DavidGarciaCat/.sensiolabs.yml

## .sensiolabs.yml
rules:
  # CRITICAL - SECURITY
  # Projects must not depend on dependencies with known security issues
  composer.security_issue_in_composer:
    enabled: true
  # Database queries should use parameter binding
  doctrine.database_query_contains_string_and_variable_concatenation:
    enabled: true
  # PHP debug statements found
  php.debug_statements:
    enabled: true
  # eval() should never be used
  php.use_php_eval_function:
    enabled: true
  # Confidential parameters should not be committed to the repository
  symfony.app.confidential_parameters_file_present_in_repository:
    enabled: true
  # Sensitive data should not be present in non-parameter configuration files
  symfony.app.sensitive_data_found_in_application_configuration:
    enabled: true
  # Exceptions should not be enabled in production
  symfony.exceptions_enabled_in_production:
    enabled: true
  # Symfony2 secret should be changed
  symfony.obvious_csrf_key:
    enabled: true
  # Twig auto-escaping must be enabled.
  twig.disabled_escaper:
    enabled: true
  # Website should be protected against XSSVulnerability
  twig.xss_vulnerability:
    enabled: true
  # CRITICAL - BUGRISK
  # Dependencies not installable
  composer.dependencies_not_installable:
    enabled: true
  # PHP files should not contain syntax errors
  php.php_syntax_error:
    enabled: true
  # YAML files should not contain syntax error
  symfony.configuration.yaml_syntax_error:
    enabled: true
  # The Symfony version should be maintained
  symfony.version.end_of_life:
    enabled: true
  # Twig templates should not have syntax errors
  twig.twig_syntax_error:
    enabled: true
  # XML files should not contain syntax error
  xml.syntax_error:
    enabled: true
  # CRITICAL - PERFORMANCE
  # Logging should not be verbose in production
  symfony.verbose_logging_in_production:
    enabled: true
  # MAJOR - SECURITY
  # Files should not be executable
  php.too_permissive_file_permissions:
    enabled: true
    allowed_dirs:
      - bin
      - scripts
  # Strong password hashing algorithm should be used for password
  symfony.security.insecure_password_hashing_algorithm:
    enabled: true
  # Public directory should not contain PHP files
  symfony.web.contains_php_files:
    enabled: true
  # Symfony applications should not contain a config.php file
  symfony.web_config_should_not_be_present:
    enabled: true
  # Twig templates should not use the debug tag
  twig.debug_enabled:
    enabled: true
  # MAJOR - BUGRISK
  # The composer.json file should be valid
  composer.invalid_file:
    enabled: true
  # The Doctrine schema should be valid.
  doctrine.invalid_schema:
    enabled: true
  # Logical operators should be avoided
  php.boolean_statement:
    enabled: true
  # PHP configuration should not be changed dynamically
  php.dynamically_change_configuration:
    enabled: true
  # Missing use statement should be avoided
  php.missing_use_statement:
    enabled: true
  # Static method should not contain $this reference
  php.static_method_should_not_use_this:
    enabled: true
  # exit() and die() functions should be avoided
  php.use_exit_function:
    enabled: true
    ignore_files:
      - web/config.php
  # POSIX regex functions should never be used
  php.use_php_ereg_function:
    enabled: true
  # A Symfony2 application should be bootable
  symfony.application_not_bootable:
    enabled: true
  # The response should be redirected after posting data to an action
  symfony.controller.missing_redirect_after_post:
    enabled: true
  # Absolute path constants __DIR__ and __FILE__ should not be used
  symfony.dependency_injection.use_dir_file_constant:
    enabled: true
  # The request service should never be injected
  symfony.inject_request_service:
    enabled: true
  # Method Request::createFromGlobals should not be used
  symfony.request.use_create_from_globals:
    enabled: true
  # Symfony applications should not throw AccessDeniedHttpException
  symfony.security.throw_access_denied_http_exception:
    enabled: true
  # Sessions should not be saved in the cache directory
  symfony.sessions_in_cache_directory:
    enabled: true
  # The Twig service should be bootable
  symfony.twig_not_bootable:
    enabled: true
  # PHP response functions should not be used
  symfony.use_php_response_function:
    enabled: true
  # PHP session functions should not be used
  symfony.use_php_session_function:
    enabled: true
  # PHP super globals should never be used
  symfony.use_super_globals:
    enabled: true
  # The Symfony version should be maintained
  symfony.version.out_of_maintenance:
    enabled: true
  # Web bundles/ folder should not be present in repository
  symfony.web.web_bundle_folder_present_in_repository:
    enabled: true
  # Source code should not contain FIXME comments
  task_fixme_comment:
    enabled: true
  # Twig should not use strict variables
  twig.disabled_strict_variable:
    enabled: true
  # Files should be encoded in UTF-8
  web.non_utf8_encoding:
    enabled: true
  # MAJOR - PERFORMANCE
  # The EntityManager should not be flushed within a loop
  doctrine.use_flush_in_loop:
    enabled: true
  # Folders should not have too many files for performance
  php.too_many_files_per_folder_for_performance:
    enabled: true
    max_count: 10000
  # sleep() should not be used
  php.use_php_sleep_function:
    enabled: true
  # Twig should not use auto reload
  twig.auto_reload_enabled:
    enabled: true
  # Web applications should contain a favicon
  web.missing_favicon:
    enabled: true
  # Web applications should contain a robots.txt file
  web.missing_robots_txt:
    enabled: true
  # MAJOR - ARCHITECTURE
  # Third party component licenses should be compatible with project license
  php.contaminant_third_party_component_license:
    enabled: true
  # Global variable or function should never be used
  php.use_global_variable_or_function:
    enabled: true
  # A GET action should not modify an existing resource
  symfony.controller.get_action_mutates_resource:
    enabled: true
  # Public methods in controller classes should only be actions
  symfony.controller.non_action_public_method_in_controller_class:
    enabled: true
  # Controllers should contain a small set of actions
  symfony.controller.too_many_actions_per_controller:
    enabled: true
    max_count: 10
    threshold: 5
  # Print statements found
  symfony.print_statements:
    enabled: true
  # PHP database functions should not be used
  symfony.use_php_database_function:
    enabled: true
  # Twig templates should not contain business logic
  twig.template_too_complex:
    enabled: true
    max_depth: 5
  # MAJOR - DEADCODE
  # Your project should not contain the AcmeDemoBundle example bundle
  symfony.acme_bundle_found:
    enabled: true
  # Routes should reference existing actions
  symfony.routing.route_references_non_existent_action:
    enabled: true
  # MAJOR - READABILITY
  # Symfony controller action method should not be too long
  symfony.controller.action_method_too_long:
    enabled: true
    max_length: 20
    threshold: 10
  # MINOR - SECURITY
  # Default session cookie's name should be changed.
  symfony.request.session_cookie_default_name:
    enabled: true
  # MINOR - BUGRISK
  # Version of dependencies should be fixed
  composer.unfixed_dependency_version:
    enabled: true
  # No absolute path should be hard-coded
  php.absolute_path_present:
    enabled: true
    allowed_paths:
      - /dev
      - /etc
      - /proc
  # PHPUnit should be able to run all PHP tests
  php.neglected_tests:
    enabled: true
  # Object parameters should be type hinted
  php.object_parameter_not_type_hinted:
    enabled: true
  # Error silenced by the at sign (@)
  php.silenced_error:
    enabled: true
    function_whitelist:
      - unlink
      - fopen
      - fwrite
      - fclose
      - rename
      - chmod
      - mkdir
      - rmdir
      - file_put_contents
      - move_uploaded_file
      - chgrp
      - lchgrp
      - chown
      - lchown
      - touch
      - symlink
      - highlight_file
      - ftp_get
      - ftp_close
      - ftp_size
      - ftp_chdir
      - ftp_delete
      - ftp_rmdir
      - ftp_put
      - ftp_mkdir
      - ftp_chmod
      - ftp_nlist
  # Boolean should be compared strictly
  php.strict_boolean_comparison_should_be_used:
    enabled: true
  # Avoid using deprecated PHP functions
  php.use_deprecated_function:
    enabled: true
  # The Symfony version should be the latest stable one
  symfony.version.latest_stable:
    enabled: true
  # MINOR - PERFORMANCE
  # Usage of a function in loops should be avoided
  php.for_loop_uses_test_function:
    enabled: true
  # The boot method in a bundle should be empty
  symfony.bundle_boot_method_should_be_empty:
    enabled: true
  # There should not be too many ESI inclusions
  symfony.templating.too_many_esi_inclusions:
    enabled: true
  # MINOR - ARCHITECTURE
  # HTML links should not contain javascript
  html.html_link_contains_javascript:
    enabled: true
  # Code should not be duplicated
  php.duplicated_code:
    enabled: true
  # Template should not have too many variables
  symfony.controller.too_many_template_variables:
    enabled: true
    max_count: 6
    threshold: 5
  # The Symfony Dependency Injection Container should not be passed as an argument
  symfony.dependency_injection.no_container_as_parameter:
    enabled: true
  # The Doctrine Entity Manager should not be passed as an argument
  symfony.dependency_injection.no_entity_manager_as_parameter:
    enabled: true
  # Include statements should not be used
  symfony.include_statement_used:
    enabled: true
  # Source code should not contain TODO comments
  task_todo_comment:
    enabled: true
  # Source code should not contain XXX comments
  task_xxx_comment:
    enabled: true
  # MINOR - DEADCODE
  # Commented code should not be committed
  php.commented_out_code:
    enabled: true
  # PHP code should not contain unreachable code
  php.unreachable_code:
    enabled: true
  # Unused method, property, variable or parameter
  php.unused_local_variable_or_private_member:
    enabled: true
  # Unused use statement should be avoided
  php.unused_use_statement:
    enabled: true
  # Cache or log files should not be committed
  symfony.app.cache_or_log_file_in_repository:
    enabled: true
  # MINOR - READABILITY
  # PHP classes should be short
  php.class_too_long:
    enabled: true
    max_length: 500
    threshold: 5
  # PHP methods should not contain too much logic
  php.method_too_long:
    enabled: true
    max_length: 50
    threshold: 5
  # MINOR - CODESTYLE
  # User specific files should not appear in .gitignore
  git.user_specific_ignored_file:
    enabled: true
  # Boolean property should not be prefixed by "is"
  php.bad_mutator_method_name_for_boolean_property:
    enabled: true
  # Form types should be in Form/Type folders
  symfony.form.form_type_not_in_type_form_folder:
    enabled: true
  # Templates should not be too long
  twig.template_too_long:
    enabled: true
    max_length: 200
    threshold: 5
  # INFO - SECURITY
  # Symfony error pages should be customised
  symfony.configuration.error_pages_should_be_customised:
    enabled: true
  # A route should always have a valid HTTP method
  symfony.routing.action_not_restricted_by_method:
    enabled: true
  # Default favicon should be changed
  web.default_favicon:
    enabled: true
  # INFO - BUGRISK
  # The composer.lock is not up to date.
  composer.outdated_lock_file:
    enabled: true
  # The composer.json file should not raise warnings
  composer.warning:
    enabled: true
  # PHP short tags should not be used
  php.use_php_short_open_tag:
    enabled: true
  # INFO - PERFORMANCE
  # .htaccess should be avoided
  web.apache_config:
    enabled: true
  # INFO - ARCHITECTURE
  # Deprecated class usage found
  third_party.use_deprecated_class:
    enabled: true
  # Deprecated class found in service definition
  third_party.use_deprecated_service:
    enabled: true
  # INFO - CODESTYLE
  # Project files should not mix end of lines
  invalid_e_o_l:
    enabled: true
    eol: unix
  # Text files should end with a newline character
  missing_e_o_l:
    enabled: true
  # Class should be unique per PHP file
  php.file_contains_more_than_one_class:
    enabled: true
  # Interfaces names should end with "Interface"
  php.interface_has_no_interface_suffix:
    enabled: true
    interface_name_pattern: /(Interface|Exception|able)$/
  # PHP code should follow PSR-1 basic coding standard
  php.psr1:
    enabled: true
	rules:
	# CRITICAL - SECURITY
	# Projects must not depend on dependencies with known security issues
	composer.security_issue_in_composer:
	enabled: true
	# Database queries should use parameter binding
	doctrine.database_query_contains_string_and_variable_concatenation:
	enabled: true
	# PHP debug statements found
	php.debug_statements:
	enabled: true
	# eval() should never be used
	php.use_php_eval_function:
	enabled: true
	# Confidential parameters should not be committed to the repository
	symfony.app.confidential_parameters_file_present_in_repository:
	enabled: true
	# Sensitive data should not be present in non-parameter configuration files
	symfony.app.sensitive_data_found_in_application_configuration:
	enabled: true
	# Exceptions should not be enabled in production
	symfony.exceptions_enabled_in_production:
	enabled: true
	# Symfony2 secret should be changed
	symfony.obvious_csrf_key:
	enabled: true
	# Twig auto-escaping must be enabled.
	twig.disabled_escaper:
	enabled: true
	# Website should be protected against XSSVulnerability
	twig.xss_vulnerability:
	enabled: true
	# CRITICAL - BUGRISK
	# Dependencies not installable
	composer.dependencies_not_installable:
	enabled: true
	# PHP files should not contain syntax errors
	php.php_syntax_error:
	enabled: true
	# YAML files should not contain syntax error
	symfony.configuration.yaml_syntax_error:
	enabled: true
	# The Symfony version should be maintained
	symfony.version.end_of_life:
	enabled: true
	# Twig templates should not have syntax errors
	twig.twig_syntax_error:
	enabled: true
	# XML files should not contain syntax error
	xml.syntax_error:
	enabled: true
	# CRITICAL - PERFORMANCE
	# Logging should not be verbose in production
	symfony.verbose_logging_in_production:
	enabled: true
	# MAJOR - SECURITY
	# Files should not be executable
	php.too_permissive_file_permissions:
	enabled: true
	allowed_dirs:
	- bin
	- scripts
	# Strong password hashing algorithm should be used for password
	symfony.security.insecure_password_hashing_algorithm:
	enabled: true
	# Public directory should not contain PHP files
	symfony.web.contains_php_files:
	enabled: true
	# Symfony applications should not contain a config.php file
	symfony.web_config_should_not_be_present:
	enabled: true
	# Twig templates should not use the debug tag
	twig.debug_enabled:
	enabled: true
	# MAJOR - BUGRISK
	# The composer.json file should be valid
	composer.invalid_file:
	enabled: true
	# The Doctrine schema should be valid.
	doctrine.invalid_schema:
	enabled: true
	# Logical operators should be avoided
	php.boolean_statement:
	enabled: true
	# PHP configuration should not be changed dynamically
	php.dynamically_change_configuration:
	enabled: true
	# Missing use statement should be avoided
	php.missing_use_statement:
	enabled: true
	# Static method should not contain $this reference
	php.static_method_should_not_use_this:
	enabled: true
	# exit() and die() functions should be avoided
	php.use_exit_function:
	enabled: true
	ignore_files:
	- web/config.php
	# POSIX regex functions should never be used
	php.use_php_ereg_function:
	enabled: true
	# A Symfony2 application should be bootable
	symfony.application_not_bootable:
	enabled: true
	# The response should be redirected after posting data to an action
	symfony.controller.missing_redirect_after_post:
	enabled: true
	# Absolute path constants __DIR__ and __FILE__ should not be used
	symfony.dependency_injection.use_dir_file_constant:
	enabled: true
	# The request service should never be injected
	symfony.inject_request_service:
	enabled: true
	# Method Request::createFromGlobals should not be used
	symfony.request.use_create_from_globals:
	enabled: true
	# Symfony applications should not throw AccessDeniedHttpException
	symfony.security.throw_access_denied_http_exception:
	enabled: true
	# Sessions should not be saved in the cache directory
	symfony.sessions_in_cache_directory:
	enabled: true
	# The Twig service should be bootable
	symfony.twig_not_bootable:
	enabled: true
	# PHP response functions should not be used
	symfony.use_php_response_function:
	enabled: true
	# PHP session functions should not be used
	symfony.use_php_session_function:
	enabled: true
	# PHP super globals should never be used
	symfony.use_super_globals:
	enabled: true
	# The Symfony version should be maintained
	symfony.version.out_of_maintenance:
	enabled: true
	# Web bundles/ folder should not be present in repository
	symfony.web.web_bundle_folder_present_in_repository:
	enabled: true
	# Source code should not contain FIXME comments
	task_fixme_comment:
	enabled: true
	# Twig should not use strict variables
	twig.disabled_strict_variable:
	enabled: true
	# Files should be encoded in UTF-8
	web.non_utf8_encoding:
	enabled: true
	# MAJOR - PERFORMANCE
	# The EntityManager should not be flushed within a loop
	doctrine.use_flush_in_loop:
	enabled: true
	# Folders should not have too many files for performance
	php.too_many_files_per_folder_for_performance:
	enabled: true
	max_count: 10000
	# sleep() should not be used
	php.use_php_sleep_function:
	enabled: true
	# Twig should not use auto reload
	twig.auto_reload_enabled:
	enabled: true
	# Web applications should contain a favicon
	web.missing_favicon:
	enabled: true
	# Web applications should contain a robots.txt file
	web.missing_robots_txt:
	enabled: true
	# MAJOR - ARCHITECTURE
	# Third party component licenses should be compatible with project license
	php.contaminant_third_party_component_license:
	enabled: true
	# Global variable or function should never be used
	php.use_global_variable_or_function:
	enabled: true
	# A GET action should not modify an existing resource
	symfony.controller.get_action_mutates_resource:
	enabled: true
	# Public methods in controller classes should only be actions
	symfony.controller.non_action_public_method_in_controller_class:
	enabled: true
	# Controllers should contain a small set of actions
	symfony.controller.too_many_actions_per_controller:
	enabled: true
	max_count: 10
	threshold: 5
	# Print statements found
	symfony.print_statements:
	enabled: true
	# PHP database functions should not be used
	symfony.use_php_database_function:
	enabled: true
	# Twig templates should not contain business logic
	twig.template_too_complex:
	enabled: true
	max_depth: 5
	# MAJOR - DEADCODE
	# Your project should not contain the AcmeDemoBundle example bundle
	symfony.acme_bundle_found:
	enabled: true
	# Routes should reference existing actions
	symfony.routing.route_references_non_existent_action:
	enabled: true
	# MAJOR - READABILITY
	# Symfony controller action method should not be too long
	symfony.controller.action_method_too_long:
	enabled: true
	max_length: 20
	threshold: 10
	# MINOR - SECURITY
	# Default session cookie's name should be changed.
	symfony.request.session_cookie_default_name:
	enabled: true
	# MINOR - BUGRISK
	# Version of dependencies should be fixed
	composer.unfixed_dependency_version:
	enabled: true
	# No absolute path should be hard-coded
	php.absolute_path_present:
	enabled: true
	allowed_paths:
	- /dev
	- /etc
	- /proc
	# PHPUnit should be able to run all PHP tests
	php.neglected_tests:
	enabled: true
	# Object parameters should be type hinted
	php.object_parameter_not_type_hinted:
	enabled: true
	# Error silenced by the at sign (@)
	php.silenced_error:
	enabled: true
	function_whitelist:
	- unlink
	- fopen
	- fwrite
	- fclose
	- rename
	- chmod
	- mkdir
	- rmdir
	- file_put_contents
	- move_uploaded_file
	- chgrp
	- lchgrp
	- chown
	- lchown
	- touch
	- symlink
	- highlight_file
	- ftp_get
	- ftp_close
	- ftp_size
	- ftp_chdir
	- ftp_delete
	- ftp_rmdir
	- ftp_put
	- ftp_mkdir
	- ftp_chmod
	- ftp_nlist
	# Boolean should be compared strictly
	php.strict_boolean_comparison_should_be_used:
	enabled: true
	# Avoid using deprecated PHP functions
	php.use_deprecated_function:
	enabled: true
	# The Symfony version should be the latest stable one
	symfony.version.latest_stable:
	enabled: true
	# MINOR - PERFORMANCE
	# Usage of a function in loops should be avoided
	php.for_loop_uses_test_function:
	enabled: true
	# The boot method in a bundle should be empty
	symfony.bundle_boot_method_should_be_empty:
	enabled: true
	# There should not be too many ESI inclusions
	symfony.templating.too_many_esi_inclusions:
	enabled: true
	# MINOR - ARCHITECTURE
	# HTML links should not contain javascript
	html.html_link_contains_javascript:
	enabled: true
	# Code should not be duplicated
	php.duplicated_code:
	enabled: true
	# Template should not have too many variables
	symfony.controller.too_many_template_variables:
	enabled: true
	max_count: 6
	threshold: 5
	# The Symfony Dependency Injection Container should not be passed as an argument
	symfony.dependency_injection.no_container_as_parameter:
	enabled: true
	# The Doctrine Entity Manager should not be passed as an argument
	symfony.dependency_injection.no_entity_manager_as_parameter:
	enabled: true
	# Include statements should not be used
	symfony.include_statement_used:
	enabled: true
	# Source code should not contain TODO comments
	task_todo_comment:
	enabled: true
	# Source code should not contain XXX comments
	task_xxx_comment:
	enabled: true
	# MINOR - DEADCODE
	# Commented code should not be committed
	php.commented_out_code:
	enabled: true
	# PHP code should not contain unreachable code
	php.unreachable_code:
	enabled: true
	# Unused method, property, variable or parameter
	php.unused_local_variable_or_private_member:
	enabled: true
	# Unused use statement should be avoided
	php.unused_use_statement:
	enabled: true
	# Cache or log files should not be committed
	symfony.app.cache_or_log_file_in_repository:
	enabled: true
	# MINOR - READABILITY
	# PHP classes should be short
	php.class_too_long:
	enabled: true
	max_length: 500
	threshold: 5
	# PHP methods should not contain too much logic
	php.method_too_long:
	enabled: true
	max_length: 50
	threshold: 5
	# MINOR - CODESTYLE
	# User specific files should not appear in .gitignore
	git.user_specific_ignored_file:
	enabled: true
	# Boolean property should not be prefixed by "is"
	php.bad_mutator_method_name_for_boolean_property:
	enabled: true
	# Form types should be in Form/Type folders
	symfony.form.form_type_not_in_type_form_folder:
	enabled: true
	# Templates should not be too long
	twig.template_too_long:
	enabled: true
	max_length: 200
	threshold: 5
	# INFO - SECURITY
	# Symfony error pages should be customised
	symfony.configuration.error_pages_should_be_customised:
	enabled: true
	# A route should always have a valid HTTP method
	symfony.routing.action_not_restricted_by_method:
	enabled: true
	# Default favicon should be changed
	web.default_favicon:
	enabled: true
	# INFO - BUGRISK
	# The composer.lock is not up to date.
	composer.outdated_lock_file:
	enabled: true
	# The composer.json file should not raise warnings
	composer.warning:
	enabled: true
	# PHP short tags should not be used
	php.use_php_short_open_tag:
	enabled: true
	# INFO - PERFORMANCE
	# .htaccess should be avoided
	web.apache_config:
	enabled: true
	# INFO - ARCHITECTURE
	# Deprecated class usage found
	third_party.use_deprecated_class:
	enabled: true
	# Deprecated class found in service definition
	third_party.use_deprecated_service:
	enabled: true
	# INFO - CODESTYLE
	# Project files should not mix end of lines
	invalid_e_o_l:
	enabled: true
	eol: unix
	# Text files should end with a newline character
	missing_e_o_l:
	enabled: true
	# Class should be unique per PHP file
	php.file_contains_more_than_one_class:
	enabled: true
	# Interfaces names should end with "Interface"
	php.interface_has_no_interface_suffix:
	enabled: true
	interface_name_pattern: /(Interface\|Exception\|able)$/
	# PHP code should follow PSR-1 basic coding standard
	php.psr1:
	enabled: true