composer require --dev psalm/plugin-symfony
vendor/bin/psalm-plugin enable psalm/plugin-symfony
- Detect
ContainerInterface::get()
result type. Works better if you configure compiled container XML file. - Detect return type of console arguments (
InputInterface::getArgument()
) and options (InputInterface::getOption()
). Enforces to use InputArgument and InputOption constants as a part of best practise. - Detects correct Doctrine repository class if entities are configured with annotations.
- Fixes
PossiblyInvalidArgument
forSymfony\Component\HttpFoundation\Request::getContent
. The plugin calculates real return type by checking the given argument and marks return type as either string or resource. - Detect return type of
Symfony\Component\HttpFoundation\HeaderBag::get
(by checking default value and third argument for < Symfony 4.4) - Detect return type of
Symfony\Component\Messenger\Envelope::last
andSymfony\Component\Messenger\Envelope::all
, based on the provided argument. - Taint analysis for Symfony
- Detects service and parameter naming convention violations
- Complains when
Container
is injected to a service. Use dependency-injection. - Fix false positive
PropertyNotSetInConstructor
issues- $container in AbstractController
- $context in ConstraintValidator classes
- properties in custom
@Annotation
classes
If you follow installation instructions, psalm-plugin command will add plugin configuration to psalm.xml
<?xml version="1.0"?>
<psalm errorLevel="1">
<!-- project configuration -->
<plugins>
<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin" />
</plugins>
</psalm>
To be able to detect return types of services using ID (generally starts with @
in Symfony YAML config files. Ex: logger
service)
containerXml
must be provided. Example:
<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin">
<containerXml>var/cache/dev/App_KernelDevDebugContainer.xml</containerXml>
</pluginClass>
This file path may change based on your Symfony version, file structure and environment settings. Default file for Symfony versions:
- Symfony 3: var/cache/dev/srcDevDebugProjectContainer.xml
- Symfony 4: var/cache/dev/srcApp_KernelDevDebugContainer.xml
- Symfony 5: var/cache/dev/App_KernelDevDebugContainer.xml
Multiple container files can be configured. In this case, first valid file is taken into account. If none of the given files is valid, configuration exception is thrown. Example:
<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin">
<containerXml>var/cache/dev/App_KernelDevDebugContainer.xml</containerXml>
<containerXml>var/cache/dev/App_KernelTestDebugContainer.xml</containerXml>
</pluginClass>
There are two approaches to including twig templates for taint analysis :
- one based on a specific file analyzer which uses the twig parser to taint twig's AST nodes
- one based on the already compiled twig templates
To leverage the real Twig file analyzer, you have to configure the .twig
extension as follows :
<fileExtensions>
<extension name=".php" />
<extension name=".twig" checker="./vendor/psalm/plugin-symfony/src/Twig/TemplateFileAnalyzer.php"/>
</fileExtensions>
To allow the analysis through the cached template files, you have to add the twigCachePath
entry to the plugin configuration :
<pluginClass class="Psalm\SymfonyPsalmPlugin\Plugin">
<twigCachePath>/cache/twig</twigCachePath>
</pluginClass>
- Plugin created by @seferov
- @weirdan for codeception psalm module