ekino / phpstan-banned-code

Detect banned code through PHPStan
MIT License
228 stars 20 forks source link
php phpstan-extension quality

PHPStan Banned Code

Latest Stable Version Build Status Coverage Status Total Downloads

This library is based on PHPStan to detect calls to specific functions you don't want in your project. For instance, you can add it in your CI process to make sure there is no debug/non standard code (like var_dump, exit, ...).

Basic usage

To use this extension, require it using Composer:

composer require --dev ekino/phpstan-banned-code

When you use https://github.com/phpstan/extension-installer you are done.

If not, include extension.neon in your project's PHPStan config:

includes:
    - vendor/ekino/phpstan-banned-code/extension.neon

Advanced usage

You can configure this library with parameters:

parameters:
    banned_code:
        nodes:
            # enable detection of echo
            -
                type: Stmt_Echo
                functions: null

            # enable detection of eval
            -
                type: Expr_Eval
                functions: null

            # enable detection of die/exit
            -
                type: Expr_Exit
                functions: null

            # enable detection of a set of functions
            -
                type: Expr_FuncCall
                functions:
                    - dd
                    - debug_backtrace
                    - dump
                    - exec
                    - passthru
                    - phpinfo
                    - print_r
                    - proc_open
                    - shell_exec
                    - system
                    - var_dump

            # enable detection of print statements
            -
                type: Expr_Print
                functions: null

            # enable detection of shell execution by backticks
            -
                type: Expr_ShellExec
                functions: null

        # enable detection of `use Tests\Foo\Bar` in a non-test file
        use_from_tests: true

        # errors emitted by the extension are non-ignorable by default, so they cannot accidentally be put into the baseline.
        non_ignorable: false # default is true

type is the returned value of a node, see the method getType().