ovr / phpsa Goto Github PK
View Code? Open in Web Editor NEWSmart/Static Analyzer(sis) for PHP :bowtie::neckbeard:
License: Other
Smart/Static Analyzer(sis) for PHP :bowtie::neckbeard:
License: Other
To implement check for unused properties
https://wiki.php.net/rfc/forbid_dynamic_scope_introspection
For the functions
dynamic calls of the form
will be forbidden. Such calls will result in a warning being thrown and an error-indicating return value being returned, that is consistent with other error-indicating return values of the respective functions.
Warning for
var_dump($a)
But this can be ignored
/**
* @expected
*/
var_dump($a);
https://github.com/marcioAlmada/regex-guard
Could this project be interesting for an integration into phpsa?
function ($a) {
return $a();
}
Suggest
function (callable $a) {
do the same for array and objects.
Your documentation doesn't need to tell people to disable xdebug, it can be disabled for the particular run.
php -n -d xdebug.enable=0 -f bin/phpsa
If you don't want to apply -d params you can disable xdebug by calling xdebug_disable()
which as per this link you will see it updated the zend_error_cb callback to the system default one instead of xdebug's - http://lxr.php.net/xref/PECL/xdebug/xdebug.c#2353
Create an Analyzer which checks for usage of (in newer versions) deprecated functions. So if we check a PHP 5.5 script we get all warnings for php7 deprecations too.
We should add a configuration to turn this off.
for example this RFC passed: https://wiki.php.net/rfc/mcrypt-viking-funeral
So Mcrypt will be deprecated. Our Analyzer could recommend the use of paragonie/halite (or libsodium) instead.
Snippet:
class UserTest extends PHPUNIT {
// @test
public function test()
{
}
}
Notice:
Annotation @test does not needed because method prefixed with test
What does it mean?
Analyzer is a class that allowed to register a new pass with multiple bindings for events
refs #45
Maybe this will be helpfull to detect some bugs
Super referenced variables after cycles or etc
To implement it We need to complete task:
Find function by name with func_get_args, example Pass\Expression\FunctionCall*
Next We need to asert that scopePointer
from Context
is a method or function
After it Wee need to assert that parameters count is 0
Example that We need to detect and suggest
class Test {
public function test() // NO PARAMETERS
{
return func_get_args();
}
}
When we cant suggest another way
class Test {
public function test($a, $b, $c) // SOME PARAMETERS
{
return func_get_args();
}
}
Hi. Your library is great. I can make some validations.
But is is hard for me to understand structure of your library.
For example i want to create "Missing @return keyword" but I don’t know where i should place validation class.
Other thing is interface.
One class declared as class Statement {
other class Mod extends AbstractExpressionCompiler
possible it will be useful to create single interface and then extend it.
P.S. Take a loot for php-cs-fixer they have each checker in separate file.
Format json, yml
Noticed from Reddit:
I was looking for a project to do something somewhat like this earlier in the week.
Do you have plans (or implementation) to statically ensure that method signatures do not violate PHP s rules for extending and implementing?
In subjectm, think about it
Php CS fixer, PhpUnit and others are providing this kind of package and it's very handy when integrating those tools into CI-infrastructure.
trait A {
}
shamcodeКстати, вот это-то почему так: exec('git describe --always', $version_mini_hash)
shamcode?
shamcodeВ Application.php
Arcanight joined the room.
shamcodeДа не про это )
shamcodeНу смотри: а если у меня нет git и/или это продакшен версия?
function test()
{
$a = function() {
$a = 1;
$a++;
};
return $a();
}
/**
* @return string
*/
function testVarExportUnexpected()
{
/**
* Second parameter in var_export must be true
*/
return "test " . var_export(1);
}
1 <=> 2
control flow graph
Example
$a = [];
if ($a > 1) {
}
Expected count via it is an array type
$a = [];
if (count($a) > 1) {
}
$a = 1;
unset($a);
var_dump($a); // Undefined?
refs #14
Example to review
class Test
{
/**
* @return bool
*/
public function returnTrue()
{
$a = 5;
$b = &$a;
$a = 0;
return 1 / $b;
}
}
Example
return intval(5);
Use (int)
return (int) 5;
While checking a file with ./bin/phpsa which has something like:
intval(1,2);
we get this error:
PHP Notice: Undefined offset: 1 in ...phpsa/vendor/ovr/phpreflection/src/FunctionReflection.php on line 160
This error only occurs when intval has 2 arguments.
intval(1);
works fine.
function test() {
if ($a == 1) {
return true;
}
return false;
}
Need to be
function test() {
return ($a == 1);
}
We have a list of possibly dangerous functions (like exec, eval, system, ...) and keep track which functions are used in the project. At the end we array_diff both lists and get a list of possibly dangerous functions that are not used in the project.
We then recommend to disable those functions in php.ini
class A {
public function(B $b = null) {
if (!empty($b)) {
}
}
}
unset($a);
$a = [
'a' => 1,
'b' => 250,
'a' => 1
];
refs https://wiki.php.net/rfc/this_var
// Запретить использование в качестве имени параметра
function foo($this) {
}
// Запретить использование в качестве статической переменной
static $this;
// Запретить использование как глобальной переменной
global $this;
// Запретить использование в качестве переменной исключения в catch
try {
...
} catch (Exception $this) { // Fatal error: Cannot re-assign $this
}
// Запретить использование в foreach
foreach ($a as $this) {
}
// Запретить использование в unset()
unset($this);
// Запретить обращение через $$
$a = "this";
$$a = 42;
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.