ovr / phpsa Goto Github PK

To implement check for unused properties

For now I created

Maybe anyone will be interested to create new logo ;)

https://wiki.php.net/rfc/forbid_dynamic_scope_introspection

For the functions

• extract()
• compact()
• get_defined_vars()
• parse_str() with one arg
• mb_parse_str() with one arg
• assert() with string argument (eval)
• func_get_args()
• func_get_arg()
• func_num_args()

dynamic calls of the form

• $fn()
• call_user_func($fn)
• array_map($fn, $array)
  etc.

will be forbidden. Such calls will result in a warning being thrown and an error-indicating return value being returned, that is consistent with other error-indicating return values of the respective functions.

Warning for

var_dump($a)

But this can be ignored

/**
 * @expected
 */
var_dump($a);

https://github.com/marcioAlmada/regex-guard

Could this project be interesting for an integration into phpsa?

function ($a) {
   return $a();
}

Suggest

function (callable $a) {

do the same for array and objects.

This will rly helpfull to detect
@return
@param
@tests

and etc

Find cool thing from

https://bitbucket.org/kalessil/phpinspectionsea/src/bb76ab33d694e8a8cf697c510b7b381188231354/src/com/kalessil/phpStorm/phpInspectionsEA/inspectors/codeSmell/DeprecatedIniOptionsInspector.java?at=master&fileviewer=file-view-default

Your documentation doesn't need to tell people to disable xdebug, it can be disabled for the particular run.

php -n -d xdebug.enable=0 -f bin/phpsa

If you don't want to apply -d params you can disable xdebug by calling xdebug_disable() which as per this link you will see it updated the zend_error_cb callback to the system default one instead of xdebug's - http://lxr.php.net/xref/PECL/xdebug/xdebug.c#2353

Create an Analyzer which checks for usage of (in newer versions) deprecated functions. So if we check a PHP 5.5 script we get all warnings for php7 deprecations too.

We should add a configuration to turn this off.

for example this RFC passed: https://wiki.php.net/rfc/mcrypt-viking-funeral

So Mcrypt will be deprecated. Our Analyzer could recommend the use of paragonie/halite (or libsodium) instead.

Snippet:

class UserTest extends PHPUNIT {
    // @test
    public function test()
    {
    }
}

Notice:

Annotation @test does not needed because method prefixed with test

What does it mean?

Analyzer is a class that allowed to register a new pass with multiple bindings for events

• Analyzer
• Analyzer\Factory - with all analyzers - once place registration for all analyzers is a good idea

refs #45

Maybe this will be helpfull to detect some bugs
Super referenced variables after cycles or etc

To implement it We need to complete task:

Find function by name with func_get_args, example Pass\Expression\FunctionCall*

Next We need to asert that scopePointer from Context is a method or function
After it Wee need to assert that parameters count is 0

Example that We need to detect and suggest

class Test {
    public function test() // NO PARAMETERS
    {
           return func_get_args();
    }
}

When we cant suggest another way

class Test {
    public function test($a, $b, $c) // SOME PARAMETERS
    {
           return func_get_args();
    }
}

Hi. Your library is great. I can make some validations.
But is is hard for me to understand structure of your library.
For example i want to create "Missing @return keyword" but I don’t know where i should place validation class.
Other thing is interface.
One class declared as class Statement { other class Mod extends AbstractExpressionCompiler
possible it will be useful to create single interface and then extend it.

P.S. Take a loot for php-cs-fixer they have each checker in separate file.

Format json, yml

Noticed from Reddit:

I was looking for a project to do something somewhat like this earlier in the week.
Do you have plans (or implementation) to statically ensure that method signatures do not violate PHP s rules for extending and implementing?

In subjectm, think about it

Php CS fixer, PhpUnit and others are providing this kind of package and it's very handy when integrating those tools into CI-infrastructure.

shamcodeКстати, вот это-то почему так: exec('git describe --always', $version_mini_hash)
shamcode?
shamcodeВ Application.php
Arcanight joined the room.
shamcodeДа не про это )
shamcodeНу смотри: а если у меня нет git и/или это продакшен версия?

1 <=> 2

• tests

control flow graph

Example

$a = [];

if ($a > 1) {
}

Expected count via it is an array type

$a = [];

if (count($a) > 1) {
}

refs #14

Example to review

class Test
{
    /**
     * @return bool
     */
    public function returnTrue()
    {
        $a = 5;
        $b = &$a;
        $a = 0;

        return 1 / $b;
    }
}

Example

return intval(5);

Use (int)

return (int) 5;

While checking a file with ./bin/phpsa which has something like:
intval(1,2);
we get this error:
PHP Notice: Undefined offset: 1 in ...phpsa/vendor/ovr/phpreflection/src/FunctionReflection.php on line 160

This error only occurs when intval has 2 arguments.
intval(1);
works fine.

function test() {
    if ($a == 1) {
        return true;
    }

    return false;
}

Need to be

function test() {
     return ($a == 1);
}

We have a list of possibly dangerous functions (like exec, eval, system, ...) and keep track which functions are used in the project. At the end we array_diff both lists and get a list of possibly dangerous functions that are not used in the project.
We then recommend to disable those functions in php.ini

refs https://wiki.php.net/rfc/this_var

// Запретить использование в качестве имени параметра
function foo($this) {
}

// Запретить использование в качестве статической переменной
static $this; 

// Запретить использование как глобальной переменной
global $this; 

// Запретить использование в качестве переменной исключения в catch
try {
  ...
} catch (Exception $this) { // Fatal error: Cannot re-assign $this
}

// Запретить использование в foreach
foreach ($a as $this) { 
}

// Запретить использование в unset()
unset($this); 

// Запретить обращение через $$
$a = "this";
$$a = 42;