|
| 1 | +includes: |
| 2 | + - vendor/phpstan/phpstan-strict-rules/rules.neon |
| 3 | + - vendor/phpstan/phpstan-deprecation-rules/rules.neon |
| 4 | + - vendor/phpstan/phpstan-phpunit/extension.neon |
| 5 | + - vendor/phpstan/phpstan-phpunit/rules.neon |
| 6 | + - vendor/phpstan/phpstan-symfony/extension.neon |
| 7 | + - vendor/phpstan/phpstan-symfony/rules.neon |
| 8 | + |
1 | 9 | parameters: |
2 | 10 | level: max |
3 | 11 | paths: |
4 | 12 | - src |
| 13 | + - tests |
| 14 | + reportIgnoresWithoutComments: true |
| 15 | + |
| 16 | + ignoreErrors: |
| 17 | + # PHPUnit declares assertions as static methods on `Assert`, but the |
| 18 | + # pervasive idiom is `$this->assertX()`. phpstan-phpunit handles type |
| 19 | + # narrowing for these but doesn't override strict-rules' judgment that |
| 20 | + # this is a dynamic call to a static method. |
| 21 | + - |
| 22 | + identifier: staticMethod.dynamicCall |
| 23 | + path: tests/* |
| 24 | + |
| 25 | + # Test fixture/helper PHPDoc completeness — out of scope for the static |
| 26 | + # analysis hardening; can be tightened as a follow-up. |
| 27 | + - |
| 28 | + identifier: missingType.generics |
| 29 | + path: tests/* |
| 30 | + - |
| 31 | + identifier: missingType.iterableValue |
| 32 | + path: tests/* |
| 33 | + - |
| 34 | + identifier: missingType.return |
| 35 | + path: tests/* |
| 36 | + |
| 37 | + # Symfony's Processor returns an untyped array; phpstan-symfony narrows |
| 38 | + # many other Symfony APIs but does not type processConfiguration's result |
| 39 | + # from a Configuration definition. The tests probe specific keys precisely |
| 40 | + # *because* the production code does. |
| 41 | + - |
| 42 | + identifier: argument.type |
| 43 | + path: tests/DependencyInjection/ConfigurationTest.php |
| 44 | + - |
| 45 | + identifier: offsetAccess.nonOffsetAccessible |
| 46 | + path: tests/DependencyInjection/ConfigurationTest.php |
| 47 | + |
| 48 | + # `validateClaims` throws `ValidationException`, but the throw happens behind |
| 49 | + # the abstract `authenticate()` the test fixture overrides, so PHPStan's |
| 50 | + # throw-type analysis can't see it reach the catch. The test deliberately |
| 51 | + # asserts the wrap behaviour by catching the concrete type. |
| 52 | + - |
| 53 | + identifier: catch.neverThrown |
| 54 | + path: tests/Security/OpenIdLoginAuthenticatorTest.php |
| 55 | + |
| 56 | + # Manager tests assert `getProvider()` returns an `OpenIdConfigurationProvider` |
| 57 | + # as a "didn't throw on construction" smoke check. The return type already |
| 58 | + # guarantees the class, so phpstan-phpunit flags the assertion as redundant. |
| 59 | + # A follow-up should replace these with behavioural assertions on the |
| 60 | + # constructed provider; until then the assertion documents intent. |
| 61 | + - |
| 62 | + identifier: method.alreadyNarrowedType |
| 63 | + path: tests/Security/OpenIdConfigurationProviderManagerTest.php |
0 commit comments