• Stars
    star
    586
  • Rank 76,279 (Top 2 %)
  • Language
    PHP
  • License
    MIT License
  • Created about 7 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Extra strict and opinionated rules for PHPStan

Extra strict and opinionated rules for PHPStan

Build Latest Stable Version License

PHPStan focuses on finding bugs in your code. But in PHP there's a lot of leeway in how stuff can be written. This repository contains additional rules that revolve around strictly and strongly typed code with no loose casting for those who want additional safety in extremely defensive programming:

  • Require booleans in if, elseif, ternary operator, after !, and on both sides of && and ||.
  • Require numeric operands or arrays in + and numeric operands in -/*///**/%.
  • Require numeric operand in $var++, $var--, ++$varand --$var.
  • These functions contain a $strict parameter for better type safety, it must be set to true:
    • in_array (3rd parameter)
    • array_search (3rd parameter)
    • array_keys (3rd parameter; only if the 2nd parameter $search_value is provided)
    • base64_decode (2nd parameter)
  • Variables assigned in while loop condition and for loop initial assignment cannot be used after the loop.
  • Variables set in foreach that's always looped thanks to non-empty arrays cannot be used after the loop.
  • Types in switch condition and case value must match. PHP compares them loosely by default and that can lead to unexpected results.
  • Check that statically declared methods are called statically.
  • Disallow empty() - it's a very loose comparison (see manual), it's recommended to use more strict one.
  • Disallow short ternary operator (?:) - implies weak comparison, it's recommended to use null coalesce operator (??) or ternary operator with strict condition.
  • Disallow variable variables ($$foo, $this->$method() etc.)
  • Disallow overwriting variables with foreach key and value variables
  • Always true instanceof, type-checking is_* functions and strict comparisons ===/!==. These checks can be turned off by setting checkAlwaysTrueInstanceof/checkAlwaysTrueCheckTypeFunctionCall/checkAlwaysTrueStrictComparison to false.
  • Correct case for referenced and called function names.
  • Correct case for inherited and implemented method names.
  • Contravariance for parameter types and covariance for return types in inherited methods (also known as Liskov substitution principle - LSP)
  • Check LSP even for static methods
  • Require calling parent constructor
  • Disallow usage of backtick operator ($ls = `ls -la`)
  • Closure should use $this directly instead of using $this variable indirectly

Additional rules are coming in subsequent releases!

Installation

To use this extension, require it in Composer:

composer require --dev phpstan/phpstan-strict-rules

If you also install phpstan/extension-installer then you're all set!

Manual installation

If you don't want to use phpstan/extension-installer, include rules.neon in your project's PHPStan config:

includes:
    - vendor/phpstan/phpstan-strict-rules/rules.neon

Disabling rules

You can disable rules using configuration parameters:

parameters:
	strictRules:
		disallowedLooseComparison: false
		booleansInConditions: false
		uselessCast: false
		requireParentConstructorCall: false
		disallowedConstructs: false
		overwriteVariablesWithLoop: false
		closureUsesThis: false
		matchingInheritedMethodNames: false
		numericOperandsInArithmeticOperators: false
		strictCalls: false
		switchConditionsMatchingType: false
		noVariableVariables: false
		strictArrayFilter: false

Aside from introducing new custom rules, phpstan-strict-rules also change the default values of some configuration parameters that are present in PHPStan itself. These parameters are documented on phpstan.org.

Enabling rules one-by-one

If you don't want to start using all the available strict rules at once but only one or two, you can!

You can disable all rules from the included rules.neon with:

parameters:
	strictRules:
		allRules: false

Then you can re-enable individual rules with configuration parameters:

parameters:
	strictRules:
		allRules: false
		booleansInConditions: true

Even with strictRules.allRules set to false, part of this package is still in effect. That's because phpstan-strict-rules also change the default values of some configuration parameters that are present in PHPStan itself. These parameters are documented on phpstan.org.

More Repositories

1

phpstan

PHP Static Analysis Tool - discover bugs in your code without running it!
PHP
12,763
star
2

phpdoc-parser

Next-gen phpDoc parser with support for intersection types and generics
PHP
1,303
star
3

phpstan-symfony

Symfony extension for PHPStan
PHP
691
star
4

phpstan-doctrine

Doctrine extensions for PHPStan
PHP
577
star
5

phpstan-phpunit

PHPUnit extensions and rules for PHPStan
PHP
450
star
6

extension-installer

Composer plugin for automatic installation of PHPStan extensions.
PHP
395
star
7

phpstan-deprecation-rules

PHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits.
PHP
360
star
8

phpstan-src

PHPStan's source code. This is where development happens. Check https://github.com/phpstan/phpstan for the distribution repository.
PHP
307
star
9

phpstan-webmozart-assert

PHPStan extension for webmozart/assert
PHP
160
star
10

phpstan-nette

Nette Framework class reflection extension for PHPStan & framework-specific rules
PHP
100
star
11

phpstan-shim

[DEPRECATED] This repository provides easy way to install PHPStan without the risk of conflicting dependencies.
PHP
87
star
12

phpstan-mockery

PHPStan extension for Mockery
PHP
81
star
13

phpstan-beberlei-assert

PHPStan extension for beberlei/assert
PHP
38
star
14

vim-phpstan

A Vim plugin for PHPStan - https://github.com/phpstan/phpstan. It calls `phpstan` to do static analysis of your PHP code and displays the errors in Vim's quickfix list.
PHP
29
star
15

php-8-stubs

PHP
27
star
16

phpstan-php-parser

PHP-Parser extension for PHPStan
Makefile
23
star
17

phpstan-dibi

Dibi class reflection extension for PHPStan
PHP
15
star
18

build-cs

Coding standard for 1st party PHPStan extensions
2
star