jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/400081 )
Change subject: Add phan configuration for static analysis ...................................................................... Add phan configuration for static analysis Bug: T179554 Depends-On: I25beea963444b715bed7b2890475c0c812949520 Change-Id: I83f9374b2f3236097860f4aecc694326b891905b --- M .gitignore M TitleBlacklist.list.php M TitleBlacklistPreAuthenticationProvider.php A tests/phan/config.php 4 files changed, 315 insertions(+), 1 deletion(-) Approvals: Legoktm: Looks good to me, approved jenkins-bot: Verified diff --git a/.gitignore b/.gitignore index 2217456..4b4432a 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ ## Sublime sublime-* sftp-config.json +/tests/phan/issues diff --git a/TitleBlacklist.list.php b/TitleBlacklist.list.php index ee902c5..2e1b03f 100644 --- a/TitleBlacklist.list.php +++ b/TitleBlacklist.list.php @@ -109,7 +109,7 @@ /** * Get the text of a blacklist from a specified source * - * @param string $source A blacklist source from $wgTitleBlacklistSources + * @param array $source A blacklist source from $wgTitleBlacklistSources * @return string The content of the blacklist source as a string */ private static function getBlacklistText( $source ) { @@ -311,6 +311,7 @@ /** * Validate a new blacklist * + * @suppress PhanParamSuspiciousOrder The preg_match() params are in the correct order * @param array $blacklist * @return Array of bad entries; empty array means blacklist is valid */ diff --git a/TitleBlacklistPreAuthenticationProvider.php b/TitleBlacklistPreAuthenticationProvider.php index b2371ca..aaea018 100644 --- a/TitleBlacklistPreAuthenticationProvider.php +++ b/TitleBlacklistPreAuthenticationProvider.php @@ -33,6 +33,9 @@ /** @var TitleBlacklistAuthenticationRequest $req */ $req = AuthenticationRequest::getRequestByClass( $reqs, TitleBlacklistAuthenticationRequest::class ); + // For phan check, to ensure that $req is instance of \TitleBlacklistAuthenticationRequest + assert( $req instanceof TitleBlacklistAuthenticationRequest ); + $override = $req && $req->ignoreTitleBlacklist; return TitleBlacklistHooks::testUserName( $user->getName(), $creator, $override, true ); } diff --git a/tests/phan/config.php b/tests/phan/config.php new file mode 100644 index 0000000..b2958fa --- /dev/null +++ b/tests/phan/config.php @@ -0,0 +1,309 @@ +<?php + +// If xdebug is enabled, we need to increase the nesting level for phan +ini_set( 'xdebug.max_nesting_level', 1000 ); + +/** + * This configuration will be read and overlayed on top of the + * default configuration. Command line arguments will be applied + * after this file is read. + * + * @see src/Phan/Config.php + * See Config for all configurable options. + * + * A Note About Paths + * ================== + * + * Files referenced from this file should be defined as + * + * ``` + * Config::projectPath('relative_path/to/file') + * ``` + * + * where the relative path is relative to the root of the + * project which is defined as either the working directory + * of the phan executable or a path passed in via the CLI + * '-d' flag. + */ +return [ + /** + * A list of individual files to include in analysis + * with a path relative to the root directory of the + * project. directory_list won't find .inc files so + * we augment it here. + */ + 'file_list' => [ + ], + + /** + * A list of directories that should be parsed for class and + * method information. After excluding the directories + * defined in exclude_analysis_directory_list, the remaining + * files will be statically analyzed for errors. + * + * Thus, both first-party and third-party code being used by + * your application should be included in this list. + */ + 'directory_list' => [ + './../../includes', + './../../languages', + './../../maintenance', + './../../vendor', + './../Scribunto', + './../AntiSpoof', + './vendor', + '.', + ], + + /** + * A file list that defines files that will be excluded + * from parsing and analysis and will not be read at all. + * + * This is useful for excluding hopelessly unanalyzable + * files that can't be removed for whatever reason. + */ + 'exclude_file_list' => [ + ], + + /** + * A list of directories holding code that we want + * to parse, but not analyze. Also works for individual + * files. + */ + "exclude_analysis_directory_list" => [ + './../../includes', + './../../languages', + './../../maintenance', + './../../vendor', + './../Scribunto', + './../AntiSpoof', + 'vendor/', + 'tests/', + ], + + /** + * Backwards Compatibility Checking. This is slow + * and expensive, but you should consider running + * it before upgrading your version of PHP to a + * new version that has backward compatibility + * breaks. + */ + 'backward_compatibility_checks' => false, + + /** + * A set of fully qualified class-names for which + * a call to parent::__construct() is required + */ + 'parent_constructor_required' => [ + ], + + /** + * Run a quick version of checks that takes less + * time at the cost of not running as thorough + * an analysis. You should consider setting this + * to true only when you wish you had more issues + * to fix in your code base. + * + * In quick-mode the scanner doesn't rescan a function + * or a method's code block every time a call is seen. + * This means that the problem here won't be detected: + * + * ```php + * <?php + * function test($arg):int { + * return $arg; + * } + * test("abc"); + * ``` + * + * This would normally generate: + * + * ```sh + * test.php:3 TypeError return string but `test()` is declared to return int + * ``` + * + * The initial scan of the function's code block has no + * type information for `$arg`. It isn't until we see + * the call and rescan test()'s code block that we can + * detect that it is actually returning the passed in + * `string` instead of an `int` as declared. + */ + 'quick_mode' => false, + + /** + * By default, Phan will not analyze all node types + * in order to save time. If this config is set to true, + * Phan will dig deeper into the AST tree and do an + * analysis on all nodes, possibly finding more issues. + * + * See \Phan\Analysis::shouldVisit for the set of skipped + * nodes. + */ + 'should_visit_all_nodes' => true, + + /** + * If enabled, check all methods that override a + * parent method to make sure its signature is + * compatible with the parent's. This check + * can add quite a bit of time to the analysis. + */ + 'analyze_signature_compatibility' => true, + + // Emit all issues. They are then suppressed via + // suppress_issue_types, rather than a minimum + // severity. + "minimum_severity" => 0, + + /** + * If true, missing properties will be created when + * they are first seen. If false, we'll report an + * error message if there is an attempt to write + * to a class property that wasn't explicitly + * defined. + */ + 'allow_missing_properties' => false, + + /** + * Allow null to be cast as any type and for any + * type to be cast to null. Setting this to false + * will cut down on false positives. + */ + 'null_casts_as_any_type' => true, + + /** + * If enabled, scalars (int, float, bool, string, null) + * are treated as if they can cast to each other. + * + * MediaWiki is pretty lax and uses many scalar + * types interchangably. + */ + 'scalar_implicit_cast' => true, + + /** + * If true, seemingly undeclared variables in the global + * scope will be ignored. This is useful for projects + * with complicated cross-file globals that you have no + * hope of fixing. + */ + 'ignore_undeclared_variables_in_global_scope' => false, + + /** + * Set to true in order to attempt to detect dead + * (unreferenced) code. Keep in mind that the + * results will only be a guess given that classes, + * properties, constants and methods can be referenced + * as variables (like `$class->$property` or + * `$class->$method()`) in ways that we're unable + * to make sense of. + */ + 'dead_code_detection' => false, + + /** + * If true, the dead code detection rig will + * prefer false negatives (not report dead code) to + * false positives (report dead code that is not + * actually dead) which is to say that the graph of + * references will create too many edges rather than + * too few edges when guesses have to be made about + * what references what. + */ + 'dead_code_detection_prefer_false_negative' => true, + + /** + * If disabled, Phan will not read docblock type + * annotation comments (such as for @return, @param, + * @var, @suppress, @deprecated) and only rely on + * types expressed in code. + */ + 'read_type_annotations' => true, + + /** + * If a file path is given, the code base will be + * read from and written to the given location in + * order to attempt to save some work from being + * done. Only changed files will get analyzed if + * the file is read + */ + 'stored_state_file_path' => null, + + /** + * Set to true in order to ignore issue suppression. + * This is useful for testing the state of your code, but + * unlikely to be useful outside of that. + */ + 'disable_suppression' => false, + + /** + * If set to true, we'll dump the AST instead of + * analyzing files + */ + 'dump_ast' => false, + + /** + * If set to a string, we'll dump the fully qualified lowercase + * function and method signatures instead of analyzing files. + */ + 'dump_signatures_file' => null, + + /** + * If true (and if stored_state_file_path is set) we'll + * look at the list of files passed in and expand the list + * to include files that depend on the given files + */ + 'expand_file_list' => false, + + // Include a progress bar in the output + 'progress_bar' => false, + + /** + * The probability of actually emitting any progress + * bar update. Setting this to something very low + * is good for reducing network IO and filling up + * your terminal's buffer when running phan on a + * remote host. + */ + 'progress_bar_sample_rate' => 0.005, + + /** + * The number of processes to fork off during the analysis + * phase. + */ + 'processes' => 1, + + /** + * Add any issue types (such as 'PhanUndeclaredMethod') + * to this black-list to inhibit them from being reported. + */ + 'suppress_issue_types' => [ + 'PhanDeprecatedFunction' + ], + + /** + * If empty, no filter against issues types will be applied. + * If this white-list is non-empty, only issues within the list + * will be emitted by Phan. + */ + 'whitelist_issue_types' => [ + ], + + /** + * Override to hardcode existence and types of (non-builtin) globals in the global scope. + * Class names must be prefixed with '\\'. + * (E.g. ['_FOO' => '\\FooClass', 'page' => '\\PageClass', 'userId' => 'int']) + */ + 'globals_type_map' => [ + ], + + // Emit issue messages with markdown formatting + 'markdown_issue_messages' => false, + + /** + * Enable or disable support for generic templated + * class types. + */ + 'generic_types_enabled' => true, + + // A list of plugin files to execute + 'plugins' => [ + ], +]; -- To view, visit https://gerrit.wikimedia.org/r/400081 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I83f9374b2f3236097860f4aecc694326b891905b Gerrit-PatchSet: 3 Gerrit-Project: mediawiki/extensions/TitleBlacklist Gerrit-Branch: master Gerrit-Owner: Rafidaslam <rafidt...@gmail.com> Gerrit-Reviewer: Addshore <addshorew...@gmail.com> Gerrit-Reviewer: Jackmcbarn <jackmcb...@gmail.com> Gerrit-Reviewer: Legoktm <lego...@member.fsf.org> Gerrit-Reviewer: Rafidaslam <rafidt...@gmail.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits