Whitelisting #192
Comments
|
It's currently not possible. So far I was more focused on getting something that was working well, but looking at PHPUnit codebase I think it's a clear requirement: listing every classes would be too cumbersome for a project of that size plus there is the risk of leaving out some classes. Right now the syntax for whitelisting classes is: So here are two questions for me regarding that feature, first would the following syntax work out for you? return [
'whitelist' => [
'PHPUnit\Framework\*',
],
];Second question: the whitelisting currently applies only to classes, should it also be applied to constants and functions? That second question is more tricky than it looks. Indeed imagine you have the following code: namespace Acme;
const FOO = 'FOO';
function foo() {};
class X {};Supposing we are whitelisting everything here, right now what you would get is: namespace PhpScoperPrefix\Acme;
const FOO = 'FOO';
function foo() {};
class X {};
class_alias('PhpScoperPrefix\Acme\X', 'Acme\X', false); # this is the actual whitelisting happeningSo as you can see, the whitelisting is right now affecting only classes, not constants neither functions. Would that be an issue? Should the whitelisting affect constants and functions as well and if yes how should that be achieved? The issue is unlike classes you cannot rely on a define('Acme\FOO', 'FOO');PS: I also think #175 would be mandatory in your case. |
|
@theofidry I did not look at this myself recently, @kambo-1st spent Friday and Saturday working on this during the code sprint. He promised to summarize his findings in a comment on sebastianbergmann/phpunit#2015 and I am sure he will. In the meantime, I think that @kambo-1st managed to create a PHAR of PHPUnit that is processed by php-scoper with the classes and interfaces of PHPUnit and phpunit-mock-objects whitelisted. For now, I believe, that he put logic into the php-scoper configuration file that crawls the code to find the classes and interfaces that should be on the whitelist. Regarding your questions: This syntax return [
'whitelist' => [
'PHPUnit\Framework\*',
],
];makes sense to me, thank you for considering to add this. When you write
then you mean that whitelisting currently only applies to classes, interfaces, and traits -- right? With regards to constants and functions: I need to think about this some more. |
Yes |
|
@theofidry Is there any way how can I help you with this? Should I try to implement this by myself? |
|
I think before jumping to the implementation, the first thing that needs to be done is thinking of the API (as a consumer). How do we want to make it work basically. I've been thinking about it for a while but I'm still not quite certain of the best way to go. Maybe you have some idea as a user of what you would wish to have? I was thinking of something like: 'whitelist' => [
'PHPUnit\Framework*',
],or 'whitelist' => [
'PHPUnit\Framework' => 'namespace',
'PHPUnit\FOO' => 'const',
'PHPUnit\foo' => 'func',
], |
|
Both make sense, I guess. |
|
Same goes for me, both make sense. Personally I prefer the second option. |
|
I prefer first one, as more intuitive and all I need |
|
Follow up in #213 (regarding the namespace whitelisting). It's not finished yet but on the way and with luck finished this week |
|
(I guess you meant #213) |
|
indeed, wrong copy paste :) |
Closes #192 Allow to whitelist a complete namespace with the `*` notation, e.g. `*` (for the global namespace) or `Acme\*` **[BC break]:** the API signature has changed to convert the `array` `$whitelist` into the `Whitelist` object
|
@theofidry Thank you! @kambo-1st Will you update sebastianbergmann/phpunit#3086? |
|
Thank you, can't wait to try it |
Hi!
At the PHPUnit Code Sprint here in Hamburg yesterday and today, @kambo-1st worked on sebastianbergmann/phpunit#2015. Based on his findings, we came to the conclusion that (at least) the {classes|interfaces|traits} of
phpunit/phpunitandphpunit/phpunit-mock-objectsneed to be whitelisted when building a prefixed PHAR. By whitelisting we mean that the names of these units of code are not prefixed. The code that declares these units of code needs to be processed, though, as it need to be updated to used the prefixed names of the other dependencies.A problem that we ran into is the fact that php-scoper requires a list of the classes to be whitelisted. Is there any way that whitelisting could work based on namespace names or (FQCN) class name prefixes?
The text was updated successfully, but these errors were encountered: