struggle-for-php / sfp-deptrac-builtin
Deptrac extension to enforce application on framework rule.
0.2.1
2024-06-09 02:15 UTC
Requires
- php: ~8.1.0 || ~8.2.0 || ~8.3.0
- qossmic/deptrac-shim: ^1.0.2
Requires (Dev)
- bamarni/composer-bin-plugin: ^1.8
- laminas/laminas-coding-standard: ^2.4
- nikic/php-parser: ^4.13.2
- phpunit/phpunit: ^9.6
- psalm/plugin-phpunit: ^0.18.4
- squizlabs/php_codesniffer: ^3.7
- vimeo/psalm: ^5
This package is auto-updated.
Last update: 2024-11-09 03:08:51 UTC
README
PHP Web application on framework should not use network function like header()
.
But this rule is Implicit !.
This extension is attempted to find violate such rule.
Example
- examples/src/Action/UserShowAction.php includes
public function handle(ServerRequestInterface $request): ResponseInterface
{
\header('Location: http://www.example.com/');
}
$ cd examples/
$ ./vendor/bin/deptrac analyse
107/107 [▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓] 100%
----------- ----------------------------------------------------------------------------------
Reason Action
----------- ----------------------------------------------------------------------------------
Violation Foo\Action\UserShowAction must not depend on header() (Sending Raw HTTP)
/home/sasezaki/dev/sfp-deptrac-builtin/examples/src/Action/UserShowAction.php:20
----------- ----------------------------------------------------------------------------------
-------------------- -----
Report
-------------------- -----
Violations 1
Skipped violations 0
Uncovered 24
Allowed 48
Warnings 0
Errors 0
-------------------- -----
Q&A
-
Q. Why not use PHPCS
forbiddenFunctionNames
?- A. IMO,
forbiddenFunctionNames
is only should be used for dangerous function (its own) or alias function. Reason of forbiddenheader()
usage in application is layer problem.
- A. IMO,
-
Q. When called
header()
with'Location: ...
, then should be calledexit()
on same scope, is it not ?- A. Maybe..
Inspired
This extension is developed inspired from this talk.