Feature GLP11 (#88)

* Feature GLP11 * phpstan * enable CI and fix phstanneon * Update .github/workflows/continuous-integration.yml Co-authored-by: Romain B. <8530352+Rom1-B@users.noreply.github.com> * Update phpstan.neon Co-authored-by: Romain B. <8530352+Rom1-B@users.noreply.github.com> * Pass all paramters to parent call * move query -> doQuery * fix direct query * release GLPI 11.0 * Clean composer.json * psalm + rector * fix --------- Co-authored-by: Romain B. <8530352+Rom1-B@users.noreply.github.com> Co-authored-by: Johan Cwiklinski <johan@x-tnd.be> Co-authored-by: Rom1-B <rom1.biot@gmail.com>
2025-10-13 20:24:34 +02:00 · 2025-09-30 16:14:41 +02:00
parent a2af3e6568
commit 15748a7c3d
35 changed files with 554 additions and 2345 deletions
--- a/psalm.xml
+++ b/psalm.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<psalm
+    runTaintAnalysis="true"
+>
+    <projectFiles>
+        <directory name="front" />
+        <directory name="src" />
+        <file name="hook.php" />
+        <file name="report.php" />
+        <file name="setup.php" />
+        <file name="stat.php" />
+    </projectFiles>
+
+    <issueHandlers>
+        <!--
+            Too many false positives.
+            - many are already secured by ForbidDynamicInstantiationRule, but Psalm does not seems to consider `is_a()` checks safe enough;
+            - many are related dynamic call to plugin functions/classes, we need a lot of refactor to indicate to Psalm these can be ignored;
+            - the rest is likely to not be exploitable, due to the really low probability to have a classname
+              that can be abused and that implements the specific static method called on a dynamic classname.
+        -->
+        <TaintedCallable errorLevel="suppress" />
+    </issueHandlers>
+</psalm>