2. Rulesets

2.1. Introduction

Exakat provides unique 1584 rules to detect BUGS, CODE SMELLS, SECURITY OR QUALITY ISSUES in your PHP code.

For more smoothly usage, the ruleset concept allow you to run a set of rules based on a decidated focus. Beawre that a Ruleset run all the associated rules and any needed dependencies.

Rulesets are configured with the -T option, when running exakat in command line. For example :

php exakat.phar analyze -p <project> -T <Security>

2.2. Summary

Here is the list of the current rulesets supported by Exakat Engine.

Name	Description
All	All is a dummy ruleset, which includes all the rules.
Analyze	Check for common best practices.
Appinfo	Appinfo is the equivalent of phpinfo() for your code.
Attributes	This ruleset gathers all rules that rely on PHP 8.+ attributes.
CE	List of rules that are part of the Community Edition
CI-checks	Quick check for common best practices.
Changed Behavior	Ruleset with all rules that identify changed behavior across PHP versions.
Class Review	A set of rules dedicated to class hygiene
Classdependencies	A set of rules dedicated to show classes dependences
Coding conventions	List coding conventions violations.
CompatibilityPHP53	List features that are incompatible with PHP 5.3.
CompatibilityPHP54	List features that are incompatible with PHP 5.4.
CompatibilityPHP55	List features that are incompatible with PHP 5.5.
CompatibilityPHP56	List features that are incompatible with PHP 5.6.
CompatibilityPHP70	List features that are incompatible with PHP 7.0.
CompatibilityPHP71	List features that are incompatible with PHP 7.1.
CompatibilityPHP72	List features that are incompatible with PHP 7.2.
CompatibilityPHP73	List features that are incompatible with PHP 7.3.
CompatibilityPHP74	List features that are incompatible with PHP 7.4.
CompatibilityPHP80	List features that are incompatible with PHP 8.0.
CompatibilityPHP81	List features that are incompatible with PHP 8.1.
CompatibilityPHP82	List features that are incompatible with PHP 8.2.
CompatibilityPHP83	List features that are incompatible with PHP 8.3.
Dead code	Check the unused code or unreachable code.
Deprecated	List of deprecated features, across all PHP versions.
Dump	Dump is a collector set of rules.
First	A set of rules that are always run at the beginning of a project, because they are frequently used.
Inventory	A set of rules that collect various definitions from the code
IsExt	Ruleset with analysis which rely on PHP’s optional extensions
IsPHP	Ruleset with analysis which rely on PHP’s core extensions
IsStub	Ruleset with analysis which rely on custom stubs
LintButWontExec	Check the code for common errors that will lead to a Fatal error on production, but lint fine.
NoDoc	Ruleset with analysis which are not published in the docs.
One Liners	Report expressions that are one liners.
PHP recommendations	Report recommendations from the PHP manual.
Performances	Check the code for slow code.
Preferences	Identify preferences in the code.
Rector	Suggests configuration to apply changes with Rector
Security	Check the code for common security bad practices, especially in the Web environnement.
Semantics	Checks the meanings found the names of the code.
Suggestions	List of possible modernisation of the PHP code.
Surprising	A ruleset dedicated to surprising pieces of code in PHP.
Top10	The most common issues found in the code
Typechecks	Checks related to types.
php-cs-fixable	Suggests configuration to apply changes with PHP-CS-FIXER

Note : in command line, don’t forget to add quotes to rulesets’ names that include white space.

2.3. List of rulesets

2.3.1. All

All is a dummy ruleset, which includes all the rules. It is mostly used internally.

Total : 1582 analysis

• Adding Zero
• Ambiguous Array Index
• Array Index
• Multidimensional Arrays
• Multiple Index Definition
• PHP Arrays Index
• Class Usage
• Classes Names
• Constant Definition
• Empty Classes
• Magic Methods
• Forgotten Visibility
• Non Static Methods Called In A Static
• Old Style Constructor
• Property Names
• Static Methods
• Static Methods Called From Object
• Static Properties
• Constants With Strange Names
• Constants Usage
• Constants Names
• True False Inconsistant Case
• Magic Constant Usage
• PHP Constant Usage
• Caught Exceptions
• Defined Exceptions
• Thrown Exceptions
• ext/apc
• ext/bcmath
• ext/bzip2
• ext/calendar
• ext/crypto
• ext/ctype
• ext/curl
• ext/date
• ext/dba
• ext/dom
• ext/enchant
• ext/exif
• ext/fileinfo
• ext/filter
• ext/ftp
• ext/gd
• ext/gmp
• ext/gnupgp
• ext/hash
• ext/iconv
• ext/json
• ext/ldap
• ext/libxml
• ext/mbstring
• ext/mcrypt
• ext/mongo
• ext/mssql
• ext/mysql
• ext/mysqli
• ext/odbc
• ext/openssl
• ext/pcre
• ext/pdo
• ext/pgsql
• ext/phar
• ext/posix
• ext/readline
• ext/reflection
• ext/sem
• ext/session
• ext/shmop
• ext/simplexml
• ext/snmp
• ext/soap
• ext/sockets
• ext/spl
• ext/sqlite
• ext/sqlite3
• ext/ssh2
• ext/standard
• ext/tidy
• ext/tokenizer
• ext/wddx
• ext/xdebug
• ext/xmlreader
• ext/xmlrpc
• ext/xmlwriter
• ext/xsl
• ext/yaml
• ext/zip
• ext/zlib
• Closures Glossary
• Empty Function
• Function Called With Other Case Than Defined
• Functions Glossary
• Recursive Functions
• Redeclared PHP Functions
• Typehints
• Unset Arguments
• Methods Without Return
• Empty Interfaces
• Interfaces Usage
• Interfaces Names
• PHP Interfaces
• Aliases
• Namespaces Glossary
• Autoloading
• Use Lower Case For Parent, Static And Self
• Goto Names
• __halt_compiler
• Incompilable Files
• Labels
• Functions Removed In PHP 5.4
• Functions Removed In PHP 5.5
• Throw
• Trigger Errors
• Caught Expressions
• Break With 0
• Break With Non Integer
• Calltime Pass By Reference
• error_reporting() With Integers
• Eval() Usage
• Exit() Usage
• For Using Functioncall
• Forgotten Whitespace
• Iffectations
• Multiply By One
• @ Operator
• Not Not
• include_once() Usage
• Phpinfo
• No Plus One
• Using Short Tags
• Strpos()-like Comparison
• Throws An Assignement
• var_dump()… Usage
• __toString() Throws Exception
• Binary Glossary
• Continents
• Email Addresses
• Heredoc Delimiter Glossary
• Hexadecimal Glossary
• Http Headers
• HTTP Status Code
• Malformed Octal
• Md5 Strings
• Mime Types
• Nowdoc Delimiter Glossary
• Octal Glossary
• Perl Regex
• Internet Ports
• Special Integers
• All strings
• Unicode Blocks
• URL List
• Blind Variables
• Interface Arguments
• Variable References
• Static Variables
• Variables With Long Names
• Non Ascii Variables
• Variables With One Letter Names
• PHP Variables
• All Uppercase Variables
• Used Once Variables
• Variable Variables
• Abstract Class Usage
• Abstract Methods Usage
• Clone Usage
• Final Class Usage
• Final Methods Usage
• Bad Constants Names
• Variable Constants
• Empty Traits
• Redefined PHP Traits
• Traits Usage
• Trait Names
• PHP Alternative Syntax
• Short Syntax For Arrays
• inclusions
• ext/file
• Unused Use
• Use With Fully Qualified Name
• Used Use
• ext/array
• ext/info
• ext/math
• $HTTP_RAW_POST_DATA Usage
• Non-lowercase Keywords
• New Functions In PHP 5.4
• New Functions In PHP 5.5
• Useless Instructions
• Abstract Static Methods
• Interface Methods
• New Functions In PHP 5.6
• Trait Methods
• Invalid Constant Name
• Multiple Constant Definition
• Wrong Optional Parameter
• Multiple Definition Of The Same Argument
• Echo Or Print
• Use === null
• Constant Comparison
• Fopen Binary Mode
• Assertions
• $this Is Not An Array
• One Variable String
• Cast Usage
• Function Subscripting
• Nested Loops
• Close Tags
• <?= Usage
• Static Methods Can’t Contain $this
• Closure May Use $this
• While(List() = Each())
• Several Instructions On The Same Line
• One Letter Functions
• Multiples Identical Case
• Switch Without Default
• Function Subscripting, Old Style
• Internally Used Properties
• $this Belongs To Classes Or Traits
• Nested Ternary
• Switch With Too Many Default
• Non-constant Index In Array
• Undefined Constants
• Custom Constant Usage
• Instantiating Abstract Class
• Classes Mutually Extending Each Other
• Class, Interface, Enum Or Trait With Identical Names
• Empty Try Catch
• ext/pcntl
• Undefined Classes
• Is An Extension Class
• Wrong Class Name Case
• ext/redis
• Is An Extension Function
• Is An Extension Interface
• Is An Extension Constant
• Htmlentities Calls
• Bracketless Blocks
• Defined Class Constants
• Undefined Class Constants
• Unused Private Properties
• Used Static Properties
• Used Private Methods
• Unused Private Methods
• Unused Functions
• Used Functions
• Used Once Variables (In Scope)
• Undefined Functions
• Deprecated PHP Functions
• crypt() Without Salt
• mcrypt_create_iv() With Default Values
• Dangling Array References
• ext/sqlsrv
• Queries In Loops
• Var Keyword
• Native Alias Functions Usage
• Uses Default Values
• Wrong Number Of Arguments
• Hardcoded Passwords
• Functions In Loop Calls
• Unresolved Classes
• Ellipsis Usage
• Exponent Usage
• ** For Exponent
• Constructors
• Useless Constructor
• Too Many Children
• Implements Is For Interface
• Use const
• Unresolved Use
• Conditional Structures
• Unused Constants
• Undefined Parent
• Defined static:: Or self::
• Undefined static:: Or self::
• Accessing Private
• Access Protected Structures
• Parent, Static Or Self Outside Class
• ext/0mq
• ext/memcache
• ext/memcached
• Is Extension Trait
• Dynamic Function Call
• Has Variable Arguments
• Multiple Catch
• Dynamically Called Classes
• Conditioned Function
• Conditioned Constants
• Is Generator
• Try With Finally
• Use password_hash()
• Dereferencing String And Arrays
• class
• Foreach With list()
• Empty With Expression
• list() May Omit Variables
• Or Die
• Constant Conditions
• Use Const And Functions
• Constant Scalar Expressions
• Unusual Case For PHP Functions
• Multiple Returns
• Unreachable Code
• Exit-like Methods
• Written Only Variables
• Must Return Methods
• __debugInfo() Usage
• Empty Instructions
• Interpolation
• Mixed Keys Arrays
• Empty Slots In Arrays
• Wrong Number Of Arguments In Methods
• Class Has Fluent Interface
• Method Has Fluent Interface
• Method Is Not For Fluent Interface
• PHP Handlers Usage
• ext/imagick
• Unused Methods
• Property Variable Confusion
• ext/oci8
• Used Methods
• Overwritten Exceptions
• Foreach Needs Reference Array
• Foreach Reference Is Not Modified
• ext/imap
• Overwritten Class Constants
• Direct Injection
• Dynamic Class Constant
• Dynamic Methodcall
• Dynamic New
• Dynamic Property
• Don’t Change Incomings
• Super Globals Contagion
• Dynamic Classes
• Return void
• Compared Comparison
• Useless Return
• Multiple Classes In One File
• File Uploads
• Return With Parenthesis
• Unused Classes
• Used Classes
• ext/intl
• Dynamic Code
• Unpreprocessed Values
• ext/pspell
• No Direct Access
• ext/opcache
• Is PHP Constant
• Sensitive Argument
• Functioncall Is Global
• ext/expect
• Defined Properties
• Undefined Properties
• Has Magic Method
• ext/gettext
• Short Open Tags
• Strict Comparison With Booleans
• Lone Blocks
• $this Is Not For Static Methods
• Avoid sleep()/usleep()
• Argument Should Be Typehinted
• Should Be Single Quote
• Super Global Usage
• Global Usage
• PHP Keywords As Names
• Logical Should Use Symbolic Operators
• Could Use self
• Implicit Global
• Const With Array
• Catch Overwrite Variable
• Namespaces
• Avoid array_unique()
• Definitions Only
• Deep Definitions
• Constant Class
• File Is Not Definitions Only
• Global Code Only
• Preprocess Arrays
• Repeated print()
• Avoid Parenthesis With Language Construct
• Objects Don’t Need References
• Redefined Property
• Locally Unused Property
• Locally Used Property
• Lost References
• Constants Created Outside Its Namespace
• Fully Qualified Constants
• Never Used Properties
• Yoda Comparison
• No Real Comparison
• Sequences In For
• Should Use Local Class
• Use This
• Usage Of class_alias()
• Custom Class Usage
• ext/apache
• ext/eaccelerator
• ext/fpm
• parse_str() Warning
• No Direct Call To Magic Method
• String May Hold A Variable
• Echo With Concat
• Unused Global
• Useless Global
• Preprocessable
• Slow Functions
• Useless Final
• Use Constant Instead Of Function
• Resources Usage
• Useless Unset
• Buried Assignation
• Duplicate Calls
• No array_merge() In Loops
• Useless Parenthesis
• Shell Usage
• File Usage
• Mail Usage
• Dynamic Calls
• Unresolved Instanceof
• Use PHP Object API
• Unthrown Exception
• Old Style __autoload()
• Altering Foreach Without Reference
• Test Class
• Magic Visibility
• Use Pathinfo
• Should Use Existing Constants
• Hash Algorithms
• Avoid Those Hash Functions
• ext/dio
• No Parenthesis For Language Construct
• Unused Label
• No Hardcoded Path
• Methodcall On New
• No Hardcoded Port
• ext/phalcon
• Use Constant As Arguments
• Implied If
• Overwritten Literals
• Assign Default To Properties
• No Public Access
• Composer Usage
• Composer’s autoload
• Should Chain Exception
• Used Interfaces
• Unused Interfaces
• Useless Interfaces
• Undefined Interfaces
• ext/apcu
• Double Instructions
• Should Use Prepared Statement
• Is Interface Method
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Print And Die
• Unchecked Resources
• Class Const With Array
• ext/trader
• ext/mailparse
• ext/mail
• Unresolved Catch
• No Hardcoded Ip
• Variable Global
• Else If Versus Elseif
• Reserved Keywords In PHP 7
• Unset In Foreach
• Could Be Class Constant
• Could Be Static
• Multiple Class Declarations
• Compare Hash
• Empty Namespace
• Could Use Short Assignation
• Useless Abstract Class
• Only Static Methods Class
• Null On New
• Scalar Typehint Usage
• Return Typehint Usage
• ext/ob
• Global Import
• Static Loop
• Pre-increment
• Only Variable Returned By Reference
• ext/geoip
• ext/event
• ext/amqp
• ext/gearman
• ext/com
• ext/gmagick
• ext/ibase
• ext/inotify
• ext/xdiff
• ext/ev
• ext/php-ast
• ext/xml
• ext/xhprof
• Indices Are Int Or String
• Should Typecast
• No Self Referencing Constant
• No Direct Usage
• Break Outside Loop
• Inconsistent Concatenation
• Else Usage
• One Object Operator Per Line
• isset() With Constant
• Avoid Substr() One
• Global Inside Loop
• Anonymous Classes
• Is Global Constant
• Coalesce
• Double Assignation
• Unicode Escape Syntax
• New Functions In PHP 7.0
• PHP 7.0 Removed Functions
• PHP 7.0 New Classes
• PHP 7.0 New Interfaces
• Empty List
• List With Appends
• Simple Global Variable
• Parenthesis As Parameter
• Foreach Don’t Change Pointer
• PHP5 Indirect Variable Expression
• Php 7 Indirect Expression
• Unicode Escape Partial
• Define With Array
• PHP 7.0 Removed Directives
• Directives Usage
• Useless Brackets
• preg_replace With Option e
• eval() Without Try
• Is Not Class Family
• No List With String
• Setlocale() Uses Constants
• Global In Global
• Usort Sorting In PHP 7.0
• Hexadecimal In String
• ext/fann
• Relay Function
• func_get_arg() Modified
• Use Web
• Use Cli
• PHP Sapi
• Register Globals
• External Config Files
• Avoid get_class()
• Silently Cast Integer
• Used Trait
• Unused Traits
• PHP7 Dirname
• Error Messages
• Timestamp Difference
• Php7 Relaxed Keyword
• Not Same Name As File
• ext/pecl_http
• Joining file()
• Real Variables
• Real Functions
• Normal Methods
• Unused Parameter
• Uses Environment
• Switch To Switch
• Wrong Parameter Type
• Property Could Be Private
• Redefined Methods
• Redefined Class Constants
• File Is Component
• Redefined Default
• Wrong fopen() Mode
• Unknown Directive Name
• Confusing Names
• Is CLI Script
• PHP Bugfixes
• preg_match_all() Flag
• Safe Curl Options
• Negative Power
• Already Parents Interface
• Use random_int()
• Cant Use Return Value In Write Context
• set_exception_handler() Warning
• Can’t Extend Final
• Ternary In Concat
• Using $this Outside A Class
• Simplify Regex
• ext/tokyotyrant
• ext/v8js
• Yield Usage
• Yield From Usage
• Pear Usage
• Undefined Trait
• No Hardcoded Hash
• Identical Conditions
• Unkown Regex Options
• Random Without Try
• No Choice
• Common Alternatives
• Logical Mistakes
• Exception Order
• ext/lua
• Uncaught Exceptions
• Undefined Caught Exceptions
• Same Conditions In Condition
• Php 7.1 New Class
• Return True False
• GPRC Aliases
• Indirect Injection
• Useless Switch
• Overwriting Variable
• Could Use __DIR__
• Should Use Coalesce
• Make Global A Property
• List With Keys
• If With Same Conditions
• ext/suhosin
• Unserialize Second Arg
• Throw Functioncall
• Can’t Disable Function
• Functions Using Reference
• Use Instanceof
• Make One Call With Array
• Property Used Above
• Property Used Below
• List Short Syntax
• Results May Be Missing
• Use Nullable Type
• Defined Parent MP
• Globals
• Always Positive Comparison
• PHP 7.1 Removed Directives
• New Functions In PHP 7.1
• Multiple Exceptions Catch()
• Is Upper Family
• Empty Blocks
• Throw In Destruct
• Used Protected Method
• Unused Protected Methods
• Use System Tmp
• Linux Only Files
• No Count With 0
• Dependant Trait
• Hidden Use Expression
• Could Use Alias
• Should Make Alias
• Multiple Identical Trait Or Interface
• Multiple Alias Definitions
• Nested Ifthen
• Cast To Boolean
• Failed Substr Comparison
• Should Use Ternary Operator
• Unused Returned Value
• Modernize Empty With Expression
• Use Positive Condition
• Drop Else After Return
• Use ::Class Operator
• ext/rar
• Don’t Echo Error
• Useless Type Casting
• No isset() With empty()
• time() Vs strtotime()
• Useless Check
• Unitialized Properties
• More Than One Level Of Indentation
• One Dot Or Object Operator Per Line
• Bail Out Early
• Die Exit Consistence
• Array() / [ ] Consistence
• PHP 7.1 Microseconds
• Dont Change The Blind Var
• Getting Last Element
• Rethrown Exceptions
• Avoid Using stdClass
• Invalid Octal In String
• Avoid array_push()
• ext/nsapi
• ext/newt
• ext/ncurses
• Use Composer Lock
• Too Many Local Variables
• $GLOBALS Or global
• Illegal Name For Method
• Unset() Or (unset)
• Close Tags Consistency
• String
• Class Should Be Final By Ocramius
• ext/mongodb
• Should Use Function
• One Expression Brackets Consistency
• Fetch One Row Format
• No String With Append
• Avoid glob() Usage
• Avoid Large Array Assignation
• Could Be Protected Property
• Long Arguments
• New On Functioncall Or Identifier
• Assigned Twice
• New Line Style
• PHP 7.2 Deprecations
• PHP 7.2 Removed Functions
• Error_Log() Usage
• Raised Access Level
• No Boolean As Default
• SQL queries
• Strange Names In Classes
• ext/libsodium
• Class Function Confusion
• Forgotten Thrown
• Should Use array_column()
• Multiple Alias Definitions Per File
• __DIR__ Then Slash
• self, parent, static Outside Class
• Used Once Property
• Property Used In One Method Only
• ext/ds
• No Need For Else
• Should Use session_regenerateid()
• Strange Name For Variables
• Strange Name For Constants
• Regex Delimiter
• Could Be Typehinted Callable
• Encoded Simple Letters
• Too Many Finds
• Use Cookies
• Should Use SetCookie()
• Set Cookie Safe Arguments
• Check All Types
• Missing Cases In Switch
• New Functions In PHP 7.2
• New Constants In PHP 7.2
• Group Use Declaration
• Method Is Overwritten
• Displays Text
• Repeated Regex
• No Class In Global
• Crc32() Might Be Negative
• Could Use str_repeat()
• Suspicious Comparison
• Empty Final Element
• Strings With Strange Space
• Difference Consistence
• No Empty Regex
• Alternative Syntax Consistence
• Randomly Sorted Arrays
• ext/sphinx
• Try With Multiple Catch
• ext/grpc
• Only Variable Passed By Reference
• No Return Used
• Use Browscap
• Use Debug
• No Class As Typehint
• No Reference On Left Side
• Implemented Methods Must Be Public
• Could Typehint
• PSR-16 Usage
• PSR-7 Usage
• PSR-6 Usage
• PSR-3 Usage
• PSR-11 Usage
• PSR-13 Usage
• Mixed Concat And Interpolation
• ext/stats
• DI Cyclic Dependencies
• Concatenation Interpolation Consistence
• New Functions In PHP 7.3
• Too Many Injections
• Dependency Injection
• Courier Anti-Pattern
• ext/gender
• ext/judy
• Could Make A Function
• Forgotten Interface
• Order Of Declaration
• Yii usage
• Codeigniter usage
• Laravel usage
• Symfony usage
• Wordpress usage
• Ez cms usage
• Use session_start() Options
• Cant Inherit Abstract Method
• Joomla usage
• Non Breakable Space In Names
• Multiple Functions Declarations
• Avoid Optional Properties
• Heredoc Delimiter
• swoole
• Manipulates NaN
• Manipulates INF
• No Return Or Throw In Finally
• Const Or Define
• Mkdir Default
• strict_types Preference
• Declare strict_types Usage
• Encoding Usage
• Ticks Usage
• Mismatched Ternary Alternatives
• Mismatched Default Arguments
• Mismatched Typehint
• Scalar Or Object Property
• Group Use Trailing Comma
• Assign With And Precedence
• Logical Operators Favorite
• Isset Multiple Arguments
• No Magic Method With Array
• PHP 7.2 Object Keyword
• Child Class Removes Typehint
• ext/xattr
• Avoid Concat In Loop
• Optional Parameter
• No Substr Minus One
• Logical To in_array
• Should Use Foreach
• ext/rdkafka
• ext/fam
• Shell Favorite
• Constant Used Below
• Could Be Private Class Constant
• Could Be Protected Class Constant
• Method Used Below
• Method Could Be Private Method
• Could Be Protected Method
• Pathinfo() Returns May Vary
• Use pathinfo() Arguments
• ext/parle
• Regex Inventory
• Switch Fallthrough
• Upload Filename Injection
• Always Anchor Regex
• Multiple Type Variable
• Is Actually Zero
• Unconditional Break In Loop
• Session Lazy Write
• Session Variables
• Incoming Variables
• Cookies Variables
• Too Complex Expression
• Date Formats
• Is A Magic Property
• Could Be Else
• Simple Switch And Match
• Next Month Trap
• Printf Number Of Arguments
• Substring First
• Drupal Usage
• Ambiguous Static
• Phalcon Usage
• Fuel PHP Usage
• Use List With Foreach
• Don’t Send $this In Constructor
• Argon2 Usage
• Crypto Usage
• Integer As Property
• No get_class() With Null
• Php 7.2 New Class
• Avoid set_error_handler $context Argument
• Hash Will Use Objects
• Can’t Count Non-Countable
• Maybe Missing New
• Unknown Pcre2 Option
• Use PHP7 Encapsed Strings
• Type Array Index
• Incoming Variable Index Inventory
• Slice Arrays First
• ext/vips
• Dl() Usage
• Parent First
• environment-variables
• Invalid Regex
• Assigned In One Branch
• Use Named Boolean In Argument Definition
• Same Variable Foreach
• Never Called Parameter
• ext/igbinary
• Should Use array_filter()
• Not A Scalar Type
• Mistaken Concatenation
• Identical On Both Sides
• Identical Consecutive Expression
• No Reference For Ternary
• Sqlite3 Requires Single Quotes
• No Net For Xml Load
• Unused Inherited Variable In Closure
• Inclusion Wrong Case
• Missing Include
• Local Globals
• Useless Referenced Argument
• Fallback Function
• Reuse Existing Variable
• Double array_flip()
• Useless Catch
• Find Key Directly
• Possible Infinite Loop
• Should Use Math
• ext/hrtime
• List With Reference
• Test Then Cast
• Could Use Compact
• Foreach On Object
• ext/xxtea
• ext/uopz
• ext/varnish
• ext/opencensus
• Dynamic Library Loading
• PHP 7.3 Last Empty Argument
• Could Use array_fill_keys
• ext/leveldb
• Use Count Recursive
• Property Could Be Local
• ext/db2
• Mass Creation Of Arrays
• Too Many Native Calls
• Too Many Parameters
• Should Preprocess Chr()
• Properties Declaration Consistence
• Possible Increment
• Drop Substr Last Arg
• Redefined Private Property
• Don’t Unset Properties
• Strtr Arguments
• Processing Collector
• Missing Parenthesis
• One If Is Sufficient
• Could Use array_unique
• Callback Function Needs Return
• Wrong Range Check
• ext/zookeeper
• ext/cmark
• Failing Analysis
• Can’t Instantiate Class
• strpos() Too Much
• Typehinted References
• Do In Base
• Weak Typing
• Cache Variable Outside Loop
• Use The Blind Var
• Configure Extract
• Nonexistent Variable In compact()
• Method Signature Must Be Compatible
• Mismatch Type And Default
• Flexible Heredoc
• Check JSON
• Const Visibility Usage
• Should Use Operator
• Single Use Variables
• Strict Or Relaxed Comparison
• Comparisons Orientation
• Compared But Not Assigned Strings
• Could Be Static Closure
• move_uploaded_file Instead Of copy
• Dont Mix ++
• Can’t Throw Throwable
• Abstract Or Implements
• ext/eio
• Incompatible Signature Methods
• Ambiguous Visibilities
• Hash Algorithms Incompatible With PHP 7.1-
• Undefined ::class
• PHP 7.0 Scalar Typehints
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• Locally Used Property In Trait
• ext/lzf
• ext/msgpack
• Case Insensitive Constants
• Handle Arrays With Callback
• Use is_countable
• Detect Current Class
• Avoid Real
• Const Or Define Preference
• Constant Case Preference
• Assert Function Is Reserved
• Could Be Abstract Class
• Continue Is For Loop
• PHP 7.3 Removed Functions
• Trailing Comma In Calls
• Must Call Parent Constructor
• Undefined Variable
• Undefined Insteadof
• Method Collision Traits
• Use json_decode() Options
• Class Could Be Final
• Closure Could Be A Callback
• Inconsistent Elseif
• Can’t Disable Class
• ext/seaslog
• Add Default Value
• Only Variable For Reference
• Direct Call To __clone()
• filter_input() As A Source
• Wrong Access Style to Property
• Named Regex
• Invalid Pack Format
• No Return For Generator
• Repeated Interface
• No Reference For Static Property
• Don’t Read And Write In One Expression
• Pack Format Inventory
• Printf Format Inventory
• idn_to_ascii() New Default
• Could Use Try
• Use Basename Suffix
• PHP Exception
• ext/decimal
• ext/psr
• Should Yield With Key
• Don’t Loop On Yield
• Declare Global Early
• Unreachable Class Constant
• Avoid Self In Interface
• Should Have Destructor
• Safe HTTP Headers
• fputcsv() In Loops
• Directly Use File
• Useless Method Alias
• ext/sdl
• Isset() On The Whole Array
• ext/wasm
• Self Using Trait
• Multiple Usage Of Same Trait
• Method Could Be Static
• Multiple Identical Closure
• Path lists
• Possible Missing Subpattern
• array_key_exists() Speedup
• Assign And Compare
• Typed Property Usage
• Don’t Be Too Manual
• Variable Is Not A Condition
• String Initialization
• ext/weakref
• ext/pcov
• Insufficient Typehint
• Bad Typehint Relay
• Constant Dynamic Creation
• PHP 8.0 Removed Functions
• PHP 8.0 Removed Constants
• Law of Demeter
• An OOP Factory
• Typehint Must Be Returned
• Inconsistent Variable Usage
• Should Deep Clone
• Clone With Non-Object
• Self-Transforming Variables
• Check On __Call Usage
• PHP Overridden Function
• Caught Variable
• Multiple Unset()
• Implode One Arg
• Insecure Integer Validation
• Incoming Values
• ext/svm
• Useless Default Argument
• Avoid option arrays in constructors
• ext/ffi
• ext/password
• ext/zend_monitor
• ext/uuid
• Already Parents Trait
• Trait Not Found
• Casting Ternary
• Concat Empty String
• Concat And Addition
• Useless Argument
• New Functions In PHP 7.4
• Unpacking Inside Arrays
• Minus One On Error
• No Need For get_class()
• Identical Methods
• No Append On Source
• Autoappend
• Memoize MagicCall
• Make Magic Concrete
• Substr To Trim
• Regex On Arrays
• Always Use Function With array_key_exists()
• Complex Dynamic Names
• curl_version() Has No Argument
• Php 7.4 New Classes
• New Constants In PHP 7.4
• Unused Class Constant
• Could Be Constant
• Could Use Trait
• Infinite Recursion
• Null Or Boolean Arrays
• Dependant Abstract Classes
• Wrong Type Returned
• Generator Cannot Return
• Methods That Should Not Be Used
• Use DateTimeImmutable Class
• Set Aside Code
• Use Array Functions
• Useless Type Check
• Disconnected Classes
• Not Or Tilde
• Overwritten Source And Value
• Avoid mb_dectect_encoding()
• PHP 7.4 Removed Functions
• mb_strrpos() Third Argument
• array_key_exists() Works On Arrays
• Reflection Export() Is Deprecated
• Unbinding Closures
• Numeric Literal Separator
• Class Without Parent
• Serialize Magic Method
• Scalar Are Not Arrays
• Similar Integers
• Php Native Reference Variable
• Create Compact Variables
• Propagate Constants
• PHP 7.4 Reserved Keyword
• No ENT_IGNORE
• No More Curly Arrays
• Overwritten Properties
• Overwritten Methods
• Overwritten Constant
• Set Clone Link
• Create Magic Property
• Set Parent Definition
• Make Class Method Definition
• Create Default Values
• array_merge() And Variadic
• Set class_alias() Definition
• Make Class Constant Definition
• Set Class Remote Definition With Injection
• Solve Trait Methods
• Follow Closure Definition
• PHP 7.4 Constant Deprecation
• Implode() Arguments Order
• PHP 7.4 Removed Directives
• Hash Algorithms Incompatible With PHP 7.4-
• openssl_random_pseudo_byte() Second Argument
• strip_tags() Skips Closed Tag
• No Spread For Hash
• Use Covariance
• Use Contravariance
• Set Class Remote Definition With Return Typehint
• Set Class Remote Definition With Local New
• Set Class Remote Definition With Typehint
• Set Class Remote Definition With Global
• Set Class Remote Definition With Parenthesis
• Set Class Property Definition With Typehint
• Set Array Class Definition
• Set Class Method Remote Definition
• Use Arrow Functions
• Max Level Of Nesting
• Environment Variable Usage
• Indentation Levels
• Spread Operator For Array
• Nested Ternary Without Parenthesis
• Cyclomatic Complexity
• Should Use Explode Args
• Use array_slice()
• PHP 74 New Directives
• Too Many Array Dimensions
• Coalesce And Concat
• Comparison Is Always The Same
• Incompatible Signature Methods With Covariance
• Interfaces Is Not Implemented
• No Literal For Reference
• Magic Properties
• Interfaces Don’t Ensure Properties
• Collect Literals
• Duplicate Literal
• No Weak SSL Crypto
• Internet Domains
• No mb_substr In Loop
• Collect Parameter Counts
• Collect Local Variable Counts
• Non Nullable Getters
• Use The Case Value
• Dereferencing Levels
• Too Many Dereferencing
• Should Use Url Query Functions
• Make Functioncall With Reference
• Foreach() Favorite
• Can’t Implement Traversable
• Parameter Hiding
• Wrong Function Name Case
• Propagate Calls
• Is_A() With String
• Mbstring Unknown Encoding
• Collect Mbstring Encodings
• Weird Array Index
• Filter To add_slashes()
• Mbstring Third Arg
• Typehinting Stats
• Typo 3 usage
• Concrete5 usage
• Wrong Case Namespaces
• Create Foreach Default
• Immutable Signature
• Merge If Then
• Wrong Type With Call
• Could Type With Int
• Could Type With String
• Could Type With Array
• Could Type With Boolean
• Shell commands
• Could Type With Iterable
• Insufficient Property Typehint
• inclusions
• Typehint Order
• New Order
• Wrong Typehinted Name
• Links Between Parameter And Argument
• Exceeding Typehint
• Nullable Without Check
• Collect Class Interface Counts
• Collect Class Depth
• Collect Class Children Count
• Semantic Typing
• Missing Typehint
• Fossilized Method
• Not Equal Is Not !==
• Coalesce Equal
• Possible Interfaces
• Constant Order
• Php 8.0 Variable Syntax Tweaks
• New Functions In PHP 8.0
• Dont Collect Void
• Php 8.0 Only TypeHints
• Union Typehint
• Uninitialized Property
• Wrong Typed Property Default
• Signature Trailing Comma
• Hidden Nullable Typehint
• Fn Argument Variable Confusion
• Missing Abstract Method
• Throw Was An Expression
• OpenSSL Ciphers Used
• Unused Trait In Class
• Keep Files Access Restricted
• Check Crypto Key Length
• Undefined Constant Name
• Dynamic Self Calls
• Prefix And Suffixes With Typehint
• Using Deprecated Method
• Too Long A Block
• Static Global Variables Confusion
• Possible Alias Confusion
• Collect Property Counts
• Collect Method Counts
• Collect Class Constant Counts
• Too Much Indented
• Safe Phpvariables
• Could Be String
• Could Be Boolean
• Could Be Void
• Extended Typehints
• Could Be Array Typehint
• Could Be CIT
• Protocol lists
• Cyclic References
• Double Object Assignation
• Could Not Type
• Could Be Callable
• Wrong Argument Type
• Type Could Be Integer
• Call Order
• Could Be Null
• Typehint Could Be Iterable
• Uses PHP 8 Match()
• Could Be Float
• Mismatch Properties Typehints
• Could Be Self
• Could Be Parent
• Collect Parameter Names
• No Need For Triple Equal
• Array_merge Needs Array Of Arrays
• Avoid Compare Typed Boolean
• Abstract Away
• Wrong Type For Native PHP Function
• Large Try Block
• Catch With Undefined Variable
• Swapped Arguments
• Fossilized Methods List
• GLOB_BRACE Usage
• Iconv With Translit
• Collect Static Class Changes
• Different Argument Counts
• Use PHP Attributes
• Use NullSafe Operator
• Use Closure Trailing Comma
• Unknown Parameter Name
• Missing Some Returntype
• Don’t Pollute Global Space
• Collect Variables
• Could Be Parent Method
• Collect Global Variables
• Collect Readability
• Collect Definitions Statistics
• Collect Class Traits Counts
• Collect Native Calls Per Expressions
• Cancel Common Method
• Function With Dynamic Code
• Cast Unset Usage
• $php_errormsg Usage
• Mismatch Parameter Name
• Multiple Declaration Of Strict_types
• Collect Files Dependencies
• Collect Atom Counts
• Collect Classes Dependencies
• Collect Php Structures
• Mismatch Parameter And Type
• Array_Fill() With Objects
• Modified Typed Parameter
• Assumptions
• Collect Use Counts
• Useless Typehint
• PHP 8.0 Removed Directives
• Unsupported Types With Operators
• Negative Start Index In Array
• Php Ext Stub Property And Method
• Optimize Explode()
• Could Use Promoted Properties
• Could Be Stringable
• Nullable With Constant
• Use get_debug_type()
• Collect Block Size
• Use str_contains()
• PHP 8.0 Resources Turned Into Objects
• PHP 80 Named Parameter Variadic
• Unused Exception Variable
• Wrong Attribute Configuration
• Cancelled Parameter
• Constant Typo Looks Like A Variable
• Final Private Methods
• Array_Map() Passes By Value
• Missing __isset() Method
• Searching For Multiple Keys
• Long Preparation For Throw
• Modify Immutable
• Reserved Match Keyword
• No Static Variable In A Method
• Declare Static Once
• Avoid get_object_vars()
• Could Use Match
• Only Container For Reference
• Cannot Use Static For Closure
• Multiple Property Declaration On One Line
• Could Be Generator
• Only First Byte
• Restrict Global Usage
• Inherited Property Type Must Match
• No Object As Index
• Class Overreach
• Inherited Static Variable
• Enum Usage
• PHP 8.1 Removed Directives
• Htmlentities Using Default Flag
• Openssl Encrypt Default Algorithm Change
• PHP 8.1 Removed Constants
• Wrong Argument Name With PHP Function
• Duplicate Named Parameter
• PHP Native Class Type Compatibility
• Missing Attribute Attribute
• $FILES full_path
• No Null For Native PHP Functions
• Calling Static Trait Method
• No Referenced Void
• PHP Native Interfaces and Return Type
• Final Constant
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• First Class Callable
• New Functions In PHP 8.1
• PHP 8.1 Removed Functions
• Never Keyword
• Mixed Keyword
• Mixed Typehint Usage
• False To Array Conversion
• Float Conversion As Index
• Cannot Call Static Trait Method Directly
• Nested Attributes
• New Initializers
• Deprecated Callable
• Promoted Properties
• Overwritten Foreach Var
• Null Type Favorite
• Checks Property Existence
• Variable Anf Property Typehint
• Extends stdClass
• Scope Resolution Operator
• Could Use Nullable Object Operator
• Cant Overload Constants
• Variable Is A Local Constant
• Argument Could Be Iterable
• Intersection Typehint
• Abstract Class Constants
• Recycled Variables
• Check Division By Zero
• Getter And Setter
• Multiple Similar Calls
• Could Be Ternary
• Use File Append
• Readonly Usage
• Missing Visibility
• Could Use Existing Constant
• Dont Reuse Foreach Source
• Collect Dependency Extension
• Public Reach To Private Methods
• Unreachable Method
• Static Call May Be Truly Static
• Could Use array_sum()
• Undefined Methods
• Is Stub Structure
• Is PHP Structure
• Is Extension Structure
• Unfinished Object
• Use class_alias()
• Undefined Enumcase
• Too Many Stringed Elseif
• Missing Typehints
• Identical Elseif
• Simplify Foreach
• Use Variable Created Inside Loop
• String Interpolation Favorite
• Type Could Be Never
• Dont Add Seconds
• Use Constants As Returns
• Identical Variables In Foreach
• Cant Overwrite Final Constant
• String Int Comparison
• Add Return Typehint
• ext/protobuf
• Constant : With Or Without Use
• No Constructor In Interface
• Could Be A Constant
• Create Magic Method
• Unsupported Operand Types
• array_merge With Ellipsis
• Is Library
• version_compare Operator
• PHP 8.1 Resources Turned Into Objects
• Do Not Cast To Int
• Constant Scalar Expression
• Windows Only Constants
• Could Be Spaceship
• Sylius usage
• Dollar Curly Interpolation Is Deprecated
• Unused Enumeration Case
• Useless Null Coalesce
• Throw Raw Exceptions
• Extensions yar
• Collect Stub Structures
• Lowered Access Level
• Cant Overwrite Final Method
• Implicit Conversion To Int
• Excimer
• Use Same Types For Comparisons
• Used Once Trait
• Make All Statics
• Wrong Locale
• ext/pkcs11
• ext/spx
• Parent Is Not Static
• No Magic Method For Enum
• No Readonly Assignation In Global
• Stomp
• ext/CSV
• Could Set Property Default
• Identity
• Overload Existing Names
• Incoming Date Formats
• Collect Vendor Structures
• Array Addition
• Retyped Reference
• Could Be Enumeration
• Wrong Type With Default
• Ice framework
• Extensions/Exttaint
• Sprintf Format Compilation
• Invalid Date Scanning Format
• Same Name For Property And Method
• No Private Abstract Method In Trait
• Utf8 Encode And Decode Are Deprecated
• Magic Method Returntype Is Restricted
• If Then Return Favorite
• Typehints/CouldBeResource
• DateTimeImmutable Is Not Immutable
• New Functions In PHP 8.2
• Empty Array Detection
• Strict In_Array() Preference
• No Default For Referenced Parameter
• Clone Constant
• Enum Case Values
• Random extension
• Ip
• Could Inject Param
• ext/scrypt
• ext/teds
• Geospatial
• Feast usage
• date() versus DateTime Preference
• Unused Public Method
• Could Be Abstract Method
• Solve Trait Constants
• No Keyword In Namespace
• Ambiguous Types With Variables
• Set Chaining Exception
• Could Use Class Operator
• Mbstring Unknown Encodings
• Named Argument And Variadic
• Coalesce And Ternary Operators Order
• Useless Assignation Of Promoted Property
• Method Property Confusion
• Could Use Namespace Magic Constant
• Incompatible Types With Incoming Values
• Method Usage
• Too Many Chained Calls
• Empty Loop
• Too Many Extractions
• No Variable Needed
• Possible TypeError
• Json_encode() Without Exceptions
• No Initial S In Variable Names
• Collect Calls
• Set Method Fnp
• Type Dodging
• Skip Empty Array
• Useless Method
• Weak Type With Array
• Class Could Be Readonly
• Multiple Type Cases In Switch
• Class Invasion
• Property Invasion
• Filter Not Raw
• Collect SetLocale
• Plus Plus Used On Strings
• No Max On Empty Array
• No Empty String With explode()
• Array Access On Literal Array
• Double Checks
• strpos() With Integers
• Unvalidated Data Cached In Session
• Ellipsis Merge
• superglobals
• New Functions In PHP 8.3
• Use str_ends_with()
• Use str_starts_with()
• Missing Assignation In Command
• Mono Or Multibytes Favorite
• Argument Counts Per Calls
• Global Definitions
• Short Ternary
• Deprecated Mb_string Encodings
• Pre-Calculate Use
• No Valid Cast
• Init Then Update
• Different Constructors
• Sidelined Method
• Misused Yield
• Substr() In Loops
• Should Cache Local
• Php 8.3 New Classes
• Rewrote Final Class Constant
• Useless Constant Overwrite
• Blind Variable Used Beyond Loop
• Recalled Condition
• Incompatible Property Between Class And Trait
• Collect Methods Throwing Exceptions
• Static Call With Self
• Use DNF
• Collect Throw Calls
• Collect Compared Literals
• Could Be array_combine()
• Comparison On Different Types
• No Null For Index
• Collects Names
• Useless Try
• Converted Exceptions
• Method Is Not An If
• Default Then Discard
• Class Injection Count
• Collect Property Usage
• Collect Structures
• Collect Catch Calls
• Identical Case In Switch
• StandaloneType True False Null
• Constants In Traits
• Short Or Complete Comparison

2.3.1.1. Specs

Short name	All
Available in	Entreprise Edition, Exakat Cloud

2.3.2. Analyze

This ruleset centralizes a large number of classic trap and pitfalls when writing PHP.

Total : 479 analysis

• Adding Zero
• Ambiguous Array Index
• Multiple Index Definition
• Empty Classes
• Forgotten Visibility
• Non Static Methods Called In A Static
• Old Style Constructor
• Static Methods Called From Object
• Empty Function
• Redeclared PHP Functions
• Methods Without Return
• Empty Interfaces
• Incompilable Files
• error_reporting() With Integers
• Eval() Usage
• Exit() Usage
• Forgotten Whitespace
• Iffectations
• Multiply By One
• @ Operator
• Not Not
• include_once() Usage
• Strpos()-like Comparison
• Throws An Assignement
• var_dump()… Usage
• __toString() Throws Exception
• Non Ascii Variables
• Used Once Variables
• Bad Constants Names
• Empty Traits
• Use With Fully Qualified Name
• Useless Instructions
• Abstract Static Methods
• Invalid Constant Name
• Multiple Constant Definition
• Wrong Optional Parameter
• Use === null
• $this Is Not An Array
• One Variable String
• Static Methods Can’t Contain $this
• While(List() = Each())
• Several Instructions On The Same Line
• Multiples Identical Case
• Switch Without Default
• $this Belongs To Classes Or Traits
• Nested Ternary
• Non-constant Index In Array
• Undefined Constants
• Instantiating Abstract Class
• Class, Interface, Enum Or Trait With Identical Names
• Empty Try Catch
• Undefined Classes
• Htmlentities Calls
• Undefined Class Constants
• Used Once Variables (In Scope)
• Undefined Functions
• Deprecated PHP Functions
• Dangling Array References
• Queries In Loops
• Var Keyword
• Native Alias Functions Usage
• Uses Default Values
• Wrong Number Of Arguments
• Hardcoded Passwords
• Unresolved Classes
• Useless Constructor
• Implements Is For Interface
• Use const
• Unresolved Use
• Undefined Parent
• Undefined static:: Or self::
• Accessing Private
• Access Protected Structures
• Parent, Static Or Self Outside Class
• list() May Omit Variables
• Or Die
• Written Only Variables
• Must Return Methods
• Empty Instructions
• Overwritten Exceptions
• Foreach Reference Is Not Modified
• Don’t Change Incomings
• Compared Comparison
• Useless Return
• Unused Classes
• Unpreprocessed Values
• Undefined Properties
• Short Open Tags
• Strict Comparison With Booleans
• Lone Blocks
• $this Is Not For Static Methods
• Global Usage
• Logical Should Use Symbolic Operators
• Could Use self
• Catch Overwrite Variable
• Deep Definitions
• Repeated print()
• Avoid Parenthesis With Language Construct
• Objects Don’t Need References
• Lost References
• Constants Created Outside Its Namespace
• Fully Qualified Constants
• Never Used Properties
• No Real Comparison
• Should Use Local Class
• No Direct Call To Magic Method
• String May Hold A Variable
• Echo With Concat
• Unused Global
• Useless Global
• Preprocessable
• Useless Final
• Use Constant Instead Of Function
• Useless Unset
• Buried Assignation
• No array_merge() In Loops
• Useless Parenthesis
• Unresolved Instanceof
• Use PHP Object API
• Unthrown Exception
• Old Style __autoload()
• Altering Foreach Without Reference
• Use Pathinfo
• Should Use Existing Constants
• Hash Algorithms
• No Parenthesis For Language Construct
• No Hardcoded Path
• No Hardcoded Port
• Use Constant As Arguments
• Implied If
• Overwritten Literals
• Assign Default To Properties
• No Public Access
• Should Chain Exception
• Useless Interfaces
• Undefined Interfaces
• Double Instructions
• Should Use Prepared Statement
• Print And Die
• Unchecked Resources
• No Hardcoded Ip
• Else If Versus Elseif
• Unset In Foreach
• Could Be Static
• Multiple Class Declarations
• Empty Namespace
• Could Use Short Assignation
• Useless Abstract Class
• Static Loop
• Pre-increment
• Only Variable Returned By Reference
• Indices Are Int Or String
• Should Typecast
• No Self Referencing Constant
• No Direct Usage
• Break Outside Loop
• Avoid Substr() One
• Double Assignation
• Empty List
• Useless Brackets
• preg_replace With Option e
• eval() Without Try
• Relay Function
• func_get_arg() Modified
• Avoid get_class()
• Silently Cast Integer
• Timestamp Difference
• Unused Parameter
• Switch To Switch
• Wrong Parameter Type
• Wrong fopen() Mode
• Negative Power
• Already Parents Interface
• Use random_int()
• Can’t Extend Final
• Ternary In Concat
• Using $this Outside A Class
• Undefined Trait
• No Hardcoded Hash
• Identical Conditions
• Unkown Regex Options
• No Choice
• Common Alternatives
• Logical Mistakes
• Uncaught Exceptions
• Same Conditions In Condition
• Return True False
• Useless Switch
• Could Use __DIR__
• Should Use Coalesce
• Make Global A Property
• If With Same Conditions
• Throw Functioncall
• Use Instanceof
• Results May Be Missing
• Always Positive Comparison
• Empty Blocks
• Throw In Destruct
• Use System Tmp
• Dependant Trait
• Hidden Use Expression
• Should Make Alias
• Multiple Identical Trait Or Interface
• Multiple Alias Definitions
• Nested Ifthen
• Cast To Boolean
• Failed Substr Comparison
• Should Use Ternary Operator
• Unused Returned Value
• Modernize Empty With Expression
• Use Positive Condition
• Drop Else After Return
• Use ::Class Operator
• Don’t Echo Error
• Useless Type Casting
• No isset() With empty()
• Useless Check
• Bail Out Early
• Dont Change The Blind Var
• Avoid Using stdClass
• Too Many Local Variables
• Illegal Name For Method
• Long Arguments
• Assigned Twice
• No Boolean As Default
• Forgotten Thrown
• Multiple Alias Definitions Per File
• __DIR__ Then Slash
• self, parent, static Outside Class
• Used Once Property
• Property Used In One Method Only
• No Need For Else
• Strange Name For Constants
• Too Many Finds
• Should Use SetCookie()
• Check All Types
• Missing Cases In Switch
• Repeated Regex
• No Class In Global
• Crc32() Might Be Negative
• Could Use str_repeat()
• Suspicious Comparison
• Strings With Strange Space
• No Empty Regex
• Alternative Syntax Consistence
• Randomly Sorted Arrays
• Only Variable Passed By Reference
• No Return Used
• No Reference On Left Side
• Implemented Methods Must Be Public
• Mixed Concat And Interpolation
• Too Many Injections
• Could Make A Function
• Forgotten Interface
• Avoid Optional Properties
• Mismatched Ternary Alternatives
• Mismatched Default Arguments
• Mismatched Typehint
• Scalar Or Object Property
• Assign With And Precedence
• No Magic Method With Array
• Logical To in_array
• Pathinfo() Returns May Vary
• Multiple Type Variable
• Is Actually Zero
• Unconditional Break In Loop
• Could Be Else
• Next Month Trap
• Printf Number Of Arguments
• Ambiguous Static
• Don’t Send $this In Constructor
• No get_class() With Null
• Maybe Missing New
• Unknown Pcre2 Option
• Parent First
• Invalid Regex
• Use Named Boolean In Argument Definition
• Same Variable Foreach
• Never Called Parameter
• Identical On Both Sides
• Identical Consecutive Expression
• No Reference For Ternary
• Unused Inherited Variable In Closure
• Inclusion Wrong Case
• Missing Include
• Useless Referenced Argument
• Useless Catch
• Possible Infinite Loop
• Test Then Cast
• Foreach On Object
• Property Could Be Local
• Too Many Native Calls
• Don’t Unset Properties
• Strtr Arguments
• Missing Parenthesis
• Callback Function Needs Return
• Wrong Range Check
• Can’t Instantiate Class
• strpos() Too Much
• Typehinted References
• Weak Typing
• Method Signature Must Be Compatible
• Mismatch Type And Default
• Check JSON
• Dont Mix ++
• Can’t Throw Throwable
• Abstract Or Implements
• Incompatible Signature Methods
• Ambiguous Visibilities
• Undefined ::class
• Assert Function Is Reserved
• Could Be Abstract Class
• Continue Is For Loop
• Must Call Parent Constructor
• Undefined Variable
• Undefined Insteadof
• Method Collision Traits
• Class Could Be Final
• Inconsistent Elseif
• Only Variable For Reference
• Wrong Access Style to Property
• Invalid Pack Format
• Repeated Interface
• Don’t Read And Write In One Expression
• Should Yield With Key
• Useless Method Alias
• Method Could Be Static
• Possible Missing Subpattern
• Assign And Compare
• Variable Is Not A Condition
• Insufficient Typehint
• Typehint Must Be Returned
• Clone With Non-Object
• Check On __Call Usage
• Avoid option arrays in constructors
• Already Parents Trait
• Trait Not Found
• Casting Ternary
• Concat Empty String
• Concat And Addition
• No Append On Source
• Memoize MagicCall
• Unused Class Constant
• Infinite Recursion
• Null Or Boolean Arrays
• Dependant Abstract Classes
• Wrong Type Returned
• Overwritten Source And Value
• Avoid mb_dectect_encoding()
• array_key_exists() Works On Arrays
• Class Without Parent
• Scalar Are Not Arrays
• array_merge() And Variadic
• Implode() Arguments Order
• strip_tags() Skips Closed Tag
• No Spread For Hash
• Max Level Of Nesting
• Should Use Explode Args
• Use array_slice()
• Too Many Array Dimensions
• Coalesce And Concat
• Comparison Is Always The Same
• Incompatible Signature Methods With Covariance
• Interfaces Is Not Implemented
• No Literal For Reference
• Interfaces Don’t Ensure Properties
• Non Nullable Getters
• Too Many Dereferencing
• Can’t Implement Traversable
• Is_A() With String
• Mbstring Unknown Encoding
• Mbstring Third Arg
• Merge If Then
• Wrong Type With Call
• Not Equal Is Not !==
• Dont Collect Void
• Wrong Typed Property Default
• Hidden Nullable Typehint
• Fn Argument Variable Confusion
• Missing Abstract Method
• Undefined Constant Name
• Using Deprecated Method
• Cyclic References
• Double Object Assignation
• Wrong Argument Type
• Mismatch Properties Typehints
• No Need For Triple Equal
• Array_merge Needs Array Of Arrays
• Wrong Type For Native PHP Function
• Catch With Undefined Variable
• Swapped Arguments
• Different Argument Counts
• Unknown Parameter Name
• Missing Some Returntype
• Don’t Pollute Global Space
• Mismatch Parameter Name
• Multiple Declaration Of Strict_types
• Array_Fill() With Objects
• Modified Typed Parameter
• Assumptions
• Unsupported Types With Operators
• Wrong Attribute Configuration
• Cancelled Parameter
• Constant Typo Looks Like A Variable
• Array_Map() Passes By Value
• Missing __isset() Method
• Modify Immutable
• Only Container For Reference
• Cannot Use Static For Closure
• Only First Byte
• Inherited Property Type Must Match
• No Object As Index
• Htmlentities Using Default Flag
• Wrong Argument Name With PHP Function
• Duplicate Named Parameter
• PHP Native Class Type Compatibility
• Missing Attribute Attribute
• No Null For Native PHP Functions
• No Referenced Void
• PHP Native Interfaces and Return Type
• New Functions In PHP 8.1
• Never Keyword
• False To Array Conversion
• Float Conversion As Index
• Cannot Call Static Trait Method Directly
• Overwritten Foreach Var
• Recycled Variables
• Check Division By Zero
• Dont Reuse Foreach Source
• Unreachable Method
• Unfinished Object
• Undefined Enumcase
• Dont Add Seconds
• Use Constants As Returns
• Identical Variables In Foreach
• Cant Overwrite Final Constant
• Unsupported Operand Types
• version_compare Operator
• Do Not Cast To Int
• Could Be Spaceship
• Unused Enumeration Case
• Useless Null Coalesce
• Throw Raw Exceptions
• Implicit Conversion To Int
• Use Same Types For Comparisons
• Wrong Locale
• Parent Is Not Static
• No Magic Method For Enum
• No Readonly Assignation In Global
• Overload Existing Names
• Retyped Reference
• Wrong Type With Default
• Sprintf Format Compilation
• Invalid Date Scanning Format
• Same Name For Property And Method
• DateTimeImmutable Is Not Immutable
• No Default For Referenced Parameter
• Clone Constant
• Could Inject Param
• Unused Public Method
• Mbstring Unknown Encodings
• Coalesce And Ternary Operators Order
• Useless Assignation Of Promoted Property
• Empty Loop
• Useless Method
• Weak Type With Array
• No Empty String With explode()
• Double Checks
• strpos() With Integers
• Missing Assignation In Command
• No Valid Cast
• Misused Yield
• No Null For Index
• Useless Try
• Converted Exceptions
• Method Is Not An If
• Default Then Discard
• Identical Case In Switch
• StandaloneType True False Null

2.3.2.1. Specs

Short name	Analyze
Available in	Entreprise Edition, Community Edition, Exakat Cloud
Reports	Ambassador, Diplomat

2.3.3. Appinfo

A set of rules that describes with PHP features is used in the code.

Total : 383 analysis

• Array Index
• Multidimensional Arrays
• PHP Arrays Index
• Classes Names
• Constant Definition
• Magic Methods
• Old Style Constructor
• Static Methods
• Static Properties
• Constants Usage
• Magic Constant Usage
• PHP Constant Usage
• Defined Exceptions
• Thrown Exceptions
• ext/apc
• ext/bcmath
• ext/bzip2
• ext/calendar
• ext/crypto
• ext/ctype
• ext/curl
• ext/date
• ext/dba
• ext/dom
• ext/enchant
• ext/exif
• ext/fileinfo
• ext/filter
• ext/ftp
• ext/gd
• ext/gmp
• ext/gnupgp
• ext/hash
• ext/iconv
• ext/json
• ext/ldap
• ext/libxml
• ext/mbstring
• ext/mcrypt
• ext/mongo
• ext/mssql
• ext/mysql
• ext/mysqli
• ext/odbc
• ext/openssl
• ext/pcre
• ext/pdo
• ext/pgsql
• ext/phar
• ext/posix
• ext/readline
• ext/reflection
• ext/sem
• ext/session
• ext/shmop
• ext/simplexml
• ext/snmp
• ext/soap
• ext/sockets
• ext/spl
• ext/sqlite
• ext/sqlite3
• ext/ssh2
• ext/standard
• ext/tidy
• ext/tokenizer
• ext/wddx
• ext/xdebug
• ext/xmlreader
• ext/xmlrpc
• ext/xmlwriter
• ext/xsl
• ext/yaml
• ext/zip
• ext/zlib
• Closures Glossary
• Functions Glossary
• Recursive Functions
• Redeclared PHP Functions
• Typehints
• Interfaces Names
• Aliases
• Namespaces Glossary
• Autoloading
• Goto Names
• __halt_compiler
• Incompilable Files
• Labels
• Throw
• Trigger Errors
• Caught Expressions
• Eval() Usage
• Exit() Usage
• @ Operator
• include_once() Usage
• Using Short Tags
• Binary Glossary
• Email Addresses
• Heredoc Delimiter Glossary
• Hexadecimal Glossary
• Md5 Strings
• Nowdoc Delimiter Glossary
• Octal Glossary
• URL List
• Variable References
• Static Variables
• Variables With Long Names
• Variable Variables
• Abstract Class Usage
• Abstract Methods Usage
• Clone Usage
• Variable Constants
• Redefined PHP Traits
• Traits Usage
• Trait Names
• PHP Alternative Syntax
• Short Syntax For Arrays
• inclusions
• ext/file
• ext/array
• ext/info
• ext/math
• $HTTP_RAW_POST_DATA Usage
• Assertions
• Cast Usage
• Function Subscripting
• Nested Loops
• <?= Usage
• ext/pcntl
• ext/redis
• ext/sqlsrv
• Ellipsis Usage
• ext/0mq
• ext/memcache
• ext/memcached
• Dynamic Function Call
• Has Variable Arguments
• Multiple Catch
• Dynamically Called Classes
• Conditioned Function
• Conditioned Constants
• Is Generator
• Try With Finally
• Dereferencing String And Arrays
• Constant Scalar Expressions
• ext/imagick
• ext/oci8
• ext/imap
• Overwritten Class Constants
• Dynamic Class Constant
• Dynamic Methodcall
• Dynamic New
• Dynamic Property
• Dynamic Classes
• Multiple Classes In One File
• File Uploads
• ext/intl
• Dynamic Code
• ext/pspell
• No Direct Access
• ext/opcache
• ext/expect
• ext/gettext
• Super Global Usage
• Global Usage
• Namespaces
• Deep Definitions
• File Is Not Definitions Only
• Usage Of class_alias()
• ext/apache
• ext/eaccelerator
• ext/fpm
• Resources Usage
• Shell Usage
• File Usage
• Mail Usage
• Dynamic Calls
• Test Class
• ext/dio
• ext/phalcon
• Composer Usage
• Composer’s autoload
• ext/apcu
• ext/trader
• ext/mailparse
• ext/mail
• Scalar Typehint Usage
• Return Typehint Usage
• ext/ob
• ext/geoip
• ext/event
• ext/amqp
• ext/gearman
• ext/com
• ext/gmagick
• ext/ibase
• ext/inotify
• ext/xdiff
• ext/ev
• ext/php-ast
• ext/xml
• ext/xhprof
• Else Usage
• Anonymous Classes
• Coalesce
• Directives Usage
• Global In Global
• ext/fann
• Use Web
• Use Cli
• Error Messages
• Php7 Relaxed Keyword
• ext/pecl_http
• Uses Environment
• Redefined Methods
• Is CLI Script
• PHP Bugfixes
• ext/tokyotyrant
• ext/v8js
• Yield Usage
• Yield From Usage
• Pear Usage
• ext/lua
• List With Keys
• ext/suhosin
• Can’t Disable Function
• Functions Using Reference
• List Short Syntax
• Use Nullable Type
• Multiple Exceptions Catch()
• ext/rar
• ext/nsapi
• ext/newt
• ext/ncurses
• Use Composer Lock
• String
• ext/mongodb
• Error_Log() Usage
• SQL queries
• ext/libsodium
• ext/ds
• Use Cookies
• Group Use Declaration
• ext/sphinx
• Try With Multiple Catch
• ext/grpc
• Use Browscap
• Use Debug
• PSR-16 Usage
• PSR-7 Usage
• PSR-6 Usage
• PSR-3 Usage
• PSR-11 Usage
• PSR-13 Usage
• ext/stats
• Dependency Injection
• Courier Anti-Pattern
• ext/gender
• ext/judy
• Yii usage
• Codeigniter usage
• Laravel usage
• Symfony usage
• Wordpress usage
• Ez cms usage
• Joomla usage
• Non Breakable Space In Names
• Multiple Functions Declarations
• swoole
• Manipulates NaN
• Manipulates INF
• Const Or Define
• strict_types Preference
• Declare strict_types Usage
• Encoding Usage
• Ticks Usage
• ext/xattr
• ext/rdkafka
• ext/fam
• ext/parle
• Regex Inventory
• Too Complex Expression
• Drupal Usage
• Phalcon Usage
• Fuel PHP Usage
• Argon2 Usage
• Crypto Usage
• Type Array Index
• Incoming Variable Index Inventory
• ext/vips
• Dl() Usage
• environment-variables
• ext/igbinary
• Fallback Function
• ext/hrtime
• ext/xxtea
• ext/uopz
• ext/varnish
• ext/opencensus
• ext/leveldb
• ext/db2
• ext/zookeeper
• ext/cmark
• Const Visibility Usage
• ext/eio
• ext/lzf
• ext/msgpack
• Case Insensitive Constants
• Handle Arrays With Callback
• Trailing Comma In Calls
• Can’t Disable Class
• ext/seaslog
• Pack Format Inventory
• Printf Format Inventory
• ext/decimal
• ext/psr
• ext/sdl
• ext/wasm
• Path lists
• Typed Property Usage
• ext/weakref
• ext/pcov
• Constant Dynamic Creation
• An OOP Factory
• PHP Overridden Function
• ext/svm
• ext/ffi
• ext/password
• ext/zend_monitor
• ext/uuid
• Numeric Literal Separator
• Use Covariance
• Use Contravariance
• Use Arrow Functions
• Spread Operator For Array
• Nested Ternary Without Parenthesis
• Typo 3 usage
• Concrete5 usage
• Immutable Signature
• Shell commands
• Links Between Parameter And Argument
• Php 8.0 Variable Syntax Tweaks
• Php 8.0 Only TypeHints
• Union Typehint
• Protocol lists
• Use PHP Attributes
• Use NullSafe Operator
• Use Closure Trailing Comma
• Class Overreach
• Final Constant
• Never Typehint Usage
• Named Parameter Usage
• First Class Callable
• Never Keyword
• Mixed Typehint Usage
• Nested Attributes
• New Initializers
• Promoted Properties
• Intersection Typehint
• Readonly Usage
• Use class_alias()
• ext/protobuf
• Constant Scalar Expression
• Sylius usage
• Extensions yar
• Excimer
• ext/pkcs11
• ext/spx
• Stomp
• ext/CSV
• Array Addition
• Ice framework
• Extensions/Exttaint
• Random extension
• Ip
• ext/scrypt
• ext/teds
• Geospatial
• Feast usage
• date() versus DateTime Preference
• Plus Plus Used On Strings
• Short Ternary
• Use DNF

2.3.3.1. Specs

Short name	Appinfo
Available in	Entreprise Edition, Community Edition, Exakat Cloud
Reports	Diplomat, Ambassador

2.3.4. Attributes

This ruleset gathers all rules that rely on PHP 8.+ attributes.

Total : 4 analysis

• Exit-like Methods
• Using Deprecated Method
• Modify Immutable
• Missing Attribute Attribute

2.3.4.1. Specs

Short name	Attributes
Available in	Entreprise Edition, Exakat Cloud

2.3.5. CE

This ruleset is the Community Edition list. It holds all the analysis that are in the community edition version of Exakat.

Total : 625 analysis

• Adding Zero
• Array Index
• Multidimensional Arrays
• Multiple Index Definition
• PHP Arrays Index
• Classes Names
• Constant Definition
• Magic Methods
• Forgotten Visibility
• Non Static Methods Called In A Static
• Old Style Constructor
• Static Methods
• Static Methods Called From Object
• Static Properties
• Constants With Strange Names
• Constants Usage
• Constants Names
• Magic Constant Usage
• PHP Constant Usage
• Defined Exceptions
• Thrown Exceptions
• ext/apc
• ext/bcmath
• ext/bzip2
• ext/calendar
• ext/crypto
• ext/ctype
• ext/curl
• ext/date
• ext/dba
• ext/dom
• ext/enchant
• ext/exif
• ext/fileinfo
• ext/filter
• ext/ftp
• ext/gd
• ext/gmp
• ext/gnupgp
• ext/hash
• ext/iconv
• ext/json
• ext/ldap
• ext/libxml
• ext/mbstring
• ext/mcrypt
• ext/mongo
• ext/mssql
• ext/mysql
• ext/mysqli
• ext/odbc
• ext/openssl
• ext/pcre
• ext/pdo
• ext/pgsql
• ext/phar
• ext/posix
• ext/readline
• ext/reflection
• ext/sem
• ext/session
• ext/shmop
• ext/simplexml
• ext/snmp
• ext/soap
• ext/sockets
• ext/spl
• ext/sqlite
• ext/sqlite3
• ext/ssh2
• ext/standard
• ext/tidy
• ext/tokenizer
• ext/wddx
• ext/xdebug
• ext/xmlreader
• ext/xmlrpc
• ext/xmlwriter
• ext/xsl
• ext/yaml
• ext/zip
• ext/zlib
• Closures Glossary
• Functions Glossary
• Recursive Functions
• Redeclared PHP Functions
• Typehints
• Interfaces Names
• Aliases
• Namespaces Glossary
• Autoloading
• Goto Names
• __halt_compiler
• Incompilable Files
• Labels
• Throw
• Trigger Errors
• Caught Expressions
• error_reporting() With Integers
• Eval() Usage
• Exit() Usage
• Forgotten Whitespace
• Multiply By One
• @ Operator
• Not Not
• include_once() Usage
• Using Short Tags
• Strpos()-like Comparison
• Throws An Assignement
• var_dump()… Usage
• Binary Glossary
• Email Addresses
• Heredoc Delimiter Glossary
• Hexadecimal Glossary
• Md5 Strings
• Nowdoc Delimiter Glossary
• Octal Glossary
• URL List
• Variable References
• Static Variables
• Variables With Long Names
• Variable Variables
• Abstract Class Usage
• Abstract Methods Usage
• Clone Usage
• Variable Constants
• Redefined PHP Traits
• Traits Usage
• Trait Names
• PHP Alternative Syntax
• Short Syntax For Arrays
• inclusions
• ext/file
• ext/array
• ext/info
• ext/math
• $HTTP_RAW_POST_DATA Usage
• Useless Instructions
• Multiple Constant Definition
• Wrong Optional Parameter
• Use === null
• Assertions
• One Variable String
• Cast Usage
• Function Subscripting
• Nested Loops
• <?= Usage
• Static Methods Can’t Contain $this
• While(List() = Each())
• Multiples Identical Case
• Switch Without Default
• Nested Ternary
• Undefined Constants
• Custom Constant Usage
• ext/pcntl
• ext/redis
• Is An Extension Function
• Is An Extension Interface
• Is An Extension Constant
• Htmlentities Calls
• Defined Class Constants
• Undefined Class Constants
• Used Once Variables (In Scope)
• Undefined Functions
• Deprecated PHP Functions
• Dangling Array References
• ext/sqlsrv
• Native Alias Functions Usage
• Uses Default Values
• Wrong Number Of Arguments
• Ellipsis Usage
• Use const
• ext/0mq
• ext/memcache
• ext/memcached
• Is Extension Trait
• Dynamic Function Call
• Has Variable Arguments
• Multiple Catch
• Dynamically Called Classes
• Conditioned Function
• Is Generator
• Try With Finally
• Dereferencing String And Arrays
• list() May Omit Variables
• Or Die
• Constant Scalar Expressions
• Exit-like Methods
• Must Return Methods
• ext/imagick
• ext/oci8
• Overwritten Exceptions
• Foreach Reference Is Not Modified
• ext/imap
• Overwritten Class Constants
• Dynamic Class Constant
• Dynamic Methodcall
• Dynamic New
• Dynamic Property
• Dynamic Classes
• Multiple Classes In One File
• File Uploads
• ext/intl
• Dynamic Code
• ext/pspell
• No Direct Access
• ext/opcache
• Is PHP Constant
• ext/expect
• Defined Properties
• Undefined Properties
• Has Magic Method
• ext/gettext
• Strict Comparison With Booleans
• Lone Blocks
• Super Global Usage
• Global Usage
• Logical Should Use Symbolic Operators
• Namespaces
• Deep Definitions
• Constant Class
• File Is Not Definitions Only
• Repeated print()
• Avoid Parenthesis With Language Construct
• Objects Don’t Need References
• No Real Comparison
• Usage Of class_alias()
• ext/apache
• ext/eaccelerator
• ext/fpm
• No Direct Call To Magic Method
• Useless Final
• Use Constant Instead Of Function
• Resources Usage
• Useless Unset
• No array_merge() In Loops
• Useless Parenthesis
• Shell Usage
• File Usage
• Mail Usage
• Dynamic Calls
• Use PHP Object API
• Altering Foreach Without Reference
• Test Class
• Use Pathinfo
• ext/dio
• No Parenthesis For Language Construct
• ext/phalcon
• Use Constant As Arguments
• Implied If
• Composer Usage
• Composer’s autoload
• Should Chain Exception
• Undefined Interfaces
• ext/apcu
• Should Use Prepared Statement
• Print And Die
• Unchecked Resources
• ext/trader
• ext/mailparse
• ext/mail
• Else If Versus Elseif
• Multiple Class Declarations
• Empty Namespace
• Could Use Short Assignation
• Scalar Typehint Usage
• Return Typehint Usage
• ext/ob
• Pre-increment
• ext/geoip
• ext/event
• ext/amqp
• ext/gearman
• ext/com
• ext/gmagick
• ext/ibase
• ext/inotify
• ext/xdiff
• ext/ev
• ext/php-ast
• ext/xml
• ext/xhprof
• Indices Are Int Or String
• Should Typecast
• Else Usage
• Avoid Substr() One
• Anonymous Classes
• Coalesce
• Directives Usage
• Useless Brackets
• preg_replace With Option e
• eval() Without Try
• Is Not Class Family
• Global In Global
• ext/fann
• Use Web
• Use Cli
• Avoid get_class()
• Silently Cast Integer
• Error Messages
• Timestamp Difference
• Php7 Relaxed Keyword
• ext/pecl_http
• Uses Environment
• Wrong Parameter Type
• Redefined Methods
• Redefined Class Constants
• Redefined Default
• Wrong fopen() Mode
• Is CLI Script
• PHP Bugfixes
• Negative Power
• Use random_int()
• Ternary In Concat
• ext/tokyotyrant
• ext/v8js
• Yield Usage
• Yield From Usage
• Pear Usage
• Undefined Trait
• Identical Conditions
• Unkown Regex Options
• No Choice
• Logical Mistakes
• ext/lua
• Same Conditions In Condition
• Return True False
• Could Use __DIR__
• Should Use Coalesce
• List With Keys
• If With Same Conditions
• ext/suhosin
• Throw Functioncall
• Can’t Disable Function
• Functions Using Reference
• Use Instanceof
• List Short Syntax
• Results May Be Missing
• Use Nullable Type
• Always Positive Comparison
• Multiple Exceptions Catch()
• Empty Blocks
• Throw In Destruct
• Use System Tmp
• Hidden Use Expression
• Should Make Alias
• Multiple Identical Trait Or Interface
• Multiple Alias Definitions
• Failed Substr Comparison
• Should Use Ternary Operator
• Drop Else After Return
• Use ::Class Operator
• ext/rar
• Don’t Echo Error
• Useless Type Casting
• No isset() With empty()
• Useless Check
• ext/nsapi
• ext/newt
• ext/ncurses
• Use Composer Lock
• String
• ext/mongodb
• Error_Log() Usage
• SQL queries
• ext/libsodium
• Multiple Alias Definitions Per File
• __DIR__ Then Slash
• ext/ds
• Use Cookies
• Group Use Declaration
• Repeated Regex
• No Class In Global
• Could Use str_repeat()
• Strings With Strange Space
• No Empty Regex
• ext/sphinx
• Try With Multiple Catch
• ext/grpc
• Use Browscap
• Use Debug
• No Reference On Left Side
• PSR-16 Usage
• PSR-7 Usage
• PSR-6 Usage
• PSR-3 Usage
• PSR-11 Usage
• PSR-13 Usage
• ext/stats
• Dependency Injection
• Courier Anti-Pattern
• ext/gender
• ext/judy
• Yii usage
• Codeigniter usage
• Laravel usage
• Symfony usage
• Wordpress usage
• Ez cms usage
• Joomla usage
• Non Breakable Space In Names
• Multiple Functions Declarations
• swoole
• Manipulates NaN
• Manipulates INF
• Const Or Define
• strict_types Preference
• Declare strict_types Usage
• Encoding Usage
• Ticks Usage
• Assign With And Precedence
• No Magic Method With Array
• ext/xattr
• ext/rdkafka
• ext/fam
• ext/parle
• Regex Inventory
• Is Actually Zero
• Unconditional Break In Loop
• Too Complex Expression
• Is A Magic Property
• Next Month Trap
• Printf Number Of Arguments
• Drupal Usage
• Phalcon Usage
• Fuel PHP Usage
• Argon2 Usage
• Crypto Usage
• Type Array Index
• Incoming Variable Index Inventory
• ext/vips
• Dl() Usage
• environment-variables
• Invalid Regex
• Same Variable Foreach
• ext/igbinary
• Identical On Both Sides
• No Reference For Ternary
• Unused Inherited Variable In Closure
• Fallback Function
• Useless Catch
• ext/hrtime
• ext/xxtea
• ext/uopz
• ext/varnish
• ext/opencensus
• ext/leveldb
• ext/db2
• Don’t Unset Properties
• Strtr Arguments
• Missing Parenthesis
• Callback Function Needs Return
• ext/zookeeper
• ext/cmark
• strpos() Too Much
• Typehinted References
• Check JSON
• ext/eio
• Undefined ::class
• ext/lzf
• ext/msgpack
• Case Insensitive Constants
• Handle Arrays With Callback
• Detect Current Class
• Trailing Comma In Calls
• Undefined Variable
• Undefined Insteadof
• Can’t Disable Class
• ext/seaslog
• Wrong Access Style to Property
• Invalid Pack Format
• Don’t Read And Write In One Expression
• Pack Format Inventory
• Printf Format Inventory
• idn_to_ascii() New Default
• ext/decimal
• ext/psr
• Should Yield With Key
• Useless Method Alias
• ext/sdl
• ext/wasm
• Path lists
• Possible Missing Subpattern
• Assign And Compare
• Typed Property Usage
• ext/weakref
• ext/pcov
• Constant Dynamic Creation
• PHP 8.0 Removed Functions
• PHP 8.0 Removed Constants
• An OOP Factory
• Typehint Must Be Returned
• Self-Transforming Variables
• Check On __Call Usage
• PHP Overridden Function
• ext/svm
• ext/ffi
• ext/password
• ext/zend_monitor
• ext/uuid
• Casting Ternary
• Concat And Addition
• New Functions In PHP 7.4
• curl_version() Has No Argument
• Php 7.4 New Classes
• New Constants In PHP 7.4
• Wrong Type Returned
• Methods That Should Not Be Used
• PHP 7.4 Removed Functions
• mb_strrpos() Third Argument
• array_key_exists() Works On Arrays
• Reflection Export() Is Deprecated
• Unbinding Closures
• Numeric Literal Separator
• Class Without Parent
• Scalar Are Not Arrays
• Create Compact Variables
• PHP 7.4 Reserved Keyword
• No More Curly Arrays
• Overwritten Properties
• Overwritten Constant
• Create Magic Property
• Set Parent Definition
• Make Class Constant Definition
• Follow Closure Definition
• PHP 7.4 Constant Deprecation
• Implode() Arguments Order
• PHP 7.4 Removed Directives
• Hash Algorithms Incompatible With PHP 7.4-
• openssl_random_pseudo_byte() Second Argument
• strip_tags() Skips Closed Tag
• Use Covariance
• Use Contravariance
• Set Array Class Definition
• Use Arrow Functions
• Environment Variable Usage
• Indentation Levels
• Spread Operator For Array
• Nested Ternary Without Parenthesis
• Cyclomatic Complexity
• Should Use Explode Args
• Use array_slice()
• Coalesce And Concat
• Interfaces Is Not Implemented
• No Literal For Reference
• Collect Literals
• Collect Parameter Counts
• Collect Local Variable Counts
• Dereferencing Levels
• Make Functioncall With Reference
• Foreach() Favorite
• Can’t Implement Traversable
• Is_A() With String
• Mbstring Unknown Encoding
• Collect Mbstring Encodings
• Filter To add_slashes()
• Mbstring Third Arg
• Typehinting Stats
• Typo 3 usage
• Concrete5 usage
• Immutable Signature
• Merge If Then
• Wrong Type With Call
• Shell commands
• inclusions
• Typehint Order
• New Order
• Links Between Parameter And Argument
• Collect Class Interface Counts
• Collect Class Depth
• Collect Class Children Count
• Not Equal Is Not !==
• Constant Order
• Php 8.0 Variable Syntax Tweaks
• New Functions In PHP 8.0
• Php 8.0 Only TypeHints
• Union Typehint
• Wrong Typed Property Default
• Signature Trailing Comma
• Throw Was An Expression
• Collect Property Counts
• Collect Method Counts
• Collect Class Constant Counts
• Could Be String
• Could Be Boolean
• Could Be Array Typehint
• Could Be CIT
• Protocol lists
• Type Could Be Integer
• Call Order
• Could Be Null
• Uses PHP 8 Match()
• Could Be Float
• Collect Parameter Names
• Wrong Type For Native PHP Function
• Fossilized Methods List
• Collect Static Class Changes
• Use PHP Attributes
• Use NullSafe Operator
• Use Closure Trailing Comma
• Unknown Parameter Name
• Missing Some Returntype
• Collect Variables
• Collect Global Variables
• Collect Readability
• Collect Definitions Statistics
• Collect Class Traits Counts
• Collect Native Calls Per Expressions
• Function With Dynamic Code
• Cast Unset Usage
• $php_errormsg Usage
• Mismatch Parameter Name
• Collect Files Dependencies
• Collect Atom Counts
• Collect Classes Dependencies
• Collect Php Structures
• Collect Use Counts
• PHP 8.0 Removed Directives
• Unsupported Types With Operators
• Negative Start Index In Array
• Nullable With Constant
• PHP 8.0 Resources Turned Into Objects
• PHP 80 Named Parameter Variadic
• Final Private Methods
• Array_Map() Passes By Value

2.3.5.1. Specs

Short name	CE
Available in	Entreprise Edition, Exakat Cloud

2.3.6. CI-checks

This ruleset is a collection of important rules to run in a CI pipeline.

Total : 178 analysis

• Adding Zero
• Multiple Index Definition
• Forgotten Visibility
• Non Static Methods Called In A Static
• Static Methods Called From Object
• Constants With Strange Names
• Redeclared PHP Functions
• error_reporting() With Integers
• Exit() Usage
• Forgotten Whitespace
• Multiply By One
• @ Operator
• Not Not
• Strpos()-like Comparison
• Throws An Assignement
• var_dump()… Usage
• Useless Instructions
• Multiple Constant Definition
• Wrong Optional Parameter
• Use === null
• One Variable String
• Static Methods Can’t Contain $this
• While(List() = Each())
• Multiples Identical Case
• Switch Without Default
• Nested Ternary
• Undefined Constants
• Htmlentities Calls
• Undefined Class Constants
• Undefined Functions
• Deprecated PHP Functions
• Dangling Array References
• Native Alias Functions Usage
• Uses Default Values
• Wrong Number Of Arguments
• Use const
• list() May Omit Variables
• Or Die
• Must Return Methods
• Overwritten Exceptions
• Foreach Reference Is Not Modified
• Undefined Properties
• Strict Comparison With Booleans
• Lone Blocks
• Logical Should Use Symbolic Operators
• Repeated print()
• Avoid Parenthesis With Language Construct
• Objects Don’t Need References
• No Real Comparison
• No Direct Call To Magic Method
• Useless Final
• Use Constant Instead Of Function
• Useless Unset
• No array_merge() In Loops
• Useless Parenthesis
• Use PHP Object API
• Altering Foreach Without Reference
• Use Pathinfo
• No Parenthesis For Language Construct
• Use Constant As Arguments
• Implied If
• Should Chain Exception
• Undefined Interfaces
• Should Use Prepared Statement
• Print And Die
• Unchecked Resources
• Else If Versus Elseif
• Multiple Class Declarations
• Empty Namespace
• Could Use Short Assignation
• Pre-increment
• Indices Are Int Or String
• Should Typecast
• Avoid Substr() One
• Useless Brackets
• preg_replace With Option e
• eval() Without Try
• Avoid get_class()
• Silently Cast Integer
• Timestamp Difference
• Wrong Parameter Type
• Redefined Class Constants
• Redefined Default
• Wrong fopen() Mode
• Negative Power
• Use random_int()
• Ternary In Concat
• Undefined Trait
• Identical Conditions
• No Choice
• Logical Mistakes
• Same Conditions In Condition
• Return True False
• Could Use __DIR__
• Should Use Coalesce
• If With Same Conditions
• Throw Functioncall
• Use Instanceof
• Results May Be Missing
• Always Positive Comparison
• Empty Blocks
• Throw In Destruct
• Use System Tmp
• Hidden Use Expression
• Should Make Alias
• Multiple Identical Trait Or Interface
• Multiple Alias Definitions
• Failed Substr Comparison
• Should Use Ternary Operator
• Drop Else After Return
• Use ::Class Operator
• Don’t Echo Error
• Useless Type Casting
• No isset() With empty()
• Useless Check
• Multiple Alias Definitions Per File
• __DIR__ Then Slash
• Repeated Regex
• No Class In Global
• Could Use str_repeat()
• Strings With Strange Space
• No Empty Regex
• No Reference On Left Side
• Assign With And Precedence
• No Magic Method With Array
• Is Actually Zero
• Unconditional Break In Loop
• Next Month Trap
• Printf Number Of Arguments
• Invalid Regex
• Same Variable Foreach
• Identical On Both Sides
• No Reference For Ternary
• Unused Inherited Variable In Closure
• Useless Catch
• Don’t Unset Properties
• Strtr Arguments
• Missing Parenthesis
• Callback Function Needs Return
• strpos() Too Much
• Typehinted References
• Check JSON
• Undefined ::class
• Undefined Variable
• Undefined Insteadof
• Wrong Access Style to Property
• Invalid Pack Format
• Should Yield With Key
• Useless Method Alias
• Possible Missing Subpattern
• Assign And Compare
• Typehint Must Be Returned
• Check On __Call Usage
• Casting Ternary
• Concat And Addition
• Wrong Type Returned
• Class Without Parent
• Scalar Are Not Arrays
• Implode() Arguments Order
• strip_tags() Skips Closed Tag
• Should Use Explode Args
• Use array_slice()
• Coalesce And Concat
• Interfaces Is Not Implemented
• No Literal For Reference
• Can’t Implement Traversable
• Is_A() With String
• Mbstring Unknown Encoding
• Mbstring Third Arg
• Merge If Then
• Wrong Type With Call
• Not Equal Is Not !==
• Wrong Typed Property Default
• Wrong Type For Native PHP Function
• Unknown Parameter Name
• Missing Some Returntype
• Htmlentities Using Default Flag
• Wrong Argument Name With PHP Function

2.3.6.1. Specs

Short name	CI-checks
Available in	Entreprise Edition, Exakat Cloud

2.3.7. Changed Behavior

Ruleset with all rules that identify changed behavior across PHP versions. This means that some syntax behave differently, depending on PHP version.

Total : 52 analysis

• $HTTP_RAW_POST_DATA Usage
• Wrong Optional Parameter
• Closure May Use $this
• crypt() Without Salt
• Parent, Static Or Self Outside Class
• Empty With Expression
• Constant Scalar Expressions
• Undefined Properties
• Methodcall On New
• Reserved Keywords In PHP 7
• Scalar Typehint Usage
• Return Typehint Usage
• isset() With Constant
• List With Appends
• Simple Global Variable
• Foreach Don’t Change Pointer
• Unicode Escape Partial
• eval() Without Try
• Usort Sorting In PHP 7.0
• func_get_arg() Modified
• Php7 Relaxed Keyword
• set_exception_handler() Warning
• Using $this Outside A Class
• List With Keys
• PHP 7.1 Microseconds
• No String With Append
• PHP 7.3 Last Empty Argument
• Assert Function Is Reserved
• No Reference For Static Property
• Concat And Addition
• curl_version() Has No Argument
• Null Or Boolean Arrays
• mb_strrpos() Third Argument
• Reflection Export() Is Deprecated
• Class Without Parent
• Implode() Arguments Order
• Throw Was An Expression
• $php_errormsg Usage
• Negative Start Index In Array
• Only First Byte
• Restrict Global Usage
• Inherited Static Variable
• Htmlentities Using Default Flag
• Never Keyword
• Nested Attributes
• Cant Overload Constants
• String Int Comparison
• PHP 8.1 Resources Turned Into Objects
• No Private Abstract Method In Trait
• No Max On Empty Array
• No Empty String With explode()
• strpos() With Integers

2.3.7.1. Specs

Short name	ChangedBehavior
Available in	Entreprise Edition, Community Edition, Exakat Cloud

2.3.8. Class Review

This ruleset focuses on classes construction issues, and their related structures : traits, interfaces, methods, properties, constants.

Total : 89 analysis

• Final Class Usage
• Final Methods Usage
• Classes Mutually Extending Each Other
• Could Use self
• Constant Class
• Redefined Property
• Useless Interfaces
• Could Be Class Constant
• Could Be Static
• No Self Referencing Constant
• Property Could Be Private
• Redefined Methods
• Class Should Be Final By Ocramius
• Could Be Protected Property
• Raised Access Level
• Could Be Private Class Constant
• Could Be Protected Class Constant
• Method Could Be Private Method
• Could Be Protected Method
• Property Could Be Local
• Could Be Abstract Class
• Class Could Be Final
• Wrong Access Style to Property
• Unreachable Class Constant
• Avoid Self In Interface
• Self Using Trait
• Method Could Be Static
• Avoid option arrays in constructors
• Memoize MagicCall
• Unused Class Constant
• Dependant Abstract Classes
• Wrong Type Returned
• Disconnected Classes
• Class Without Parent
• Interfaces Is Not Implemented
• Interfaces Don’t Ensure Properties
• Non Nullable Getters
• Insufficient Property Typehint
• Exceeding Typehint
• Nullable Without Check
• Fossilized Method
• Uninitialized Property
• Wrong Typed Property Default
• Hidden Nullable Typehint
• Missing Abstract Method
• Unused Trait In Class
• Cyclic References
• Double Object Assignation
• Mismatch Properties Typehints
• Different Argument Counts
• Could Be Parent Method
• Cancel Common Method
• Modified Typed Parameter
• Useless Typehint
• Could Be Stringable
• Final Private Methods
• Missing __isset() Method
• No Static Variable In A Method
• Inherited Property Type Must Match
• Abstract Class Constants
• Missing Visibility
• Unreachable Method
• Undefined Methods
• Unfinished Object
• Undefined Enumcase
• Cant Overwrite Final Constant
• No Constructor In Interface
• Lowered Access Level
• Used Once Trait
• Parent Is Not Static
• No Magic Method For Enum
• No Readonly Assignation In Global
• Could Set Property Default
• Wrong Type With Default
• Same Name For Property And Method
• Magic Method Returntype Is Restricted
• Could Inject Param
• Set Chaining Exception
• Useless Assignation Of Promoted Property
• Type Dodging
• Class Could Be Readonly
• Class Invasion
• Property Invasion
• Different Constructors
• Sidelined Method
• Rewrote Final Class Constant
• Useless Constant Overwrite
• Incompatible Property Between Class And Trait
• Static Call With Self

2.3.8.1. Specs

Short name	ClassReview
Available in	Entreprise Edition, Exakat Cloud

2.3.9. Classdependencies

This ruleset list all dependencies between classes : heritage and type.

Total : 1 analysis

• Collect Classes Dependencies

2.3.9.1. Specs

Short name	Classdependencies
Available in	Entreprise Edition, Exakat Cloud
Reports	report-classdependencies

2.3.10. Coding conventions

This ruleset centralizes all analysis related to coding conventions. Sometimes, those are easy to extract with static analysis, and so here they are. No all o them are available.

Total : 28 analysis

• No Plus One
• All Uppercase Variables
• Use With Fully Qualified Name
• Non-lowercase Keywords
• Echo Or Print
• Constant Comparison
• Close Tags
• One Letter Functions
• Wrong Class Name Case
• Bracketless Blocks
• Use const
• Unusual Case For PHP Functions
• Interpolation
• Empty Slots In Arrays
• Multiple Classes In One File
• Return With Parenthesis
• Should Be Single Quote
• Yoda Comparison
• Mixed Concat And Interpolation
• Order Of Declaration
• Heredoc Delimiter
• Mistaken Concatenation
• Don’t Be Too Manual
• Similar Integers
• Wrong Function Name Case
• Wrong Case Namespaces
• Wrong Typehinted Name
• Multiple Property Declaration On One Line

2.3.10.1. Specs

Short name	Coding Conventions
Available in	Entreprise Edition, Exakat Cloud

2.3.11. CompatibilityPHP53

This ruleset centralizes all analysis for the migration from PHP 5.2 to 5.3.

Total : 87 analysis

• Non Static Methods Called In A Static
• ext/dba
• Use Lower Case For Parent, Static And Self
• Break With 0
• Binary Glossary
• Malformed Octal
• Short Syntax For Arrays
• New Functions In PHP 5.4
• New Functions In PHP 5.5
• New Functions In PHP 5.6
• Multiple Definition Of The Same Argument
• Function Subscripting
• Closure May Use $this
• Switch With Too Many Default
• Ellipsis Usage
• Exponent Usage
• Dereferencing String And Arrays
• class
• Foreach With list()
• Use Const And Functions
• Constant Scalar Expressions
• __debugInfo() Usage
• Mixed Keys Arrays
• Const With Array
• Methodcall On New
• Hash Algorithms Incompatible With PHP 5.3
• Class Const With Array
• Variable Global
• Null On New
• isset() With Constant
• Anonymous Classes
• Unicode Escape Syntax
• New Functions In PHP 7.0
• PHP 7.0 New Classes
• PHP 7.0 New Interfaces
• Parenthesis As Parameter
• PHP5 Indirect Variable Expression
• Php 7 Indirect Expression
• Unicode Escape Partial
• Define With Array
• No List With String
• PHP7 Dirname
• Php7 Relaxed Keyword
• Cant Use Return Value In Write Context
• Php 7.1 New Class
• List With Keys
• List Short Syntax
• Use Nullable Type
• Multiple Exceptions Catch()
• No String With Append
• Group Use Declaration
• New Functions In PHP 7.3
• Cant Inherit Abstract Method
• Group Use Trailing Comma
• Child Class Removes Typehint
• No Substr Minus One
• Integer As Property
• No get_class() With Null
• Php 7.2 New Class
• List With Reference
• PHP 7.3 Last Empty Argument
• Flexible Heredoc
• Const Visibility Usage
• Hash Algorithms Incompatible With PHP 7.1-
• PHP 7.0 Scalar Typehints
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• Continue Is For Loop
• Trailing Comma In Calls
• Direct Call To __clone()
• No Return For Generator
• No Reference For Static Property
• Typed Property Usage
• Concat And Addition
• Unpacking Inside Arrays
• Generator Cannot Return
• Coalesce Equal
• Enum Usage
• $FILES full_path
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• Cant Overload Constants
• Constant Scalar Expression
• No Private Abstract Method In Trait
• Clone Constant

2.3.11.1. Specs

Short name	CompatibilityPHP53
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador

2.3.12. CompatibilityPHP54

This ruleset centralizes all analysis for the migration from PHP 5.3 to 5.4.

Total : 84 analysis

• Non Static Methods Called In A Static
• Use Lower Case For Parent, Static And Self
• Functions Removed In PHP 5.4
• Break With Non Integer
• Calltime Pass By Reference
• Malformed Octal
• New Functions In PHP 5.5
• New Functions In PHP 5.6
• Multiple Definition Of The Same Argument
• Switch With Too Many Default
• crypt() Without Salt
• Ellipsis Usage
• Exponent Usage
• Dereferencing String And Arrays
• class
• Foreach With list()
• Use Const And Functions
• Constant Scalar Expressions
• __debugInfo() Usage
• Mixed Keys Arrays
• Const With Array
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Class Const With Array
• Variable Global
• Null On New
• isset() With Constant
• Anonymous Classes
• Unicode Escape Syntax
• New Functions In PHP 7.0
• PHP 7.0 New Classes
• PHP 7.0 New Interfaces
• Parenthesis As Parameter
• PHP5 Indirect Variable Expression
• Php 7 Indirect Expression
• Unicode Escape Partial
• Define With Array
• No List With String
• PHP7 Dirname
• Php7 Relaxed Keyword
• Cant Use Return Value In Write Context
• Php 7.1 New Class
• List With Keys
• List Short Syntax
• Use Nullable Type
• Multiple Exceptions Catch()
• No String With Append
• Group Use Declaration
• New Functions In PHP 7.3
• Cant Inherit Abstract Method
• Group Use Trailing Comma
• Child Class Removes Typehint
• No Substr Minus One
• Integer As Property
• No get_class() With Null
• Php 7.2 New Class
• List With Reference
• PHP 7.3 Last Empty Argument
• Flexible Heredoc
• Const Visibility Usage
• Hash Algorithms Incompatible With PHP 7.1-
• PHP 7.0 Scalar Typehints
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• Continue Is For Loop
• Trailing Comma In Calls
• Direct Call To __clone()
• No Return For Generator
• No Reference For Static Property
• Typed Property Usage
• Concat And Addition
• Unpacking Inside Arrays
• Generator Cannot Return
• Coalesce Equal
• Enum Usage
• $FILES full_path
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• Cant Overload Constants
• Constant Scalar Expression
• No Private Abstract Method In Trait
• Clone Constant

2.3.12.1. Specs

Short name	CompatibilityPHP54
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador

2.3.13. CompatibilityPHP55

This ruleset centralizes all analysis for the migration from PHP 5.4 to 5.5.

Total : 77 analysis

• Non Static Methods Called In A Static
• ext/apc
• ext/mysql
• Functions Removed In PHP 5.5
• Malformed Octal
• New Functions In PHP 5.6
• Multiple Definition Of The Same Argument
• Switch With Too Many Default
• Ellipsis Usage
• Exponent Usage
• Use password_hash()
• Use Const And Functions
• Constant Scalar Expressions
• __debugInfo() Usage
• Const With Array
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Class Const With Array
• Variable Global
• Null On New
• isset() With Constant
• Anonymous Classes
• Unicode Escape Syntax
• New Functions In PHP 7.0
• PHP 7.0 New Classes
• PHP 7.0 New Interfaces
• Parenthesis As Parameter
• PHP5 Indirect Variable Expression
• Php 7 Indirect Expression
• Unicode Escape Partial
• Define With Array
• No List With String
• PHP7 Dirname
• Php7 Relaxed Keyword
• Php 7.1 New Class
• List With Keys
• List Short Syntax
• Use Nullable Type
• Multiple Exceptions Catch()
• No String With Append
• Group Use Declaration
• New Functions In PHP 7.3
• Cant Inherit Abstract Method
• Group Use Trailing Comma
• Child Class Removes Typehint
• No Substr Minus One
• Integer As Property
• No get_class() With Null
• Php 7.2 New Class
• List With Reference
• PHP 7.3 Last Empty Argument
• Flexible Heredoc
• Const Visibility Usage
• Hash Algorithms Incompatible With PHP 7.1-
• PHP 7.0 Scalar Typehints
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• Continue Is For Loop
• Trailing Comma In Calls
• Direct Call To __clone()
• No Return For Generator
• No Reference For Static Property
• Typed Property Usage
• Concat And Addition
• Unpacking Inside Arrays
• Generator Cannot Return
• Coalesce Equal
• Enum Usage
• $FILES full_path
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• Cant Overload Constants
• Constant Scalar Expression
• No Private Abstract Method In Trait
• Clone Constant

2.3.13.1. Specs

Short name	CompatibilityPHP55
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador

2.3.14. CompatibilityPHP56

This ruleset centralizes all analysis for the migration from PHP 5.5 to 5.6.

Total : 67 analysis

• Non Static Methods Called In A Static
• Malformed Octal
• $HTTP_RAW_POST_DATA Usage
• Multiple Definition Of The Same Argument
• Switch With Too Many Default
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Variable Global
• Null On New
• isset() With Constant
• Anonymous Classes
• Unicode Escape Syntax
• New Functions In PHP 7.0
• PHP 7.0 New Classes
• PHP 7.0 New Interfaces
• Parenthesis As Parameter
• PHP5 Indirect Variable Expression
• Php 7 Indirect Expression
• Unicode Escape Partial
• Define With Array
• No List With String
• PHP7 Dirname
• Php7 Relaxed Keyword
• Php 7.1 New Class
• List With Keys
• List Short Syntax
• Use Nullable Type
• Multiple Exceptions Catch()
• No String With Append
• Group Use Declaration
• New Functions In PHP 7.3
• Cant Inherit Abstract Method
• Group Use Trailing Comma
• Child Class Removes Typehint
• No Substr Minus One
• Integer As Property
• No get_class() With Null
• Php 7.2 New Class
• List With Reference
• PHP 7.3 Last Empty Argument
• Flexible Heredoc
• Const Visibility Usage
• Hash Algorithms Incompatible With PHP 7.1-
• PHP 7.0 Scalar Typehints
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• Continue Is For Loop
• Trailing Comma In Calls
• Direct Call To __clone()
• No Return For Generator
• No Reference For Static Property
• Typed Property Usage
• Concat And Addition
• Unpacking Inside Arrays
• Generator Cannot Return
• Coalesce Equal
• Php 8.0 Only TypeHints
• Enum Usage
• $FILES full_path
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• Cant Overload Constants
• Constant Scalar Expression
• No Private Abstract Method In Trait
• Clone Constant

2.3.14.1. Specs

Short name	CompatibilityPHP56
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador

2.3.15. CompatibilityPHP70

This ruleset centralizes all analysis for the migration from PHP 5.6 to 7.0.

Total : 58 analysis

• mcrypt_create_iv() With Default Values
• Magic Visibility
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Reserved Keywords In PHP 7
• Break Outside Loop
• PHP 7.0 Removed Functions
• Empty List
• List With Appends
• Simple Global Variable
• Foreach Don’t Change Pointer
• Php 7 Indirect Expression
• PHP 7.0 Removed Directives
• preg_replace With Option e
• Setlocale() Uses Constants
• Usort Sorting In PHP 7.0
• Hexadecimal In String
• func_get_arg() Modified
• set_exception_handler() Warning
• Php 7.1 New Class
• List With Keys
• List Short Syntax
• Use Nullable Type
• Multiple Exceptions Catch()
• New Functions In PHP 7.3
• Cant Inherit Abstract Method
• Group Use Trailing Comma
• Child Class Removes Typehint
• No Substr Minus One
• Integer As Property
• No get_class() With Null
• Php 7.2 New Class
• List With Reference
• PHP 7.3 Last Empty Argument
• Flexible Heredoc
• Const Visibility Usage
• Hash Algorithms Incompatible With PHP 7.1-
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• Continue Is For Loop
• Trailing Comma In Calls
• No Reference For Static Property
• Typed Property Usage
• Concat And Addition
• Unpacking Inside Arrays
• Coalesce Equal
• Php 8.0 Only TypeHints
• Union Typehint
• Enum Usage
• $FILES full_path
• Final Constant
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• Cant Overload Constants
• No Private Abstract Method In Trait
• Clone Constant

2.3.15.1. Specs

Short name	CompatibilityPHP70
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador

2.3.16. CompatibilityPHP71

This ruleset centralizes all analysis for the migration from PHP 7.0 to 7.1.

Total : 48 analysis

• ext/mcrypt
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Avoid Substr() One
• PHP 7.0 Removed Functions
• PHP 7.0 Removed Directives
• preg_replace With Option e
• Hexadecimal In String
• Use random_int()
• Using $this Outside A Class
• PHP 7.1 Removed Directives
• New Functions In PHP 7.1
• PHP 7.1 Microseconds
• Invalid Octal In String
• New Functions In PHP 7.3
• Cant Inherit Abstract Method
• Group Use Trailing Comma
• Child Class Removes Typehint
• Integer As Property
• No get_class() With Null
• Php 7.2 New Class
• List With Reference
• PHP 7.3 Last Empty Argument
• Flexible Heredoc
• PHP 7.2 Scalar Typehints
• Continue Is For Loop
• Trailing Comma In Calls
• No Reference For Static Property
• Typed Property Usage
• String Initialization
• Concat And Addition
• Unpacking Inside Arrays
• Coalesce Equal
• Php 8.0 Only TypeHints
• Union Typehint
• Signature Trailing Comma
• Enum Usage
• $FILES full_path
• Final Constant
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• Cant Overload Constants
• array_merge With Ellipsis
• No Private Abstract Method In Trait
• Clone Constant
• No Keyword In Namespace

2.3.16.1. Specs

Short name	CompatibilityPHP71
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador

2.3.17. CompatibilityPHP72

This ruleset centralizes all analysis for the migration from PHP 7.1 to 7.2.

Total : 41 analysis

• Undefined Constants
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• preg_replace With Option e
• PHP 7.2 Deprecations
• PHP 7.2 Removed Functions
• New Functions In PHP 7.2
• New Constants In PHP 7.2
• New Functions In PHP 7.3
• PHP 7.2 Object Keyword
• No get_class() With Null
• Php 7.2 New Class
• Avoid set_error_handler $context Argument
• Hash Will Use Objects
• Can’t Count Non-Countable
• List With Reference
• PHP 7.3 Last Empty Argument
• Flexible Heredoc
• Continue Is For Loop
• Trailing Comma In Calls
• No Reference For Static Property
• Typed Property Usage
• Concat And Addition
• Unpacking Inside Arrays
• Coalesce Equal
• Php 8.0 Only TypeHints
• Union Typehint
• Signature Trailing Comma
• Throw Was An Expression
• Enum Usage
• $FILES full_path
• Final Constant
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• Cant Overload Constants
• array_merge With Ellipsis
• No Private Abstract Method In Trait
• Clone Constant
• No Keyword In Namespace

2.3.17.1. Specs

Short name	CompatibilityPHP72
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador

2.3.18. CompatibilityPHP73

This ruleset centralizes all analysis for the migration from PHP 7.2 to 7.3.

Total : 32 analysis

• New Functions In PHP 7.3
• Unknown Pcre2 Option
• Nonexistent Variable In compact()
• Case Insensitive Constants
• Assert Function Is Reserved
• Continue Is For Loop
• PHP 7.3 Removed Functions
• Don’t Read And Write In One Expression
• Typed Property Usage
• Concat And Addition
• Unpacking Inside Arrays
• Numeric Literal Separator
• PHP 74 New Directives
• Coalesce Equal
• Php 8.0 Only TypeHints
• Union Typehint
• Signature Trailing Comma
• Throw Was An Expression
• Enum Usage
• $FILES full_path
• Final Constant
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• Nested Attributes
• New Initializers
• Cant Overload Constants
• array_merge With Ellipsis
• No Private Abstract Method In Trait
• Clone Constant
• No Keyword In Namespace

2.3.18.1. Specs

Short name	CompatibilityPHP73
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador

2.3.19. CompatibilityPHP74

This ruleset centralizes all analysis for the migration from PHP 7.3 to 7.4.

Total : 43 analysis

• Detect Current Class
• Don’t Read And Write In One Expression
• idn_to_ascii() New Default
• Concat And Addition
• New Functions In PHP 7.4
• curl_version() Has No Argument
• Php 7.4 New Classes
• New Constants In PHP 7.4
• PHP 7.4 Removed Functions
• mb_strrpos() Third Argument
• array_key_exists() Works On Arrays
• Reflection Export() Is Deprecated
• Unbinding Closures
• Scalar Are Not Arrays
• PHP 7.4 Reserved Keyword
• No More Curly Arrays
• PHP 7.4 Constant Deprecation
• PHP 7.4 Removed Directives
• Hash Algorithms Incompatible With PHP 7.4-
• openssl_random_pseudo_byte() Second Argument
• Nested Ternary Without Parenthesis
• Filter To add_slashes()
• Php 8.0 Variable Syntax Tweaks
• New Functions In PHP 8.0
• Php 8.0 Only TypeHints
• Union Typehint
• Signature Trailing Comma
• Throw Was An Expression
• Uses PHP 8 Match()
• Avoid get_object_vars()
• Enum Usage
• $FILES full_path
• Final Constant
• Never Typehint Usage
• PHP 8.1 Typehints
• PHP 8.0 Typehints
• Named Parameter Usage
• Nested Attributes
• New Initializers
• Cant Overload Constants
• No Private Abstract Method In Trait
• Clone Constant
• No Keyword In Namespace

2.3.19.1. Specs

Short name	CompatibilityPHP74
Available in	Entreprise Edition, Community Edition, Exakat Cloud
Reports	Diplomat, Ambassador

2.3.20. CompatibilityPHP80

This ruleset centralizes all analysis for the migration from PHP 7.4 to 8.0.

Total : 33 analysis

• Old Style Constructor
• Wrong Optional Parameter
• PHP 8.0 Removed Functions
• PHP 8.0 Removed Constants
• Concat And Addition
• PHP 7.4 Removed Directives
• Cast Unset Usage
• $php_errormsg Usage
• Mismatch Parameter Name
• PHP 8.0 Removed Directives
• Unsupported Types With Operators
• Negative Start Index In Array
• Nullable With Constant
• PHP 8.0 Resources Turned Into Objects
• PHP 80 Named Parameter Variadic
• Final Private Methods
• Array_Map() Passes By Value
• Reserved Match Keyword
• Avoid get_object_vars()
• Enum Usage
• Final Constant
• Never Typehint Usage
• PHP 8.1 Typehints
• Mixed Keyword
• Nested Attributes
• New Initializers
• Cant Overload Constants
• String Int Comparison
• PHP 8.1 Resources Turned Into Objects
• Clone Constant
• Named Argument And Variadic
• Multiple Type Cases In Switch
• No Max On Empty Array

2.3.20.1. Specs

Short name	CompatibilityPHP80
Available in	Entreprise Edition, Community Edition, Exakat Cloud
Reports	Diplomat, Ambassador

2.3.21. CompatibilityPHP81

This ruleset centralizes all analysis for the migration from PHP 8.0 to 8.1.

Total : 21 analysis

• PHP 7.4 Removed Directives
• PHP 8.0 Removed Directives
• Restrict Global Usage
• Inherited Static Variable
• PHP 8.1 Removed Directives
• Openssl Encrypt Default Algorithm Change
• PHP 8.1 Removed Constants
• PHP Native Class Type Compatibility
• No Null For Native PHP Functions
• Calling Static Trait Method
• No Referenced Void
• PHP Native Interfaces and Return Type
• New Functions In PHP 8.1
• PHP 8.1 Removed Functions
• Never Keyword
• Mixed Keyword
• False To Array Conversion
• Float Conversion As Index
• Cannot Call Static Trait Method Directly
• version_compare Operator
• Named Argument And Variadic

2.3.21.1. Specs

Short name	CompatibilityPHP81
Available in	Entreprise Edition, Community Edition, Exakat Cloud
Reports	Diplomat, Ambassador

2.3.22. CompatibilityPHP82

This ruleset centralizes all analysis for the migration from PHP 8.1 to 8.2.

Total : 13 analysis

• Undefined Properties
• False To Array Conversion
• Float Conversion As Index
• Cannot Call Static Trait Method Directly
• Deprecated Callable
• Checks Property Existence
• Extends stdClass
• version_compare Operator
• Dollar Curly Interpolation Is Deprecated
• Utf8 Encode And Decode Are Deprecated
• New Functions In PHP 8.2
• Deprecated Mb_string Encodings
• Constants In Traits

2.3.22.1. Specs

Short name	CompatibilityPHP82
Available in	Entreprise Edition, Community Edition, Exakat Cloud
Reports	Diplomat, Ambassador

2.3.23. CompatibilityPHP83

This ruleset centralizes all analysis for the migration from PHP 8.2 to 8.3.

Total : 3 analysis

• New Functions In PHP 8.3
• Php 8.3 New Classes
• Constants In Traits

2.3.23.1. Specs

Short name	CompatibilityPHP83
Available in	Entreprise Edition, Community Edition, Exakat Cloud
Reports	Diplomat, Ambassador

2.3.24. Dead code

This ruleset focuses on dead code : expressions or even structures that are written, valid but never used.

Total : 31 analysis

• Empty Traits
• Unused Use
• Unused Private Properties
• Unused Private Methods
• Unused Functions
• Unused Constants
• Unreachable Code
• Empty Instructions
• Unused Methods
• Unused Classes
• Locally Unused Property
• Unresolved Instanceof
• Unthrown Exception
• Unused Label
• Unused Interfaces
• Unresolved Catch
• Unset In Foreach
• Empty Namespace
• Can’t Extend Final
• Exception Order
• Undefined Caught Exceptions
• Unused Protected Methods
• Unused Returned Value
• Rethrown Exceptions
• Unused Inherited Variable In Closure
• Self Using Trait
• Useless Type Check
• Unreachable Method
• Identical Elseif
• Use Variable Created Inside Loop
• Unused Enumeration Case

2.3.24.1. Specs

Short name	Dead code
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador, Rector

2.3.25. Deprecated

This ruleset centralizes all analysis that are marked as ‘deprecated feature’ for some versions.

For example :

• Php/NestedTernaryWithoutParenthesis : deprecated PHP 7.4, removed PHP 8.0
• Php/NoMoreCurlyArrays : deprecated PHP 7.4, removed PHP 8.0
• Classes/NoParent : deprecated PHP 7.4, removed PHP 8.0
• Php/Php74RemovedDirective : deprecated PHP 7.4, removed PHP 8.0
• Php/ArrayKeyExistsWithObjects : deprecated PHP 7.4, removed PHP 8.0

Total : 8 analysis

• Is An Extension Function
• Case Insensitive Constants
• Assert Function Is Reserved
• Nested Ternary Without Parenthesis
• No Null For Native PHP Functions
• Calling Static Trait Method
• No Referenced Void
• PHP Native Interfaces and Return Type

2.3.25.1. Specs

Short name	Deprecated
Available in	Entreprise Edition, Exakat Cloud

2.3.26. Dump

This ruleset collects various names given to different structures in the code : for example, variables, classes, methods, constants, etc. It also collects networks of data, like file inclusion or external dependencies.

Total : 53 analysis

• Caught Exceptions
• Environment Variable Usage
• Indentation Levels
• Cyclomatic Complexity
• Collect Literals
• Collect Parameter Counts
• Collect Local Variable Counts
• Dereferencing Levels
• Foreach() Favorite
• Collect Mbstring Encodings
• Typehinting Stats
• inclusions
• Typehint Order
• New Order
• Collect Class Interface Counts
• Collect Class Depth
• Collect Class Children Count
• Constant Order
• Collect Property Counts
• Collect Method Counts
• Collect Class Constant Counts
• Call Order
• Collect Parameter Names
• Fossilized Methods List
• Collect Static Class Changes
• Collect Variables
• Collect Global Variables
• Collect Readability
• Collect Definitions Statistics
• Collect Class Traits Counts
• Collect Native Calls Per Expressions
• Collect Files Dependencies
• Collect Atom Counts
• Collect Classes Dependencies
• Collect Php Structures
• Collect Use Counts
• Collect Block Size
• Collect Dependency Extension
• Public Reach To Private Methods
• Could Be A Constant
• Collect Stub Structures
• Collect Vendor Structures
• Collect Calls
• Collect SetLocale
• Argument Counts Per Calls
• Collect Throw Calls
• Collect Compared Literals
• Comparison On Different Types
• Collects Names
• Class Injection Count
• Collect Property Usage
• Collect Structures
• Collect Catch Calls

2.3.26.1. Specs

Short name	Dump
Available in	Entreprise Edition, Community Edition, Exakat Cloud
Reports

2.3.27. First

A set of rules that are always run at the beginning of a project, because they are frequently used. It is mostly used internally.

Total : 3 analysis

• Variable Anf Property Typehint
• Variable Is A Local Constant
• Add Return Typehint

2.3.27.1. Specs

Short name	First
Available in	Entreprise Edition, Community Edition, Exakat Cloud

2.3.28. Inventory

This ruleset collect all free-text names used in the code : variables, global, arguments, methods, classes, etc…

For example :

• Classes/MagicProperties
• Constants/Constantnames : names of global Constants
• Php/CookieVariables : names of cookies
• Php/DateFormats : date formats
• Php/IncomingVariables : names of the GET/POST arguments
• Php/SessionVariables : names of the session variables
• Type/ArrayIndex : indices used in arrays
• Type/Binary : binary values
• Type/CharString : string values
• Type/Email : hardcoded emails
• Type/GPCIndex : GET, POST and COOKIE names
• Type/Hexadecimal : hexadecimal values
• Type/HexadecimalString : hexadecimal values
• Type/HttpHeader : HTTP headers
• Type/HttpStatus : HTTP status
• Type/Md5String : MD5 string
• Type/MimeType : Mime types
• Type/OctalInString : octal values
• Type/OpensslCipher : names of OpenSSL cipher
• Type/Pack : pack() formats
• Type/Pcre : regex strings
• Type/Ports : server ports mentioned
• Type/Printf : printf() and co formatting strings
• Type/Regex : regex strings
• Type/SpecialIntegers : integer, with special values
• Type/Sql : SQL strings
• Type/UdpDomains : UDP domains
• Type/UnicodeBlock : Unicode blocks
• Type/Url : URL

Total : 36 analysis

• Constants Names
• Binary Glossary
• Email Addresses
• Heredoc Delimiter Glossary
• Hexadecimal Glossary
• Http Headers
• HTTP Status Code
• Md5 Strings
• Mime Types
• Perl Regex
• Internet Ports
• Special Integers
• All strings
• Unicode Blocks
• URL List
• Hexadecimal In String
• Invalid Octal In String
• SQL queries
• Regex Inventory
• Switch Fallthrough
• Session Variables
• Incoming Variables
• Cookies Variables
• Date Formats
• Type Array Index
• Incoming Variable Index Inventory
• Pack Format Inventory
• Printf Format Inventory
• Magic Properties
• Internet Domains
• OpenSSL Ciphers Used
• Promoted Properties
• Extends stdClass
• Incoming Date Formats
• Ip
• Init Then Update

2.3.28.1. Specs

Short name	Inventory
Available in	Entreprise Edition, Exakat Cloud
Reports

2.3.29. IsExt

This is automatically filled, based on the documentation’s isExt attribute.

Total : 36 analysis

• Non Static Methods Called In A Static
• Static Methods Called From Object
• Undefined Constants
• Instantiating Abstract Class
• Undefined Classes
• Defined Class Constants
• Undefined Class Constants
• Undefined Functions
• Uses Default Values
• Wrong Number Of Arguments
• Unresolved Use
• Access Protected Structures
• Unusual Case For PHP Functions
• Undefined Interfaces
• Is Interface Method
• Already Parents Interface
• Can’t Extend Final
• Undefined Trait
• Raised Access Level
• Only Variable Passed By Reference
• Too Many Native Calls
• Redefined Private Property
• PHP Overridden Function
• Php Native Reference Variable
• Interfaces Is Not Implemented
• Make Functioncall With Reference
• Dont Collect Void
• Array_Map() Passes By Value
• Only Container For Reference
• Wrong Argument Name With PHP Function
• Undefined Enumcase
• Cant Overwrite Final Constant
• Lowered Access Level
• Cant Overwrite Final Method
• Overload Existing Names
• Method Property Confusion

2.3.29.1. Specs

Short name	IsExt
Available in	Entreprise Edition, Exakat Cloud

2.3.30. IsPHP

This is automatically filled, based on the documentation’s isPHP attribute.

Total : 36 analysis

• Non Static Methods Called In A Static
• Static Methods Called From Object
• Undefined Constants
• Instantiating Abstract Class
• Undefined Classes
• Defined Class Constants
• Undefined Class Constants
• Undefined Functions
• Uses Default Values
• Wrong Number Of Arguments
• Unresolved Use
• Access Protected Structures
• Unusual Case For PHP Functions
• Undefined Interfaces
• Is Interface Method
• Already Parents Interface
• Can’t Extend Final
• Undefined Trait
• Raised Access Level
• Only Variable Passed By Reference
• Too Many Native Calls
• Redefined Private Property
• PHP Overridden Function
• Php Native Reference Variable
• Interfaces Is Not Implemented
• Make Functioncall With Reference
• Dont Collect Void
• Array_Map() Passes By Value
• Only Container For Reference
• Wrong Argument Name With PHP Function
• Undefined Enumcase
• Cant Overwrite Final Constant
• Lowered Access Level
• Cant Overwrite Final Method
• Overload Existing Names
• Method Property Confusion

2.3.30.1. Specs

Short name	IsPHP
Available in	Entreprise Edition, Exakat Cloud

2.3.31. IsStub

This is automatically filled, based on the documentation’s isStub attribute.

Total : 34 analysis

• Non Static Methods Called In A Static
• Static Methods Called From Object
• Undefined Constants
• Instantiating Abstract Class
• Undefined Classes
• Defined Class Constants
• Undefined Class Constants
• Undefined Functions
• Uses Default Values
• Wrong Number Of Arguments
• Unresolved Use
• Access Protected Structures
• Undefined Interfaces
• Is Interface Method
• Already Parents Interface
• Can’t Extend Final
• Undefined Trait
• Raised Access Level
• Only Variable Passed By Reference
• Redefined Private Property
• PHP Overridden Function
• Php Native Reference Variable
• Interfaces Is Not Implemented
• Make Functioncall With Reference
• Dont Collect Void
• Array_Map() Passes By Value
• Only Container For Reference
• Wrong Argument Name With PHP Function
• Undefined Enumcase
• Cant Overwrite Final Constant
• Lowered Access Level
• Cant Overwrite Final Method
• Overload Existing Names
• Method Property Confusion

2.3.31.1. Specs

Short name	IsStub
Available in	Entreprise Edition, Exakat Cloud

2.3.32. LintButWontExec

This ruleset focuses on PHP code that lint (php -l), but that will not run. As such, this ruleset tries to go further than PHP, by connecting files, just like during execution.

Total : 46 analysis

• Final Class Usage
• Final Methods Usage
• $this Belongs To Classes Or Traits
• Classes Mutually Extending Each Other
• Undefined Class Constants
• Must Return Methods
• Undefined Interfaces
• No Self Referencing Constant
• Using $this Outside A Class
• Undefined Trait
• Raised Access Level
• self, parent, static Outside Class
• Implemented Methods Must Be Public
• No Magic Method With Array
• Method Signature Must Be Compatible
• Mismatch Type And Default
• Can’t Throw Throwable
• Abstract Or Implements
• Incompatible Signature Methods
• Undefined Insteadof
• Method Collision Traits
• Only Variable For Reference
• Repeated Interface
• Avoid Self In Interface
• Useless Method Alias
• Typehint Must Be Returned
• Clone With Non-Object
• Trait Not Found
• Wrong Type Returned
• Interfaces Is Not Implemented
• Can’t Implement Traversable
• Wrong Typed Property Default
• Mismatch Properties Typehints
• Could Be Stringable
• Only Container For Reference
• Inherited Property Type Must Match
• Duplicate Named Parameter
• PHP Native Interfaces and Return Type
• False To Array Conversion
• Deprecated Callable
• Cant Overload Constants
• Cant Overwrite Final Constant
• Implicit Conversion To Int
• No Magic Method For Enum
• Wrong Type With Default
• Clone Constant

2.3.32.1. Specs

Short name	LintButWontExec
Available in	Entreprise Edition, Exakat Cloud

2.3.33. NoDoc

Ruleset with analysis which are not published in the docs.

Total : 36 analysis

• Php Native Reference Variable
• Create Compact Variables
• Propagate Constants
• Overwritten Properties
• Overwritten Methods
• Overwritten Constant
• Set Clone Link
• Create Magic Property
• Set Parent Definition
• Make Class Method Definition
• Create Default Values
• Set class_alias() Definition
• Make Class Constant Definition
• Set Class Remote Definition With Injection
• Solve Trait Methods
• Follow Closure Definition
• Set Class Remote Definition With Return Typehint
• Set Class Remote Definition With Local New
• Set Class Remote Definition With Typehint
• Set Class Remote Definition With Global
• Set Class Remote Definition With Parenthesis
• Set Class Property Definition With Typehint
• Set Array Class Definition
• Set Class Method Remote Definition
• Make Functioncall With Reference
• Propagate Calls
• Create Foreach Default
• Extended Typehints
• Php Ext Stub Property And Method
• Variable Anf Property Typehint
• Is Stub Structure
• Is PHP Structure
• Is Extension Structure
• Add Return Typehint
• Create Magic Method
• Make All Statics

2.3.33.1. Specs

Short name	NoDoc
Available in	Entreprise Edition, Exakat Cloud

2.3.34. One Liners

This ruleset focuses on reporting one liners, which makes using an IDE had.

Total : 5 analysis

• Coalesce
• Use Arrow Functions
• Throw Was An Expression
• Use NullSafe Operator
• Short Ternary

2.3.34.1. Specs

Short name	OneLiners
Available in
Reports

2.3.35. PHP recommendations

This ruleset is collected from the warnings and notes that are available in the PHP manual. For example, return do not require parenthesis.

Total : 0 analysis

2.3.35.1. Specs

Short name	Php-recommendations
Available in	Entreprise Edition, Exakat Cloud

2.3.36. Performances

This ruleset focuses on performances issues : anything that slows the code’s execution.

Total : 58 analysis

• Eval() Usage
• For Using Functioncall
• @ Operator
• Nested Loops
• While(List() = Each())
• Unpreprocessed Values
• Avoid array_unique()
• Echo With Concat
• Slow Functions
• No array_merge() In Loops
• Could Use Short Assignation
• Pre-increment
• Avoid Substr() One
• Global Inside Loop
• Joining file()
• Simplify Regex
• Make One Call With Array
• No Count With 0
• Use ::Class Operator
• time() Vs strtotime()
• Getting Last Element
• Avoid array_push()
• Should Use Function
• Fetch One Row Format
• Avoid glob() Usage
• Avoid Large Array Assignation
• Should Use array_column()
• Avoid Concat In Loop
• Use pathinfo() Arguments
• Simple Switch And Match
• Substring First
• Use PHP7 Encapsed Strings
• Slice Arrays First
• Double array_flip()
• Processing Collector
• Do In Base
• Cache Variable Outside Loop
• Use The Blind Var
• Closure Could Be A Callback
• fputcsv() In Loops
• Isset() On The Whole Array
• array_key_exists() Speedup
• Autoappend
• Make Magic Concrete
• Regex On Arrays
• Always Use Function With array_key_exists()
• No mb_substr In Loop
• Optimize Explode()
• Scope Resolution Operator
• Static Call May Be Truly Static
• Simplify Foreach
• Too Many Extractions
• Skip Empty Array
• Ellipsis Merge
• Pre-Calculate Use
• Substr() In Loops
• Should Cache Local
• Recalled Condition

2.3.36.1. Specs

Short name	Performances
Available in	Entreprise Edition, Exakat Cloud
Reports

2.3.37. Preferences

This ruleset identify code with multiple forms, and report when one is more frequent than the others. Echo vs print, shell_exec() vs ``, etc.

Total : 38 analysis

• True False Inconsistant Case
• Echo Or Print
• Constant Comparison
• Die Exit Consistence
• Array() / [ ] Consistence
• $GLOBALS Or global
• Unset() Or (unset)
• Close Tags Consistency
• One Expression Brackets Consistency
• New On Functioncall Or Identifier
• New Line Style
• Regex Delimiter
• Empty Final Element
• Difference Consistence
• Concatenation Interpolation Consistence
• Heredoc Delimiter
• strict_types Preference
• Declare strict_types Usage
• Encoding Usage
• Ticks Usage
• Logical Operators Favorite
• Shell Favorite
• Properties Declaration Consistence
• Strict Or Relaxed Comparison
• Comparisons Orientation
• Const Or Define Preference
• Constant Case Preference
• Caught Variable
• Not Or Tilde
• Null Type Favorite
• String Interpolation Favorite
• Constant : With Or Without Use
• If Then Return Favorite
• Empty Array Detection
• Strict In_Array() Preference
• date() versus DateTime Preference
• Mono Or Multibytes Favorite
• Short Or Complete Comparison

2.3.37.1. Specs

Short name	Preferences
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador, Diplomat

2.3.38. Rector

RectorPHP is a reconstructor tool. It applies modifications in the PHP code automatically. Exakat finds results which may be automatically updated with rector.

Total : 14 analysis

• Adding Zero
• Multiple Index Definition
• For Using Functioncall
• Multiply By One
• Multiples Identical Case
• Preprocessable
• Implied If
• Else If Versus Elseif
• Could Use Short Assignation
• Should Typecast
• No Choice
• Never Called Parameter
• Closure Could Be A Callback
• Is_A() With String

2.3.38.1. Specs

Short name	Rector
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador, Rector

2.3.39. Security

This ruleset focuses on code security.

Total : 47 analysis

• Eval() Usage
• Phpinfo
• var_dump()… Usage
• Hardcoded Passwords
• Direct Injection
• Avoid sleep()/usleep()
• parse_str() Warning
• Avoid Those Hash Functions
• No Hardcoded Port
• Should Use Prepared Statement
• No Hardcoded Ip
• Compare Hash
• preg_replace With Option e
• eval() Without Try
• Register Globals
• Safe Curl Options
• Use random_int()
• No Hardcoded Hash
• Random Without Try
• Indirect Injection
• Unserialize Second Arg
• Don’t Echo Error
• Should Use session_regenerateid()
• Encoded Simple Letters
• Set Cookie Safe Arguments
• No Return Or Throw In Finally
• Mkdir Default
• Switch Fallthrough
• Upload Filename Injection
• Always Anchor Regex
• Session Lazy Write
• Sqlite3 Requires Single Quotes
• No Net For Xml Load
• Dynamic Library Loading
• Configure Extract
• move_uploaded_file Instead Of copy
• filter_input() As A Source
• Safe HTTP Headers
• Insecure Integer Validation
• Minus One On Error
• No ENT_IGNORE
• No Weak SSL Crypto
• Keep Files Access Restricted
• Check Crypto Key Length
• Incompatible Types With Incoming Values
• Filter Not Raw
• Unvalidated Data Cached In Session

2.3.39.1. Specs

Short name	Security
Available in	Entreprise Edition, Exakat Cloud
Reports	Ambassador, Owasp

2.3.40. Semantics

This ruleset focuses on human interpretation of the code. It reviews special values of literals, and named structures.

Total : 34 analysis

• Ambiguous Array Index
• Constants With Strange Names
• Function Called With Other Case Than Defined
• Variables With One Letter Names
• One Letter Functions
• Property Variable Confusion
• PHP Keywords As Names
• Strange Names In Classes
• Class Function Confusion
• Strange Name For Variables
• Strange Name For Constants
• Ambiguous Static
• Ambiguous Visibilities
• Could Be Constant
• Similar Integers
• Duplicate Literal
• Parameter Hiding
• Weird Array Index
• Wrong Typehinted Name
• Semantic Typing
• Fn Argument Variable Confusion
• Prefix And Suffixes With Typehint
• Static Global Variables Confusion
• Possible Alias Confusion
• Mismatch Parameter And Type
• Wrong Locale
• Overload Existing Names
• Same Name For Property And Method
• Ambiguous Types With Variables
• Method Property Confusion
• Too Many Chained Calls
• No Variable Needed
• No Initial S In Variable Names
• Array Access On Literal Array

2.3.40.1. Specs

Short name	Semantics
Available in	Entreprise Edition, Exakat Cloud

2.3.41. Suggestions

This ruleset focuses on possibly better syntax than the one currently used. Those may be code modernization, alternatives, more efficient solutions, or simply left over from older versions.

Total : 122 analysis

• While(List() = Each())
• Function Subscripting, Old Style
• ** For Exponent
• Too Many Children
• Empty With Expression
• list() May Omit Variables
• Unreachable Code
• Overwritten Exceptions
• Return With Parenthesis
• Strict Comparison With Booleans
• Logical Should Use Symbolic Operators
• Could Use self
• Preprocess Arrays
• Repeated print()
• Echo With Concat
• No Parenthesis For Language Construct
• Unused Interfaces
• Avoid Substr() One
• PHP7 Dirname
• preg_match_all() Flag
• Already Parents Interface
• Could Use __DIR__
• Should Use Coalesce
• Could Use Alias
• Drop Else After Return
• Unitialized Properties
• Should Use array_column()
• Randomly Sorted Arrays
• No Return Used
• Could Make A Function
• Use session_start() Options
• Mismatched Ternary Alternatives
• Isset Multiple Arguments
• Should Use Foreach
• Substring First
• Use List With Foreach
• Slice Arrays First
• Parent First
• Never Called Parameter
• Should Use array_filter()
• Reuse Existing Variable
• Should Use Math
• Could Use Compact
• Could Use array_fill_keys
• Use Count Recursive
• Too Many Parameters
• Should Preprocess Chr()
• Possible Increment
• Drop Substr Last Arg
• One If Is Sufficient
• Could Use array_unique
• Nonexistent Variable In compact()
• Should Use Operator
• Could Be Static Closure
• Use is_countable
• Detect Current Class
• Avoid Real
• Use json_decode() Options
• Closure Could Be A Callback
• Add Default Value
• Named Regex
• Could Use Try
• Use Basename Suffix
• Don’t Loop On Yield
• Should Have Destructor
• Directly Use File
• Isset() On The Whole Array
• Multiple Usage Of Same Trait
• array_key_exists() Speedup
• Should Deep Clone
• Multiple Unset()
• Implode One Arg
• Useless Default Argument
• No Need For get_class()
• Substr To Trim
• Complex Dynamic Names
• Use DateTimeImmutable Class
• Set Aside Code
• Use Array Functions
• Use The Case Value
• Should Use Url Query Functions
• Too Long A Block
• Static Global Variables Confusion
• Possible Alias Confusion
• Too Much Indented
• Avoid Compare Typed Boolean
• Abstract Away
• Large Try Block
• Cancel Common Method
• Useless Typehint
• Could Use Promoted Properties
• Use get_debug_type()
• Use str_contains()
• Unused Exception Variable
• Searching For Multiple Keys
• Long Preparation For Throw
• No Static Variable In A Method
• Declare Static Once
• Could Use Match
• Could Use Nullable Object Operator
• Argument Could Be Iterable
• Multiple Similar Calls
• Could Be Ternary
• Use File Append
• Could Use Existing Constant
• Could Use array_sum()
• Too Many Stringed Elseif
• Could Be Spaceship
• Throw Raw Exceptions
• Lowered Access Level
• Could Set Property Default
• Could Be Enumeration
• Magic Method Returntype Is Restricted
• Could Be Abstract Method
• Could Use Class Operator
• Could Use Namespace Magic Constant
• Json_encode() Without Exceptions
• Class Could Be Readonly
• Use str_ends_with()
• Use str_starts_with()
• Blind Variable Used Beyond Loop
• Could Be array_combine()

2.3.41.1. Specs

Short name	Suggestions
Available in	Entreprise Edition, Exakat Cloud
Reports	Diplomat, Ambassador

2.3.42. Surprising

PHP is full of exceptional situations where something doesn’t work as expected, or as we thought would be expected. Then, exakat gets a rule for that, and it is listed here. Watch out, unusual beasts are hidden in this list : the most interesting is possibly the docs.

Total : 1 analysis

• Sequences In For

2.3.42.1. Specs

Short name	Surprising
Available in	Entreprise Edition, Exakat Cloud
Reports	Text

2.3.43. Top10

This ruleset is a selection of analysis, with the top 10 most common. Actually, it is a little larger than that.

Total : 28 analysis

• For Using Functioncall
• Strpos()-like Comparison
• Used Once Variables
• Dangling Array References
• Queries In Loops
• Use const
• Logical Should Use Symbolic Operators
• Repeated print()
• Objects Don’t Need References
• No Real Comparison
• No array_merge() In Loops
• Unresolved Instanceof
• Avoid Substr() One
• No Choice
• Failed Substr Comparison
• Unitialized Properties
• Could Use str_repeat()
• Logical Operators Favorite
• Avoid Concat In Loop
• Next Month Trap
• Substring First
• Use List With Foreach
• Don’t Unset Properties
• Avoid Real
• Should Yield With Key
• fputcsv() In Loops
• Possible Missing Subpattern
• Concat And Addition

2.3.43.1. Specs

Short name	Top10
Available in	Entreprise Edition, Exakat Cloud
Reports	Top10

2.3.44. Typechecks

This ruleset focuses on typehinting. Missing typehints, or inconsistent typehint, are reported.

Total : 28 analysis

• Argument Should Be Typehinted
• Useless Interfaces
• No Class As Typehint
• Mismatched Default Arguments
• Mismatched Typehint
• Child Class Removes Typehint
• Not A Scalar Type
• Mismatch Type And Default
• Insufficient Typehint
• Bad Typehint Relay
• Wrong Type With Call
• Missing Typehint
• Fossilized Method
• Could Be String
• Could Be Void
• Could Be Callable
• Wrong Argument Type
• Type Could Be Integer
• Could Be Null
• Typehint Could Be Iterable
• Could Be Float
• Could Be Self
• Could Be Parent
• Could Be Generator
• Argument Could Be Iterable
• Type Could Be Never
• Typehints/CouldBeResource
• Possible TypeError

2.3.44.1. Specs

Short name	Typechecks
Available in	Entreprise Edition, Exakat Cloud

2.3.45. php-cs-fixable

php-cs-fixer is a tool to automatically fix PHP Coding Standards issues. It applies modifications in the PHP code automatically. Exakat finds results which may be automatically updated with PHP-CS-FIXER.

Total : 0 analysis

2.3.45.1. Specs

Short name	php-cs-fixer
Available in	Entreprise Edition, Exakat Cloud
Reports	Phpcsfixer