Skip to content

Magento Marketplace Extensions Verification

Lena Orobei edited this page Jul 17, 2019 · 20 revisions

PHP CodeSniffer is one of the tools Magento Marketplace uses for extensions verification. Severity is the way to determine how strict the rule is. The higher is the severity the stricter the rule is.

⚠️ Note: only severity 10 issues lead to extension rejection.

Severities Definition

Type Severity Description
error 10 Critical code issue.
warning 9 Possible security and issues that may cause bugs.
warning 8 Magento specific code issue.
warning 7 General code issue.
warning 6 Code style issue (PSR2).
warning 5 PHPDoc formatting or commenting issue.

Rules Severities

Fixable column identifies whether issue can be fixed by phpcbf tool

  • ✔️ yes
  • ✖️ no
  • ✔️ ✖️ partially

⚠️ Severity 10 errors - Critical issues

Sniff Description Fixable
Generic.Functions.CallTimePassByReference Ensures that variables are not passed by reference when calling a function. ✖️
Generic.PHP.CharacterBeforePHPOpeningTag Checks that the opening PHP tag is the first content in a file. ✖️
Generic.PHP.DeprecatedFunctions Discourages the use of deprecated PHP functions. ✖️
Generic.PHP.NoSilencedErrors Throws an error or warning when any code prefixed with an asperand is encountered. ✖️
Generic.PHP.Syntax Ensures PHP believes the syntax is clean. ✖️
Magento2.Classes.DiscouragedDependencies Detects explicit request of proxies and interceptors in constructors. ✖️
Magento2.Legacy.MageEntity Detects typical Magento 1.x (Mage::) classes constructions. ✖️
Magento2.NamingConvention.ReservedWords Validates that class name is not reserved word. ✖️
Magento2.PHP.FinalImplementation Magento is a highly extensible and customizable platform. The use of final classes and methods is prohibited. ✖️
Magento2.PHP.Goto Detects use of goto. ✖️
Magento2.PHP.ReturnValueCheck Detects misusing of === and !===operators when checking srtpos, stripos, array_search ✖️
Magento2.Security.IncludeFile Detects possible improper usage of include functions. ✖️
Magento2.Security.InsecureFunction Detects the use of insecure functions. ✖️
Magento2.Security.LanguageConstruct Detects possible usage of discouraged language constructs (exit, echo, backquotes). ✖️
Magento2.Security.Superglobal Detects possible usage of super global variables. ✖️
Magento2.Strings.ExecutableRegEx Detects executable regular expressions. ✖️
PSR1.Classes.ClassDeclaration Checks the declaration of the class is correct. ✖️
PSR2.Files.ClosingTag Checks that the file does not end with a closing tag.
Squiz.PHP.Eval The use of eval is discouraged. ✖️

Severity 9 warnings - Possible security and issues that may cause bugs

Sniff Description Fixable
Generic.Files.ByteOrderMark A simple sniff for detecting BOMs that may corrupt application work. ✖️
Magento2.Security.XssTemplate Detects not escaped output in phtml templates. ✖️
Magento2.SQL.RawQuery Detects possible raw SQL queries. ✖️
Squiz.PHP.NonExecutableCode Warns about code that can never been executed. ✖️

Severity 8 warnings - Magento specific code issues

Sniff Description Fixable
Magento2.Classes.AbstractApi Abstract classes MUST NOT be marked as public @api. ✖️
Magento2.Classes.ObjectManager Class ObjectManagerSniff detects direct ObjectManager usage. ✖️
Magento2.Exceptions.DirectThrow Detects possible direct throws of Exception. ✖️
Magento2.Exceptions.ThrowCatch Exceptions must not be handled in the same function where they are thrown. ✖️
Magento2.Functions.DiscouragedFunction Detects possible usage of discouraged functions. ✖️
Magento2.Functions.StaticFunction Detects static function definitions. ✖️
Magento2.Files.LineLength Line length sniff which ignores long lines in case they contain strings intended for translation. ✖️
Magento2.NamingConvention.InterfaceName Detects possible interface declaration without 'Interface' suffix. ✖️
Magento2.PHP.ShortEchoSyntax Validate short echo syntax is used. ✖️
Magento2.Templates.ThisInTemplate Detects possible usage of $this variable files. ✖️
Magento2.Translation.ConstantUsage Make sure that constants are not used as the first argument of translation function. ✖️

Severity 7 warnings - General code issues

Sniff Description Fixable
Generic.Arrays.DisallowLongArraySyntax Bans the use of the PHP long array syntax. ✔️ ✖️
Generic.Classes.DuplicateClassName Reports errors if the same class or interface name is used in multiple files. ✖️
Generic.CodeAnalysis.ForLoopShouldBeWhileLoop Detects for-loops that can be simplified to a while-loop. ✖️
Generic.CodeAnalysis.ForLoopWithTestFunctionCall Detects for-loops that use a function call in the test expression. ✖️
Generic.CodeAnalysis.JumbledIncrementer Detects incrementer jumbling in for loops. ✖️
Generic.CodeAnalysis.UnconditionalIfStatement Detects unconditional if- and elseif-statements. ✖️
Generic.CodeAnalysis.UselessOverridingMethod Detects unnecessary overridden methods that simply call their parent. ✖️
Generic.Metrics.NestingLevel Checks the nesting level for methods. ✖️
Generic.PHP.DisallowShortOpenTag Makes sure that shorthand PHP open tags are not used. ✔️ ✖️
Magento2.CodeAnalysis.EmptyBlock Detects empty statements and functions. ✖️
Magento2.Performance.ForeachArrayMerge Detects array_merge(...) is used in a loop and is a resources greedy construction. ✖️
Magento2.PHP.LiteralNamespaces Detects the use of literal class and interface names. ✖️
Magento2.PHP.Var Detects possible usage of var language construction. ✖️
Magento2.Strings.StringConcat Detects string concatenation via + operator. ✖️
PEAR.Functions.ValidDefaultValue Ensures function params with default values are at the end of the declaration. ✖️
Squiz.Functions.GlobalFunction Tests for functions outside of classes. ✖️
Squiz.Operators.IncrementDecrementUsage Ensures that the ++ operators are used when possible. ✖️
Squiz.Operators.ValidLogicalOperators Ensures logical operators and and or are not used. ✖️
Squiz.PHP.GlobalKeyword Stops the usage of the global keyword. ✖️
Squiz.Scope.MemberVarScope Verifies that class members have scope modifiers. ✖️

Severity 6 warnings - Code style issues

Sniff Description Fixable
Generic.ControlStructures.InlineControlStructure Verifies that inline control statements are not present.
Generic.Files.LineEndings Checks that end of line characters are correct.
Generic.Formatting.DisallowMultipleStatements Ensures each statement is on a line by itself.
Generic.Functions.FunctionCallArgumentSpacing Checks that calls to methods and functions are spaced correctly.
Generic.NamingConventions.UpperCaseConstantName Ensures that constant names are all uppercase. ✖️
Generic.PHP.LowerCaseConstant Checks that all uses of true, false and null are lowercase.
Generic.PHP.LowerCaseKeyword Checks that all PHP keywords are lowercase.
Generic.WhiteSpace.DisallowTabIndent Throws errors if tabs are used for indentation.
Generic.WhiteSpace.ScopeIndent Checks that control structures are defined and indented correctly.
Magento2.Whitespace.MultipleEmptyLines Detects possible usage of multiple blank lines in a row. ✖️
PEAR.ControlStructures.ControlSignature Verifies that control statements conform to their coding standards. ✖️
PSR1.Files.SideEffects Ensures a file declares new symbols and causes no other side effects, or executes logic with side effects, but not both. ✖️
PSR1.Methods.CamelCapsMethodName Ensures method names are defined using camel case. ✖️
PSR2.Classes.ClassDeclaration Checks the declaration of the class and its inheritance is correct. ✔ ✖️
PSR2.Classes.PropertyDeclaration Verifies that properties are declared correctly. ✖️
PSR2.ControlStructures.ControlStructureSpacing Checks that control structures have the correct spacing around brackets.
PSR2.ControlStructures.ElseIfDeclaration Verifies that there are no else if statements (elseif should be used instead).
PSR2.ControlStructures.SwitchDeclaration Ensures all switch statements are defined correctly. ✔ ✖️
PSR2.Files.EndFileNewline Ensures the file ends with a newline character.
PSR2.Methods.FunctionCallSignature Checks that the function call format is correct.
PSR2.Methods.FunctionClosingBrace Checks that the closing brace of a function goes directly after the body.
PSR2.Methods.MethodDeclaration Checks that the method declaration is correct. ✔ ✖️
PSR2.Namespaces.NamespaceDeclaration Ensures namespaces are declared correctly.
PSR2.Namespaces.UseDeclaration Ensures USE blocks are declared correctly. ✔ ✖️
Squiz.Classes.ValidClassName Ensures classes are in camel caps, and the first letter is capitalized. ✖️
Squiz.ControlStructures.ControlSignature Verifies that control statements conform to their coding standards. ✔ ✖️
Squiz.ControlStructures.ForEachLoopDeclaration Verifies that there is a space between each condition of foreach loops. ✔ ✖️
Squiz.ControlStructures.ForLoopDeclaration Verifies that there is a space between each condition of for loops. ✔ ✖️
Squiz.ControlStructures.LowercaseDeclaration Ensures all control structure keywords are lowercase.
Squiz.Functions.FunctionDeclaration Checks the function declaration is correct. ✖️
Squiz.Functions.FunctionDeclarationArgumentSpacing Checks that arguments in function declarations are spaced correctly.
Squiz.Functions.LowercaseFunctionKeywords Ensures all function keywords are lowercase. ✖️
Squiz.Functions.MultiLineFunctionDeclaration Ensure single and multi-line function declarations are defined correctly.
Squiz.Scope.MethodScope Verifies that class methods have scope modifiers. ✖️
Squiz.WhiteSpace.LogicalOperatorSpacing Verifies that operators have valid spacing surrounding them.
Squiz.WhiteSpace.ScopeClosingBrace Checks that the closing braces of scopes are aligned correctly.
Squiz.WhiteSpace.ScopeKeywordSpacing Ensure there is a single space after scope keywords.
Squiz.WhiteSpace.SuperfluousWhitespace Checks for unneeded whitespace.

Severity 5 warnings - Annotations and commenting

Sniff Description Fixable
Magento2.Commenting.ConstantsPHPDocFormatting Detects PHPDoc formatting for constants. ✖️
Squiz.Commenting.DocCommentAlignment Tests that the stars in a doc comment align correctly.
Squiz.PHP.CommentedOutCode Warn about commented out code. ✖️
You can’t perform that action at this time.