2. Rulesets

2.1. Introduction

Exakat provides unique 1432 rules to detect BUGS, CODE SMELLS, SECURITY OR QUALITY ISSUES in your PHP code.

For more smoothly usage, the ruleset concept allow you to run a set of rules based on a decidated focus. Beawre that a Ruleset run all the associated rules and any needed dependencies.

Rulesets are configured with the -T option, when running exakat in command line. For example :

php exakat.phar analyze -p <project> -T <Security>

2.2. Summary

Here is the list of the current rulesets supported by Exakat Engine.

Name Description
Analyze Check for common best practices.
Appinfo Appinfo is the equivalent of phpinfo() for your code.
Attributes This ruleset gathers all rules that rely on PHP 8.+ attributes.
CE List of rules that are part of the Community Edition
CI-checks Quick check for common best practices.
ClassReview A set of rules dedicate to class hygiene
Coding conventions List coding conventions violations.
CompatibilityPHP53 List features that are incompatible with PHP 5.3.
CompatibilityPHP54 List features that are incompatible with PHP 5.4.
CompatibilityPHP55 List features that are incompatible with PHP 5.5.
CompatibilityPHP56 List features that are incompatible with PHP 5.6.
CompatibilityPHP70 List features that are incompatible with PHP 7.0.
CompatibilityPHP71 List features that are incompatible with PHP 7.1.
CompatibilityPHP72 List features that are incompatible with PHP 7.2.
CompatibilityPHP73 List features that are incompatible with PHP 7.3.
CompatibilityPHP74 List features that are incompatible with PHP 7.4.
CompatibilityPHP80 List features that are incompatible with PHP 8.0.
CompatibilityPHP81 List features that are incompatible with PHP 8.1.
Dead code Check the unused code or unreachable code.
Deprecated List of deprecated features, across all PHP versions.
Dump Dump is a collector set of rules.
First A set of rules that are always run at the beginning of a project, because they are frenquently used.
Inventory A set of rules that collect various definitions from the code
LintButWontExec Check the code for common errors that will lead to a Fatal error on production, but lint fine.
Performances Check the code for slow code.
php-cs-fixable Suggests configuration to apply changes with PHP-CS-FIXER
Preferences Identify preferences in the code.
Rector Suggests configuration to apply changes with Rector
Security Check the code for common security bad practices, especially in the Web environnement.
Semantics Checks the meanings found the names of the code.
Suggestions List of possible modernisation of the PHP code.
Top10 The most common issues found in the code
Typechecks Checks related to types.
All All is a dummy ruleset, which includes all the rules.
CompatibilityPHP82 List features that are incompatible with PHP 8.2.
Classdependencies A set of rules dedicated to show classes dependences

Note : in command line, don’t forget to add quotes to rulesets’ names that include white space.

2.3. List of rulesets

2.3.1. Analyze

This ruleset centralizes a large number of classic trap and pitfalls when writing PHP.

Total : 433 analysis

2.3.1.1. Specs

Short name Analyze
Available in Entreprise Edition, Community Edition, Exakat Cloud
Reports Ambassador, Diplomat

2.3.2. Appinfo

A set of rules that describes with PHP features is used in the code.

Total : 383 analysis

2.3.2.1. Specs

Short name Appinfo
Available in Entreprise Edition, Community Edition, Exakat Cloud
Reports Diplomat, Ambassador

2.3.3. Attributes

This ruleset gathers all rules that rely on PHP 8.+ attributes.

Total : 4 analysis

2.3.3.1. Specs

Short name Attributes
Available in Entreprise Edition, Exakat Cloud

2.3.4. CE

This ruleset is the Community Edition list. It holds all the analysis that are in the community edition version of Exakat.

Total : 656 analysis

2.3.4.1. Specs

Short name CE
Available in Entreprise Edition, Exakat Cloud

2.3.5. CI-checks

This ruleset is a collection of important rules to run in a CI pipeline.

Total : 178 analysis

2.3.5.1. Specs

Short name CI-checks
Available in Entreprise Edition, Exakat Cloud

2.3.6. ClassReview

This ruleset focuses on classes construction issues, and their related structures : traits, interfaces, methods, properties, constants.

Total : 59 analysis

2.3.6.1. Specs

Short name ClassReview
Available in Entreprise Edition, Exakat Cloud

2.3.7. Coding conventions

This ruleset centralizes all analysis related to coding conventions. Sometimes, those are easy to extract with static analysis, and so here they are. No all o them are available.

Total : 0 analysis

2.3.7.1. Specs

Short name Coding conventions
Available in Entreprise Edition, Exakat Cloud

2.3.8. CompatibilityPHP53

This ruleset centralizes all analysis for the migration from PHP 5.2 to 5.3.

Total : 86 analysis

2.3.8.1. Specs

Short name CompatibilityPHP53
Available in Entreprise Edition, Exakat Cloud

2.3.9. CompatibilityPHP54

This ruleset centralizes all analysis for the migration from PHP 5.3 to 5.4.

Total : 82 analysis

2.3.9.1. Specs

Short name CompatibilityPHP54
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador

2.3.10. CompatibilityPHP55

This ruleset centralizes all analysis for the migration from PHP 5.4 to 5.5.

Total : 74 analysis

2.3.10.1. Specs

Short name CompatibilityPHP55
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador

2.3.11. CompatibilityPHP56

This ruleset centralizes all analysis for the migration from PHP 5.5 to 5.6.

Total : 64 analysis

2.3.11.1. Specs

Short name CompatibilityPHP56
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador

2.3.12. CompatibilityPHP70

This ruleset centralizes all analysis for the migration from PHP 5.6 to 7.0.

Total : 57 analysis

2.3.12.1. Specs

Short name CompatibilityPHP70
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador

2.3.20. Deprecated

This ruleset centralizes all analysis that are marked as ‘deprecated feature’ for some versions.

For example :

  • Php/NestedTernaryWithoutParenthesis : deprecated PHP 7.4, removed PHP 8.0
  • Php/NoMoreCurlyArrays : deprecated PHP 7.4, removed PHP 8.0
  • Classes/NoParent : deprecated PHP 7.4, removed PHP 8.0
  • Php/Php74RemovedDirective : deprecated PHP 7.4, removed PHP 8.0
  • Php/ArrayKeyExistsWithObjects : deprecated PHP 7.4, removed PHP 8.0

Total : 7 analysis

2.3.20.1. Specs

Short name Deprecated
Available in Entreprise Edition, Exakat Cloud

2.3.22. First

A set of rules that are always run at the beginning of a project, because they are frenquently used. It is mostly used internally.

Total : 7 analysis

2.3.22.1. Specs

Short name First
Available in Entreprise Edition, Community Edition, Exakat Cloud

2.3.23. Inventory

This ruleset collect all free-text names used in the code : variables, global, arguments, etc…

For example :

  • Classes/MagicProperties
  • Constants/Constantnames : names of global Constants
  • Php/CookieVariables : names of cookies
  • Php/DateFormats : date formats
  • Php/IncomingVariables : names of the GET/POST arguments
  • Php/SessionVariables : names of the session variables
  • Type/ArrayIndex : indices used in arrays
  • Type/Binary : binary values
  • Type/CharString : string values
  • Type/Email : hardcoded emails
  • Type/GPCIndex : GET, POST and COOKIE names
  • Type/Hexadecimal : hexadecimal values
  • Type/HexadecimalString : hexadecimal values
  • Type/HttpHeader : HTTP headers
  • Type/HttpStatus : HTTP status
  • Type/Md5String : MD5 string
  • Type/MimeType : Mime types
  • Type/OctalInString : octal values
  • Type/OpensslCipher : names of OpenSSL cipher
  • Type/Pack : pack() formats
  • Type/Pcre : regex strings
  • Type/Ports : server ports mentioned
  • Type/Printf : printf() and co formatting strings
  • Type/Regex : regex strings
  • Type/SpecialIntegers : integer, with special values
  • Type/Sql : SQL strings
  • Type/UdpDomains : UDP domains
  • Type/UnicodeBlock : Unicode blocks
  • Type/Url : URL

Total : 33 analysis

2.3.23.1. Specs

Short name Inventory
Available in Entreprise Edition, Exakat Cloud

2.3.26. php-cs-fixable

[PHP-CS-FIXER](https://github.com/FriendsOfPHP/PHP-CS-Fixer) is a tool to automatically fix PHP Coding Standards issues. It applies modifications in the PHP code automatically. Exakat finds results which may be automatically updated with PHP-CS-FIXER.

Total : 11 analysis

2.3.26.1. Specs

Short name php-cs-fixable
Available in Entreprise Edition, Exakat Cloud
Reports Phpcsfixer

2.3.28. Rector

RectorPHP is a reconstructor tool. It applies modifications in the PHP code automatically. Exakat finds results which may be automatically updated with rector.

Total : 14 analysis

2.3.28.1. Specs

Short name Rector
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador, Rector

2.3.31. Suggestions

This ruleset focuses on possibly better syntax than the one currently used. Those may be code modernization, alternatives, more efficient solutions, or simply left over from older versions.

Total : 102 analysis

2.3.31.1. Specs

Short name Suggestions
Available in Entreprise Edition, Exakat Cloud
Reports Diplomat, Ambassador

2.3.34. All

All is a dummy ruleset, which includes all the rules. It is mostly used internally.

Total : 1420 analysis

2.3.34.1. Specs

Short name All
Available in Entreprise Edition, Exakat Cloud

2.3.35. CompatibilityPHP82

This ruleset centralizes all analysis for the migration from PHP 8.1 to 8.2.

Total : 6 analysis

2.3.35.1. Specs

Short name CompatibilityPHP82
Available in Entreprise Edition, Community Edition, Exakat Cloud
Reports Diplomat, Ambassador

2.3.36. Classdependencies

This ruleset list all dependencies between classes : heritage and type.

Total : 1 analysis

2.3.36.1. Specs

Short name Classdependencies
Available in Entreprise Edition, Exakat Cloud
Reports report-classdependencies