mirror of https://github.com/FriendsOfTYPO3/tea.git synced 2024-11-10 00:36:13 +01:00

[TASK] Add PHPStan extension for disallowed calls (#1159)

A new composer package "spaze/phpstan-disallowed-calls" is added.
This one is a PHPStan extension which will check for forbidden calls.
Those calls need to be defined per project.
We use this to prevent debugging and other none good practices from
showing up in our code base.

We include the pre defined rules from the package.
Those can be argued and adjusted once we hit them.

Resolves: #1158
This commit is contained in:
Daniel Siepmann 2024-02-06 13:55:29 +01:00 committed by GitHub
parent db5535a7a0
commit 1462282da6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 28 additions and 0 deletions

View file

@ -58,6 +58,7 @@
"phpunit/phpunit": "^9.6.16",
"saschaegerer/phpstan-typo3": "^1.10.0",
"seld/jsonlint": "^1.10.1",
"spaze/phpstan-disallowed-calls": "^3.1",
"squizlabs/php_codesniffer": "^3.8.1",
"symfony/console": "^5.4 || ^6.4 || ^7.0",
"symfony/translation": "^5.4 || ^6.4 || ^7.0",

View file

@ -1,5 +1,9 @@
includes:
- phpstan-baseline.neon
- .Build/vendor/spaze/phpstan-disallowed-calls/disallowed-dangerous-calls.neon
- .Build/vendor/spaze/phpstan-disallowed-calls/disallowed-execution-calls.neon
- .Build/vendor/spaze/phpstan-disallowed-calls/disallowed-insecure-calls.neon
- .Build/vendor/spaze/phpstan-disallowed-calls/disallowed-loose-calls.neon
parameters:
parallel:
@ -29,3 +33,26 @@ parameters:
cognitive_complexity:
class: 10
function: 5
disallowedFunctionCalls:
-
function:
- 'var_dump()'
- 'xdebug_break()'
- 'debug()'
message: 'Use logging instead or remove if it was for debugging purposes.'
-
function: 'header()'
message: 'Use PSR-7 API instead'
disallowedStaticCalls:
-
method: 'TYPO3\CMS\Extbase\Utility\DebuggerUtility::var_dump()'
message: 'Use logging instead or remove if it was for debugging purposes.'
disallowedSuperglobals:
-
superglobal:
- '$_GET'
- '$_POST'
- '$_FILES'
- '$_SERVER'
message: 'Use PSR-7 API instead'