Normalize leading backslashes in banned function names #30
Conversation
|
@mremi do you mind taking a look at this PR? |
|
@mremi I just resolved the merge conflicts. After 3 years, can I get some feedback? |
|
@celcius112 Do you have someone at Ekino to look at this PR? |
|
Hi @spawnia sorry for the delay, thank you for this contribution 👍 , could you please update CHANGELOG.md and squash your commits? |
|
Added a changelog entry. Can you just use GitHub's Squash & Merge? I am having a hard time getting git to do what I need it to. |
|
Done, thanks again |
| * @param array<string, mixed> $bannedNodes | ||
| * @return array<string> | ||
| */ | ||
| protected function normalizeFunctionNames(array $bannedNodes): array |
There was a problem hiding this comment.
From the method name to see if it should not have a return value and there is no need to pass parameters.
There was a problem hiding this comment.
Mutating parameters is neither common nor good practice in PHP and requires passing by reference for array. Seems bad.
There was a problem hiding this comment.
Wouldn't the following be better practice?
public function __construct(array $bannedNodes)
{
$this->bannedNodes = array_column($bannedNodes, null, 'type');
$this->bannedFunctions = self::normalizeFunctionNames();
}
protected function normalizeFunctionNames(): void
{
$this->bannedFunctions = array_map(
static function (string $function): string {
return ltrim($function, '\\');
},
$this->bannedNodes['Expr_FuncCall']['functions'] ?? []
);
}There was a problem hiding this comment.
I think it would be much worse, the signature (): void expresses no intent.
I stumbled upon this when trying to ban the use of
sprintfin our project. Because we are using the amazing https://github.com/thecodingmachine/safe, we also have to ban\Safe\printf.The configuration looks like this:
What happened is that
\Safe\sprintfwas not found. Upon further investigation, i found thatphp-parserstrips leading backslashes from function calls, even when they occur in the source code.To avoid this hard to find error, i applied the same normalization to the banned functions definitions from the configuration file.