extending and scripting pdt
TRANSCRIPT
Extending and Scripting PDTWilliam Candillon {[email protected]}
PHP London meeting, June 2009
Who am I ?
• Engineering student at Telecom Lille 1
• ETH Zurich: XQuery runtime in C++
• Aspect PHP Development Toolkit:http://apdt.googlecode.com
Who are you ?
• What is your favorite IDE?
• VIM?
• Netbeans?
• Komodo?
• PHPEd?
• PDT / Zend Studio?
The Long TailSupport
Specific
PHP
XDebug
Zend framework
PHP Unit
frameworks
Business libraries
PEAR
test/build systemsDevelopment rules
General
How to scale?
Eclipse galaxy
WTP
MTJ RCP
PDTRDT
CDT
EPF SVN
TPTPANT
EMF
UML
OCL
ECF GEFALF DTK
Eclipse
JDT
Frameworks Languages and modeling
Development tasks
Applications
Programming languages
GMF
AJDT
Plug-ins ecosystem (+ 1000)
PDE
J2EEMAVEN
MYLYN
DTP
APDT
Architecture
Equinox (OSGI)
Workspace
Help
Team
Workbench
JFace
SWT
JavaDevelopment
Tools(JDT)
NotreOutil
Votre Outil
Un autreOutil
Plug-inDevelopmentEnvironment
(PDE)
Eclipse Platform
Debug
Update
JVM
PHP Development Toolkit
• Developped by Zend and IBM since 2006
• December 2008: version 2.0
• Second most popular project on eclipse.org
• 100% under the EPL (Eclipse Public License)
• Build on top of DLTK (Dynamic Language Toolkit)
Objectives
• De-facto standard for PHP developments
• Providing extension points and APIs to support PHP tools...
• ...from the last hot PHP framework to the best practices of your company!
Architecture
Why extending ?
• Integrate your own extension or framework
• DLTK/PDT define more than 30 extension points!
What is extensible ? (1/3)
Launcher
BuilderOutline
Syntax highlightingExplorer tree
What is extensible ? (2/3)
Wizard pages
What is extensible ? (3/3)
Search semantic
Code refactoring
• Abstract model of a PHP program
• AST representation of source code
• Tree walking and manipulation
• Extensible type inference engine
What’s wrong ?
Use case
• Objective: ensuring a simple development rule
• Never trust your inputs!
• Finding and fixing the bug...
• ...in the coolest manner
Step 1
• Strategy: extending PDT building process with our own build participant
• Registering the contribution
Step 2
• Build participant factory
public class BuildParticipantFactory implements IBuildParticipantFactory { public IBuildParticipant createBuildParticipant(IScriptProject project){ return new XSSProtectionParticipant(); }}
• Build participantpublic void build(IBuildContext context) throws CoreException{ ISourceModule sourceModule = context.getSourceModule(); ModuleDeclaration moduleDeclaration = SourceParserUtil.getModuleDeclaration(sourceModule); try { moduleDeclaration.traverse(new XSSValidationVisitor(context)); } catch (Exception e) { throw new CoreException(new Status(IStatus.ERROR, ExamplePlugin.PLUGIN_ID, "An error has occurred while invoking XSS validator", e)); }}
Traverse the PHP AST
Step 3
• Trasverse the AST
• If the node is safe, don’t visit child nodes
public boolean visit(PHPCallExpression node) throws Exception { if (node.getReceiver() == null) { // if this is a function call, not method String funcName = node.getName(); if ("isset".equalsIgnoreCase(funcName)) { return false; } return false; }
• Check variable references of globalsprotected boolean isURLParemeterVariable(VariableReference s) { String name = s.getName(); return ("$_GET".equals(name) || "$_POST".equals(name));}
public boolean visit(ArrayVariableReference s) throws Exception { if(isURLParemeterVariable(s)) { context.getProblemReporter().reportProblem(new DefaultProblem(context.getFile().getName(), "Unsafe use of " + s.getName() + ": possible XSS attack", XSSProblem.UNSAFE_GLOBAL_REFERENCE.ordinal(), new String[0], ProblemSeverities.Error, s.sourceStart(), s.sourceEnd(), context.getLineTracker().getLineNumberOfOffset(s.sourceStart())) );
VariableReference
CallExpression
ModuleDeclaration
........
........
Result
• Invalid PHP project
• Mission accomplished!
Let’s digg it
• PHP Quick Fix
• Quick Fix proposal interfacepublic interface IQuickFixProcessor{ boolean hasCorrections(ISourceModule, int problemId); IScriptCompletionProposal[] getCorrections(IInvocationContext, IProblemLocation[]);}
Result
• hasCorrection() checks if correction are availables
• getCorrection() returns a collection of corrections
• apply(document), performs the AST rewriting
Programming is hard...• ...Go scripting!
• PHP Developpers need to extend Eclipse
• Without getting close to Java
• In a dynamic manner
• Eclipse e4, the next generation of Eclipse
• Provides support for JavaScript bundles
• Dynamic execution and deployment model
• Usage: Task automation, glue between plugins, scripting workflows, etc.
The recipie
• Extension Registry
• JavaScript source and Java bridgefunction helloworld() { var object = { run: function (action){ Packages.org.eclipse.jface.dialogs.MessageDialog.openInformation( this.window.getShell(), 'TestJavascriptPlugin', 'Hello, Eclipse world'); }, dispose: function(){}, init: function(window) { this.window = window }, selectionChanged: function(action, selection){} }; return new JavaAdapter(Packages.org.eclipse.ui.IWorkbenchWindowActionDelegate, o);}
Dynamic deployment
• JavaScript Plug-in Development Environment (http://jspde.googlecode.com)
• Support JavaScript Plugins
• Dynamic deployment
Conclusion• Extension mechanisms to integrate:
• PHP frameworks and tools
• Development workflows
• PHP 5.3 support
• Towards customized PDT distribution
• Writing PHP plugins with PHP ?
Resources
• PDT website
• Extending and Scripting PDT tutorial
• Eclipse e4, JavaScript support
• PDT adopter’s
• Aspect PHP Development Toolkit
• Smarty
Thank you