Welcome to Exakat’s documentation!

Contents:

• 1. Introduction
  • 1.1. What is Exakat ?
  • 1.2. Exakat Use Cases
  • 1.3. Exakat compared to others
  • 1.4. Exakat ecosystem
  • 1.5. Architecture
• 2. Exakat features
  • 2.1. Features list
  • 2.2. 415 analyzers
  • 2.3. Compatible with PHP 5.2 to 8.0-dev
  • 2.4. Migration guide from 5.2 to 8.0-dev
  • 2.5. Modernize your code
  • 2.6. Bug fixes that impact the code
  • 2.7. appinfo(): the list of PHP features
  • 2.8. List of significant PHP directives
  • 2.9. Framework and application support
  • 2.10. Hierarchy Diagrams
  • 2.11. Code visualizations
• 3. Installation
  • 3.1. Summary
  • 3.2. Requirements
  • 3.3. Download Exakat
  • 3.4. Quick installation with exakat.phar
  • 3.5. Quick installation with OSX
  • 3.6. Full installation with Debian/Ubuntu
  • 3.7. Quick installation with Debian/Ubuntu
  • 3.8. Installation guide with Composer
  • 3.9. Using multiple PHP versions
  • 3.10. Installation guide with Docker
  • 3.11. Installation guide as Github Action
• 4. Upgrading
  • 4.1. Upgrading
  • 4.2. Upgrading manually
  • 4.3. Upgrading gremlin-server
• 5. Tutorials
  • 5.1. Bare metal install, with projects folder
  • 5.2. Bare metal install, within the code
  • 5.3. Docker container, within the code folder
  • 5.4. Docker container, with projects folder
• 6. Frequently Asked Questions
  • 6.1. Summary
  • 6.2. I need special command to get my code
  • 6.3. Can I checkout that branch?
  • 6.4. Can I clone with my ssh keys?
  • 6.5. After init, my project has no code!
  • 6.6. The project is too big
  • 6.7. Java Out Of Memory Error
  • 6.8. How can I run a very large project?
  • 6.9. Does exakat runs on Java 8?
  • 6.10. Where can I find the report
  • 6.11. Can I run exakat on local code?
  • 6.12. Can I ignore a dir or a file?
  • 6.13. Can I audit only one folder in vendor?
  • 6.14. Can I run Exakat with PHP 5?
  • 6.15. I get the error ‘The executable ‘ansible-playbook’ Vagrant is trying to run was not found’
  • 6.16. Can I run exakat on Windows?
  • 6.17. Does exakat send my code to a central server?
  • 6.18. “cat: write error: Broken pipe” : is it bad?
  • 6.19. Require a [gremlin]Argument
• 7. Exakat commands
  • 7.1. List of commands :
  • 7.2. anonymize
  • 7.3. baseline
  • 7.4. catalog
  • 7.5. clean
  • 7.6. cleandb
  • 7.7. doctor
  • 7.8. help
  • 7.9. init
  • 7.10. project
  • 7.11. remove
  • 7.12. show
  • 7.13. report
  • 7.14. update
  • 7.15. upgrade
  • 7.16. Install
• 8. Rulesets
  • 8.1. Presentation
  • 8.2. List of rulesets
  • 8.3. Rulesets details
• 9. Rules list
  • 9.1. Introduction
  • 9.2. $HTTP_RAW_POST_DATA Usage
  • 9.3. $php_errormsg Usage
  • 9.4. $this Belongs To Classes Or Traits
  • 9.5. $this Is Not An Array
  • 9.6. $this Is Not For Static Methods
  • 9.7. ** For Exponent
  • 9.8. ::class
  • 9.9. @ Operator
  • 9.10. Abstract Away
  • 9.11. Abstract Or Implements
  • 9.12. Abstract Static Methods
  • 9.13. Access Protected Structures
  • 9.14. Accessing Private
  • 9.15. Add Default Value
  • 9.16. Adding Zero
  • 9.17. Aliases Usage
  • 9.18. All Uppercase Variables
  • 9.19. Already Parents Interface
  • 9.20. Already Parents Trait
  • 9.21. Altering Foreach Without Reference
  • 9.22. Alternative Syntax Consistence
  • 9.23. Always Anchor Regex
  • 9.24. Always Positive Comparison
  • 9.25. Always Use Function With array_key_exists()
  • 9.26. Ambiguous Array Index
  • 9.27. Ambiguous Static
  • 9.28. Ambiguous Visibilities
  • 9.29. Anonymous Classes
  • 9.30. Argument Should Be Typehinted
  • 9.31. Array_Fill() With Objects
  • 9.32. Array_merge Needs Array Of Arrays
  • 9.33. Assert Function Is Reserved
  • 9.34. Assign And Compare
  • 9.35. Assign Default To Properties
  • 9.36. Assign With And Precedence
  • 9.37. Assigned Twice
  • 9.38. Assumptions
  • 9.39. Autoappend
  • 9.40. Avoid Concat In Loop
  • 9.41. Avoid Large Array Assignation
  • 9.42. Avoid Optional Properties
  • 9.43. Avoid Parenthesis
  • 9.44. Avoid Real
  • 9.45. Avoid Self In Interface
  • 9.46. Avoid Substr() One
  • 9.47. Avoid Those Hash Functions
  • 9.48. Avoid Using stdClass
  • 9.49. Avoid array_push()
  • 9.50. Avoid array_unique()
  • 9.51. Avoid get_class()
  • 9.52. Avoid glob() Usage
  • 9.53. Avoid mb_dectect_encoding()
  • 9.54. Avoid option arrays in constructors
  • 9.55. Avoid set_error_handler $context Argument
  • 9.56. Avoid sleep()/usleep()
  • 9.57. Bad Constants Names
  • 9.58. Bad Typehint Relay
  • 9.59. Bail Out Early
  • 9.60. Binary Glossary
  • 9.61. Bracketless Blocks
  • 9.62. Break Outside Loop
  • 9.63. Break With 0
  • 9.64. Break With Non Integer
  • 9.65. Buried Assignation
  • 9.66. Cache Variable Outside Loop
  • 9.67. Callback Function Needs Return
  • 9.68. Calltime Pass By Reference
  • 9.69. Can’t Count Non-Countable
  • 9.70. Can’t Extend Final
  • 9.71. Can’t Throw Throwable
  • 9.72. Cancel Common Method
  • 9.73. Cancelled Parameter
  • 9.74. Cant Implement Traversable
  • 9.75. Cant Inherit Abstract Method
  • 9.76. Cant Instantiate Class
  • 9.77. Cant Use Return Value In Write Context
  • 9.78. Case Insensitive Constants
  • 9.79. Cast To Boolean
  • 9.80. Cast Unset Usage
  • 9.81. Casting Ternary
  • 9.82. Catch Overwrite Variable
  • 9.83. Catch Undefined Variable
  • 9.84. Check All Types
  • 9.85. Check Crypto Key Length
  • 9.86. Check JSON
  • 9.87. Check On __Call Usage
  • 9.88. Child Class Removes Typehint
  • 9.89. Class Const With Array
  • 9.90. Class Could Be Final
  • 9.91. Class Function Confusion
  • 9.92. Class Should Be Final By Ocramius
  • 9.93. Class Without Parent
  • 9.94. Class, Interface Or Trait With Identical Names
  • 9.95. Classes Mutually Extending Each Other
  • 9.96. Clone With Non-Object
  • 9.97. Close Tags
  • 9.98. Closure Could Be A Callback
  • 9.99. Closure May Use $this
  • 9.100. Coalesce And Concat
  • 9.101. Coalesce Equal
  • 9.102. Common Alternatives
  • 9.103. Compact Inexistant Variable
  • 9.104. Compare Hash
  • 9.105. Compared Comparison
  • 9.106. Complex Dynamic Names
  • 9.107. Concat And Addition
  • 9.108. Concat Empty String
  • 9.109. Concrete Visibility
  • 9.110. Configure Extract
  • 9.111. Const Visibility Usage
  • 9.112. Const With Array
  • 9.113. Constant Class
  • 9.114. Constant Comparison
  • 9.115. Constant Scalar Expressions
  • 9.116. Constant Typo Looks Like A Variable
  • 9.117. Constants Created Outside Its Namespace
  • 9.118. Constants With Strange Names
  • 9.119. Continue Is For Loop
  • 9.120. Could Be Abstract Class
  • 9.121. Could Be Callable
  • 9.122. Could Be Class Constant
  • 9.123. Could Be Constant
  • 9.124. Could Be Else
  • 9.125. Could Be Float
  • 9.126. Could Be Integer
  • 9.127. Could Be Iterable
  • 9.128. Could Be Null
  • 9.129. Could Be Parent
  • 9.130. Could Be Parent Method
  • 9.131. Could Be Private Class Constant
  • 9.132. Could Be Protected Class Constant
  • 9.133. Could Be Protected Method
  • 9.134. Could Be Protected Property
  • 9.135. Could Be Self
  • 9.136. Could Be Static
  • 9.137. Could Be Static Closure
  • 9.138. Could Be String
  • 9.139. Could Be Stringable
  • 9.140. Could Be Void
  • 9.141. Could Make A Function
  • 9.142. Could Use Alias
  • 9.143. Could Use Compact
  • 9.144. Could Use Promoted Properties
  • 9.145. Could Use Short Assignation
  • 9.146. Could Use Try
  • 9.147. Could Use __DIR__
  • 9.148. Could Use array_fill_keys
  • 9.149. Could Use array_unique
  • 9.150. Could Use self
  • 9.151. Could Use str_repeat()
  • 9.152. Crc32() Might Be Negative
  • 9.153. Cyclic References
  • 9.154. Dangling Array References
  • 9.155. Deep Definitions
  • 9.156. Define With Array
  • 9.157. Dependant Abstract Classes
  • 9.158. Dependant Trait
  • 9.159. Deprecated PHP Functions
  • 9.160. Dereferencing String And Arrays
  • 9.161. Detect Current Class
  • 9.162. Different Argument Counts
  • 9.163. Direct Call To __clone()
  • 9.164. Direct Injection
  • 9.165. Directly Use File
  • 9.166. Disconnected Classes
  • 9.167. Do In Base
  • 9.168. Don’t Be Too Manual
  • 9.169. Don’t Change Incomings
  • 9.170. Don’t Echo Error
  • 9.171. Don’t Loop On Yield
  • 9.172. Don’t Pollute Global Space
  • 9.173. Don’t Read And Write In One Expression
  • 9.174. Don’t Send $this In Constructor
  • 9.175. Don’t Unset Properties
  • 9.176. Dont Change The Blind Var
  • 9.177. Dont Collect Void
  • 9.178. Dont Compare Typed Boolean
  • 9.179. Dont Mix ++
  • 9.180. Double Assignation
  • 9.181. Double Instructions
  • 9.182. Double Object Assignation
  • 9.183. Double array_flip()
  • 9.184. Drop Else After Return
  • 9.185. Drop Substr Last Arg
  • 9.186. Duplicate Literal
  • 9.187. Dynamic Library Loading
  • 9.188. Echo Or Print
  • 9.189. Echo With Concat
  • 9.190. Ellipsis Usage
  • 9.191. Else If Versus Elseif
  • 9.192. Empty Blocks
  • 9.193. Empty Classes
  • 9.194. Empty Function
  • 9.195. Empty Instructions
  • 9.196. Empty Interfaces
  • 9.197. Empty List
  • 9.198. Empty Namespace
  • 9.199. Empty Slots In Arrays
  • 9.200. Empty Traits
  • 9.201. Empty Try Catch
  • 9.202. Empty With Expression
  • 9.203. Encoded Simple Letters
  • 9.204. Eval() Usage
  • 9.205. Exceeding Typehint
  • 9.206. Exception Order
  • 9.207. Exit() Usage
  • 9.208. Exponent Usage
  • 9.209. Failed Substr Comparison
  • 9.210. Fetch One Row Format
  • 9.211. Filter To add_slashes()
  • 9.212. Final Class Usage
  • 9.213. Final Methods Usage
  • 9.214. Flexible Heredoc
  • 9.215. Fn Argument Variable Confusion
  • 9.216. For Using Functioncall
  • 9.217. Foreach Don’t Change Pointer
  • 9.218. Foreach On Object
  • 9.219. Foreach Reference Is Not Modified
  • 9.220. Foreach With list()
  • 9.221. Forgotten Interface
  • 9.222. Forgotten Thrown
  • 9.223. Forgotten Visibility
  • 9.224. Forgotten Whitespace
  • 9.225. Fossilized Method
  • 9.226. Fully Qualified Constants
  • 9.227. Function Subscripting
  • 9.228. Function Subscripting, Old Style
  • 9.229. Functions Removed In PHP 5.4
  • 9.230. Functions Removed In PHP 5.5
  • 9.231. Generator Cannot Return
  • 9.232. Getting Last Element
  • 9.233. Global Inside Loop
  • 9.234. Global Usage
  • 9.235. Group Use Declaration
  • 9.236. Group Use Trailing Comma
  • 9.237. Hardcoded Passwords
  • 9.238. Hash Algorithms
  • 9.239. Hash Algorithms Incompatible With PHP 5.3
  • 9.240. Hash Algorithms Incompatible With PHP 5.4/5.5
  • 9.241. Hash Algorithms Incompatible With PHP 7.1-
  • 9.242. Hash Algorithms Incompatible With PHP 7.4-
  • 9.243. Hash Will Use Objects
  • 9.244. Heredoc Delimiter
  • 9.245. Hexadecimal In String
  • 9.246. Hidden Nullable
  • 9.247. Hidden Use Expression
  • 9.248. Htmlentities Calls
  • 9.249. Identical Conditions
  • 9.250. Identical Consecutive Expression
  • 9.251. Identical On Both Sides
  • 9.252. If With Same Conditions
  • 9.253. Iffectations
  • 9.254. Illegal Name For Method
  • 9.255. Implement Is For Interface
  • 9.256. Implemented Methods Are Public
  • 9.257. Implied If
  • 9.258. Implode One Arg
  • 9.259. Implode() Arguments Order
  • 9.260. Inclusion Wrong Case
  • 9.261. Incompatible Signature Methods
  • 9.262. Incompatible Signature Methods With Covariance
  • 9.263. Incompilable Files
  • 9.264. Inconsistent Elseif
  • 9.265. Indices Are Int Or String
  • 9.266. Indirect Injection
  • 9.267. Infinite Recursion
  • 9.268. Instantiating Abstract Class
  • 9.269. Insufficient Property Typehint
  • 9.270. Insufficient Typehint
  • 9.271. Integer As Property
  • 9.272. Integer Conversion
  • 9.273. Interfaces Don’t Ensure Properties
  • 9.274. Interfaces Is Not Implemented
  • 9.275. Interpolation
  • 9.276. Invalid Constant Name
  • 9.277. Invalid Octal In String
  • 9.278. Invalid Pack Format
  • 9.279. Invalid Regex
  • 9.280. Is Actually Zero
  • 9.281. Is_A() With String
  • 9.282. Isset Multiple Arguments
  • 9.283. Isset() On The Whole Array
  • 9.284. Joining file()
  • 9.285. Keep Files Access Restricted
  • 9.286. Large Try Block
  • 9.287. List Short Syntax
  • 9.288. List With Appends
  • 9.289. List With Keys
  • 9.290. List With Reference
  • 9.291. Locally Unused Property
  • 9.292. Logical Mistakes
  • 9.293. Logical Operators Favorite
  • 9.294. Logical Should Use Symbolic Operators
  • 9.295. Logical To in_array
  • 9.296. Lone Blocks
  • 9.297. Long Arguments
  • 9.298. Lost References
  • 9.299. Magic Visibility
  • 9.300. Make Global A Property
  • 9.301. Make Magic Concrete
  • 9.302. Make One Call With Array
  • 9.303. Malformed Octal
  • 9.304. Max Level Of Nesting
  • 9.305. Maybe Missing New
  • 9.306. Mbstring Third Arg
  • 9.307. Mbstring Unknown Encoding
  • 9.308. Memoize MagicCall
  • 9.309. Merge If Then
  • 9.310. Method Collision Traits
  • 9.311. Method Could Be Private Method
  • 9.312. Method Could Be Static
  • 9.313. Method Signature Must Be Compatible
  • 9.314. Methodcall On New
  • 9.315. Methods Without Return
  • 9.316. Minus One On Error
  • 9.317. Mismatch Parameter And Type
  • 9.318. Mismatch Parameter Name
  • 9.319. Mismatch Properties Typehints
  • 9.320. Mismatch Type And Default
  • 9.321. Mismatched Default Arguments
  • 9.322. Mismatched Ternary Alternatives
  • 9.323. Mismatched Typehint
  • 9.324. Missing Abstract Method
  • 9.325. Missing Cases In Switch
  • 9.326. Missing Include
  • 9.327. Missing Parenthesis
  • 9.328. Missing Some Returntype
  • 9.329. Missing Typehint
  • 9.330. Mistaken Concatenation
  • 9.331. Mixed Concat And Interpolation
  • 9.332. Mixed Keys Arrays
  • 9.333. Mkdir Default
  • 9.334. Modernize Empty With Expression
  • 9.335. Modified Typed Parameter
  • 9.336. Multiple Alias Definitions
  • 9.337. Multiple Alias Definitions Per File
  • 9.338. Multiple Class Declarations
  • 9.339. Multiple Classes In One File
  • 9.340. Multiple Constant Definition
  • 9.341. Multiple Declaration Of Strict_types
  • 9.342. Multiple Definition Of The Same Argument
  • 9.343. Multiple Exceptions Catch()
  • 9.344. Multiple Identical Trait Or Interface
  • 9.345. Multiple Index Definition
  • 9.346. Multiple Type Variable
  • 9.347. Multiple Unset()
  • 9.348. Multiple Usage Of Same Trait
  • 9.349. Multiples Identical Case
  • 9.350. Multiply By One
  • 9.351. Must Call Parent Constructor
  • 9.352. Must Return Methods
  • 9.353. Named Regex
  • 9.354. Negative Power
  • 9.355. Negative Start Index In Array
  • 9.356. Nested Ifthen
  • 9.357. Nested Ternary
  • 9.358. Nested Ternary Without Parenthesis
  • 9.359. Never Used Parameter
  • 9.360. Never Used Properties
  • 9.361. New Constants In PHP 7.2
  • 9.362. New Constants In PHP 7.4
  • 9.363. New Functions In PHP 5.4
  • 9.364. New Functions In PHP 5.5
  • 9.365. New Functions In PHP 5.6
  • 9.366. New Functions In PHP 7.0
  • 9.367. New Functions In PHP 7.1
  • 9.368. New Functions In PHP 7.2
  • 9.369. New Functions In PHP 7.3
  • 9.370. New Functions In PHP 7.4
  • 9.371. New Functions In PHP 8.0
  • 9.372. Next Month Trap
  • 9.373. No Append On Source
  • 9.374. No Boolean As Default
  • 9.375. No Choice
  • 9.376. No Class As Typehint
  • 9.377. No Class In Global
  • 9.378. No Count With 0
  • 9.379. No Direct Call To Magic Method
  • 9.380. No Direct Usage
  • 9.381. No ENT_IGNORE
  • 9.382. No Empty Regex
  • 9.383. No Hardcoded Hash
  • 9.384. No Hardcoded Ip
  • 9.385. No Hardcoded Path
  • 9.386. No Hardcoded Port
  • 9.387. No List With String
  • 9.388. No Literal For Reference
  • 9.389. No Magic Method With Array
  • 9.390. No More Curly Arrays
  • 9.391. No Need For Else
  • 9.392. No Need For Triple Equal
  • 9.393. No Need For get_class()
  • 9.394. No Net For Xml Load
  • 9.395. No Parenthesis For Language Construct
  • 9.396. No Plus One
  • 9.397. No Public Access
  • 9.398. No Real Comparison
  • 9.399. No Reference For Static Property
  • 9.400. No Reference For Ternary
  • 9.401. No Reference On Left Side
  • 9.402. No Return For Generator
  • 9.403. No Return Or Throw In Finally
  • 9.404. No Return Used
  • 9.405. No Self Referencing Constant
  • 9.406. No Spread For Hash
  • 9.407. No String With Append
  • 9.408. No Substr Minus One
  • 9.409. No Weak SSL Crypto
  • 9.410. No array_merge() In Loops
  • 9.411. No get_class() With Null
  • 9.412. No isset() With empty()
  • 9.413. No mb_substr In Loop
  • 9.414. Non Ascii Variables
  • 9.415. Non Nullable Getters
  • 9.416. Non Static Methods Called In A Static
  • 9.417. Non-constant Index In Array
  • 9.418. Non-lowercase Keywords
  • 9.419. Not A Scalar Type
  • 9.420. Not Equal Is Not !==
  • 9.421. Not Not
  • 9.422. Null On New
  • 9.423. Null Or Boolean Arrays
  • 9.424. Nullable With Constant
  • 9.425. Nullable Without Check
  • 9.426. Numeric Literal Separator
  • 9.427. Objects Don’t Need References
  • 9.428. Old Style Constructor
  • 9.429. Old Style __autoload()
  • 9.430. One If Is Sufficient
  • 9.431. One Letter Functions
  • 9.432. One Variable String
  • 9.433. Only Variable For Reference
  • 9.434. Only Variable Passed By Reference
  • 9.435. Only Variable Returned By Reference
  • 9.436. Optimize Explode()
  • 9.437. Or Die
  • 9.438. Order Of Declaration
  • 9.439. Overwritten Exceptions
  • 9.440. Overwritten Literals
  • 9.441. Overwritten Source And Value
  • 9.442. PHP 7.0 New Classes
  • 9.443. PHP 7.0 New Interfaces
  • 9.444. PHP 7.0 Removed Directives
  • 9.445. PHP 7.0 Removed Functions
  • 9.446. PHP 7.0 Scalar Typehints
  • 9.447. PHP 7.1 Microseconds
  • 9.448. PHP 7.1 Removed Directives
  • 9.449. PHP 7.1 Scalar Typehints
  • 9.450. PHP 7.2 Deprecations
  • 9.451. PHP 7.2 Object Keyword
  • 9.452. PHP 7.2 Removed Functions
  • 9.453. PHP 7.2 Scalar Typehints
  • 9.454. PHP 7.3 Last Empty Argument
  • 9.455. PHP 7.3 Removed Functions
  • 9.456. PHP 7.4 Constant Deprecation
  • 9.457. PHP 7.4 Removed Directives
  • 9.458. PHP 7.4 Removed Functions
  • 9.459. PHP 7.4 Reserved Keyword
  • 9.460. PHP 74 New Directives
  • 9.461. PHP 8.0 Removed Constants
  • 9.462. PHP 8.0 Removed Directives
  • 9.463. PHP 8.0 Removed Functions
  • 9.464. PHP 80 Named Parameter Variadic
  • 9.465. PHP Keywords As Names
  • 9.466. PHP Resources Turned Into Objects
  • 9.467. PHP5 Indirect Variable Expression
  • 9.468. PHP7 Dirname
  • 9.469. Parameter Hiding
  • 9.470. Parent First
  • 9.471. Parent, Static Or Self Outside Class
  • 9.472. Parenthesis As Parameter
  • 9.473. Pathinfo() Returns May Vary
  • 9.474. Php 7 Indirect Expression
  • 9.475. Php 7.1 New Class
  • 9.476. Php 7.2 New Class
  • 9.477. Php 7.4 New Class
  • 9.478. Php 8.0 Only TypeHints
  • 9.479. Php 8.0 Variable Syntax Tweaks
  • 9.480. Php/UseMatch
  • 9.481. Php7 Relaxed Keyword
  • 9.482. Phpinfo
  • 9.483. Possible Alias Confusion
  • 9.484. Possible Increment
  • 9.485. Possible Infinite Loop
  • 9.486. Possible Missing Subpattern
  • 9.487. Pre-increment
  • 9.488. Prefix And Suffixes With Typehint
  • 9.489. Preprocess Arrays
  • 9.490. Preprocessable
  • 9.491. Print And Die
  • 9.492. Printf Number Of Arguments
  • 9.493. Processing Collector
  • 9.494. Property Could Be Local
  • 9.495. Property Could Be Private Property
  • 9.496. Property Used In One Method Only
  • 9.497. Property Variable Confusion
  • 9.498. Queries In Loops
  • 9.499. Raised Access Level
  • 9.500. Random Without Try
  • 9.501. Randomly Sorted Arrays
  • 9.502. Redeclared PHP Functions
  • 9.503. Redefined Class Constants
  • 9.504. Redefined Default
  • 9.505. Redefined Private Property
  • 9.506. Redefined Property
  • 9.507. Reflection Export() Is Deprecated
  • 9.508. Regex On Arrays
  • 9.509. Register Globals
  • 9.510. Relay Function
  • 9.511. Repeated Interface
  • 9.512. Repeated Regex
  • 9.513. Repeated print()
  • 9.514. Reserved Keywords In PHP 7
  • 9.515. Results May Be Missing
  • 9.516. Rethrown Exceptions
  • 9.517. Return True False
  • 9.518. Return With Parenthesis
  • 9.519. Reuse Variable
  • 9.520. Safe Curl Options
  • 9.521. Safe HTTP Headers
  • 9.522. Same Conditions In Condition
  • 9.523. Same Variable Foreach
  • 9.524. Scalar Are Not Arrays
  • 9.525. Scalar Or Object Property
  • 9.526. Self Using Trait
  • 9.527. Semantic Typing
  • 9.528. Session Lazy Write
  • 9.529. Set Aside Code
  • 9.530. Set Cookie Safe Arguments
  • 9.531. Setlocale() Uses Constants
  • 9.532. Several Instructions On The Same Line
  • 9.533. Short Open Tags
  • 9.534. Short Syntax For Arrays
  • 9.535. Should Be Single Quote
  • 9.536. Should Chain Exception
  • 9.537. Should Deep Clone
  • 9.538. Should Have Destructor
  • 9.539. Should Make Alias
  • 9.540. Should Make Ternary
  • 9.541. Should Preprocess Chr()
  • 9.542. Should Typecast
  • 9.543. Should Use Coalesce
  • 9.544. Should Use Constants
  • 9.545. Should Use Explode Args
  • 9.546. Should Use Foreach
  • 9.547. Should Use Function
  • 9.548. Should Use Local Class
  • 9.549. Should Use Math
  • 9.550. Should Use Operator
  • 9.551. Should Use Prepared Statement
  • 9.552. Should Use SetCookie()
  • 9.553. Should Use array_column()
  • 9.554. Should Use array_filter()
  • 9.555. Should Use session_regenerateid()
  • 9.556. Should Yield With Key
  • 9.557. Signature Trailing Comma
  • 9.558. Silently Cast Integer
  • 9.559. Similar Integers
  • 9.560. Simple Global Variable
  • 9.561. Simple Switch
  • 9.562. Simplify Regex
  • 9.563. Slice Arrays First
  • 9.564. Slow Functions
  • 9.565. Sqlite3 Requires Single Quotes
  • 9.566. Static Global Variables Confusion
  • 9.567. Static Loop
  • 9.568. Static Methods Called From Object
  • 9.569. Static Methods Can’t Contain $this
  • 9.570. Strange Name For Constants
  • 9.571. Strange Name For Variables
  • 9.572. Strict Comparison With Booleans
  • 9.573. String Initialization
  • 9.574. String May Hold A Variable
  • 9.575. Strings With Strange Space
  • 9.576. Strpos()-like Comparison
  • 9.577. Strtr Arguments
  • 9.578. Substr To Trim
  • 9.579. Substring First
  • 9.580. Suspicious Comparison
  • 9.581. Swapped Arguments
  • 9.582. Switch Fallthrough
  • 9.583. Switch To Switch
  • 9.584. Switch With Too Many Default
  • 9.585. Switch Without Default
  • 9.586. Ternary In Concat
  • 9.587. Test Then Cast
  • 9.588. Throw Functioncall
  • 9.589. Throw In Destruct
  • 9.590. Throw Was An Expression
  • 9.591. Throws An Assignement
  • 9.592. Timestamp Difference
  • 9.593. Too Long A Block
  • 9.594. Too Many Array Dimensions
  • 9.595. Too Many Children
  • 9.596. Too Many Dereferencing
  • 9.597. Too Many Finds
  • 9.598. Too Many Injections
  • 9.599. Too Many Local Variables
  • 9.600. Too Many Native Calls
  • 9.601. Too Many Parameters
  • 9.602. Too Much Indented
  • 9.603. Trailing Comma In Calls
  • 9.604. Trait Not Found
  • 9.605. Typed Property Usage
  • 9.606. Typehint Must Be Returned
  • 9.607. Typehinted References
  • 9.608. Unbinding Closures
  • 9.609. Uncaught Exceptions
  • 9.610. Unchecked Resources
  • 9.611. Unconditional Break In Loop
  • 9.612. Undefined ::class
  • 9.613. Undefined Caught Exceptions
  • 9.614. Undefined Class Constants
  • 9.615. Undefined Classes
  • 9.616. Undefined Constant Name
  • 9.617. Undefined Constants
  • 9.618. Undefined Functions
  • 9.619. Undefined Insteadof
  • 9.620. Undefined Interfaces
  • 9.621. Undefined Parent
  • 9.622. Undefined Properties
  • 9.623. Undefined Trait
  • 9.624. Undefined Variable
  • 9.625. Undefined static:: Or self::
  • 9.626. Unicode Escape Partial
  • 9.627. Unicode Escape Syntax
  • 9.628. Uninitilized Property
  • 9.629. Union Typehint
  • 9.630. Unitialized Properties
  • 9.631. Unknown Parameter Name
  • 9.632. Unknown Pcre2 Option
  • 9.633. Unkown Regex Options
  • 9.634. Unpacking Inside Arrays
  • 9.635. Unpreprocessed Values
  • 9.636. Unreachable Class Constant
  • 9.637. Unreachable Code
  • 9.638. Unresolved Catch
  • 9.639. Unresolved Classes
  • 9.640. Unresolved Instanceof
  • 9.641. Unresolved Use
  • 9.642. Unserialize Second Arg
  • 9.643. Unset In Foreach
  • 9.644. Unsupported Types With Operators
  • 9.645. Unthrown Exception
  • 9.646. Unused Arguments
  • 9.647. Unused Class Constant
  • 9.648. Unused Classes
  • 9.649. Unused Constants
  • 9.650. Unused Exception Variable
  • 9.651. Unused Functions
  • 9.652. Unused Global
  • 9.653. Unused Inherited Variable In Closure
  • 9.654. Unused Interfaces
  • 9.655. Unused Label
  • 9.656. Unused Methods
  • 9.657. Unused Private Methods
  • 9.658. Unused Private Properties
  • 9.659. Unused Protected Methods
  • 9.660. Unused Returned Value
  • 9.661. Unused Trait In Class
  • 9.662. Unused Use
  • 9.663. Unusual Case For PHP Functions
  • 9.664. Upload Filename Injection
  • 9.665. Use ::Class Operator
  • 9.666. Use === null
  • 9.667. Use Array Functions
  • 9.668. Use Basename Suffix
  • 9.669. Use Case Value
  • 9.670. Use Const And Functions
  • 9.671. Use Constant
  • 9.672. Use Constant As Arguments
  • 9.673. Use Count Recursive
  • 9.674. Use DateTimeImmutable Class
  • 9.675. Use Instanceof
  • 9.676. Use List With Foreach
  • 9.677. Use Lower Case For Parent, Static And Self
  • 9.678. Use Named Boolean In Argument Definition
  • 9.679. Use Nullable Type
  • 9.680. Use PHP Object API
  • 9.681. Use PHP7 Encapsed Strings
  • 9.682. Use Pathinfo
  • 9.683. Use Positive Condition
  • 9.684. Use System Tmp
  • 9.685. Use The Blind Var
  • 9.686. Use Url Query Functions
  • 9.687. Use With Fully Qualified Name
  • 9.688. Use array_slice()
  • 9.689. Use const
  • 9.690. Use get_debug_type()
  • 9.691. Use is_countable
  • 9.692. Use json_decode() Options
  • 9.693. Use password_hash()
  • 9.694. Use pathinfo() Arguments
  • 9.695. Use random_int()
  • 9.696. Use session_start() Options
  • 9.697. Use str_contains()
  • 9.698. Used Once Property
  • 9.699. Used Once Variables
  • 9.700. Used Once Variables (In Scope)
  • 9.701. Useless Abstract Class
  • 9.702. Useless Alias
  • 9.703. Useless Brackets
  • 9.704. Useless Catch
  • 9.705. Useless Check
  • 9.706. Useless Constructor
  • 9.707. Useless Default Argument
  • 9.708. Useless Final
  • 9.709. Useless Global
  • 9.710. Useless Instructions
  • 9.711. Useless Interfaces
  • 9.712. Useless Parenthesis
  • 9.713. Useless Referenced Argument
  • 9.714. Useless Return
  • 9.715. Useless Switch
  • 9.716. Useless Type Casting
  • 9.717. Useless Type Check
  • 9.718. Useless Typehint
  • 9.719. Useless Unset
  • 9.720. Uses Default Values
  • 9.721. Using $this Outside A Class
  • 9.722. Using Deprecated Method
  • 9.723. Usort Sorting In PHP 7.0
  • 9.724. Var Keyword
  • 9.725. Variable Global
  • 9.726. Variable Is Not A Condition
  • 9.727. Variables With One Letter Names
  • 9.728. Weak Typing
  • 9.729. Weird Array Index
  • 9.730. While(List() = Each())
  • 9.731. Written Only Variables
  • 9.732. Wrong Access Style to Property
  • 9.733. Wrong Argument Type
  • 9.734. Wrong Attribute Configuration
  • 9.735. Wrong Case Namespaces
  • 9.736. Wrong Class Name Case
  • 9.737. Wrong Function Name Case
  • 9.738. Wrong Number Of Arguments
  • 9.739. Wrong Optional Parameter
  • 9.740. Wrong Parameter Type
  • 9.741. Wrong Range Check
  • 9.742. Wrong Type For Native PHP Function
  • 9.743. Wrong Type Returned
  • 9.744. Wrong Type With Call
  • 9.745. Wrong Typed Property Default
  • 9.746. Wrong Typehinted Name
  • 9.747. Wrong fopen() Mode
  • 9.748. Yoda Comparison
  • 9.749. __DIR__ Then Slash
  • 9.750. __debugInfo() Usage
  • 9.751. __toString() Throws Exception
  • 9.752. array_key_exists() Speedup
  • 9.753. array_key_exists() Works On Arrays
  • 9.754. array_merge() And Variadic
  • 9.755. crypt() Without Salt
  • 9.756. curl_version() Has No Argument
  • 9.757. error_reporting() With Integers
  • 9.758. eval() Without Try
  • 9.759. ext/apc
  • 9.760. ext/dba
  • 9.761. ext/ereg
  • 9.762. ext/fdf
  • 9.763. ext/mcrypt
  • 9.764. ext/mhash
  • 9.765. ext/ming
  • 9.766. ext/mysql
  • 9.767. filter_input() As A Source
  • 9.768. fputcsv() In Loops
  • 9.769. func_get_arg() Modified
  • 9.770. idn_to_ascii() New Default
  • 9.771. include_once() Usage
  • 9.772. isset() With Constant
  • 9.773. list() May Omit Variables
  • 9.774. mb_strrpos() Third Argument
  • 9.775. mcrypt_create_iv() With Default Values
  • 9.776. move_uploaded_file Instead Of copy
  • 9.777. openssl_random_pseudo_byte() Second Argument
  • 9.778. parse_str() Warning
  • 9.779. preg_match_all() Flag
  • 9.780. preg_replace With Option e
  • 9.781. self, parent, static Outside Class
  • 9.782. set_exception_handler() Warning
  • 9.783. strip_tags Skips Closed Tag
  • 9.784. strpos() Too Much
  • 9.785. time() Vs strtotime()
  • 9.786. var_dump()… Usage
• 10. Real Code Cases
  • 10.1. Introduction
  • 10.2. Examples
• 11. Reports
  • 11.1. Configuring a report before the audit
  • 11.2. Generating a report after the audit
  • 11.3. Common behavior
  • 11.4. Reports descriptions
• 12. Configuration
  • 12.1. Summary
  • 12.2. Common Behavior
  • 12.3. Engine configuration
  • 12.4. Project Configuration
  • 12.5. Adding/Excluding files
  • 12.6. In-code Configuration
  • 12.7. Commandline Configuration
  • 12.8. Specific analysis configurations
  • 12.9. Configuring analysis to be run
  • 12.10. Check Install
• 13. Custom analysis
  • 13.1. Summary:
  • 13.2. How Exakat runs an analysis
  • 13.3. Quick startup
  • 13.4. Analysis structure
  • 13.5. Internal database
  • 13.6. Documentation
  • 13.7. Testing your analysis
  • 13.8. Writing test
  • 13.9. Tooling
  • 13.10. Publishing your analysis
• 14. Glossary
• 15. Definitions
• 16. Ideas
• 17. List of contributors
• 18. Annex
  • 18.1. Supported Rulesets
  • 18.2. Supported Reports
  • 18.3. Supported PHP Extensions
  • 18.4. Supported Frameworks
  • 18.5. Applications
  • 18.6. Recognized Libraries
  • 18.7. New analyzers
  • 18.8. PHP Error messages
  • 18.9. External services
  • 18.10. External links
  • 18.11. Ruleset configurations
  • 18.12. Exakat Changelog