Merge remote-tracking branch 'origin/6.x'

Author: danog

config.xsd

@@ -17,6 +17,7 @@
             <xs:element name="stubs" type="StubsType" minOccurs="0" maxOccurs="1" />
             <xs:element name="plugins" type="PluginsType" minOccurs="0" maxOccurs="1" />
             <xs:element name="forbiddenFunctions" type="ExitFunctionsType" minOccurs="0" maxOccurs="1" />
+            <xs:element name="forbiddenConstants" type="ConstantType" minOccurs="0" maxOccurs="1" />
             <xs:element name="issueHandlers" type="IssueHandlersType" minOccurs="0" maxOccurs="1" />
             <xs:element name="ignoreExceptions" type="ExceptionsType" minOccurs="0" maxOccurs="1" />
             <xs:element name="globals" type="GlobalsType" minOccurs="0" maxOccurs="1" />
@@ -179,6 +180,13 @@
         <xs:anyAttribute processContents="skip" />
     </xs:complexType>
 
+    <xs:complexType name="ConstantType">
+        <xs:sequence>
+            <xs:element name="constant" maxOccurs="unbounded" type="NameAttributeType" />
+        </xs:sequence>
+        <xs:anyAttribute processContents="skip" />
+    </xs:complexType>
+
     <xs:complexType name="PluginsType">
         <xs:choice minOccurs="0" maxOccurs="unbounded">
             <xs:element name="plugin">

docs/running_psalm/configuration.md

@@ -655,6 +655,15 @@ Optional. Allows you to specify a list of functions that should emit the [`Forbi
 </forbiddenFunctions>
 ```
 
+#### &lt;forbiddenConstants&gt;
+Optional. Allows you to specify a list of constants that should emit the [`ForbiddenCode`](issues/ForbiddenCode.md) issue type.
+
+```xml
+<forbiddenConstants>
+  <constant name="FILTER_VALIDATE_URL" />
+</forbiddenConstants>
+```
+
 ## Accessing Psalm configuration in plugins
 
 Plugins can access or modify the global configuration in plugins using

docs/running_psalm/issues/ForbiddenCode.md

@@ -8,7 +8,7 @@ Emitted when Psalm encounters a var_dump, exec or similar expression that may ma
 var_dump("bah");
 ```
 
-This functions list can be extended by configuring `forbiddenFunctions` in `psalm.xml`
+This functions list can be extended by configuring `forbiddenFunctions` or `forbiddenConstants` in `psalm.xml`
 
 ```xml
 <?xml version="1.0"?>
@@ -19,5 +19,9 @@ This functions list can be extended by configuring `forbiddenFunctions` in `psal
         <function name="dd"/>
         <function name="var_dump"/>
     </forbiddenFunctions>
+    
+    <forbiddenConstants>
+        <constant name="FILTER_VALIDATE_URL" />
+    </forbiddenConstants>
 </psalm>
 ```

src/Psalm/Config.php

@@ -371,6 +371,10 @@ final class Config
      * @var array<lowercase-string, bool>
      */
     public array $forbidden_functions = [];
+    /**
+     * @var array<string, bool>
+     */
+    public array $forbidden_constants = [];
 
     public bool $find_unused_code = true;
 
@@ -1299,6 +1303,13 @@ private static function fromXmlAndPaths(
             }
         }
 
+        if (isset($config_xml->forbiddenConstants) && isset($config_xml->forbiddenConstants->constant)) {
+            /** @var SimpleXMLElement $forbidden_function */
+            foreach ($config_xml->forbiddenConstants->constant as $forbidden_function) {
+                $config->forbidden_constants[(string) $forbidden_function['name']] = true;
+            }
+        }
+
         if (isset($config_xml->stubs) && isset($config_xml->stubs->file)) {
             /** @var SimpleXMLElement $stub_file */
             foreach ($config_xml->stubs->file as $stub_file) {

src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/ConstFetchAnalyzer.php

@@ -15,6 +15,7 @@
 use Psalm\Internal\Analyzer\Statements\ExpressionAnalyzer;
 use Psalm\Internal\Analyzer\StatementsAnalyzer;
 use Psalm\Internal\Provider\NodeDataProvider;
+use Psalm\Issue\ForbiddenCode;
 use Psalm\Issue\UndefinedConstant;
 use Psalm\IssueBuffer;
 use Psalm\Type;
@@ -58,6 +59,18 @@ public static function analyze(
                 break;
 
             default:
+                if (isset($statements_analyzer->getCodebase()->config->forbidden_constants[$const_name])) {
+                    IssueBuffer::maybeAdd(
+                        new ForbiddenCode(
+                            'You have forbidden the use of ' . $const_name,
+                            new CodeLocation($statements_analyzer->getSource(), $stmt),
+                        ),
+                        $statements_analyzer->getSuppressedIssues(),
+                    );
+        
+                    return;
+                }
+    
                 $const_type = self::getConstType(
                     $statements_analyzer,
                     $const_name,

tests/ForbiddenCodeTest.php

@@ -120,6 +120,33 @@ public function testForbiddenCodeFunctionViaFunctions(): void
         $this->analyzeFile($file_path, new Context());
     }
 
+    public function testForbiddenCodeConstantViaConstant(): void
+    {
+        $this->expectExceptionMessage('ForbiddenCode');
+        $this->expectException(CodeException::class);
+        $this->project_analyzer = $this->getProjectAnalyzerWithConfig(
+            TestConfig::loadFromXML(
+                dirname(__DIR__, 2),
+                '<?xml version="1.0"?>
+                <psalm>
+                    <forbiddenConstants>
+                        <constant name="FILTER_VALIDATE_URL" />
+                    </forbiddenConstants>
+                </psalm>',
+            ),
+        );
+
+        $file_path = (string) getcwd() . '/src/somefile.php';
+
+        $this->addFile(
+            $file_path,
+            '<?php
+                filter_var("http://example.com/image.jpg", FILTER_VALIDATE_URL);',
+        );
+
+        $this->analyzeFile($file_path, new Context());
+    }
+
     public function testAllowedPrintFunction(): void
     {
         $this->project_analyzer = $this->getProjectAnalyzerWithConfig(