I'm attempting to implement some quality control on a project, and I've removed all warnings for my project according to a specific profile in the PhpStorm code inspector. Now I want to set up an automated check (maybe a git hook or Jenkins job) so that people don't add additional warnings.
Basically, what I need to do is to run PhpStorm's code > inspect functionality from the command line.
It appears that, by default, PhpStorm uses some kind of internal code inspection tool when I run code > inspect code. It has plugins for PHP Code Sniff and others, but I don't really want to use those. For example, PHP Code Sniff finds all kinds of spacing errors and such (it's a linter, after all), but it doesn't detect things like passing the wrong number of arguments to method signatures (i.e. the stuff I really care about).
So, is there any way to run PhpStorm's code inspection external to PhpStorm?
Hmmm...
Looks like posting this question may have given me the clarity I needed to search for the correct answer. Looks like there's a way to do this outlined in the PHPStorm documentation:
https://www.jetbrains.com/help/phpstorm/command-line-code-inspector.html
Related
In IntelliJ, you can generate JavaDoc by going to Tools -> Generate JavDoc. When you have a Static Web PHP project, however, JavaDoc will not work, throwing the error that no Java classes could be found.
Now, what I need is to generate actual PHPDoc. My functions and classes already have the necessary PHPDoc comments in the source code. How is it done, if it's at all possible without having to resort to PHPStorm?
I haven't been able to find the answer anywhere on StackOverflow or in the IntelliJ documentation. All I have found was how to have IntelliJ automatically generate the necessary PHPDoc comments based on the function signature, but what I wanna do is export them to standalone HTML files.
Go to Run -> Edit Configurations... then add a new PHP script. In the File field, point to the location of phpdoc on your machine. In the Arguments field, add something like this, taking into account whatever extra arguments you may need:
-d /path/to/code -t /path/to/target/directory
Name the script, hit OK to save your changes, and you should be good to go. It'll be added to the dropdown of Run/Debug Configurations.
I'm trying to write a website in PHP that allows the user to enter PHP code, and then be able to run it on my server. However, I want to be able to disable certain features (file access, database access, etc.). Basically, I want the code to run without any risk to my server, and if the code does attempt to do something dangerous, I just want the code to stop running (I don't mind if it just stops, produces an error, or carries on while ignoring the dangerous code).
Is this possible, and if so, how could I achieve this?
Thanks :)
It is possible using libraries that do some simple checking or limiting.
Take a look at a PECL (PHP Extensions) extension called RunKit_Sandbox http://php.net/manual/en/runkit.sandbox.php or PHPSandbox.
The key to look for on Google is PHP Sandbox, it will find you similar libraries.
vi php.ini
and then find disable_functions,
disable the functions as you want! like this :
disable_functions = exec,passthru,popen,proc_open,shell_exec,system,phpinfo,assert,chroot,getcwd,scandir,delete,rmdir,rename,chgrp,chmod,chown,copy,mkdir,file,file_get_contents,fputs,fwrite,dir
I actually developed a package specifically for these kinds of use cases. It can be fully configured and even used to override dangerous functions and globals.
https://github.com/fieryprophet/php-sandbox
Problem
I have a legacy codebase I need to analyze and determine dependencies. Particularly the dependencies on classes (internal/external) and extensions (Memcache, PDO, etc).
What I've Tried
I have reviewed the tools listed in Is there a static code analyzer for PHP files?. Unfortunately, this post is dated and most of the promising tools like phpCallGraph no longer work.
My thought was to analyze the code lexically and look for class tokens. Reviewing a list of these would at least allow me to visually determine dependencies. However finding OtherClass in the following code may be complex:
$classname = 'OtherClass';
echo $classname::doubleColon();
In the end, I doubt I'm the first to need this. I'm sure a tool or combination of tools exist to provide what I need. So I'm asking the SO community before writing this myself.
Update
Ideally this tool will analyze multiple files with complete code coverage. As such, tools like Xdebug, while great, are not solutions to this exact problem.
Instead of phpCallGraph you could use Gopal Vijayaraghavan's inclued extension which in combination with Graphviz gives you a nice looking graph of all included files for a certain execution path.
Example:
Moreover, I'd recommend Xdebug (a PHP debugger) which offers a profiler that outputs data consumable by Valgrind. Use the debugger with a compatible IDE to follow the execution path (which helped me a lot to wade thru e.g. Drupal's massive call-stack).
Combine both and you should get a fairly thourough overview.
EDIT
Searched the web and found nWire for PHP - an eclipse plugin that looks like it could be the right tool for you (30 day free trial which should be enough to give you a head start).
I think PhpCodeAnalyzer is exactly what you're looking for - https://github.com/wapmorgan/PhpCodeAnalyzer
It print list of all used external extensions in code base.
I know there are PHP debugging tools available, but I'm curious about doing something like this myself.
Is there a way to obtain the data that is being processed by PHP for debugging purposes? For example, without having to change the code of my PHP application, is there some way, when I run a function, I can see what variables exist within that function, what called that function, what the return value was etc?
The solution doesn't specifically doesn't need to be in PHP, ie this could be somethig that is written in C etc
Well, may I suggest you look into adding firePHP to your code. FirePHP has 2 components, a server side component, and a browser component for firefox, it uses the firebug addon. Once installed properly you can do things like FB::Log($variable) and you will see this information inside of the log portion of firebug, when you click on it, it shows the entire variable broken out. Also if you were to install the error handler, when you get a caught exception, you are able to see the entire stack trace of how this exception was invoked.
Highly recommended.
try PHP xdebug module - http://xdebug.org/
u can log the debugging info,
or output as HTML
changes might required to initiate xdebug
You can use some introspective functions like debug_backtrace, but these will only get you so far. To gather any kind of information, you would need to hook into PHP itself, which you would most likely do with an extension written in C. I'd suggest you check out one of the existing debuggers to see how they do it, for example xdebug.
any good open source/commercial PHP testing tools available??
I don't know exactly what do you want to test but here are some tools which help during development:
PHPUnit for unit tests
CodeSniffer for coding standards
PHP Mess Detector for code quality
For testing a web application within your web browser automatically try Selenium.
I can also recommend FirePHP with will enable you to debug your code using the Firebug plugin for Firefox.
A list of PHP Performance Test Tools in this link http://scriptime.blogspot.in/2014/07/performance-test-tools.html
Check out PHPUnit:
http://www.phpunit.de/
One especially handy tool to debug is xdebug. Install through PECL. Integrated with your IDE you'll be able to interactively step through code. Without the IDE and it'll prettify your errors and help you test them.
For automatically testing the app itself, Selenium seems to be the best choice. Note that I don't use it, but it will automatically simulate going to a page, filling in data on a form, etc. It's basically a way to automate users' activity in a browser.
The other suggestions are all apt as well.
To test the code you should write unit tests. This requires two tools, what you need is a debugger (xdebug or zend debugger) and phpunit. They can be written in any editor. If you haven't done this before here is an intro article.
http://devzone.zend.com/article/2772
To test the output of the code (HTML,CSS,JS) you should use a different tool. A GUI testing tool is what you use for this job. Here is a list of these tools. Selenium and Selenium based tools is probably the way to go, but the best decision depends on the company and lack thereof.
http://en.wikipedia.org/wiki/List_of_GUI_testing_tools
Do you mean a site where you can run PHP code in order to test it? Like localhost?
OK, I'll give you an answer without the smarm :-).
Here, get started with XAMPP http://www.apachefriends.org/en/xampp-windows.html. I don't know of any in-browser PHP testing methods, and I can (off the top of my head) think of several ways that a good coder might exploit a site that uses eval() to run user-submitted code. They'd basically be giving anybody free range to run code on their server. But look...get started on XAMPP and there you can start testing PHP scripts without even needing an internet connection. Also if you're interested in a good PHP beginner's guide, see here:
http://www.tuxradar.com/practicalphp
Not sure if this is for debugging or for testing but i found WAMP to be a good alternative to XAMP. Thats what i use for testing