Dumper: added context-aware validation

| Expression                | member | param |
|---------------------------|--------|-------|
| scalar, array, Enum::Case | 8.1+   | 8.1+  |
| `new ClassName(...)`      | —      | 8.1+  |
| `strlen(...)`             | 8.5+   | 8.5+  |
| `(object) [...]` cast     | —      | 8.5+  |
| `fun()`                   | —      | —     |

Author: dg

src/PhpGenerator/DumpContext.php

@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * This file is part of the Nette Framework (https://nette.org)
+ * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
+ */
+
+declare(strict_types=1);
+
+namespace Nette\PhpGenerator;
+
+
+/**
+ * Context in which a dumped value will be used.
+ */
+enum DumpContext
+{
+	case Expression;
+	case Constant;
+	case Property;
+	case Parameter;
+	case Attribute;
+}

src/PhpGenerator/Dumper.php

@@ -25,6 +25,7 @@ final class Dumper
 	public int $wrapLength = 120;
 	public string $indentation = "\t";
 	public bool $customObjects = true;
+	public DumpContext $context = DumpContext::Expression;
 
 
 	/**
@@ -144,10 +145,17 @@ private function dumpObject(object $var, array $parents, int $level, int $column
 		$parents[] = $var;
 
 		if ($class === \stdClass::class) {
+			if (!in_array($this->context, [DumpContext::Expression, DumpContext::Parameter, DumpContext::Attribute], strict: true)) {
+				throw new Nette\InvalidStateException("Cannot dump object of type $class in {$this->context->name} context.");
+			}
+
 			$var = get_mangled_object_vars($var);
 			return '(object) ' . $this->dumpArray($var, $parents, $level, $column + 10);
 
 		} elseif ($class === \DateTime::class || $class === \DateTimeImmutable::class) {
+			if (!in_array($this->context, [DumpContext::Expression, DumpContext::Parameter, DumpContext::Attribute], strict: true)) {
+				throw new Nette\InvalidStateException("Cannot dump object of type $class in {$this->context->name} context.");
+			}
 			assert($var instanceof \DateTimeInterface);
 			return $this->format(
 				"new \\$class(?, new \\DateTimeZone(?))",
@@ -167,6 +175,9 @@ private function dumpObject(object $var, array $parents, int $level, int $column
 			throw new Nette\InvalidStateException('Cannot dump object of type Closure.');
 
 		} elseif ($this->customObjects) {
+			if ($this->context !== DumpContext::Expression) {
+				throw new Nette\InvalidStateException("Cannot dump object of type $class in {$this->context->name} context.");
+			}
 			return $this->dumpCustomObject($var, $parents, $level);
 
 		} else {

src/PhpGenerator/Printer.php

@@ -171,7 +171,7 @@ public function printClass(
 				$cases[] = $this->printDocComment($case)
 					. $this->printAttributes($case->getAttributes())
 					. 'case ' . $case->getName()
-					. ($case->getValue() === null ? '' : ' = ' . $this->dump($case->getValue()))
+					. ($case->getValue() === null ? '' : ' = ' . $this->dump($case->getValue(), context: DumpContext::Constant))
 					. ";\n";
 			}
 		}
@@ -348,7 +348,7 @@ private function formatParameters(Closure|GlobalFunction|Method|PropertyHook $fu
 				. ($param->isReference() ? '&' : '')
 				. ($variadic ? '...' : '')
 				. '$' . $param->getName()
-				. ($param->hasDefaultValue() && !$variadic ? ' = ' . $this->dump($param->getDefaultValue()) : '')
+				. ($param->hasDefaultValue() && !$variadic ? ' = ' . $this->dump($param->getDefaultValue(), context: DumpContext::Parameter) : '')
 				. ($param instanceof PromotedParameter ? $this->printHooks($param) : '')
 				. ($multiline ? ",\n" : ', ');
 		}
@@ -370,7 +370,7 @@ private function printConstant(Constant $const): string
 		return $this->printDocComment($const)
 			. $this->printAttributes($const->getAttributes())
 			. $def
-			. $this->dump($const->getValue(), strlen($def)) . ";\n";
+			. $this->dump($const->getValue(), strlen($def), DumpContext::Constant) . ";\n";
 	}
 
 
@@ -389,7 +389,7 @@ private function printProperty(Property $property, bool $readOnlyClass = false,
 
 		$defaultValue = $property->getValue() === null && !$property->isInitialized()
 			? ''
-			: ' = ' . $this->dump($property->getValue(), strlen($def) + 3); // 3 = ' = '
+			: ' = ' . $this->dump($property->getValue(), strlen($def) + 3, DumpContext::Property); // 3 = ' = '
 
 		return $this->printDocComment($property)
 			. $this->printAttributes($property->getAttributes())
@@ -453,6 +453,7 @@ protected function printAttributes(array $attrs, bool $inline = false): string
 		}
 
 		$this->dumper->indentation = $this->indentation;
+		$this->dumper->context = DumpContext::Attribute;
 		$items = [];
 		foreach ($attrs as $attr) {
 			$args = $this->dumper->format('...?:', $attr->getArguments());
@@ -512,10 +513,11 @@ protected function indent(string $s): string
 	}
 
 
-	protected function dump(mixed $var, int $column = 0): string
+	protected function dump(mixed $var, int $column = 0, DumpContext $context = DumpContext::Expression): string
 	{
 		$this->dumper->indentation = $this->indentation;
 		$this->dumper->wrapLength = $this->wrapLength;
+		$this->dumper->context = $context;
 		$s = $this->dumper->dump($var, $column);
 		$s = Helpers::simplifyTaggedNames($s, $this->namespace);
 		return $s;

tests/PhpGenerator/Dumper.context.phpt

@@ -0,0 +1,168 @@
+<?php
+
+/**
+ * Test: Nette\PhpGenerator\Dumper context validation
+ */
+
+declare(strict_types=1);
+
+use Nette\PhpGenerator\DumpContext;
+use Nette\PhpGenerator\Dumper;
+use Tester\Assert;
+
+require __DIR__ . '/../bootstrap.php';
+
+
+// Constant context (class constant, property default)
+
+test('Constant context rejects stdClass', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Constant;
+	Assert::exception(
+		fn() => $dumper->dump((object) ['a' => 1]),
+		Nette\InvalidStateException::class,
+		'%a% stdClass %a% Constant %a%',
+	);
+});
+
+
+test('Constant context rejects DateTime', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Constant;
+	Assert::exception(
+		fn() => $dumper->dump(new DateTime('2024-01-01')),
+		Nette\InvalidStateException::class,
+		'%a% DateTime %a% Constant %a%',
+	);
+});
+
+
+test('Constant context rejects custom objects', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Constant;
+	Assert::exception(
+		fn() => $dumper->dump(new ArrayObject),
+		Nette\InvalidStateException::class,
+		'%a% ArrayObject %a% Constant %a%',
+	);
+});
+
+
+test('Constant context allows first-class callable', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Constant;
+	Assert::contains('(...)', $dumper->dump(strlen(...)));
+});
+
+
+// Property context (same restrictions as Constant)
+
+test('Property context rejects stdClass', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Property;
+	Assert::exception(
+		fn() => $dumper->dump((object) ['a' => 1]),
+		Nette\InvalidStateException::class,
+		'%a% Property %a%',
+	);
+});
+
+
+test('Property context rejects DateTime', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Property;
+	Assert::exception(
+		fn() => $dumper->dump(new DateTime('2024-01-01')),
+		Nette\InvalidStateException::class,
+		'%a% Property %a%',
+	);
+});
+
+
+test('Property context rejects custom objects', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Property;
+	Assert::exception(
+		fn() => $dumper->dump(new ArrayObject),
+		Nette\InvalidStateException::class,
+		'%a% Property %a%',
+	);
+});
+
+
+// Parameter context (allows new, casts)
+
+test('Parameter context allows stdClass', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Parameter;
+	Assert::contains('(object)', $dumper->dump((object) ['a' => 1]));
+});
+
+
+test('Parameter context allows DateTime', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Parameter;
+	Assert::contains('new \DateTime', $dumper->dump(new DateTime('2024-01-01')));
+});
+
+
+test('Parameter context rejects custom objects', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Parameter;
+	Assert::exception(
+		fn() => $dumper->dump(new ArrayObject),
+		Nette\InvalidStateException::class,
+		'%a% ArrayObject %a% Parameter %a%',
+	);
+});
+
+
+// Attribute context (same as Parameter)
+
+test('Attribute context allows stdClass', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Attribute;
+	Assert::contains('(object)', $dumper->dump((object) ['a' => 1]));
+});
+
+
+test('Attribute context allows DateTime', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Attribute;
+	Assert::contains('new \DateTime', $dumper->dump(new DateTime('2024-01-01')));
+});
+
+
+test('Attribute context rejects custom objects', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Attribute;
+	Assert::exception(
+		fn() => $dumper->dump(new ArrayObject),
+		Nette\InvalidStateException::class,
+		'%a% ArrayObject %a% Attribute %a%',
+	);
+});
+
+
+// Expression context (no restrictions, default)
+
+test('Expression context allows everything', function () {
+	$dumper = new Dumper;
+	Assert::same(DumpContext::Expression, $dumper->context);
+	Assert::contains('(object)', $dumper->dump((object) ['a' => 1]));
+	Assert::contains('new \DateTime', $dumper->dump(new DateTime('2024-01-01')));
+	Assert::contains('createObject', $dumper->dump(new ArrayObject));
+});
+
+
+// Propagation through arrays
+
+test('context propagates into array elements', function () {
+	$dumper = new Dumper;
+	$dumper->context = DumpContext::Constant;
+	Assert::exception(
+		fn() => $dumper->dump(['key' => (object) ['a' => 1]]),
+		Nette\InvalidStateException::class,
+		'%a% stdClass %a% Constant %a%',
+	);
+});