Generic.PHP.ForbiddenFunctions - for class methods

[nunoperalta]

Hello,

Is there any way I can provide a list of Forbidden Class Methods?

For classes I own, I know I can simply make them 'private' rather than 'public',
but for classes installed by Composer, it would be nice to forbid the use of some methods, to ensure an alternative method is used instead.

Thank you.

[C-Duv]

I have the same need: I need to forbid usage of Zend_Debug::dump() (a Zend Framework's version of var_dump()).

It seems PHP_CodeSniffer does not use the Scope Resolution Operator (also called Paamayim Nekudotayim or the double colon...
The  src/Tokenizers/PHP.php file mentions T_PAAMAYIM_NEKUDOTAYIM but it's never used in the rest of the code.
I didn't saw any existing Sniff related to method invocation I could hack from.

[ob-ivan]

And we would like to forbid calls to Exception::getTraceAsString(), also in subclasses. This is where the complexity kicks in: it is not enough to detect a method name lexically, the sniffer also needs to resolve the class name and unwind the parent class chain to figure out whether it is indeed the method in question. And this is where the autoloading comes into question: how shall the sniffer know where to look for the parent class at? What if the project uses a non-standard autoloader configuration?

[homersimpsons]

Looks like the following phpstan plugin allows to achieve this (I did not yet test any of these plugins):

• https://github.com/spaze/phpstan-disallowed-calls/tree/main
• https://github.com/shipmonk-rnd/phpstan-rules#forbidcustomfunctions-