Add allowExceptParamsAnywhere and disallowParamsAnywhere aliases

CLAUDE.md

@@ -18,7 +18,7 @@ Test classes live in `tests/Calls/`, `tests/Usages/`, `tests/ControlStructures/`
 
 `extension.neon` is the entry point wiring all rules together. It also defines the NEON schema for all config options — type declarations like `string()`, `int()`, `bool()` are enforced by NEON at config parse time, before any PHP runs. This means defensive runtime checks for wrong-typed config values (e.g. an array where a string is expected) are unnecessary when using the extension normally through PHPStan. Each feature has its own documentation file in `docs/` — new features get their own doc or extend an existing one.
 
-`disallow*` config keys are generally aliases for their `allowExcept*` counterparts, handled in `AllowedConfigFactory`.
+`disallow*` and `allowExcept*` config keys are equally valid alternatives for the same behaviour, handled in `AllowedConfigFactory`. Config keys follow a `*Anywhere` / `*InAllowed` naming convention — bare names without these suffixes (e.g. `allowExceptParams`, `disallowParams`) are legacy and kept for backwards compatibility; new keys should use the suffixed form (`allowExceptParamsAnywhere` and `disallowParamsAnywhere` are equally valid). Each new alias should have its own test — the schema and factory both use plain strings so a typo wouldn't be caught by PHPStan.
 
 ## Commit message style
 

docs/allow-with-parameters.md

@@ -70,7 +70,7 @@ Such configuration only makes sense when both the parameters of `log()` are opti
 Sometimes, it's handy to disallow a function or a method call only when a parameter matches a configured value but allow it otherwise. _Please note that currently only scalar values are supported, not arrays._
 
 For example the `hash()` function, it's fine using it with algorithm families like SHA-2 & SHA-3 (not for passwords though) but you'd like PHPStan to report when it's used with MD5 like `hash('md5', ...)`.
-You can use `allowExceptParams` (or `disallowParams`), `allowExceptCaseInsensitiveParams` (or `disallowCaseInsensitiveParams`), `allowExceptParamsInAllowed` (or `disallowParamsInAllowed`) config options to disallow only some calls:
+You can use `allowExceptParamsAnywhere` (or `disallowParamsAnywhere`), `allowExceptCaseInsensitiveParams` (or `disallowCaseInsensitiveParams`), `allowExceptParamsInAllowed` (or `disallowParamsInAllowed`) config options to disallow only some calls:
 
 ```neon
 parameters:
@@ -85,20 +85,22 @@ parameters:
 ```
 
 This will disallow `hash()` call where the first parameter (or the named parameter `algo`) is `'md5'`. `allowExceptCaseInsensitiveParams` is used because the first parameter of `hash()` is case-insensitive (so you can also use `'MD5'`, or even `'Md5'` & `'mD5'` if you wish).
-To disallow only exact matches, use `allowExceptParams`:
+To disallow only exact matches, use `allowExceptParamsAnywhere` (or `disallowParamsAnywhere`):
 
 ```neon
 parameters:
     disallowedFunctionCalls:
         -
             function: 'foo()'
-            allowExceptParams:
+            allowExceptParamsAnywhere:
                 -
                     position: 2
                     value: 'baz'
 ```
 will disallow `foo('bar', 'baz')` but not `foo('bar', 'BAZ')`.
 
+The older `allowExceptParams` (or `disallowParams`) config option is still supported but new configs should use `allowExceptParamsAnywhere` (or `disallowParamsAnywhere`) as they are more self-describing.
+
 If you don't care about the value but would like to disallow a call based just on the parameter presence, you can use `allowExceptParamsAnyValue` (or `disallowParamsAnyValue`):
 ```neon
 parameters:

extension.neon

@@ -118,6 +118,8 @@ parametersSchema:
 			?allowExceptParamFlagsInAllowed: arrayOf(anyOf(int(), structure([position: int(), ?value: int(), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParamFlagsInAllowed: arrayOf(anyOf(int(), structure([position: int(), ?value: int(), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParamsInAllowed: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
+			?allowExceptParamsAnywhere: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
+			?disallowParamsAnywhere: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?allowExceptParams: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParams: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?allowExceptParamsAnyValue: arrayOf(anyOf(int(), structure([position: int(), ?name: string()])), anyOf(int(), string())),
@@ -171,6 +173,8 @@ parametersSchema:
 			?allowExceptParamFlagsInAllowed: arrayOf(anyOf(int(), structure([position: int(), ?value: int(), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParamFlagsInAllowed: arrayOf(anyOf(int(), structure([position: int(), ?value: int(), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParamsInAllowed: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
+			?allowExceptParamsAnywhere: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
+			?disallowParamsAnywhere: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?allowExceptParams: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParams: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?allowExceptParamsAnyValue: arrayOf(anyOf(int(), structure([position: int(), ?name: string()])), anyOf(int(), string())),
@@ -224,6 +228,8 @@ parametersSchema:
 			?allowExceptParamFlagsInAllowed: arrayOf(anyOf(int(), structure([position: int(), ?value: int(), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParamFlagsInAllowed: arrayOf(anyOf(int(), structure([position: int(), ?value: int(), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParamsInAllowed: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
+			?allowExceptParamsAnywhere: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
+			?disallowParamsAnywhere: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?allowExceptParams: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParams: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?allowExceptParamsAnyValue: arrayOf(anyOf(int(), structure([position: int(), ?name: string()])), anyOf(int(), string())),
@@ -372,6 +378,8 @@ parametersSchema:
 			?allowExceptParamFlagsInAllowed: arrayOf(anyOf(int(), structure([position: int(), ?value: int(), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParamFlagsInAllowed: arrayOf(anyOf(int(), structure([position: int(), ?value: int(), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParamsInAllowed: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
+			?allowExceptParamsAnywhere: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
+			?disallowParamsAnywhere: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?allowExceptParams: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?disallowParams: arrayOf(anyOf(int(), string(), bool(), structure([position: int(), ?value: anyOf(int(), string(), bool()), ?typeString: string(), ?name: string()])), anyOf(int(), string())),
 			?allowExceptParamsAnyValue: arrayOf(anyOf(int(), structure([position: int(), ?name: string()])), anyOf(int(), string())),

phpstan.neon

@@ -8,7 +8,7 @@ parameters:
 		CallParamConfig: 'array<int|string, int|bool|string|array{position:int, value?:int|bool|string, name?:string}>'
 		CallParamAnyValueConfig: 'array<int|string, int|string|array{position:int, value?:int|bool|string, name?:string}>'
 		CallParamFlagAnyValueConfig: 'array<int|string, int|array{position:int, value?:int, name?:string}>'
-		AllowParamDirectives: 'allowParamsInAllowed?:CallParamConfig, allowParamsInAllowedAnyValue?:CallParamAnyValueConfig, allowParamFlagsInAllowed?:CallParamFlagAnyValueConfig, allowParamsAnywhere?:CallParamConfig, allowParamsAnywhereAnyValue?:CallParamAnyValueConfig, allowParamFlagsAnywhere?:CallParamFlagAnyValueConfig, allowExceptParamsInAllowed?:CallParamConfig, allowExceptParamFlagsInAllowed?:CallParamFlagAnyValueConfig, disallowParamFlagsInAllowed?:CallParamFlagAnyValueConfig, disallowParamsInAllowed?:CallParamConfig, allowExceptParams?:CallParamConfig, disallowParams?:CallParamConfig, allowExceptParamsAnyValue?:CallParamAnyValueConfig, disallowParamsAnyValue?:CallParamAnyValueConfig, allowExceptParamFlags?:CallParamFlagAnyValueConfig, disallowParamFlags?:CallParamFlagAnyValueConfig, allowExceptCaseInsensitiveParams?:CallParamConfig, disallowCaseInsensitiveParams?:CallParamConfig'
+		AllowParamDirectives: 'allowParamsInAllowed?:CallParamConfig, allowParamsInAllowedAnyValue?:CallParamAnyValueConfig, allowParamFlagsInAllowed?:CallParamFlagAnyValueConfig, allowParamsAnywhere?:CallParamConfig, allowParamsAnywhereAnyValue?:CallParamAnyValueConfig, allowParamFlagsAnywhere?:CallParamFlagAnyValueConfig, allowExceptParamsInAllowed?:CallParamConfig, allowExceptParamFlagsInAllowed?:CallParamFlagAnyValueConfig, disallowParamFlagsInAllowed?:CallParamFlagAnyValueConfig, disallowParamsInAllowed?:CallParamConfig, allowExceptParamsAnywhere?:CallParamConfig, disallowParamsAnywhere?:CallParamConfig, allowExceptParams?:CallParamConfig, disallowParams?:CallParamConfig, allowExceptParamsAnyValue?:CallParamAnyValueConfig, disallowParamsAnyValue?:CallParamAnyValueConfig, allowExceptParamFlags?:CallParamFlagAnyValueConfig, disallowParamFlags?:CallParamFlagAnyValueConfig, allowExceptCaseInsensitiveParams?:CallParamConfig, disallowCaseInsensitiveParams?:CallParamConfig'
 		AllowAttributesDirectives: 'allowInClassWithAttributes?:list<string>, allowExceptInClassWithAttributes?:list<string>, disallowInClassWithAttributes?:list<string>, allowInFunctionsWithAttributes?:list<string>, allowInMethodsWithAttributes?:list<string>, allowExceptInFunctionsWithAttributes?:list<string>, allowExceptInMethodsWithAttributes?:list<string>, disallowInFunctionsWithAttributes?:list<string>, disallowInMethodsWithAttributes?:list<string>, allowInClassWithMethodAttributes?:list<string>, allowExceptInClassWithMethodAttributes?:list<string>, disallowInClassWithMethodAttributes?:list<string>'
 		AllowDirectives: 'allowIn?:list<string>, allowExceptIn?:list<string>, disallowIn?:list<string>, allowInFunctions?:list<string>, allowInMethods?:list<string>, allowExceptInFunctions?:list<string>, allowExceptInMethods?:list<string>, disallowInFunctions?:list<string>, disallowInMethods?:list<string>, allowInInstanceOf?:list<string>, allowExceptInInstanceOf?:list<string>, disallowInInstanceOf?:list<string>, allowInParamTypes?:bool, allowExceptInParamTypes?:bool, disallowInParamTypes?:bool, allowInReturnType?:bool, allowExceptInReturnType?:bool, disallowInReturnType?:bool, %typeAliases.AllowParamDirectives%, %typeAliases.AllowAttributesDirectives%'
 		ForbiddenCallsConfig: 'array<array{function?:string|list<string>, method?:string|list<string>, exclude?:string|list<string>, definedIn?:string|list<string>, message?:string, %typeAliases.AllowDirectives%, errorIdentifier?:string, errorTip?:string|list<string>}>'

src/Allowed/AllowedConfigFactory.php

@@ -108,7 +108,7 @@ public function getConfig(array $allowed): AllowedConfig
 		foreach ($allowed['allowExceptParamFlagsInAllowed'] ?? $allowed['disallowParamFlagsInAllowed'] ?? [] as $param => $value) {
 			$allowExceptParamsInAllowed[$param] = $this->paramFactory(ParamValueFlagExcept::class, $param, $value);
 		}
-		foreach ($allowed['allowExceptParams'] ?? $allowed['disallowParams'] ?? [] as $param => $value) {
+		foreach ($allowed['allowExceptParamsAnywhere'] ?? $allowed['disallowParamsAnywhere'] ?? $allowed['allowExceptParams'] ?? $allowed['disallowParams'] ?? [] as $param => $value) {
 			$allowExceptParams[$param] = $this->paramFactory(ParamValueExcept::class, $param, $value);
 		}
 		foreach ($allowed['allowExceptParamsAnyValue'] ?? $allowed['disallowParamsAnyValue'] ?? [] as $param => $value) {

tests/Calls/FunctionCallsTypeStringParamsTest.php

@@ -199,6 +199,24 @@ protected function getRule(): Rule
 						],
 					],
 				],
+				[
+					'function' => '\Foo\Bar\Waldo\paramsAnywhereAlias()',
+					'allowExceptParamsAnywhere' => [
+						[
+							'position' => 1,
+							'typeString' => "'forbidden'",
+						],
+					],
+				],
+				[
+					'function' => '\Foo\Bar\Waldo\paramsAnywhereDisallowAlias()',
+					'disallowParamsAnywhere' => [
+						[
+							'position' => 1,
+							'typeString' => "'forbidden'",
+						],
+					],
+				],
 				[
 					'function' => '\Foo\Bar\Waldo\mixedParam1()',
 					'allowIn' => [
@@ -305,6 +323,14 @@ public function testRule(): void
 				'Calling Foo\Bar\Waldo\zeroParam() is forbidden.',
 				35,
 			],
+			[
+				'Calling Foo\Bar\Waldo\paramsAnywhereAlias() is forbidden.',
+				36,
+			],
+			[
+				'Calling Foo\Bar\Waldo\paramsAnywhereDisallowAlias() is forbidden.',
+				38,
+			],
 		]);
 		$this->analyse([__DIR__ . '/../src/disallowed-allow/functionCallsTypeStringParams.php'], [
 			[
@@ -339,6 +365,14 @@ public function testRule(): void
 				'Calling Foo\Bar\Waldo\zeroParam() is forbidden.',
 				35,
 			],
+			[
+				'Calling Foo\Bar\Waldo\paramsAnywhereAlias() is forbidden.',
+				36,
+			],
+			[
+				'Calling Foo\Bar\Waldo\paramsAnywhereDisallowAlias() is forbidden.',
+				38,
+			],
 		]);
 	}
 

tests/Usages/NamespaceUsagesAllowInClassWithAttributesTest.php

@@ -137,27 +137,27 @@ public function testRule(): void
 		$this->analyse([__DIR__ . '/../src/Functions.php'], [
 			[
 				'Class PhpOption\None is forbidden.',
-				88,
+				96,
 			],
 			[
 				'Class PhpOption\Some is forbidden.',
-				88,
+				96,
 			],
 			[
 				'Class PhpOption\None is forbidden.',
-				88,
+				96,
 			],
 			[
 				'Class PhpOption\Some is forbidden.',
-				88,
+				96,
 			],
 			[
 				'Class PhpOption\None is forbidden.',
-				90,
+				98,
 			],
 			[
 				'Class PhpOption\Some is forbidden.',
-				91,
+				99,
 			],
 		]);
 	}

tests/src/Functions.php

@@ -73,6 +73,14 @@ function zeroParam(int $param): void
 {
 }
 
+function paramsAnywhereAlias(string $param): void
+{
+}
+
+function paramsAnywhereDisallowAlias(string $param): void
+{
+}
+
 use PhpOption\None;
 use PhpOption\Some;
 use Waldo\Quux\Blade;

tests/src/disallowed-allow/functionCallsTypeStringParams.php

@@ -33,3 +33,7 @@
 \Foo\Bar\Waldo\mixedParam1(new Exception); // not a disallowed param
 \Foo\Bar\Waldo\zeroParam(0); // allowed param
 \Foo\Bar\Waldo\zeroParam(1); // disallowed param
+\Foo\Bar\Waldo\paramsAnywhereAlias('forbidden'); // disallowed param
+\Foo\Bar\Waldo\paramsAnywhereAlias('ok'); // allowed param
+\Foo\Bar\Waldo\paramsAnywhereDisallowAlias('forbidden'); // disallowed param
+\Foo\Bar\Waldo\paramsAnywhereDisallowAlias('ok'); // allowed param

tests/src/disallowed/functionCallsTypeStringParams.php

@@ -33,3 +33,7 @@
 \Foo\Bar\Waldo\mixedParam1(new Exception); // disallowed
 \Foo\Bar\Waldo\zeroParam(0); // allowed param
 \Foo\Bar\Waldo\zeroParam(1); // disallowed param
+\Foo\Bar\Waldo\paramsAnywhereAlias('forbidden'); // disallowed param
+\Foo\Bar\Waldo\paramsAnywhereAlias('ok'); // allowed param
+\Foo\Bar\Waldo\paramsAnywhereDisallowAlias('forbidden'); // disallowed param
+\Foo\Bar\Waldo\paramsAnywhereDisallowAlias('ok'); // allowed param