feat: add NoSuperglobalsRule to PHPStan rules, fixes #4

Author: shyim

rules.neon

@@ -14,6 +14,7 @@ rules:
     - Shopware\PhpStan\Rule\ScheduledTaskTooLowIntervalRule
     - Shopware\PhpStan\Rule\SetForeignKeyRule
     - Shopware\PhpStan\Rule\NoEntityRepositoryInLoopRule
+    - Shopware\PhpStan\Rule\NoSuperglobalsRule
 
 services:
     -

src/Rule/NoSuperglobalsRule.php

@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shopware\PhpStan\Rule;
+
+use PhpParser\Node;
+use PhpParser\Node\Expr\Variable;
+use PHPStan\Analyser\Scope;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleErrorBuilder;
+use PHPStan\Rules\IdentifierRuleError;
+
+/**
+ * @implements Rule<Variable>
+ */
+final class NoSuperglobalsRule implements Rule
+{
+    private const FORBIDDEN_SUPERGLOBALS = [
+        '_GET',
+        '_POST',
+        '_FILES',
+        '_REQUEST',
+    ];
+
+    public function getNodeType(): string
+    {
+        return Variable::class;
+    }
+
+    /**
+     * @return list<IdentifierRuleError>
+     */
+    public function processNode(Node $node, Scope $scope): array
+    {
+        if (!is_string($node->name)) {
+            return [];
+        }
+
+        if (!in_array($node->name, self::FORBIDDEN_SUPERGLOBALS, true)) {
+            return [];
+        }
+
+        return [
+            RuleErrorBuilder::message(
+                sprintf(
+                    'Usage of superglobal $%s is forbidden. Use a proper request object instead.',
+                    $node->name,
+                ),
+            )
+            ->identifier('shopware.noSuperGlobals')
+            ->build(),
+        ];
+    }
+}

tests/Rule/NoSuperglobalsRuleTest.php

@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shopware\PhpStan\Tests\Rule;
+
+use PHPStan\Rules\Rule;
+use PHPStan\Testing\RuleTestCase;
+use Shopware\PhpStan\Rule\NoSuperglobalsRule;
+
+/**
+ * @extends RuleTestCase<NoSuperglobalsRule>
+ */
+class NoSuperglobalsRuleTest extends RuleTestCase
+{
+    protected function getRule(): Rule
+    {
+        return new NoSuperglobalsRule();
+    }
+
+    public function testRule(): void
+    {
+        $this->analyse([__DIR__ . '/fixtures/NoSuperglobals.php'], [
+            [
+                'Usage of superglobal $_GET is forbidden. Use a proper request object instead.',
+                11,
+            ],
+            [
+                'Usage of superglobal $_POST is forbidden. Use a proper request object instead.',
+                12,
+            ],
+            [
+                'Usage of superglobal $_FILES is forbidden. Use a proper request object instead.',
+                13,
+            ],
+            [
+                'Usage of superglobal $_REQUEST is forbidden. Use a proper request object instead.',
+                14,
+            ],
+        ]);
+    }
+}

tests/Rule/fixtures/NoSuperglobals.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shopware\PHPStan\Tests\Rule\Fixtures;
+
+class NoSuperglobals
+{
+    public function test(): void
+    {
+        $get = $_GET['test'];
+        $post = $_POST['test'];
+        $files = $_FILES['test'];
+        $request = $_REQUEST['test'];
+
+        // These should not trigger errors
+        $normalVar = 'test';
+        $anotherVar = $normalVar;
+    }
+}