aboutsummaryrefslogtreecommitdiffstats
path: root/build/.phan
Commit message (Collapse)AuthorAgeFilesLines
* Check doc block signature to match the specified return typeMorris Jobke2018-04-261-0/+6
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Improve phan configLukas Reschke2018-04-261-7/+43
| | | | | | | * exclude routes Signed-off-by: Lukas Reschke <lukas@statuscode.ch> Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Declare func() as safe method in phanMorris Jobke2018-04-172-15/+17
| | | | | | We added a special `func()` method to the query builder, which is a plain text function by definition. It uses the string and does no escaping on purpose. It has the potential for an injection but requiring to add the "supress warning" to all surrounding code makes it harder to spot actual problems, that this plugin want to find. So it's better to only need to check the func() and not all the surrounding code as well. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Harden phan checks to catch more errorsMorris Jobke2017-11-271-5/+5
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update phan configRoeland Jago Douma2017-10-241-0/+18
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* DAV AutoloaderRoeland Jago Douma2017-10-241-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Comments AutoloaderRoeland Jago Douma2017-10-241-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Admin Audit autoloaderRoeland Jago Douma2017-10-241-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Ignore composer stuff in phanRoeland Jago Douma2017-10-171-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Phan is moved to a new repoRoeland Jago Douma2017-10-161-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add Phan plugin to check for SQL injectionsLukas Reschke2017-07-204-0/+255
| | | | | | | | | | This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues. As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections. The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add workaround for https://github.com/etsy/phan/issues/1033Lukas Reschke2017-07-191-1/+0
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Run phan over code baseLukas Reschke2017-07-197-0/+2346
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>