fix: PHPStan errors

composer.json

@@ -78,6 +78,7 @@
         "cs": "vendor/bin/php-cs-fixer fix --ansi --verbose --dry-run --diff",
         "rector": "vendor/bin/rector process --dry-run",
         "phpstan": "bash -c \"XDEBUG_MODE=off phpstan analyse\"",
+        "phpstan-baseline": "bash -c \"XDEBUG_MODE=off phpstan analyse --generate-baseline phpstan-baseline.php\"",
         "test": "vendor/bin/phpunit --coverage-text --coverage-clover build/logs/clover.xml --coverage-php build/cov/coverage.cov --testsuite main"
     }
 }

phpstan-baseline.php

@@ -7,84 +7,12 @@
 	'count' => 1,
 	'path' => __DIR__ . '/src/Secure.php',
 ];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'blockSize\' on mixed\\.$#',
-	'count' => 2,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'cipherAlgorithm\' on mixed\\.$#',
-	'count' => 2,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'cipherChaining\' on mixed\\.$#',
-	'count' => 2,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'encryptedHmacKey\' on mixed\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'encryptedHmacValue\' on mixed\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'encryptedKeyValue\' on mixed\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'encryptedVerifierHa…\' on mixed\\.$#',
-	'count' => 2,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'hashAlgorithm\' on mixed\\.$#',
-	'count' => 2,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'hashSize\' on mixed\\.$#',
-	'count' => 2,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'keyBits\' on mixed\\.$#',
-	'count' => 2,
-	'path' => __DIR__ . '/src/Secure.php',
-];
 $ignoreErrors[] = [
 	// identifier: offsetAccess.nonOffsetAccessible
 	'message' => '#^Cannot access offset \'name\' on mixed\\.$#',
 	'count' => 3,
 	'path' => __DIR__ . '/src/Secure.php',
 ];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'saltValue\' on mixed\\.$#',
-	'count' => 4,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: offsetAccess.nonOffsetAccessible
-	'message' => '#^Cannot access offset \'spinCount\' on mixed\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Secure.php',
-];
 $ignoreErrors[] = [
 	// identifier: missingType.return
 	'message' => '#^Method PHPDevsr\\\\Spreadsheet\\\\Secure\\:\\:_convertPasswordToKey\\(\\) has no return type specified\\.$#',
@@ -289,36 +217,6 @@
 	'count' => 1,
 	'path' => __DIR__ . '/src/Secure.php',
 ];
-$ignoreErrors[] = [
-	// identifier: missingType.return
-	'message' => '#^Method PHPDevsr\\\\Spreadsheet\\\\Secure\\:\\:_hmac\\(\\) has no return type specified\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: missingType.parameter
-	'message' => '#^Method PHPDevsr\\\\Spreadsheet\\\\Secure\\:\\:_hmac\\(\\) has parameter \\$algorithm with no type specified\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: missingType.parameter
-	'message' => '#^Method PHPDevsr\\\\Spreadsheet\\\\Secure\\:\\:_hmac\\(\\) has parameter \\$fileName with no type specified\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: missingType.parameter
-	'message' => '#^Method PHPDevsr\\\\Spreadsheet\\\\Secure\\:\\:_hmac\\(\\) has parameter \\$key with no type specified\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Secure.php',
-];
-$ignoreErrors[] = [
-	// identifier: missingType.return
-	'message' => '#^Method PHPDevsr\\\\Spreadsheet\\\\Secure\\:\\:build\\(\\) has no return type specified\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/src/Secure.php',
-];
 $ignoreErrors[] = [
 	// identifier: return.type
 	'message' => '#^Method PHPDevsr\\\\Spreadsheet\\\\Secure\\:\\:output\\(\\) should return string but returns string\\|false\\.$#',
@@ -331,12 +229,6 @@
 	'count' => 1,
 	'path' => __DIR__ . '/src/Secure.php',
 ];
-$ignoreErrors[] = [
-	// identifier: argument.unpackNonIterable
-	'message' => '#^Only iterables can be unpacked, mixed given in argument \\#2\\.$#',
-	'count' => 7,
-	'path' => __DIR__ . '/src/Secure.php',
-];
 $ignoreErrors[] = [
 	// identifier: argument.type
 	'message' => '#^Parameter \\#1 \\$array of function array_pad expects array, mixed given\\.$#',
@@ -412,7 +304,7 @@
 $ignoreErrors[] = [
 	// identifier: argument.type
 	'message' => '#^Parameter \\#1 \\$value of function count expects array\\|Countable, mixed given\\.$#',
-	'count' => 5,
+	'count' => 1,
 	'path' => __DIR__ . '/src/Secure.php',
 ];
 $ignoreErrors[] = [

src/Secure.php

@@ -172,7 +172,7 @@ public function output(?string $filePath = null)
 
         // Create the data integrity fields used by clients for integrity checks.
         // First generate a random array of bytes to use in HMAC. The docs say to use the same length as the key salt, but Excel seems to use 64.
-        $hmacKey = unpack('C*', random_bytes(64));
+        $hmacKey = (array) unpack('C*', random_bytes(64));
         // Then create an initialization vector using the package encryption info and the appropriate block key.
         $hmacKeyIV = $this->_createIV(
             $encryptionInfo['package']['hashAlgorithm'],
@@ -321,7 +321,7 @@ public function output(?string $filePath = null)
     /**
      * Encryption Info
      *
-     * @param array<string, mixed> $encryptionInfo Data
+     * @param array<string, array<string, array<string, int|string>>> $encryptionInfo Data
      *
      * @return array<string, mixed>
      */
@@ -445,7 +445,7 @@ private function _hash($algorithm, ...$buffers)
         $buffers = [...$buffers];
 
         if (! in_array($algorithm, hash_algos(), true)) {
-            throw new Exception("Hash algorithm '{$algorithm}' not supported!");
+            throw new Exception("Hash algorithm '{$algorithm}' not supported!"); // @codeCoverageIgnore
         }
 
         $ctx = hash_init($algorithm);
@@ -455,9 +455,18 @@ private function _hash($algorithm, ...$buffers)
         return unpack('C*', hash_final($ctx, true));
     }
 
+    /**
+     * Hmac
+     *
+     * @param string       $algorithm Algorithm
+     * @param list<string> $key       Key
+     * @param string       $fileName  Filename
+     *
+     * @return list<string>
+     */
     private function _hmac($algorithm, $key, $fileName)
     {
-        return unpack('C*', hash_hmac_file(
+        return (array) unpack('C*', hash_hmac_file(
             strtolower($algorithm),
             $fileName,
             pack('C*', ...$key),
@@ -582,6 +591,8 @@ private function _cryptPackage(
      *
      * @param array<string, mixed> $data     Data
      * @param SimpleXMLElement     $rootNode Node
+     *
+     * @return void
      */
     private function build($data, $rootNode)
     {