/**
* Check the composer.lock file for security issues.
*
* @param FileInterface $file
* @return bool
*/
public function canReviewFile(FileInterface $file)
{
if ($file->getFileName() === 'composer.lock') {
return true;
}
return false;
}
/**
* Checks if the set file contains any CRLF line endings.
*
* @link http://stackoverflow.com/a/3570574
*/
public function review(ReporterInterface $reporter, FileInterface $file)
{
$cmd = sprintf('file %s | grep --fixed-strings --quiet "CRLF"', $file->getFullPath());
$process = $this->getProcess($cmd);
$process->run();
if ($process->isSuccessful()) {
$message = 'File contains CRLF line endings';
$reporter->error($message, $this, $file);
}
}
/**
* Check the composer.json file is valid.
*
* @param ReporterInterface $reporter
* @param FileInterface $file
*/
public function review(ReporterInterface $reporter, FileInterface $file)
{
$cmd = sprintf('composer validate %s', $file->getFullPath());
$process = $this->getProcess($cmd);
$process->run();
if (!$process->isSuccessful()) {
$message = 'The composer configuration is not valid';
$reporter->error($message, $this, $file);
}
}
/**
* Checks if the set file starts with the correct character sequence, which
* helps to stop any rouge whitespace making it in before the first php tag.
*
* @link http://stackoverflow.com/a/2440685
*/
public function review(ReporterInterface $reporter, FileInterface $file)
{
$cmd = sprintf('read -r LINE < %s && echo $LINE', $file->getFullPath());
$process = $this->getProcess($cmd);
$process->run();
if (!in_array(trim($process->getOutput()), ['<?php', '#!/usr/bin/env php'])) {
$message = 'File must begin with `<?php` or `#!/usr/bin/env php`';
$reporter->error($message, $this, $file);
}
}
/**
* Checks if the file contains `NOCOMMIT`.
*
* @link http://stackoverflow.com/a/4749368
*/
public function review(ReporterInterface $reporter, FileInterface $file)
{
$cmd = sprintf('grep --fixed-strings --ignore-case --quiet "NOCOMMIT" %s', $file->getFullPath());
$process = $this->getProcess($cmd);
$process->run();
if ($process->isSuccessful()) {
$message = 'A NOCOMMIT tag was found';
$reporter->error($message, $this, $file);
}
}
/**
* Check the composer.lock file doesn't contain dependencies
* with known security vulnerabilities.
*
* @param ReporterInterface $reporter
* @param FileInterface $file
*/
public function review(ReporterInterface $reporter, FileInterface $file)
{
$executable = 'vendor/bin/security-checker';
$cmd = sprintf('%s security:check %s', $executable, $file->getFullPath());
$process = $this->getProcess($cmd);
$process->run();
if (!$process->isSuccessful()) {
$message = 'The composer project dependencies contain known vulnerabilities';
$reporter->error($message, $this, $file);
}
}
/**
* Checks and fixes PHP files using PHP Coding Standards Fixer.
*
* @param ReporterInterface $reporter
* @param FileInterface $file
* @return void
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function review(ReporterInterface $reporter, FileInterface $file)
{
$cmd = 'vendor/bin/php-cs-fixer -vvv ';
foreach ($this->options as $key => $value) {
$cmd .= ' --' . $key . '=' . escapeshellarg($value);
}
$cmd .= ' fix ' . escapeshellarg($file->getRelativePath());
$process = $this->getProcess($cmd);
$process->run();
$process = $this->getProcess('git add ' . escapeshellarg($file->getRelativePath()));
$process->run();
}
/**
* Saves a copy of the cached version of the given file to a temp directory.
*
* @param FileInterface $file
*
* @return FileInterface
*/
private function saveFileToCache(FileInterface $file)
{
$cachedPath = sys_get_temp_dir() . self::CACHE_DIR . $file->getRelativePath();
if (!is_dir(dirname($cachedPath))) {
mkdir(dirname($cachedPath), 0700, true);
}
$cmd = sprintf('git show :%s > %s', $file->getRelativePath(), $cachedPath);
$process = new Process($cmd);
$process->run();
$file->setCachedPath($cachedPath);
return $file;
}
/**
* Checks PHP files using the builtin PHP linter, `php -l`.
*/
public function review(ReporterInterface $reporter, FileInterface $file)
{
$cmd = sprintf('php --syntax-check %s', $file->getFullPath());
$process = $this->getProcess($cmd);
$process->run();
// Create the array of outputs and remove empty values.
$output = array_filter(explode(PHP_EOL, $process->getOutput()));
$needle = 'Parse error: syntax error, ';
if (!$process->isSuccessful()) {
foreach (array_slice($output, 0, count($output) - 1) as $error) {
$raw = ucfirst(substr($error, strlen($needle)));
$message = str_replace(' in ' . $file->getFullPath(), '', $raw);
$reporter->error($message, $this, $file);
}
}
}
/**
* Checks PHP files using PHP_CodeSniffer.
*/
public function review(ReporterInterface $reporter, FileInterface $file)
{
$cmd = 'vendor/bin/phpcs --report=json ';
if ($this->getOptionsForConsole()) {
$cmd .= $this->getOptionsForConsole();
}
$cmd .= $file->getFullPath();
$process = $this->getProcess($cmd);
$process->run();
if (!$process->isSuccessful()) {
// Create the array of outputs and remove empty values.
$output = json_decode($process->getOutput(), true);
$filter = function ($acc, $file) {
if ($file['errors'] > 0 || $file['warnings'] > 0) {
return $acc + $file['messages'];
}
};
foreach (array_reduce($output['files'], $filter, []) as $error) {
$message = $error['message'] . ' on line ' . $error['line'];
$reporter->warning($message, $this, $file);
}
}
}
/**
* @param FileInterface $file
*
* @return bool
*/
protected function canReviewFile(FileInterface $file)
{
return $file->getExtension() === 'php';
}
/**
* Review any text based file.
*
* @link http://stackoverflow.com/a/632786
*
* @param FileInterface $file
* @return bool
*/
public function canReviewFile(FileInterface $file)
{
$mime = $file->getMimeType();
// check to see if the mime-type starts with 'text'
return substr($mime, 0, 4) === 'text';
}
/**
* Determins if the given file should be revewed.
*
* @param FileInterface $file
* @return bool
*/
public function canReviewFile(FileInterface $file)
{
return $file->getExtension() === 'php' && substr($file->getFileName(), -strlen('blade.php')) != 'blade.php';
}
public function canReviewFile(FileInterface $file)
{
$extension = $file->getExtension();
return $extension === 'php' || $extension === 'phtml';
}
/**
* Lint only the composer.json file.
*
* @param FileInterface $file
* @return bool
*/
public function canReviewFile(FileInterface $file)
{
// only if the filename is "composer.json"
return $file->getFileName() === 'composer.json';
}
