N°6238 Security hardening

2026-05-19 15:22:17 +02:00 · 2023-06-08 09:31:15 +02:00
parent 68a1c0f0cb
commit 14d3eb6624
91 changed files with 1460 additions and 1200 deletions
--- a/lib/guzzlehttp/promises/src/EachPromise.php
+++ b/lib/guzzlehttp/promises/src/EachPromise.php
@@ -1,10 +1,14 @@
 <?php

+declare(strict_types=1);
+
 namespace GuzzleHttp\Promise;

 /**
 * Represents a promise that iterates over many promises and invokes
 * side-effect functions in the process.
+ *
+ * @final
 */
 class EachPromise implements PromisorInterface
 {
@@ -69,7 +73,7 @@ class EachPromise implements PromisorInterface
    }

    /** @psalm-suppress InvalidNullableReturnType */
-    public function promise()
+    public function promise(): PromiseInterface
    {
        if ($this->aggregate) {
            return $this->aggregate;
@@ -81,30 +85,19 @@ class EachPromise implements PromisorInterface
            $this->iterable->rewind();
            $this->refillPending();
        } catch (\Throwable $e) {
-            /**
-             * @psalm-suppress NullReference
-             * @phpstan-ignore-next-line
-             */
-            $this->aggregate->reject($e);
-        } catch (\Exception $e) {
-            /**
-             * @psalm-suppress NullReference
-             * @phpstan-ignore-next-line
-             */
            $this->aggregate->reject($e);
        }

        /**
         * @psalm-suppress NullableReturnStatement
-         * @phpstan-ignore-next-line
         */
        return $this->aggregate;
    }

-    private function createPromise()
+    private function createPromise(): void
    {
        $this->mutex = false;
-        $this->aggregate = new Promise(function () {
+        $this->aggregate = new Promise(function (): void {
            if ($this->checkIfFinished()) {
                return;
            }
@@ -121,7 +114,7 @@ class EachPromise implements PromisorInterface
        });

        // Clear the references when the promise is resolved.
-        $clearFn = function () {
+        $clearFn = function (): void {
            $this->iterable = $this->concurrency = $this->pending = null;
            $this->onFulfilled = $this->onRejected = null;
            $this->nextPendingIndex = 0;
@@ -130,11 +123,13 @@ class EachPromise implements PromisorInterface
        $this->aggregate->then($clearFn, $clearFn);
    }

-    private function refillPending()
+    private function refillPending(): void
    {
        if (!$this->concurrency) {
            // Add all pending promises.
-            while ($this->addPending() && $this->advanceIterator());
+            while ($this->addPending() && $this->advanceIterator()) {
+            }
+
            return;
        }

@@ -155,10 +150,11 @@ class EachPromise implements PromisorInterface
        // next value to yield until promise callbacks are called.
        while (--$concurrency
            && $this->advanceIterator()
-            && $this->addPending());
+            && $this->addPending()) {
+        }
    }

-    private function addPending()
+    private function addPending(): bool
    {
        if (!$this->iterable || !$this->iterable->valid()) {
            return false;
@@ -172,7 +168,7 @@ class EachPromise implements PromisorInterface
        $idx = $this->nextPendingIndex++;

        $this->pending[$idx] = $promise->then(
-            function ($value) use ($idx, $key) {
+            function ($value) use ($idx, $key): void {
                if ($this->onFulfilled) {
                    call_user_func(
                        $this->onFulfilled,
@@ -183,7 +179,7 @@ class EachPromise implements PromisorInterface
                }
                $this->step($idx);
            },
-            function ($reason) use ($idx, $key) {
+            function ($reason) use ($idx, $key): void {
                if ($this->onRejected) {
                    call_user_func(
                        $this->onRejected,
@@ -199,7 +195,7 @@ class EachPromise implements PromisorInterface
        return true;
    }

-    private function advanceIterator()
+    private function advanceIterator(): bool
    {
        // Place a lock on the iterator so that we ensure to not recurse,
        // preventing fatal generator errors.
@@ -212,19 +208,17 @@ class EachPromise implements PromisorInterface
        try {
            $this->iterable->next();
            $this->mutex = false;
+
            return true;
        } catch (\Throwable $e) {
            $this->aggregate->reject($e);
            $this->mutex = false;
-            return false;
-        } catch (\Exception $e) {
-            $this->aggregate->reject($e);
-            $this->mutex = false;
+
            return false;
        }
    }

-    private function step($idx)
+    private function step(int $idx): void
    {
        // If the promise was already resolved, then ignore this step.
        if (Is::settled($this->aggregate)) {
@@ -242,11 +236,12 @@ class EachPromise implements PromisorInterface
        }
    }

-    private function checkIfFinished()
+    private function checkIfFinished(): bool
    {
        if (!$this->pending && !$this->iterable->valid()) {
            // Resolve the promise if there's nothing left to do.
            $this->aggregate->resolve(null);
+
            return true;
        }