From 06bbbd49842b9f62b66e694c526cfe9332423af1 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Mon, 7 Jul 2025 21:57:25 +0200 Subject: [PATCH] Replace Psalm with PHPstan --- .github/workflows/php.yml | 26 +++++------------- phpstan-dev.neon | 4 +++ phpstan.neon | 4 +++ psalm-dev.xml | 27 ------------------- psalm.xml | 30 --------------------- src/IdP/ADFS.php | 14 +++++----- src/IdP/MetadataBuilder.php | 21 ++++++++++++++- src/IdP/PassiveIdP.php | 14 +++++----- src/MetadataExchange.php | 17 +++++------- src/Trust/Policy13.php | 13 ++++----- src/Trust/Policy2005.php | 15 +++++------ tests/InterOperability/DefinitionsTest.php | 2 +- tests/src/Controller/AdfsControllerTest.php | 2 +- 13 files changed, 68 insertions(+), 121 deletions(-) create mode 100644 phpstan-dev.neon create mode 100644 phpstan.neon delete mode 100644 psalm-dev.xml delete mode 100644 psalm.xml diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index ef856cc..09e94b0 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -162,9 +162,8 @@ jobs: with: # Should be the higest supported version, so we can use the newest tools php-version: '8.4' - tools: composer, composer-require-checker, composer-unused, phpcs, psalm - # optional performance gain for psalm: opcache - extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, opcache, openssl, \ + tools: composer, composer-require-checker, composer-unused, phpcs + extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, \ pcre, posix, soap, spl, xml - name: Setup problem matchers for PHP @@ -197,27 +196,14 @@ jobs: - name: PHP Code Sniffer run: phpcs - - name: Psalm - continue-on-error: true - run: | - psalm -c psalm.xml \ - --show-info=true \ - --shepherd \ - --php-version=${{ steps.setup-php.outputs.php-version }} - - name: Psalm (testsuite) + - name: PHPStan run: | - psalm -c psalm-dev.xml \ - --show-info=true \ - --shepherd \ - --php-version=${{ steps.setup-php.outputs.php-version }} + vendor/bin/phpstan analyze -c phpstan.neon - - name: Psalter + - name: PHPStan (testsuite) run: | - psalm --alter \ - --issues=UnnecessaryVarAnnotation \ - --dry-run \ - --php-version=${{ steps.setup-php.outputs.php-version }} + vendor/bin/phpstan analyze -c phpstan-dev.neon security: name: Security checks diff --git a/phpstan-dev.neon b/phpstan-dev.neon new file mode 100644 index 0000000..4d29b8b --- /dev/null +++ b/phpstan-dev.neon @@ -0,0 +1,4 @@ +parameters: + level: 9 + paths: + - tests diff --git a/phpstan.neon b/phpstan.neon new file mode 100644 index 0000000..db37782 --- /dev/null +++ b/phpstan.neon @@ -0,0 +1,4 @@ +parameters: + level: 6 + paths: + - src diff --git a/psalm-dev.xml b/psalm-dev.xml deleted file mode 100644 index 6116331..0000000 --- a/psalm-dev.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/psalm.xml b/psalm.xml deleted file mode 100644 index 81d8399..0000000 --- a/psalm.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/IdP/ADFS.php b/src/IdP/ADFS.php index 5208db6..d10e8e2 100644 --- a/src/IdP/ADFS.php +++ b/src/IdP/ADFS.php @@ -119,7 +119,7 @@ public static function receivePassiveAuthnRequest( $password = Password::getChildrenOfClass($usernameToken->toXML()); $password = array_pop($password); - if ($username === null || $password === null) { + if ($password === null) { throw new Error\BadRequest('Missing username or password in SOAP header.'); } else { $_SERVER['PHP_AUTH_USER'] = $username->getContent(); @@ -207,7 +207,7 @@ function () use ($idp, &$state) { * @param string $issuer * @param string $target * @param string $nameid - * @param array $attributes + * @param array $attributes * @param int $assertionLifetime * @param string $method * @return \SimpleSAML\SAML11\XML\saml\Assertion @@ -287,7 +287,7 @@ private static function generateActiveAssertion( * @param string $issuer * @param string $target * @param string $nameid - * @param array $attributes + * @param array $attributes * @param int $assertionLifetime * @return \SimpleSAML\SAML11\XML\saml\Assertion */ @@ -409,7 +409,7 @@ private static function postResponse(string $wreply, string $wresult, ?string $w /** - * @param array $state + * @param array $state * @throws \Exception */ public static function sendPassiveResponse(array $state): void @@ -519,7 +519,7 @@ public static function sendPassiveResponse(array $state): void /** - * @param array $state + * @param array $state * @throws \Exception */ public static function sendResponse(array $state): void @@ -603,7 +603,7 @@ public static function sendResponse(array $state): void /** * @param \SimpleSAML\IdP $idp - * @param array $state + * @param array $state */ public static function sendLogoutResponse(IdP $idp, array $state): void { @@ -645,7 +645,7 @@ public static function receiveLogoutMessage(IdP $idp): void * accepts an association array, and returns a URL that can be accessed to terminate the association * * @param \SimpleSAML\IdP $idp - * @param array $association + * @param array $association * @param string $relayState * @return string */ diff --git a/src/IdP/MetadataBuilder.php b/src/IdP/MetadataBuilder.php index 1c68dc3..a3359f9 100644 --- a/src/IdP/MetadataBuilder.php +++ b/src/IdP/MetadataBuilder.php @@ -99,7 +99,7 @@ protected function signDocument(AbstractMetadataDocument $document): AbstractMet { $cryptoUtils = new Utils\Crypto(); - /** @var array $keyArray */ + /** @var array $keyArray */ $keyArray = $cryptoUtils->loadPrivateKey($this->config, true, 'metadata.sign.'); $certArray = $cryptoUtils->loadPublicKey($this->config, false, 'metadata.sign.'); $algo = $this->config->getOptionalString('metadata.sign.algorithm', C::SIG_RSA_SHA256); @@ -123,6 +123,8 @@ protected function signDocument(AbstractMetadataDocument $document): AbstractMet /** * This method builds the md:Organization element, if any + * + * @return \SimpleSAML\SAML2\XML\md\Organization */ private function getOrganization(): ?Organization { @@ -157,6 +159,8 @@ private function getOrganization(): ?Organization /** * This method builds the role descriptor elements + * + * @return \SimpleSAML\SAML2\XML\md\AbstractRoleDescriptor[] */ private function getRoleDescriptor(): array { @@ -177,6 +181,8 @@ private function getRoleDescriptor(): array /** * This method builds the SecurityTokenService element + * + * @return \SimpleSAML\WSSecurity\XML\fed\SecurityTokenServiceType */ public function getSecurityTokenService(): SecurityTokenServiceType { @@ -202,6 +208,8 @@ public function getSecurityTokenService(): SecurityTokenServiceType /** * This method builds the md:KeyDescriptor elements, if any + * + * @return \SimpleSAML\SAML2\XML\md\KeyDescriptor[] */ private function getKeyDescriptor(): array { @@ -238,6 +246,8 @@ private function getKeyDescriptor(): array /** * This method builds the md:ContactPerson elements, if any + * + * @return \SimpleSAML\SAML2\XML\md\ContactPerson[] */ private function getContactPerson(): array { @@ -255,6 +265,8 @@ private function getContactPerson(): array /** * This method builds the md:Extensions, if any + * + * @return \SimpleSAML\SAML2\XML\md\Extensions|null */ private function getExtensions(): ?Extensions { @@ -332,6 +344,13 @@ private function getExtensions(): ?Extensions } + /** + * @param string $use + * @param string $x509Cert + * @param string|null $keyName + * + * @return \SimpleSAML\SAML2\XML\md\KeyDescriptor + */ private static function buildKeyDescriptor(string $use, string $x509Cert, ?string $keyName): KeyDescriptor { Assert::oneOf($use, ['encryption', 'signing']); diff --git a/src/IdP/PassiveIdP.php b/src/IdP/PassiveIdP.php index 4ee5ed1..145181e 100644 --- a/src/IdP/PassiveIdP.php +++ b/src/IdP/PassiveIdP.php @@ -29,7 +29,7 @@ class PassiveIdP /** * A cache for resolving IdP id's. * - * @var array + * @var \SimpleSAML\Module\adfs\IdP\PassiveIdP[] */ private static array $idpCache = []; @@ -130,7 +130,7 @@ public static function getById(Configuration $config, string $id): PassiveIdP * Retrieve the IdP "owning" the state. * * @param \SimpleSAML\Configuration $config The Configuration. - * @param array &$state The state array. + * @param array &$state The state array. * * @return \SimpleSAML\Module\adfs\IdP\PassiveIdP The IdP. */ @@ -167,7 +167,7 @@ public function isAuthenticated(): bool /** * Called after authproc has run. * - * @param array $state The authentication request state array. + * @param array $state The authentication request state array. */ public static function postAuthProc(array $state): void { @@ -191,7 +191,7 @@ public static function postAuthProc(array $state): void /** * The user is authenticated. * - * @param array $state The authentication request state array. + * @param array $state The authentication request state array. * * @throws \SimpleSAML\Error\Exception If we are not authenticated. */ @@ -238,7 +238,7 @@ public static function postAuth(array $state): Response * * This function authenticates the user. * - * @param array &$state The authentication request state. + * @param array &$state The authentication request state. */ private function authenticate(array &$state): Response { @@ -249,7 +249,7 @@ private function authenticate(array &$state): Response /** * Process authentication requests. * - * @param array &$state The authentication request state. + * @param array &$state The authentication request state. */ public function handleAuthenticationRequest(array &$state): Response { @@ -314,7 +314,7 @@ public function getLogoutHandler(): LogoutHandlerInterface * * This function will never return. * - * @param array &$state The logout request state. + * @param array &$state The logout request state. */ public function finishLogout(array &$state): Response { diff --git a/src/MetadataExchange.php b/src/MetadataExchange.php index 6136fda..0a6a621 100644 --- a/src/MetadataExchange.php +++ b/src/MetadataExchange.php @@ -56,9 +56,6 @@ class MetadataExchange { /** * Constructor. - * - * @param \SimpleSAML\Configuration $config The general configuration - * @param \SimpleSAML\Configuration $metadata The metadata configuration */ public function __construct() { @@ -68,7 +65,7 @@ public function __construct() /** * Build a mex document * - * @return \SimpleSAML\WSSecurity\XML\wsdl\Definitions + * @return \SimpleSAML\WSDL\XML\wsdl\Definitions */ public function buildDocument(): Definitions { @@ -89,7 +86,7 @@ public function buildDocument(): Definitions /** * This method builds the wsp:Policy elements * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy[] + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy[] */ private function getPolicies(): array { @@ -106,7 +103,7 @@ private function getPolicies(): array /** * This method builds the wsdl:types elements * - * @param \SimpleSAML\WSSecurity\XML\wsdl\Types[] + * @return \SimpleSAML\WSSL\XML\wsdl\Types[] private function getTypes(): array { $defaultEndpoint = Module::getModuleURL('adfs/services/trust/mex'); @@ -132,7 +129,7 @@ private function getTypes(): array /** * This method builds the wsdl:message elements * - * @param \SimpleSAML\WSSecurity\XML\wsdl\Message[] + * @return \SimpleSAML\WSDL\XML\wsdl\Message[] */ private function getMessages(): array { @@ -190,7 +187,7 @@ private function getMessages(): array /** * This method builds the wsdl:portType elements * - * @param \SimpleSAML\WSSecurity\XML\wsdl\PortType[] + * @return \SimpleSAML\WSDL\XML\wsdl\PortType[] */ private function getPortTypes(): array { @@ -258,7 +255,7 @@ private function getPortTypes(): array /** * This method builds the wsdl:binding elements * - * @param \SimpleSAML\WSSecurity\XML\wsdl\Binding[] + * @return \SimpleSAML\WSDL\XML\wsdl\Binding[] */ private function getBindings(): array { @@ -569,7 +566,7 @@ private function getBindings(): array /** * This method builds the wsdl:service elements * - * @param \SimpleSAML\WSSecurity\XML\wsdl\Service[] + * @return \SimpleSAML\WSDL\XML\wsdl\Service[] */ private function getServices(): array { diff --git a/src/Trust/Policy13.php b/src/Trust/Policy13.php index 9473b8a..7d9de33 100644 --- a/src/Trust/Policy13.php +++ b/src/Trust/Policy13.php @@ -54,9 +54,6 @@ class Policy13 { /** * Constructor. - * - * @param \SimpleSAML\Configuration $config The general configuration - * @param \SimpleSAML\Configuration $metadata The metadata configuration */ public function __construct() { @@ -66,7 +63,7 @@ public function __construct() /** * This method builds the wsp:Policy elements * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy[] + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy[] */ public function getPolicies(): array { @@ -82,7 +79,7 @@ public function getPolicies(): array /** * This method builds the CertificateWSTrustBinding policy. * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy */ private function getCertificateWSTrustBinding(): Policy { @@ -186,7 +183,7 @@ private function getCertificateWSTrustBinding(): Policy /** * This method builds the UserNameWSTrustBinding policy. * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy */ private function getUserNameWSTrustBindingPolicy(): Policy { @@ -289,7 +286,7 @@ private function getUserNameWSTrustBindingPolicy(): Policy /** * This method builds the IssuedTokenWSTrustBinding policy. * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy */ private function getIssuedTokenWSTrustBinding(): Policy { @@ -401,7 +398,7 @@ private function getIssuedTokenWSTrustBinding(): Policy /** * This method builds the IssuedTokenWSTrustBinding1 policy. * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy */ private function getIssuedTokenWSTrustBinding1(): Policy { diff --git a/src/Trust/Policy2005.php b/src/Trust/Policy2005.php index 4c98ff8..d1a72c8 100644 --- a/src/Trust/Policy2005.php +++ b/src/Trust/Policy2005.php @@ -53,9 +53,6 @@ class Policy2005 { /** * Constructor. - * - * @param \SimpleSAML\Configuration $config The general configuration - * @param \SimpleSAML\Configuration $metadata The metadata configuration */ public function __construct() { @@ -65,7 +62,7 @@ public function __construct() /** * This method builds the wsp:Policy elements * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy[] + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy[] */ public function getPolicies(): array { @@ -82,7 +79,7 @@ public function getPolicies(): array /** * This method builds the CertificateWSTrustBinding policy. * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy */ private function getCertificateWSTrustBinding(): Policy { @@ -186,7 +183,7 @@ private function getCertificateWSTrustBinding(): Policy /** * This method builds the CertificateWSTrustBinding1 policy. * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy */ private function getCertificateWSTrustBinding1(): Policy { @@ -231,7 +228,7 @@ private function getCertificateWSTrustBinding1(): Policy /** * This method builds the UserNameWSTrustBinding policy. * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy */ private function getUserNameWSTrustBindingPolicy(): Policy { @@ -334,7 +331,7 @@ private function getUserNameWSTrustBindingPolicy(): Policy /** * This method builds the IssuedTokenWSTrustBinding policy. * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy */ private function getIssuedTokenWSTrustBinding(): Policy { @@ -445,7 +442,7 @@ private function getIssuedTokenWSTrustBinding(): Policy /** * This method builds the IssuedTokenWSTrustBinding1 policy. * - * @param \SimpleSAML\WSSecurity\XML\wsp\Policy + * @return \SimpleSAML\WSSecurity\XML\wsp\Policy */ private function getIssuedTokenWSTrustBinding1(): Policy { diff --git a/tests/InterOperability/DefinitionsTest.php b/tests/InterOperability/DefinitionsTest.php index 6a54c6b..1e30c12 100644 --- a/tests/InterOperability/DefinitionsTest.php +++ b/tests/InterOperability/DefinitionsTest.php @@ -37,7 +37,7 @@ public function testUnmarshalling(bool $shouldPass, DOMElement $mex): void /** - * @return array + * @return array */ public static function provideMex(): array { diff --git a/tests/src/Controller/AdfsControllerTest.php b/tests/src/Controller/AdfsControllerTest.php index e6c4cce..f91b474 100644 --- a/tests/src/Controller/AdfsControllerTest.php +++ b/tests/src/Controller/AdfsControllerTest.php @@ -17,7 +17,7 @@ /** */ #[CoversClass(Controller\Adfs::class)] -class AdfsControllerTest extends TestCase +final class AdfsControllerTest extends TestCase { /** @var \SimpleSAML\Configuration */ protected Configuration $config;