VIP-Coding-Standards icon indicating copy to clipboard operation
VIP-Coding-Standards copied to clipboard
verified publisher icon Automattic

Review use of external sniffs

Open jrfnl opened this issue 5 years ago • 1 comments

Both VIPCS rulesets currently use the following external sniffs:

Generic (5 sniffs)
------------------
  Generic.NamingConventions.ConstructorName
  Generic.PHP.DisallowShortOpenTag
  Generic.PHP.NoSilencedErrors
  Generic.PHP.Syntax
  Generic.VersionControl.GitMergeConflict

PSR2 (1 sniff)
---------------
  PSR2.Files.ClosingTag

Squiz (3 sniffs)
----------------
  Squiz.PHP.CommentedOutCode
  Squiz.PHP.Eval
  Squiz.WhiteSpace.SuperfluousWhitespace

VariableAnalysis (1 sniff)
---------------------------
  VariableAnalysis.CodeAnalysis.VariableAnalysis

WordPress (20 sniffs)
---------------------
  WordPress.CodeAnalysis.AssignmentInCondition
  WordPress.DB.DirectDatabaseQuery
  WordPress.DB.PreparedSQL
  WordPress.DB.SlowDBQuery
  WordPress.DateTime.RestrictedFunctions
  WordPress.PHP.DevelopmentFunctions
  WordPress.PHP.DiscouragedPHPFunctions
  WordPress.PHP.DontExtract
  WordPress.PHP.IniSet
  WordPress.PHP.StrictComparisons
  WordPress.PHP.StrictInArray
  WordPress.Security.EscapeOutput
  WordPress.Security.NonceVerification
  WordPress.Security.PluginMenuSlug
  WordPress.Security.ValidatedSanitizedInput
  WordPress.WP.AlternativeFunctions
  WordPress.WP.CronInterval
  WordPress.WP.EnqueuedResources
  WordPress.WP.GlobalVariablesOverride
  WordPress.WP.PostsPerPage

For each of these sniffs, a review should be done to verify the following:

  • Is the sniff still relevant ?
  • Does the sniff do what it should do ?
  • Is this still the best sniff for the job or have other sniffs been published in the mean time which are better, i.e. should the current sniff inclusion be replaced with another sniff ?
  • Are there known issues with the sniff, either reported here or upstream ? And if so, can we contribute to fixing these ?
  • Are there unreported issues with the sniff based on a quick code review ? Things along the same lines as the VIPCS native sniffs are being reviewed for, like code style independence and correct handling of modern PHP code.

I'm opening this issue as a placeholder/reminder that this review needs to be done. When the time is right to address this, we may need to open individual issues for each sniff to allow for a more targeted discussion of each sniff.

jrfnl avatar Jul 27 '20 02:07 jrfnl

Squiz.PHP.CommentedOutCode is often either a false positive, or isn't really worth flagging.

Is it included in WordPress-Extra?

It got my thinking along the lines of there being a "VIPCS-Extra" standard, or having the bot exclude a few violations that we include in WordPress-VIP-Go, for good practices, but that aren't essential to address in the code they submit. If WordPress-Extra covers commented out code (and it already covers WP code style), then our docs could simply refer to use that instead/as well.

GaryJones avatar Jul 27 '20 05:07 GaryJones