From 60b1e63c23f1e9eb070a2113b2ec8e6b1b2edd1c Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Sat, 8 Jun 2024 20:54:46 +0100 Subject: [PATCH 01/40] feat: initial work on presets --- src/ArchPresets/Base.php | 28 +++++++++++++++++ src/ArchPresets/Strict.php | 28 +++++++++++++++++ src/Contracts/ArchPreset.php | 21 +++++++++++++ src/PendingCalls/TestCall.php | 9 ++++++ src/Preset.php | 58 +++++++++++++++++++++++++++++++++++ tests/.snapshots/success.txt | 6 ++-- tests/Arch.php | 6 ++++ tests/Playground.php | 4 +-- tests/Visual/Parallel.php | 2 +- 9 files changed, 156 insertions(+), 6 deletions(-) create mode 100644 src/ArchPresets/Base.php create mode 100644 src/ArchPresets/Strict.php create mode 100644 src/Contracts/ArchPreset.php create mode 100644 src/Preset.php diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php new file mode 100644 index 00000000..2ee5d5a9 --- /dev/null +++ b/src/ArchPresets/Base.php @@ -0,0 +1,28 @@ + $baseNamespace + */ + public function boot(TestCall $testCall, array $baseNamespace): TestCall|ArchExpectation + { + return $testCall + ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep']) + ->not + ->toBeUsed(); + } +} diff --git a/src/ArchPresets/Strict.php b/src/ArchPresets/Strict.php new file mode 100644 index 00000000..c4fbe196 --- /dev/null +++ b/src/ArchPresets/Strict.php @@ -0,0 +1,28 @@ + $baseNamespaces + */ + public function boot(TestCall $testCall, array $baseNamespaces): TestCall|ArchExpectation + { + return $testCall + ->expect($baseNamespaces) + ->each + ->toUseStrictTypes(); + } +} diff --git a/src/Contracts/ArchPreset.php b/src/Contracts/ArchPreset.php new file mode 100644 index 00000000..24a250d3 --- /dev/null +++ b/src/Contracts/ArchPreset.php @@ -0,0 +1,21 @@ + $baseNamespaces + */ + public function boot(TestCall $testCall, array $baseNamespaces): TestCall|ArchExpectation; +} diff --git a/src/PendingCalls/TestCall.php b/src/PendingCalls/TestCall.php index 5422347f..fb8f72c8 100644 --- a/src/PendingCalls/TestCall.php +++ b/src/PendingCalls/TestCall.php @@ -12,6 +12,7 @@ use Pest\Factories\TestCaseMethodFactory; use Pest\Mutate\Decorators\TestCallDecorator as MutationTestCallDecorator; use Pest\PendingCalls\Concerns\Describable; use Pest\Plugins\Only; +use Pest\Preset; use Pest\Support\Backtrace; use Pest\Support\Exporter; use Pest\Support\HigherOrderCallables; @@ -521,4 +522,12 @@ final class TestCall $testCase->attributes = array_merge($testCase->attributes, $this->testCaseFactoryAttributes); } } + + /** + * Uses the given preset on the test. + */ + public function preset(): Preset + { + return new Preset($this); + } } diff --git a/src/Preset.php b/src/Preset.php new file mode 100644 index 00000000..de01bf88 --- /dev/null +++ b/src/Preset.php @@ -0,0 +1,58 @@ +boot($this->testCall, $this->baseNamespaces()); + } + + /** + * Uses the Pest strict preset and returns the test call instance. + */ + public function strict(): TestCall + { + (new ArchPresets\Strict)->boot($this->testCall, $this->baseNamespaces()); + + return $this->testCall; + } + + /** + * Get the base namespaces for the application / package. + */ + private function baseNamespaces(): array + { + if (self::$baseNamespaces === null) { + self::$baseNamespaces = Composer::userNamespaces(); + } + + return self::$baseNamespaces; + } +} diff --git a/tests/.snapshots/success.txt b/tests/.snapshots/success.txt index 6a99b1d9..b00c7c9e 100644 --- a/tests/.snapshots/success.txt +++ b/tests/.snapshots/success.txt @@ -1,5 +1,7 @@ PASS Tests\Arch + ✓ expect ['dd', 'dump', 'ray', …] → not → toBeUsed → ignoring 'Pest\Expectation' + ✓ expect ['Pest'] → each → toUseStrictTypes ✓ globals ✓ dependencies ✓ contracts @@ -1266,7 +1268,7 @@ ✓ closure was bound to CustomTestCase PASS Tests\Playground - ✓ basic + ✓ expect ['Pest'] → each → toUseStrictTypes PASS Tests\Plugins\Traits ✓ it allows global uses @@ -1461,4 +1463,4 @@ WARN Tests\Visual\Version - visual snapshot of help command output - Tests: 2 deprecated, 4 warnings, 5 incomplete, 2 notices, 13 todos, 24 skipped, 1042 passed (2563 assertions) \ No newline at end of file + Tests: 2 deprecated, 4 warnings, 5 incomplete, 2 notices, 13 todos, 24 skipped, 1044 passed (2565 assertions) \ No newline at end of file diff --git a/tests/Arch.php b/tests/Arch.php index 7c508cf2..e63b998c 100644 --- a/tests/Arch.php +++ b/tests/Arch.php @@ -2,6 +2,10 @@ use Pest\Expectation; +arch()->preset()->base()->ignoring(Expectation::class); + +arch()->preset()->strict(); + arch('globals') ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep']) ->not->toBeUsed() @@ -30,4 +34,6 @@ arch('contracts') 'NunoMaduro\Collision\Contracts', 'Pest\Factories\TestCaseMethodFactory', 'Symfony\Component\Console', + 'Pest\Arch\Contracts', + 'Pest\PendingCalls', ])->toBeInterfaces(); diff --git a/tests/Playground.php b/tests/Playground.php index be30ae7d..dbc1a3ae 100644 --- a/tests/Playground.php +++ b/tests/Playground.php @@ -1,5 +1,3 @@ toBeTrue(); -}); +arch()->preset()->strict(); diff --git a/tests/Visual/Parallel.php b/tests/Visual/Parallel.php index 28f83d63..cdc756c4 100644 --- a/tests/Visual/Parallel.php +++ b/tests/Visual/Parallel.php @@ -16,7 +16,7 @@ $run = function () { test('parallel', function () use ($run) { expect($run('--exclude-group=integration')) - ->toContain('Tests: 2 deprecated, 4 warnings, 5 incomplete, 2 notices, 13 todos, 19 skipped, 1028 passed (2531 assertions)') + ->toContain('Tests: 2 deprecated, 4 warnings, 5 incomplete, 2 notices, 13 todos, 19 skipped, 1030 passed (2533 assertions)') ->toContain('Parallel: 3 processes'); })->skipOnWindows(); From bd16769b932d64343eab0a7908d7ef7ca97bbc57 Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Sun, 9 Jun 2024 00:05:18 +0100 Subject: [PATCH 02/40] fixes tests --- src/ArchPresets/Base.php | 2 +- src/ArchPresets/Strict.php | 2 +- src/Preset.php | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 2ee5d5a9..3a340d70 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -20,7 +20,7 @@ final class Base implements ArchPreset */ public function boot(TestCall $testCall, array $baseNamespace): TestCall|ArchExpectation { - return $testCall + return $testCall // @phpstan-ignore-line ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep']) ->not ->toBeUsed(); diff --git a/src/ArchPresets/Strict.php b/src/ArchPresets/Strict.php index c4fbe196..9d93b7ed 100644 --- a/src/ArchPresets/Strict.php +++ b/src/ArchPresets/Strict.php @@ -20,7 +20,7 @@ final class Strict implements ArchPreset */ public function boot(TestCall $testCall, array $baseNamespaces): TestCall|ArchExpectation { - return $testCall + return $testCall // @phpstan-ignore-line ->expect($baseNamespaces) ->each ->toUseStrictTypes(); diff --git a/src/Preset.php b/src/Preset.php index de01bf88..6df57197 100644 --- a/src/Preset.php +++ b/src/Preset.php @@ -15,6 +15,8 @@ final class Preset { /** * The application / package base namespaces. + * + * @var ?array */ private static ?array $baseNamespaces = null; @@ -46,6 +48,8 @@ final class Preset /** * Get the base namespaces for the application / package. + * + * @return array */ private function baseNamespaces(): array { From cc41a7f81d812e10b8ff755b0cd05ddd18a5f906 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Sun, 9 Jun 2024 19:16:29 +0530 Subject: [PATCH 03/40] feat: add 'eval' to list of expected functions in Base.php --- src/ArchPresets/Base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 3a340d70..409e4bb3 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -21,7 +21,7 @@ final class Base implements ArchPreset public function boot(TestCall $testCall, array $baseNamespace): TestCall|ArchExpectation { return $testCall // @phpstan-ignore-line - ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep']) + ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep', 'eval']) ->not ->toBeUsed(); } From d6b59e4e969e436dd378d9706fb35d18c983ade5 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Sun, 9 Jun 2024 19:32:49 +0530 Subject: [PATCH 04/40] feat: add 'ini_set' to list of expected functions in Base.php --- src/ArchPresets/Base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 409e4bb3..cfa9455f 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -21,7 +21,7 @@ final class Base implements ArchPreset public function boot(TestCall $testCall, array $baseNamespace): TestCall|ArchExpectation { return $testCall // @phpstan-ignore-line - ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep', 'eval']) + ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep', 'eval', 'ini_set']) ->not ->toBeUsed(); } From ceb7244b4316a935464e10b7fa5fbd72f1fd4c88 Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Sun, 9 Jun 2024 22:22:46 +0100 Subject: [PATCH 05/40] feat(presets): refactors code --- src/ArchPresets/AbstractPreset.php | 54 ++++++++++++++++++++++++++++++ src/ArchPresets/Base.php | 15 +++------ src/ArchPresets/Strict.php | 20 ++++------- src/Contracts/ArchPreset.php | 9 ----- src/Preset.php | 40 ++++++++++++++++++---- tests/.snapshots/success.txt | 6 ++-- tests/Playground.php | 4 ++- 7 files changed, 105 insertions(+), 43 deletions(-) create mode 100644 src/ArchPresets/AbstractPreset.php diff --git a/src/ArchPresets/AbstractPreset.php b/src/ArchPresets/AbstractPreset.php new file mode 100644 index 00000000..b270a023 --- /dev/null +++ b/src/ArchPresets/AbstractPreset.php @@ -0,0 +1,54 @@ + $userNamespaces + * @param array $expectations + */ + final public function __construct(// @phpstan-ignore-line + protected array $userNamespaces, + protected array $expectations = [], + ) { + // + } + + /** + * Executes the arch preset. + * + * @internal + */ + abstract public function execute(): void; + + /** + * Ignores the given "targets" or "dependencies". + * + * @param array|string $targetsOrDependencies + */ + final public function ignoring(array|string $targetsOrDependencies): void + { + $this->expectations = array_map( + fn (ArchExpectation $expectation): \Pest\Arch\Contracts\ArchExpectation => $expectation->ignoring($targetsOrDependencies), + $this->expectations, + ); + } + + /** + * Flushes the expectations. + */ + final public function flush(): void + { + $this->expectations = []; + } +} diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index cfa9455f..f2a98a87 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -4,24 +4,17 @@ declare(strict_types=1); namespace Pest\ArchPresets; -use Pest\Arch\Contracts\ArchExpectation; -use Pest\Contracts\ArchPreset; -use Pest\PendingCalls\TestCall; - /** * @internal */ -final class Base implements ArchPreset +final class Base extends AbstractPreset { /** - * Boots the arch preset. - * - * @param array $baseNamespace + * Executes the arch preset. */ - public function boot(TestCall $testCall, array $baseNamespace): TestCall|ArchExpectation + public function execute(): void { - return $testCall // @phpstan-ignore-line - ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep', 'eval', 'ini_set']) + $this->expectations[] = expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep', 'eval', 'ini_set']) ->not ->toBeUsed(); } diff --git a/src/ArchPresets/Strict.php b/src/ArchPresets/Strict.php index 9d93b7ed..23891c4e 100644 --- a/src/ArchPresets/Strict.php +++ b/src/ArchPresets/Strict.php @@ -4,25 +4,19 @@ declare(strict_types=1); namespace Pest\ArchPresets; -use Pest\Arch\Contracts\ArchExpectation; -use Pest\Contracts\ArchPreset; -use Pest\PendingCalls\TestCall; - /** * @internal */ -final class Strict implements ArchPreset +final class Strict extends AbstractPreset { /** - * Boots the arch preset. - * - * @param array $baseNamespaces + * Executes the arch preset. */ - public function boot(TestCall $testCall, array $baseNamespaces): TestCall|ArchExpectation + public function execute(): void { - return $testCall // @phpstan-ignore-line - ->expect($baseNamespaces) - ->each - ->toUseStrictTypes(); + foreach ($this->userNamespaces as $namespace) { + $this->expectations[] = expect($namespace) + ->toUseStrictTypes(); + } } } diff --git a/src/Contracts/ArchPreset.php b/src/Contracts/ArchPreset.php index 24a250d3..6f5a0fca 100644 --- a/src/Contracts/ArchPreset.php +++ b/src/Contracts/ArchPreset.php @@ -4,18 +4,9 @@ declare(strict_types=1); namespace Pest\Contracts; -use Pest\Arch\Contracts\ArchExpectation; -use Pest\PendingCalls\TestCall; - /** * @internal */ interface ArchPreset { - /** - * Boots the arch preset. - * - * @param array $baseNamespaces - */ - public function boot(TestCall $testCall, array $baseNamespaces): TestCall|ArchExpectation; } diff --git a/src/Preset.php b/src/Preset.php index 6df57197..a6ee3a66 100644 --- a/src/Preset.php +++ b/src/Preset.php @@ -4,9 +4,12 @@ declare(strict_types=1); namespace Pest; -use Pest\Arch\Contracts\ArchExpectation; use Pest\Arch\Support\Composer; +use Pest\ArchPresets\AbstractPreset; +use Pest\ArchPresets\Base; +use Pest\ArchPresets\Strict; use Pest\PendingCalls\TestCall; +use stdClass; /** * @internal @@ -31,19 +34,44 @@ final class Preset /** * Uses the Pest base preset and returns the test call instance. */ - public function base(): TestCall|ArchExpectation + public function base(): Base { - return (new ArchPresets\Base)->boot($this->testCall, $this->baseNamespaces()); + return $this->executePreset(new Base($this->baseNamespaces())); } /** * Uses the Pest strict preset and returns the test call instance. */ - public function strict(): TestCall + public function strict(): Strict { - (new ArchPresets\Strict)->boot($this->testCall, $this->baseNamespaces()); + return $this->executePreset(new Strict($this->baseNamespaces())); + } - return $this->testCall; + /** + * Executes the given preset. + * + * @template TPreset of AbstractPreset + * + * @param TPreset $preset + * @return TPreset + */ + private function executePreset(AbstractPreset $preset): AbstractPreset + { + if ((fn (): ?string => $this->description)->call($this->testCall) === null) { + $description = strtolower((new \ReflectionClass($preset))->getShortName()); + + (fn (): string => $this->description = sprintf('arch "%s" preset', $description))->call($this->testCall); + } + + $this->baseNamespaces(); + + $preset->execute(); + + $this->testCall->testCaseMethod->closure = (function () use ($preset): void { + $preset->flush(); + })->bindTo(new stdClass); + + return $preset; } /** diff --git a/tests/.snapshots/success.txt b/tests/.snapshots/success.txt index b00c7c9e..e13630e6 100644 --- a/tests/.snapshots/success.txt +++ b/tests/.snapshots/success.txt @@ -1,7 +1,7 @@ PASS Tests\Arch - ✓ expect ['dd', 'dump', 'ray', …] → not → toBeUsed → ignoring 'Pest\Expectation' - ✓ expect ['Pest'] → each → toUseStrictTypes + ✓ arch "base" preset + ✓ arch "strict" preset ✓ globals ✓ dependencies ✓ contracts @@ -1268,7 +1268,7 @@ ✓ closure was bound to CustomTestCase PASS Tests\Playground - ✓ expect ['Pest'] → each → toUseStrictTypes + ✓ basic PASS Tests\Plugins\Traits ✓ it allows global uses diff --git a/tests/Playground.php b/tests/Playground.php index dbc1a3ae..be30ae7d 100644 --- a/tests/Playground.php +++ b/tests/Playground.php @@ -1,3 +1,5 @@ preset()->strict(); +test('basic', function () { + expect(true)->toBeTrue(); +}); From 878988a02da5b868eb096a4095bfd0cba3d90643 Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Sun, 9 Jun 2024 22:38:30 +0100 Subject: [PATCH 06/40] feat(presets): ignores `eval` for now --- tests/Arch.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/Arch.php b/tests/Arch.php index e63b998c..cfddc837 100644 --- a/tests/Arch.php +++ b/tests/Arch.php @@ -2,7 +2,10 @@ use Pest\Expectation; -arch()->preset()->base()->ignoring(Expectation::class); +arch()->preset()->base()->ignoring([ + Expectation::class, + 'eval', +]); arch()->preset()->strict(); From 2e4a8329a650f51b4162f8173a9e6c7038776965 Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Sun, 9 Jun 2024 22:46:21 +0100 Subject: [PATCH 07/40] feat(presets): keeps improving base presets --- src/ArchPresets/Base.php | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index f2a98a87..cac4f624 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -14,8 +14,18 @@ final class Base extends AbstractPreset */ public function execute(): void { - $this->expectations[] = expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep', 'eval', 'ini_set']) - ->not - ->toBeUsed(); + $this->expectations[] = expect([ + 'dd', + 'dump', + 'ray', + 'die', + 'var_dump', + 'sleep', + 'usleep', + 'exit', + 'phpinfo', + 'print_r', + 'var_export', + ])->not->toBeUsed(); } } From c1e1fff0d0a8799b5550b7d369c339d89d1d19d0 Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Sun, 9 Jun 2024 23:47:53 +0100 Subject: [PATCH 08/40] feat(presets): ignores ddd --- src/ArchPresets/Base.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index cac4f624..73e2e154 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -16,6 +16,7 @@ final class Base extends AbstractPreset { $this->expectations[] = expect([ 'dd', + 'ddd', 'dump', 'ray', 'die', From c54b7e400eac847695a552a3124997c4ef6a5647 Mon Sep 17 00:00:00 2001 From: faissaloux Date: Mon, 10 Jun 2024 00:00:57 +0100 Subject: [PATCH 09/40] echo and print not to be used in base preset --- src/ArchPresets/Base.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index cac4f624..cb490b4b 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -24,6 +24,8 @@ final class Base extends AbstractPreset 'usleep', 'exit', 'phpinfo', + 'echo', + 'print', 'print_r', 'var_export', ])->not->toBeUsed(); From dd1bd929104cef973c48cd6776d2a7407d75abba Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Mon, 10 Jun 2024 01:15:19 +0100 Subject: [PATCH 10/40] feat(presets): more rules --- src/ArchPresets/Base.php | 6 +++--- src/ArchPresets/Laravel.php | 25 +++++++++++++++++++++++++ src/ArchPresets/Strict.php | 5 +++++ 3 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 src/ArchPresets/Laravel.php diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 6891272f..3ce485c3 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -15,15 +15,15 @@ final class Base extends AbstractPreset public function execute(): void { $this->expectations[] = expect([ + 'debug_zval_dump', + 'debug_backtrace', + 'debug_print_backtrace', 'dd', 'ddd', 'dump', 'ray', 'die', 'var_dump', - 'sleep', - 'usleep', - 'exit', 'phpinfo', 'echo', 'print', diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php new file mode 100644 index 00000000..ceeb7d4b --- /dev/null +++ b/src/ArchPresets/Laravel.php @@ -0,0 +1,25 @@ +expectations[] = expect([ + 'env', + ])->not->toBeUsed(); + + $this->expectations[] = expect([ + 'exit', + ])->not->toBeUsed(); + } +} diff --git a/src/ArchPresets/Strict.php b/src/ArchPresets/Strict.php index 23891c4e..655ee5a0 100644 --- a/src/ArchPresets/Strict.php +++ b/src/ArchPresets/Strict.php @@ -15,6 +15,11 @@ final class Strict extends AbstractPreset public function execute(): void { foreach ($this->userNamespaces as $namespace) { + $this->expectations[] = expect([ + 'sleep', + 'usleep', + ])->not->toBeUsed(); + $this->expectations[] = expect($namespace) ->toUseStrictTypes(); } From 13fb66f15c99e9e8ef88da1e480c48eafa27247b Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Mon, 10 Jun 2024 02:22:41 +0100 Subject: [PATCH 11/40] feat(presets): ignores ddd --- tests/Arch.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/Arch.php b/tests/Arch.php index cfddc837..a9e1e103 100644 --- a/tests/Arch.php +++ b/tests/Arch.php @@ -5,6 +5,8 @@ use Pest\Expectation; arch()->preset()->base()->ignoring([ Expectation::class, 'eval', + 'debug_backtrace', + 'usleep', ]); arch()->preset()->strict(); From 7b8e4aec080f0f8c5afa2ab75d0334ceb9ea7864 Mon Sep 17 00:00:00 2001 From: Clara Date: Mon, 10 Jun 2024 11:35:03 +1000 Subject: [PATCH 12/40] feature(presets): Add security preset Looks for functions often seen as insecure --- src/ArchPresets/Security.php | 29 +++++++++++++++++++++++++++++ src/Preset.php | 9 +++++++++ tests/Arch.php | 2 ++ 3 files changed, 40 insertions(+) create mode 100644 src/ArchPresets/Security.php diff --git a/src/ArchPresets/Security.php b/src/ArchPresets/Security.php new file mode 100644 index 00000000..8f756e44 --- /dev/null +++ b/src/ArchPresets/Security.php @@ -0,0 +1,29 @@ +expectations[] = expect([ + 'md5', + 'sha1', + 'uniqid', + 'rand', + 'mt_rand', + 'tempnam', + 'str_shuffle', + 'shuffle', + 'array_rand' + ])->not->toBeUsed(); + } +} diff --git a/src/Preset.php b/src/Preset.php index a6ee3a66..75d4fcc8 100644 --- a/src/Preset.php +++ b/src/Preset.php @@ -8,6 +8,7 @@ use Pest\Arch\Support\Composer; use Pest\ArchPresets\AbstractPreset; use Pest\ArchPresets\Base; use Pest\ArchPresets\Strict; +use Pest\ArchPresets\Security; use Pest\PendingCalls\TestCall; use stdClass; @@ -47,6 +48,14 @@ final class Preset return $this->executePreset(new Strict($this->baseNamespaces())); } + /** + * Uses the Pest security preset and returns the test call instance. + */ + public function security(): AbstractPreset + { + return $this->executePreset(new Security($this->baseNamespaces())); + } + /** * Executes the given preset. * diff --git a/tests/Arch.php b/tests/Arch.php index cfddc837..891b99fd 100644 --- a/tests/Arch.php +++ b/tests/Arch.php @@ -9,6 +9,8 @@ arch()->preset()->base()->ignoring([ arch()->preset()->strict(); +arch()->preset()->security(); + arch('globals') ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep']) ->not->toBeUsed() From 4ac1c6efc641c29fc039b1cd8fe937d16c5fbe61 Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Mon, 10 Jun 2024 11:16:46 +0100 Subject: [PATCH 13/40] feat(presets): adds `goto` --- src/ArchPresets/Base.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 3ce485c3..18f5cf92 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -23,6 +23,7 @@ final class Base extends AbstractPreset 'dump', 'ray', 'die', + 'goto', 'var_dump', 'phpinfo', 'echo', From c73655f4f9d398138f3f24ca09868f3baa6f19d9 Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Mon, 10 Jun 2024 11:22:51 +0100 Subject: [PATCH 14/40] feat(presets): adds `xdebug_*` functions --- src/ArchPresets/Base.php | 41 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 18f5cf92..98bfa808 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -30,6 +30,47 @@ final class Base extends AbstractPreset 'print', 'print_r', 'var_export', + 'xdebug_break', + 'xdebug_call_class', + 'xdebug_call_file', + 'xdebug_call_(int', + 'xdebug_call_line', + 'xdebug_code_coverage_started', + 'xdebug_connect_to_client', + 'xdebug_debug_zval', + 'xdebug_debug_zval_stdout', + 'xdebug_dump_superglobals', + 'xdebug_get_code_coverage', + 'xdebug_get_collected_errors', + 'xdebug_get_function_count', + 'xdebug_get_function_stack', + 'xdebug_get_gc_run_count', + 'xdebug_get_gc_total_collected_roots', + 'xdebug_get_gcstats_filename', + 'xdebug_get_headers', + 'xdebug_get_monitored_functions', + 'xdebug_get_profiler_filename', + 'xdebug_get_stack_depth', + 'xdebug_get_tracefile_name', + 'xdebug_info', + 'xdebug_is_debugger_active', + 'xdebug_memory_usage', + 'xdebug_notify', + 'xdebug_peak_memory_usage', + 'xdebug_print_function_stack', + 'xdebug_set_filter', + 'xdebug_start_code_coverage', + 'xdebug_start_error_collection', + 'xdebug_start_function_monitor', + 'xdebug_start_gcstats', + 'xdebug_start_trace', + 'xdebug_stop_code_coverage', + 'xdebug_stop_error_collection', + 'xdebug_stop_function_monitor', + 'xdebug_stop_gcstats', + 'xdebug_stop_trace', + 'xdebug_time_index', + 'xdebug_var_dump', ])->not->toBeUsed(); } } From c173e3e86ba12666ec414c0e54ce5884c46b6125 Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Mon, 10 Jun 2024 11:39:29 +0100 Subject: [PATCH 15/40] feat(presets): allows usage of `laravel` preset --- src/Preset.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/Preset.php b/src/Preset.php index 75d4fcc8..d2c75d90 100644 --- a/src/Preset.php +++ b/src/Preset.php @@ -7,6 +7,7 @@ namespace Pest; use Pest\Arch\Support\Composer; use Pest\ArchPresets\AbstractPreset; use Pest\ArchPresets\Base; +use Pest\ArchPresets\Laravel; use Pest\ArchPresets\Strict; use Pest\ArchPresets\Security; use Pest\PendingCalls\TestCall; @@ -40,6 +41,14 @@ final class Preset return $this->executePreset(new Base($this->baseNamespaces())); } + /** + * Uses the Pest laravel preset and returns the test call instance. + */ + public function laravel(): Strict + { + return $this->executePreset(new Laravel($this->baseNamespaces())); + } + /** * Uses the Pest strict preset and returns the test call instance. */ From 98e4ebb8fd3ca88702c564bd86d4a82725eb802b Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Mon, 10 Jun 2024 11:40:25 +0100 Subject: [PATCH 16/40] feat(presets): fixes return type --- src/Preset.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Preset.php b/src/Preset.php index d2c75d90..41ad5d64 100644 --- a/src/Preset.php +++ b/src/Preset.php @@ -44,7 +44,7 @@ final class Preset /** * Uses the Pest laravel preset and returns the test call instance. */ - public function laravel(): Strict + public function laravel(): Laravel { return $this->executePreset(new Laravel($this->baseNamespaces())); } From 927cee609ebeba4b923ddd56b0711673f40debef Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Mon, 10 Jun 2024 15:19:55 +0100 Subject: [PATCH 17/40] Update src/ArchPresets/Base.php Co-authored-by: Joshua Gigg --- src/ArchPresets/Base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 98bfa808..52582d90 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -33,7 +33,7 @@ final class Base extends AbstractPreset 'xdebug_break', 'xdebug_call_class', 'xdebug_call_file', - 'xdebug_call_(int', + 'xdebug_call_int', 'xdebug_call_line', 'xdebug_code_coverage_started', 'xdebug_connect_to_client', From 241dcf8f34c7b9204cc0bc56917fc68716661d11 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:25:51 +0530 Subject: [PATCH 18/40] feat(presets): add expectation for Laravel controller suffix --- src/ArchPresets/Laravel.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index ceeb7d4b..97456d81 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -21,5 +21,8 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect([ 'exit', ])->not->toBeUsed(); + + $this->expectations[] = expect('App\Http\Controllers') + ->toHaveSuffix('Controller'); } } From a46142d8c7f21a38690841c7da702f5184ee82fb Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:28:08 +0530 Subject: [PATCH 19/40] feat(presets): update Laravel preset to exclude models with suffix 'Model' --- src/ArchPresets/Laravel.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index 97456d81..13a8fcb2 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -24,5 +24,8 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Http\Controllers') ->toHaveSuffix('Controller'); + + $this->expectations[] = expect('App\Models') + ->not->toHaveSuffix('Model'); } } From 52282cc590577568298cc5df6129e52d013c786e Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:29:12 +0530 Subject: [PATCH 20/40] feat(presets): add expectation for Laravel request suffix --- src/ArchPresets/Laravel.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index 13a8fcb2..6a5b61b9 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -27,5 +27,8 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Models') ->not->toHaveSuffix('Model'); + + $this->expectations[] = expect('App\Http\Requests') + ->toHaveSuffix('Request'); } } From 0c4e6de823cb8e401bbc23aebfebb3f5a062c9b4 Mon Sep 17 00:00:00 2001 From: Shotman Date: Mon, 10 Jun 2024 18:03:46 +0200 Subject: [PATCH 21/40] Add trap to list Adding trap function from https://github.com/buggregator/trap docs: https://docs.buggregator.dev/trap/getting-started.html --- src/ArchPresets/Base.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 52582d90..68d72937 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -71,6 +71,7 @@ final class Base extends AbstractPreset 'xdebug_stop_trace', 'xdebug_time_index', 'xdebug_var_dump', + 'trap', ])->not->toBeUsed(); } } From e8b09d6f8ce2606538e709fb8b071a28b41b6706 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:35:42 +0530 Subject: [PATCH 22/40] feat(presets): add expectation for Laravel command suffix --- src/ArchPresets/Laravel.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index 6a5b61b9..acca3772 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -30,5 +30,8 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Http\Requests') ->toHaveSuffix('Request'); + + $this->expectations[] = expect('App\Console\Commands') + ->toHaveSuffix('Command'); } } From 917f7a64a09d6586eb5382191b9429572e18d636 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:36:59 +0530 Subject: [PATCH 23/40] feat(presets): add expectation for Laravel exception suffix --- src/ArchPresets/Laravel.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index acca3772..c960d5e6 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -33,5 +33,8 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Console\Commands') ->toHaveSuffix('Command'); + + $this->expectations[] = expect('App\Exceptions') + ->toImplement('Throwable'); } } From 65dacd564726b4ee4dc407ddb5365ff9bc83502b Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:38:20 +0530 Subject: [PATCH 24/40] feat(presets): add expectation for Laravel mail class --- src/ArchPresets/Laravel.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index c960d5e6..8cc28d6f 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -36,5 +36,9 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Exceptions') ->toImplement('Throwable'); + + $this->expectations[] = expect('App\Mail') + ->toHaveConstructor() + ->toExtend('Illuminate\Mail\Mailable'); } } From abc245bf85ebb0e9d4c61da272186b1bea7faba1 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:40:16 +0530 Subject: [PATCH 25/40] feat(presets): add expectation for Laravel command handle method --- src/ArchPresets/Laravel.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index 8cc28d6f..d4f5ac3b 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -32,7 +32,10 @@ final class Laravel extends AbstractPreset ->toHaveSuffix('Request'); $this->expectations[] = expect('App\Console\Commands') - ->toHaveSuffix('Command'); + ->toHaveSuffix('Command') + ->toExtend('Illuminate\Console\Command') + ->toHaveMethod('handle') + ->toImplementNothing(); $this->expectations[] = expect('App\Exceptions') ->toImplement('Throwable'); From d8156fee53b341f2f652f093b9b6004ca731fbd2 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:44:49 +0530 Subject: [PATCH 26/40] feat(presets): add expectation for Laravel middleware handle method --- src/ArchPresets/Laravel.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index d4f5ac3b..cae3331b 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -25,6 +25,9 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Http\Controllers') ->toHaveSuffix('Controller'); + $this->expectations[] = expect('App\Http\Middleware') + ->toHaveMethod('handle'); + $this->expectations[] = expect('App\Models') ->not->toHaveSuffix('Model'); From 508e42a2fffa8a676732f8e8a488420cdbc4ffd9 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:45:17 +0530 Subject: [PATCH 27/40] feat(presets): update Laravel preset to include expectation for Laravel request suffix --- src/ArchPresets/Laravel.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index cae3331b..ac5b18c5 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -32,7 +32,9 @@ final class Laravel extends AbstractPreset ->not->toHaveSuffix('Model'); $this->expectations[] = expect('App\Http\Requests') - ->toHaveSuffix('Request'); + ->toHaveSuffix('Request') + ->toExtend('Illuminate\Foundation\Http\FormRequest') + ->toHaveMethod('rules'); $this->expectations[] = expect('App\Console\Commands') ->toHaveSuffix('Command') From 7240250a157b80b7d0788f8414e4d11f549ab77c Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:47:05 +0530 Subject: [PATCH 28/40] feat(presets): add expectation for Laravel job handle method --- src/ArchPresets/Laravel.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index ac5b18c5..403ea4ae 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -48,5 +48,9 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Mail') ->toHaveConstructor() ->toExtend('Illuminate\Mail\Mailable'); + + $this->expectations[] = expect('App\Jobs') + ->toHaveMethod('handle') + ->toHaveConstructor(); } } From 7144d6dfbdde2ef12a606cbe6a7da2cf8e51b961 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:47:12 +0530 Subject: [PATCH 29/40] feat(presets): add expectation for Laravel notification class --- src/ArchPresets/Laravel.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index 403ea4ae..132600fe 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -52,5 +52,9 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Jobs') ->toHaveMethod('handle') ->toHaveConstructor(); + + $this->expectations[] = expect('App\Notifications') + ->toHaveConstructor() + ->toExtend('Illuminate\Notifications\Notification'); } } From 40539ca72018880599f48bcee65914988f850d3d Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:48:25 +0530 Subject: [PATCH 30/40] feat(presets): update Laravel preset to include expectation for Laravel service provider suffix --- src/ArchPresets/Laravel.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index 132600fe..8be49d1d 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -56,5 +56,10 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Notifications') ->toHaveConstructor() ->toExtend('Illuminate\Notifications\Notification'); + + $this->expectations[] = expect('App\Providers') + ->toHaveSuffix('ServiceProvider') + ->toExtend('Illuminate\Support\ServiceProvider') + ->not->toBeUsed(); } } From 1688888f1571f10c35ba33b0c73f5601b2f21dea Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Mon, 10 Jun 2024 21:49:03 +0530 Subject: [PATCH 31/40] feat(presets): update Laravel preset to include expectation for Laravel service provider suffix --- src/ArchPresets/Laravel.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index 8be49d1d..59274f3f 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -53,6 +53,12 @@ final class Laravel extends AbstractPreset ->toHaveMethod('handle') ->toHaveConstructor(); + $this->expectations[] = expect('App\Listeners') + ->toHaveMethod('handle'); + + $this->expectations[] = expect('App\Events') + ->toHaveConstructor(); + $this->expectations[] = expect('App\Notifications') ->toHaveConstructor() ->toExtend('Illuminate\Notifications\Notification'); From 3ad788dddba74ac1bca623ccaea8d362b817016b Mon Sep 17 00:00:00 2001 From: Nuno Maduro Date: Mon, 10 Jun 2024 22:38:40 +0100 Subject: [PATCH 32/40] feat(presets): adjusts laravel preset --- src/ArchPresets/Laravel.php | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/src/ArchPresets/Laravel.php b/src/ArchPresets/Laravel.php index 59274f3f..c85a540c 100644 --- a/src/ArchPresets/Laravel.php +++ b/src/ArchPresets/Laravel.php @@ -16,9 +16,6 @@ final class Laravel extends AbstractPreset { $this->expectations[] = expect([ 'env', - ])->not->toBeUsed(); - - $this->expectations[] = expect([ 'exit', ])->not->toBeUsed(); @@ -39,28 +36,21 @@ final class Laravel extends AbstractPreset $this->expectations[] = expect('App\Console\Commands') ->toHaveSuffix('Command') ->toExtend('Illuminate\Console\Command') - ->toHaveMethod('handle') - ->toImplementNothing(); + ->toHaveMethod('handle'); $this->expectations[] = expect('App\Exceptions') ->toImplement('Throwable'); $this->expectations[] = expect('App\Mail') - ->toHaveConstructor() ->toExtend('Illuminate\Mail\Mailable'); $this->expectations[] = expect('App\Jobs') - ->toHaveMethod('handle') - ->toHaveConstructor(); + ->toHaveMethod('handle'); $this->expectations[] = expect('App\Listeners') ->toHaveMethod('handle'); - $this->expectations[] = expect('App\Events') - ->toHaveConstructor(); - $this->expectations[] = expect('App\Notifications') - ->toHaveConstructor() ->toExtend('Illuminate\Notifications\Notification'); $this->expectations[] = expect('App\Providers') From a25cfb435cd126d3a5ff7fa57f22aa0c1e529b41 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Tue, 11 Jun 2024 20:56:49 +0530 Subject: [PATCH 33/40] Update Base.php to include 'mysql_*' in the list of restricted functions --- src/ArchPresets/Base.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 68d72937..1c492c70 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -23,10 +23,24 @@ final class Base extends AbstractPreset 'dump', 'ray', 'die', - 'goto', + 'goto', 'var_dump', 'phpinfo', 'echo', + 'mysql_connect', + 'mysql_pconnect', + 'mysql_query', + 'mysql_select_db', + 'mysql_fetch_array', + 'mysql_fetch_assoc', + 'mysql_fetch_object', + 'mysql_fetch_row', + 'mysql_num_rows', + 'mysql_affected_rows', + 'mysql_free_result', + 'mysql_insert_id', + 'mysql_error', + 'mysql_real_escape_string', 'print', 'print_r', 'var_export', @@ -71,7 +85,7 @@ final class Base extends AbstractPreset 'xdebug_stop_trace', 'xdebug_time_index', 'xdebug_var_dump', - 'trap', + 'trap', ])->not->toBeUsed(); } } From e4550c8d51885308ec4da65dd33b4b312327917c Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Tue, 11 Jun 2024 20:58:52 +0530 Subject: [PATCH 34/40] Update Base.php to include 'global' in the list of restricted functions --- src/ArchPresets/Base.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 1c492c70..5137ae12 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -24,6 +24,7 @@ final class Base extends AbstractPreset 'ray', 'die', 'goto', + 'global', 'var_dump', 'phpinfo', 'echo', From 4396ee2e033a76e9b67b981aaa3ec0040ec0d4b9 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Tue, 11 Jun 2024 21:02:19 +0530 Subject: [PATCH 35/40] feat(presets): update Security.php to restrict additional dangerous functions --- src/ArchPresets/Security.php | 10 +++++++++- tests/Arch.php | 5 +++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/ArchPresets/Security.php b/src/ArchPresets/Security.php index 8f756e44..2beafa83 100644 --- a/src/ArchPresets/Security.php +++ b/src/ArchPresets/Security.php @@ -23,7 +23,15 @@ final class Security extends AbstractPreset 'tempnam', 'str_shuffle', 'shuffle', - 'array_rand' + 'array_rand', + 'eval', + 'exec', + 'shell_exec', + 'system', + 'passthru', + 'create_function', + 'unserialize', + 'extract', ])->not->toBeUsed(); } } diff --git a/tests/Arch.php b/tests/Arch.php index d3af0dbd..37420691 100644 --- a/tests/Arch.php +++ b/tests/Arch.php @@ -4,14 +4,15 @@ use Pest\Expectation; arch()->preset()->base()->ignoring([ Expectation::class, - 'eval', 'debug_backtrace', 'usleep', ]); arch()->preset()->strict(); -arch()->preset()->security(); +arch()->preset()->security()->ignoring([ + 'eval', +]); arch('globals') ->expect(['dd', 'dump', 'ray', 'die', 'var_dump', 'sleep']) From 7b4dd410f662d3ba794a1e84f30033e09a3253d4 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Tue, 11 Jun 2024 21:08:02 +0530 Subject: [PATCH 36/40] chore: update Arch.php to ignore additional functions in presets --- tests/Arch.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tests/Arch.php b/tests/Arch.php index 37420691..9b73f809 100644 --- a/tests/Arch.php +++ b/tests/Arch.php @@ -5,13 +5,20 @@ use Pest\Expectation; arch()->preset()->base()->ignoring([ Expectation::class, 'debug_backtrace', + 'var_export', + 'xdebug_info', +]); + +arch()->preset()->strict()->ignoring([ 'usleep', ]); -arch()->preset()->strict(); - arch()->preset()->security()->ignoring([ 'eval', + 'str_shuffle', + 'exec', + 'unserialize', + 'extract', ]); arch('globals') From 1bee283d15ac508aebf0c11e242c95a3de147914 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Tue, 11 Jun 2024 21:09:15 +0530 Subject: [PATCH 37/40] Update Base.php to include 'ereg' and 'eregi' in the list of restricted functions --- src/ArchPresets/Base.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ArchPresets/Base.php b/src/ArchPresets/Base.php index 5137ae12..ad64459a 100644 --- a/src/ArchPresets/Base.php +++ b/src/ArchPresets/Base.php @@ -28,6 +28,8 @@ final class Base extends AbstractPreset 'var_dump', 'phpinfo', 'echo', + 'ereg', + 'eregi', 'mysql_connect', 'mysql_pconnect', 'mysql_query', From b873b89b62e6d9660fa9d7324b5c5c80a9b4c105 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Tue, 11 Jun 2024 21:20:32 +0530 Subject: [PATCH 38/40] Restrict additional dangerous functions in Security.php --- src/ArchPresets/Security.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ArchPresets/Security.php b/src/ArchPresets/Security.php index 2beafa83..c7142748 100644 --- a/src/ArchPresets/Security.php +++ b/src/ArchPresets/Security.php @@ -32,6 +32,10 @@ final class Security extends AbstractPreset 'create_function', 'unserialize', 'extract', + 'parse_str', + 'mb_parse_str', + 'dl', + 'assert', ])->not->toBeUsed(); } } From 894dca83f77731cef0e85a7101aeaf7cffe14795 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Tue, 11 Jun 2024 21:24:57 +0530 Subject: [PATCH 39/40] chore: update Arch.php to ignore 'assert' function in presets --- tests/Arch.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Arch.php b/tests/Arch.php index 9b73f809..7e1d0552 100644 --- a/tests/Arch.php +++ b/tests/Arch.php @@ -19,6 +19,7 @@ arch()->preset()->security()->ignoring([ 'exec', 'unserialize', 'extract', + 'assert', ]); arch('globals') From ed3ec79aab6cfb7b6a7bc056862fc9a2f8ae5272 Mon Sep 17 00:00:00 2001 From: Punyapal Shah Date: Tue, 11 Jun 2024 21:26:40 +0530 Subject: [PATCH 40/40] pint --- src/Preset.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Preset.php b/src/Preset.php index 41ad5d64..cc7c8956 100644 --- a/src/Preset.php +++ b/src/Preset.php @@ -8,8 +8,8 @@ use Pest\Arch\Support\Composer; use Pest\ArchPresets\AbstractPreset; use Pest\ArchPresets\Base; use Pest\ArchPresets\Laravel; -use Pest\ArchPresets\Strict; use Pest\ArchPresets\Security; +use Pest\ArchPresets\Strict; use Pest\PendingCalls\TestCall; use stdClass;