mirror of
https://github.com/pluginsGLPI/example.git
synced 2025-10-13 20:24:34 +02:00
15748a7c3d
* Feature GLP11 * phpstan * enable CI and fix phstanneon * Update .github/workflows/continuous-integration.yml Co-authored-by: Romain B. <8530352+Rom1-B@users.noreply.github.com> * Update phpstan.neon Co-authored-by: Romain B. <8530352+Rom1-B@users.noreply.github.com> * Pass all paramters to parent call * move query -> doQuery * fix direct query * release GLPI 11.0 * Clean composer.json * psalm + rector * fix --------- Co-authored-by: Romain B. <8530352+Rom1-B@users.noreply.github.com> Co-authored-by: Johan Cwiklinski <johan@x-tnd.be> Co-authored-by: Rom1-B <rom1.biot@gmail.com>
25 lines
968 B
XML
25 lines
968 B
XML
<?xml version="1.0"?>
|
|
<psalm
|
|
runTaintAnalysis="true"
|
|
>
|
|
<projectFiles>
|
|
<directory name="front" />
|
|
<directory name="src" />
|
|
<file name="hook.php" />
|
|
<file name="report.php" />
|
|
<file name="setup.php" />
|
|
<file name="stat.php" />
|
|
</projectFiles>
|
|
|
|
<issueHandlers>
|
|
<!--
|
|
Too many false positives.
|
|
- many are already secured by ForbidDynamicInstantiationRule, but Psalm does not seems to consider `is_a()` checks safe enough;
|
|
- many are related dynamic call to plugin functions/classes, we need a lot of refactor to indicate to Psalm these can be ignored;
|
|
- the rest is likely to not be exploitable, due to the really low probability to have a classname
|
|
that can be abused and that implements the specific static method called on a dynamic classname.
|
|
-->
|
|
<TaintedCallable errorLevel="suppress" />
|
|
</issueHandlers>
|
|
</psalm>
|