with random_bytes and_random_int ask php-compatinfo asks for random extension

[MocioF]

Hi,
I'm starting using this tool to inspect the code base of a wp plugin.
I need some help interpreting the output.
php-compatinfo says that minimum php version required is 8.2.0beta1 but I think this is a false result because my plugin runs on PHP 7.4.
In the extension list I see 2 values greater than 7.4.
One is for a "random" extension, detected on functions random_bytes and_random_int that should be in the core https://www.php.net/manual/it/random.installation.php
The other one is for "core" that asks for a minimum PHP 8.1.0alpha1 (when php-compatinfo is run on PHP 8.1.26-r1 (compiled on gentoo).
Is there something i misunderstand in this output:

Extensions Analysis
-------------------

   Extension  REF      EXT min/Max PHP min/Max PHP suggest  
   core       core     8.1.0alpha1 8.1.0alpha1              
   ctype      ctype    4.0.4       7.1.0       4.0.4        
   date       date     4.0.0       4.0.0                    
   dom        dom      5.0.0       5.0.0                    
   filter     filter   0.11.0      5.0.0                    
   hash       hash     1.1         4.0.0                    
   intl       intl     1.0.0beta   5.2.0                    
   json       json     1.2.1       5.3.0                    
   libxml     libxml   7.0.0alpha1 7.0.0alpha1              
   mbstring   mbstring 7.2.0alpha1 7.1.0       7.2.0alpha1  
   pcre       pcre     4.0.0       4.0.1                    
   random     random   8.2.0beta1  8.2.0beta1               
   standard   standard 7.2.0alpha1 7.1.0       4.0.0        
   Total [13]                      8.2.0beta1

[llaville]

Hello @MocioF
Without source code analysed, I can't help you !
If it's an open-source project, please provide URL, and I may investigate and give you an answer.

[MocioF]

Thanks @llaville ,
yes, it is an open source project:
https://github.com/MocioF/No-unsafe-inline

The random functions detected (excluding vendor/) in
https://github.com/MocioF/No-unsafe-inline/blob/e16e350741ddcda8eaf334c577240a88dfa0d754/src/Nunil_Clustering.php#L81
https://github.com/MocioF/No-unsafe-inline/blob/e16e350741ddcda8eaf334c577240a88dfa0d754/src/Nunil_Manipulate_DOM.php#L642

[llaville]

@MocioF Thanks or these infos. I confirm, it's an issue !

[llaville]

I'll close this discussion, because I've opened a new issue. Follows changes on #372

[llaville]

@MocioF to reply to your first question

The other one is for "core" that asks for a minimum PHP 8.1.0alpha1 (when php-compatinfo is run on PHP 8.1.26-r1 (compiled on gentoo).
Is there something i misunderstand in this output:

The reason is simple : In your code you use (for example: https://github.com/MocioF/No-unsafe-inline/blob/7299b3ab91767705cd37d4ad853c8a5072c3b398/public/class-no-unsafe-inline-public.php#L148) the conditional code.

See Conditions Analysis in following report

Extensions Analysis
-------------------

   Extension  REF      EXT min/Max PHP min/Max PHP suggest
   core       core     8.1.0alpha1 8.1.0alpha1
   ctype      ctype    4.0.4       7.1.0       4.0.4
   date       date     4.0.0       4.0.0
   dom        dom      5.0.0       5.0.0
   hash       hash     1.1         4.0.0
   json       json     1.2.1       5.2.0
   libxml     libxml   7.0.0alpha1 7.0.0alpha1
   mbstring   mbstring 7.2.0alpha1 7.1.0       7.2.0alpha1
   pcre       pcre     4.0.0       4.0.1
   standard   standard 7.2.0alpha1 7.1.0       4.0.0
   Total [10]                      8.1.0alpha1


Conditions Analysis
-------------------

   Condition                REF  EXT min/Max PHP min/Max PHP suggest
   class_exists(Fiber)      core 8.1.0alpha1 8.1.0alpha1
   defined(ABSPATH)         user 0.1.0       4.0.0
   defined(WPMU_PLUGIN_DIR) user 0.1.0       4.0.0
   defined(WPMU_PLUGIN_URL) user 0.1.0       4.0.0
   function_exists(wp_date) user 0.1.0       4.0.0
   Total [5]                                 8.1.0alpha1

So this is the reason why you see "core" that asks for a minimum PHP 8.1.0alpha1 !