phanalist icon indicating copy to clipboard operation
phanalist copied to clipboard
verified publisher icon denzyldick

Advanced project analysis

Open Fabccc opened this issue 9 months ago • 5 comments

I was working on a new rule to check the number of arguments passed to a function, but I found myself blocked when doing it. (trying to build index of methods signature and types...)

In my humble opinion, it would be interesting to explore this field, so incorporate building an indexer that stores more information on the PHP code, to help us build better rules.

Fabccc avatar Apr 01 '25 19:04 Fabccc

It's a good idea. I also hit that roadblock in the past.

To implement it i would need to look into it.

denzyldick avatar Apr 02 '25 06:04 denzyldick

Would be interesting to take a look at https://github.com/ryangjchandler/pxp, I saw an indexer crate inside. but:

  • It's not maintained anymore (still newer than the current lib)
  • Won't work with php8.4 (as the current lib)
  • Need to rewrite all of the rules to work with this new parser and the new tokens

Fabccc avatar Apr 17 '25 11:04 Fabccc

Hey Fabien,

I didn't look yet into Phanalist support for PHP 8.4. But if it doesn't currently support it, we should look into something else.

Rewriting the rules shouldn't be a real problem, they aren't so complicated.

Can you look into mago? I know they are actively developing it. Maybe they also have an indexer we can use to solve the problem you are currently having.

denzyldick avatar Apr 17 '25 20:04 denzyldick

Hello Denzyl,

I'm exploring mago toolchain on my fork. Mago is quite complex and heavy, so It will take time. but I find it powerful at first glance.

They have an indexer to store everything, from my analysis it's called CodebaseReflection, in the reflection crate.

With the current additions, all I need to add would be a ReferenceFinder, to find the function declaration, and get the number of argument in the CodebaseReflection struct.

Sorry for the delay, I was kind of overwhelmed at company and couldn't find spare time to work on this 😕.

Fabccc avatar Jun 15 '25 17:06 Fabccc

Hey Fabian,

Thank you for investing your time in Phanalist. I've also been too busy lately to invest some time into Phanalist. But if I understand correctly, we need a way to ask, for example: How many parameters does a method in a class have, right? It makes sense to build that.

In the alpha version, I had an in-memory database that stored the information, but that was the wrong approach. My Rust knowledge was getting in the way, now I feel more capable of doing it.

I need to think about how to implement it in a correct way. I was playing around with the idea a couple of months ago. And I had two stages for scanning.

  1. That was gathering the information(indexing, etc.).
  2. Executing the rules.

And I had a struct that was being passed to all the rules so they could ask questions about a class.

But it was on an old laptop. Now I'm on a different laptop and I didn't commit anything.

But this will be the next thing I will try to implement when I get the time to work on Phanalist. It will probably be in a couple of weeks.

If you want to do this, let me know which branch it is. Or when I start, I will let you know which branch it is.

denzyldick avatar Jun 24 '25 19:06 denzyldick