extending and scripting pdt

Extending and Scripting PDTWilliam Candillon {wcandillon@elv.telecom-lille1.eu}

PHP London meeting, June 2009

Who am I ?

• Engineering student at Telecom Lille 1

• ETH Zurich: XQuery runtime in C++

• Aspect PHP Development Toolkit:http://apdt.googlecode.com

Who are you ?

• What is your favorite IDE?

• VIM?

• Netbeans?

• Komodo?

• PHPEd?

• PDT / Zend Studio?

The Long TailSupport

Specific

PHP

XDebug

Zend framework

PHP Unit

frameworks

Business libraries

PEAR

test/build systemsDevelopment rules

General

How to scale?

Eclipse galaxy

WTP

MTJ RCP

PDTRDT

CDT

EPF SVN

TPTPANT

EMF

UML

OCL

ECF GEFALF DTK

Eclipse

JDT

Frameworks Languages and modeling

Development tasks

Applications

Programming languages

GMF

AJDT

Plug-ins ecosystem (+ 1000)

PDE

J2EEMAVEN

MYLYN

DTP

APDT

Architecture

Equinox (OSGI)

Workspace

Help

Team

Workbench

JFace

SWT

JavaDevelopment

Tools(JDT)

NotreOutil

Votre Outil

Un autreOutil

Plug-inDevelopmentEnvironment

(PDE)

Eclipse Platform

Debug

Update

JVM

PHP Development Toolkit

• Developped by Zend and IBM since 2006

• December 2008: version 2.0

• Second most popular project on eclipse.org

• 100% under the EPL (Eclipse Public License)

• Build on top of DLTK (Dynamic Language Toolkit)

Objectives

• De-facto standard for PHP developments

• Providing extension points and APIs to support PHP tools...

• ...from the last hot PHP framework to the best practices of your company!

Architecture

Why extending ?

• Integrate your own extension or framework

• DLTK/PDT define more than 30 extension points!

What is extensible ? (1/3)

Launcher

BuilderOutline

Syntax highlightingExplorer tree

What is extensible ? (2/3)

Wizard pages

What is extensible ? (3/3)

Search semantic

Code refactoring

• Abstract model of a PHP program

• AST representation of source code

• Tree walking and manipulation

• Extensible type inference engine

What’s wrong ?

Use case

• Objective: ensuring a simple development rule

• Never trust your inputs!

• Finding and fixing the bug...

• ...in the coolest manner

Step 1

• Strategy: extending PDT building process with our own build participant

• Registering the contribution

Step 2

• Build participant factory

public class BuildParticipantFactory implements IBuildParticipantFactory { public IBuildParticipant createBuildParticipant(IScriptProject project){ return new XSSProtectionParticipant(); }}

• Build participantpublic void build(IBuildContext context) throws CoreException{ ISourceModule sourceModule = context.getSourceModule(); ModuleDeclaration moduleDeclaration = SourceParserUtil.getModuleDeclaration(sourceModule); try { moduleDeclaration.traverse(new XSSValidationVisitor(context)); } catch (Exception e) { throw new CoreException(new Status(IStatus.ERROR, ExamplePlugin.PLUGIN_ID, "An error has occurred while invoking XSS validator", e)); }}

Traverse the PHP AST

Step 3

• Trasverse the AST

• If the node is safe, don’t visit child nodes

public boolean visit(PHPCallExpression node) throws Exception { if (node.getReceiver() == null) { // if this is a function call, not method String funcName = node.getName(); if ("isset".equalsIgnoreCase(funcName)) { return false; } return false; }

• Check variable references of globalsprotected boolean isURLParemeterVariable(VariableReference s) { String name = s.getName(); return ("$_GET".equals(name) || "$_POST".equals(name));}

public boolean visit(ArrayVariableReference s) throws Exception { if(isURLParemeterVariable(s)) { context.getProblemReporter().reportProblem(new DefaultProblem(context.getFile().getName(), "Unsafe use of " + s.getName() + ": possible XSS attack", XSSProblem.UNSAFE_GLOBAL_REFERENCE.ordinal(), new String[0], ProblemSeverities.Error, s.sourceStart(), s.sourceEnd(), context.getLineTracker().getLineNumberOfOffset(s.sourceStart())) );

VariableReference

CallExpression

ModuleDeclaration

........

........

Result

• Invalid PHP project

• Mission accomplished!

Let’s digg it

• PHP Quick Fix

• Quick Fix proposal interfacepublic interface IQuickFixProcessor{ boolean hasCorrections(ISourceModule, int problemId); IScriptCompletionProposal[] getCorrections(IInvocationContext, IProblemLocation[]);}

Result

• hasCorrection() checks if correction are availables

• getCorrection() returns a collection of corrections

• apply(document), performs the AST rewriting

Programming is hard...• ...Go scripting!

• PHP Developpers need to extend Eclipse

• Without getting close to Java

• In a dynamic manner

• Eclipse e4, the next generation of Eclipse

• Provides support for JavaScript bundles

• Dynamic execution and deployment model

• Usage: Task automation, glue between plugins, scripting workflows, etc.

The recipie

• Extension Registry

• JavaScript source and Java bridgefunction helloworld() { var object = { run: function (action){ Packages.org.eclipse.jface.dialogs.MessageDialog.openInformation( this.window.getShell(), 'TestJavascriptPlugin', 'Hello, Eclipse world'); }, dispose: function(){}, init: function(window) { this.window = window }, selectionChanged: function(action, selection){} }; return new JavaAdapter(Packages.org.eclipse.ui.IWorkbenchWindowActionDelegate, o);}

Dynamic deployment

• JavaScript Plug-in Development Environment (http://jspde.googlecode.com)

• Support JavaScript Plugins

• Dynamic deployment

Conclusion• Extension mechanisms to integrate:

• PHP frameworks and tools

• Development workflows

• PHP 5.3 support

• Towards customized PDT distribution

• Writing PHP plugins with PHP ?

Resources

• PDT website

• Extending and Scripting PDT tutorial

• Eclipse e4, JavaScript support

• PDT adopter’s

• Aspect PHP Development Toolkit

• Smarty

Thank you