2019-11-12 14:36:05 +01:00
|
|
|
# Symfony Psalm Plugin
|
|
|
|
|
2020-03-13 17:16:51 +01:00
|
|
|
![Integrate](https://github.com/psalm/psalm-plugin-symfony/workflows/Integrate/badge.svg)
|
2019-11-14 08:27:50 +01:00
|
|
|
|
2019-11-12 14:36:05 +01:00
|
|
|
### Installation
|
|
|
|
|
|
|
|
```
|
2020-03-13 15:45:04 +01:00
|
|
|
composer require --dev psalm/plugin-symfony
|
|
|
|
vendor/bin/psalm-plugin enable psalm/plugin-symfony
|
2019-11-12 14:36:05 +01:00
|
|
|
```
|
2019-11-14 08:27:50 +01:00
|
|
|
|
2019-12-06 10:25:16 +01:00
|
|
|
### Features
|
|
|
|
|
2020-03-11 14:43:52 +01:00
|
|
|
- Detect `ContainerInterface::get()` result type. Works better if you [configure](#configuration) compiled container XML file.
|
2020-04-12 16:56:21 +02:00
|
|
|
- Detect return type of console arguments (`InputInterface::getArgument()`) and options (`InputInterface::getOption()`). Enforces
|
|
|
|
to use InputArgument and InputOption constants as a part of best practise.
|
2020-09-13 18:37:26 +02:00
|
|
|
- Detects correct Doctrine repository class if entities are configured with annotations.
|
2019-12-06 10:25:16 +01:00
|
|
|
- Fixes `PossiblyInvalidArgument` for `Symfony\Component\HttpFoundation\Request::getContent`.
|
|
|
|
The plugin calculates real return type by checking the given argument and marks return type as either string or resource.
|
2020-06-26 13:58:43 +02:00
|
|
|
- Detect return type of `Symfony\Component\HttpFoundation\HeaderBag::get` (by checking default value and third argument for < Symfony 4.4)
|
2020-07-06 05:29:10 +02:00
|
|
|
- Detect return type of `Symfony\Component\Messenger\Envelope::last` and `Symfony\Component\Messenger\Envelope::all`, based on the provided argument.
|
2020-07-02 13:27:48 +02:00
|
|
|
- Taint analysis for Symfony
|
2020-06-28 08:04:40 +02:00
|
|
|
- Detects service and parameter [naming convention](https://symfony.com/doc/current/contributing/code/standards.html#naming-conventions) violations
|
2019-12-06 10:25:16 +01:00
|
|
|
- Complains when `Container` is injected to a service. Use dependency-injection.
|
2020-08-01 17:07:39 +02:00
|
|
|
- Fix false positive `PropertyNotSetInConstructor` issues
|
|
|
|
- $container in AbstractController
|
|
|
|
- $context in ConstraintValidator classes
|
|
|
|
- properties in custom `@Annotation` classes
|
2019-12-06 10:25:16 +01:00
|
|
|
|
2020-03-09 13:24:39 +01:00
|
|
|
### Configuration
|
|
|
|
|
2020-07-19 10:28:57 +02:00
|
|
|
If you follow installation instructions, psalm-plugin command will add plugin configuration to psalm.xml
|
2020-03-09 13:24:39 +01:00
|
|
|
|
|
|
|
```xml
|
|
|
|
<?xml version="1.0"?>
|
2020-07-19 10:28:57 +02:00
|
|
|
<psalm errorLevel="1">
|
2020-03-09 13:24:39 +01:00
|
|
|
<!-- project configuration -->
|
|
|
|
|
|
|
|
<plugins>
|
2020-03-13 15:51:18 +01:00
|
|
|
<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin" />
|
2020-03-09 13:24:39 +01:00
|
|
|
</plugins>
|
|
|
|
</psalm>
|
|
|
|
```
|
|
|
|
|
|
|
|
To be able to detect return types of services using ID (generally starts with `@` in Symfony YAML config files. Ex: `logger` service)
|
|
|
|
`containerXml` must be provided. Example:
|
|
|
|
```xml
|
2020-03-13 15:51:18 +01:00
|
|
|
<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin">
|
2020-03-09 13:24:39 +01:00
|
|
|
<containerXml>var/cache/dev/App_KernelDevDebugContainer.xml</containerXml>
|
|
|
|
</pluginClass>
|
|
|
|
```
|
|
|
|
|
|
|
|
This file path may change based on your Symfony version, file structure and environment settings.
|
|
|
|
Default file for Symfony versions:
|
|
|
|
- Symfony 3: var/cache/dev/srcDevDebugProjectContainer.xml
|
|
|
|
- Symfony 4: var/cache/dev/srcApp_KernelDevDebugContainer.xml
|
|
|
|
- Symfony 5: var/cache/dev/App_KernelDevDebugContainer.xml
|
|
|
|
|
2020-06-19 15:18:31 +02:00
|
|
|
Multiple container files can be configured. In this case, first valid file is taken into account.
|
|
|
|
If none of the given files is valid, configuration exception is thrown.
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```xml
|
|
|
|
<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin">
|
|
|
|
<containerXml>var/cache/dev/App_KernelDevDebugContainer.xml</containerXml>
|
|
|
|
<containerXml>var/cache/dev/App_KernelTestDebugContainer.xml</containerXml>
|
|
|
|
</pluginClass>
|
|
|
|
```
|
|
|
|
|
2020-09-13 18:37:26 +02:00
|
|
|
#### Twig tainting configuration
|
|
|
|
|
|
|
|
There are two approaches to including twig templates for taint analysis :
|
|
|
|
|
|
|
|
- one based on a specific file analyzer which uses the twig parser to taint twig's AST nodes
|
|
|
|
- one based on the already compiled twig templates
|
|
|
|
|
|
|
|
To leverage the real Twig file analyzer, you have to configure the `.twig` extension as follows :
|
|
|
|
|
|
|
|
```xml
|
|
|
|
<fileExtensions>
|
|
|
|
<extension name=".php" />
|
|
|
|
<extension name=".twig" checker="./vendor/psalm/plugin-symfony/src/Twig/TemplateFileAnalyzer.php"/>
|
|
|
|
</fileExtensions>
|
|
|
|
```
|
|
|
|
|
|
|
|
To allow the analysis through the cached template files, you have to add the `twigCachePath` entry to the plugin configuration :
|
|
|
|
|
|
|
|
```xml
|
|
|
|
<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin">
|
|
|
|
<twigCachePath>/cache/twig</twigCachePath>
|
|
|
|
</pluginClass>
|
|
|
|
```
|
|
|
|
|
2019-11-14 08:27:50 +01:00
|
|
|
### Credits
|
|
|
|
|
2020-03-13 17:28:45 +01:00
|
|
|
- Plugin created by [@seferov](https://github.com/seferov)
|
2019-11-14 08:27:50 +01:00
|
|
|
- [@weirdan](https://github.com/weirdan) for [codeception psalm module](https://github.com/weirdan/codeception-psalm-module)
|