Add ExposePublicPropsShouldBeFalseRule
#3
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Owner
Kocal
commented
Nov 23, 2025
Kocal
commented
| Q | A |
|---|---|
| Bug fix? | no |
| New feature? | yes |
| Tests pass? | yes |
| Fixed tickets | Close #... |
Kocal
force-pushed
the
ExposePublicPropsShouldBeFalseRule
branch
from
05bb612 to
25f0c74
Compare
Copilot finished reviewing on behalf of
Kocal
November 23, 2025 12:55
There was a problem hiding this comment.
Pull request overview
This pull request adds a new PHPStan rule ExposePublicPropsShouldBeFalseRule to enforce that Twig components explicitly set exposePublicProps: false in the #[AsTwigComponent] attribute. This promotes explicit control over which properties are exposed to Twig templates, improving security and maintainability of Symfony UX Twig components.
Key Changes:
- Adds new PHPStan rule that validates the
exposePublicPropsparameter in#[AsTwigComponent]attributes - Includes comprehensive test coverage with fixtures for various scenarios
- Adds documentation to README following the established pattern for rule documentation
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
src/Rules/TwigComponent/ExposePublicPropsShouldBeFalseRule.php |
New rule implementation that checks if exposePublicProps is explicitly set to false in #[AsTwigComponent] attributes |
tests/Rules/TwigComponent/ExposePublicPropsShouldBeFalseRule/ExposePublicPropsShouldBeFalseRuleTest.php |
Test class with separate methods for violations and no-violations scenarios |
tests/Rules/TwigComponent/ExposePublicPropsShouldBeFalseRule/config/configured_rule.neon |
Configuration file for test setup |
tests/Rules/TwigComponent/ExposePublicPropsShouldBeFalseRule/Fixture/NotAComponent.php |
Fixture for testing that non-component classes are ignored |
tests/Rules/TwigComponent/ExposePublicPropsShouldBeFalseRule/Fixture/ComponentWithoutExposePublicProps.php |
Fixture for testing violation when exposePublicProps is not set |
tests/Rules/TwigComponent/ExposePublicPropsShouldBeFalseRule/Fixture/ComponentWithExposePublicPropsTrue.php |
Fixture for testing violation when exposePublicProps is set to true |
tests/Rules/TwigComponent/ExposePublicPropsShouldBeFalseRule/Fixture/ComponentWithExposePublicPropsFalse.php |
Fixture for testing valid case where exposePublicProps is set to false |
README.md |
Documentation for the new rule with examples showing violations and correct usage |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| RuleErrorBuilder::message('The #[AsTwigComponent] attribute must have its "exposePublicProps" parameter set to false.') | ||
| ->identifier('symfonyUX.twigComponent.exposePublicPropsShouldBeFalse') | ||
| ->line($asTwigComponent->getLine()) | ||
| ->tip('Add "exposePublicProps: false" to the #[AsTwigComponent] attribute.') |
There was a problem hiding this comment.
The tip message "Add" is misleading when exposePublicProps is already set to true. Consider using "Set" instead of "Add" to cover both cases (when the parameter is missing and when it's set to true).
Suggested change:
->tip('Set "exposePublicProps" to false in the #[AsTwigComponent] attribute.')
Suggested change
| ->tip('Add "exposePublicProps: false" to the #[AsTwigComponent] attribute.') | |
| ->tip('Set "exposePublicProps" to false in the #[AsTwigComponent] attribute.') |
Kocal
force-pushed
the
ExposePublicPropsShouldBeFalseRule
branch
from
25f0c74 to
8dad96c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.