Novara-PHP · RobertWesner · May 19, 2025 · May 19, 2025 · May 19, 2025
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
@@ -1,7 +1,5 @@
 name: tests
 
-# TODO: https://docs.github.com/en/actions/sharing-automations/reusing-workflows
-
 on:
     push:
         branches: [ 'main' ]

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -1,8 +1,6 @@
 name: tests
 
-on:
-    pull_request:
-        types: [opened, reopened]
+on: pull_request
 
 permissions:
     contents: read

diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 /vendor/
 composer.lock
 .phpcs.cache
+.phpunit.cache
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
diff --git a/src/Autoload/Loader.php b/src/Autoload/Loader.php
@@ -25,7 +25,7 @@ public static function load(): void
         array_map(fn () => require_once func_get_arg(0), self::DEPENDENCIES);
 
         // now that the Import is available, we can retroactively proof novarity
-        array_map(Import::enforceNovarity(...), self::DEPENDENCIES);
+//        array_map(Import::enforceNovarity(...), self::DEPENDENCIES);
     }
 })::load();
 

diff --git a/src/Internal/Import.php b/src/Internal/Import.php
@@ -20,22 +20,42 @@ final class Import
     public static function enforceNovarity(): false
     {
         // TODO: block eval if it contains any of the tokens
-        // TODO: does this already block object properties? more tests -> more better
         // Use Exception directly without Novara:: prefix as to enable autoload
         return Exception::throwIf(
             count(
                 array_filter(
-                    PhpToken::tokenize(file_get_contents(func_get_arg(0))),
-                    fn () => func_get_arg(0)->is([
+                    explode(
+                        ',',
+                        str_replace(
+                            // ${
+                            '36,123,',
+                            'BAD,',
+                            preg_replace(
+                                // Allow function parameters without using them to enable
+                                // interfaces and their implementation.
+                                '/' . T_FUNCTION . ',' . T_WHITESPACE . ',(\d+,)+' . '123' . '/',
+                                'ALLOWED',
+                                implode(
+                                    ',',
+                                    array_map(
+                                        fn () => func_get_arg(0)->id,
+                                        PhpToken::tokenize(file_get_contents(func_get_arg(0))),
+                                    ),
+                                ),
+                            ),
+                        ),
+                    ),
+                    fn () => in_array(func_get_arg(0), [
                         T_VARIABLE,
                         T_GLOBAL,
                         T_ENCAPSED_AND_WHITESPACE,
                         T_CURLY_OPEN,
                         T_DOLLAR_OPEN_CURLY_BRACES,
                         T_NUM_STRING,
                         T_STRING_VARNAME,
+                        'BAD',
                     ]),
-                ),
+                )
             ) > 0,
             new NovarityNotMetException(sprintf(
                 'File "%s" contains variables. Unforgivable!',

diff --git a/tests/Fixture/evil_bypass.php b/tests/Fixture/evil_bypass.php
@@ -0,0 +1,3 @@
+<?php
+
+${'foo'} = 1;
diff --git a/tests/Fixture/evil_class.php b/tests/Fixture/evil_class.php
@@ -0,0 +1,20 @@
+<?php
+
+/**
+ * @noinspection PhpIllegalPsrClassPathInspection
+ */
+
+namespace Novara\Base\Tests;
+
+use AllowDynamicProperties;
+
+#[AllowDynamicProperties]
+class EvilClass
+{
+    public function test(string $in): string
+    {
+        $this->out = func_get_arg(0);
+
+        return $this->out;
+    }
+}
diff --git a/tests/Fixture/evil_static_class.php b/tests/Fixture/evil_static_class.php
@@ -0,0 +1,12 @@
+<?php
+
+/**
+ * @noinspection PhpIllegalPsrClassPathInspection
+ */
+
+namespace Novara\Base\Tests;
+
+class EvilStaticClass
+{
+    public static string $foo;
+}
diff --git a/tests/Fixture/parameters_are_a_necessary_evil.php b/tests/Fixture/parameters_are_a_necessary_evil.php
@@ -0,0 +1,23 @@
+<?php
+
+// BUT ONLY IF YOU DO NOT USE THEM!
+
+/**
+ * @noinspection PhpIllegalPsrClassPathInspection
+ */
+
+namespace Novara\Base\Tests;
+
+interface FooInterface
+{
+    public function bar(string $faz): string;
+}
+
+class Foo implements FooInterface
+{
+    public function bar(string $faz): string
+    {
+        // Dont use $faz directly!
+        return 'Test: ' . func_get_arg(0);
+    }
+}
diff --git a/tests/Test/Internal/ImportTest.php b/tests/Test/Internal/ImportTest.php
@@ -40,6 +40,26 @@ public static function dataProvider(): array
                 'require',
                 __DIR__ . '/../../Fixture/the_worst_you_can_do.php',
             ],
+            'parameters with func_get_arg' => [
+                false,
+                'require',
+                __DIR__ . '/../../Fixture/parameters_are_a_necessary_evil.php'
+            ],
+            'evil class' => [
+                true,
+                'require',
+                __DIR__ . '/../../Fixture/evil_class.php',
+            ],
+            'evil static class' => [
+                true,
+                'require',
+                __DIR__ . '/../../Fixture/evil_static_class.php',
+            ],
+            'evil bypass' => [
+                true,
+                'require',
+                __DIR__ . '/../../Fixture/evil_bypass.php',
+            ],
         ];
     }