mirror of
https://github.com/ivuorinen/monolog-gdpr-filter.git
synced 2026-01-26 11:44:04 +00:00
Ismo Vuorinen
00c6f76c97
* feat: performance, integrations, advanced features * chore: fix linting problems * chore: suppressions and linting * chore(lint): pre-commit linting, fixes * feat: comprehensive input validation, security hardening, and regression testing - Add extensive input validation throughout codebase with proper error handling - Implement comprehensive security hardening with ReDoS protection and bounds checking - Add 3 new regression test suites covering critical bugs, security, and validation scenarios - Enhance rate limiting with memory management and configurable cleanup intervals - Update configuration security settings and improve Laravel integration - Fix TODO.md timestamps to reflect actual development timeline - Strengthen static analysis configuration and improve code quality standards * feat: configure static analysis tools and enhance development workflow - Complete configuration of Psalm, PHPStan, and Rector for harmonious static analysis. - Fix invalid configurations and tool conflicts that prevented proper code quality analysis. - Add comprehensive safe analysis script with interactive workflow, backup/restore capabilities, and dry-run modes. Update documentation with linting policy requiring issue resolution over suppression. - Clean completed items from TODO to focus on actionable improvements. - All static analysis tools now work together seamlessly to provide code quality insights without breaking existing functionality. * fix(test): update Invalid regex pattern expectation * chore: phpstan, psalm fixes * chore: phpstan, psalm fixes, more tests * chore: tooling tweaks, cleanup * chore: tweaks to get the tests pass * fix(lint): rector config tweaks and successful run * feat: refactoring, more tests, fixes, cleanup * chore: deduplication, use constants * chore: psalm fixes * chore: ignore phpstan deliberate errors in tests * chore: improve codebase, deduplicate code * fix: lint * chore: deduplication, codebase simplification, sonarqube fixes * fix: resolve SonarQube reliability rating issues Fix useless object instantiation warnings in test files by assigning instantiated objects to variables. This resolves the SonarQube reliability rating issue (was C, now targeting A). Changes: - tests/Strategies/MaskingStrategiesTest.php: Fix 3 instances - tests/Strategies/FieldPathMaskingStrategyTest.php: Fix 1 instance The tests use expectException() to verify that constructors throw exceptions for invalid input. SonarQube flagged standalone `new` statements as useless. Fixed by assigning to variables with explicit unset() and fail() calls. All tests pass (623/623) and static analysis tools pass. * fix: resolve more SonarQube detected issues * fix: resolve psalm detected issues * fix: resolve more SonarQube detected issues * fix: resolve psalm detected issues * fix: duplications * fix: resolve SonarQube reliability rating issues * fix: resolve psalm and phpstan detected issues
110 lines
5.3 KiB
Plaintext
110 lines
5.3 KiB
Plaintext
includes: []
|
|
|
|
parameters:
|
|
level: 6
|
|
paths:
|
|
- src
|
|
- tests
|
|
- examples
|
|
- config
|
|
|
|
# Conservative settings
|
|
reportUnmatchedIgnoredErrors: false
|
|
treatPhpDocTypesAsCertain: false
|
|
|
|
# Ignore specific patterns that are acceptable
|
|
ignoreErrors:
|
|
# Allow mixed types for backward compatibility
|
|
- '#Parameter \#\d+ \$\w+ of method .* expects .*, mixed given#'
|
|
- '#Method .* return type has no value type specified in iterable type array#'
|
|
- '#Property .* type has no value type specified in iterable type array#'
|
|
|
|
# Allow callable types validated at runtime
|
|
- '#Cannot call callable .* on .* type callable#'
|
|
- '#Parameter \#\d+ .* expects callable.*: callable given#'
|
|
|
|
# Allow reflection patterns in tests
|
|
- '#Call to method .* on an unknown class ReflectionClass#'
|
|
- '#Access to an undefined property ReflectionClass::\$.*#'
|
|
- '#Call to an undefined method ReflectionMethod::.*#'
|
|
|
|
# Allow PHPUnit patterns
|
|
- '#Call to an undefined method PHPUnit\\Framework\\.*::(assert.*|expect.*)#'
|
|
- '#Parameter \#\d+ \$.*Test::.* expects .*, .* given#'
|
|
|
|
# Allow Laravel function calls
|
|
- '#Function config not found#'
|
|
- '#Function app not found#'
|
|
- '#Function now not found#'
|
|
- '#Function config_path not found#'
|
|
- '#Function env not found#'
|
|
|
|
# Allow configuration array access patterns
|
|
- '#Offset .* does not exist on array#'
|
|
- '#Cannot access offset .* on mixed#'
|
|
|
|
# Allow intentional mixed usage in flexible APIs
|
|
- '#Argument of an invalid type mixed supplied for foreach#'
|
|
- '#Parameter \#\d+ .* expects .*, mixed given#'
|
|
- '#Cannot call method .* on mixed#'
|
|
|
|
# Allow string manipulation patterns
|
|
- '#Binary operation .* between .* and .* results in an error#'
|
|
|
|
# Allow test-specific patterns
|
|
- '#Call to function not_callable#'
|
|
- '#Method DateTimeImmutable::offsetGet\(\) invoked with \d+ parameter#'
|
|
|
|
# Allow complex return types in GdprProcessor
|
|
- '#Method Ivuorinen\\MonologGdprFilter\\GdprProcessor::getDefaultPatterns\(\) should return array.* but returns array.*#'
|
|
|
|
# Allow intentional validation test failures
|
|
- '#Parameter .* of (method|class) Ivuorinen\\MonologGdprFilter\\(GdprProcessor|RateLimitedAuditLogger).*(constructor|__construct).* expects .*, .* given#'
|
|
- '#Parameter \#1 \$patterns of static method Ivuorinen\\MonologGdprFilter\\InputValidator::validatePatterns\(\) expects array<string, string>, array.* given#'
|
|
- '#Parameter \#1 \$fieldPaths of static method Ivuorinen\\MonologGdprFilter\\InputValidator::validateFieldPaths\(\) expects .*, array.* given#'
|
|
- '#Parameter \#1 \$customCallbacks of static method Ivuorinen\\MonologGdprFilter\\InputValidator::validateCustomCallbacks\(\) expects .*, array.* given#'
|
|
- '#Parameter \#1 \$auditLogger of static method Ivuorinen\\MonologGdprFilter\\InputValidator::validateAuditLogger\(\) expects .*, .* given#'
|
|
- '#Parameter \#1 \$dataTypeMasks of static method Ivuorinen\\MonologGdprFilter\\InputValidator::validateDataTypeMasks\(\) expects array<string, string>, array.* given#'
|
|
- '#Parameter \#1 \$conditionalRules of static method Ivuorinen\\MonologGdprFilter\\InputValidator::validateConditionalRules\(\) expects .*, array.* given#'
|
|
- '#Parameter \#1 \$typeMasks of class Ivuorinen\\MonologGdprFilter\\Strategies\\DataTypeMaskingStrategy constructor expects array<string, string>, array.* given#'
|
|
- '#Parameter \#1 \$fieldConfigs of class Ivuorinen\\MonologGdprFilter\\Strategies\\FieldPathMaskingStrategy constructor expects .*, array.* given#'
|
|
|
|
# Allow test helper methods in anonymous classes (AbstractMaskingStrategyTest)
|
|
- '#Call to an undefined method Ivuorinen\\MonologGdprFilter\\Strategies\\AbstractMaskingStrategy::test.*#'
|
|
- '#Method Ivuorinen\\MonologGdprFilter\\Strategies\\AbstractMaskingStrategy@anonymous/.* has parameter .* with no value type specified in iterable type array#'
|
|
|
|
# Allow test assertions that intentionally validate known types
|
|
- '#Call to method PHPUnit\\Framework\\Assert::(assertIsArray|assertIsInt|assertTrue|assertContainsOnlyInstancesOf)\(\) .* will always evaluate to true#'
|
|
- '#Call to method PHPUnit\\Framework\\Assert::(assertIsString|assertIsFloat|assertIsBool)\(\) with .* will always evaluate to true#'
|
|
|
|
# Allow PHPUnit attributes with named arguments
|
|
- '#Attribute class PHPUnit\\Framework\\Attributes\\.*#'
|
|
|
|
# Allow intentional static method calls in tests
|
|
- '#Static call to instance method#'
|
|
- '#Method .* invoked with \d+ parameter.*, \d+ required#'
|
|
|
|
# Allow nullsafe operator usage
|
|
- '#Using nullsafe method call on non-nullable type#'
|
|
|
|
# Allow unused test constants (used by trait)
|
|
- '#Constant Tests\\.*::.* is unused#'
|
|
|
|
# PHP version for analysis
|
|
phpVersion: 80200
|
|
|
|
# Stub files for missing functions/classes
|
|
stubFiles: []
|
|
|
|
# Bootstrap files
|
|
bootstrapFiles: []
|
|
|
|
# Exclude analysis paths
|
|
excludePaths:
|
|
- vendor/*
|
|
- .phpunit.cache/*
|
|
- src/Laravel/*
|
|
|
|
# Custom rules (none for now)
|
|
customRulesetUsed: false
|