2. Rulesets

2.1. Introduction

Exakat provides unique 1584 rules to detect BUGS, CODE SMELLS, SECURITY OR QUALITY ISSUES in your PHP code.

For more smoothly usage, the ruleset concept allow you to run a set of rules based on a decidated focus. Beawre that a Ruleset run all the associated rules and any needed dependencies.

Rulesets are configured with the -T option, when running exakat in command line. For example :

php exakat.phar analyze -p <project> -T <Security>

2.2. Summary

Here is the list of the current rulesets supported by Exakat Engine.

Name Description
All All is a dummy ruleset, which includes all the rules.
Analyze Check for common best practices.
Appinfo Appinfo is the equivalent of phpinfo() for your code.
Attributes This ruleset gathers all rules that rely on PHP 8.+ attributes.
CE List of rules that are part of the Community Edition
CI-checks Quick check for common best practices.
Changed Behavior Ruleset with all rules that identify changed behavior across PHP versions.
Class Review A set of rules dedicated to class hygiene
Classdependencies A set of rules dedicated to show classes dependences
Coding conventions List coding conventions violations.
CompatibilityPHP53 List features that are incompatible with PHP 5.3.
CompatibilityPHP54 List features that are incompatible with PHP 5.4.
CompatibilityPHP55 List features that are incompatible with PHP 5.5.
CompatibilityPHP56 List features that are incompatible with PHP 5.6.
CompatibilityPHP70 List features that are incompatible with PHP 7.0.
CompatibilityPHP71 List features that are incompatible with PHP 7.1.
CompatibilityPHP72 List features that are incompatible with PHP 7.2.
CompatibilityPHP73 List features that are incompatible with PHP 7.3.
CompatibilityPHP74 List features that are incompatible with PHP 7.4.
CompatibilityPHP80 List features that are incompatible with PHP 8.0.
CompatibilityPHP81 List features that are incompatible with PHP 8.1.
CompatibilityPHP82 List features that are incompatible with PHP 8.2.
CompatibilityPHP83 List features that are incompatible with PHP 8.3.
Dead code Check the unused code or unreachable code.
Deprecated List of deprecated features, across all PHP versions.
Dump Dump is a collector set of rules.
First A set of rules that are always run at the beginning of a project, because they are frequently used.
Inventory A set of rules that collect various definitions from the code
IsExt Ruleset with analysis which rely on PHP’s optional extensions
IsPHP Ruleset with analysis which rely on PHP’s core extensions
IsStub Ruleset with analysis which rely on custom stubs
LintButWontExec Check the code for common errors that will lead to a Fatal error on production, but lint fine.
NoDoc Ruleset with analysis which are not published in the docs.
One Liners Report expressions that are one liners.
PHP recommendations Report recommendations from the PHP manual.
Performances Check the code for slow code.
Preferences Identify preferences in the code.
Rector Suggests configuration to apply changes with Rector
Security Check the code for common security bad practices, especially in the Web environnement.
Semantics Checks the meanings found the names of the code.
Suggestions List of possible modernisation of the PHP code.
Surprising A ruleset dedicated to surprising pieces of code in PHP.
Top10 The most common issues found in the code
Typechecks Checks related to types.
php-cs-fixable Suggests configuration to apply changes with PHP-CS-FIXER

Note : in command line, don’t forget to add quotes to rulesets’ names that include white space.

2.3. List of rulesets

2.3.1. All

All is a dummy ruleset, which includes all the rules. It is mostly used internally.

Total : 1582 analysis

2.3.1.1. Specs

Short name All
Available in Entreprise Edition, Exakat Cloud

2.3.2. Analyze

This ruleset centralizes a large number of classic trap and pitfalls when writing PHP.

Total : 479 analysis

2.3.2.1. Specs

Short name Analyze
Available in Entreprise Edition, Community Edition, Exakat Cloud
Reports Ambassador, Diplomat

2.3.3. Appinfo

A set of rules that describes with PHP features is used in the code.

Total : 383 analysis

2.3.3.1. Specs

Short name Appinfo
Available in Entreprise Edition, Community Edition, Exakat Cloud
Reports Diplomat, Ambassador

2.3.4. Attributes

This ruleset gathers all rules that rely on PHP 8.+ attributes.

Total : 4 analysis

2.3.4.1. Specs

Short name Attributes
Available in Entreprise Edition, Exakat Cloud

2.3.5. CE

This ruleset is the Community Edition list. It holds all the analysis that are in the community edition version of Exakat.

Total : 625 analysis

2.3.5.1. Specs

Short name CE
Available in Entreprise Edition, Exakat Cloud

2.3.6. CI-checks

This ruleset is a collection of important rules to run in a CI pipeline.

Total : 178 analysis

2.3.6.1. Specs

Short name CI-checks
Available in Entreprise Edition, Exakat Cloud

2.3.7. Changed Behavior

Ruleset with all rules that identify changed behavior across PHP versions. This means that some syntax behave differently, depending on PHP version.

Total : 52 analysis

2.3.7.1. Specs

Short name ChangedBehavior
Available in Entreprise Edition, Community Edition, Exakat Cloud

2.3.8. Class Review

This ruleset focuses on classes construction issues, and their related structures : traits, interfaces, methods, properties, constants.

Total : 89 analysis

2.3.8.1. Specs

Short name ClassReview
Available in Entreprise Edition, Exakat Cloud

2.3.9. Classdependencies

This ruleset list all dependencies between classes : heritage and type.

Total : 1 analysis

2.3.9.1. Specs

Short name Classdependencies
Available in Entreprise Edition, Exakat Cloud
Reports report-classdependencies

2.3.11. CompatibilityPHP53

This ruleset centralizes all analysis for the migration from PHP 5.2 to 5.3.

Total : 87 analysis

2.3.11.1. Specs

Short name CompatibilityPHP53
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador

2.3.12. CompatibilityPHP54

This ruleset centralizes all analysis for the migration from PHP 5.3 to 5.4.

Total : 84 analysis

2.3.12.1. Specs

Short name CompatibilityPHP54
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador

2.3.13. CompatibilityPHP55

This ruleset centralizes all analysis for the migration from PHP 5.4 to 5.5.

Total : 77 analysis

2.3.13.1. Specs

Short name CompatibilityPHP55
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador

2.3.14. CompatibilityPHP56

This ruleset centralizes all analysis for the migration from PHP 5.5 to 5.6.

Total : 67 analysis

2.3.14.1. Specs

Short name CompatibilityPHP56
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador

2.3.15. CompatibilityPHP70

This ruleset centralizes all analysis for the migration from PHP 5.6 to 7.0.

Total : 58 analysis

2.3.15.1. Specs

Short name CompatibilityPHP70
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador

2.3.23. CompatibilityPHP83

This ruleset centralizes all analysis for the migration from PHP 8.2 to 8.3.

Total : 3 analysis

2.3.23.1. Specs

Short name CompatibilityPHP83
Available in Entreprise Edition, Community Edition, Exakat Cloud
Reports Diplomat, Ambassador

2.3.25. Deprecated

This ruleset centralizes all analysis that are marked as ‘deprecated feature’ for some versions.

For example :

  • Php/NestedTernaryWithoutParenthesis : deprecated PHP 7.4, removed PHP 8.0
  • Php/NoMoreCurlyArrays : deprecated PHP 7.4, removed PHP 8.0
  • Classes/NoParent : deprecated PHP 7.4, removed PHP 8.0
  • Php/Php74RemovedDirective : deprecated PHP 7.4, removed PHP 8.0
  • Php/ArrayKeyExistsWithObjects : deprecated PHP 7.4, removed PHP 8.0

Total : 8 analysis

2.3.25.1. Specs

Short name Deprecated
Available in Entreprise Edition, Exakat Cloud

2.3.26. Dump

This ruleset collects various names given to different structures in the code : for example, variables, classes, methods, constants, etc. It also collects networks of data, like file inclusion or external dependencies.

Total : 53 analysis

2.3.26.1. Specs

Short name Dump
Available in Entreprise Edition, Community Edition, Exakat Cloud
Reports  

2.3.27. First

A set of rules that are always run at the beginning of a project, because they are frequently used. It is mostly used internally.

Total : 3 analysis

2.3.27.1. Specs

Short name First
Available in Entreprise Edition, Community Edition, Exakat Cloud

2.3.28. Inventory

This ruleset collect all free-text names used in the code : variables, global, arguments, methods, classes, etc…

For example :

  • Classes/MagicProperties
  • Constants/Constantnames : names of global Constants
  • Php/CookieVariables : names of cookies
  • Php/DateFormats : date formats
  • Php/IncomingVariables : names of the GET/POST arguments
  • Php/SessionVariables : names of the session variables
  • Type/ArrayIndex : indices used in arrays
  • Type/Binary : binary values
  • Type/CharString : string values
  • Type/Email : hardcoded emails
  • Type/GPCIndex : GET, POST and COOKIE names
  • Type/Hexadecimal : hexadecimal values
  • Type/HexadecimalString : hexadecimal values
  • Type/HttpHeader : HTTP headers
  • Type/HttpStatus : HTTP status
  • Type/Md5String : MD5 string
  • Type/MimeType : Mime types
  • Type/OctalInString : octal values
  • Type/OpensslCipher : names of OpenSSL cipher
  • Type/Pack : pack() formats
  • Type/Pcre : regex strings
  • Type/Ports : server ports mentioned
  • Type/Printf : printf() and co formatting strings
  • Type/Regex : regex strings
  • Type/SpecialIntegers : integer, with special values
  • Type/Sql : SQL strings
  • Type/UdpDomains : UDP domains
  • Type/UnicodeBlock : Unicode blocks
  • Type/Url : URL

Total : 36 analysis

2.3.28.1. Specs

Short name Inventory
Available in Entreprise Edition, Exakat Cloud
Reports  

2.3.32. LintButWontExec

This ruleset focuses on PHP code that lint (php -l), but that will not run. As such, this ruleset tries to go further than PHP, by connecting files, just like during execution.

Total : 46 analysis

2.3.32.1. Specs

Short name LintButWontExec
Available in Entreprise Edition, Exakat Cloud

2.3.34. One Liners

This ruleset focuses on reporting one liners, which makes using an IDE had.

Total : 5 analysis

2.3.34.1. Specs

Short name OneLiners
Available in  
Reports  

2.3.35. PHP recommendations

This ruleset is collected from the warnings and notes that are available in the PHP manual. For example, return do not require parenthesis.

Total : 0 analysis

2.3.35.1. Specs

Short name Php-recommendations
Available in Entreprise Edition, Exakat Cloud

2.3.38. Rector

RectorPHP is a reconstructor tool. It applies modifications in the PHP code automatically. Exakat finds results which may be automatically updated with rector.

Total : 14 analysis

2.3.38.1. Specs

Short name Rector
Available in Entreprise Edition, Exakat Cloud
Reports Ambassador, Rector

2.3.41. Suggestions

This ruleset focuses on possibly better syntax than the one currently used. Those may be code modernization, alternatives, more efficient solutions, or simply left over from older versions.

Total : 122 analysis

2.3.41.1. Specs

Short name Suggestions
Available in Entreprise Edition, Exakat Cloud
Reports Diplomat, Ambassador

2.3.42. Surprising

PHP is full of exceptional situations where something doesn’t work as expected, or as we thought would be expected. Then, exakat gets a rule for that, and it is listed here. Watch out, unusual beasts are hidden in this list : the most interesting is possibly the docs.

Total : 1 analysis

2.3.42.1. Specs

Short name Surprising
Available in Entreprise Edition, Exakat Cloud
Reports Text

2.3.45. php-cs-fixable

php-cs-fixer is a tool to automatically fix PHP Coding Standards issues. It applies modifications in the PHP code automatically. Exakat finds results which may be automatically updated with PHP-CS-FIXER.

Total : 0 analysis

2.3.45.1. Specs

Short name php-cs-fixer
Available in Entreprise Edition, Exakat Cloud
Reports Phpcsfixer