Static code analysis to find violations in a dependency graph

Related tags

Code Analysis php code-analysis dependency-graph reference-architecture code-quality
Overview

PhpDependencyAnalysis

Author Build Status Latest Stable Version Total Downloads License

PhpDependencyAnalysis is an extendable static code analysis for object-oriented PHP-Projects to generate dependency graphs from abstract datatypes (Classes, Interfaces and Traits) based on namespaces. Dependencies can be aggregated to build graphs for several levels, like Package-Level or Layer-Level. Each dependency can be verified to a defined architecture.

Read the Introduction-Chapter for further informations.

Example

See more examples.

Installation

As a Docker Image (recommend way)

docker pull mamuz/phpda

As a Composer Dependency

NOTE: For graph creation GraphViz is required on your machine, which is an open source graph visualization software and available for the most platforms.

$ composer require --dev mamuz/php-dependency-analysis

As a Phar

Since version 2.0.0 not supported anymore.

Features

  • High customizing level
  • Graph creation on customized levels respectively different scopes and layers
  • Supports Usage-Graph, Call-Graph and Inheritance-Graph
  • Dependencies can be aggregated such as to a package, a module or a layer
  • Detecting cycles and violations between layers in a tiered architecture
  • Verifiying dependency graph against a user-defined reference architecture
  • Collected namespaces of dependencies are modifiable to meet custom use cases
  • Printing graphs in several formats (HTML, SVG, DOT, JSON)
  • Extandable by adding user-defined plugins for collecting and displaying
  • Compatible to PHP7 Features, like Return Type Declarations and Anonymous Classes

Usage

Phpda can run out of the box by using a prepared configuration. As you can see configuration is defined by a YAML file.

To provide your own configuration create a yml file, e.g. located in ./phpda.yml:

mode: 'usage'
source: './src'
filePattern: '*.php'
ignore: 'tests'
formatter: 'PhpDA\Writer\Strategy\Svg'
target: './phpda.svg'
groupLength: 1
visitor:
  - PhpDA\Parser\Visitor\TagCollector
  - PhpDA\Parser\Visitor\SuperglobalCollector
visitorOptions:
  PhpDA\Parser\Visitor\Required\DeclaredNamespaceCollector: {minDepth: 2, sliceLength: 2}
  PhpDA\Parser\Visitor\Required\MetaNamespaceCollector: {minDepth: 2, sliceLength: 2}
  PhpDA\Parser\Visitor\Required\UsedNamespaceCollector: {minDepth: 2, sliceLength: 2}
  PhpDA\Parser\Visitor\TagCollector: {minDepth: 2, sliceLength: 2}

Perform an analysis with that configuration:

$ docker run --rm -v $PWD:/app mamuz/phpda

Read the Configuration-Chapter to get knowledge about all available options.

Wiki

  1. Introduction
  2. Requirements
  3. Configuration
  4. Examples
  5. Plugins

Code of Conduct

As contributors and maintainers of this project you have to respect the Code of Coduct

Changelog

See record of changes made to this project here

Contributing

Before opening up a pull-request please read the Contributing-Guideline

Alternatives

Check the resources in Satic Analysis Section at Awesome PHP

Comments
  • Add type renamer visitor with example

    Add type renamer visitor with example

    Valuable when you have very long namespaced names like "Fully\Qualified\Class\Name\To\NamespaceFilter" and you want to see them on diagrams like "Something\Short"

    With example added.

    opened by garex 13
  • Allow to use relative path in the config yaml

    Allow to use relative path in the config yaml

    Hi, I have placed a yml in one of my projects root and I have set a relative link for the "source" and "target" configurations. However, I did not started phpda from the root of my project and I got error because of it.

    I think that phpda should read relative path from the location of the config yml file. I don't know if my proposal is good enough as I'm still looking to get familiar with phpda (I don't like it that much) but I wanted to ear from you before going any further.

    I hope you can help me here. :)

    opened by fonsecas72 5
  • Range Exception on php scripts with hhvm

    Range Exception on php scripts with hhvm

    Hi there

    For my project i need to use hhvm as it reduces the building of the model from ~30mins to ~3mins. Everything works fine most of the time. But if i a file gets parsed that starts with:

    !/usr/bin/php

    question 
    opened by otruffer 5
  • Catch the exception thrown if a DocBlock cannot be read.

    Catch the exception thrown if a DocBlock cannot be read.

    If

    • The TagVisitor was active
    • Any PhpDoc of a method contained "@" with a white space right after it.

    An \InvalidArgumentException was thrown and not catched which broke the whole process of building dependencies.

    The solution in this pull request tries to ignore the Exception as it is a problem of the phpDocumentor library. At the same time it logs the occurrence. This looks quite ugly if used in the command line though. Do you have any suggestions on that?

    bug 
    opened by otruffer 5
  • Composer dependency versions

    Composer dependency versions

    Hello, This is a great tool. Nice work. Noticed that in your composer.json you have quite strong version specs like symfony/console: 2.6.*. Haven't tried though, but think it won't work if my project is on other symfony version, 2.3, 2.5 or 2.7. Guess then I could not add your tool to my composer.json, but would have to have a separate installation for it, and that would complicate plugin maintenance. Could you consider loosening a bit on your dependencies and use ~ version spec so the tool can be added to app require-dev w/out dependency conflicts?

    enhancement 
    opened by tmilos 4
  • @see tag is interpreted wrong

    @see tag is interpreted wrong

    I'm getting this warning on an analyzer-run:

    Warning	"\Some\Namespace\Here\https://www.hipchat.com/docs/apiv2/method/get_room" is 
not a valid Fqsen. on line 75 ./src/some/namespace/here/Class.php

    From the referenced api-doc:

    /**
 * @see https://www.hipchat.com/docs/apiv2/method/get_room
 */

    Looking at https://www.phpdoc.org/docs/latest/references/phpdoc/tags/see.html, the @see tag can either take a FQSEN, or an URI, which is wrongly interpreted here.

    bug 
    opened by temp 3
  • Add a PHAR

    Add a PHAR

    First thanks for this lib, it's great! But would it be possible to have a PHAR file with a self-update command to use it? Installing the lib via Composer is not always possible, especially for this kind of library depending on specific version of phpdocumentor/reflection-docblock and nikic/php-parser.

    enhancement 
    opened by theofidry 3
  • namespaceFilter plugin is never called

    namespaceFilter plugin is never called

    Custom filter plugin, implementing NamespaceFilterInterface interface, declared in yml as namespaceFilter option and added to composer autoload. The plugin class is well loaded, but the filter method is never called.

    wontfix 
    opened by phpsurf 3
  • Filter to leave only dependencies that are incoming for a specified namespace

    Filter to leave only dependencies that are incoming for a specified namespace

    Hey Marco, thanks for a great tool! Really well done!

    I have a situation of a project with many packages (grouped by folders) that mutually depend variously. The idea is to take one namespace and to find all other namespaces depend on it (let's name this specific namespace AnalysedFoo). If run the tool by folder it shows me only outgoing connection (or at least it doesn't show incoming dependencies that are located in other folders). If I run the tool for the entire project folder it takes way too long and the result will be probably anyway too complex and unacceptable. The excludePattern doesn't seem to work here as he can only filter out AnalysedFoo and leave all the rest (excludePattern: '/AnalysedFoo/'), or if I negate the pattern (excludePattern: '/^(?!.*AnalysedFoo).*$/') all incoming dependencies are dropped off.

    To make it more clear:

    • MyFolder
      • MySubFolderA (contains AnalysedFoo)
      • MySubFolderB (contains namespaces depend on AnalysedFoo and on namespaces in MySubFolderC)
      • MySubFolderC (contains namespaces depend on AnalysedFoo and on namespaces in MySubFolderD)
      • MySubFolderD (contains namespaces depend on something else)

    So I want to see a diagram like

     +---------------------+
 |MyFolder\MySubFolderB|--+
 +---------------------+  |
                          |
 +---------------------+  |   +------------------------+
 |MyFolder\MySubFolderC|--+-->|MySubFolderA\AnalysedFoo|
 +---------------------+      +------------------------+

    and nothing more.

    Do you have any ideas how to approach a solution?

    Thanks in advance!

    help wanted 
    opened by fankandin 3
  • Composer package is no longer installable

    Composer package is no longer installable

    My Environment (version of the project, operating system, or hardware)

    PHP 7.4.8 (cli) (built: Jul  9 2020 23:43:51) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.8, Copyright (c), by Zend Technologies

    When I run this command:

    composer require --dev  mamuz/php-dependency-analysis

    Actual behavior:

    Using version ^2.0 for mamuz/php-dependency-analysis
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Conclusion: don't install mamuz/php-dependency-analysis v2.0.2
    - Conclusion: don't install roave/better-reflection 4.8.0
    - Conclusion: don't install phpdocumentor/reflection-docblock 4.3.4|install roave/better-reflection 4.8.0
    - Conclusion: don't install phpdocumentor/reflection-docblock 5.2.1
    - Conclusion: don't install roave/better-reflection 4.7.0
    - Conclusion: don't install phpdocumentor/reflection-docblock 4.3.2|install roave/better-reflection 4.7.0|install roave/better-reflection 4.8.0|install phpdocumentor/reflection-docblock 5.2.1
    - Conclusion: don't install phpdocumentor/reflection-docblock 4.3.3|install roave/better-reflection 4.7.0|install roave/better-reflection 4.8.0
    - Installation request for phpat/phpat ^0.7.3 -> satisfiable by phpat/phpat[0.7.3].
    - Conclusion: don't install phpdocumentor/reflection-docblock 5.2.0
    - mamuz/php-dependency-analysis v2.0.1 requires phpdocumentor/reflection-docblock ~4.0 -> satisfiable by phpdocumentor/reflection-docblock[4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4].
    - mamuz/php-dependency-analysis v2.0.0 requires phpdocumentor/reflection-docblock ~4.0 -> satisfiable by phpdocumentor/reflection-docblock[4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4].
    - Can only install one of: phpdocumentor/reflection-docblock[5.1.0, 4.0.0].
    - Can only install one of: phpdocumentor/reflection-docblock[5.1.0, 4.0.1].
    - Can only install one of: phpdocumentor/reflection-docblock[5.1.0, 4.1.0].
    - Can only install one of: phpdocumentor/reflection-docblock[5.1.0, 4.1.1].
    - Can only install one of: phpdocumentor/reflection-docblock[5.1.0, 4.2.0].
    - Can only install one of: phpdocumentor/reflection-docblock[5.1.0, 4.3.0].
    - Can only install one of: phpdocumentor/reflection-docblock[5.1.0, 4.3.1].
    - Conclusion: install roave/better-reflection 4.7.0|install roave/better-reflection 4.8.0|install phpdocumentor/reflection-docblock 5.1.0|install phpdocumentor/reflection-docblock 5.2.0|install phpdocumentor/reflection-docblock 5.2.1
    - Installation request for mamuz/php-dependency-analysis ^2.0 -> satisfiable by mamuz/php-dependency-analysis[v2.0.0, v2.0.1, v2.0.2].

    Expected behavior: Package is installed.

    opened by jakzal 2
  • Packagist still on v1.3.1 - can you update it, or setup auto update

    Packagist still on v1.3.1 - can you update it, or setup auto update

    My Environment (version of the project, operating system, or hardware)

    ...replace me...

    My phpda.yml:

    ...replace me...

    When I run this command:

    ...replace me...

    Actual behavior:

    ...replace me...

    Expected behavior:

    ...replace me...
    opened by lsv 2
  • Bump guzzlehttp/guzzle from 6.3.3 to 6.5.8

    Bump guzzlehttp/guzzle from 6.3.3 to 6.5.8

    Bumps guzzlehttp/guzzle from 6.3.3 to 6.5.8.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 6.5.8

    See change log for changes.

    Release 6.5.7

    See change log for changes.

    Release 6.5.6

    See change log for changes.

    6.5.5

    No release notes provided.

    6.5.4

    No release notes provided.

    6.5.3

    No release notes provided.

    6.5.2

    • idn_to_ascii() fix for old PHP versions #2489

    6.5.1

    • Better defaults for PHP installations with old ICU lib #2454
    • IDN support for redirects #2424

    6.5.0

    No release notes provided.

    6.4.1

    No release notes provided.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    6.5.8 - 2022-06-20

    • Fix change in port should be considered a change in origin
    • Fix CURLOPT_HTTPAUTH option not cleared on change of origin

    6.5.7 - 2022-06-09

    • Fix failure to strip Authorization header on HTTP downgrade
    • Fix failure to strip the Cookie header on change in host or HTTP downgrade

    6.5.6 - 2022-05-25

    • Fix cross-domain cookie leakage

    6.5.5 - 2020-06-16

    • Unpin version constraint for symfony/polyfill-intl-idn #2678

    6.5.4 - 2020-05-25

    • Fix various intl icu issues #2626

    6.5.3 - 2020-04-18

    • Use Symfony intl-idn polyfill #2550
    • Remove use of internal functions #2548

    6.5.2 - 2019-12-23

    • idn_to_ascii() fix for old PHP versions #2489

    6.5.1 - 2019-12-21

    • Better defaults for PHP installations with old ICU lib #2454
    • IDN support for redirects #2424

    6.5.0 - 2019-12-07

    • Improvement: Added support for reset internal queue in MockHandler. #2143
    • Improvement: Added support to pass arbitrary options to curl_multi_init. #2287
    • Fix: Gracefully handle passing null to the header option. #2132
    • Fix: RetryMiddleware did not do exponential delay between retries due unit mismatch. #2132 Previously, RetryMiddleware would sleep for 1 millisecond, then 2 milliseconds, then 4 milliseconds. After this change, RetryMiddleware will sleep for 1 second, then 2 seconds, then 4 seconds. Middleware::retry() accepts a second callback parameter to override the default timeouts if needed.
    • Fix: Prevent undefined offset when using array for ssl_key options. #2348
    • Deprecated ClientInterface::VERSION

    6.4.1 - 2019-10-23

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump guzzlehttp/psr7 from 1.5.2 to 1.8.5

    Bump guzzlehttp/psr7 from 1.5.2 to 1.8.5

    Bumps guzzlehttp/psr7 from 1.5.2 to 1.8.5.

    Release notes

    Sourced from guzzlehttp/psr7's releases.

    1.8.5

    See change log for changes.

    1.8.4

    See change log for changes.

    1.8.3

    See change log for changes.

    1.8.2

    See change log for changes.

    1.8.1

    See change log for changes.

    1.8.0

    See change log for changes.

    1.7.0

    See change log for changes.

    Revert PSR-7 type assertions

    1.6.0 introduced a few type assertions to enforce types defined by PSR-7. Unfortunately that break the library for users not strictly following the PSR-7 standard. Since the users impacted by this change seems to be rather large, this hotfix reverts that change with the note that we will reapply it in 2.0.0, so fixing this is recommended regardless of which version you use.

    Details are in #282 and #283

    1.6.0

    Version 1.6.0 is released which will likely be the last minor release in 1.x. We're focussing 2.0 now with support for psr/http-factory, PHP 7.2 requirement and type declarations.

    Added

    • Allowed version ^3.0 of ralouphie/getallheaders dependency (#244)
    • Added MIME type for WEBP image format (#246)
    • Added more validation of values according to PSR-7 and RFC standards, e.g. status code range (#250, #272)

    Changed

    • Tests don't pass with HHVM 4.0, so HHVM support got dropped. Other libraries like composer have done the same. (#262)
    • Accept port number 0 to be valid (#270)

    Fixed

    • Fixed subsequent reads from php://input in ServerRequest (#247)
    • Fixed readable/writable detection for certain stream modes (#248)
    • Fixed encoding of special characters in the userInfo component of an URI (#253)
    Changelog

    Sourced from guzzlehttp/psr7's changelog.

    1.8.5 - 2022-03-20

    Fixed

    • Correct header value validation

    1.8.4 - 2022-03-20

    Fixed

    • Validate header values properly

    1.8.3 - 2021-10-05

    Fixed

    • Return null in caching stream size if remote size is null

    1.8.2 - 2021-04-26

    Fixed

    • Handle possibly unset url in stream_get_meta_data

    1.8.1 - 2021-03-21

    Fixed

    • Issue parsing IPv6 URLs
    • Issue modifying ServerRequest lost all its attributes

    1.8.0 - 2021-03-21

    Added

    • Locale independent URL parsing
    • Most classes got a @final annotation to prepare for 2.0

    Fixed

    • Issue when creating stream from php://input and curl-ext is not installed
    • Broken Utils::tryFopen() on PHP 8

    1.7.0 - 2020-09-30

    Added

    • Replaced functions by static methods

    Fixed

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump codeception/codeception from 2.5.5 to 3.1.3

    Bump codeception/codeception from 2.5.5 to 3.1.3

    Bumps codeception/codeception from 2.5.5 to 3.1.3.

    Release notes

    Sourced from codeception/codeception's releases.

    Security fix

    Changelog

    Sourced from codeception/codeception's changelog.

    2.5.6

    • [WebDriver] Fixed loadSessionSnapshot with php-webdriver 1.1.3 by @​Naktibalda.
    • [WebDriver] Avoid removing required fields in cookies. #5470 by @​JorisVanEijden
    • [PhpBrowser][Frameworks] Support for formaction attribute in button to submit forms. By @​Dezzpil
    • [FTP] Updated to phpseclib v2 constants
    • Fixes: Gherkin Scenarios not loading when specified in group file by @​mozillalives. See #5457
    Commits
    • 5ce5d0e 3.1.3
    • 802a108 Security: Disable deserialization of RunProcess class (#6241)
    • 5ea172d Updated version number and changelog for 3.1.2
    • 82d7aaa Merge pull request #5725 from Digital-Peak/configuration/bootstrap
    • 50907be Merge pull request #5719 from Mitrichius/5485-coverage-ignore-not-existing-dir
    • 920435b Use path resolver for bootstrap file detection
    • 48e08e0 [Webdriver] display cookie details in debug output (#5709)
    • ffef68b [Db] fix grabFromDatabase description in docs (#5717)
    • 131eefb Create FUNDING.yml
    • 8cb4a93 coverage: do not fail when excluded directory not exists
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Syntax error thrown due to invalid subgraph groupid

    Syntax error thrown due to invalid subgraph groupid

    My Environment

    • Windows 10
    • Tested with
      • PHP 7.3 => phpda v2.0.2
      • PHP 7.2 => phpda v1.3.1
    • GraphViz 2.44: (https://ci.appveyor.com/project/ellson/graphviz-pl238/builds/32032002)
    • Composer installation

    My phpda.yml:

    mode: 'usage'
source: 'src'
filePattern: '*.php'
ignore: 'tests'
formatter: 'PhpDA\Writer\Strategy\Svg'
target: './phpda.svg'
groupLength: 1
visitor:
  - PhpDA\Parser\Visitor\TagCollector
  - PhpDA\Parser\Visitor\SuperglobalCollector
visitorOptions:
  PhpDA\Parser\Visitor\Required\DeclaredNamespaceCollector: {minDepth: 2, sliceLength: 2}
  PhpDA\Parser\Visitor\Required\MetaNamespaceCollector: {minDepth: 2, sliceLength: 2}
  PhpDA\Parser\Visitor\Required\UsedNamespaceCollector: {minDepth: 2, sliceLength: 2}
  PhpDA\Parser\Visitor\TagCollector: {minDepth: 2, sliceLength: 2}

    When I run this command:

    .\vendor\bin\phpda.bat analyze phpda.yml

    Actual behavior:

    Error:

    Write dependency graph to C:\xxx\./phpda.svg
Error: C:\xxx\AppData\Local\Temp\graE965.tmp: syntax error in line 3 near '-1'

    Temp file:

    digraph {
  graph [rankdir="LR" ranksep=1 nodesep=0.1 fontsize=8 label="PhpDependencyAnalysis by Marco Muths (dev-master)"]
  subgraph cluster_-1 {
...

    It seems that graphviz does not accept group ids like subgraph cluster_-1:

    When I remove the *-1 in https://github.com/mamuz/PhpDependencyAnalysis/blob/v2.0.2/src/Layout/Helper/GroupGenerator.php#L97 everything works fine.

    opened by buddh4 0
  • Write dependency graph is not working or is taking too much time

    Write dependency graph is not working or is taking too much time

    My Environment: Image Inspection

      "Created" : "2019-04-11T16:01:41.794400681Z",
  "DockerVersion" : "18.03.1-ee-3",
  "Id" : "sha256:93b4a875d42eaac95fbfcc1187922a70ffc4c657e47d9241c2e638a2b512c8b8",
  "Os" : "linux",
  "OsVersion" : null,
  "Parent" : "",
  "Size" : 109392129,
  "RepoTags" : [ "mamuz/phpda:latest" ],

    My phpda.yml: Basically from the README.md

    mode: 'usage'
source: './api'
filePattern: '*.php'
ignore: 'tests'
formatter: 'PhpDA\Writer\Strategy\Svg'
target: './phpda.svg'
groupLength: 1
visitor:
  - PhpDA\Parser\Visitor\TagCollector
  - PhpDA\Parser\Visitor\SuperglobalCollector
visitorOptions:
  PhpDA\Parser\Visitor\Required\DeclaredNamespaceCollector: {minDepth: 2, sliceLength: 2}
  PhpDA\Parser\Visitor\Required\MetaNamespaceCollector: {minDepth: 2, sliceLength: 2}
  PhpDA\Parser\Visitor\Required\UsedNamespaceCollector: {minDepth: 2, sliceLength: 2}
  PhpDA\Parser\Visitor\TagCollector: {minDepth: 2, sliceLength: 2}

    When I run this command:

    docker run --rm -v "%cd%":/app mamuz/phpda

    Actual behavior: Output of following, with the cursor blinking at the end. Remains on that state still after an hour.

    PhpDependencyAnalysis by Marco Muths v2.0.2

Configuration read from /app/phpda.yml

   0/2293 [>---------------------------]   0% < 1 sec/< 1 sec Memory: 26.0 MiB
 229/2293 [==>-------------------------]   9% 2 secs/20 secs Memory: 32.0 MiB
 458/2293 [=====>----------------------]  19% 3 secs/15 secs Memory: 34.0 MiB
 687/2293 [========>-------------------]  29% 5 secs/17 secs Memory: 36.0 MiB
 916/2293 [===========>----------------]  39% 6 secs/15 secs Memory: 36.0 MiB
1145/2293 [=============>--------------]  49% 8 secs/16 secs Memory: 44.0 MiB
1374/2293 [================>-----------]  59% 10 secs/17 secs Memory: 46.0 MiB
1603/2293 [===================>--------]  69% 12 secs/17 secs Memory: 46.0 MiB
1832/2293 [======================>-----]  79% 14 secs/18 secs Memory: 46.0 MiB
2061/2293 [=========================>--]  89% 17 secs/19 secs Memory: 46.0 MiB
2290/2293 [===========================>]  99% 19 secs/19 secs Memory: 48.0 MiB
2293/2293 [============================] 100% 19 secs/19 secs Memory: 48.0 MiB

Write dependency graph to /app/./phpda.svg

    Expected behavior: svg should be generated and the console should report its progress and finally a success or detailed error message.

    opened by fabpico 1
  • Array union types aren't handled properly

    Array union types aren't handled properly

    My Environment (version of the project, operating system, or hardware): Any environment will do. I'm using phpda 2.0.2 from composer.

    My phpda.yml: Any config file, e.g. the default.

    When I run this command: vendor/bin/phpda

    If the project analyzed uses PSR5 array union types, e.g.

    * @return (string|array)[]

    You get:

    Warning "\array)" is not a valid Fqsen. on line [line + file]

    PSR5 array union types are already supported by TypeResolver/ReflectionDocBlock. The problem seems to be that, in order to parse the union type, TypeResolver splits the line at ( and )[] (ref). However, NameResolver strips every occurrence of [], hence TypeResolver will try to split (string|array), which in turn gives the following parts:

    [ '(', 'string', '|', 'array)' ]

    and the last one isn't recognised as a valid type.

    opened by Daimona 0
Releases(v2.0.2)
Owner
Marco Muths
l'm a Software Developer, Web-Architect, Open Source Contributer, enthusiastic DDD Evangelist and Agilist.
Marco Muths
GitHub http://mamuz.github.io/PhpDependencyAnalysis/
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

About PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a define

Squiz Labs 9.9k Jan 4, 2023
PHP Static Analysis Tool - discover bugs in your code without running it!

PHPStan - PHP Static Analysis Tool PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even b

PHPStan 11.6k Dec 30, 2022
Performs advanced static analysis on PHP code

PHP Analyzer Please report bugs or feature requests via our website support system ? in bottom right or by emailing [email protected]. Contri

Continuous Inspection 443 Sep 23, 2022
Deptrac is a static code analysis tool for PHP that helps you communicate, visualize and enforce architectural decisions in your projects

Deptrac is a static code analysis tool for PHP that helps you communicate, visualize and enforce architectural decisions in your projects. You can freely define your architectural layers over classes and which rules should apply to them.

QOSSMIC GmbH 2.2k Dec 30, 2022
Beautiful and understandable static analysis tool for PHP

PhpMetrics PhpMetrics provides metrics about PHP project and classes, with beautiful and readable HTML report. Documentation | Twitter | Contributing

PhpMetrics 2.3k Dec 22, 2022
The Exakat Engine : smart static analysis for PHP

Exakat The Exakat Engine is an automated code reviewing engine for PHP. Installation Installation with the phar Phar is the recommended installation p

Exakat 370 Dec 28, 2022
A static analysis tool for finding errors in PHP applications

Psalm Psalm is a static analysis tool for finding errors in PHP applications. Installation To get started, check out the installation guide. Live Demo

Vimeo 5k Jan 2, 2023
A static analysis tool for security

progpilot A static analyzer for security purposes Only PHP language is currently supported Installation Option 1: use standalone phar Download the lat

null 271 Dec 27, 2022
Static Analysis Results Baseliner

Static Analysis Results Baseliner (SARB) Why SARB Requirements Installing Using SARB Examples Further reading Why SARB? If you've tried to introduce a

Dave Liddament 151 Jan 3, 2023
Infection Static Analysis Plugin

Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis

Roave, LLC 108 Jan 2, 2023
A set of tools for lexical and syntactical analysis written in pure PHP.

Welcome to Dissect! master - this branch always contains the last stable version. develop - the unstable development branch. Dissect is a set of tools

Jakub Lédl 221 Nov 29, 2022
A project to add Psalm support for Drupal for security testing, focused only on taint analysis.

psalm-plugin-drupal A Drupal integration for Psalm focused on security scanning (SAST) taint analysis. Features Stubs for sinks, sources, and sanitize

Samuel Mortenson 38 Aug 29, 2022
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness. Phan looks f

null 5.4k Jan 7, 2023
A static analyzer for PHP version migration

PHP Migration Readme in Chinese 中文 This is a static analyzer for PHP version migration and compatibility checking. It can suppose your current code ru

Yuchen Wang 194 Sep 27, 2022
Parse: A Static Security Scanner

Parse: A PHP Security Scanner PLEASE NOTE: This tool is still in a very early stage. The work continues... The Parse scanner is a static scanning tool

psec.io 342 Jan 2, 2023
SonarPHP: PHP static analyzer for SonarQube & SonarLint

Code Quality and Security for PHP This SonarSource project is a static code analyser for PHP language used as an extension for the SonarQube platform.

SonarSource 343 Dec 25, 2022
A full-scale PHP 5.3.2+ sandbox class that utilizes PHPParser to prevent sandboxed code from running unsafe code.

##DEPRECATED: The PHPSandbox project has transfered to Corveda/PHPSandbox and will be actively maintained there. This branch is no longer being active

Elijah Horton 219 Sep 2, 2022
Library for counting the lines of code in PHP source code

sebastian/lines-of-code Library for counting the lines of code in PHP source code. Installation You can add this library as a local, per-project depen

Sebastian Bergmann 715 Jan 5, 2023
A full-scale PHP sandbox class that utilizes PHP-Parser to prevent sandboxed code from running unsafe code

A full-scale PHP 7.4+ sandbox class that utilizes PHP-Parser to prevent sandboxed code from running unsafe code. It also utilizes FunctionParser to di

Corveda 192 Dec 10, 2022