GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → psalm → Psalm Plugin Symfony

psalm / Psalm Plugin Symfony

Licence: mit
Psalm Plugin for Symfony

Labels

gherkin

Projects that are alternatives of or similar to Psalm Plugin Symfony

Gherkin
Gherkin parser, written in PHP 5.3+ for Behat project
Stars: ✭ 924 (+805.88%)
Mutual labels:  gherkin
Gwen Web
A web automation engine for Gwen.
Stars: ✭ 47 (-53.92%)
Mutual labels:  gherkin
Patton
The clever vulnerability dependency finder
Stars: ✭ 87 (-14.71%)
Mutual labels:  gherkin
Crudecumber
A manual Cucumber runner RubyGem
Stars: ✭ 9 (-91.18%)
Mutual labels:  gherkin
Psalm Plugin Phpunit
A PHPUnit plugin for Psalm
Stars: ✭ 42 (-58.82%)
Mutual labels:  gherkin
Middleman Sprockets
Sprockets support for Middleman
Stars: ✭ 62 (-39.22%)
Mutual labels:  gherkin
Karate
Test Automation Made Simple
Stars: ✭ 5,497 (+5289.22%)
Mutual labels:  gherkin
Drupal Spec Tool
A tool for specifying Drupal architecture details and generating automated tests for them.
Stars: ✭ 100 (-1.96%)
Mutual labels:  gherkin
Cucumber Gradle Parallel
Example of Gradle Running Cucumber Features in Parallel
Stars: ✭ 42 (-58.82%)
Mutual labels:  gherkin
Doctor Command
Diagnose problems within WordPress by running a series of checks for symptoms
Stars: ✭ 82 (-19.61%)
Mutual labels:  gherkin
Pantheon Wordpress Upstream Tests
Tests behavior of WordPress Core upstreams for Pantheon. Also within test suites of contrib plugins
Stars: ✭ 12 (-88.24%)
Mutual labels:  gherkin
Jrg
Juno Reverse Geocoder
Stars: ✭ 21 (-79.41%)
Mutual labels:  gherkin
Poet
Lets you split your ssh_config into separate files
Stars: ✭ 72 (-29.41%)
Mutual labels:  gherkin
Cuke linter
A linting tool for Cucumber
Stars: ✭ 24 (-76.47%)
Mutual labels:  gherkin
Godog
Cucumber for golang
Stars: ✭ 1,287 (+1161.76%)
Mutual labels:  gherkin
Opencypher
Specification of the Cypher property graph query language
Stars: ✭ 534 (+423.53%)
Mutual labels:  gherkin
Jekyll ghost importer
Post importer from Ghost backup files.
Stars: ✭ 57 (-44.12%)
Mutual labels:  gherkin
Cabbage
Story BDD tool for executing elixir in ExUnit
Stars: ✭ 102 (+0%)
Mutual labels:  gherkin
Middleman Google Analytics
📈 A @middleman plugin to handle generating your Google Analytics tracking code.
Stars: ✭ 91 (-10.78%)
Mutual labels:  gherkin
Yard Doctest
Doctests from YARD examples
Stars: ✭ 78 (-23.53%)
Mutual labels:  gherkin
View All Similar Projects ➔

Symfony Psalm Plugin

Integrate

Installation

composer require --dev psalm/plugin-symfony
vendor/bin/psalm-plugin enable psalm/plugin-symfony

Features

  • Detects the ContainerInterface::get() result type. Works better if you configure a compiled container XML file.
  • Supports Service Subscribers. Works only if you configure a compiled container XML file.
  • Detects return types from console arguments (InputInterface::getArgument()) and options (InputInterface::getOption()). Enforces to use "InputArgument" and "InputOption" constants as a best practise.
  • Detects Doctrine repository classes associated to entities when configured via annotations.
  • Fixes PossiblyInvalidArgument for Symfony\Component\HttpFoundation\Request::getContent(). The plugin determines the real return type by checking the given argument and marks it as either "string" or "resource".
  • Detects the return type of Symfony\Component\HttpFoundation\HeaderBag::get() by checking the default value (third argument for < Symfony 4.4).
  • Detects the return types of Symfony\Component\Messenger\Envelope::last and Symfony\Component\Messenger\Envelope::all, based on the provided argument.
  • Taint analysis for Symfony.
  • Detects services and parameters naming conventions violations.
  • Complains when Container is injected in a service, and asks to use dependency-injection instead.
  • Fixes PropertyNotSetInConstructor false positive issues:
    • $container in AbstractController
    • $context in ConstraintValidator classes
    • properties in custom @Annotation classes
  • And much more!

Configuration

If you follow the installation instructions, the psalm-plugin command will add this plugin configuration to the psalm.xml configuration file.

<?xml version="1.0"?>
<psalm errorLevel="1">
    <!--  project configuration -->

    <plugins>
        <pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin" />
    </plugins>
</psalm>

To be able to detect return types of services using ID (generally starts with @ in Symfony YAML config files. Ex: logger service) containerXml must be provided. Example:

<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin">
    <containerXml>var/cache/dev/App_KernelDevDebugContainer.xml</containerXml>
</pluginClass>

This file path may change based on your Symfony version, file structure and environment settings. Default files according to Symfony versions are:

  • Symfony 3: var/cache/dev/srcDevDebugProjectContainer.xml
  • Symfony 4: var/cache/dev/srcApp_KernelDevDebugContainer.xml
  • Symfony 5: var/cache/dev/App_KernelDevDebugContainer.xml

Multiple container files can be configured. In this case, the first valid file is taken into account. If none of the given files is valid, a configuration exception is thrown. Example:

<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin">
    <containerXml>var/cache/dev/App_KernelDevDebugContainer.xml</containerXml>
    <containerXml>var/cache/dev/App_KernelTestDebugContainer.xml</containerXml>
</pluginClass>

Twig tainting (experimental)

When it comes to taint analysis for Twig templates, there are currently two approaches:

  • The first one is based on a specific file analyzer (Psalm\SymfonyPsalmPlugin\Twig\TemplateFileAnalyzer) which leverages the Twig parser and visits the AST nodes.
  • The second one is based on the already compiled Twig templates, it only bridges calls from Twig\Environment::render to the actual doRender method of the compiled template.

Twig Analyzer

This approach is more robust since it relies on the official Twig parser and node visitor mechanisms. For the moment, it is only able to detect simple tainted paths.

To leverage the real Twig file analyzer, you have to configure a checker for the .twig extension as follows:

<fileExtensions>
   <extension name=".php" />
   <extension name=".twig" checker="./vendor/psalm/plugin-symfony/src/Twig/TemplateFileAnalyzer.php"/>
</fileExtensions>

See the currently supported cases.

Cache Analyzer

This approach is "dirtier", since it tries to connect the taints from the application code to the compiled PHP code representing a given template. It is theoretically able to detect more taints than the previous approach out-of-the-box, but it still lacks ways to handle inheritance and stuff like that.

To allow the analysis through the cached template files, you have to add the twigCachePath entry to the plugin configuration :

<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin">
    <twigCachePath>/cache/twig</twigCachePath>
</pluginClass>

See the currently supported cases.

Credits

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].