Comments (4)
PH2
rule does more than just a check defined("_JEXEC")
exists in the code. It ensures that this check is the first executed statement in the code (and it's the main reason for this check: to prevent any code execution in non-Joomla context to avoid possible path disclosure and other vulnerabilities).
PHP reads your code as T_OPEN_TAG
token ("<?php") followed by the "<" comparison operator (resulting in the "Parse error" here), and so this rule is triggered.
Maybe next releases of the JED Checker will check PHP syntax as well and detect such issues automatically, but I'm very glad to know this error (duplicated <?php
tag) is indirectly found by the current version of JED Checker.
from jedchecker.
Okay this makes sense and yes doing some PHP syntax validation would be helpful, what approach do you have in mind?
What we also need, to detect depreciated methods, classes and method signature mismatching of the Joomla API, this will a be a huge step-up... and something I would really want to help happen.
from jedchecker.
what approach do you have in mind?
https://github.com/nikic/PHP-Parser, but it requires PHP7.0+ (note that currently required PHP version in JED Checker is 5.6). It's pretty easy to implement, just a simple try/catch block.
What we also need, to detect depreciated methods, classes and method signature mismatching of the Joomla API
It's quite complicated, because of dynamical nature of PHP, so any code analyzer cannot be sure about the type of a given variable. Probably, the best solution here is to use https://github.com/ircmaxell/php-cfg to track variables lifetimes, but it has some known issues (doesn't take into account parameters passed by reference and doesn't process try/catch/finally blocks properly).
An alternative is to use PHPStan with https://github.com/phpstan/phpstan-deprecation-rules, but it's quite a large project (PHPStan is shipped as a 20Mb phpstan.phar file). And I'm not sure it is able to cover nontrivial cases.
from jedchecker.
One more tool to found deprecated methods: https://github.com/vimeo/psalm (size of phar is 11Mb only).
from jedchecker.
Related Issues (20)
- False positive The JEXEC security check was not found in this file. HOT 18
- [Suggestion] - Extend the readme on Crowdin Project
- Dependency Dashboard
- Error: Whitespace in the key is not allowed HOT 3
- JED Checker 2.4.1 extension downloaded from the JED differs from development repository
- Language file is not loaded, when lang prefix is missing. HOT 1
- JEXEC security check HOT 6
- [PHP 8.1] Deprecated: trim(): Passing null to parameter #1 ($string) in rules/xmlinfo.php on line 322 HOT 2
- Warning: syntax error, unexpected '{' or '!' HOT 1
- NOTICE: Node <folder> has unknown attribute 'plugin' is wrong? HOT 2
- Not recognized in XML: <name>language KEY</name> HOT 3
- JEDchecked in Joomla 3.10.12 failed: TypeError: Failed to fetch HOT 17
- [J5] JED Checker extension only works with b/c plugin enabled HOT 2
- JEF Checker 2.4.2 has no checksum HOT 2
- 0 strpos(): Argument #3 ($offset) must be contained in argument #1 ($haystack) HOT 1
- JED Checker to report linebreaks in language files HOT 4
- JED Checker never finishes in PHP 8.3.0 HOT 14
- Wrong deprecation: Joomla\CMS\Filesystem\File and Joomla\CMS\Filesystem\Folder ? HOT 4
- There is interference in the mobile version, Joomla 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jedchecker.