Improve error handling and security

[dereuromark]

Summary

Comprehensive security and error handling improvements based on deep dive code audit.

Security

Callable Whitelist:

• Transform functions now restricted to a whitelist of safe functions
• Blocks dangerous functions like system, exec, passthru from being used in transformFrom/transformTo
• Static class methods (Class::method) are still allowed for custom transformations

Path Traversal Protection:

• Validates target paths stay within expected Dto directory
• Checks for null bytes and .. sequences in DTO names
• Uses realpath() to verify directory boundaries

Error Handling

Pattern Validation:

• Invalid regex patterns now throw clear InvalidArgumentException with the pattern and field name
• Catches both preg_last_error and exceptions from the regex engine

Factory Return Type:

• Validates that factory methods return the expected type
• Provides clear error message if wrong type is returned

Collection Count:

• Wraps count() calls on Countable collections in try-catch
• Provides context in error message if count fails

File Operations:

• Proper error handling for mkdir() and file_put_contents()
• Removes @ error suppression, uses explicit checks instead
• JSON parsing errors include source file context

Error Message Improvements

• Required field errors now include the class name
• Single vs plural error messages ("field missing" vs "fields missing")
• Multi-line formatting for multiple validation errors:

  Validation failed in MyDto:
    - name must be at least 2 characters
    - email must match pattern /^[^@]+@[^@]+$/
  

Tests

• New test for blocked unsafe callable
• Updated validation test for new error message format
• Tests for error message formatting

[codecov]

Codecov Report

❌ Patch coverage is 60.00000% with 36 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.46%. Comparing base (d026f17) to head (f1dd75f).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
src/Generator/Generator.php	51.61%	15 Missing ⚠️
src/Dto/Dto.php	70.83%	14 Missing ⚠️
src/Importer/Importer.php	25.00%	6 Missing ⚠️
src/Importer/Ref/FileRefResolver.php	66.66%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master     #101      +/-   ##
============================================
- Coverage     83.09%   82.46%   -0.64%     
- Complexity     1447     1465      +18     
============================================
  Files            42       42              
  Lines          3543     3615      +72     
============================================
+ Hits           2944     2981      +37     
- Misses          599      634      +35     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.