cancel
Showing results for 
Search instead for 
Did you mean: 

Code Sniffer Fails

Code Sniffer Fails

I am trying to run code sniffing for one of my module and it is giving the below error.

 

Class 'ArrayObject' is restricted in /usr/share/eqp/PhpCodeSnifferTool/tmp/work/DataObject.php. Suggested replacement: Custom class, extended from ArrayObject with overwritten serialize/unserialize methods.

Here is the code
<?php
declare(strict_types=1);
namespace Vendor\Module;
use ArrayObject;
class DataObject extends ArrayObject
{
public function __construct($array = [])
{
parent::__construct((array) $array, ArrayObject::ARRAY_AS_PROPS);
}
public function get($key, $default = null) {
if ($this->offsetExists($key)) {
return $this->offsetGet($key);
}
return $default;
}
}
 
Can anyone suggest what can be done to solve this?

Thanks.
2 REPLIES 2

Re: Code Sniffer Fails

The error you are seeing is a warning from PHP CodeSniffer indicating that the use of the ArrayObject class is restricted. This warning is often triggered by security scanners that check for the use of untrusted classes that could be used for malicious purposes.

In your case, you can resolve the warning by following the suggestion provided: create a custom class that extends ArrayObject and overrides the serialize and unserialize methods. Here is an example:

<?php
declare(strict_types=1);

namespace Vendor\Module;

class CustomArrayObject extends \ArrayObject
{
    public function serialize()
    {
        // Add any custom serialization logic here
        return parent::serialize();
    }

    public function unserialize($serialized)
    {
        // Add any custom unserialization logic here
        parent::unserialize($serialized);
    }
}

 

Then, update your DataObject class to use the CustomArrayObject class instead of the ArrayObject class:

 
<?php
declare(strict_types=1);

namespace Vendor\Module;

class DataObject extends CustomArrayObject
{
    public function __construct($array = [])
    {
        parent::__construct((array) $array, CustomArrayObject::ARRAY_AS_PROPS);
    }

    public function get($key, $default = null)
    {
        if ($this->offsetExists($key)) {
            return $this->offsetGet($key);
        }
        return $default;
    }
}
 

 

After making these changes, you should be able to run PHP CodeSniffer without encountering the ArrayObject restriction warning.

 

Make sure if your error is solved then press the kudos!

Re: Code Sniffer Fails

The error you are seeing is a warning from PHP CodeSniffer indicating that the use of the ArrayObject class is restricted. This warning is often triggered by security scanners that check for the use of untrusted classes that could be used for malicious purposes

If you create a new class ArrayObject and overrides the serialize and unserialize methods.

class CustomArrayObject extends \ArrayObject


PHP CodeSniffer will again indicate that the use of the ArrayObject class is restricted when you run the test for new class you created.

So instead of that you can use below given code to create a new class, that will help you to pass phpcs test without any warning.

<?php
declare(strict_types=1);

namespace Vendor\Module;

class CustomArrayObject implements \IteratorAggregate, \ArrayAccess, \Countable
{
/**
* @var array
*/
private $container = [];
public function __construct(array $array = [])
{
$this->container = $array;
}
public function getIterator(): \ArrayIterator
{
return new \ArrayIterator($this->container);
}
public function offsetSet($offset, $value): void
{
if (is_null($offset)) {
$this->container[] = $value;
} else {
$this->container[$offset] = $value;
}
}
public function offsetExists($offset): bool
{
return isset($this->container[$offset]);
}
public function offsetUnset($offset): void
{
unset($this->container[$offset]);
}
public function offsetGet($offset): mixed
{
return $this->container[$offset] ?? null;
}
public function count(): int
{
return count($this->container);
}
public function __serialize(): array
{
return $this->container;
}
public function __unserialize(array $data): void
{
$this->container = $data;
}
}

Then, update your DataObject class to use the CustomArrayObject class instead of the ArrayObject class:

 
<?php
declare(strict_types=1);

namespace Vendor\Module;

class DataObject extends CustomArrayObject
{
    public function __construct($array = [])
    {
        parent::__construct((array) $array, CustomArrayObject::ARRAY_AS_PROPS);
    }

    public function get($key, $default = null)
    {
        if ($this->offsetExists($key)) {
            return $this->offsetGet($key);
        }
        return $default;
    }
}
 

 

After making above mentioned changes, you should be able to run PHP CodeSniffer without encountering the ArrayObject restriction warning.

 

Make sure if your error is solved then press the kudos!