class IsShortArrayOrList
      *
      * @return void
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not one of the accepted types.
      */
@@ -191,6 +193,10 @@ public function __construct(File $phpcsFile, $stackPtr)
         $tokens       = $phpcsFile->getTokens();
         $openBrackets = StableCollections::$shortArrayListOpenTokensBC;
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$stackPtr', $stackPtr);
         }

PHPCSUtils/Utils/Arrays.php

@@ -13,6 +13,7 @@
 use PHP_CodeSniffer\Files\File;
 use PHPCSUtils\Exceptions\LogicException;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
+use PHPCSUtils\Exceptions\TypeError;
 use PHPCSUtils\Internal\Cache;
 use PHPCSUtils\Internal\IsShortArrayOrListWithCache;
 use PHPCSUtils\Tokens\Collections;
@@ -152,13 +153,22 @@ public static function getOpenClose(File $phpcsFile, $stackPtr, $isShortArray =
      *
      * @return int|false Stack pointer to the double arrow if this array item has a key; or `FALSE` otherwise.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $start or $end parameters are not integers.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the tokens passed do not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\LogicException      If $end pointer is before the $start pointer.
      */
     public static function getDoubleArrowPtr(File $phpcsFile, $start, $end)
     {
         $tokens = $phpcsFile->getTokens();
 
+        if (\is_int($start) === false) {
+            throw TypeError::create(2, '$start', 'integer', $start);
+        }
+
+        if (\is_int($end) === false) {
+            throw TypeError::create(3, '$end', 'integer', $end);
+        }
+
         if (isset($tokens[$start]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$start', $start);
         }

PHPCSUtils/Utils/ControlStructures.php

@@ -13,6 +13,7 @@
 use PHP_CodeSniffer\Files\File;
 use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
+use PHPCSUtils\Exceptions\TypeError;
 use PHPCSUtils\Exceptions\UnexpectedTokenType;
 use PHPCSUtils\Tokens\Collections;
 
@@ -213,13 +214,18 @@ public static function isElseIf(File $phpcsFile, $stackPtr)
      *               ```
      *               In case of an invalid catch structure, the array may be empty.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a `T_CATCH` token.
      */
     public static function getCaughtExceptions(File $phpcsFile, $stackPtr)
     {
         $tokens = $phpcsFile->getTokens();
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$stackPtr', $stackPtr);
         }

PHPCSUtils/Utils/FunctionDeclarations.php

@@ -13,6 +13,7 @@
 use PHP_CodeSniffer\Files\File;
 use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
+use PHPCSUtils\Exceptions\TypeError;
 use PHPCSUtils\Exceptions\UnexpectedTokenType;
 use PHPCSUtils\Exceptions\ValueError;
 use PHPCSUtils\Internal\Cache;
@@ -131,6 +132,7 @@ final class FunctionDeclarations
      * @return string|null The name of the function; or `NULL` if the passed token doesn't exist,
      *                     the function is anonymous or in case of a parse error/live coding.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a `T_FUNCTION` token.
      */
     public static function getName(File $phpcsFile, $stackPtr)
@@ -180,6 +182,7 @@ public static function getName(File $phpcsFile, $stackPtr)
      *               );
      *               ```
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a T_FUNCTION, T_CLOSURE
      *                                                    or T_FN token.
@@ -188,6 +191,10 @@ public static function getProperties(File $phpcsFile, $stackPtr)
     {
         $tokens = $phpcsFile->getTokens();
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$stackPtr', $stackPtr);
         }
@@ -396,6 +403,7 @@ public static function getProperties(File $phpcsFile, $stackPtr)
      *
      * @return array<int, array<string, mixed>>
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a T_FUNCTION, T_CLOSURE,
      *                                                    T_FN or T_USE token.
@@ -405,6 +413,10 @@ public static function getParameters(File $phpcsFile, $stackPtr)
     {
         $tokens = $phpcsFile->getTokens();
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$stackPtr', $stackPtr);
         }

PHPCSUtils/Utils/GetTokensAsString.php

@@ -13,6 +13,7 @@
 use PHP_CodeSniffer\Files\File;
 use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
+use PHPCSUtils\Exceptions\TypeError;
 
 /**
  * Utility functions to retrieve the content of a set of tokens as a string.
@@ -43,6 +44,7 @@ final class GetTokensAsString
      *
      * @return string The token contents.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $start parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the $start token does not exist in the $phpcsFile.
      */
     public static function normal(File $phpcsFile, $start, $end)
@@ -72,6 +74,7 @@ public static function normal(File $phpcsFile, $start, $end)
      *
      * @return string The token contents.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $start parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the $start token does not exist in the $phpcsFile.
      */
     public static function tabReplaced(File $phpcsFile, $start, $end)
@@ -103,6 +106,7 @@ public static function tabReplaced(File $phpcsFile, $start, $end)
      *
      * @return string The token contents.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $start parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the $start token does not exist in the $phpcsFile.
      */
     public static function origContent(File $phpcsFile, $start, $end)
@@ -124,6 +128,7 @@ public static function origContent(File $phpcsFile, $start, $end)
      *
      * @return string The token contents stripped off comments.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $start parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the $start token does not exist in the $phpcsFile.
      */
     public static function noComments(File $phpcsFile, $start, $end)
@@ -148,6 +153,7 @@ public static function noComments(File $phpcsFile, $start, $end)
      *
      * @return string The token contents stripped off comments and whitespace.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $start parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the $start token does not exist in the $phpcsFile.
      */
     public static function noEmpties(File $phpcsFile, $start, $end)
@@ -172,6 +178,7 @@ public static function noEmpties(File $phpcsFile, $start, $end)
      *
      * @return string The token contents with compacted whitespace and optionally stripped off comments.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $start parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the $start token does not exist in the $phpcsFile.
      */
     public static function compact(File $phpcsFile, $start, $end, $stripComments = false)
@@ -200,6 +207,7 @@ public static function compact(File $phpcsFile, $start, $end, $stripComments = f
      *
      * @return string The token contents.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $start parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the $start token does not exist in the $phpcsFile.
      */
     protected static function getString(
@@ -213,7 +221,11 @@ protected static function getString(
     ) {
         $tokens = $phpcsFile->getTokens();
 
-        if (\is_int($start) === false || isset($tokens[$start]) === false) {
+        if (\is_int($start) === false) {
+            throw TypeError::create(2, '$start', 'integer', $start);
+        }
+
+        if (isset($tokens[$start]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$start', $start);
         }
 

PHPCSUtils/Utils/Namespaces.php

@@ -15,6 +15,7 @@
 use PHPCSUtils\BackCompat\BCFile;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
 use PHPCSUtils\Exceptions\RuntimeException;
+use PHPCSUtils\Exceptions\TypeError;
 use PHPCSUtils\Exceptions\UnexpectedTokenType;
 use PHPCSUtils\Internal\Cache;
 use PHPCSUtils\Tokens\Collections;
@@ -46,6 +47,7 @@ final class Namespaces
      *                reliably determined what the `T_NAMESPACE` token is used for,
      *                which, in most cases, will mean the code contains a parse/fatal error.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a `T_NAMESPACE` token.
      */
@@ -72,6 +74,10 @@ public static function getType(File $phpcsFile, $stackPtr)
 
         $tokens = $phpcsFile->getTokens();
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$stackPtr', $stackPtr);
         }
@@ -131,6 +137,7 @@ public static function getType(File $phpcsFile, $stackPtr)
      * @return bool `TRUE` if the token passed is the keyword for a namespace declaration.
      *              `FALSE` if not.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a `T_NAMESPACE` token.
      */
@@ -152,6 +159,7 @@ public static function isDeclaration(File $phpcsFile, $stackPtr)
      *
      * @return bool `TRUE` if the namespace token passed is used as an operator. `FALSE` if not.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a `T_NAMESPACE` token.
      */

PHPCSUtils/Utils/Numbers.php

@@ -12,6 +12,7 @@
 
 use PHP_CodeSniffer\Files\File;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
+use PHPCSUtils\Exceptions\TypeError;
 use PHPCSUtils\Exceptions\UnexpectedTokenType;
 
 /**
@@ -126,13 +127,18 @@ final class Numbers
      *               )
      *               ```
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a `T_LNUMBER` or `T_DNUMBER` token.
      */
     public static function getCompleteNumber(File $phpcsFile, $stackPtr)
     {
         $tokens = $phpcsFile->getTokens();
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$stackPtr', $stackPtr);
         }

PHPCSUtils/Utils/ObjectDeclarations.php

@@ -13,6 +13,7 @@
 use PHP_CodeSniffer\Files\File;
 use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
+use PHPCSUtils\Exceptions\TypeError;
 use PHPCSUtils\Exceptions\UnexpectedTokenType;
 use PHPCSUtils\Tokens\Collections;
 use PHPCSUtils\Utils\GetTokensAsString;
@@ -58,6 +59,7 @@ final class ObjectDeclarations
      *                     or `NULL` if the passed token doesn't exist, the function or
      *                     class is anonymous or in case of a parse error/live coding.
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a `T_FUNCTION`, `T_CLASS`,
      *                                                    `T_ANON_CLASS`, `T_CLOSURE`, `T_TRAIT`, `T_ENUM`
      *                                                    or `T_INTERFACE` token.
@@ -66,6 +68,10 @@ public static function getName(File $phpcsFile, $stackPtr)
     {
         $tokens = $phpcsFile->getTokens();
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false
             || ($tokens[$stackPtr]['code'] === \T_ANON_CLASS || $tokens[$stackPtr]['code'] === \T_CLOSURE)
         ) {
@@ -162,13 +168,18 @@ public static function getName(File $phpcsFile, $stackPtr)
      *               );
      *               ```
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not a T_CLASS token.
      */
     public static function getClassProperties(File $phpcsFile, $stackPtr)
     {
         $tokens = $phpcsFile->getTokens();
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$stackPtr', $stackPtr);
         }

PHPCSUtils/Utils/PassedParameters.php

@@ -14,6 +14,7 @@
 use PHP_CodeSniffer\Util\Tokens;
 use PHPCSUtils\Exceptions\MissingArgumentError;
 use PHPCSUtils\Exceptions\OutOfBoundsStackPtr;
+use PHPCSUtils\Exceptions\TypeError;
 use PHPCSUtils\Exceptions\UnexpectedTokenType;
 use PHPCSUtils\Internal\Cache;
 use PHPCSUtils\Tokens\Collections;
@@ -77,13 +78,18 @@ final class PassedParameters
      *
      * @return bool
      *
+     * @throws \PHPCSUtils\Exceptions\TypeError           If the $stackPtr parameter is not an integer.
      * @throws \PHPCSUtils\Exceptions\OutOfBoundsStackPtr If the token passed does not exist in the $phpcsFile.
      * @throws \PHPCSUtils\Exceptions\UnexpectedTokenType If the token passed is not one of the accepted types.
      */
     public static function hasParameters(File $phpcsFile, $stackPtr, $isShortArray = null)
     {
         $tokens = $phpcsFile->getTokens();
 
+        if (\is_int($stackPtr) === false) {
+            throw TypeError::create(2, '$stackPtr', 'integer', $stackPtr);
+        }
+
         if (isset($tokens[$stackPtr]) === false) {
             throw OutOfBoundsStackPtr::create(2, '$stackPtr', $stackPtr);
         }