In this short tutorial, we'll clone a test project and run NoVerify on it.
Installation. The easiest way is just to download a ready binary.
Clone a repository swiftmailer:
git clone https://github.com/i582/swiftmailer.git
cd swiftmailercomposer installWe need to install all the dependencies so that in the future NoVerify can find the definitions of functions and classes for correct analysis.
If you are using Windows and you have encountered errors during installation, then try running the command with the --ignore-platform-reqs flag.
composer install --ignore-platform-reqsWithout a valid
vendorfolder, NoVerify can generate many false positives.
Just run
noverify check ./libThis will lead to an errors:
...
<critical> WARNING strictCmp: Non-strict string comparison (use ===) at swiftmailer/lib/classes/Swift/Signers/DomainKeySigner.php:417
$nofws = ('nofws' == $this->canon);
^^^^^^^^^^^^^^^^^^^^^^^
<critical> WARNING parentConstructor: Missing parent::__construct() call at swiftmailer/lib/classes/Swift/Attachment.php:27
public function __construct($data = null, $filename = null, $contentType = null)
^^^^^^^^^^^
2021/07/08 16:13:19 Found 113 critical and 10 minor reports
From the errors, you can understand on which lines NoVerify gives errors, and also understand what kind of error it is. Also, you may notice that the errors occurred in different files.
This run will analyze all files from the ./lib folder, and it will also index the ./vendor folder and take function and class definitions from it for analyze.
As you can see NoVerify found quite a few bugs.
We have quite a few unused errors, let's disable them.
noverify check --exclude-checks='unused' ./libLet's run a analyze for just one check. For example with strictCmp.
noverify check --allow-checks='strictCmp' ./libNow we only see strictCmp errors.
NoVerify found a single place to rewrite, let's run just the assignOp check to see only those.
noverify check --allow-checks='assignOp' ./libOnly one error were found.
MAYBE assignOp: Could rewrite as `$compoundLevel ??= $this->getCompoundLevel($children)` at swiftmailer/lib/classes/Swift/Mime/SimpleMimeEntity.php:301
$compoundLevel = $compoundLevel ?? $this->getCompoundLevel($children);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Now let's fix them. For some checks, NoVerify can automatically fix found errors.
Run the following command for automatic fix.
noverify check --allow-checks='assignOp' --fix ./libNoVerify will fix the errors and if you run the check again:
noverify check --allow-checks='assignOp' ./libNo errors will be found.
Some of the checks are disabled by default, let's run NoVerify with them. The undefined check can give a lot of errors, so let's turn it off.
noverify check --allow-all-checks --exclude-checks='undefined' ./libIf you run a check for unused, you will see quite a few errors.
noverify check --allow-checks='unused' ./libBut if you look at them, you can see that most of them are variables named $null. Perhaps this is a way to show that the variable is not being used.
We need to match the name null, so a simple ^null$ regex will suffice.
Let's redefine the regex and run the analysis.
noverify check --unused-var-regex='^null$' --allow-checks='unused' ./libNow NoVerify only finds variables that do not match the regex.
The variable named $e is also not used in many places, it can also be disabled, but this may not be very good, since the name $e can be used elsewhere.
If we run a check:
noverify check --unused-var-regex='^null$|^e$' --allow-checks='unused' ./libThen only a single place will be found where the declared variable is not really used.
<critical> WARNING unused: Variable $name is unused (use $_ to ignore this inspection or specify --unused-var-regex flag) at swiftmailer/lib/classes/Swift/Mailer.php:73
foreach ($message->getTo() as $address => $name) {
^^^^^
In order to fix it, it is enough to rename the variable to $null.
You can read about other possible options for configuring the analysis on the Configuration page.
This project will also come in handy when you start reading the Baseline mode page.