Initial commit

Author: moufmouf

.gitignore

@@ -0,0 +1,7 @@
+*~
+/vendor/*
+.*~
+/composer.lock
+/phpunit.xml
+/tmp
+/build/

.travis.yml

@@ -0,0 +1,31 @@
+language: php
+sudo: false
+php:
+  - 7.1
+  - 7.2
+env:
+  global:
+  # We need to prefer source to get PHPStan test directory. Otherwise, it is removed from ZIP
+  - DEFAULT_COMPOSER_FLAGS="--no-interaction --no-progress --optimize-autoloader --prefer-source"
+  - TASK_TESTS=1
+  - TASK_TESTS_COVERAGE=0
+  - TASK_CS=1
+  - TASK_SCA=0
+  matrix:
+  - COMPOSER_FLAGS="--prefer-lowest"
+  - COMPOSER_FLAGS=""
+cache:
+  directories:
+  - "$HOME/.composer/cache"
+before_install:
+- travis_retry composer global require $DEFAULT_COMPOSER_FLAGS hirak/prestissimo
+install:
+- travis_retry composer update $DEFAULT_COMPOSER_FLAGS $COMPOSER_FLAGS
+- composer info -D | sort
+- mkdir tmp
+script:
+- vendor/bin/phpunit --verbose;
+- composer phpstan
+- composer cs-check
+after_success:
+- vendor/bin/coveralls -v

README.md

@@ -0,0 +1,17 @@
+[![Latest Stable Version](https://poser.pugx.org/thecodingmachine/phpstan-safe-rules/v/stable)](https://packagist.org/packages/thecodingmachine/phpstan-safe-rules)
+[![Total Downloads](https://poser.pugx.org/thecodingmachine/phpstan-safe-rules/downloads)](https://packagist.org/packages/thecodingmachine/phpstan-safe-rules)
+[![Latest Unstable Version](https://poser.pugx.org/thecodingmachine/phpstan-safe-rules/v/unstable)](https://packagist.org/packages/thecodingmachine/phpstan-safe-rules)
+[![License](https://poser.pugx.org/thecodingmachine/phpstan-safe-rules/license)](https://packagist.org/packages/thecodingmachine/phpstan-safe-rules)
+[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/thecodingmachine/phpstan-safe-rules/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/thecodingmachine/phpstan-safe-rules/?branch=master)
+[![Build Status](https://travis-ci.org/thecodingmachine/phpstan-safe-rules.svg?branch=master)](https://travis-ci.org/thecodingmachine/phpstan-safe-rules)
+[![Coverage Status](https://coveralls.io/repos/thecodingmachine/phpstan-safe-rules/badge.svg?branch=master&service=github)](https://coveralls.io/github/thecodingmachine/phpstan-safe-rules?branch=master)
+
+
+PHPStan rules for thecodingmachine/safe
+=======================================
+
+The [thecodingmachine/safe](https://github.com/thecodingmachine/safe) package provides a set of core PHP functions rewritten to throw exceptions instead of returning `false` when an error is encountered.
+
+This PHPStan rule will help you detect unsafe function call and will propose you to use the `thecodingmachine/safe` variant instead.
+
+Please read [thecodingmachine/safe documentation](https://github.com/thecodingmachine/safe) for details about installation and usage.

composer.json

@@ -0,0 +1,42 @@
+{
+    "name": "thecodingmachine/phpstan-safe-rule",
+    "description": "A PHPStan rule to detect safety issues. Must be used in conjunction with thecodingmachine/safe",
+    "type": "library",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "David Négrier",
+            "email": "d.negrier@thecodingmachine.com"
+        }
+    ],
+    "require": {
+        "php": "^7.1",
+        "phpstan/phpstan": "^0.10",
+        "thecodingmachine/safe": "^0.1"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^7.1",
+        "php-coveralls/php-coveralls": "^2.1",
+        "squizlabs/php_codesniffer": "^3.2"
+    },
+    "autoload": {
+        "psr-4": {
+            "TheCodingMachine\\Safe\\PHPStan\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "TheCodingMachine\\Safe\\PHPStan\\": "tests/"
+        }
+    },
+    "scripts": {
+        "phpstan": "phpstan analyse src -c phpstan.neon --level=7 --no-progress -vvv",
+        "cs-fix": "phpcbf",
+        "cs-check": "phpcs"
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "0.1-dev"
+        }
+    }
+}

phpstan-safe-rule.neon

@@ -0,0 +1,5 @@
+services:
+  -
+    class: TheCodingMachine\Safe\PHPStan\Rules\UseSafeFunctionsRule
+    tags:
+      - phpstan.rules.rule

phpstan.neon

@@ -0,0 +1,4 @@
+parameters:
+    ignoreErrors:
+includes:
+    - phpstan-safe-rule.neon

phpunit.xml.dist

@@ -0,0 +1,36 @@
+<phpunit
+	bootstrap="tests/bootstrap.php"
+	colors="true"
+	backupGlobals="false"
+	backupStaticAttributes="false"
+	beStrictAboutChangesToGlobalState="true"
+	beStrictAboutOutputDuringTests="true"
+	beStrictAboutTestsThatDoNotTestAnything="true"
+	beStrictAboutTodoAnnotatedTests="true"
+	failOnRisky="true"
+	failOnWarning="true"
+	convertErrorsToExceptions="true"
+	convertNoticesToExceptions="true"
+	convertWarningsToExceptions="true"
+>
+	<testsuites>
+		<testsuite name="Test suite">
+			<directory>./tests/</directory>
+		</testsuite>
+	</testsuites>
+	<filter>
+		<whitelist>
+			<directory suffix=".php">./src</directory>
+		</whitelist>
+	</filter>
+	<logging>
+		<log
+			type="coverage-text"
+			target="php://stdout"
+			showUncoveredFiles="true"
+			showOnlySummary="true"
+		/>
+		<log type="coverage-html" target="build/coverage"/>
+		<log type="coverage-clover" target="build/logs/clover.xml"/>
+	</logging>
+</phpunit>

src/Rules/UseSafeFunctionsRule.php

@@ -0,0 +1,43 @@
+<?php
+
+
+namespace TheCodingMachine\Safe\PHPStan\Rules;
+
+use PhpParser\Node;
+use PHPStan\Analyser\Scope;
+use PHPStan\Reflection\FunctionReflection;
+use PHPStan\Reflection\MethodReflection;
+use PHPStan\Rules\Rule;
+use PHPStan\ShouldNotHappenException;
+use TheCodingMachine\Safe\PHPStan\Utils\FunctionListLoader;
+
+/**
+ * This rule checks that no superglobals are used in code.
+ */
+class UseSafeFunctionsRule implements Rule
+{
+    public function getNodeType(): string
+    {
+        return Node\Expr\FuncCall::class;
+    }
+
+    /**
+     * @param Node\Expr\FuncCall $node
+     * @param \PHPStan\Analyser\Scope $scope
+     * @return string[]
+     */
+    public function processNode(Node $node, Scope $scope): array
+    {
+        if (!$node->name instanceof Node\Name) {
+            return [];
+        }
+        $functionName = $node->name->toString();
+        $unsafeFunctions = FunctionListLoader::getFunctionList();
+
+        if (isset($unsafeFunctions[$functionName])) {
+            return ["Function $functionName is unsafe to use. It can return FALSE instead of throwing an exception. Please add 'use function Safe\\$functionName;' at the beginning of the file to use the variant provided by the 'thecodingmachine/safe' library."];
+        }
+
+        return [];
+    }
+}

src/Utils/FunctionListLoader.php

@@ -0,0 +1,33 @@
+<?php
+
+
+namespace TheCodingMachine\Safe\PHPStan\Utils;
+
+
+use PHPStan\Analyser\Scope;
+use PHPStan\Reflection\FunctionReflection;
+use PHPStan\Reflection\MethodReflection;
+
+class FunctionListLoader
+{
+    private static $functions;
+
+    /**
+     * @return string[]
+     */
+    public static function getFunctionList(): array
+    {
+        if (self::$functions === null) {
+            if (\file_exists(__DIR__.'/../../../safe/generated/functionsList.php')) {
+                $functions = require __DIR__.'/../../../safe/generated/functionsList.php';
+            } elseif (\file_exists(__DIR__.'/../../vendor/thecodingmachine/safe/generated/functionsList.php')) {
+                $functions = require __DIR__.'/../../vendor/thecodingmachine/safe/generated/functionsList.php';
+            } else {
+                throw new \RuntimeException('Could not find thecodingmachine/safe\'s functionsList.php file.');
+            }
+            // Let's index these functions by their name
+            self::$functions = \array_combine($functions, $functions);
+        }
+        return self::$functions;
+    }
+}

tests/Rules/UseSafeFunctionsRuleTest.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace TheCodingMachine\Safe\PHPStan\Rules;
+
+use PHPStan\Testing\RuleTestCase;
+
+class UseSafeFunctionsRuleTest extends RuleTestCase
+{
+    protected function getRule(): \PHPStan\Rules\Rule
+    {
+        return new UseSafeFunctionsRule();
+    }
+
+    public function testCatch()
+    {
+        $this->analyse([__DIR__ . '/data/fopen.php'], [
+            [
+                "Function fopen is unsafe to use. It can return FALSE instead of throwing an exception. Please add 'use function Safe\\fopen;' at the beginning of the file to use the variant provided by the 'thecodingmachine/safe' library.",
+                4,
+            ],
+        ]);
+    }
+
+    public function testNoCatchSafe()
+    {
+        $this->analyse([__DIR__ . '/data/safe_fopen.php'], []);
+    }
+
+    public function testExprCall()
+    {
+        $this->analyse([__DIR__ . '/data/undirect_call.php'], []);
+    }
+}