-
Notifications
You must be signed in to change notification settings - Fork 651
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
InvalidAttribute for SensitiveParameter when running on php 8.2 and targeting 8.1 or lower #9728
Comments
Hey @Xerkus, can you reproduce the issue on https://psalm.dev ? |
I can not reproduce it on psalm.dev. The issue is encountered in https://github.com/laminas/laminas-diactoros/tree/8862d24e24c0aa2efc6f704cc6a80c827e0ec154 |
SensitiveParameter is only available in PHP 8.2 but your analysing your project on 8.0 |
CI failure with Should I change composer.json to require |
You can leave 8.0 in composer but actually run Psalm with a specified version instead of letting it fallback to composer But you can possibly expect the other issue around (some errors will appear because something don't make sense in 8.2 but they're necessary to support 8.0) For this kind of issue, I'd just suppress the error now that you get what Psalm is trying to raise here |
I think what happens here is |
Well, ReturnTypeWillChange was pretty special for two reasons:
SensitiveParameter is different because trying to use it on oldest PHP version where attributes are processed will make PHP crash because the class does not exists If Psalm was perfect, it would raise an UndefinedClass for SensitiveParameter but given you run on PHP 8.2, Psalm fallbacks on Reflection and finds the class there |
It does not affect behavior of the code either so it is safe to use on any php version but it will affect backtrace only in 8.2+ |
They were originally available for all version but were moved to 8.2 only in #9445 |
|
Pull-request: #453 Signed-off-by: William Desportes <williamdes@wdes.fr>
As the author of the RFC that introduced the
Attributes generally do not need to be backed by a class, they can be arbitrary strings. The class only needs to exist if you call |
As far as I can see no error is reported when Psalm runs on 8.2 and targets 8.0-8.2:
@Xerkus can you confirm you still experience the issue with The error was reported on 7.4: |
I found these snippets: https://psalm.dev/r/819e67d494<?php
function f(
#[SensitiveParameter]
string $_password
): void {}
https://psalm.dev/r/819e67d494<?php
function f(
#[SensitiveParameter]
string $_password
): void {}
https://psalm.dev/r/819e67d494<?php
function f(
#[SensitiveParameter]
string $_password
): void {}
https://psalm.dev/r/819e67d494<?php
function f(
#[SensitiveParameter]
string $_password
): void {}
|
@weirdan I'm seeing the issue with https://github.com/paragonie/constant_time_encoding and Psalm 5 (I wanted to contribute a PR for the Psalm update there):
|
So for target version below 8.0:
|
I can see attributes were moved to a separate stub file in #9920 and included on php 8.0 and up. Available since psalm 5.13.0 They are not included for target versions below 8.0 which is fine by me but might be an issue for others i suppose. Btw, there is another similar attribute coming with php 8.3 - |
SensitiveParameter attribute results in InvalidAttribute error when psalm runs on PHP 8.2 but targets 8.1 or below.
When Psalm runs on PHP 8.1 or lower the error is then
UndefinedAttributeClass
as expected:The problem is inconsistency of result depending on runtime.
Expected result:
Psalm does not produce
InvalidAttribute
error when running on PHP 8.2 but targeting 8.1 or below.The text was updated successfully, but these errors were encountered: