Releases: spaze/phpstan-disallowed-calls
Can exclude disallowed classes based on attribute
Allow excluding disallowed classes based on attribute (#319, thanks @morrislaptop)
If you disallow multiple classes or namespaces using an fnmatch wildcard, for example like this:
disallowedClasses:
-
class: 'Foo\Bar\*Something'... then there may be one or more classes that you'd like to exclude from all the *Something classes for some reason. Previously, starting with 2.15.0, you could exclude them by name using the exclude option:
exclude:
- 'Foo\Bar\NotThisSomething'This release brings a new directive called excludeWithAttribute which you can also use to exclude items from the original set, but based on whether they have the specified attribute:
disallowedClasses:
-
class: 'Foo\Bar\*Something'
excludeWithAttribute:
- 'MyApp\ThisAttribute'Then if you have two classes like this:
namespace Foo\Bar;
class ThisSomething
{
}
#[\MyApp\ThisAttribute]
class ThatSomething
{
}then only ThisSomething class would be disallowed.
excludeWithAttribute is supported for classes and namespaces for now, and supports fnmatch patterns.
Internal changes
- Make tests green when running with
zend.assertions=1(#321)
Contributors
Assets 2
Classes in method params can be allowed by method attributes
This is a follow-up to the allowInMethodsWithAttributes feature added in 4.3.1.
When you disallow the Event class (with disallowedClasses) and would like to allow it again in a method that has the Attr attribute (see the example code below), the Event class should be allowed even in the method signature. Previously, it was flagged as a disallowed usage (#315)
class Handler
{
#[Attr]
public function foo(Event $event) // should be allowed too
{
$event = new Event(); // allowed
}
}allowInInstanceOf and allow* support for all items
What's Changed
- You can now allow some items in
instanceofs (allowInInstanceOf,allowExceptInInstanceOf,allowInUsedirectives, docs) (#306) - Full
allow*support for all items (previously constants, superglobals and control structures didn't support for exampleallowInMethodsetc.) (#310) - The extension can now be tested with PHPUnit 12.x (#309)
If this extension helps you write better code you can sponsor a release or buy me a 🍻 or a 🍰, thanks!
Re-allow in class with/by attributes
This bugfix release includes a better detection of disallowed attributes reallowed in a method with attributes (#304)
The original 4.3.0 release notes:
This release has been sponsored by @TicketSwap & @ruudk, thank you 🍰
Re-allow in class with/by attributes (#296, #298)
So far, when you wanted to re-allow a disallowed function or a method, or specifically disallow them, you could use:
- an
allowInpath to specify a path or a filename where the function or method could be called without generating an error - or
allowInMethods(or theallowInFunctionsalias) to specify functions and methods in which the disallowed function would be allowed - you could also use the companion directives
disallowInordisallowInMethods(or theallowExceptIn[...]aliases) if you wanted to list paths or methods in which the call is explicitly disallowed
Starting with this release, you can use attributes to sort of mark functions and methods in which the disallowed call would be allowed (or explicitly disallowed):
- use
allowInClassWithAttributesto allow for example a method in a class that has a specified class attribute - use
allowInMethodsWithAttributes(or thedisallowInFunctionsWithAttributesalias) to allow the call in methods (or function) with the given method attribute (or a function attribute) - use
allowInClassWithMethodAttributesto allow a call in a class where any method has the attribute, where "any method" includes any other method as well, static or not, public, private, or protected - you can also use the
disallowIn[...]counterparts (withallowExceptIn[...]aliases) to specify only classes and methods in which the call should be disallowed
This allows you to create rules that do not depend on paths or method names, and can be useful if you're working with frameworks or libs that already use attributes. You can specify multiple items in the directives above and only one of them needs to match (it's not an AND list, more like OR list) and they all support fnmatch patterns.
Other minor changes
- More callable param tests for a bugfix in the previous release (#295)
- Call
fnmatchless often only when needed (#297) - Tweak attribute example in the
disallowedAttributesdocs (#299, thanks @ruudk)
You too can sponsor a release or buy me a 🍻 or a 🍰, thanks!
Re-allow in class with/by attributes
This release has been sponsored by @TicketSwap & @ruudk, thank you 🍰
Re-allow in class with/by attributes (#296, #298)
So far, when you wanted to re-allow a disallowed function or a method, or specifically disallow them, you could use:
- an
allowInpath to specify a path or a filename where the function or method could be called without generating an error - or
allowInMethods(or theallowInFunctionsalias) to specify functions and methods in which the disallowed function would be allowed - you could also use the companion directives
disallowInordisallowInMethods(or theallowExceptIn[...]aliases) if you wanted to list paths or methods in which the call is explicitly disallowed
Starting with this release, you can use attributes to sort of mark functions and methods in which the disallowed call would be allowed (or explicitly disallowed):
- use
allowInClassWithAttributesto allow for example a method in a class that has a specified class attribute - use
allowInMethodsWithAttributes(or thedisallowInFunctionsWithAttributesalias) to allow the call in methods (or function) with the given method attribute (or a function attribute) - use
allowInClassWithMethodAttributesto allow a call in a class where any method has the attribute, where "any method" includes any other method as well, static or not, public, private, or protected - you can also use the
disallowIn[...]counterparts (withallowExceptIn[...]aliases) to specify only classes and methods in which the call should be disallowed
This allows you to create rules that do not depend on paths or method names, and can be useful if you're working with frameworks or libs that already use attributes. You can specify multiple items in the directives above and only one of them needs to match (it's not an AND list, more like OR list) and they all support fnmatch patterns.
Other minor changes
- More callable param tests for a bugfix in the previous release (#295)
- Call
fnmatchless often only when needed (#297) - Tweak attribute example in the
disallowedAttributesdocs (#299, thanks @ruudk)
You too can sponsor a release or buy me a 🍻 or a 🍰, thanks!
Callable param variant fix
Can disallow `isset` & `unset`
Detect callables and dynamic calls
This version replaces 4.1.0 in which callables were not detected in constructors. The notes below are taken from 4.1.0.
This release adds new detections listed below, meaning it's possible that you'll see new error messages.
First class callable syntax (#279), for example:
$func = print_r(...);Dynamic calls (#276, #278), for example:
$func('foo');
$object->$method();Test anonymous class usages (#277), for example:
$foo = new class implements ...
$foo = new class extends ...Anonymous class usages (when the anonymous class extends DisallowedClass for example) were detected before, however the detection is now tested.
Detect callable parameters (#281, #283, #285), for example:
array_map('function', []);
array_map([$object, 'method'], []);
array_map([Class::class, 'staticMethod']);Detect callables and dynamic calls (replaced by 4.1.1)
This release has been replaced by 4.1.1 which also detects callables in constructors, unlike this version.
Support both PHPStan 1.12 & 2.0
The 4.0 release removed support for PHPStan 1.x, and this release brings it back. Both PHPStan 1.12 and PHPStan 2.0 are supported (#273).
You can learn more about PHPStan 2.0 in the release notes or in the blog post and don't forget to get yourself an elephpant and a t-shirt!