In this short tutorial, we'll clone a test project and run NoVerify on it.
Installation. The easiest way is just to download a ready binary.
Clone a repository swiftmailer
:
git clone https://github.com/i582/swiftmailer.git
cd swiftmailer
composer install
We need to install all the dependencies so that in the future NoVerify can find the definitions of functions and classes for correct analysis.
If you are using Windows and you have encountered errors during installation, then try running the command with the --ignore-platform-reqs
flag.
composer install --ignore-platform-reqs
Without a valid
vendor
folder, NoVerify can generate many false positives.
Just run
noverify check ./lib
This will lead to an errors:
...
<critical> WARNING strictCmp: Non-strict string comparison (use ===) at swiftmailer/lib/classes/Swift/Signers/DomainKeySigner.php:417
$nofws = ('nofws' == $this->canon);
^^^^^^^^^^^^^^^^^^^^^^^
<critical> WARNING parentConstructor: Missing parent::__construct() call at swiftmailer/lib/classes/Swift/Attachment.php:27
public function __construct($data = null, $filename = null, $contentType = null)
^^^^^^^^^^^
2021/07/08 16:13:19 Found 113 critical and 10 minor reports
From the errors, you can understand on which lines NoVerify gives errors, and also understand what kind of error it is. Also, you may notice that the errors occurred in different files.
This run will analyze all files from the ./lib
folder, and it will also index the ./vendor
folder and take function and class definitions from it for analyze.
As you can see NoVerify found quite a few bugs.
We have quite a few unused
errors, let's disable them.
noverify check --exclude-checks='unused' ./lib
Let's run a analyze for just one check. For example with strictCmp
.
noverify check --allow-checks='strictCmp' ./lib
Now we only see strictCmp
errors.
NoVerify found a single place to rewrite, let's run just the assignOp
check to see only those.
noverify check --allow-checks='assignOp' ./lib
Only one error were found.
MAYBE assignOp: Could rewrite as `$compoundLevel ??= $this->getCompoundLevel($children)` at swiftmailer/lib/classes/Swift/Mime/SimpleMimeEntity.php:301
$compoundLevel = $compoundLevel ?? $this->getCompoundLevel($children);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Now let's fix them. For some checks, NoVerify can automatically fix found errors.
Run the following command for automatic fix.
noverify check --allow-checks='assignOp' --fix ./lib
NoVerify will fix the errors and if you run the check again:
noverify check --allow-checks='assignOp' ./lib
No errors will be found.
Some of the checks are disabled by default, let's run NoVerify with them. The undefined
check can give a lot of errors, so let's turn it off.
noverify check --allow-all-checks --exclude-checks='undefined' ./lib
If you run a check for unused
, you will see quite a few errors.
noverify check --allow-checks='unused' ./lib
But if you look at them, you can see that most of them are variables named $null
. Perhaps this is a way to show that the variable is not being used.
We need to match the name null
, so a simple ^null$
regex will suffice.
Let's redefine the regex and run the analysis.
noverify check --unused-var-regex='^null$' --allow-checks='unused' ./lib
Now NoVerify only finds variables that do not match the regex.
The variable named $e
is also not used in many places, it can also be disabled, but this may not be very good, since the name $e
can be used elsewhere.
If we run a check:
noverify check --unused-var-regex='^null$|^e$' --allow-checks='unused' ./lib
Then only a single place will be found where the declared variable is not really used.
<critical> WARNING unused: Variable $name is unused (use $_ to ignore this inspection or specify --unused-var-regex flag) at swiftmailer/lib/classes/Swift/Mailer.php:73
foreach ($message->getTo() as $address => $name) {
^^^^^
In order to fix it, it is enough to rename the variable to $null
.
You can read about other possible options for configuring the analysis on the Configuration page.
This project will also come in handy when you start reading the Baseline mode page.