-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathphpcs.xml.dist
More file actions
108 lines (92 loc) · 3.99 KB
/
phpcs.xml.dist
File metadata and controls
108 lines (92 loc) · 3.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<?xml version="1.0"?>
<ruleset name="Integration with WorkOS">
<description>Coding standards for the Integration with WorkOS plugin.</description>
<!-- Scan these files -->
<file>./src</file>
<file>./integration-workos.php</file>
<file>./uninstall.php</file>
<!-- Exclude vendor, node_modules, and JS source (use ESLint for JS) -->
<exclude-pattern>*/vendor/*</exclude-pattern>
<exclude-pattern>*/node_modules/*</exclude-pattern>
<exclude-pattern>*/tests/*</exclude-pattern>
<exclude-pattern>*.js</exclude-pattern>
<!-- Use WordPress Coding Standards -->
<rule ref="WordPress">
<!-- Allow short array syntax -->
<exclude name="Universal.Arrays.DisallowShortArraySyntax" />
<!-- PSR-4 autoloading requires PascalCase filenames, not class- prefixed -->
<exclude name="WordPress.Files.FileName.NotHyphenatedLowercase" />
<exclude name="WordPress.Files.FileName.InvalidClassFileName" />
</rule>
<!-- Direct DB queries are required for custom tables (not using WP post/meta API) -->
<rule ref="WordPress.DB.DirectDatabaseQuery">
<exclude name="WordPress.DB.DirectDatabaseQuery.DirectQuery" />
<exclude name="WordPress.DB.DirectDatabaseQuery.NoCaching" />
</rule>
<!-- meta_key/meta_value queries are intentional for user lookups by WorkOS ID -->
<rule ref="WordPress.DB.SlowDBQuery.slow_db_query_meta_key">
<severity>0</severity>
</rule>
<rule ref="WordPress.DB.SlowDBQuery.slow_db_query_meta_value">
<severity>0</severity>
</rule>
<!-- base64 is required for JWT/JWK/PKCE cryptographic operations, not obfuscation -->
<rule ref="WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode">
<exclude-pattern>*/Api/Client.php</exclude-pattern>
</rule>
<rule ref="WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode">
<exclude-pattern>*/Api/Client.php</exclude-pattern>
<exclude-pattern>*/Auth/Login.php</exclude-pattern>
</rule>
<!-- OAuth callbacks do not use WordPress nonces; they use WorkOS state tokens -->
<rule ref="WordPress.Security.NonceVerification.Recommended">
<exclude-pattern>*/Auth/*.php</exclude-pattern>
</rule>
<!-- wp_login is a core WP hook name we must fire to maintain compatibility -->
<rule ref="WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound">
<exclude-pattern>*/Auth/Login.php</exclude-pattern>
<exclude-pattern>*/UI/Ajax.php</exclude-pattern>
</rule>
<!--
Webhook hook names use dot notation to mirror WorkOS event types
(e.g. workos_webhook_user.updated). This is intentional and required
for the dynamic routing in Webhook/Receiver.php.
-->
<rule ref="WordPress.NamingConventions.ValidHookName.UseUnderscores">
<exclude-pattern>*/Webhook/Receiver.php</exclude-pattern>
<exclude-pattern>*/Sync/UserSync.php</exclude-pattern>
<exclude-pattern>*/Sync/DirectorySync.php</exclude-pattern>
<exclude-pattern>*/Organization/Manager.php</exclude-pattern>
<exclude-pattern>*/Contracts/Controller.php</exclude-pattern>
</rule>
<!-- Plugin.php uses camelCase for public getters and private bootstrap methods (established API) -->
<rule ref="WordPress.NamingConventions.ValidFunctionName.MethodNameInvalid">
<exclude-pattern>*/Plugin.php</exclude-pattern>
</rule>
<!-- $default is a standard WP parameter name (get_option, get_post_meta, etc.) -->
<rule ref="Universal.NamingConventions.NoReservedKeywordParameterNames.defaultFound">
<severity>0</severity>
</rule>
<!-- Check for PHP cross-version compatibility -->
<config name="testVersion" value="7.4-" />
<rule ref="PHPCompatibilityWP" />
<!-- WordPress minimum versions -->
<config name="minimum_wp_version" value="6.2" />
<!-- Text domain -->
<rule ref="WordPress.WP.I18n">
<properties>
<property name="text_domain" type="array">
<element value="integration-workos" />
</property>
</properties>
</rule>
<!-- Prefixes -->
<rule ref="WordPress.NamingConventions.PrefixAllGlobals">
<properties>
<property name="prefixes" type="array">
<element value="workos" />
<element value="WorkOS" />
</property>
</properties>
</rule>
</ruleset>