This is related to throwing exceptions.
If in class, other class is used, but both classes belongs to the same namespace, EQP tool will result:
ERROR - Namespace for <> class is not specified.

Example:
Test.php

<?php

namespace Somespace;

class Test
{
    public function run()
    {
        throw new TestException('Test exception message');
    }
}

TestException.php

<?php

namespace Somespace;

class TestException extends \Exception
{
}

Result of testing file Test.php:

----------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
----------------------------------------------------------------------
 9 | ERROR | Namespace for TestException class is not specified.
----------------------------------------------------------------------

However, if you change run() method a bit:

public function run()
{
    $testException = new TestException('Test exception message');
}

Tools won't result an error.

I am attaching code, which is correct, but tools will result error:
test.tar.gz

Hello, I found not logic rule.
https://github.com/magento/marketplace-eqp/blob/develop/MEQP2/Sniffs/PHP/ProtectedClassMemberSniff.php
Comment in line 13 says "Detects possible usage of 'private' scope modifiers.", and whole class detecting 'protected'.
To fast fix: change return [T_PROTECTED]; to return [T_PRIVATE]; in line 32. And protected $warningCode = 'FoundProtected'; to protected $warningCode = 'FoundPrivate';

Same on Russian:
Похоже что произошла ошибка, PHPCS с стилем MEQP2 говорит мне что protected переменные не желательны. А судя по комменту в коде детектора, должно искать private, а не protected.

Fixed file:
ProtectedClassMemberSniff.php.txt

It would be great if you could implement PHP_CodeSniffer 3.* compatibility. The ECG Coding standard is already compatible - see magento-ecg/coding-standard#52. Hence, one currently needs to use different phpcs versions for EQP and ECG standards, which is quite unhandy.

Magento 2.1, version 1.0.2. I can't get it working in PHPStorm.

Using the path$PROJECT/vendor/magento/marketplace-eqp/MEQP1

phpcs: PHP Fatal error: Uncaught PHP_CodeSniffer_Exception: Referenced sniff "Generic.Arrays.DisallowShortArraySyntax" does not exist in /vendor/squizlabs/php_codesniffer/CodeSniffer.php:847 Stack trace:
#0 /vendor/squizlabs/php_codesniffer/CodeSniffer.php(587): PHP_CodeSniffer->_expandRulesetReference(Object(SimpleXMLElement), '/Users/paul/Sit...', 0)
#1 /vendor/squizlabs/php_codesniffer/CodeSniffer.php(435): PHP_CodeSniffer->processRuleset('/Users/paul/Sit...')

Using the path$PROJECT/vendor/magento/marketplace-eqp/MEQP2

phpcs: PHP Fatal error: Uncaught PHP_CodeSniffer_Exception: Referenced sniff "MEQP1.CodeAnalysis.EmptyBlock" does not exist in vendor/squizlabs/php_codesniffer/CodeSniffer.php:847 Stack trace:
#0 vendor/squizlabs/php_codesniffer/CodeSniffer.php(587): PHP_CodeSniffer->_expandRulesetReference(Object(SimpleXMLElement), '/Users/paul/Sit...', 0)
#1 vendor/squizlabs/php_codesniffer/CodeSniffer.php(435): PHP_CodeSniffer->processRuleset('/Users/paul/Sit...')

Instructions how to integrate with PHPStorm to run besides the default code sniffer.

Magento 2's default code sniffer is ran from here:
$PROJECT/dev/tests/static/testsuite/Magento/Test/Php/_files/phpcs

Is this code sniffer meant to replace Magento's code sniffer or is it complementary? I understand they both offer a different purpose, but I see a lot of smart checks that are helpful during development.

I don't know if this coding standard was ever intended for it (the naming marketplace-eqp suggests it though), but with the current configuration it is not useful to preview the Magento Marketplace technical review.

The technical review mostly uses the Code Validation Guidelines with some undocumented additions. The current rulesets for MEQP1 and MEQP2 do not define the severity or change the rules/sniffs that would block the technical review from passing to the error type.

I guess developers using any kind of CI to automatically perform static code analysis would appreciate to have the possibility to let their builds fail, if they would not pass the Marketplace technical review.

After I run phpcs it shows several fixable warnings.
Now when i run phpcbf, most of the warnings remain, it's like phpcbf didn't correct any thing.

On the standard output, I get this from phpcbf:

 [0] => Ignoring potentially dangerous file name /home/XXX..
    [1] => can't find file to patch at input line 3
    [2] => Perhaps you used the wrong -p or --strip option?
    [3] => The text leading up to this was:
    [4] => --------------------------
    [5] => |--- /home/XXXX..
    [6] => |+++ PHP_CodeSniffer

Why phpcbf is considering most of files as "potentially dangerous" ?
How can I force it to do the correction ?

The version that comes with Magento 2.1 (1.5.3) doesn't work with 1.0.1 of this repo.

So we can avoid adding additional repositories just to install this package.

Let's say you have a multi-line function with long parameter names that would force you to go over 120 characters. The rules say that if you're going to line-break, you need to do one parameter per line.

Since this is a multi-line function, the closing parenthesis must be on its own line, sure. Then, the opening brace needs to be on a new line.

So we run into this:

The closing parenthesis and the opening brace of
a multi-line function declaration must be on the
same line

This is not valid:

    public function functionWithManyParams(
        $parameter1,
        $parameter2 = array(),
        $parameter3 = 'custom',
        $parameter4 = false,
        $parameter5 = '',
        $parameter6 = null,
        $parameter7 = false,
        $parameter8 = false
    )
    {

Nor is this:

    public function functionWithManyParams(
        $parameter1,
        $parameter2 = array(),
        $parameter3 = 'custom',
        $parameter4 = false,
        $parameter5 = '',
        $parameter6 = null,
        $parameter7 = false,
        $parameter8 = false
    ) {

I know there's something to be said for the number of parameters, but the issue at hand is that this is throwing a warning.

Am I completely missing something here?

This warning is getting trigerred even if you limit your collection for example with this code:

/** @var Mage_Cms_Model_Resource_Page_Collection $collection */
$collection = Mage::getResourceModel('cms/page_collection')
    ->addFieldToFilter('identifier', 'home')
    ->setPageSize(1)
    ->setCurPage(1);

if ($collection->getSize()) {
    /** @var Mage_Cms_Model_Page $page */
    $page = $collection->getFirstItem();
}

It should not trigger if setPageSize() is called on the collection IMHO

Currently, we have to resort to using Github as a composer source. It would be good if we could pull the marketplace-eqp from Packagist e.g. https://packagist.org/packages/magento/

Extending the Magento APIs, we're running into this:

Direct object instantiation (class
Mage_Api2_Exception) is discouraged in Magento.

This is something used throughout the core, which also fails.

I'm not sure this is the appropriate place to ask this question:
After running phpcs , I got a warning saying :

Session object MUST NOT be requested in constructor.
It can only be passed as a method argument.

I searched on Magento2 doc, And I can't find another way to access Session object from an observer context.
When I looked into Magento2 modules, I found that injecting session via constructor practice is widely used
Why Session object MUST NOT be requested in constructor?
What is the good practice to access Session?

It's been > 7 months since the last release and a few updates have been made since then. Are there any plans for a new release?

Hello Magento,

Just a question, can you please explain why using protected is considered bad practice in Magento:
"WARNING | Use of protected class members is discouraged."

We're trying to prepare one extension for marketplace, and we deliberately used protected on few places to give other developers a chance to extend and change behavior of some classes if ever needed. If we change everything to private, any kind of class extensibility is harder to achieve.

I'm just not sure if discouraging protected is a good idea, they have their own purpose, so we would like to know logic behind this so we could follow best practices better :)

Thanks, Ivan

PHP 5.4, supported by Magento1, fails to run MEQP1 on standard version 1.0.4

You can see the problem here: https://travis-ci.org/centerax/magemonkey/jobs/170160022

The error message is: PHP Fatal error: Call to undefined function MEQP1\Sniffs\Classes\array_column()

Prerequisites

Marketplace EQP 1.0.5

Steps to reproduce

1. Create a plugin on a controller with the path to the plugin involving the substring Controller somewhere.
2. On the beforeExecute/afterExecute/aroundExecute function, see that you receive the following erroneous code sniff: The use of public non-interface method in ACTION is discouraged. Example: https://www.screencast.com/t/Dcw3DdM0R

Workaround

Create the plugin without using the word "Controller" in the file or folder structure.

Analysis

Seems to be due to PublicNonInterfaceMethodsSniff::foundInAction looking for the substring "Controller" in the file path to determine if a class is a controller.

Possible solution

Possibly also look for the phrase "public function execute(" or something similar to determine if a file is indeed a controller action? And/or check that the file's structure is specifically <module top level folder>/Controller, rather than looking for Controller anywhere?

Not sure if either of these solutions are possible or desired.

hi,
i got this error and could find any way to fix this issue.
PHP Fatal error: Class 'Generic_Sniffs_CodeAnalysis_EmptyStatementSniff' not found in /home/user/marketplace-eqp/MEQP1/Sniffs/CodeAnalysis/EmptyBlockSniff.php on line 16

Can you guide me how i solve this issue i am using PHP Version 7.1.8 and ubuntu 16.04.

Thanks

Hello,

Composer.json was updated to be version 1.0.3, but there exists no such tag in the repository.

Could you tag version 1.0.3? Thank you :)

Hi,
Magento 2 modules which are declared as compatible with Magento 2.0.* should be compatible even with PHP 5.5 but this package is declared compatibile only with PHP >= 5.6.
So, if we put this package as a dev dependency of our extensions, it's not possible to run a continuous integration build with PHP 5.5 (the only option is to run composer install --ignore-platform-reqs)

So my question is: there is any reason that requires PHP ">=5.6" constraint? Can it be set to ">=5.5"?

In the M1 sniff ruleset, the following rule is included: PSR1.Classes.ClassDeclaration.MissingNamespace

With the following message: "Each class must be in a namespace of at least one level"

AFAIK, it cannot be done with Magento 1 by default and you need your own autoloader to be able to achieve this.

So I reckon that's a problem and that rule should be removed from the M1 ruleset. I'm happy to do a PR if you can confirm or curious to hear about the reason if it is a good reason ^^

The one that keeps popping up that I'm referring to is Use of protected class members is discouraged

If I apply the same code sniff standard to the latest Magento 2 core, we get a ton of them. Additionally, there is little sense in not using protected class properties.

Am I missing something?

Hello magento,

we are getting the following error message on all of our classes and can't get the meaning when running.

vendor/bin/phpcs --standard=MEQP1 --ignore=vendor .

19 | WARNING | Each class must be in a namespace of at least one
| | level (a top-level vendor name)

If we are not wrong, there are no namespace defined in magento 1 and if we define one for our class the autolader will not work any longer.

For example

<?php
class HeidelpayCD_Edition_Model_Payment_Abstract extends Mage_Payment_Model_Method_Abstract
{
...
}

Is this a miss behavior?

Thanks for help.

Shouldn't .phtml files be excluded from the following rules in MEQP2?

• Generic.PHP.DisallowShortOpenTag.EchoFound

  Short PHP opening tag used with echo; expected "<?php echo count ..." but found "<?= count ..."

• Squiz.ControlStructures.ControlSignature.SpaceAfterCloseParenthesis

  Expected 1 space after closing parenthesis; found 0

• Squiz.ControlStructures.ControlSignature.SpaceAfterKeyword

  Expected 1 space after ELSE keyword; 0 found

• Generic.Files.LineLength.TooLong

  Line exceeds 120 characters; contains 136

These rules drown out the relevant warnings like 'MEQP2.Templates.XssTemplate.FoundUnescaped' and are probably the reason why most core .phtml files contain have a // @codingStandardsIgnoreFile annotation.

The lack of exceptions for .phtml files is driving people towards adding these 'ignore coding standards' annotations which is quite sad given how easy it would be to add the exclude patterns.

Any thoughts on this?
Should I create a Pull Request for this?
Am I missing some other rule that should be excluded?

After I run composer require magento/marketplace-eqp
I get error:

[InvalidArgumentException]
  Could not find package magento/marketplace-eqp at any version for your mi
  nimum-stability (alpha). Check the package spelling or your minimum-stabi
  lity

It is reproduced the same way as #63

It looks like the following Pull request 84192d4 had to fix
not a typo but change a sniff to at least PrivateClassMemberSniff like it is in MEQP1 standard.

But in general what is the nature of the following sniffs? Why using of private/protected members is a bad practice?

It is reproduced the same way as #63

Version used: last (1.0.4)

It is reproduced the same way as #63

We have executed the below command,

phpcs --standard=MEQP1 module/

But throw below errors:

PHP Fatal error: Interface 'PHP_CodeSniffer\Sniffs\Sniff' not found in /var/www/marketplace-eqp-master/MEQP1/Sniffs/Classes/Mysql4Sniff.php on line 15

How to resolve this issue.

EQP complains that this code is not valid PHP code due to the usage of the reserved word "resource":

namespace BitExpert\ForceCustomerLogin\Test\Unit\Model\Resource;

Since our tests execute fine I tend to believe that this is indeed valid PHP code. Reserved words cannot be used for class names, interface names or trait names but it seems to be fine for namespaces.

I have the following code there:

if (@class_exists('\PHPUnit\Framework\TestCase')) {
    /** @noinspection PhpMultipleClassesDeclarationsInOneFile */
    abstract class TestCaseBase extends \PHPUnit\Framework\TestCase {}
}
else {
    /** @noinspection PhpMultipleClassesDeclarationsInOneFile */
    abstract class TestCaseBase extends \PHPUnit_Framework_TestCase {

https://github.com/mage2pro/core/blob/2.12.21/Core/TestCaseBase.php#L10-L16

The code sniffer reports a false positive: «Each class must be in a file by itself».

We have checked the MEQP1 standard. But throw below mentioned errors,

PHP Fatal error: Trait 'MEQP\Utils\Helper' not found in /var/www/development/marketplace-eqp-master/MEQP1/Sniffs/Classes/ResourceModelSniff.php on line 21

My system details.
OS - Ubuntu 16.04.3
PHP - 7.0.18

How to solve this issue.....!

Can we make this a package on packagist so that the standard can be installed via composer just to make life easier ? It can then be added to projects without having to require this git repo.

PHP syntax error: Can't use method return value in write context
File:
app/code/local/Test/Test1/controllers/Adminhtml/TestController.php
Line:
328
Column:
1
Source:
MEQP1.PHP.Syntax.PHPSyntax

but local code-sniffer command not showing any of this error?

When I execute this cmd : $ vendor/bin/phpcs [/path/to/your/extension] --standard=MEQP2

My php version is : PHP 5.6.23
I'm working on ubuntu14

I get a fatal error saying :

PHP Fatal error: Uncaught exception 'PHP_CodeSniffer_Exception' with message 'Referenced sniff "MEQP1.Exceptions.Namespace" does not exist' in /home/a7med/projects/marketplace-eqp-master/magento-coding-standard/vendor/squizlabs/php_codesniffer/CodeSniffer.php:1150
Stack trace:
#0 /home/a7med/projects/marketplace-eqp-master/magento-coding-standard/vendor/squizlabs/php_codesniffer/CodeSniffer.php(763): PHP_CodeSniffer->_expandRulesetReference(Object(SimpleXMLElement), '/home/a7med/pro...', 0)
#1 /home/a7med/projects/marketplace-eqp-master/magento-coding-standard/vendor/squizlabs/php_codesniffer/CodeSniffer.php(562): PHP_CodeSniffer->processRuleset('/home/a7med/pro...')
#2 /home/a7med/projects/marketplace-eqp-master/magento-coding-standard/vendor/squizlabs/php_codesniffer/CodeSniffer/CLI.php(907): PHP_CodeSniffer->initStandard(Array, Array, Array)
#3 /home/a7med/projects/marketplace-eqp-master/magento-coding-standard/vendor/squizlabs/php_codesniffer/CodeSniffer/CLI.php(106): PHP_CodeSniffer_CLI->process()
#4 /home/a7med/projects in /home/a7med/projects/marketplace-eqp-master/magento-coding-standard/vendor/squizlabs/php_codesniffer/CodeSniffer.php on line 1150
a7med@a7med-PC:~/projects/marketplace-eqp-master/magento-coding-standard$

Hi,

Can you update the releases tab and add 1.0.5?

Thanks.

I got these error when i tried to sniff for MEQP1 standard
PHP Parse error: syntax error, unexpected '[' in marketplace-eqp/MEQP1/Sniffs/Exceptions/NamespaceSniff.php on line 43
This is code causing the problem

return [T_CATCH, T_THROW];

can you suggest me any solution for that?

My mistake it is php version problem.

vendor/bin/phpcs <path to package> --standard=MEQP2 --severity=10 for the 2.12.27 version of my mage2pro/core package leads to «Notice: Undefined index: fa_/chop in MEQP1/Sniffs/Security/DiscouragedFunctionSniff.php on line 252»:

For method "displayPrices()" validator return warning
"Unescaped output detected"
Source: MEQP1.Templates.XssTemplate.FoundUnescaped

    <td>
        <?php echo $this->displayPrices(
            $this->getSource()->getBaseFeeAmount(),
            $this->getSource()->getFeeAmount()
        ); ?>
    </td>

It is reproduced the same way as #63

The coding standard MEQP1 disallows short array syntax and the MEQP2 disallows long array syntax. While I perfectly understand this decision for the sake of consistency with the core code, it leads to a number of violations when using the shared libraries approach.

Shared libraries, that is delivering platform specific code to hook into one or the other major Magento version, accompanied by framework independent code (the library) that provides functionality for reuse in both, M1 and M2.

Fabian Schmengler / integer_net

To overcome the current situation where the library cannot comply to the rules of both major versions, I suggest enforcing short array syntax in MEQP2 and accepting both in MEQP1 (i.e. remove the rule in question).

When running EQP against our Force Login module the warning "The use of public non-interface method in ACTION is discouraged" shows up for this piece of code. The method in question is part of an interface implemented by the class our class is extending from thus the warning does not seem correct to me.

The warning can be avoided by letting our class implement the interface in question. This means the sniff does not check interfaces implemented by all parent classes but just the interfaces by the class in question.

where to run this command "composer require magento/marketplace-eqp".

every time i got this error :
[InvalidArgumentException]
Could not find package magento/marketplace-eqp at any version for your minimum-stability (stable). Check the packag
e spelling or your minimum-stability

Please help me properly setup this.

The "https://repo.magento.com/packages.json" file could not be downloaded: SSL: Connection reset by peer  
Failed to enable crypto                                                                                   
failed to open stream: operation failed

Getting this error after attempting to install. I never get prompted for any auth. I've tried setting up an auth.json file, according to the Composer docs, and added the public/secret keys that I set up with my Magento account, but get the same error as without having an auth.json.

Any tips?

When running EQP against our Force Login module the warning "Only dependency assignment operations are allowed in constructor. No other operations are allowed." shows up for this piece of code:

/**
 * @param StrategyInterface[] $strategies
 */
public function __construct(array $strategies)
{
    foreach ($strategies as $identifier => $strategyEntry) {
        $this->strategies[$identifier] = $strategyEntry;
        $this->strategyNames[$identifier] = $strategyEntry->getName();
    }
}

I guess it might be quite hard to guess what constructor code is valid, but in that regard the warning does not make any sense to me.

I have the following code:

catch (\Exception $e) {df_log($e); throw df_le($e);}

https://github.com/mage2pro/core/blob/2.12.20/Config/Backend.php#L64

The code sniffer reports: «Namespace for df_le class is not specified»

But df_le is not a class, it is a function:

function df_le(E $e) {return $e instanceof LE ? $e : new LE(__(df_ets($e)), $e);}

https://github.com/mage2pro/core/blob/2.12.20/Qa/lib/exception.php#L53-L58

So what should I do?

I try to submit a theme to Magento MarketPlace, but I can not pass marketplace-eqp, both theme and modules is obeyed official file structure and with composer.json file, but I have no idea how to package both theme and modules together to pass EQP.
My theme has some plugins so the directory structure is like:

app

code
-- Cattheme
--- Ajaxfilter
--- Base
--- Install
--- Megamenu
--- Themeconfig
design
-- frontend
--- Cattheme
---- rabel

pub

media
-- themeconfig

I got error:

"composer.json" file missing.
"registration.php" file missing.
"theme.xml" file missing.

How can I submit a theme with plugins to Marketplace?

It's still 1.0.0 in that tag.