https://github.com/struggle-for-php/sfp-deptrac-builtin

Deptrac extension to enforce application on framework rule.
https://github.com/struggle-for-php/sfp-deptrac-builtin

Last synced: 5 months ago
JSON representation

Deptrac extension to enforce application on framework rule.

• Host: GitHub
• URL: https://github.com/struggle-for-php/sfp-deptrac-builtin
• Owner: struggle-for-php
• Created: 2022-09-26T14:54:12.000Z (almost 4 years ago)
• Default Branch: 0.3.x
• Last Pushed: 2024-06-09T02:22:44.000Z (about 2 years ago)
• Last Synced: 2025-12-01T16:32:08.625Z (7 months ago)
• Language: PHP
• Homepage:
• Size: 80.1 KB
• Stars: 1
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Deptrac extension to enforce application on framework rule.

PHP Web application on framework should not use network function like `header()`. 

But this rule is **Implicit** !.

This extension is attempted to find violate such rule.

## Example

 - examples/src/Action/UserShowAction.php includes

```

    public function handle(ServerRequestInterface $request): ResponseInterface

    {

        \header('Location: http://www.example.com/');

    }

```

```

$ cd examples/

$ ./vendor/bin/deptrac analyse

 107/107 [▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓] 100%

 ----------- ----------------------------------------------------------------------------------

  Reason      Action

 ----------- ----------------------------------------------------------------------------------

  Violation   Foo\Action\UserShowAction must not depend on header() (Sending Raw HTTP)

              /home/sasezaki/dev/sfp-deptrac-builtin/examples/src/Action/UserShowAction.php:20

 ----------- ----------------------------------------------------------------------------------

 -------------------- -----

  Report

 -------------------- -----

  Violations           1

  Skipped violations   0

  Uncovered            24

  Allowed              48

  Warnings             0

  Errors               0

 -------------------- -----

 ```

## Q&A

- Q. Why not use PHPCS `forbiddenFunctionNames` ?

  - A. IMO, `forbiddenFunctionNames` is only should be used for dangerous function (its own) or alias function.

Reason of forbidden `header()` usage in application is layer problem.

- Q. When called `header()` with `'Location: ...`, then should be called `exit()` on same scope, is it not ?

  - A. Maybe..

## Inspired 

This extension is developed inspired from this talk.

https://speakerdeck.com/asumikam/phpcon-2022