8. Themes

8.1. Presentation

Analysis are grouped in different standard recipes, that may be run independantly. Each recipe has a focus target,

Recipes runs all its analysis and any needed dependency.

Recipes are configured with the -T option, when running exakat in command line.

php exakat.phar analyze -p <project> -T <Security/DirectInjection>

8.2. List of recipes

Here is the list of the current recipes supported by Exakat Engine.

Name Description
Analyze Check for common best practices.
CakePHP Check for code used with the Slim Framework
Dead code Check the unused code or unreachable code.
CompatibilityPHP70 List features that are incompatible with PHP 7.0.
CompatibilityPHP71 List features that are incompatible with PHP 7.1.
CompatibilityPHP72 List features that are incompatible with PHP 7.2. It is also known as php-src.
CompatibilityPHP56 List features that are incompatible with PHP 5.6.
Performances Check the code for slow code.
Security Check the code for common security bad practices, especially in the Web environnement.
Slim Framework Check for code used with the Slim Framework
Wordpress Check for code used with the Wordpress platform
Zend Framework Check for code used with the Zend Framework 3
CompatibilityPHP55 List features that are incompatible with PHP 5.5.
CompatibilityPHP54 List features that are incompatible with PHP 5.4.
CompatibilityPHP53 List features that are incompatible with PHP 5.3.
Coding Conventions List coding conventions violations.

Note : in command line, don’t forget to add quotes to recipes’s names that include white space.

8.3. Recipes details

8.3.1. Analyze

Total : 351 analysis

8.3.4. CompatibilityPHP53

Total : 67 analysis

8.3.5. CompatibilityPHP54

Total : 63 analysis

  • Break With Non Integer
  • Calltime Pass By Reference
  • Functions Removed In PHP 5.4
  • Hash Algorithms Incompatible With PHP 5.4/5
  • crypt() Without Salt
  • ext/mhash
  • Arrays/MixedKeys
  • Classes/Anonymous
  • Classes/CantInheritAbstractMethod
  • Classes/ChildRemoveTypehint
  • Classes/ConstVisibilityUsage
  • Classes/IntegerAsProperty
  • Classes/NonStaticMethodsCalledStatic
  • Classes/NullOnNew
  • Exceptions/MultipleCatch
  • Functions/MultipleSameArguments
  • Namespaces/UseFunctionsConstants
  • Php/CantUseReturnValueInWriteContext
  • Php/CaseForPSS
  • Php/ClassConstWithArray
  • Php/ConstWithArray
  • Php/DefineWithArray
  • Php/EllipsisUsage
  • Php/ExponentUsage
  • Php/FlexibleHeredoc
  • Php/GroupUseDeclaration
  • Php/GroupUseTrailingComma
  • Php/HashAlgos53
  • Php/ListShortSyntax
  • Php/ListWithKeys
  • Php/ListWithReference
  • Php/NoListWithString
  • Php/NoStringWithAppend
  • Php/NoSubstrMinusOne
  • Php/PHP73LastEmptyArgument
  • Php/ParenthesisAsParameter
  • Php/Php55NewFunctions
  • Php/Php56NewFunctions
  • Php/Php70NewClasses
  • Php/Php70NewFunctions
  • Php/Php70NewInterfaces
  • Php/Php71NewClasses
  • Php/Php72NewClasses
  • Php/Php72RemovedInterfaces
  • Php/Php73NewFunctions
  • Php/Php7RelaxedKeyword
  • Php/ScalarTypehintUsage
  • Php/StaticclassUsage
  • Php/UnicodeEscapePartial
  • Php/UnicodeEscapeSyntax
  • Php/UseNullableType
  • Php/debugInfoUsage
  • Structures/ConstantScalarExpression
  • Structures/DereferencingAS
  • Structures/ForeachWithList
  • Structures/IssetWithConstant
  • Structures/NoGetClassNull
  • Structures/PHP7Dirname
  • Structures/SwitchWithMultipleDefault
  • Structures/VariableGlobal
  • Type/MalformedOctal
  • Variables/Php5IndirectExpression
  • Variables/Php7IndirectExpression

8.3.6. CompatibilityPHP55

Total : 55 analysis

  • Functions Removed In PHP 5.5
  • Use password_hash()
  • ext/apc
  • ext/mysql
  • Classes/Anonymous
  • Classes/CantInheritAbstractMethod
  • Classes/ChildRemoveTypehint
  • Classes/ConstVisibilityUsage
  • Classes/IntegerAsProperty
  • Classes/NonStaticMethodsCalledStatic
  • Classes/NullOnNew
  • Exceptions/MultipleCatch
  • Functions/MultipleSameArguments
  • Namespaces/UseFunctionsConstants
  • Php/ClassConstWithArray
  • Php/ConstWithArray
  • Php/DefineWithArray
  • Php/EllipsisUsage
  • Php/ExponentUsage
  • Php/FlexibleHeredoc
  • Php/GroupUseDeclaration
  • Php/GroupUseTrailingComma
  • Php/HashAlgos53
  • Php/HashAlgos54
  • Php/ListShortSyntax
  • Php/ListWithKeys
  • Php/ListWithReference
  • Php/NoListWithString
  • Php/NoStringWithAppend
  • Php/NoSubstrMinusOne
  • Php/PHP73LastEmptyArgument
  • Php/ParenthesisAsParameter
  • Php/Php56NewFunctions
  • Php/Php70NewClasses
  • Php/Php70NewFunctions
  • Php/Php70NewInterfaces
  • Php/Php71NewClasses
  • Php/Php72NewClasses
  • Php/Php72RemovedInterfaces
  • Php/Php73NewFunctions
  • Php/Php7RelaxedKeyword
  • Php/ScalarTypehintUsage
  • Php/UnicodeEscapePartial
  • Php/UnicodeEscapeSyntax
  • Php/UseNullableType
  • Php/debugInfoUsage
  • Structures/ConstantScalarExpression
  • Structures/IssetWithConstant
  • Structures/NoGetClassNull
  • Structures/PHP7Dirname
  • Structures/SwitchWithMultipleDefault
  • Structures/VariableGlobal
  • Type/MalformedOctal
  • Variables/Php5IndirectExpression
  • Variables/Php7IndirectExpression

8.3.7. CompatibilityPHP56

Total : 44 analysis

  • $HTTP_RAW_POST_DATA
  • Classes/Anonymous
  • Classes/CantInheritAbstractMethod
  • Classes/ChildRemoveTypehint
  • Classes/ConstVisibilityUsage
  • Classes/IntegerAsProperty
  • Classes/NonStaticMethodsCalledStatic
  • Classes/NullOnNew
  • Exceptions/MultipleCatch
  • Functions/MultipleSameArguments
  • Php/DefineWithArray
  • Php/FlexibleHeredoc
  • Php/GroupUseDeclaration
  • Php/GroupUseTrailingComma
  • Php/HashAlgos53
  • Php/HashAlgos54
  • Php/ListShortSyntax
  • Php/ListWithKeys
  • Php/ListWithReference
  • Php/NoListWithString
  • Php/NoStringWithAppend
  • Php/NoSubstrMinusOne
  • Php/PHP73LastEmptyArgument
  • Php/ParenthesisAsParameter
  • Php/Php70NewClasses
  • Php/Php70NewFunctions
  • Php/Php70NewInterfaces
  • Php/Php71NewClasses
  • Php/Php72NewClasses
  • Php/Php72RemovedInterfaces
  • Php/Php73NewFunctions
  • Php/Php7RelaxedKeyword
  • Php/ScalarTypehintUsage
  • Php/UnicodeEscapePartial
  • Php/UnicodeEscapeSyntax
  • Php/UseNullableType
  • Structures/IssetWithConstant
  • Structures/NoGetClassNull
  • Structures/PHP7Dirname
  • Structures/SwitchWithMultipleDefault
  • Structures/VariableGlobal
  • Type/MalformedOctal
  • Variables/Php5IndirectExpression
  • Variables/Php7IndirectExpression

8.3.8. CompatibilityPHP70

Total : 38 analysis

8.3.9. CompatibilityPHP71

Total : 25 analysis

  • Invalid Octal In String
  • New Functions In PHP 7.1
  • PHP 7.1 Microseconds
  • PHP 7.1 Removed Directives
  • ext/mcrypt
  • Classes/CantInheritAbstractMethod
  • Classes/ChildRemoveTypehint
  • Classes/IntegerAsProperty
  • Classes/UsingThisOutsideAClass
  • Php/BetterRand
  • Php/FlexibleHeredoc
  • Php/GroupUseTrailingComma
  • Php/HashAlgos53
  • Php/HashAlgos54
  • Php/ListWithReference
  • Php/PHP73LastEmptyArgument
  • Php/Php70RemovedDirective
  • Php/Php70RemovedFunctions
  • Php/Php72NewClasses
  • Php/Php72RemovedInterfaces
  • Php/Php73NewFunctions
  • Structures/NoGetClassNull
  • Structures/NoSubstrOne
  • Structures/pregOptionE
  • Type/HexadecimalString

8.3.10. CompatibilityPHP72

Total : 16 analysis

8.3.11. CompatibilityPHP73

Total : 2 analysis

  • Php/Php73NewFunctions
  • Php/UnknownPcre2Option

8.3.12. Dead code

Total : 24 analysis

  • Exception Order
  • Rethrown Exceptions
  • Undefined Caught Exceptions
  • Unresolved Catch
  • Unused Protected Methods
  • Classes/CantExtendFinal
  • Classes/LocallyUnusedProperty
  • Classes/UnresolvedInstanceof
  • Classes/UnusedClass
  • Classes/UnusedMethods
  • Classes/UnusedPrivateMethod
  • Classes/UnusedPrivateProperty
  • Constants/UnusedConstants
  • Exceptions/Unthrown
  • Functions/UnusedFunctions
  • Functions/UnusedInheritedVariable
  • Functions/UnusedReturnedValue
  • Interfaces/UnusedInterfaces
  • Namespaces/EmptyNamespace
  • Namespaces/UnusedUse
  • Structures/EmptyLines
  • Structures/UnreachableCode
  • Structures/UnsetInForeach
  • Structures/UnusedLabel

8.3.14. Security

Total : 35 analysis

8.3.16. Suggestions

Total : 55 analysis

8.3.18. ZendFramework

Total : 241 analysis