From 64228b5490099fe5cb2a366ddbee36a327f4e97e Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Sun, 19 Apr 2020 18:24:26 +0200
Subject: [PATCH] [BUGFIX] Skip dynamically assigned instance names in
 extension scanner
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Dynamically created class instances using a variable name cannot be
resolved in extension scanner - given the fact that a class member
variable can change at any time and the scanner would have to keep
that state - which is too much for static code analysis.

Thus, the following source code is not analyzed.

$className = SomeClass::class;
$object = GeneralUtility($className);

Resolves: #91128
Releases: master, 9.5
Change-Id: I7f87e7c88e9e62efb85ee54f32625c531266cbba
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64251
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Christian Eßl <indy.essl@gmail.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Ghanshyam Bhava <ghanshyambhava@yahoo.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Christian Eßl <indy.essl@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Ghanshyam Bhava <ghanshyambhava@yahoo.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
 .../Php/Matcher/ConstructorArgumentMatcher.php              | 2 ++
 .../Php/Matcher/ConstructorArgumentMatcherTest.php          | 6 +++---
 .../Matcher/Fixtures/ConstructorArgumentMatcherFixture.php  | 2 ++
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/typo3/sysext/install/Classes/ExtensionScanner/Php/Matcher/ConstructorArgumentMatcher.php b/typo3/sysext/install/Classes/ExtensionScanner/Php/Matcher/ConstructorArgumentMatcher.php
index 356ce2251bb2..39cd3b91f4bf 100644
--- a/typo3/sysext/install/Classes/ExtensionScanner/Php/Matcher/ConstructorArgumentMatcher.php
+++ b/typo3/sysext/install/Classes/ExtensionScanner/Php/Matcher/ConstructorArgumentMatcher.php
@@ -69,6 +69,8 @@ class ConstructorArgumentMatcher extends AbstractCoreMatcher
         }
         $resolvedNode = $node->getAttribute(self::NODE_RESOLVED_AS, null) ?? $node;
         if (!$resolvedNode instanceof New_
+            || !isset($resolvedNode->class)
+            || is_object($node->class) && !method_exists($node->class, '__toString')
             || !array_key_exists((string)$resolvedNode->class, $this->matcherDefinitions)
         ) {
             return;
diff --git a/typo3/sysext/install/Tests/Unit/ExtensionScanner/Php/Matcher/ConstructorArgumentMatcherTest.php b/typo3/sysext/install/Tests/Unit/ExtensionScanner/Php/Matcher/ConstructorArgumentMatcherTest.php
index 31c44a79cbc1..2835c20add90 100644
--- a/typo3/sysext/install/Tests/Unit/ExtensionScanner/Php/Matcher/ConstructorArgumentMatcherTest.php
+++ b/typo3/sysext/install/Tests/Unit/ExtensionScanner/Php/Matcher/ConstructorArgumentMatcherTest.php
@@ -45,7 +45,7 @@ class ConstructorArgumentMatcherTest extends TestCase
                         'numberOfMandatoryArguments' => 4,
                     ]),
                 ],
-                [34, 35, 36, 37, 42, 43],
+                [34, 35, 36, 37, 44, 45],
             ],
             'dropped' => [
                 [
@@ -53,7 +53,7 @@ class ConstructorArgumentMatcherTest extends TestCase
                         'maximumNumberOfArguments' => 2,
                     ]),
                 ],
-                [34, 35, 36, 37, 42, 43],
+                [34, 35, 36, 37, 44, 45],
             ],
             'called' => [
                 [
@@ -62,7 +62,7 @@ class ConstructorArgumentMatcherTest extends TestCase
                         'maximumNumberOfArguments' => 3,
                     ]),
                 ],
-                [34, 35, 36, 37, 42, 43],
+                [34, 35, 36, 37, 44, 45],
             ],
             'unused' => [
                 [
diff --git a/typo3/sysext/install/Tests/Unit/ExtensionScanner/Php/Matcher/Fixtures/ConstructorArgumentMatcherFixture.php b/typo3/sysext/install/Tests/Unit/ExtensionScanner/Php/Matcher/Fixtures/ConstructorArgumentMatcherFixture.php
index 7e1daa442333..bed67ba74e03 100644
--- a/typo3/sysext/install/Tests/Unit/ExtensionScanner/Php/Matcher/Fixtures/ConstructorArgumentMatcherFixture.php
+++ b/typo3/sysext/install/Tests/Unit/ExtensionScanner/Php/Matcher/Fixtures/ConstructorArgumentMatcherFixture.php
@@ -35,6 +35,8 @@ class ConstructorArgumentMatcherFixture extends Subject
         $b = new \TYPO3\CMS\Install\Tests\Unit\ExtensionScanner\Php\Matcher\Fixtures\Subject('a', 'b', 'c');
         $c = GeneralUtility::makeInstance(Subject::class, 'a', 'b', 'c');
         $d = GeneralUtility::makeInstance(\TYPO3\CMS\Install\Tests\Unit\ExtensionScanner\Php\Matcher\Fixtures\Subject::class, 'a', 'b', 'c');
+        $className = Subject::class;
+        $e = new $className('a', 'b', 'c');
     }
 
     public function unused(): void
-- 
GitLab