MAGETWO-94122: Independent blocks rule

Author: zakdma

dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/RequestAwareBlockMethod.php

@@ -0,0 +1,51 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\CodeMessDetector\Rule\Design;
+
+use PHPMD\AbstractNode;
+use PHPMD\AbstractRule;
+use PHPMD\Node\ClassNode;
+use PHPMD\Node\MethodNode;
+use PDepend\Source\AST\ASTMethod;
+use PHPMD\Rule\MethodAware;
+
+/**
+ * Detect direct request usages.
+ */
+class RequestAwareBlockMethod extends AbstractRule implements MethodAware
+{
+    /**
+     * @inheritdoc
+     *
+     * @param ASTMethod|MethodNode $method
+     */
+    public function apply(AbstractNode $method)
+    {
+        $definedIn = $method->getParentType();
+        try {
+            $isBlock = ($definedIn instanceof ClassNode)
+                && is_subclass_of(
+                    $definedIn->getFullQualifiedName(),
+                    \Magento\Framework\View\Element\AbstractBlock::class
+                );
+        } catch (\Throwable $exception) {
+            //Failed to load classes.
+            return;
+        }
+
+        if ($isBlock) {
+            $nodes = $method->findChildrenOfType('PropertyPostfix') + $method->findChildrenOfType('MethodPostfix');
+            foreach ($nodes as $node) {
+                $name = mb_strtolower($node->getFirstChildOfType('Identifier')->getImage());
+                if ($name === '_request' || $name === 'getrequest') {
+                    $this->addViolation($method, [$method->getFullQualifiedName()]);
+                    break;
+                }
+            }
+        }
+    }
+}

dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml

@@ -0,0 +1,37 @@
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<ruleset name="Magento Specific Design Rules" xsi:schemaLocation="http://pmd.sf.net/ruleset/1.0.0 http://pmd.sf.net/ruleset_xml_schema.xsd" xsi:noNamespaceSchemaLocation="http://pmd.sf.net/ruleset_xml_schema.xsd" xmlns="http://pmd.sf.net/ruleset/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <rule name="RequestAwareBlockMethod" class="Magento\CodeMessDetector\Rule\Design\RequestAwareBlockMethod" message="{0} uses request object directly. Add user input validation and suppress this warning.">
+        <description><![CDATA[
+
+Blocks must not depend on being used with certain controllers.
+If you use request object in a block directly you must validate all user input inside the block.
+
+        ]]></description>
+        <priority>2</priority>
+        <properties/>
+        <example><![CDATA[
+
+class MyOrder extends AbstractBlock
+{
+
+    .......
+
+    public function getOrder()
+    {
+        $orderId = $this->getRequest()->getParam('order_id');
+        //Validate customer having such order.
+        if (!$this->hasOrder($this->getCustomerId(), $orderId)) {
+            ...deny access...
+        }
+        .....
+    }
+}
+
+        ]]></example>
+    </rule>
+</ruleset>

dev/tests/static/testsuite/Magento/Test/Php/_files/phpmd/ruleset.xml

@@ -17,7 +17,7 @@
     <rule ref="rulesets/codesize.xml/ExcessiveMethodLength" />
     <rule ref="rulesets/codesize.xml/ExcessiveParameterList" />
     <rule ref="rulesets/codesize.xml/ExcessivePublicCount" />
-    <rule ref="rulesets/codesize.xml/TooManyFields" />    
+    <rule ref="rulesets/codesize.xml/TooManyFields" />
     <rule ref="rulesets/codesize.xml/ExcessiveClassComplexity">
         <properties>
             <property name="maximum" value="100" />
@@ -43,4 +43,7 @@
     <rule ref="rulesets/naming.xml/ShortMethodName" />
     <rule ref="rulesets/naming.xml/ConstantNamingConventions" />
     <rule ref="rulesets/naming.xml/BooleanGetMethodName" />
+
+    <!-- Magento Specific Rules -->
+    <rule ref="Magento/CodeMessDetector/resources/rulesets/design.xml/RequestAwareBlockMethod" />
 </ruleset>