109 lines
2.1 KiB
ReStructuredText
109 lines
2.1 KiB
ReStructuredText
|
Linting Talk
|
||
|
============
|
||
|
|
||
|
What is linting
|
||
|
---------------
|
||
|
|
||
|
A linter or lint refers to tools that analyze source code to flag programming
|
||
|
errors, bugs, stylistic errors, and suspicious constructs. The term originates
|
||
|
from a Unix utility that examined C language source code.
|
||
|
|
||
|
— https://en.wikipedia.org/wiki/Lint_(software)
|
||
|
|
||
|
Why do I need it?
|
||
|
-----------------
|
||
|
|
||
|
* Prevent syntax errors = 500 http error in production.
|
||
|
|
||
|
* Prevent bugs.
|
||
|
|
||
|
* Validate coding guideline = Prevent unnecessary merge conflicts.
|
||
|
|
||
|
* Reduce complexity and mental overhead.
|
||
|
|
||
|
What to lint
|
||
|
------------
|
||
|
|
||
|
PHP
|
||
|
^^^
|
||
|
|
||
|
* PHP Native
|
||
|
|
||
|
Local::
|
||
|
|
||
|
php -l broken.php
|
||
|
php -l valid.php
|
||
|
|
||
|
For CI::
|
||
|
|
||
|
php -l broken.php > /dev/null; echo $?
|
||
|
php -l valid.php > /dev/null; echo $?
|
||
|
|
||
|
find localPackages/ -name \*.php | parallel --gnu php -d display_errors=stderr -l {} > /dev/null \;
|
||
|
|
||
|
* PHP Code Sniffer
|
||
|
Checks for Coding Guideline, best practices like no debugging code.
|
||
|
|
||
|
Extendable, Multiple languages, php, js, typoscript, …
|
||
|
Lint and fix.
|
||
|
Integrated into IDEs, Editors and CI.
|
||
|
|
||
|
* PHPMD
|
||
|
https://phpmd.org/
|
||
|
https://phpmd.org/rules/index.html
|
||
|
|
||
|
* phpstan
|
||
|
https://github.com/phpstan/phpstan
|
||
|
https://packagist.org/packages/saschaegerer/phpstan-typo3
|
||
|
|
||
|
PHP >= 7.1
|
||
|
No configuration necessary
|
||
|
|
||
|
* phan
|
||
|
https://github.com/phan/phan
|
||
|
|
||
|
Awesome, but needs configuration file.
|
||
|
|
||
|
* https://phpqa.io/
|
||
|
|
||
|
* https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection
|
||
|
|
||
|
TypoScript
|
||
|
^^^^^^^^^^
|
||
|
|
||
|
https://github.com/martin-helmich/typo3-typoscript-lint
|
||
|
|
||
|
XML / XLIFF
|
||
|
^^^^^^^^^^^
|
||
|
|
||
|
http://xmlsoft.org/xmllint.html
|
||
|
|
||
|
JSON / composer.json
|
||
|
^^^^^^^^^^^^^^^^^^^^
|
||
|
|
||
|
`composer validate`
|
||
|
|
||
|
YAML (Form extension)
|
||
|
^^^^^^^^^^^^^^^^^^^^^
|
||
|
|
||
|
https://github.com/adrienverge/yamllint
|
||
|
|
||
|
Summary
|
||
|
-------
|
||
|
|
||
|
Check out possible linter. Integrate linter in CI, optionally also in local IDEs
|
||
|
/editors.
|
||
|
|
||
|
Prevent "dumb" issues like invalid PHP syntax.
|
||
|
|
||
|
Prevent some security issues.
|
||
|
|
||
|
Further reading
|
||
|
---------------
|
||
|
|
||
|
* https://www.owasp.org/index.php/Static_Code_Analysis
|
||
|
|
||
|
* https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
|
||
|
|
||
|
* https://phpqa.io/
|