povils / phpmnd

PHP Magic Number Detector
MIT License
558 stars 46 forks source link
analysis automation checker clean-code cli detector magic-numbers php static-analysis

PHP Magic Number Detector (PHPMND)

Minimum PHP version: 7.4.0 Scrutinizer Code Quality License CI

phpmnd is a tool that aims to help you to detect magic numbers in your PHP code. By default 0 and 1 are not considered to be magic numbers.

What is a magic number?

A magic number is a numeric literal that is not defined as a constant, but which may change at a later stage, and therefore can be hard to update. It's considered a bad programming practice to use numbers directly in any source code without an explanation. In most cases this makes programs harder to read, understand, and maintain.

Consider the following hypothetical code:

class Foo
{
    public function setPassword($password)
    {
         // don't do this
         if (mb_strlen($password) > 7) {
              throw new InvalidArgumentException("password");
         }
    }
}

which should be refactored to:

class Foo
{
    const MAX_PASSWORD_LENGTH = 7; // not const SEVEN = 7 :)

    public function setPassword($password)
    {
         if (mb_strlen($password) > self::MAX_PASSWORD_LENGTH) {
              throw new InvalidArgumentException("password");
         }
    }
}

This clearly improves the code readability and also reduces its maintenance cost.

Of course not every literal number is a magic number.

$is_even = $number % 2 === 0

Surely in this case the number 2 is not a magic number.

My rule of thumb:

If the number came from business specs and is used directly - it's a magic number.

Installation

Locally

You can add this tool as a local, per-project, development dependency to your project by using Composer:

$ composer require --dev povils/phpmnd

Afterwards you can then invoke it using the vendor/bin/phpmnd executable.

Globally

To install it globally simply run:

$ composer global require povils/phpmnd

Afterwards make sure you have the global Composer binaries directory in your PATH. Example for some Unix systems:

$ export PATH="$PATH:$HOME/.composer/vendor/bin"

Usage Example

Demo

demo

Basic usage

$ phpmnd wordpress --ignore-numbers=2,-1 --ignore-funcs=round,sleep --exclude=tests --progress \
--extensions=default_parameter,-return,argument

The --allow-array-mapping option allow keys as strings when using "array" extension.

The --exclude-file option will exclude a file from the code analysis. Multiple values are allowed.

The --exclude-path option will exclude a path, which must be relative to the source, from the code analysis. Multiple values are allowed.

The --exclude option will exclude a directory, which must be relative to the source, from the code analysis. Multiple values are allowed (e.g. --exclude=tests --exclude=examples).

The --extensions option lets you extend the code analysis. The provided extensions must be comma separated.

The --hint option will suggest replacements for magic numbers based on your codebase constants.

The --ignore-funcs option will exclude a list of comma separated functions from the code analysis, when using the "argument" extension. Defaults to intval, floatval, strval.

The --ignore-numbers option will exclude a list of comma separated numbers from the code analysis.

The --ignore-strings option will exclude strings from the code analysis, when using the "strings" option.

The --include-numeric-string option forces numeric strings such as "1234" to also be treated as a number.

The --progress option will display a progress bar.

The --strings option will include strings literal search in code analysis.

The --suffixes option will configure a comma separated list of valid source code filename extensions.

The --whitelist option will only process the files listed in the file specified. This is useful for incremental analysis.

The --xml-output option will generate an report in an Xml format to the path specified by the option. By default it analyses conditions, return statements, and switch cases.

Extensions

If extensions start with a minus, it means that these will be removed from the code analysis. I would recommend to clean up your code by using the default extension before using any of these extensions.

Ignoring a number from analysis

Sometimes magic numbers are required. For example implementing a known mathematical formula, by default intval, floatval and strval mark a number as not magic.

eg

$percent  = $number / 100;

would show 100 as a magic number

$percent = $number / intval(100);

would mark 100 as not magic.

Contributing

Please see CONTRIBUTING.md for more information.

License

The MIT License (MIT). Please see LICENSE for more information.