Can disallow control structures like else, elseif, goto (#257)

Checking params inside ( ... ) doesn't work at the moment, so you can disallow all `declare()`s but can't re-allow e.g. `declare(strict-types = 1)`.

If you try to disallow `else if` with the space, an exception will be thrown, because `else if` is parsed as `else` followed by `if`, so disallowing `else if` with the space wouldn't have the desired effect and the result would be unexpected.

Close #68

Author: spaze

composer.json

@@ -40,7 +40,7 @@
 	},
 	"scripts": {
 		"lint": "vendor/bin/parallel-lint --colors src/ tests/",
-		"lint-7.x": "vendor/bin/parallel-lint --colors src/ tests/ --exclude tests/src/TypesEverywhere.php --exclude tests/src/AttributesEverywhere.php --exclude tests/src/disallowed/functionCallsNamedParams.php --exclude tests/src/disallowed-allow/functionCallsNamedParams.php --exclude tests/src/disallowed/attributeUsages.php --exclude tests/src/disallowed-allow/attributeUsages.php --exclude tests/src/disallowed/constantDynamicUsages.php --exclude tests/src/disallowed-allow/constantDynamicUsages.php --exclude tests/src/Enums.php",
+		"lint-7.x": "vendor/bin/parallel-lint --colors src/ tests/ --exclude tests/src/TypesEverywhere.php --exclude tests/src/AttributesEverywhere.php --exclude tests/src/disallowed/functionCallsNamedParams.php --exclude tests/src/disallowed-allow/functionCallsNamedParams.php --exclude tests/src/disallowed/attributeUsages.php --exclude tests/src/disallowed-allow/attributeUsages.php --exclude tests/src/disallowed/constantDynamicUsages.php --exclude tests/src/disallowed-allow/constantDynamicUsages.php --exclude tests/src/Enums.php --exclude tests/src/disallowed/controlStructures.php --exclude tests/src/disallowed-allow/controlStructures.php",
 		"lint-8.0": "vendor/bin/parallel-lint --colors src/ tests/ --exclude tests/src/TypesEverywhere.php --exclude tests/src/AttributesEverywhere.php --exclude tests/src/disallowed/constantDynamicUsages.php --exclude tests/src/disallowed-allow/constantDynamicUsages.php --exclude tests/src/Enums.php",
 		"lint-8.1": "vendor/bin/parallel-lint --colors src/ tests/ --exclude tests/src/AttributesEverywhere.php --exclude tests/src/disallowed/constantDynamicUsages.php --exclude tests/src/disallowed-allow/constantDynamicUsages.php",
 		"lint-8.2": "vendor/bin/parallel-lint --colors src/ tests/ --exclude tests/src/disallowed/constantDynamicUsages.php --exclude tests/src/disallowed-allow/constantDynamicUsages.php",

docs/custom-rules.md

@@ -10,6 +10,7 @@ There are several different types (and configuration keys) that can be disallowe
 6. `disallowedSuperglobals` - for usages of superglobal variables like `$GLOBALS` or `$_POST`
 7. `disallowedAttributes` - for attributes like `#[Entity(class: Foo::class, something: true)]`
 8. `disallowedEnums` - for enums, both pure & backed, like `Suit::Hearts` (like class constants, enums need to be split to `enum: Suit` & `case: Hearts` in the configuration, see notes below)
+9. `disallowedControlStructures` - for control structures like `if`, `else`, `elseif`, loops, `require` & `include`, and `goto`
 
 Use them to add rules to your `phpstan.neon` config file. I like to use a separate file (`disallowed-calls.neon`) for these which I'll include later on in the main `phpstan.neon` config file. Here's an example, update to your needs:
 
@@ -165,10 +166,36 @@ You can treat some language constructs as functions and disallow it in `disallow
 
 To disallow naive object creation (`new ClassName()` or `new $classname`), disallow `NameSpace\ClassName::__construct` in `disallowedMethodCalls`. Works even when there's no constructor defined in that class.
 
+You can also disallow control structures, see below.
+
 ### Constants
 
 When [disallowing constants](disallowing-constants.md) please be aware of limitations and special requirements, see [docs](disallowing-constants.md).
 
 ### Enums
 
 Similar to disallowing constants, enums have some limitations, see [docs](disallowing-enums.md).
+
+### Control structures
+
+You can forbid [control structures](https://www.php.net/language.control-structures) like `if`, `else`, `elseif` (don't write it as `else if` because `else if` is parsed as `else` followed by `if` producing unexpected results), loops, `break`, `continue`, `goto`, `require`, `include` (and the `_once` variants).
+
+Currently, parameters are not checked, so it's not possible to disallow for example `declare`, but re-allow `declare(strict-types = 1)`.
+
+You can use `controlStructure` or `structure` directives, and both can be specified as arrays:
+```neon
+parameters:
+    disallowedControlStructures:
+        -
+            controlStructure:
+                - 'elseif'
+                - 'return'
+            allowIn:
+                - 'tests/foo/bar.php'
+        -
+            structure: 'goto'
+            message: "restructure the program's flow"
+            errorTip: 'https://xkcd.com/292/'
+            allowIn:
+                - 'tests/waldo.php'
+```

extension.neon

@@ -10,6 +10,7 @@ parameters:
 	disallowedEnums: []
 	disallowedSuperglobals: []
 	disallowedAttributes: []
+	disallowedControlStructures: []
 
 parametersSchema:
 	allowInRootDir: schema(string(), nullable())
@@ -224,13 +225,26 @@ parametersSchema:
 			?errorTip: string(),
 		])
 	)
+	disallowedControlStructures: listOf(
+		structure([
+			?controlStructure: anyOf(string(), listOf(string())),
+			?structure: anyOf(string(), listOf(string())),
+			?message: string(),
+			?allowIn: listOf(string()),
+			?allowExceptIn: list(string()),
+			?disallowIn: list(string()),
+			?errorIdentifier: string(),
+			?errorTip: string(),
+		])
+	)
 
 services:
 	- Spaze\PHPStan\Rules\Disallowed\Allowed\Allowed
 	- Spaze\PHPStan\Rules\Disallowed\Allowed\AllowedPath
 	- Spaze\PHPStan\Rules\Disallowed\DisallowedAttributeFactory
 	- Spaze\PHPStan\Rules\Disallowed\DisallowedCallFactory
 	- Spaze\PHPStan\Rules\Disallowed\DisallowedConstantFactory
+	- Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory
 	- Spaze\PHPStan\Rules\Disallowed\DisallowedNamespaceFactory
 	- Spaze\PHPStan\Rules\Disallowed\DisallowedSuperglobalFactory
 	- Spaze\PHPStan\Rules\Disallowed\File\FilePath(rootDir: %filesRootDir%)
@@ -239,6 +253,7 @@ services:
 	- Spaze\PHPStan\Rules\Disallowed\Normalizer\Normalizer
 	- Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedAttributeRuleErrors
 	- Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedConstantRuleErrors
+	- Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedControlStructureRuleErrors
 	- Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedMethodRuleErrors
 	- Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedNamespaceRuleErrors
 	- Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedCallsRuleErrors
@@ -312,3 +327,63 @@ services:
 		factory: Spaze\PHPStan\Rules\Disallowed\Usages\AttributeUsages(disallowedAttributes: %disallowedAttributes%)
 		tags:
 			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\BreakControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\ContinueControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\DeclareControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\DoWhileControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\ElseControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\ElseIfControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\ForControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\ForeachControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\GotoControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\IfControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\MatchControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\RequireIncludeControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\ReturnControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\SwitchControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule
+	-
+		factory: Spaze\PHPStan\Rules\Disallowed\ControlStructures\WhileControlStructure(disallowedControlStructures: @Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructureFactory::getDisallowedControlStructures(%disallowedControlStructures%))
+		tags:
+			- phpstan.rules.rule

src/ControlStructures/BreakControlStructure.php

@@ -0,0 +1,59 @@
+<?php
+declare(strict_types = 1);
+
+namespace Spaze\PHPStan\Rules\Disallowed\ControlStructures;
+
+use PhpParser\Node;
+use PhpParser\Node\Stmt\Break_;
+use PHPStan\Analyser\Scope;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleError;
+use PHPStan\ShouldNotHappenException;
+use Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructure;
+use Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedControlStructureRuleErrors;
+
+/**
+ * Reports on using the break control structure.
+ *
+ * @package Spaze\PHPStan\Rules\Disallowed
+ * @implements Rule<Break_>
+ */
+class BreakControlStructure implements Rule
+{
+
+	/** @var DisallowedControlStructureRuleErrors */
+	private $disallowedControlStructureRuleErrors;
+
+	/** @var list<DisallowedControlStructure> */
+	private $disallowedControlStructures;
+
+
+	/**
+	 * @param DisallowedControlStructureRuleErrors $disallowedControlStructureRuleErrors
+	 * @param list<DisallowedControlStructure> $disallowedControlStructures
+	 */
+	public function __construct(DisallowedControlStructureRuleErrors $disallowedControlStructureRuleErrors, array $disallowedControlStructures)
+	{
+		$this->disallowedControlStructureRuleErrors = $disallowedControlStructureRuleErrors;
+		$this->disallowedControlStructures = $disallowedControlStructures;
+	}
+
+
+	public function getNodeType(): string
+	{
+		return Break_::class;
+	}
+
+
+	/**
+	 * @param Break_ $node
+	 * @param Scope $scope
+	 * @return list<RuleError>
+	 * @throws ShouldNotHappenException
+	 */
+	public function processNode(Node $node, Scope $scope): array
+	{
+		return $this->disallowedControlStructureRuleErrors->get($scope, 'break', $this->disallowedControlStructures);
+	}
+
+}

src/ControlStructures/ContinueControlStructure.php

@@ -0,0 +1,59 @@
+<?php
+declare(strict_types = 1);
+
+namespace Spaze\PHPStan\Rules\Disallowed\ControlStructures;
+
+use PhpParser\Node;
+use PhpParser\Node\Stmt\Continue_;
+use PHPStan\Analyser\Scope;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleError;
+use PHPStan\ShouldNotHappenException;
+use Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructure;
+use Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedControlStructureRuleErrors;
+
+/**
+ * Reports on using the continue control structure.
+ *
+ * @package Spaze\PHPStan\Rules\Disallowed
+ * @implements Rule<Continue_>
+ */
+class ContinueControlStructure implements Rule
+{
+
+	/** @var DisallowedControlStructureRuleErrors */
+	private $disallowedControlStructureRuleErrors;
+
+	/** @var list<DisallowedControlStructure> */
+	private $disallowedControlStructures;
+
+
+	/**
+	 * @param DisallowedControlStructureRuleErrors $disallowedControlStructureRuleErrors
+	 * @param list<DisallowedControlStructure> $disallowedControlStructures
+	 */
+	public function __construct(DisallowedControlStructureRuleErrors $disallowedControlStructureRuleErrors, array $disallowedControlStructures)
+	{
+		$this->disallowedControlStructureRuleErrors = $disallowedControlStructureRuleErrors;
+		$this->disallowedControlStructures = $disallowedControlStructures;
+	}
+
+
+	public function getNodeType(): string
+	{
+		return Continue_::class;
+	}
+
+
+	/**
+	 * @param Continue_ $node
+	 * @param Scope $scope
+	 * @return list<RuleError>
+	 * @throws ShouldNotHappenException
+	 */
+	public function processNode(Node $node, Scope $scope): array
+	{
+		return $this->disallowedControlStructureRuleErrors->get($scope, 'continue', $this->disallowedControlStructures);
+	}
+
+}

src/ControlStructures/DeclareControlStructure.php

@@ -0,0 +1,59 @@
+<?php
+declare(strict_types = 1);
+
+namespace Spaze\PHPStan\Rules\Disallowed\ControlStructures;
+
+use PhpParser\Node;
+use PhpParser\Node\Stmt\Declare_;
+use PHPStan\Analyser\Scope;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleError;
+use PHPStan\ShouldNotHappenException;
+use Spaze\PHPStan\Rules\Disallowed\DisallowedControlStructure;
+use Spaze\PHPStan\Rules\Disallowed\RuleErrors\DisallowedControlStructureRuleErrors;
+
+/**
+ * Reports on using the declare control structure.
+ *
+ * @package Spaze\PHPStan\Rules\Disallowed
+ * @implements Rule<Declare_>
+ */
+class DeclareControlStructure implements Rule
+{
+
+	/** @var DisallowedControlStructureRuleErrors */
+	private $disallowedControlStructureRuleErrors;
+
+	/** @var list<DisallowedControlStructure> */
+	private $disallowedControlStructures;
+
+
+	/**
+	 * @param DisallowedControlStructureRuleErrors $disallowedControlStructureRuleErrors
+	 * @param list<DisallowedControlStructure> $disallowedControlStructures
+	 */
+	public function __construct(DisallowedControlStructureRuleErrors $disallowedControlStructureRuleErrors, array $disallowedControlStructures)
+	{
+		$this->disallowedControlStructureRuleErrors = $disallowedControlStructureRuleErrors;
+		$this->disallowedControlStructures = $disallowedControlStructures;
+	}
+
+
+	public function getNodeType(): string
+	{
+		return Declare_::class;
+	}
+
+
+	/**
+	 * @param Declare_ $node
+	 * @param Scope $scope
+	 * @return list<RuleError>
+	 * @throws ShouldNotHappenException
+	 */
+	public function processNode(Node $node, Scope $scope): array
+	{
+		return $this->disallowedControlStructureRuleErrors->get($scope, 'declare', $this->disallowedControlStructures);
+	}
+
+}