.. Changelog: Release Note =============== Here is the release note of exakat. **Version 2.6.9 (, 2024-01-11)** + Architecture + + Cobbler + + Report + Ambassador : upgraded manual rendering + Analysis + New analysis : new rule for Deprecated attribute (analysis) + Updated analysis : modernized Pss Without CITE + Updated analysis : modernized Pss Without CITE + Updated analysis : refactored 'useless arguments', with named parameters + Updated analysis : Undefined Property skips dynamic properties + Updated analysis : Unused variable in catch now handles other names than $e + Updated analysis : Do not report abstract exceptions as unthrown + Updated analysis : Useless catch is moved to WIP + New analysis : report constants used only once + New analysis : report relay constants (which are relaying another constant value) + Updated analysis : Hidden Nullable + Updated analysis : Useless constructor takes into account promoted properties + Updated analysis : Undefined Enum Case now handles class constant relays + Tokenizer + **Version 2.6.8 (, 2024-04-24)** + Architecture + + Cobbler + + Report + + Analysis + New analysis : new rule for Deprecated attribute (analysis) + Tokenizer + **Version 2.6.7 (Zhang Gongjin, 2024-03-21)** + Analysis + New analysis : report variables used with include. + New analysis : report named parameters with no-named-parameters + New analysis : new rule for Deprecated attribute (analysis) **Version 2.6.6 (Gao Shilian, 2024-03-14)** + Report + Ambassador : fixed documentation display of PHP scripts + CallGraph : displays the call graph in dot format + Analysis + Refactored analysis : fixed bug in Missing New (confusion with property) + Augmented analysis : null coalesce and ?? with members + New analysis : useless coalesce operator + New analysis : report empty json_decode() + Refactored analysis : No Parenthesis For Language Construct now covers yield and yield from + New analysis : exit/die without parenthesis + New analysis : count() is not negative + Refactored analysis : Must return now skips generators and exited functions + Refactored analysis : Double object assignation now focuses on variables, properties. + Refactored analysis : Removed false positives with 'Can Call Generator' + Refactored analysis : Removed false positives with OnlyVariablePassedByReference + Refactored analysis : Useless reference in foreach + New analysis : report possible confusion between parameter and variable in arrow functions + New analysis : report usage of the new PHP 8.1 types + New analysis : report usage of the new PHP 8.2 types + New analysis : report usage of strpos() < 1 (possible bug) + Tokenizer + Made property inside a string with a Name, not a Identifier + Mark variable in append as modified **Version 2.6.5 (Cheng Yaojin, 2024-01-31)** + Architecture + Added support for NEXT in Sequence, Method definition, Functioncall, concatenations + Cobbler + + Report + + Analysis + Refactored analysis : Structures/UselessTrailingComma handles method calls + Refactored analysis : Structures/UnreachableCode handles never returntype + Refactored analysis : Classes/AbstractOrImplements + Fixed analysis : Complete/ReturnType had a bug with Classanonymous + Refactored analysis : Variables/InconsistentUsage had a bug with Classanonymous + New analysis : report useless nullsafe operator usage + New analysis : report file_put_contents(, []) + New analysis : report nested match() calls + New analysis : report useless short ternary + New analysis : dump all combined method calls + Tokenizer + Fixed display of ?-> inside strings + Refactored Goto labels with a common atom between goto and labels + Fixed minor errors with SEQUENCE (via NEXT) **Version 2.6.4 (, 2023-12-31)** + Architecture + Moved assert configuration to ini_set and php.ini + Added a set of token values for Debian 12 and 8.3 + Void is now a single atom in the graph (speed up, less resources) + Speed up Load with less arrays, more classes + Analysis + New analysis : report PHP native attribute usage + New analysis : check for injectable version, based on attribute declaration + New analysis : report multiple definition for the same property in a class family + Refactored analysis : multiply by one now reports +$a as a hidden cast. + New analysis : is_a() or instanceof favorite + Refactored analysis : Use Stdclass has extended coverage now + Refactored analysis : Undefined Classes includes Enum now + Refactored analysis : Pss outside a class include Enum now + New analysis : suggest using (array) + Refactored analysis : set class_alias() definitions + Refactored analysis : Could Use Null-safe operator now covers new situations + New analysis : check after nullsafe operator + New analysis : Don't use Null typed elements with a null-safe operator + New analysis : report invalid casts + New analysis : could use strcontains() + New analysis : suggest removing unused variable in catch + New analysis : suggest adding readonly to property + New analysis : spot calls just after an instantiation + New analysis: report try without catch but with finally + New analysis: report precedence errors with coalesce and comparisons + Refactored analysis : Cache Outside Loop was upgraded to spot cases in for, while and do while. + Refactored analysis : Join On File is extended with the reverse: file_get_contents() with explode() + New analysis: report exported properties + Removed analysis: remove duplicate rule OnlyVariableForReference + New analysis: report literal passed by reference + Tokenizer + Added CALLED link to new calls + Fixed edgecases with match and readonly **Version 2.6.3 (Ma Sanbao, 2023-12-14)** + Analysis + New analysis : report non-static method called from static method + New analysis : report properties that are untyped, uninitialized, and no set in the constructor. + New analysis : report traits used in a type + New analysis : report short assignations on appends (should not be possible) + Updated analysis : report usage of static properties with ??= and other short assignations + New analysis : added support for the friend attribute + New analysis : report method names starting with __ + New analysis : report $array[count($array)] append system + Updated analysis : unknown directive names cover more PHP functions and combinaisons + New analysis : report when void is returned by reference in a method + Updated analysis : Can Count Iterable was upgraded with types + New analysis : can't call a generator directly + New analysis : report useless trailing comma + Removed analysis : propagate calls (Complete) + New analysis : report non-int and non-string used as index in an array call + New analysis : report attempt to instantiate non-class (e, t, i) + Updated analysis : Too Many Variables in Method + Tokenizer + Fixed bug with short assignment left operand not being marked as read as well as written + Added fullnspath to Staticclass atom + Added support for THROWN, CALLED, YIELDED links in methods **Version 2.6.2 (Duan Zhixian, 2023-11-21)** + Analysis + New analysis : Casting Method Favorite + Updated analysis : Ellipsis detection improved + New analysis : report arrays that are used for append and direct index access at the same time + New analysis : report get_class() and get_parent_class() without arguments + Updated analysis : Literal inventory now reports float, array() and heredocs + New analysis : report usage of advanced static variable initialisation + New analysis : cannot be readonly + New analysis : report triplet stats from the internal graph + New analysis : report static variables outside a method + Updated analysis : Missing types are now covering class constants too + New analysis : report usage of Deprecated features (CITE, functions, parameters...) + Updated analysis : Could Be Typed * now supports class constants + New analysis : add support for #[Override] before PHP 8.3 + New analysis : report variables that use their type as name **Version 2.6.1 (Liu Hongji, 2023-10-19)** + Cobbler + New Cobbler : Logical to In_array() conversion + Analysis + Updated analysis : Use same types for comparisons was refactored + Updated analysis : Add Zero skips ?? and ?: when it is used to create default values + Updated analysis : Implode() args order was refactored with type support + New analysis : report multiline expressions + New analysis : report usage of typed constants + Updated analysis : sprintf() argument counts is improved + Updated analysis : double instruction skips try, while, do while. + Updated analysis : useless instruction refactored clone expressions + Updated analysis : array Append in a list() call + Updated analysis : written only variables now take into account isset() too + Updated analysis : recursive functions don't report recursion via property or method call() + Updated analysis : Shell favorite **Version 2.6.0 (Xue Rengui, 2023-10-04)** + Architecture + Refactored generation of VCS + Cobbler + New cobbler : rename namespace + New cobbler : rename function + New cobbler : rename constant + New cobbler : rename class + New cobbler : rename interface + New cobbler : rename enums + New cobbler : rename trait + New cobbler : rename method + New cobbler : rename class constant + New cobbler : rename property + Report + Added Classes dependencies table to Ambassador + Added Classes dependencies counts table to Ambassador + Added Classes dependent counts table to Ambassador + Added Namespaces to Exception tree + Added list of repeated class names + New report : Naming, that checks spelling + Analysis + Updated analysis : Useless Null Coalesce now omits stdclass + New analysis : report rewritten final class constant + New analysis : report uselessly rewriten class constant + Updated analysis : Fixed detection of use for functions and constants + Removed analysis : Removed 'Mark callable' + Updated analysis : Fixed detection of calls to __construct + Updated analysis : Avoid Boolean as Argument sped up + Updated analysis : Property Could Be Local sped up + New analysis : Report blind variable used beyond their foreach() loop + Updated analysis : Could Use Try has more exceptions sources + New analysis : Report recalled conditions + Updated analysis : Upgraded Classes depencencies list with attributes, New initializers and instanceof + New analysis : Report incompatible property definition between trait and class + Updated analysis : Deep definition now includes define() calls and enums + Updated analysis : Collection of File dependencies now include interfaces + Updated analysis : Fixed but in Could Be Spaceship + Updated analysis : Upgraded 'unthrown exception' to handle variables + New analysis : report usage of self:: on + New analysis : report usage of DNF + Updated analysis : readonly usage covers classes and anonymous classes + New analysis : report usage of FTN as standalone type + New analysis : Collect usage of throw and their method + New analysis : Collect literals used in comparisons + New analysis : Suggest using array_combine() + New analysis : Report comparisons with distinct scalar types + New analysis : reports null being used as array's index + New analysis : collect all named things in the source code + Updated analysis : isComponent also supports enum and declare + New analysis : report useless Try clauses + New analysis : report converted exceptions + New analysis : report methods that are no more than a single if + New analysis : suggest to ditch default before assigning it + Updated analysis : Unset or Cast was refactored with less raw() calls + Updated analysis : PPP declaration style + New analysis : collect the number of injections in a constructor + New analysis : collect the property usage level for each class + New analysis : collect structures, instead of in dump + New analysis : collect catch, to complete results with throw collect + Updated analysis : report usage of standalone True, False, Null. + New analysis : report identical cases in match and switch + New analysis : report usage of constants in traits + New analysis : preference between short and formal comparison + New analysis : report yield that can be turned into a yield from + New analysis : report usage of enum cases in static constant expressions + New analysis : report modification of readonly properties in __clone() + New analysis : report usage of internal classes with class_alias() + New analysis : report usage PHP 8.3 new dynamic + New analysis : static variables may be initialized with arbitrary expression in PHP 8.3 + New analysis : report when an interface's class constant visibility is not public when in the class + Updated analysis : upgraded pre-calculate used variable in closure + Updated analysis : Insufficient typehint (extended coverage) + New analysis : Report final trait method that are overwritten + Tokenizer + Added support for typed constants + Checked support for readonly anonymous classes + Fixed LINK in DNF types + Added support for attributes in enum, trait, interface and enumcase **Version 2.5.2 (Wang Gui, 2023-02-04)** + Report + New report : Format for SonarCube + Analysis + New analysis : report array literal, used by index. + New analysis : Cannot use empty strings with explode() + New analysis : Report max() and min() applied on empty arrays. + Updated analysis : Unused methods now skips internal use + Updated analysis : Date formats are collected only on Datetime and Datetimeimmutable + New analysis : strpos() used to convert integer to their ascii value + New analysis : report double checks in the code + New analysis : skip empty arrays in array_merge() + New analysis : ellipis is slower than array_merge() + Updated analysis : variable type is detected with cast too. + New analysis : follow unvalidated data in $_SESSION + Updated analysis : updated in_array() to also report short arrays + Updated analysis : closure2string skips when other arguments are necessary + Updated analysis : condition is always true is upgraded with more work on is_a() and class type + Updated analysis : htmlspecialchars() changed behavior in 8.1 + Updated analysis : always false does a better job at comparing types + Updated analysis : upgraded analysis with types + New analysis : new functions in PHP 8.3 + New analysis : suggestion for str_ends_with() + New analysis : suggestion for str_starts_with() + Updated analysis : dirname with 3rd arg is suggested when using '$path/../' strings + New analysis : collect the number of arguments per PHP native calls + New analysis : report if/then when a variable is assigned in one branch, but not in the other + New analysis : report mono or multi bytes favorite + New analysis : count the number of arguments to PHP native calls + Updated analysis : Null on boolean now takes into account types + Updated analysis : upgraded Make One Call analysis to spot calls within same expression + Updated analysis : incompatible type with incoming now covers call with superglobals + Updated analysis : fixed bug when calculating DEFINITION for superglobals + New analysis : report different constructors + New analysis : report usage of short ternary operator + New analysis : report when finalizing the call before the closure is better + New analysis : report object cast to int or float + New analysis : report variables initialized before an if condition with reinitialisation + New analysis : report incompatible constructors + New analysis : Report sidelined methods from a trait + New analysis : Report misused Generators + New analysis : Substr() for partitions in a loop + New analysis : suggest caching local calls to reduce processing + New analysis : report list of PHP 8.3 new classes + Tokenizer + Added support for readonly + final/abstract class + Fixed DEFINITION for static in new + Fixed DEFINITION for global variable definitions + Upgraded support for variable types with PDFF + Adapted support for undefined Identifier between PHP 7 and 8 **Version 2.5.1 (Wang Gui, 2023-01-19)** + Architecture + Extracted Called* to external class + Introduced parallel loading for nodes and properties (links are WIP) + Analysis + New analysis : suggest omitting empty arrays before array_merge() + Updated analysis : more calls are collected + Updated analysis : Strict comparison with boolean covers array_search and array_keys + New analysis : report useless methods + Updated analysis : Add Zero also covers syntax like +$a + New analysis : report weak tests on array, without checks on index + New analysis : report multiple types in switch (PHP 8 compability) + New analysis : could be a readonly class + Updated analysis : Comparison strings to int include in_array() and co + New analysis : report class invasions + New analysis : report property invasions + New analysis : collect all setlocale() calls + Updated analysis : Collected calls includes __construct() + Updated analysis : Collected calls includes __clone() + New analysis : report usage of ++ on strings + New analysis : report usage of deprecated mb_string encodings + Tokenizer + Fixed edge cases with readonly/namespace as method name + Fixed handling of static keyword with rare combinaisons **Version 2.5.0 (Wang Gui, 2023-01-05)** + Architecture + + Cobbler + + Report + + Analysis + Refactored analysis : WrongTypeWithCall skips variables without a type + Refactored analysis : BailoutEarly skips blocks with one element only + Refactored analysis : NonStaticMethodsCalledStatic extended to Stubs + New analysis : ambiguous types for variables + Refactored analysis : Unpreprocessed skips static::class + Refactored analysis : Undefined constant skips class constants with variables + New analysis : report exception that can't be chained + Refactored analysis : ShellExec preferences + Refactored analysis : CreateMagicProperty was extended + New analysis : report possible ::class usage + New analysis : report wrong order of argument with variadic + New analysis : report wrong encoding usage with mbstring + Refactored analysis : Sped up 'could be abstract method' + Refactored analysis : Undefined Interfaces differentiate classes and interfaces + New analysis : Ternary and Coalesce Operators order + Refactored analysis : Set Parent DEFINITION also adds DEFINITION for CPM + Refactored analysis : NativeClassTypeCompatibility upgraded fully to stub support + New analysis : Report useless assignation of promoted properties + Refactored analysis : Parameter name checking works with methods + Refactored analysis : Classes/CouldUseClassOperator is extended to all CITE + Refactored analysis : Classes/UndefinedConstants skips situations where the class is a variable of unknown type + Refactored analysis : Infinite recursion also detects coalesce + New analysis : Report methods / property confusions + New analysis : Suggest using __NAMESPACE__, instead of hardcoded string + Refactored analysis : Indirect injection is extended with ?? ?: and ? : + New analysis : Report too many chained calls one in the other + Refactored analysis : 'This is for classes' is extended to traits and enums + Refactored analysis : 'Unsupported types with operator' is now using Stubs files + New analysis : Report wrong typed with incoming values + Refactored analysis : 'Queries in loops' is now using extended to methods and one functioncall down. + Refactored analysis : Identical Variables in Foreach now searches inside the source + New analysis : Empty Loops + New analysis : Report arrays that are too much extracted + New analysis : Report methods where variables are not needed (only unique usage) + New analysis : Report possible emission of TypeError + Refactored analysis : Cant Throw now skips Interfaces + Refactored analysis : fixed false positive with Always False + Refactored analysis : Constant Invalid names do not confuse the constant and its value + Refactored analysis : Undefined Variable in Catch, now skips variables also created in the catch clause + Refactored analysis : Implicit conversion to int : skip float returned values + Refactored analysis : Closure could be static now checks for internal definitions of enums or anonymous class + Refactored analysis : Dont Collect void is extended to unspecified return types + Refactored analysis : useless coalesce + Refactored analysis : Indirect Injections + Refactored analysis : Useless Reference now checks PHP, ext and stubs + New analysis : Suggest to throw exceptions with json_*code() + Refactored analysis : Scalar are not arrays cleaned + Refactored analysis : No net for xml now enforces class too + Refactored analysis : Static for classes now omits static variables + Refactored analysis : Incompatibility signature now omits __construct + Refactored analysis : Unreachable code + New analysis : collect all calls from methods to methods + New analysis : set fullnspath to method calls + New analysis : report variables with an initial capital S (readability) + New analysis : type dodging in parameter with union type + Tokenizer + Fixed bug with related to readonly position + Fixed bug where define was not correctly set with fullnspath + Fixed priorities for print and yield + Added support for DNF in the engine + Added definition with static calls, within a class + Added support for methods and properties with static calls to parent:: + Refactored handling of scope with $this and self/static + Created a Precedence class for each version + Refactored calculations for currentMethods in external class + Migrating from Method to readsStubs (WIP) + Handled edge cases in Yield (yield yield) + Removed link between bool and int values when loading (edge case of numeric strings) + Cleaned Load of GlobalVars array **Version 2.4.9 (Wang Gui, 2022-09-07)** + Analysis + Refactored analysis : Uses Default now supports PDFF and functions + Refactored analysis : Using PDFF with ext/seaslog and ext/memcache + Removed analysis : ext/wikidiff2, ext/wincache, ext/iis, ext/libevent, ext/mhash, ext/parsekit, ext/kdm5 + New analysis : date() versus DatetTime preferences. + New analysis : identify unused public methods + Refactored analysis : Detecting wrong visibility with implemented methods was sped up + Removed analysis : Interface/ConcreteVisibility, double with Classes/ImplementedMethodsArePublic + New analysis : identify potential abstract methods + Refactored analysis : Upgraded 'Wrong Type With Call' to use the known variable types + Refactored analysis : No Parent now takes traits into account. + Refactored analysis : Should Have Destructor : removed some false positives, refactored documentation. + Refactored analysis : No Parent now also checks for traits + Refactored analysis : Uses default argument skips Virtualproperties + New analysis : Complete/SolveTraitConstants adds support for constants in traits (PHP 8.2) + Refactored analysis : Complete/SetParentDefinition was trimmed of 2 useless queries + Refactored analysis : PPP declaration style + Refactored analysis : Is Global Constant (removed usage of .ini) + Refactored analysis : Overwritten* are simplified for speed up and deduplication + Refactored analysis : UndefinedClasses speed up + Refactored analysis : Should Preprocess now adds Heredocs and skips variables inside strings + Refactored analysis : Should use Ternary now skips elsif + Refactored analysis : ext/fann now use pdff + Tokenizer + Added support for PHP keywords in namespace names. **Version 2.4.8 (Xue Rengui, 2022-08-24)** + Architecture + + Cobbler + + Report + + Analysis + Refactored analysis : strange names now covers types too. + Removed analysis : ext/proctitle, Composer/IsComposerName, ext/cyrus + Removed analysis : Composer/IsComposerInterface, + Refactored analysis : VariableTypehint now skips self-transforming variables in default + Refactored analysis : ErrorMessages now also tracks trigger_error() + New analysis : ext/teds, ext/scrypt, ext/geospatial + Refactored analysis with pdff : ext/crypto, ext/ev, ext/enchant + Refactored analysis : refactored 'could use short assignation' + Removed analysis : ext/ereg, ext/async + Refactored analysis : undefined class constants are also looked in the children classes + Refactored analysis : vendor/symfony and vendor/phalcon + Refactored analysis : Unused Methods now handles foreach() with new() + New analysis : vendor/feast framework + Checked unit tests : 4480 / 4450 test pass (99.3% pass) + Tokenizer + Fixed detection of constant in ternary/coalesce + Finish adding types **Version 2.4.7 (Xu Jingzong, 2022-08-03)** + Architecture + + Cobbler + New cobbler : remove brackets to single-instruction commands + Report + New inventory : IP + Analysis + Refactored analysis : Could Use Array_sum() + Refactored analysis : Wrong Attribute with properties + Refactored analysis : implode Args order now support types + Refactored analysis : fopen mode does accept rw + Refactored analysis : references on objects (full refactor) + New analysis : finding empty arrays with comparisons + New analysis : using strict with in_array or not + New analysis : no default for referenced parameter + New analysis : No clone constant before PHP 8.1 + New analysis : Complete enum cases with definition to value and name + Refactored analysis : better handling of clone in Variable Typehint + Refactored analysis : cleaned some false positives with Undefined Properties + Refactored analysis : Unresolved use now uses stubs; upgrade in function/const coverage + Removed analysis : ext/recode, ext/runkit, ext/ming + Refactored analysis : Better coverage for 1 + [] + Refactored analysis : Difference preference has gremlin upgraded + New analysis : Ext/random (PHP 8.2) + New analysis : IP inventory + Refactored analysis : JsonSerialize and ReturnTypeWIllChange cover new methods + Tokenizer + Added support for -> out of Enum cases (with name and value) + Added new classes from PHP 8.2 + Fixed missing fullnspath for attributes with absolute path + Added all attributes to properties **Version 2.4.6 (Li Yuanji, 2022-07-20)** + Architecture + Skip loading of WS property when only doing an audit (speed up loading) + Finished moved to Gremlin 3.6 + Cobbler + New cobbler : adds brackets to single-instruction commands + Report + Ambassador : refactored trait matrix + Analysis + Refactored analysis : Wrong Type Hint with First Class Callable + New analysis : PHP 8.2 new functions + Refactored analysis : Useless Cast takes advantages of const types + Tokenizer + Typed all internal atoms + Added types to internal loading engine **Version 2.4.5 (Li Yuanji, 2022-07-07)** + Architecture + Docs : fixed presentation for cobblers + Cobbler + New cobbler : remove abstract option + Report + + Analysis + Refactored analysis : No Pss Outside Class also checks for static closures + New analysis : Report errors in sprintf() formats + New analysis : Report methods and properties with the same name in a class + New analysis : Report invalid chars in date scanning formats + Refactored analysis : Useless Coalesce applied to PHP native methods + New analysis : Report Abstract Private methods in traits (php 8.0-) + Refactored analysis : Dynamic New now also works on parenthesis + New analysis : Report Utf8_encode() and utf8_decode() deprecation + Refactored analysis : Create Default Values checks on self-transforming variables + Refactored analysis : Missing Typehint skips constructor and destructor + Refactored analysis : Useless constructor skip one that has other constructor calling it + New analysis : Some Magic methods have compulsory return types + Refactored analysis : Overwritten const is extended to classes without constants (but in their parent or interfaces) + Refactored analysis : Nested ternaries now checks assignations, New parameter to set the min depth + Refactored analysis : Instantiating Abstract now uses PDFF + Refactored analysis : $this may be OK in closures (they can be rebinded later) + Refactored analysis : Adding 'Void' returntype when possible + Refactored analysis : Don't Collect Void was upgraded with methods returning nothing. + Refactored analysis : Identical Expressions, now checks = and omits short assignations + New analysis : If Then Return Favorite + Refactored analysis : Useless Casting checks % distinctly + Refactored analysis : Add Zero skips variables more often + New analysis : Could Be Resource + New analysis : DateTime Immutable is not immutable + Tokenizer + Fixed namespace's names dectection for older PHP versions + Fixed Functioncall detection inside a new operator. **Version 2.4.4 (Li Jiancheng, 2022-06-23)** + Architecture + Upgraded to Gremlin 3.6.0 (tinkergraph) + Prepared engine to work with GSneo4j 3.6.0 + Cobbler + New cobbler : turn ${a} into {$a} for PHP 8.2 compatibility + Refactored cobbler : Adds null type to nullable parameters + Report + + Analysis + Refactored analysis : Non nullable setter skip properties set in constructor + Removed analysis : ext/ffmpeg, ext/fdf, ext/xcache, ext/yis, ext/cairo + Refactored analysis : ext/rdkafka, ext/zookeeper now uses PDFF + Refactored analysis : Should Preprocess, now include local constant strings + Refactored analysis : Undefined Interface, now not reporting extra Types + New analysis : retyped reference, when a parameter with a type, eventually get a new type + Refactored analysis : Static methods called from object, modernization + Refactored analysis : New Analyzers, omits local defaults values + Refactored analysis : Access Protected now takes into account PDFF + Refactored analysis : Null type detection includes null defaut value for parameters. + New analysis : Report type error for default values + Refactored analysis : 'ds', 'ssh2' were upgraded to PDFF + Checked unit tests : 4373 / 4349 test pass (99.5% pass) + New analysis : Ice framework + New analysis : taint + Tokenizer + Fixed 'constant' bug with functioncall on a nsname + Upgraded Typehint detection to handle clone() calls + Upgraded Typehint inference for properties and variables **Version 2.4.3 (Emperor Gaozu of Tang, 2022-06-02)** + Architecture + Doctor failed to copy the tinkergraph configuration files + Removed old connector GSneo4j/Tinkergraph + Refactored starting/emptying of gremlin database + Testing on PHP 8.2 + Cobbler + Added suggestions when the -P is not found + New cobbler : add Final to classes + New cobbler : removes Final from classes + Upgraded cobbler : removes Readonly from classes + Report + Ambassador, Emissary, Diplomat : removed link to the source code. + Ambassador, Emissary, Diplomat : fixed link to online documentation + Analysis + Fixed analysis : Undefined Classes and Trait where affected by the recent Complete/Returntyping + Refactored analysis : 'Variables Used Once' not omit inherited parameters. + Refactored analysis : 'Functions without return' not skip methods with Never and methods that throw in the main sequence. + New analysis : 'Parent is not Static', but rather self + Refactored analysis : 'Use This' + Refactored analysis : 'Extension/Extxhprof' to PDFF + Refactored analysis : Removing usage of methods, moving to PDFF + New analysis : 'No magic method for Enums' + Refactored analysis : 'Multiple Identical Keys' now also processes automated index + New analysis : 'Modifying Readonly' (WIP) + Refactored analysis : 'Could use short assignation' skips usage of ?? + New analysis : 'Readonly Can only be assigned in defining class' + Refactored analysis : 'Runkit7' was upgraded to PDFF + Refactored analysis : 'Gnupg' was upgraded to PDFF + Refactored analysis : 'xdiff' was upgraded to PDFF + Refactored analysis : 'event' was upgraded to PDFF + New analysis : ext/stomp, ext/csv + New analysis : Suggestion making the default assignation in property definition + Refactored analysis : 'Redefined private properties' now covers PDFF too + Refactored analysis : 'Failing Stubstr Comparison' now accepts != <> + Refactored analysis : 'Insufficient typehint' extended with class constants + Refactored analysis : 'Unused constant' takes advantage of hierarchy + Refactored analysis : 'Useless Abstract' extended to include single extended classes + Refactored analysis : 'Mismatched Default Value' now omits parameters without default value + New analysis : method is identity + New analysis : report overloaded existing names in use, from PDFF + New analysis : collect incoming date inventory + New analysis : collect vendor's API usage + New analysis : report Array addition usage + Checked unit tests : 4373 / 4349 test pass (99.5% pass) + Tokenizer + Added support for PHP 8.2 readonly classes + Fixed bug that made VariableTypehint automatically isPHP **Version 2.4.2 (Li Chunfeng, 2022-05-18)** + Analysis + Refactored analysis : 'Raised access Level' now supports PDFF files + Refactored analysis : 'Cant Extends Final' also Works with anonymous classes + New analysis : Report 'Lowered access levels' + Refactored analysis : 'Final methods' extended to traits + Refactored analysis : 'Overwritten Methods' fixed bug with Traits + New analysis : 'Cant extends Final Methods' + Refactored analysis : 'Cant extends Final Constants' with PDFF support + New analysis : 'Extension Excimer' + New analysis : 'Report implicit float to int conversions' + Refactored analysis : 'Is always false' is extended to typed properties + New analysis : 'Report inegalities with different types' + New analysis : Report traits used once + Refactored analysis : 'Is Not Implements' now supports PDFF; support for trait added. + Refactored analysis : 'Wrong name with paramter' : added support for PDFF + Fixed analysis : 'Overwritten Methods' skipped some interfaces + Refactored analysis : 'Fossilized methods' was counting methods that are defined with Virtualmethod + Refactored analysis : 'Fix bug' when missing fqn in New for Classes/WrongTypedPropertyInit + New analysis : Report unknown locales. + New analysis : ext/pkcs11 + New analysis : ext/spx + Checked unit tests : 4314 / 4317 test pass (99% pass) + Refactored analysis : 'Basename suffix' detection extended + Tokenizer + Fixed bug with float and power + Fixed bug in global variable creation + Create all possible links to static keyword + Speed up creation of links to $GLOBALS **Version 2.4.1 (Yuan Tiangang, 2022-05-04)** + Architecture + New Dump : collect all stub's structures + Report + Sarif : Fixed URI (no initial /) and Exakat version + Unused : report unused stuff in the code + Ambassador : upgrade presentation of the Exception Treephp + Analysis + New analysis : Deprecated String interpolation in PHP 8.2 + Refactored analysis : Spaceship features is used for isRead property + Refactored analysis : Skip analysis of returntypes for methods with throw/assert/trigger_error() + New analysis : Report unused Enumeration Cases + Refactored analysis : Can't instantiate class now takes local class into account + Refactored analysis : Many new examples extracted from the docs + Refactored analysis : fixed bug with 'Wrong Type With Call' + Refactored analysis : Conditional structures now includes Enums too. + New analysis : Don't throw raw exceptions + New analysis : Useless Coalesce operator (when there is a type available) + New analysis : ext/yar + Refactored analysis : 'Wrong number of argument' now includes methods defined in a trait in a PDFF + Refactored analysis : moved ext/amqp to PDFF **Version 2.4.0 (Yin Kaishan, 2022-04-20)** + Report + Ambassador : suggest literals to be turned into a constant, based on assignation and comparison + Analysis + Refactored analysis : 'Classes/WrongCase' reported too many arguments + New analysis : No constructor in interfaces + Refactored analysis : Bail Out Early also report if/then when in last position of an sequence + Refactored analysis : Useless Casting also checks for double application of typehint/cast + New analysis : Could Be A constant (in Dump) + New analysis : Could Be Spaceship + Refactored analysis : Vendors/Concrete5 is updated to Concrete5 v9.0 + New analysis : Vendors Sylius + Refactored analysis : Vendors/Joomla is updated to Joomla 4.2.0 + Refactored analysis : Wrong Number Of Arguments supports Constructors and methods (static and normal) **Version 2.3.9 (Fu Yi, 2022-04-06)** + Architecture + Changed Loading system to handle globals directly with gremlin, and without ids + Cobbler + New cobbler : adds 'function array_key_exists' to the list of use statements to speed up array_key_exists. + Analysis + Refactored analysis : Fixed bug with 'each' and namespaces in Php/Deprecated + Refactored analysis : Next Month Trap was updated with support for datetime (Immutable) + Refactored analysis : TimeStamp Differences now covers any seconds additions. Datetime::format('U') was also added to sources. + New analysis : Avoid using 86400 to handle days when calculating dates. + New analysis : Do not reuse the source name in a foreach($a as $a) + New analysis : Use constants when the function returns them + Updated analysis : New constants for 'Use Constants As Arguments' + Refactored analysis : many Extensions/Ext* are moving to pdff support + Refactored analysis : speedup Should Preprocess analysis + Refactored analysis : Modernized Overwritten class constants + New analysis : Report overwritten final constants from PDFF + Refactored analysis : Moving Extensions/Ext* to PDFF + Refactored analysis : Repeated Regex + New analysis : Report string / integer comparison for PHP 8.0 migration + Refactored analysis : Defined Class Constants differentiate from Enumeration cases + New analysis : Complete functions with obvious typehints + New analysis : Extension protobuf + Refactored analysis : Upgraded Property analysis to use PDFF + Refactored analysis : 'Multiple identical keys' now has an array size limit (15000) + New analysis : Constant favorite : use or not? + Refactored analysis : Upgraded 'Unresolved classes' with Pdff support + Tokenizer + Fixed isPhp/isExt/isStub detection for catch classes **Version 2.3.8 (Xiao Yu, 2022-03-23)** + Architecture + Speed up gremlin queries + Report + Pdff : added support for hasDefault in properties and parameters + Analysis + New analysis : Report type of string introspection used in the code, as a favorite + New analysis : Report functions to be of type 'never'. + Refactored analysis : Variables used once by context, now omits Blind variables + Refactored analysis : Redeclared PHP functions works with PHP 8.1's functions + Refactored analysis : Modern Empty + Refactored analysis : Deprecated Functions + Refactored analysis : Removed usage of IsExtInterface in UndefinedClasses + Refactored analysis : Suggesting static class names over objects takes into account the nature of the typehint available. + Refactored analysis : Using PDFF with ext/gender, ext/decimal, ext/xxtea, ext/mailparse, ext/uuid. + Refactored analysis : Using PDFF with ext/xmlreader, ext/writer, ext/mongodb, ext/gd, ext/dom + Refactored analysis : Class Usage rule now skips Interfaces in Implements + Removed analysis : Modules/* + Removed analysis : Extensions/Extzbarcode **Version 2.3.7 (Xiao Yu, 2022-03-09)** + Architecture + Fixed all internal step's case + Report + New report : PerRule (same as PerFile, but grouped by rules) + New report : CompatibilityPHP56 (based on Perfile, dedicated to Compatibility PHP 5.6) + Updated report : Ambassador now lists @keywords in phpdocs (inventories) + Updated report : Manual includes sections for namespaces, and global constants + Analysis + New analysis : Use variables when they are created inside a loop + New analysis : Simplify Foreach() + New analysis : Identical Conditions on If-elseif + Refactored analysis : Undefined Instanceof now relies on isPhp/isExt/IsStub + Refactored analysis : First byte only, now uses variable typehints + Refactored analysis : Dont loop on yield + Refactored analysis : Interfaces suggestion now accepts php/ext/stubs configuration + Refactored analysis : Static calls to traits exclude self, parent, static + Refactored analysis : Don't read and write at the same time : Extended to all containers, removed edge cases + Refactored analysis : Undefined interfaces takes Variable Typehint into account + Refactored analysis : Incompatible Method signature + Refactored analysis : Unfinished objects now checks called internal methods + Refactored analysis : Better coverage for Class Constants + Refactored analysis : Insufficient typehint skips properties without a type + Tokenizer + Extended support for Variable typehints **Version 2.3.6 (Qin Qiong, 2022-02-16)** + Architecture + + Cobbler + Refactored cobbler : 'SetTypehint' checks more before adding a class typehint + Report + Ambassador : added the list of extended dependencies as an audit report + Diplomat : removed 4 rules from Analyze (Classes/Redefined*) + Analysis + New analysis : Too Many Stringed If-then-elsif + New analysis : Undefined Enumeration case + New analysis : Unfinished objects + New analysis : Class Alias usage + New analysis : Undefined Methods + New analysis : Suggest array_sum(), from the code + New analysis : Missing type on any structure (method, parameter, property) + New analysis : Spot unreachable methods + New analysis : Public Reach lists the paths from public methods to private ones. + New analysis : Avoid Static calls on objects when possible + Deprecated analysis : Is Php Function + Refactored analysis : Removed usage of IsExtFunction analysis + Refactored analysis : 'Could Be array' relies on ... too + Refactored analysis : 'No need for else' now skips elseif + Refactored analysis : 'Undefined constants, functions, traits, interfaces, classes{const, static P/M}' now leverages the stubs + Refactored analysis : 'Insufficient typehint' checks for union types + Refactored analysis : 'Used Once Properties' now omits classes that have dynamic properties + Refactored analysis : 'Unused class constants' + Refactored analysis : 'Reuse variable' has a narrower focus, and takes scope into account. + Refactored analysis : 'Weak Type' Extended analysis to typed containers + Refactored analysis : Definitions stats now break down to isPHP/isStub/isExt + Refactored analysis : Isset() calls with more complex expressions + Bug: fixed PHp/MixedKeyword in analyzer database + Checked unit tests : 4123 / 4132 test pass (99% pass) + Tokenizer + Refactored Foreach variable detection + Fixed constant detection in deep namespaces + Restored Stubs from configuration and commandline + Added fullnspath to static properties + Added Complete/Is*Structure, to finish marking atoms with isPhp, isStub + Deprecating Composer/IsComposerNsname + Fixed bug with class_alias + Added Not to guess list + Fixed bug in engine with comments at the end of scripts. **Version 2.3.5 (Yuchi Gong, 2022-02-02)** + Architecture + 'Complete' ruleset will run the configured rulesets that are not already run + Cobbler + New cobbler : removes readonly option on properties + New cobbler : removes useless variables + Report + Ambassador : added counts with the actual sizes of the classes (constants, properties, methods) + Ambassador : Fixed display of compatibility features + Uml : Report number of classes exported + Analysis + New analysis : List all external dependencies extensions + New analysis : report recycling of foreach() sources + New analysis : report usage of readonly + New analysis : Suggest updating if-then to ternary operator + New analysis : Report multiple similar calls in a row + New analysis : Suggest using FILE_APPEND with file_put_contents() + New analysis : Report missing visibilities + New analysis : Identify literal that may actually be existing constants. + Fixed analysis : Cancelled parameter shall take ??= into consideration + Refactored analysis : 'Cannot use static with closure' analysis is extended to properties + Refactored analysis : Upgraded detection of variable modified by a reference in a PHP or custom function/methodcall. + Refactored analysis : Fixed bug with 'This is for class' where typehint where not correctly seen inside a class. + Refactored analysis : 'Insufficient typehint' was upgraded with class constants checks + Refactored analysis : 'Undefined class' skips ? as a class + Refactored analysis : 'Static loops' now takes into account modifications in the conditions + Refactored analysis : 'Complex expressions' omits match + Refactored analysis : 'Cache variable outside loop' fixed bug with function names and new expressions + Refactored analysis : 'Logical mistakes' now checks for constants on the rest of the comparison + Refactored analysis : 'Cant instantiate class' now takes into account self/static + Refactored analysis : 'Should use self' also reports self opportunities in new expression. + Refactored analysis : 'Written only' fixed a bug with propperties + Refactored analysis : 'No choice' also spots ?: null and ?? null + Refactored analysis : Written Only Variable now takes into account references in parameters + Refactored analysis : Classes's strange names covers methods, properties and classes. + Refactored analysis : Caught but never thrown exceptions have an updated list of exception + Refactored analysis : Unresolved Catch uses updated PHP exception/error list + Refactored analysis : PHP 8.0 new types now covers mixed and also properties. + Refactored analysis : PHP 8.0 union type differentiate between ?A and null|A + Refactored analysis : CIT same names was extended to Enumeration + Tokenizer + Fixed boolval for multiplications + Fixed spaceship for string and boolean values + Added processing to isPhp/isExt/isStub to implemented names **Version 2.3.4 (Yuchi Gong, 2022-01-19)** + Cobbler + New cobbler : remove unused use expression + Added 4 directives to each rules : namespaces, ignore_dirs, include_dirs and file_extensions. They filter out some of the results. + Report + Composer : upgrade the list of core PHP extensions + Analysis + New analysis : Mark simple getters/setters in classes + New analysis : Report unchecked divisions (int and operators) + New analysis : report possible abstract constants in classes (which should be defined in a parent) + New analysis : report recycled variables + Refactored analysis : Upgraded 'Object references' with union and intersectional types + Refactored analysis : Removed edges cases in 'Don't collect void' + Refactored analysis : Extension detection now takes into account enums + Refactored analysis : Upgraded AlwaysFalse with better typehinting inference + Refactored analysis : indentation levels missed several results while reporting + Refactored analysis : interfaces, traits and constants were missing for use expression resolution + Refactored analysis : Undefined Interfaces now exclude better PHP or ext's interfaces + Refactored analysis : Never Used Parameter confused Void and first argument + Refactored analysis : Self were reported as outside a class when in foreach() + Refactored analysis : Clone with non-arrays now checks PHP native functions too + Refactored analysis : Excluded powers from calculations in IsZero + Refactored analysis : Fixed discrepancy between ' and " handling of \ + Extended tests : match without default + Tokenizer + Fixed a bug where static keyword is processed as a simple nsname + Fixed a bug where typehints were not marked as isPhp, isExt or isStub + Fixed an edge case with array functions inside match() syntax + Fixed an edge case with Closures and reference-use variable + Fixed an edge case with static inside ternary + Fixed yield expression scope + Added Table for PHP 8.2 compilations checks + Removed extra void with use expression for traits **Version 2.3.3 (Xu Maogong, 2022-01-05)** + Cobbler + New Cobbler : removes attributes + Report + + Analysis + New analysis : suggest using ?-> when Null is a possiblity + New analysis : Report backward incompatibility with overloaded interface constants + New analysis : Mark variables as local constants when only assigned once + New analysis : suggest using iterable, based on array|traversable usage + New analysis : Report usage of PHP 8.1 intersection typehints + Refactored analysis : Hidden Nullable rule now handles intersection types + Refactored analysis : 'Use Nullable' covers properties too + Refactored analysis : 'Could Be stringable' is extended to trait usage + Refactored analysis : skip static and globals when counting variable usage in methods + Refactored analysis : PHP 8.0 Union type detection includes properties + Added tests to Complete/Overloaded* (CPM) + Tokenizer + Fixed a bug with Ternary and constants **Version 2.3.2 (Wei Zheng, 2021-12-16)** + Cobbler + New cobbler : removes a method + Report + + Analysis + New analysis : suggest ::class instead of get_class() + New analysis : report when a class extends stdclass (for dynamic properties review) + New analysis : Reports when checks are made on the existence of properties + Upgraded analysis : Useless Typechecks is upgraded with union and intersectional type checks + Upgraded analysis : Reporting invalid access to protected CPM + Upgraded analysis : Removed Used Properties with classes with dynamic properties + Fixed bug in PropagateConstants + Tokenizer + Added detection of typehints for variables **Version 2.3.1 (Li Shimin, 2021-12-01)** + Cobbler + Fixed bug with Settypehint when multiple types are available + Report + New Pdff report : PHP Document File Format + Analysis + New analysis : report promoted properties + New analysis : report deprecated PHP 8.2 callable + New analysis : report new in initializers + New analysis : report nested attributes + New analysis : report direct calls to Trait methods and properties + New analysis : report auto vivification of false (PHP 8.1) + New analysis : report implicit float to integer conversion for arrays + Updated analysis : Declare Static and Global early. + Updated analysis : No Null For Native now uses typehints + Updated analysis : refined No Static variable in method + Tokenizer + Fixed bug with __METHOD__ when it is called outside a method **Version 2.3.0 (Wei, 2021-11-18)** + Architecture + Catchup tokens from PHP 5.6 till 7.2 + Report unknown Rulesets during reports command + Extended 'catalog' command to list rules too + Extended 'catalog' command to return YAML format + Report + Added several new analysis to the Rector report + Added mixed and never to Appinfo report + Ugraded Sarif report with bartlett/sarif-php-sdk + Analysis + New analysis : report the missing mixed returntype for jsonserialize + New analysis : report final with constants + New analysis : report never usage (typehint) + New analysis : report PHP 8.1 typehint incompatibilities + New analysis : report PHP 8.0 typehint incompatibilities + New analysis : report PHP 8.0 named parameters + New analysis : report First Class Callable Syntax + New analysis : New Functions in PHP 8.1 + New analysis : Removed functions in PHP 8.1 + New analysis : Prepare 'never' for PHP 8.1 + New analysis : Prepare 'mixed' for PHP 8.0 + New analysis : detect mixed and never usage as typehints + Upgraded analysis : Wrong Number of arguments also works with new first class callable syntax + Upgraded analysis : Typehint stats now includes union and intersection types + Upgraded analysis : Removed functions in PHP 8.0 **Version 2.2.5 (Wood star, 2021-11-03)** + Analysis + New analysis : Calling Trait Static Method directly is deprecated in PHP 8.1 + New analysis : No reference for returned void + New analysis : No Null for PHP native methods + Updated analysis : Wrong type for argument now covers classes, union type and intersection types. + Updated analysis : Wrong type for argument now covers classes, union type and intersection types. + Updated analysis : Unused Private Methods are also detected with array($this, 'xx') syntax + Checked unit tests : 3821 / 3805 test pass (99% pass) + Cobblers + New cobbler : remove typehints from arguments, returns and properties **Version 2.2.4 (Gold star, 2021-10-21)** + Dataset + Updated PHP native dataset with missing classes and typehint. + Analysis + New analysis : Report incompatible typehint with native PHP methods in PHP 8.1 + New analysis : Report Missing Attribute Attribute + New analysis : Report full_path index in $_FILES usage + Updated analysis : Type detection also include return type from methods + Cobblers + Updated cobbler : Set typehint handles typehint from arguments + Tokenizer + Added more cases for Constant types **Version 2.2.3 (Wu, 2021-10-06)** + Architecture + Updated INI files for PHP 8.1 + Data + Extended PHP directives lists + Report + New report Migration 8.1 + Analysis + New analysis : PHP 8.1 removed directives + New analysis : PHP 8.1 removed constants + New analysis : Wrong named parameter for PHP native function + New analysis : Report duplicate named arguments + New analysis : htmlentities (and co) default 2nd argument + Updated analysis : Scalars are not arrays. Extemded with type support. + Tokenizer + Support for callable strlen(...) + Test for new syntax for octal 0o123 **Version 2.2.2 (Si, 2021-09-22)** + Architecture + Refactored documentation + Report + Added support for PHP 8.1 compatiblity + Analysis + New analysis : Restrict $GLOBALS usage + New analysis : No object as array's index + New analysis : Overreaching classes (PHP feature) + New analysis : Report Enum usage + Updated analysis : Typehints/* got new Unit Tests + Updated analysis : Explode optimisation + Tokenizer + Reduced the number of DEFAULT creation for properties + Added support for new PHP 8.1 syntax (Enum ) **Version 2.2.1 (Chen, 2020-11-20)** + Architecture + Export : WIP of exporting PHP code from graph + New directives : rules_version_max, rules_version_min, ignore_rules and ignore_namespace + Report + Sarif : Fixed line number that may be null or less + Ambassador : Fixed visibility report + Analysis + New analysis : check for match as a keyword + New analysis : replace static variable by static properties + New analysis : warn about usage of get_object_vars() + New analysis : report global and static variables that are declared multiple times + Updated analysis : extended Used Classes to abstract classes + Updated analysis : wrong number of argument now supports $this() + Updated analysis : parse_str last argument doesn't apply anymore in PHP 8 + Updated analysis : useless argument now omits parameter with default value + Checked unit tests : 3797 / 3800 test pass (99% pass) + Tokenizer + Fixed race condition with phpdocs + Refactored static and global variables definitions (avoid double definitions) + Fixed detection of [] inside a list() + Fixed detection of alternative syntax for switch + Added use property to usenamespace too (for grouping) **Version 2.2.0 (Mao, 2020-10-15)** + Architecture + Extended Export command to produce PHP scripts from the graph database + Added more typehints + Added new command 'onefile' + Sped up database restart with id reset + Updated list of functions for several extensions. Started adding methods, class constants.. + Report + Ambassador : updated popularities + Ambassador : added missing PHP 8.0 ruleset + Analysis + New analysis : report arguments and properties whose name clashes with the typehint + New analysis : report long preparation before throw command + New analysis : missing __isset() method + New analysis : suggest array_keys() for array_search in loops + New analysis : array_map() complains with values by reference + New analysis : report final private properties + New analysis : report misnamed constant/variable + New analysis : check for attribute configuration (PHP 8.0) + New analysis : suggest dropping variable in catch clause + New analysis : report resources that should not be tested with is_resource (PHP 8.0) + New analysis : check for named arguments and variadic + Updated analysis : wrong number of argument now supports $this() + Updated analysis : redefined private property uses OVERWRITE + Updated analysis : refactored UndefinedFunctions for speed + Updated analysis : array_map() complains with values by reference + Updated analysis : removed false positives on properties in strings + Updated analysis : unsupported types with operators skips cast values + Updated analysis : cancelled parameters are also for array_map/array_walk + Updated analysis : variable variable skips variables inside strings + Updated analysis : removed functions are not reported when in if/then with function_exists() + Updated analysis : wrong optional parameter fixed false positive with ... + Updated analysis : extended list of removed directives, functions and constants + Removed analysis : RealVariables + Checked unit tests : 3761 / 3772 test pass (99% pass) + Tokenizer + Added Void to empty default/case + Bitoperation added to isRead + Fixed list[] in a Foreach + Fixed token T_OPEN_DOLLAR_CURLY_BRACKET **Version 2.1.9 (Yin, 2020-10-01)** + Architecture + Removed old and unused commands + Modernized usage of docker as phpexec + New directive php_extensions to managed list of ext + Report + Ambassador : removed 3 gremlins from typehint stats, added scalar types + New Migration80 report, dedicated to PHP 8.0 migrations + New Stubs.ini report, dedicated to exakat extensions production + Analysis + New analysis : report arguments which are not nullable because of constants. + New analysis : could use stringable interface + New analysis : suggest explode()'s third argument when applicable + New analysis : suggest PHP 8.0 promoted properties + New analysis : report arrays with negative index, and auto-indexing + New analysis : report unsupported types with operators + New analysis : report usage of track_errors directive (PHP 8.0) + New analysis : report useless types on __get/__set + New analysis : count the number of use expressions in a file + New analysis : Avoid modifying typed arguments + New analysis : Report Assumptions in the code + New analysis : array_fill() usage with objects + New analysis : mismatch between parameter name and type + Updated analysis : magic methods definitions also find usage for __invoke() + Updated analysis : noscream operator usage may have exceptions + Updated analysis : identical methods and identical closures + Updated data : list of exceptions and their emitters + Tokenizer + Upgraded detection of extensions' structures, beyond functions **Version 2.1.8 (Chou, 2020-09-18)** + Architecture + added '--' options, and kept the '-' options, for migration purposes. (--format and -format are both available) + Added support for PHP 8 attributes in dump.sqlite + Added 'precision' to rule docs. + Moved all but one data collection from Dump -collect to Dump/ analysis. + Report + New report : SARIF + Typehint suggestion report : Tick classes when they are fully covered + Weekly report : fix donuts display. + Stubsjson : Added support for PHP attributes + Stubs : Added support for PHP attributes + Analysis + New ruleset : CI-Checks + New analysis : 'Multiple declare(strict_types = 1)' + New analysis : 'No more (unset) in PHP 8' + New analysis : Cancel methods in parent : when methods should not have been abstracted in parent class. + New analysis : '$php_errormsg is removed in PHP 8' + New analysis : 'Mismatch Parameter Name' checks parameter names between inherited methods for consistency + Upgraded analysis : 'Useless Arguments' is accelerated + Upgraded analysis : 'Don't use Void' weeded out false positives + Upgraded analysis : 'Wrong type for native calls' weeded out false positives + Upgraded analysis : 'Non static methods called statically' was refactored for PHP 8.0 support + Upgraded analysis : 'PHP Keywords' includes 'match' + Upgraded analysis : 'Useless instruction' reports '$a ?? null' as useless. + Upgraded analysis : 'Uncaught exceptions' is extended to local variables + Upgraded analysis : 'Foreach favorites' also covers the keys + Upgraded analysis : 'Should Preprocess' skips expressions with constants + Upgraded analysis : 'Compare Hashes' has more functions covered + Removed analysis : 'Normal Properties' : no need anymore. + Tokenizer + Moved isPhp attribute to Task/Load plugin + Created isExt attribute to Task/Load plugin **Version 2.1.7 (zi, 2020-09-07)** + Architecture + Refactored loading class, to keep query load at optimal size for Gremlin + GC during load to free memory + More typehints + Move several collections to Dump/ ruleset + Report + Upgraded Typesuggestion report with report on closures and arrow functions + Added Arrowfunctions in inventories + Added collection of arguments and details for closures and arrowfunctions + Analysis + New analysis : Could Be In Parent : suggest methods that should be defined in a parent + New analysis : Don't pollute namespace + New analysis : report insufficient return typehints + Upgraded analysis : 'Method signature must be compatible' now PHP 8.0 compatible + Upgraded analysis : 'Wrong type with native function' fixes false positives + Upgraded analysis : 'Same condition' added coverage for || conditions + Upgraded analysis : 'Missing returntype' extended to class typehints + Upgraded analysis : 'Should Use This' also covers special functions like get_class_called() + Upgraded analysis : 'No concat in loop' skips nested loops + Upgraded analysis : 'Always false' covers typehint usage + Upgraded analysis : 'NoChoice' doesn't report large expressions + Upgraded analysis : 'Dont mix PlusPlus' skip () and = + Upgraded analysis : 'Fallthrough' don't report final cases without break + Checked unit tests : 3663 / 3630 test pass (99% pass) + Tokenizer + Removed 'root' property + Upgraded to new Attributes #[] in detection and normalisation + Fixed constant detection within instanceof + Created RETURN and RETURNED for Arrowfunctions (there is no return otherwise) + Parent method also calls children methods when those are not defined there + Support for multiple attributes in one syntax **Version 2.1.6 (Night Patrol Deity, 2020-08-28)** + Architecture + More typehints coverage + Various speed-up + Lighter logging with gremlin + Fixed installation path + Report + Upgraded Typesuggestion report + Upgraded Stubs and Stubsjson + Analysis + New analysis : report PHP 8.0 unknown parameters + New analysis : overwritten methods with different argument counts + New analysis : Warn of iconv and TRANSLIT for portability + New analysis : Warn of glob and {} for portability + Upgraded analysis : 'Useless check' covers new situations. + Upgraded analysis : 'Abstract away' now covers new calls. + Upgraded analysis : 'Must return Typehint' skips Void. + Upgraded analysis : 'Missing new' with less false positives + Checked unit tests : 3559 / 3630 test pass (98% pass) + Tokenizer + Support for Virtualmethod and imports from traits + Refactored Usenamespace atom + Fixed calculations of fullnspath for static::class + Fixed detection of null/true/false in new() + Added support for T_BAD_CHARACTER **Version 2.1.5 (Day Patrol Deity, 2020-08-04)** + Architecture + Fixed comment size estimation by 1 for T_COMMENT + Added more typehints to code + Report + Typehint suggestions : added ticks to fully typed methods + Emissary : Extract more information from dump.sqlite, instead of datastore.sqlite + Ambassador : Added a list of parameters, defined in the application + Ambassador : Added a list of fossilised methods + Stubs : Added check around PHP native functions and CIT + StubsJson : Added property for PHP native structures + Analysis + New analysis : Report insufficient initialisation for array_merge() collector variable + New analysis : Report useless triple equals + New analysis : Don't compare typed boolean return values + New analysis : Report wrong type used with PHP functions + New analysis : Suggest abstracting away some PHP native functions + New analysis : Report try block that are too large + New analysis : Report variables potentially undefined in catch clause + New analysis : Report swapped arguments in methods overwriting + Upgraded analysis : InvalidPackFormat speed up + Upgraded analysis : Added parameter to Security/ShouldUsePreparedStatement to choose the preparing method + Upgraded analysis : Added parameter to Security/HardcodedPasswords to choose the name of properties/index + Upgraded analysis : PHP 8.0 new scalar typehint, stringable interface + Tokenizer + Added support for named parameters (PHP 8.0) + Trimmed some properties from atoms + Removed non-existent atom mentions + Added support for Attributes (WIP) + Added support for ?-> + Added support for new T_*_NAME tokens **Version 2.1.4 (Marshal of Heavenly Blessing, 2020-07-23)** + Architecture + Added time of last commit in audit results + Added more typehints + Upgraded PHP native method description with typehints (WIP) + Report + Typehint suggestion report + New toplogies : call order, + Ambassador : new statistics for typehint usage + Analysis + New analysis : Report double assignation of objects + New analysis : Typehints/CouldBe*, which makes suggestions for typehints + New analysis : Checks for argument type when typehint is present in custom methods + Upgraded analysis : Too Many Finds may be configured for threshold and prefix/suffix + Upgraded analysis : Typehints stats were extended to properties and multiple typehints + Upgraded analysis : Global outside Loop is extended to static variable too + Upgraded analysis : ErrorMessages also detect local variable contents + Upgraded analysis : Speed up for NullBoolean, Interfaces IsNotImplemented, InvalidPackFormat, arrayIndex, noWeakCrypto + Checked unit tests : 3532 / 3496 test pass (99% pass) + Tokenizer + Removed 'aliased' property in atoms + Fixed spotting of PHP native constants, when in Define() structure + Fixed loading of false values + Added support for the trailing comma in closure's use expression + more handling of phpdocs + Null is now reused when it is a default value, as a typehint. + Logical was split in two : Logical and Bitoperation + Added support for match() {} expression + Fixed boolean calculations during Load + Removed auto-referencing in DEFAULT calculations **Version 2.1.3 (Marshal of the Heavenly Canopy, 2020-07-02)** + Architecture + Removed all usage of datastore in Reports, and only rely on dump. + ignore_rules is now case insensitive + Moved some of the loading to a separate gremlin call to reduce the size of node load. + Fixed the branch option with Git calls. + Storing trait's use expresion's options. + Report + Ambassador ; New inventory : PHP protocol used (php, phar, glob://...) + Stubs and StubsJson, have been tested extensively + Analysis + New analysis : report double assignations of the same object ($a = $b = new C) + New analysis : report cyclic references + Upgraded analysis : Used Constants edge situations + Upgraded analysis : No real comparison : extended analysis to constants + Upgraded analysis : extended detection of dynamic method calls to call_user_func* + Upgraded analysis : paths are detected with new functions + Checked unit tests : 3490 / 3520 test pass (99% pass) + Tokenizer + More phpdoc support (from code to report) + Added isPHP to absolute FQN notations **Version 2.1.2 (Mountain Deity, 2020-06-25)** + Architecture + Removed files task from initproject. + Added ignore_rule directive, to ignore specific rules while running a specific report + More documentation (in particular, modifications section) + Exakat avoids to return twice the same results (file and line) + Sped up some analysis, and added a time limit per analysis + Removed double linking for static variables + Report + New reports ; Stubs and StubsJson, which produce the stubs of the audited code (PHP and JSON format) (WIP) + New report ; Typehint suggestion (WIP) + Ambassador ; offers the configuration for all the rules that spotted issues in the current audit, for reuse in other codes + Collect the number of property per class + Analysis + New analysis : Report methods that are too much indented on average + New analysis : Report possible confusion between a class and an alias + New analysis : Report variables that are static and global at the same time + New analysis : Report statement with long blocks + New analysis : Report phpdoc's deprecated methods and function calls + Upgraded analysis : Dereferencing levels now include () and = + Upgraded analysis : Unused Methods now skips classes that calls themselves dynamically + Upgraded analysis : No Need Get_class() was refactored + Upgraded analysis : Avoid Optional Properties was refactored + Upgraded analysis : Variable inconsistent Usage was extended with more reach + Upgraded analysis : Indirect Injections was upgraded with better reach with variables + Upgraded analysis : Direct Injections was upgraded with include + Upgraded analysis : PHP 8.0 new scalar typehint, stringable interface + Upgraded analysis : Mismatch Type and default now avoids undefined constants + Upgraded analysis : Wrong Optional Parameter is upgraded for PHP 8.0 + Upgraded analysis : Indentation level was refactored + Checked unit tests : 3480 / 3510 test pass (99% pass) + Tokenizer + Upgraded detection of PHP native constants, when they are in absolute notation + Dump task stores use expressions' options, plus minor fixes + Added support for Attributes (PHP 8.0) + Added support for Union types (PHP 8.0) + AtomIs step (WITH_VARIABLE) was extended with local variables + DEFAULT doesn't point anymore on auto-updated values + Extended support for phpdoc in the code + Added support for promoted properties (PHP 8.0) **Version 2.1.1 (Earth Deity, 2020-06-01)** + Architecture + Using timeLimit() to prevent Gremlin from running too deep in the rabbit hole + Added Neo4j Graphson V3 Graph driver + Moved 'Dump' rules to a specific Ruleset for easier administration + Propagated the upgrade to PHP 8.0 union types to three more rules + Fixed access to the list of ignored files + Added support for explicit stub files + Fixed multiple calls to Dump (better reentrant) + Report + New report : Meters, which holds measures for the audited code. + Ambassador : inventory of OpenSSL ciphers + Analysis + New analysis : Report unused traits + New analysis : Report chmod 777 system calls + New analysis : Check for keylength when generated by PHP + New analysis : Report methods with prefix/suffix and expected typehint + New analysis : Mark classes when they call dynamically their own methods + New analysis : Check for constants hidden in variable names ${X} != $X; + New analysis : Throw will be an expression in PHP 8.0 + Upgraded analysis : Dangling operator now checks for loops too + Upgraded analysis : 'Variables used once' now skips variable definitions + Upgraded analysis : 'Access Private' takes into account dynamic classes + Upgraded analysis : 'Could Centralize' now uses a custom threshold. Default is 8 usage of an expression to centralize. + Upgraded analysis : 'Return true/false' checks that they are alone in the blocks + Upgraded analysis : 'Unreachable code' checks on constants values before reporting the next expression + Upgraded analysis : 'Magic methods' are case insensitive + Upgraded analysis : 'No Hardcoded passwords' has new functions that require a password + Upgraded analysis : 'Unused methods' are omitted for dynamically called methods and overwritten methods + Upgraded analysis : Insufficient Property Typehint also works for untyped properties + Upgraded analysis : PHP 8.0 new scalar typehint, stringable interface + Checked unit tests : 3383 / 3444 test pass (98% pass) + Tokenizer + Arguments with null as default values, automatically are nullable + Intval is also an integer for logical operations + Default Values now omits recursives assignations + Fixed fullnspath for PHP short tags + Added link between new command and constructor of anonymous classes. **Version 2.1.0 (City God, 2020-05-13)** + Architecture + results stored in HashResults are now testable + Moved all query methods to Query/DSL namespace, from Analyzer class + Report + New report : ClassReview, with focus on classes structures + New report : Typechecks, with focus on type hint usage + Ambassador : Added typehint stats section + Ambassador : fixed display of classes name in classes tree + Ambassador : some missing sections have been rehabilitated + Analysis + New analysis : Trailing comma in signature (PHP 8.0) + New analysis : Hidden nullable types + New analysis : Not implemented abstract methods + New analysis : Report confusion between variables and arguments with arrow functions + Upgraded analysis : No literal for reference was extended + Upgraded analysis : Add zero is extended to constants + Upgraded analysis : This is for classes is now valid with arrow functions + Upgraded analysis : Useless arguments takes also into account constants + Upgraded analysis : Wrong Type With Call supports variadic arguments + Upgraded analysis : Extension constants now support fully qualified names + Upgraded analysis : Bad Typehint relay is compatible with union types + Upgraded analysis : Multiple Identical Cases now handles constants too + Checked unit tests : 3437 / 3477 test pass (99% pass) + Tokenizer + Restored 'List' atom + Interface methods are now 'abstract' by default + Added 'array' typehint for variadic arguments + Distinguish between argument and local variable in fn functions + Removed nullable property + propagate calls now propagates closures and arrow functions + Added support for union types (PHP 8.0) + Check all error messages from php, not just the first ones **Version 2.0.9 (Jialan, 2020-04-30)** + Architecture + Added option in TU for analysis that won't fill the result table. + Reduced the number of duplicate links in the graph + Upgraded tokens for PHP 8.0. + Analysis + New analysis : Don't collect void + New analysis : Wrongly inited properties + New analysis : Not inited properties + Upgraded analysis : PHP 8.0 removed functions + Upgraded analysis : Useless instructions also include global/static variables + Upgraded analysis : Bad Relay Function now works with return types and property types + Upgraded analysis : 'Scalar or object properties' are upgraded with static calls + Removed analysis : Classes and Arrays IsRead and IsModified. Use properties now. + Checked unit tests : 3347 / 3420 test pass (97% pass) + Tokenizer + Fixed edge case for xor, with intval + Refactored multiple calculation for cast values + Added support for links between constants and use expressions + Linked classes with calls, when using use expression **Version 2.0.8 (Ao Run, 2020-04-20)** + Architecture + Added new information in dump.sqlite, to make report autonomous + Analysis + Upgraded analysis : Paths are also recognized with constants, and more functions + Upgraded analysis : Should Use single Quotes + Checked unit tests : 3328 / 3398 test pass (97% pass) + Tokenizer + Fixed detection of PHP constants **Version 2.0.7 (Ao Shun, 2020-04-14)** + Architecture + Adopted strict_types + Removed ctype1 attribute + Moved linting into separate processes + Refactored analysis to export to dump via SQL + Added 'None' ruleset to Dump task + Report + Ambassador : Added Constant's order report + None : Added support for No report + Analysis + Upgraded analysis : Undefined class constants + Upgraded analysis : Undefined global constants + Upgraded analysis : Undefined property + Checked unit tests : 3347 / 3420 test pass (97% pass) + Tokenizer + Support PHP 8.0's tokens + Added support for multiple typehint in the engine + Fixed edge case for boolean type casting **Version 2.0.6 (Ao Qin, 2020-03-04)** + Architecture + Refactored analysis types for first UT + Moving to PHP 7.4 by default + Report + Rector : added more coverage + All : better display of typed properties + Analysis + New analysis : Semantic names of arguments + New analysis : !$a == $b + New prototype : possibles interfaces + Upgraded analysis : Overwritten literals now skips .= + Upgraded analysis : Scalar or object handles return type + Checked unit tests : 3322 / 3420 test pass (97% pass) **Version 2.0.5 (Ao Guang, 2019-11-25)** + Architecture + Fixed access to severity and timetofix from compiled extension + Report + Ambassador : Fixed links to documentation + Analysis + Upgraded analysis : Mismatched Type and Default now omit undefined constants + Checked unit tests : 3366 / 3402 test pass (99% pass) **Version 2.0.4 (Army Defeating Star of Heaven's Gate, 2019-11-18)** + Architecture + Reducing Analyzer's class method count + Moving more collections to Dump/ and Complete/ + Report + Rector : added more coverage + Ambassador : Skiped analysis are now reported, not with -1 + Ambassador : Foreach favorites's graph is displayed + Ambassador : Visibility suggestion has full method names + Analysis + Upgraded analysis : Don't Mix ++ now skips $a[$b++] + Upgraded analysis : Type hint stats skips some return values + Checked unit tests : 3365 / 3401 test pass (99% pass) **Version 2.0.3 (Military Star of the North Pole, 2019-11-11)** + Architecture + Added check on xdebug presence (nesting limit) + Moving more collections to Dump/ + Analysis + New analysis : Nullable typehint requires a test on NULL + New analysis : Typehint that requires too much + Upgraded analysis : Printf check on arguments works with '.' + Upgraded analysis : No magic for arrays skips __get() + Upgraded analysis : Const recommended, but not when methods are used + Upgraded analysis : Written only variables handles compact() + Upgraded analysis : Callbacks need returns, but not for spl_autoload_register() + Upgraded analysis : Extended analysis to Concatenation an Heredoc for Email + Upgraded analysis : Disconnected classes handles case sensitivity + Checked unit tests : 3371 / 3397 test pass (99% pass) **Version 2.0.2 (Danyuan Star of Honesty and Chasity, 2019-11-04)** + Architecture + Adding more typehint + Created new class to build Dot files + Cleaned double examples + Dump handles multiple definitions for constants, class, trait, functions. + Report + Added new Topology report + Added new Type hint topology sort + Stubs : added class constant visibility + Analysis + New analysis : Report argument whose name clashes with typehint + New analysis : Report properties that are insufficiently typed + Moved 'Inclusions' to Dump/ + Added steps to find original and relayed arguments + Tokenizer + Fixed paralellisation bug in Load **Version 2.0.1 (Military Star of the North Pole, 2019-10-28)** + Architecture + Added more return type + Centralized reading for ini or json + Report + Ambassador: fixed Foreach favorites + Ambassador: added sort to number of parameter list + Checked unit tests : 3345 / 3377 test pass (99% pass) + Analysis + Upgraded xmlwriter to json **Version 2.0.0 (Civil Star of Mystery and Darkness, 2019-10-21)** + Architecture + Manual file/line fixes + More simplifcations in load step + Report + Ambassador : fixed performance display + Ambassador : report list of shell commands + Typehint4all : first report + Perfile : fixed sorting + Analysis + New analysis : Report possible typehint for bool, int, string, array. WIP + Upgraded analysis : common alternatives are extended to switch and elsif + Upgraded analysis : xmlreader description includes class constants, properties and methods. + Upgraded analysis : callback needs return, is extended to php native functions + Checked unit tests : 3345 / 3377 test pass (99% pass) **Version 1.9.9 (Lasting Prosperity Star of True Man, 2019-10-14)** + Architecture + Documentation review + Report + New reports : Stubs, Rector + Typehint stats + Stubs takes into account use expression + Added Concrete5 and Typo3 as vendors + Analysis + New analysis : checks on is_a third argument + New analysis : Invalid mbstring encodings + New analysis : Weird Index in arrays + New analysis : Avoid FILTER_SANITIZE_MAGIC_QUOTES + New analysis : Don't forget third argument + New analysis : Hard to update methods + New analysis : Merge two ifthen into one + New analysis : Report wrong type with calls + New analysis : Check case for namespaces + Updated analysis : Undefined interfaces now includes interfaces extensions + Updated analysis : Report more wrong types with return type + Updated analysis : Register globals also applied to class + Updated analysis : Could Use Try covers more new, functions and static calls + Updated analysis : Useless Cast also reports (string) array (always Array) + Checked unit tests : 3343 / 3366 test pass (99% pass) + Tokenizer + Create default values for foreach + Load captures empty files, and omit them + Create default values also handles ??= **Version 1.9.8 (Giant Gate Star of Dark Essence, 2019-10-07)** + Architecture + Upgraded dump command to handle multiple -P + .yaml configuration handles multiple reports + Started journey to strict_types + Code cleaning + Report + Ambassador : Fixed report of Flexible Docs + Ambassador : trimmed delimiters in inventories + Inventory : Foreach, with key values + Analysis + New analysis : Wrong case for functions + New analysis : Parameter Hiding + New analysis : Report usage of Traversable + Updated analysis : Undeclared properties skips undefined properties + Updated analysis : Useless Interface, modernized query + Updated analysis : String Holding Variables now skips default, const, sprintf + Updated analysis : Binaries are not confused with hex + Updated analysis : Extended 'Insufficient typehint' to abstract classes + Checked unit tests : 3324 / 3343 test pass (99% pass) + Tokenizer + Fixed handling of large powers + Added more escaping when storing to SQLITE **Version 1.9.7 (Greedy Wolf Star of Sunlight, 2019-09-30)** + Architecture + Added support for analysis reporting missing values in a reference list + Fixe batch dumping of results + Report + Ambassador : new inventory : dereferencing levels + Analysis + New analysis : Use PHP Native URL parsing functions + New analysis : Maximum dereferencing level + New analysis : Use case value in a switch : it was already tested + Updated analysis : No class as typehint accepts abstract classes + Updated analysis : Create Magic Property reachs out to traits + Updated analysis : Security also reports usage of unserialize() + Updated analysis : Mistmatched default argument also covers methods + Updated analysis : Never used parameter also covers methods + Updated analysis : Unused global also cover static variables + Updated analysis : Duplicate strings threshold is not 15, not 5. + Checked unit tests : 3289 / 3319 test pass (99% pass) + Tokenizer + RETURNTYPE, TYPEHINT, and DEFAUT are not always on, with Void atom, or better. + DEFAULT value targets end-values, skips ??, ?:, () and =. + Exceptions now reports errors in the Query, not where it is thrown **Version 1.9.6 (Star of Birth, 2019-09-23)** + Architecture + Moved new elements to Complete/ + Moved new elements to Dump/ + Initial configuration of project now includes analysis parameters with default + Added descriptions to Rulesets + New command Config : displays current configuration for reuse and editing + Upgraded Doctor : support for docker-php, in-code + Report + Ambassador : removed {} on magic property inventory + Ambassador : new inventory of network protocols used (udp://, ssh2://...) + Analysis + New analysis : avoid mb_string inside loops + New analysis : avoid SSLvx and TLSv1.0 + New analysis : report duplicate literal in the code, with parameter + New analysis : warn about null property + New coverage : calls to __call and __callStatic + Updated coverage : expressions with parenthesis + Updated coverage : default values are now targeting the final value in multiple assignations. + Updated analysis : Strange Variable name skips Staticdefinition and its default value + Updated analysis : Useless instructions are upgrade with pure functions + Updated analysis : Extended Closure2string with Arrowfunctions + Updated analysis : Extended 'Could be local variable' to traits + Updated analysis : Unused Global also covers static variables + Checked unit tests : 3279 / 3304 test pass (99% pass) + Tokenizer + Updated tokens for PHP 7.4 **Version 1.9.5 (Star of Adversity, 2019-09-16)** + Architecture + Added count property to Analysis node, stepstone for Diff analysis + Added support for 'optional' step + Added support for 'interfaces' as typehint for remote definitions + Removed more true/false values + Fixed strtolower with mb_strtolower in Dump + Report + Added several PHP error messages + Ambassador : added inventory of magic properties + Ambassador : added inventory of typehints for methods (WIP) + Added support for function/closure/argument arguments + Added support for function/closure/argument arguments + Analysis + New analysis : No literal value as referenced argument + New analysis : use array_slice or array_splice + New analysis : Useless typechecks with Typehint + New analysis : Report non-implemented interfaces + New analysis : Incompatible Signatures with Self (PHP 7.4+) + New analysis : Report wrong expectations from interfaces + Upgraded analysis : Excluded __construct and __destruct from Magic Methods + Upgraded analysis : Concat and Addition : Now also for bitshift + Upgraded analysis : Incompatible Signatures with Self (PHP 7.3) + Upgraded analysis : Elseif and Sequences are omitted in Level analysis + Tokenizer + Upgraded support for magic properties **Version 1.9.4 (Star of Benefit, 2019-09-09)** + Architecture + Dump avoid storing multiple definition for the same class + Added more native return definitions + Adding UT for Complete/ + Dump inventories are being moved to analysis class + Moving more Themes => rulesets + Report + Ambassador : Fixed several internal links + Ambassador : Displays the levels of nesting in the code + Ambassador : Upgraded compatibility report with PHP 7.4 + New report : Stubs + Analysis + New analysis : PHP 7.4 New Directives + New analysis : Too many dimensions with array + New analysis : Check concat and coalesce precedence + New analysis : Adopt explode() third argument + New analysis : Ternary and useless assignation + New analysis : Nested ternary without parenthesis + New analysis : Spread operator with arrays + New analysis : Max level of indentation + New analysis : Use Arrowfunctions + Upgraded analysis : Clone with non object handles containers + Upgraded analysis : Calling non-static methods statically + Upgraded analysis : Unresolved Instanceof + Upgraded analysis : Array_merge and variadic, extended to isset + Checked unit tests : 3234 / 3259 test pass (99% pass) + Tokenizer + Last element of list() is not omitted anymore **Version 1.9.3 (Star of Longevity, 2019-09-02)** + Architecture + Created new Complete category, with data complement for analysis + Refactored constant propagation + Made code compatible with PHP 7.4 + Rename project_themas to project_rulesets + Added support of -p with .exakat.yaml + Report + Ambassador : reworked presentation for visibility suggestions + Analysis + New analysis : report covariance and contravariance for compatibility + New analysis : no spread operator for hash values + New analysis : self-closing tags are omitted by strip_tags + New analysis : report Openssl_random_pseudo_byte second argument usage + New analysis : CURLPIPE_HTTP1 is obsolete + New analysis : removed PHP 7.4 directives + New analysis : do not use ... with array_merge without checks + Updated analysis : added crc32c as hash algorithm + Removed analysis : Removed Curly Arrays (double take) + Checked unit tests : 3219 / 3240 test pass (99% pass) + Tokenizer + Extended OVERWRITE to Interfaces + Extended support for class_alias() **Version 1.9.2 (Star of Prosperity, 2019-08-26)** + Architecture + Introduced a new set of analysis : Complete + Cleaned code for PHP 7.4 usage + Refactored Query to skip impossible Gremlin calls + Now using Project for project names + Report + New report : classes dependencies (HTML version) + New report : files dependencies (HTML and DOT version) + Ambassador : datas -> data + Analysis + New analysis : {} are deprecated in PHP 7.4 + New analysis : Don't use ENT_IGNORE + New analysis : fn is a PHP 7.4 keyword + Updated analysis : Functions/UseConstantAsArguments covers also password_hash() + Updated analysis : printf arguments now handles positional formatters + Checked unit tests : 3172 / 3199 test pass (99% pass) + Tokenizer + Fixed precedence for left associativity **Version 1.9.1 (Star of Life, 2019-08-19)** + Architecture + Fixed zip as code source + Report + Ambassador : Fixed issues list for Favorites + Owasp : switched dashboards + Analysis + Updated analysis : Loop Calling got one extra check + Checked unit tests : 3148 / 3187 test pass (99% pass) **Version 1.9.0 (Ming Wenzhang of Jiayin, 2019-07-29)** + Architecture + Added missing configuration file for tinkergraph 3.4 + Upgraded support for running exakat with PHP 7.4 + Analysis + New analysis : array_key_exists() now report object usage + New analysis : report mb_strrpos 4th argument + New analysis : Reflection export are deprecated + New analysis : Report classes without parents but with 'parent' + New analysis : Don't use scalar as arrays + New analysis : Report use of PHP 7.4 serialize method + Updated analysis : Multiple Identical Keys checks for undefined keys first + Updated analysis : Dont be too manual : extended to catch clauses + Updated analysis : setcookie detection anchors the keyword at the beginning of the string + Updated analysis : Failed Substr comparison now works with constants + Updated analysis : Added support for continue 2 and 3 + Checked unit tests : 3147 / 3186 test pass (99% pass) + Tokenizer + Added support for __serialize and __unserialize + Added support for numeric literal separator + Skip entirely unparsable files **Version 1.8.9 (Meng Feiqing of Jiachen, 2019-07-22)** + Architecture + Check on graphdb configuration : default to nogremlin + Added support for baseline for project and report + Moved more doc to ruleset + Check on .git folder for update + Added -version option for upgrade command + Doctor honors .exakat.yml file + Analysis + New analysis : Report useless type of checks + New analysis : Disconnected classes + New analysis : Avoid using mb_detect_encoding() + New analysis : Check that source and blind variables are different in foreach + New analysis : ~ or ! favorite + Updated analysis : Is Zero omits multiplications + Updated analysis : Used Private Property is upgraded + Updated analysis : Multiple Identical Keys : refactored + Updated analysis : Undefined variables now skips extract, include, eval + Checked unit tests : 3147 / 3166 test pass (99% pass) + Tokenizer + Refactored support for Foreach : each blind variable is in VALUE + Upgraded precedence for ! (not) + Propagate constants with assignations + Fixed link to $this inside heredoc and co + Fixed an edgecase where Static method call was confused with Newcall **Version 1.8.8 (Wei Yuqing of Jiawu, 2019-07-15)** + Architecture + Modernized tinkergraph support + When pcntl is available, stubs are produced in a child process + Removed duplicated methods + Exported sequences to helpers + More UT libraries are supported + Federated BUSYTIMEOUT in constant + Report + Ambassador and all dependend reports were refactored : menu is configurable with Yaml + Emissary is the upcoming configurable report. + Analysis + New step : Load data from code + New analysis : Variables used for setting aside value temporarily + New analysis : Use PHP array_* functions, instead of loops + Updated analysis : Unused methods now skips methods from PHP native interfaces (Arrayaccess) + Updated analysis : No class for typehint is now omitting PHP and extensions classes + Updated analysis : Switch to Switch applies to comparisons now + Updated analysis : Close namingg was sped up significantly + Updated analysis : array_column() suggestion was refined + Updated analysis : Htmlentities parameters also support some parenthesis usage + Updated analysis : Constant Scalar Expression only target specified expressions + Updated analysis : Static Properties skip Virtual properties + Checked unit tests : 3131 / 3155 test pass (99% pass) + Tokenizer + Refactored support for Exit and Die + Added raw support for phpdoc **Version 1.8.7 (Hu Wenchang of Jiashen, 2019-07-08)** + Architecture + Added bugs fixes up to 7.3.7 + New factory method for the graph + Analysis + New analysis : Backward compatible check on generators (can't return) + New analysis : Report wrong return typehint + New analysis : Use DateTimeImmutable + New concept : Methods that throw errors + Updated analysis : Recursive functions disambiguate methods + Updated analysis : Refactored property/variable confusion + Updated analysis : Could typehint checks on type validations + Updated analysis : Variable used once check for abstract methods + Updated analysis : Array_merge in loops omits file_put_contents() + Updated analysis : Simple Regex covers all special sequences, and unicode sequences + Checked unit tests : 3131 / 3142 test pass (99% pass) + Tokenizer + Differentiated support for self and static in calls + Moved Symfony support to its extension + Reworked loading to make it parallels. **Version 1.8.6 (Wei Yuqing of Jiawu, 2019-07-01)** + Architecture + Added support for Tinkegraph 3.4 + Extended support for Dev + Renamed Themes to Ruleset (WIP) + Split several long running queries into smaller chunks + Cached files to memory, write them once only + Optimized sides queries : omitting them when possible + Added count of issues in Analyse node + Optimized loading by grouping by inV + More coverage for Arrowfunction + Report + Dump : collect PHP cyclomatic complexity + Analysis + New analysis : Dependant abstract classes + New analysis : Don't use Null or Boolean as an array + New analysis : Infinite recursion + Updated analysis : Raised levels + Updated analysis : Method signature must be compatible + Updated analysis : Access Private in Trait is OK + Updated analysis : Recursive function + Checked unit tests : 3099 / 3105 test pass (99% pass) + Tokenizer + Upgraded support for 'Modules' **Version 1.8.5 (Zhan Zijiang of Jiaxu, 2019-06-24)** + Architecture + Fixed several bugs in the online documentation + Started removing analysis, replacing with analysis + Fixed path in docker PHP usage. + Report + Ambassador : Export full INI and YAML config to replicate audit + Analysis + New analysis : Unused class constants + New analysis : Could Use available Trait + New analysis : literal that Could Be Constant + Updated analysis : Access Private in Trait is OK + Updated analysis : multiple identical argument is extended to closures, methods + Updated analysis : ext/rdkafka + Updated analysis : No Hardcoded Hash is accelerated + Updated analysis : Extended printf() check to constants + Updated analysis : Optimized 'redefined method' + Updated analysis : Memoize Magic Call + Updated analysis : set_locale requires constants + Checked unit tests : 3099 / 3105 test pass (99% pass) + Tokenizer + Added missing isModified to Foreach keys + Class Method Definition handles old style constructor + strict_types don't yield a block + Added typed values for magic constants + Refactored new -> constructor link for Self, Static, parent + Added missing arguments count to Newcall **Version 1.8.4 (Wang Wenqing of Jiazi, 2019-06-17)** + Architecture + Added support for PHP in docker images for compilation tests + First prototype for Gremlin in a specific docker image + Report + Ambassador : restored original URL + Replaced 'Complexity' => 'Time To Fix' + Replaced 'Receipt' => Ruleset + Analysis + New analysis : regex with arrays + New analysis : Complex property names + New analysis : array_key_exists speed up + New analysis : curl_version forbidden argument + New analysis : PHP 7.4 new functions, classes and constants + Fixed analysis : Long Variable + Updated analysis : printf() format check extended to constants + Updated analysis : Written only variables is extended to static and global + Updated analysis : refactored 'Make default' + Updated analysis : 'Wrong number of arguments' is extended to methods + Updated analysis : 'Use coalesce' checks for + Updated analysis : Refactored 'Nested ifthen' to have a parameter + Updated analysis : Extended 'Class Usage' to return typehint + Updated analysis : Sped up 'Used Classes' + Checked unit tests : 2993 / 3071 test pass (97% pass) + Tokenizer + Upgraded handling of declare with strict_types + Support for magic properties across classes and traits + Added support for parent with properties + Properties are handled with static and normal at the same time + Fixed virtualproperties with static keyword (self and parent are ok) + Added argument count for 'new A', without parenthesis + Restored old break behavior for PHP 5 and older. **Version 1.8.3 (Jade Man of Yang, 2019-06-10)** + Architecture + Extension docs show version numbers + Manual uses internal links + Report + New report : SARB + Updated report : Ambassador list number of arguments in natural order + Analysis + New analysis : from substr() to trim() + New analysis : suggest making magic property a concrete one (2 ways) + New analysis : no array auto-append + Updated analysis : 'Scalar or object property' refactored + Updated analysis : 'Multiple identical keys' get a new check on intval, broadened to constants + Updated analysis : 'Indirect injection' accelerated + Updated analysis : 'Could be class constant' accelerated + Updated analysis : 'Never used property' refactored + Updated analysis : 'Modern empty' modernized and broadened + Updated analysis : 'Useless check' skips isset/empty as they may be useful + Updated analysis : 'Identical methoods' skips abstract methods + Updated analysis : 'No Count Zero' also uses sizeof(), skips switch() + Checked unit tests : 2993 / 3071 test pass (97% pass) + Tokenizer + Upgraded local definitions for properties to Load phase + Handle static keyword in closures + Moved 'Real' to 'Float' + Created 'Scalartypehint' atom + Fixed intval, boolval for \true and \false **Version 1.8.2 (Zhao Ziyu of Dingchou, 2019-06-03)** + Architecture + Refactored 'Update' command, to VCS + Collect missing definitions counts + Report handles a list of analysis names + Analysis + New analysis : No Need To Get_Class + New analysis : Report identical inherited methods + New analysis : Function returning -1 in case of error + Updated analysis : TypeHint must be returned, doesn't apply to abstract methods or interface methods + Updated analysis : 'Could Use Interface' also checks for static and visibility + Updated analysis : 'Concat empty' skips variables + Checked unit tests : 3024 / 3048 test pass (99% pass) + Tokenizer + Created 'virtual' properties, for limiting children agglomerations + Fixed normalized code for use traits + Added DEFAULT to all variable definitions + Connect strings to class definitions + Handle variable in 'compact', when they are static **Version 1.8.1 (Zhang Wentong of Dinghai, 2019-05-27)** + Architecture + Fixed Symlink destination + Added collecting classes children, traits and interfaces counts + Added support for constants and functions in modules + Added missing functions in data + Report + New report : exakatYaml, which help configuring exakat + New report : Yaml + New report : Top10 + Updated report : Json, text and xml get 'fullcode' + Analysis + Updated analysis : Should use self is extended to parent classes + Updated analysis : Should use prepared statement now skips some SQL queries + Checked unit tests : 3024 / 3048 test pass (99% pass) **Version 1.8.0 (Zang Wengong of Dingyou, 2019-05-20)** + Architecture + Added missing native PHP functions + Restored anchor for ignore_dirs[] configuration + Removed more MAX_LOOPING usage + Report + Ambassador : removed { & @ } artefacts from globals + Analysis + New analysis : Function returning -1 in case of error + New analysis : Report PHP 7.4 unpacking inside array + New analysis : Report PHP 7.4 new functions and fn + New analysis : Useless arguments + New analysis : Addition and concatenation precedence for PHP 7.4 + New analysis : report concatenation of empty strings + New analysis : casting has precedence over ternary + New analysis : report already used traits + New analysis : report missing traits in use expression + Updated analysis : isset on whole arrays : extended analysis to Phpvariables + Updated analysis : SQLITE3 requires single quotes + Updated analysis : Dir then slash : extended to constants + Updated analysis : Variable Strange Name extended to strange types + Updated analysis : Possible interface's analysis is sped up + Checked unit tests : 3021 / 3045 test pass (99% pass) + Tokenizer + Fixed fullcode of Usetrait + Extended method definitions to traits + Extended fluent interface detection to parents + Fixed dump for visibility change + Handle method aliases in use expression (as) + Better noDelimiter for double quotes strings **Version 1.7.9 (Shi Shutong of Dingwei, 2019-05-13)** + Architecture + Upgraded list of functions by extension : openssl, math, hrtime + Added global atom to track all globals + Rewrote several Dump queries with DSL + Added support for Notice in Phpexec + Added support for .exakat.ini and .exakat.yaml + Added support for arrow functions : fn => + Added support for spread operator in arrays [...[1,2,3]] + Report + Inventories : added 'inclusions' and 'global variables' + Ambassador : added global variables + Analysis + New analysis : support for ext/ffi, uuid + Updated analysis : Nested Ternary handles parenthesis + Updated analysis : Static loops is extended to references and arrays + Updated analysis : Recursive function is extended to Magic methods and Closures + Checked unit tests : 3014 / 3019 test pass (99% pass) + Tokenizer + Moved 'is_in_ignored_dir' to a property + Cleaned getFullnspath() call in Load + Fixed latent bug on Function fullnspath + Heredoc and Nowdoc are reported as constant if needed + Isset() is not read + Ignore PHP notices when linting + Globals are now centralised across a repository + Extended definitions for Virtualproperties + Removed double DEFINITION link with new **Version 1.7.8 (Cui Juqing of Dingyi, 2019-05-06)** + Architecture + renamed test.php to ut.php in tests + reorganized destinations folders + organized exakat for 'inside code' audit + Analysis + New analysis : support for libsvm + Updated analysis : Multiple unset() handles unset() at the beginning of the scope + Updated analysis : undefined static class now accounts for PHP and module classes + Checked unit tests : 2961 / 2995 test pass (99% pass) + Tokenizer + Extended class usage to static::class. + refactored 2 analysis for speed : double instruction and double assignations + fixed recent bug where Project token is twice. **Version 1.7.7 (Sima Qing of Dingmao, 2019-04-29)** + Architecture + Upgraded to gremlin-php 3.1.1 + Moved autoload into its own namespace + Started extending themes to modules + Skip external libraries when unit testing + Dump got one more query moved to DSL + Fixed build for overwritten methods, extended to magic methods + Load tokens by batch (5000+ tokens), not by file. + Analysis + New analysis : Security : integer conversion + New analysis : implode() with one argument + Updated analysis : Invalid Regex handles \\ more precisely + Updated analysis : delimiter detection was checked for all of them + Checked unit tests : 2947 / 2983 test pass (99% pass) + Tokenizer + Upgraded Fallback detection for functions **Version 1.7.6 (Jade Maiden of Yin, 2019-04-22)** + Architecture + Refactored Class definition with return typehint + Added configuration for including development extensions. + Extended LoadFinal typehint hunting + Report + Phpcsfixer : new report + Ambassador : report usage of overridden PHP functions + Ambassador : new favorite : variable name in catch clause + Analysis + New analysis : array_merge and ellipsis should use coalesce + New analysis : Report overridden PHP native functions + New analysis : Merge all unset() into one + Updated analysis : Added missing constant for curl, pgsql, openssl + Updated analysis : Variadic are not variable arguments + Updated analysis : Useless Reference argument extended to foreach() + Updated analysis : Use Constant also covers pi() + Updated analysis : Inclusion Wrong Case handles dirname with 2nd argument + Updated analysis : Useless Argument : handles some edge cases with arrays + Checked unit tests : 2947 / 2975 test pass (99% pass) + Tokenizer + Upgraded handling of isRead and isModified attributes + Changed variadic argument counts in method declarations + Fixed original value in 'Sign' **Version 1.7.5 (Xue King Zhuanlun, 2019-04-15)** + Architecture + Cleaned unused variables + Report + Ambassador : bugfixes report version 7.3, dropped 5.6 and 5.5 + Analysis + Updated analysis : Already interface : extended to interface parents + Updated analysis : Else if to elseif : extended to one-liners + Updated analysis : No reference for ternary was extended + Updated analysis : Implements is for interface + Updated analysis : Refactored Is a Magic Property + Updated analysis : Refactored Conditional structures for constants + Checked unit tests : 2926 / 2950 test pass (99% pass) + Tokenizer + Link properties to magicmethod + Deduplicated virtual properties + Added isRead and IsModified properties. Omitting the corresponding analysis. **Version 1.7.4 (Lu King Pingdeng, 2019-04-08)** + Architecture + reports, themes may be specified multiple times + 'project' command also work on themes and report from command line + Added htmlpurifier in auto-ignored libraries + Counting definitions, omitting Virtualproperties + Automatically detect identical files + Report + Inventories are grouped by values, sorted by count + Analysis + Updated analysis : This is for class : extended analysis to self and parent + Updated analysis : Undefined Classes + Updated analysis : Refactored Defined Parent MP + Updated analysis : Redefined PHP function is restricted to global scope + Updated analysis : Could Use Alias also covers functions, constants. + Updated analysis : Refined SQL detection + Fixed step : goToALlParentsTrait missed some of the parent + Checked unit tests : 2916 / 2944 test pass (99% pass) + Tokenizer + Removed impossible implementations of traits + Fixed functioncalls' 'absolute' property + Refined parent's definitions + Trait also sports virtualproperties + Virtualproperties now respect visibilities + Distinguish Variables from Staticpropertynames + Added missing DEFINITION for Use (namespaces) **Version 1.7.3 (Huang, King Dushi, 2019-04-01)** + Architecture + New command 'show' that display project creation command + Refactored UT detection mechanism + Report + Ambassador : report identical files in the code + Ambassador : global variable inventory is now grouped by name + Analysis + Updated analysis : PPPDeclaration style : handles Virtualproperties + Updated analysis : Closure2string : extended analysis + Updated analysis : Non-Ascii variable skips { }, & and @ + Updated analysis : Could Be Static exclude abstract methods + Updated analysis : MismatchedTypehint : handles methodcalls and class hierarchy + Updated analysis : Could Use Try : refined analysis to avoid literals + Updated analysis : Hidden use, handles Virtualproperty + Updated analysis : Classes, wrong case, handles FQN + Checked unit tests : 2846 / 2926 test pass (97% pass) + Tokenizer + Moved creation of Virtualproperty early, to catch more situations + Virtualproperty mimic Propertydefinition + Added extra check when roaming the classes tree + Handles Sign constant values correctly **Version 1.7.2 (Dong King Taishan, 2019-03-25)** + Architecture + Restored the external library checker + Added support for extension's CIT (Symfony, Drupal) + Report + Ambassador : added Suggestions theme to docs. + Perfile : New report, text, per file + Analysis + New analysis : Report potential 'unsupported operand type' + New analysis : Check for existence with __call() and __callstatic + Updated analysis : Wrong number of arguments (methods) upgraded + Updated analysis : Could Be Static ignores empty methods, constants methods + Updated analysis : Added Variable to possibly useless expression + Updated analysis : Constant names are detected based on available noDelimiter + Updated analysis : Abstract classes may have no abstract methods + Checked unit tests : 2889 / 2912 test pass (99% pass) + Tokenizer + Added link between __clone and clone + Now handling functions and constants when ignored + Fixed dynamic constants in collector **Version 1.7.1 (Bi King Biancheng, 2019-03-18)** + Report + Ambassador : report lines that concentrate lots of issues + Analysis + Extended GoToAllImplements to extended interfaces + Updated analysis : NoScream usage, with authorized functioncall list like fopen + Updated analysis : HiddenUse with support for virtual properties + Checked unit tests : 2867 / 2900 test pass (99% pass) + Tokenizer + Added support for 'Virtualproperties' + Harmonized file escaping feature **Version 1.7.0 (Bao King Yama, 2019-03-11)** + Architecture + Added auto-documenting 'ignored' cit to weed out obvious false positive + Report + Made Diplomat the default report + Added History report : it stores metrics from audit to audit + Analysis + New analysis : Identify self transforming variables ($x = foo($x)) + New analysis : Report unclonable variables + Updated analysis : Undefined Classes, Interfaces and Trait now omit 'ignored' cit from folders + Updated analysis : Inconsistent usage is refactored for properties + Updated analysis : Useless expression, with clone new x + Updated analysis : Only Variable For Reference accepts $this, $_GET + Updated analysis : Lost References was modernized + Checked unit tests : 2854 / 2884 test pass (99% pass) + Tokenizer + Refactored support for Staticmethod (in a trait's use) + Added definitions for trait's use **Version 1.6.9 (Lu King Wuguan, 2019-03-04)** + Architecture + Optimized Dump when navigating the links to the File Atom + Refactored LoadFinal into separate classes + Upgraded to Tinkergraph 3.3.5 + Added options to cleandb to stop and start gremlin from exakat + Skip the task if no analysis has to run + Analysis + New analysis : Report inconsistent usage of properties or variables + New analysis : Typehinted return must return + Updated analysis : Variables used once handles closure (use) correctly + Updated analysis : Is Zero was refactored partially (WIP) + Updated analysis : Bad Typehint relay got a fix + Updated analysis : Function Subscripting is only suggested for one usage + Updated analysis : Lost References was modernized + Checked unit tests : 2854 / 2881 test pass (99% pass) + Tokenizer + Added definition for injected properties + Fixed sack() for subqueries + $this is not a classic variable + Removed double DEFINITION links + Fixed edge case with define() at the end of a script **Version 1.6.8 (Yu King Songdi, 2019-02-25)** + Architecture + Added support for PHP 8.0 + Fixed Constant FNP + Advance progressbar when ignoring files + Report + Ambassador : report usage of factories + Collect stats about Foreach usage + Analysis + New analysis : Report violation of law of Demeter + New analysis : Report removed constants and functions in PHP 8.0 + Updated analysis : Refactored Nullable Typehint + Checked unit tests : 2851 / 2872 test pass (99% pass) + Tokenizer + Fixed edge case for Logical with strings + Reduced max level of looping in GoToAllParents + Distinguish $$ and ${$ **Version 1.6.7 (Li King Chujiang, 2019-02-18)** + Architecture + Documentation covers more PHP functions + Added some missing PHP functions + Fixed destination folder for extensions + Report + Ambassador : limited size of default values in visibility report. + Ambassador : reporting class depth + Ambassador : reporting dynamically created constants + Diplomat : leanner, meaner version of Ambassador + New category : Top 10 classic mistakes + Analysis + New analysis : Report when relayed typehint are not the sames + Updated analysis : Regex now handles local variables and constants + Updated analysis : Variables Used Once now covers closures and use + Checked unit tests : 2846 / 2867 test pass (99% pass) + Tokenizer + Defineconstant may be constant + Fixed handling of Nullable for typehint + Started preparing for Gremlin 3.4.0 : WIP **Version 1.6.6 (Jiang King Qinguang , 2019-02-11)** + Architecture + Removed FetchContext() from DSL + Added options to follow constants from atomIs. + Report + Now dumps magic methods + Analysis + New analysis : Report insufficient interfaces in typehint + Updated analysis : Class constant now ignore empty classes + Checked unit tests : 2837 / 2858 test pass (99% pass) + Tokenizer + Moved 'Define' to its own atom + Upgraded Logical to hanlde Strings as PHP + Fixed T_POWER => T_POW + Refactored calculation for globalpath + Fixed edgecase with endswitch; **Version 1.6.5 (Mahagate, 2019-02-04)** + Architecture + Added CVS as an external service + Graph GSNeo4j export variable for shell access. putenv is not sufficient + Dump : report class name, not its code + Extended listAllThemes to extensions + Fixed bug in extension loader with phar + Report + Ambassador : restored file dependencies tree + Ambassador : fixed altered directive filename + Ambassador : added direct link to docs + Analysis + New analysis : arrays that are initialized with strings + New analysis : Avoid Lone variables as conditions + New analysis : Added support for weakref and pcov + Updated analysis : extended regex to arrays in preg_* calls + Updated analysis : Implicit globals now also marks the variable in global space + Updated analysis : Add Zero, Multiply by One also cover 2 * $x = 1; + Updated analysis : Could Use Interface now takes into account PHP interfaces, and classes first level. + Updated analysis : Relay Functions now omits calls to parent's __construct and __destruct + Checked unit tests : 2830 / 2852 test pass (99% pass) **Version 1.6.4 (Parasamgate, 2019-01-28)** + Architecture + Added support for CVS as a VCS + Upgraded support for tar as a VCS + Added support modification counts by files + Added first tracking for closures + Upgraded Tinkergraph driver + Report + Added Atoms in the documentations + Extra protection for Class Changes + Analysis + Updated analysis : Use-arguments are now counted as arguments + Updated analysis : Max Argument check was refactored + Updated analysis : IsModified now takes into account extensions + Updated analysis : Should Use This now exclude empty methods + Updated analysis : undefined classes now support PHP 7.4 typed properties + Updated analysis : added missing scalar PHP types + Updated analysis : uncaught exceptions now cover parents + Updated analysis : refactored incompatibility checks for methods + Checked unit tests : 2824 / 2841 test pass (99% pass) + Tokenizer + Refactored alternative ending, removed extra VOID + Upgraded contexts and their nesting + Added extra checks on variables names + Added support for ??= (PHP 7.4) **Version 1.6.3 (Paragate, 2019-01-21)** + Architecture + Better presentation for exakat extensions + Added build.xml for Jenkins + Fixed copyright years + Report + Ambassador : fixed class name for Phpcompilation + Analysis + New analysis : assign and compare at the same time + Updated analysis : uncaught exceptions now cover parents + Updated analysis : strpos too much is extended to strrpos and strripos + Updated analysis : Refactored Indirect injections for more refined reports + Updated analysis : Empty Block doesn't omit Ifthen anymore + Updated analysis : Implemented methods are public mistook interface methods + Updated analysis : Object Reference omits arguments that are wholly assigned + Checked unit tests : 2808 / 2826 test pass (99% pass) + Tokenizer + Added support for PHP 7.4 typed properties (needs PHP 7.4-dev) **Version 1.6.2 (Silver Headed Gate, 2019-01-14)** + Architecture + Fixed infinite loop when an option missed a value + Produce phpversion in config.ini, but leave it commented + Report + Ambassador : colored syntax for visibility report + Ambassador : inventory reports now display number of usages + Analysis + Updated analysis : Added support for PHP 7.2.14 + Updated analysis : Avoid Using Class handles \ + Updated analysis : Unused Functions works with multiple identical functions + Checked unit tests : 2795 / 2817 test pass (99% pass) + Tokenizer + Fixed bug that mixed T_OR and T_XOR + Fixed bug that missed intval for Power + Handles multiple definitions of functions + Removed one Void too many with closing tag **Version 1.6.1 (Golden Light Gate, 2019-01-07)** + Architecture + Upgraded documentation for Extensions + Upgraded processing of files, specially with special chars + Project stops when no token are found + Storing hash for each files. RFU. + Report + Ambassador : added support for class constant's changes + Ambassador : added classSize report + Ambassador : 'New issues' now takes line difference into account + Themes are better dumped + Analysis + New analysis : array_key_exists() is faster in PHP 7.4 + New analysis : partial report from preg_match() + Updated analysis : Avoid Using Class handles \ + Updated analysis : Class Usage uses class_alias() + Updated analysis : Empty traits + Updated analysis : Unused arguments now skips __set() + Updated analysis : Path strings + Updated analysis : Missing include handles more concatenations + Checked unit tests : 2792 / 2812 test pass (99% pass) + Tokenizer + Fixed precedence for identical operators + Fixed bug with ?> inside switch **Version 1.6.0 (VirupakSa, 2018-12-31)** + Architecture + VCS are not tested when they are not used + Analysis + Updated analysis : Php Reserved names ignores variable variables + Updated analysis : Array not using a constant, with Heredoc + Updated analysis : Long arguments + Updated analysis : Empty With Expression ignores simple assignations + Refactored analysis : Callback needs returns + Refactored analysis : No Return used + Checked unit tests : 2780 / 2805 test pass (99% pass) + Tokenizer + Fixed regression with Yield and => + Fixed edge case "$a[-0x00]" **Version 1.5.9 (Dhrtarastra, 2018-12-24)** + Architecture + Use PHP in project config for default PHP version + cleandb uses -p + Moved projects/.exakat to projects/<-p>/.exakat folders + Using $config and not more hardcoded tinkergraph + Extra check on doctor + Report + Ambassador : extra check for 'previous' report + Analysis + Upgraded analysis : Empty With Expression skip a few false positive + Checked unit tests : 2770 / 2795 test pass (99% pass) + Tokenizer + Fixed edgecase for methods named 'class' + Fixed class name in Project **Version 1.5.8 (Virudhaka, 2018-12-17)** + Architecture + Handles themas provided by extensions + Added busyTimeout for dump.sqlite + Reduced size of thema tables + Docs handle parameter dynamically + Added 'update' for extensions + Report + Ambassador : added a 'Path' inventory, with file paths + Analysis + New analysis : Closures that are identical + Upgraded analysis : Url and SQL detection, case sensitivity + Upgraded analysis : Could Use array_fill_keys + Upgraded analysis : Undefined functions doesn't miss functions inside classes, handles interfaces + Upgraded analysis : Empty Functions better handles return; + Upgraded analysis : Long Argument may be configured + Upgraded analysis : Fixed bug with empty include path + Checked unit tests : 2770 / 2795 test pass (99% pass) + Tokenizer + Added FNP to strings + First link between method and definition with typehint + Support for class_alias + Fixed edge case with use ?> + Fixed variable in string behavior for $this and $php variables **Version 1.5.7 (Vaisravana, 2018-12-10)** + Architecture + Extended Dump to support aliased methods + Support for SQLITE in extensions + Moved each framework to extensions + Added Laravel extension + Documentation + First version for the Extension chapter + Fixed mysterious ' in the docs + Report + Ambassador : added a 'New issues' section, with new analysis + Ambassador : added trait matrix + Ambassador : fixed an infinite loop when trait include themselves in cycles + Added more message count to several reports + Analysis + New analysis : method could be static + New analysis : multiple inclusion of traits + New analysis : avoid self using traits + New analysis : ext/wasm and ext/async + Upgraded analysis : No Hardcoded Hash, skip hexadecimal numbers + Upgraded analysis : Defined properties extends to traits + Upgraded analysis : PSS outside a class, when PSS are in strings + Upgraded analysis : Access private works with methods (not just static) + Checked unit tests : 2772 / 2785 test pass (99% pass) + Tokenizer + Fixed bug in Dump, when nothing to clean + Fixed edge bug on Callable detection + Extended support for self, static and parent, in typehint and new + Fixed precedence of yield and yield from + Fixed handling of throw at the end of a script + Added support to solve conflict on traits **Version 1.5.6 (Jingang, 2018-12-03)** + Architecture + Moved all framework to extensions. WIP. + Code cleaning + Refactored the analysis dependency sorting + Now display progress bar for files + Fixed configuration for directories and files + Report + Fixed FileDependecy and DependencyWheel, to actually count messages + Analysis + Added a lot more new method descriptions for PHP native classes + New analysis : suggestion simplification for !isset($a) || !isset($a[1]) + New analysis : Useless Trait alias + New analysis : report usage of ext/sdl + Upgraded analysis : Refactored IsZero, to handle assignations and parenthesis + Upgraded analysis : pack format is better checked + Checked unit tests : 2759 / 2771 test pass (99% pass) + Tokenizer + Fixed a missing fullnspath for origin in Use for Traits + Handles simple aliases for traits methods + Fixed mishandling of variables inside strings + Fixed support of negative numbers inside strings + Fixed bug with yield inside an array + Fixed strange case with define and integers as constant names **Version 1.5.5 (Ratnadhvaja, 2018-11-25)** + Architecture + Initial version of Exakat extensions + Moved processing of 2-tokens files to Load + Speed up CSV creations + Upgrades are read from https, no http + Moved loading's sqlite to memory for speed gain + Doctor now auto-create test folder + Report + New report : Php city. See your PHP code as a city + Ambassador : Appinfo() now reports keywords used as method or property + Fixed reported names of properties + Analysis + New analysis : checks some HTTP headers for security + New analysis : Use _file() functions, not file_get_contents() + New analysis : Optimize looks for fgetcsv() + Upgraded analysis : Several refactored analysis + Checked unit tests : 3083 / 3096 test pass (99% pass) + Tokenizer + Fixed encoding error in loading, for clone types. **Version 1.5.4 (Mahakasyapa, 2018-11-19)** + Architecture + Added error message for memory limit + Added GC to Project action + Migrated Melis to extension + Dumping data is now done en masse + Analysers now handle side-queries + Clear message in case of memory limit + Doctor doesn't stop at missing helpers + VCS leak less errors + Added support for 7z + Extended validation for themas + Restored Tinkergraph driver + Upgrade logs with extra reports + Analysis + New analysis : Report problems with class constant visibilities + New analysis : Avoid self, parent and static in interfaces + Upgraded analysis : Variable reuse now skips empty arrays + Checked unit tests : 3077 / 3090 test pass (99% pass) + Tokenizer + Fixed bug where variable was mistaken for a string inside strings **Version 1.5.3 (Ananda, 2018-11-12)** + Architecture + Extended results to methods, traits + Added support for PHP 7.2.12 + 'master' is not used anymore as default branch + Fixed creation of initial config/exakat.ini + Fixed handling badly written exakat.ini or PHP binary paths + Report + Ambassador : report classes that could be final or abstract + Analysis + New analysis : Property Used Once : now includes redefined functions + New analysis : iterator_to_array() should use yield with keys or array_merge() + New analysis : Don't loop on yield : use yield from + Upgraded analysis : Dependant trait now include parent-traits + Checked unit tests : 3080 / 3093 test pass (99% pass) + Tokenizer + Changed handling of variable that are both global AND local + Disambiguated variables and properties + Extended OVERWRITE to constants and methods **Version 1.5.2 (Master Puti, 2018-11-05)** + Report + Fixed storage of themes in dump.sqlite + Ambassador : report nothing when there are no trait, interface or class in the tree. + Analysis + New analysis : idn_to_ascii() will get new default + New analysis : support for decimal extension + New analysis : support for psr extension + Upgraded analysis : Extended support to PHP native exceptions + Upgraded analysis : Could use typecast now handles intval() second param + Upgraded analysis : Variable strange names avoids properties + Checked unit tests : 3058 / 3085 test pass (99% pass) + Tokenizer + Upgraded support for arrays inside strings (string/constant distinction) + Added DEFINITION for constant() and defined() + Fixed value of line for some placeholder definition **Version 1.5.1 (Eighteen Arhats, 2018-10-29)** + Analysis + New analysis : could use basename() second args + Upgraded analysis : Variables strange names do not report ... + Checked unit tests : 3061 / 3079 test pass (99% pass) + Tokenizer + Moved TRAILING as a property + Moved NULLABLE as a property + Sync ALIAS with AS + Fixed link between Use expression when using an alias **Version 1.5.0 (Pilanpo Bodhisattva, 2018-10-22)** + Architecture + Fixed " in the examples of the manual + Upgraded stability with new history testing + Report + Ambassador : now report interface and trait hierarchy + Ambassador : new format inventory for pack and printf + Dump : Fixed list of traits + Analysis + New analysis : Could Use Try, for native calls that may produce an exception + New analysis : idn_to_ascii() will get new default + Upgraded analysis : Undefined variables exclude $this + Upgraded analysis : Variables used once avoid properties + Upgraded analysis : ext/json : JsonException + Upgraded analysis : added new PHP 7.3 constants (curl, pgsql, mbstring, standard) + Upgraded analysis : scalar or object property now ignore NULL as default + Refactored analysis : UsedProtectedMethod + Checked unit tests : 3059 / 3071 test pass (99% pass) + Tokenizer + Handles NaN and INF when the literals reach them + Static constant may be variable if object is variable + Removed superfluous linking for static calls. **Version 1.4.9 (Lingji Bodhisattva, 2018-10-15)** + Architecture + Extended documentation with phpVersion, time to fix and severity + Upgraded bufixes to PHP 7.2.11 + Added more tests on arguments in the DSL + Removed double definitions for class constants + Initial support for extension folder + Report + Collect the number of local variables, per method + Analysis + New analysis : report accessing properties the wrong way + New analysis : suggest named patterns + New analysis : check Pack() arguments + New analysis : Return in generators, for PHP 7.0 + + New analysis : Repeated interfaces + New analysis : Static properties shouldn't use references until PHP 7.3 + New analysis : Don't read and write in the same expression + Upgraded analysis : is interface methods, extended to magic methods + Upgraded analysis : empty regex + Upgraded analysis : never used properties + Upgraded analysis : logical operators in letters + Upgraded analysis : could use interface, extended with PHP native interfaces + Upgraded analysis : Is Zero, better handling of mixed expressions + Refactored analysis : Empty functions + Refactored analysis : Used Private Methods + Checked unit tests : 3036 / 3055 test pass (99% pass) + Tokenizer + Added DEFINITION between new and __construct + Added support for className::class() + Added better support for dynamic method calls + Added better support for dynamic property calls + Removed some usage of TokenIs **Version 1.4.8 (Ksitigarbha, 2018-10-08)** + Architecture + Adding more validation at DSL step level : stricter check on args, speed gain + Cleaning more analysis from MAX_LOOPING variable + Better protection for file names + Removed static properties from DSL + Analysis + New analysis : Don't use __clone before PHP 7.0 + New analysis : Watch out for filter_input as a data source + Upgraded analysis : Method Used Below refactored for speed + Upgraded analysis : Undefined class constants now takes into account interfaces + Removed anaysis : Relaxed Heredoc was double with Flexible Heredoc + Checked unit tests : 3016 / 3033 test pass (99% pass) + Tokenizer + Build links between methodcall and method in a class + Added links between method and its overwritten version in child + Fixed fallback for functions + Fixed linked between traits and their definition + Removed variable definition for Parametername + Simplified double usage between return and pushExpression() **Version 1.4.7 (Maitreya, 2018-10-01)** + Architecture + Added 'Suggestions' section to documentation, for many rules + WIP : removing usage of MAX_LOOPING in analysis + Added a lot of new external services + Added documentation for creating a new analysis + Analysis + Upgraded analysis : No interface was dropped in PHP 7.2 + Upgraded analysis : IsAMagicProperty extended to parents + Removed anaysis : Relaxed Heredoc was double with Flexible Heredoc + Checked unit tests : 3017 / 3029 test pass (99% pass) + Tokenizer + Linking variable in closure's use to its local variable + Removed some unused atoms from GraphElements **Version 1.4.6 (Dipankara, 2018-09-24)** + Architecture + Various code refactorisations + Migration to PHPUnit 7.3.5 + Fixed filenames case + Better handling of VCS + More validations for project names + More docs + Report + Ambassador/Weekly : fixed ' in analyser titles + Analysis + Upgraded analysis : Fopen mode accepts 'r+b' + Upgraded analysis : Unused Traits + Upgraded analysis : Undefined Variables + Checked unit tests : 3020 / 3033 test pass (99% pass) + Tokenizer + New analysis : report literal used with reference + Added support for boolval to Keyvalue + Fixed support for boolval to Arraylist + Added DEFINITION to static methods + Added Variabledefinition for local variables + Fixed bug in Not **Version 1.4.5 (Guanyin Bodhisattva, 2018-09-17)** + Architecture + Removed times() for until() in Dumps + Report + Manual : added folders tree + Analysis + New analysis : Add Default To Parameter + Upgraded analysis : Avoid reporting PHP function as classes + Upgraded analysis : More empty Functions than just foo() {} + Upgraded analysis : Wrong Number of argument now takes into account variadic + Upgraded analysis : Should Use Constant now encompasses () and ?: structures + Upgraded analysis : This Is Not An Array now takes ArrayObject/SimpleXmlElement into account + Checked unit tests : 3009 / 3020 test pass (99% pass) + Tokenizer + Fixed 'constant' status with Arrayliteral + Fixed bug where strings are build close to the end of the script **Version 1.4.4 (White Dragon Horse, 2018-09-10)** + Architecture + Doctor reports the set of tokens used + Lots of docs checks + Report + Ambassador / Phpconfiguration : report disable_functions and disable_classes + Finished Weekly report + Analysis + New analysis : report ext/seaslog + Upgraded analysis : Incompatible signatures + Fixed DSL : analysisIs + Checked unit tests : 3000 / 3010 test pass (99% pass) + Tokenizer + Closure are now processed with runplugin + Removed depencencies to usedClasses + Fixed detections of Closure at the end of a script **Version 1.4.3 (Sha Wujing, 2018-09-03)** + Architecture + No error if missing svn + Extended 'First' thema + Now reporting PHP native CIT, constants and functions + Report + Ambassador : php.ini suggestions includes disable_functions + Analysis + New analysis : report typecasting for json_decode + New analysis : report classes that could be final + New analysis : simplify closure into callback + New analysis : report inconsistent elseif conditions + Upgraded analysis : Reduced false positive on Type/Default mismatch + Upgraded analysis : Drop Else After Return uses elsif + Upgraded analysis : Unused Private Property (rare) + Checked unit tests : 2990 / 3004 test pass (99% pass) + Tokenizer + Removed extra Void after function definitions + Fixed fullnspath with define() **Version 1.4.2 (Zhu Bajie, 2018-08-27)** + Architecture + Fixed leftover bugs in the new DSL language + Adopter Query in LoadFinal (first test) + Extended support for clone type 1 + Report + New Report : Weekly report + Analysis + New analysis : report forgotten conflict in traits + New analysis : undefined insteadof + New analysis : undefined variable + New analysis : report classes that must call parent::__construct + Upgraded analysis : Inexistant Compact variable + Upgraded analysis : Test class was refactored + Checked unit tests : 2975 / 2989 test pass (99% pass) + Tokenizer + New atom : Staticmethod, for Insteadof (replacing 'Staticconstant') + Added DEFINITION link for array('class', 'method') structure **Version 1.4.1 (Tang Sanzang, 2018-08-20)** + Architecture + Spined off Query for Gremlin, with Exakat DSL. + Centralized 'methods' property in Analysis class + Extended MAX_LOOPING usage + Analysis + Added new thema : Class Review + Upgraded analysis : Defined Parent MP (less queries) + Upgraded analysis : Less false positives + Added support for PHP 7.2.9 + Checked unit tests : 2965 / 2980 test pass (99% pass). + Tokenizer + Fixed Edge case with Ternary and Boolean + Added Staticpropertyname to distinguish from variables + Added support for remote definitions to methods + Removed global path for CIT (no fallback) **Version 1.4.0 (Sun Wu Kong, 2018-08-13)** + Architecture + Chunked result inserts for Dump + More support for PHP 7.4 + Report + Ambassador : added new Appinfo for relaxed Heredoc, trailing comma... + Analysis + New analysis : class can be abstract + New analysis : trailing comma + New analysis : relaxed heredoc + New analysis : removed functions in PHP 7.3 + New analysis : continue versus break + Upgraded analysis : Hardcoded passwords is extended to objects + Checked unit tests : 2964 / 2979 test pass (99% pass). + Tokenizer + Measure definitions stats for classes. + Added support for relaxed heredoc + Added support for closure as a return value + Refactored support for Ternary and Labels **Version 1.3.9 (Du Ruhui, 2018-08-06)** + Architecture + Added support for PHP 7.4 + 'Copy' won't update anymore + Report + Ambassador : fixed repeated 'compatibility' menu entry + Analysis + New analysis : avoid __CLASS__ and get_called_class(). + New analysis : prepare for (real) deprecation + New analysis : const / define preference + New analysis : define case sensitivity preference + New analysis : avoid defining assert() in namespaces + Removed analysis : Variables/Arguments + Checked unit tests : 2957 / 2971 test pass (99% pass). + Tokenizer + Removed Noscream - AT atom + Added definition for class constants + Fixed bug : can't apply ~ to false + Extended DEFINITION support to closure's use and references **Version 1.3.8 (Fang Xuanling, 2018-07-30)** + Architecture + 'Copy' won't update code anymore. + Analysis + Upgraded analysis : 'should use operator' only applies to constant chr() call + Upgraded analysis : Useless Instructions is faster + Checked unit tests : 2948 / 2962 test pass (99% pass). + Tokenizer + Added support for variable definitions in methods **Version 1.3.7 (unnamed demon, 2018-07-16)** + Architecture + Fixed handling of multiple updates + Report + More documentations + Analysis + New analysis : report usage of callback to process array + New analysis : report usage of case insensitive constants + Upgraded analysis : Hardcoded passwords is extended to objects + Upgraded analysis : Go To Key Directly handles comparisons + Added support for PHP 7.0.20 + Checked unit tests : 2948 / 2962 test pass (99% pass). **Version 1.3.6 (Zhang Gongjin, 2018-07-16)** + Architecture + Added support for Rar archives + Removed call to gremlin server at 'status' time + Analysis + New analysis : support for msgpack extension + New analysis : support for lzf extension + Upgraded analysis : added missing function names in several extensions + Checked unit tests : 2941 / 2955 test pass (99% pass). **Version 1.3.5 (Gao Shilian, 2018-07-09)** + Architecture + Removed 4 unused exceptions + Extracted Query from Analysis + Report + Reports : centralized all doc reading + Reports : doc reading now parses sections (avoid overlap) + Ambassador : Added exakat version and build to dashboard. + Ambassador : Added Class Tree (All class hierarchies) + Analysis + Fixed bug with 'last' and '2last' + New analysis : Report undefined::class + New analysis : Report returned assignations as useless + New analysis : Split scalar typehint by versions + Upgraded analysis : Extended Reuse Variable to instantiations + Upgraded analysis : Masking parenthesis are only for referenced arguments + Upgraded analysis : Wrong case doesn't apply to parent/static/self + Upgraded analysis : Locally Unused Properties are extended to traits + Upgraded analysis : Should Preprocess is extended to concatenations + Upgraded analysis : Array_key_fill exclude variables by default + Upgraded analysis : Ambiguous static reports the whole property definition + Checked unit tests : 2919 / 2944 test pass (99% pass). + Tokenizer + Added missing constants + Fixed support for goto true; + Fixed edge case for nested ternaries and boolean + Moved Goto and Label to Name Atom **Version 1.3.4 (Cheng Yaojin, 2018-07-02)** + Architecture + Added check when unarchiving tar.gz and tar.bz + Added check for neo4j installation, (error grabing) + Moved Upgrade to tmp folder + Analysis + Parameters are actually defined in the class + New analysis : ambiguous visibilities of properties + New analysis : report usage of PHP 7.1+ hash algorithm + New analysis : csprng (random_bytes and random_int) + New analysis : ext/libeio + New analysis : report incompatible signatures for methods + Upgraded analysis : Unused Private Methods handles fluent interfaces + Upgraded analysis : Defined Parent keyword + Upgraded analysis : Recursion + Refactored codeIs/codeIsNot + Checked unit tests : 2908 / 2923 test pass (99% pass). + Tokenizer + Added support for 'parent' definitions + Fixed element counts in concatenation + Fixed operator priority in Strval + Upgraded handling of undefined constants to string **Version 1.3.3 (Ma Sanbao, 2018-06-25)** + Architecture + Better handling of fallback to global for functions + Weekly code clean + Refactored several analysis for speed + Report + Ambassador : fixed regression in the dashboard + Fixed edge case with properties + Analysis + New analysis : closure that can be static + Upgraded analysis : empty function doesn't count static or global + Upgraded analysis : reported globals include $GLOBALS also + Checked unit tests : 2881 / 2911 test pass (98% pass). + Tokenizer + Moved collection of functioncall to LoadFinal + Added collection of interfaces and newcall + Moved Declare to its own token + Moved Property definitions to its own token Version 1.3.2 (Duan Zhixian, coming up) + Architecture + Reading stats from store, not graph. + Git now fails silently if login is requested at clone / pull + Report + New analysis : == or === favorites + New analysis : > or < favorites + Upgraded analysis : written only variables is now faster + Upgraded analysis : PHP reserved words has now 2 parameters + Removed analysis : Type/Integer, Real, Closures. + Checked unit tests : 2901 / 2914 test pass (99% pass). + Tokenizer + Static, PPP, Final and Abstract are now properties + Fixed regex in several rules + Added support for code clone detection (WIP) **Version 1.3.1 (Liu Hongji, 2018-06-03)** + Architecture + Cleaned code of unused classes and ; + Fixed connexion script to the database + Fixed check of php.log folder + Report + Ambassador : display correct compilation state + Analysis + Upgraded analysis : used constant is also applied to defined() + Upgraded analysis : used protected methods is case insensitive + Upgraded analysis : Empty class omits extended classes + Upgraded analysis : More sequences to SimplePreg + Upgraded analysis : Throwable is not 'unthrown' anymore + Removed analysis : Static CPM + Checked unit tests : 2901 / 2914 test pass (99% pass). + Tokenizer + Upgraded support for ::class **Version 1.3.0 (Xue Rengui, 2018-06-03)** + Architecture + Added support for Tinkergraph 3.3.3 + Handles situations where exakat has no database + Check for PHP version at bootstrap + Report + Ambassador : Updated PHP recommendation report with PHP 7.3 + All : Variables don't sport ... nor & anymore + Analysis + New analysis : Single Use Variable + New analysis : Should Use Operator + New analysis : Check JSON production + New analysis : Report visibility usage with constants + Upgraded analysis : used constant is also applied to defined() + Upgraded analysis : used protected methods is case insensitive + Upgraded analysis : used directives handle function version + Upgraded analysis : added lcg_value for better rand + Upgraded analysis : Use Nullable extended to methods, closures. + Upgraded analysis : Fixed support for '_' native function + Checked unit tests : 2895 / 2907 test pass (99% pass). **Version 1.2.9 (Wang Gui, 2018-05-28)** + Architecture + Removed query cache from gremlin + Added pre-query check to prevent queries that have no chance of result + Report + Ambassador : first 50% of documentation fix : double quotes are not well displayed + Ambassador : Results are ordered by files, then by lines + Analysis + New analysis : Flexible Heredoc syntax + New analysis : Non-compatible methods + New analysis : Use the Blind Var + New analysis : Inexistant Compact + New analysis : Typehint / default value mismatch + Upgraded analysis : strict_types are not recognized as undefined constant + Upgraded analysis : More new methods for PHP 7.3 + Upgraded analysis : Dependant traits + Upgraded analysis : Strpos comparison + Upgraded analysis : Method Must Return + Checked unit tests : 2885 / 2889 test pass (99% pass). + Tokenizer + Interface may have const, not traits (Loading) + Added support for static call to methods **Version 1.2.8 (Xu Jingzong, 2018-05-21)** + Architecture + Implemented a cache for speed boost. + Refactored files finding method + Git VCS always submit a user when cloning (using exakat by default) + Moved custom themes from themas.ini to themes.ini + Report + Ambassador : fixed naming the audit + Ambassador : added 'Dead code' section + Doctor : split themes display (default/customs) + Analysis + New analysis : Report what should be done in SQL + New analysis : Typehinted reference + New analysis : Strpos doing too much work + New analysis : Can't instantiate class + Upgraded analysis : Don't echo error + Upgraded analysis : PPP Declaration style + Upgraded analysis : Useless abstract class + Upgraded analysis : Buried assignation doesn't report declare anymore + Upgraded analysis : Abstract methods are not reported as unused + Upgraded analysis : relaxed version constraint for all Extensions/* + Checked unit tests : 2852 / 2856 test pass (99% pass). + Tokenizer + Fixed handling of short_open_tags + Fixed edge case with % **Version 1.2.7 (Li Yuanji, 2018-05-14)** + Architecture + Extended status command to all VCS + Added support for customized themes + Added Upgrading section, List of parametrized analysis, revamped summary + Simplified handling of commandline options + Removed usage of JSON for 'doctor' + Report + A lot more documentation, examples, links. + Optimized type downloader + Added report themes pre-requisites + Analysis + New analysis : ext/cmark + Upgraded analysis : too many children is configurable + Upgraded analysis : error_reporting 0 and -1 are not reported as issues. + Checked unit tests : 2835 / 2839 test pass (99% pass). + Tokenizer + Fixed bug where constant self referenced. + Moved Identifiers to Names + Added first definitions for members. **Version 1.2.6 (Li Jiancheng, 2018-05-07)** + Architecture + Moved more classes to helpers + Removed constants for Tokens + Upgraded to Robo 1.2.3 + Report + Added support for custom themas for reports. + Analysis + New analysis : zookeeper + New analysis : Report missing parenthesis + New analysis : Report invalid interval checks + New analysis : Suggest array_unique when possible + New analysis : Report when callback needs a return + New analysis : Reduce the number of if + Updated Exception list, up to PHP 7.3 + Upgraded analysis : Printf Arguments + Upgraded analysis : Count On Null + Upgraded analysis : Regex on Collector + Upgraded analysis : File Inclusion wrong case handles parenthesis + Upgraded analysis : Make globals a property + Upgraded analysis : Invalid regex + Checked unit tests : 2814 / 2818 test pass (99% pass). + Tokenizer + Added definition links for staticmethodcalls. + Added boolean and int values to __DIR__ and co. + Removed several static properties + Fixed precedence of instanceof + Added support for Null val **Version 1.2.5 (Li Yuan, 2018-04-30)** + Architecture + Added command 'config' to configure project from commandline + Made Exakat reentrant + Moved Configuration creation to external file + Upgraded status when audit isn't run yet + Analysis + New analysis : Regex on Collector + Upgraded analysis : Only Variable with reference argument + Upgraded analysis : File Inclusion Wrong Case + Upgraded analysis : Invalid Regex + Added support for PHP 7.2.5, 7.1.17 and 7.0.30 + Checked unit tests : 2802 / 2809 test pass (99% pass). + Tokenizer + Fixed various bugs with constant scalar expression **Version 1.2.4 (Li Chunfeng, 2018-04-23)** + Architecture + Now fail with explicit message for memory running out + Report + Ambassador : Updated 'confusing variables' report + Analysis + Upgraded analysis : Could be short assignment + Upgraded analysis : Could be static + Upgraded analysis : Fail Substr Comparison (handles constants) + Checked unit tests : 2796 / 2801 test pass (99% pass). + Tokenizer + Added propagation of constants when value can be processed + Introduced 'Parameter' token, to differentiate with Variable + Fixed syntax highlighting + Fixed a bug with negative bitshift **Version 1.2.3 (Yuan Tiangang, 2018-04-16)** + Architecture + New append for logs + Report + New report : Manual. + Ambassador : Rewrote the export of 'confusing variables' + Analysis + New analysis : report strtr bad usage + New analysis : don't unset properties + Upgraded analysis : Invalid Regex + Upgraded analysis : Property Could Be Local + Upgraded analysis : No Hardcoded path + Upgraded analysis : echo/print preferences also report printf + Removed analysis : Close Naming (now done at Report level) + Checked unit tests : 2770 / 2786 test pass (99% pass). + Tokenizer + Removed double definition for functioncalls **Version 1.2.2 (Yin Kaishan, 2018-04-09)** + Architecture + Cleaned doctor so it works even without requirements + Fixed special chars with git URL + Report + Ambassador : new inventory with classes changes in heritage + Ambassador : new inventory of large expressions + Upgraded report : Defined Exceptions are cleaned of doubles + Analysis + New analysis : report Redefined Private Properties + New analysis : report substr() usage with strlen + Upgraded analysis for Inclusion Wrong Case filenames + Upgraded analysis : Cast To Boolean is extended to True/False + Upgraded analysis : Omit negative lengths + Upgraded analysis : interface search also include parameter counts + Upgraded analysis : Failed Substr Comparison handles special chars + Upgraded analysis : Identical consecutive omits arrays + Checked unit tests : 2757 / 2775 test pass (99% pass). **Version 1.2.1 (Fu Yi, 2018-04-02)** + Architecture + Fixed generation of analysis logs + Fixed doctor, which wouldn't diagnostic the absence of needed extensions + Report + More real-life examples in docs + Analysis + New favorites : property declaration unique or multiples ? + New analysis : $a = +$b; + New analysis for Melis : Regex check and Route constraints + Upgraded analysis : Constant used below + Checked unit tests : 2760 / 2766 test pass (99% pass). + Tokenizer + Fixed counts in property declarations + Fixed final new lines in heredoc/nowdoc **Version 1.2.0 (Xiao Yu, 2018-03-26)** + Architecture + Upgraded concurrency with analysis + Replaced $_SERVER['_'] by PHP_BINARY + Removed old code (> 1.0.0) + Adopted 'stable' version for progressbar + Fixed loading with Bazaar + Added support for Parametrized analysis + Better initial configuration with doctor + Report + Ambassador : upgraded analysis settings table + Analysis + New analysis : Report Private functions for Wordpress + New analysis : Suggest simplifying chr(123); + New analysis : Too many native calls + Updated analysis : fallthrough are not reported with die + New Theme : Random + Collecting more stats for classes. + Checked unit tests : 2758 / 2741 test pass (99% pass). + Tokenizer + Upgraded support for Heredoc **Version 1.1.9 (Qin Qiong, 2018-03-19)** + Architecture + Better documentation for reports + Adding Real Code examples to documentation + Refactored Config reading + Moved more VCS information to its own class + Report + Upgraded report : Ambassador reports the number of parameters in methods + New report : favorites (spin-off from Ambassador) + Upgraded report : Inventories also covers Dateformat, Regex, Sql, Url, Email, Unicode Blocks. + Analysis + New analysis : too many parameters + New analysis : report mass creation of arrays + Checked unit tests : 2755 / 2738 test pass (99% pass). **Version 1.1.8 (Yuchi Gong, 2018-03-12)** + Architecture + Reduced cache when running analysis + Fixed order of analysis + Report + Ambassador : fixed faceted search problems + Codacy : added codacy-style report + Analysis + New analysis : support for IBM db2, leveldb + New analysis : should use count's second argument + Upgraded analysis : Randomly sorted arrays + Checked unit tests : 2749 / 2731 test pass (99% pass). + Tokenizer + Fixed edge case where die is an argument + Fixed edge case where Yield returns a array **Version 1.1.7 (Xu Maogong, 2018-03-05)** + Architecture + Removed most static in Analysis + Report + New format : All, that produces all reports + Ambassador : new report estimates fitting PHP version + Ambassador : report enable_dl in configuration + Analysis + New analysis : report dynamic library loading + New analysis : suggest array_fill_keys() + New analysis : PHP 7.3 optional last argument + New analysis : added support for xxtea, opencensus, varnish, uopz + Upgraded BugFixes report to PHP 7.2.3 + Updated analysis : ext/cairo has new functions + Updated analysis : PHP 7.3 new functions + Removed analysis : NullCoalesce (double) + Checked unit tests : 2743 / 2731 test pass (99% pass). + Tokenizer + Moved 'constant' to plugins + Fixed bug when updating with HG **Version 1.1.6 (Wei Zheng, 2018-02-26)** + Architecture + Created 'First', a recipe of initial analysis + Prepared installation for compose + Report + Restored 'INLINE' results + New reports : Stats + Collect PHP native function cool + Analysis + New analysis : report suggest compact instead of array + New analysis : list with references (PHP 7.3+) + New analysis : report situation where check is done on non-cast value + New analysis : foreach( $array as $o -> $v) as error prone + Handle cases where PHP regex are not compilable anyway + Checked unit tests : 2732 / 2722 test pass (99% pass). + Tokenizer + Propagate constant concatenation values. + Fixed calculation of intval + Refactored Configuration readers + Fixed bug when calculating __METHOD__ **Version 1.1.5 (Li Shimin, 2018-02-19)** + Architecture + Refactored all reports + Removed outdated Devoops report + Report + Upgraded BugFixes report to PHP 7.2.2 + Ambassador : generates a list of confusing variables + New report : OWASP + Analysis + New analysis : Use Math + New analysis : Extensions ext/hrtime + New analysis : Possible Infinite Loops + Upgraded analysis : addZero, Multiply by one supports new situations + Upgraded analysis : added microtime, uniqid .. to better rand. + Checked unit tests : 2719 / 2724 test pass (99% pass). + Tokenizer + Fixed check on script compilation that was too strict. + Fixed internal assert() + Exported VCS to separate classes + Refactored load with 3 separate plugins : intval, noDelimiter, booval **Version 1.1.4 (The Great White Turle, 2018-02-12)** + Architecture + Build concatenation values in scalar constante expression. + Upgraded export of file dependencies values + Report + Ambassador : fixed duration of audit. + Composer : provides a full list of depend extensions + Analysis + New analysis : Report useless catch + New analysis : suggest using array_search / array_keys instead of foreach + New analysis : double array_flip is slow + New analysis : Suggest using cached values + New analysis : Functions that fallback to global namespace + Upgraded analysis : Encoded letters supports leading 0 in unicode codepoint + Upgraded analysis : Variable strange names now report 3 identical consecutive letters + Upgraded analysis : Upgraded support to __dir__ + Checked unit tests : 2716 / 2711 test pass (99% pass). + Tokenizer + Fixed definitions link for functions **Version 1.1.3 (The fairy Su'e, 2018-02-05)** + Report + Fixed Ambassador : the favorites weren't displayed. + Analysis + New analysis : Report useless references + New analysis : Melis configuration : Undefined configuration array + New analysis : Melis configuration : make string. + Upgraded analysis : Parent first + Checked unit tests : 2700 / 2695 test pass (99% pass). + Tokenizer + Better handling of Labels. + Fixed edge case where class and constants where mistaken one for the other **Version 1.1.2 (Jade Rabbit Spirit, 2018-01-29)** + Architecture + Upgraded docs to tinkergraph 3.2.7 + Analysis + New analysis : Report missing included files + New analysis : ZF3 : No Echo Outside a View. + New analysis : Local Global variable : report variable that looks global but are not + Upgraded analysis : Directive names are check with case sensitive analysis + Checked unit tests : 2687 / 2693 test pass (99% pass). + Tokenizer + Magic Constant hold their actual value + Fixed Fullnspath for constants (case sensitive) + Fixed edge case with exit and die + Fixed edge case with exit and die and -1 **Version 1.1.1 (Wood Xie of Dipper, 2018-01-22)** + Architecture + Fixed path when calling exakat from outside its install folder + First analysis for Melis Framework + Optimized dictionary collection + Report + Ambassador : upgraded graph for class sizes + Analysis + New analysis : report case problems with includes + New analysis : Melis framework + New analysis : inventory of view properties for Zend Framework + New analysis : report view files for Zend Framework + Upgraded analysis : + is accepted as regex delimiter + Upgraded analysis : same condition searches inside blocks + Checked unit tests : 2665 / 2671 test pass (99% pass). + Tokenizer + Magic constants __DIR__ and __FILE__ get their actual value in noDelimiter + Created Eval atom + Removed 'Name' token for echo, print, die, exit. + Upgraded handling of constant names inside strings + Removed a bug when storing dictionary. **Version 1.1.0 (Wood Dragon of Horn, 2018-01-15)** + Architecture + Replaced 'code' property with a dictionary + Tokenizer + Introduced 'Magicmethod' for Magic methods in class + Fixed a bug when ' is in file path + Fixed a bug when several raw HTML are in a PHP script. Version 1.0.11 (Wood Dragon of Well, 2018-01-08) + Architecture + Added assertion for property name. + Report + Ambassador : Added report of classes's size. + Fixed missing audit end's time. + Analysis + New analysis : Sqlite3 doesn't escape " + Upgraded analysis : Strange names also report qqqq sequences in variable names + Checked unit tests : 2617 / 2657 test pass (99% pass). + Tokenizer + Fixed fullnspath handling for constants (case insensitive for the constant name) Version 1.0.10 (Wood Wolf of Legs, 2018-01-01) + Architecture + Fixed Sqlite3 escaping error : use ', not " + Report + + Analysis + Upgraded analysis : ? is possible as delimiter + Analysis works better with nested structures + Checked unit tests : 2601 / 2649 test pass (99% pass). + Tokenizer + First plugin for Load Task. + Upgraded support for define-d constant. + Introduced Phpvariable + Fixed scoping with array index. **Version 1.0.9 (King of Dust Protection, 2017-12-25)** + Report + Ambassador : list complex expressions. + Dump : added function inventory + Dump : added begin and end line for structures. + Analysis + New analysis : report reference error with Ternary operator + New analysis : report Undefined classes in Wordpress. + Upgraded analysis : preg option E, tighter regex. + Tokenizer + Better handling of long path name. TBC. + Introduced Parent, Static, Self, Exit, Echo, Print. **Version 1.0.8 (King of Heat Protection, 2017-12-18)** + Architecture + Doctor reports memory_limit and JAVA_OPTIONS/JAVA_HOME + Made database restart more portable + Added spell checking on docs + Report + Ambassador : Regex inventory added + Ambassador : Largest expressions reported + Analysis + New analysis : report identical operands on both sides of operator + New analysis : report potentially mistaken concatenation in array + New analysis : report mistaken scalar typehint + New analysis : report undefined classes by symfony version + New analysis : report undefined classes by wordpress version + Upgraded analysis : Interfaces are also reported from return typehint + Upgraded analysis : Mistaken concatenation got rid of various false-positives + Checked unit tests : 2601 / 2633 test pass (99% pass). + Tokenizer + Isset, Empty, Phpvariables now have their own atom. + Fixed edge case with $ token + Fixed Constant fqn building + UTF-8 protection for propertyname **Version 1.0.7 (King of Heat Protection, 2017-12-11)** + Architecture + Added /var to default omitted folders + Analysis + New analysis : should use array_filter. + New analysis : ext/igbinary + Checked unit tests : 2533 / 2599 test pass (97% pass). + Tokenizer + Fixed **Version 1.0.6 (Fuli, 2017-12-04)** + Architecture + Refactored description + Moved PHPsyntax to a function + Analysis + New analysis : Never used parameter. + New analysis : always use named boolean parameters + Upgraded analysis : unused arguments + Checked unit tests : 2573 / 2585 test pass (99% pass). + Tokenizer + Added new token : This for $this + Updated loader to handle PHP 7.3 functioncall syntax (final ,) + Turned Markcallable into an independant analysis **Version 1.0.5 (King of Cold Protection, 2017-11-27)** + Architecture + Configured Exakat for Tinkergraph 3.3. Still unfinished. + Documentation now has an external link to extensions. + Report + Ambassador : added more inventories : URL SQL, email, GET index, MD5, Mime + Analysis + New analysis : parent first + New analysis : Report uncommon Environment Vars + New analysis : Report invalid Regex + New analysis : Report contatenation in Zend DB + Fixed analysis : Deprecated Functions + Fixed analysis : Unknown PCRE2 option + Upgraded analysis : hardcoded password + Upgraded analysis : array_merge in loops + Upgraded analysis : substr() first. Handle following expressions + Refactored analysis : Used Functions + Refactored analysis : Add Zero + Checked unit tests : 2573 / 2585 test pass (99% pass). + Tokenizer + Fixed a bug that linked functions and definitions **Version 1.0.4 (Boxiang Demon, 2017-11-20)** + Architecture + PhpExec, get only path to binary. + Cleaned docs of double links + Cleaned code + Report + Added libsodium, Argon2 to Crypto; DL() usage to PHP. + Compatibility report only focuses on backward incompatibilities. + New recipes will cover 'suggestions for better code'. Coming up. + Analysis + New analysis : " string is better than ' (sorry...) + New analysis : PHP 7.3's PCRE 2 + New analysis : report missing 'new' in front of class name. + New analysis : use is_object instead of is_resource for ext/hash + New analysis : report non-countable calls + New analysis : report DL usage in Appinfo + New analysis : slice first, then map arrays. + New analysis : Avoid 5th argument in PHP 7.2 for set_error_handler + New analysis : avoid null with get_class() + New analysis : suggest using list() with foreach instead of arrays + New analysis : avoid using $this as argument in constructor + New analysis : Report usage of ext/vips + New inventory : GPC variables + Updated analysis : Use Class Operator doesn't report methods names anymore + Updated analysis : Long argument size is raised to 60 chars + Updated analysis : ignore when missing break is in last case + Updated analysis : Use This ignores 'self'. + Updated analysis : Randomly sorted Arrays ignores arrays of 3 or less. + Updated analysis : ext/mcrypt gets its constants + Updated analysis : more strange names being used in code + Updated analysis : more PHP 7.2 removed functions + Checked unit tests : 2563 / 2572 test pass (99% pass). + Tokenizer + Reduced duplicated that may lead to loading error. **Version 1.0.3 (Baize Demon, 2017-11-13)** + Architecture + Fixed driver Tinkergraph, which was not setting the right ids. + Doctor now reports $JAVA_OPTIONS, in case one need to allocate more memory + Doctor now reports token limit + Moved config.ini creation to first phase of init. + Fixed collect of error when init with git. + Upgraded driver gremlin-php to 3.0.2 + Report + Ambassador : Now reports the namespaces as a tree. + New analysis : report members that are static and not. + Updated analyzis : normal method called statically. + Analysis + Added support for Drupal, FuelPHP and Phalcon. **Version 1.0.2 (Suanni Demon, 2017-11-06)** + Architecture + Better report of error messages from VCS. + Updated support for Vagrant + Report + Ambassador : Fixed display for 'Callback' + Analysis + New analysis : substr() first, then replace. + New analysis : report double prepare (WP). + New analysis : avoir the +1 month trap + New analysis : check for printf() options + New analysis : check for placeholder in prepare (WP) + New analysis : avoid direct injection into prepare (WP) + New analysis : performance recommendation for switch. + New analysis : merge if/if into if/then/else + Checked unit tests : 2500 / 2536 test pass (99% pass). **Version 1.0.1 (Xueshi Demon, 2017-10-30)** + Architecture + Created Result class for Graphdb results + Docker image is updated with version 1.0.1 + Vagrant files are updated with version 1.0.1 + Preparing support for Gremlin 3.3.0 + Report + Added support for PHP 7.1.11 and 7.0.25 + Analysis + New analysis : could be else (for consecutive opposite if/then) + Checked unit tests : 2517 / 2527 test pass (99% pass). **Version 1.0.0 (Roushi Demon, 2017-10-23)** + Architecture + Tested on Gremlin 3.2.6. Checked Gremlin 3.3.0, but it needs more work. + Upgraded doctor for installation and report. + Upgraded docs to set gremlin-server as default install. + Report + Added support for Clang-style report. + Ambassador : fixed link to exception Tree. + Inventories : Date format, + Audit names are reported in every Ambassador-style report. + Analysis + Upgraded PHP directive list. + Functions In For loop : prevent issue if the function uses a loop variable. + Useless instruction : do not report return $i++ if $i is reference + Useless instruction : Avoir reporting properties when they are magic + New analysis : mark properties to be magic. + Upgraded list of PHP logins, to report hard coded passwords. + Upgraded close naming : variables that differ with 1 chars are reported. + Added assert(false...) to list of branching syntax. + Checked unit tests : 2515 / 2525 test pass (99% pass). Version 0.12.16 (Tawny Lion Demon, 2017-10-16) + Report + Beta version for Drill Instructor + Upgraded Inventories report with Sessions, Cookies, Incoming variables + Analysis + New analysis : Expression too complex. + New analysis : Session Handler must implements SessionUpdateTimestampHandlerInterface + New analysis : is Zero : additions that negate some terms + New analysis : unconditional loops + Upgraded Zend Framework review with latest versions (feed, http, eventmanager...) + Upgraded 'Strange names' with new typos + Upgraded 'Logical to in_array' to handle separated comparisons + Checked unit tests : 2505 / 2515 test pass (99% pass). + Tokenizer + Fixed bug with Sign in Additions. Version 0.12.15 (Nine Headed Lion, 2017-10-09) + Architecture + Server : now supports stop, start and restart. + Every audit gets a random name, for easy differentiation + Added support for PHP 7.3 + Report + Ambassador : list of analysis that report nothing : Good job! + Slim report : fixed build + Analysis + New analysis : file upload names vulnerability check + New analysis : variable that may hold different types of date + New analysis : always anchor regex + Checked unit tests : 2475 / 2480 test pass (99% pass). Version 0.12.14 (Grand Saint of Nine Spirits, 2017-10-02) + Architecture + Support UTF-8 on Gremlin Server (other encoding are not) + Better display of vcs updates + Report + Ambassador : added Security and Performances + Ambassador : Upgraded exception presentation + Analysis + New analysis : report fallthrough in switch + New analysis : inventory regex + Added support for PHP 7.1.10 and 7.0.24 Version 0.12.13 (King of the Southern Hill, 2017-09-25) + Architecture + Code cleaning + Report + Ambassador : changed display of the audit + Analysis + Refactored several analysis Version 0.12.12 (Ruler of the Kingdom of Miefa, 2017-09-18) + Report + Ambassador : fixed collect of interfaces and trait names + Analysis + New analysis : ext/Parle + New analysis : help optimize pathinfo() usage + New analysis : catch array_values() usage with list and pathinfo() + Updated analysis : Don't show error messages with catch->getMessage(); + Updated analysis : No concat in loop handles $x = $c . $x; + Checked unit tests : 2456 / 2461 test pass (99% pass). + Tokenizer + Added support for ', " and > in file names. Still missing support for \ + Restaured fallback to global constants. + Fixed special case : Version 0.12.11 (Half-Guanyin, 2017-09-11) + Architecture + Added support options for branches and tags + Added support for config in server mode + Report + Fixed methods dump for interfaces. + Analysis + Added all analysis to report could be private/protected for + Tokenizer + Fixed handling of '<' char in paths Version 0.12.10 (Golden Nosed Albino Rat Spirit, 2017-09-04) + Architecture + Upgraded server version with config alteration features. + New generated config-cache + Report + Fixed property names in Visibility report + Analysis + Arrays/IsModified : arrays are not modified unless in a (unset) + Tokenizer + Fixed 'constant' for functioncalls + Introduced 'Name' for Identifier without a fullnspath + Added support for branches and tags in init + Fixed edge case with $o->$$b Version 0.12.9 (Lady Earth Flow, 2017-08-28) + Architecture + Creates config.cache, with cached calculated configs. Remove to update. + Report + GraphQL : Upgraded GraphQL report, with relationships. + Analysis + New analysis : suggest moving for() to foreach() + New analysis : shell_exec/exec/`backtick` favorite + Update analysis : Abstract Static is for PHP 7.0- + Tokenizer + Removed Arguments and ARGUMENTS. + Finished 'factory' from Config. + Better handling of long path names. Version 0.12.8 (ruler of the Kingdom of Biqiu, 2017-08-21) + Analysis + New analysis : use foreach, not for() + New analysis : ext/fam, ext/rdkafka + Tokenizer + Fixed edge case where pathnames are too long on OSX. Version 0.12.7 (Old Man of the South Pole, 2017-08-14) + Architecture + Fixed project_vcs when none is used. + Analysis + Better documentation for in_array replacements and array_unique() + Added support for PHP 7.1.8 and 7.0.22 Version 0.12.6 (White Faced Vixen Spirit, 2017-08-07) + Analysis + New analysis : no negative for strings before 7.1 + New analysis : use in_array instead of || + Updated analysis : preg_quote has no delimiter + Tokenizer + Fixed bug in handling real value for negative numbers Version 0.12.5 (White Deer Spirit, 2017-07-31) + Architecture + Removed config singleton + Report + New report : simpletables (HTML) + Analysis + New analysis : report optional parameters + New analysis : report concat inside a loop + Updated analysis : Could Be Class Constant, when no visibility is provided. Version 0.12.4 (peacock Mahamayuri, 2017-07-24) + Architecture + Optimized performances for large projects (over 2M tokens) + Support Neo4j as a driver for Tinkgerpop + Report + Now covering all PHP 7.2 features + Analysis + New analysis : Extension xattr + New analysis : report 'object' as a class name + New analysis : No Array for magic property + New analysis : suggest reducing code for isset + New favorite : and / && + Updated analysis : fetch correct delimiter, even if escaped. + Extended coverage for several analysis + Removed several nested-subqueries (bad for performances) + Tokenizer + Tinkergraph/Neo4j : reworked loading data from disk. + Added protection for $ in filename Version 0.12.3 (Golden Winged Great Peng, 2017-07-17) + Architecture + Prepared options for several back servers : Tinkergraph, Gremlin-Server/Neo4j, Janusgraph + Report + New report : Marmelab (GraphQL server) + Analysis + New analysis : Report when a property is used as object or scalar + New analysis : Mismatched Typehint + New analysis : Mismatched Default values + Upgraded analysis : + Fixed a gremlin bug in noAtomInside + Tokenizer + Added support for trailing comma in group use (PHP 7.2) + Fixed building of constants' values Version 0.12.2 (Samantabhadra, 2017-07-10) + Architecture + Added support for Tinkergraph as graph backend + Report + Ambassador : reports callback/closures, all 3 declares (ticks, encoding, strict_types) + Ambassador : reports strict_types as favorite + PlantUML : upgraded report + Analysis + New analysis : Mismatched ternary branches + New analysis : mkdir, by default, uses 777. + New analysis : ext/lapack + Upgraded analysis : option E for preg_match, refined results + Checked unit tests : 2337 / 2366 test pass (99% pass). + Tokenizer + Added support for Instanceof and GROUPUSE with Nsname Version 0.12.1 (Yellow Toothed Elephant, 2017-07-03) + Architecture + Refactored structures extractions in dump + Report + New report : PlantUML + Ambassador : Appinfo now reports how popular is a feature + Analysis + New analysis : Const / Define() favorite for constants + New analysis : do not return in finally + Upgraded analysis : Add Zero was refactored + Tokenizer + Prepared list of tokens and relations Version 0.12.0 (Manjusri, 2017-06-26) + Architecture + Added support for Janusgraph (Gremlin 3) + Refactored dump's data collection for speed.bb + Report + Added support for Wordpress and Joomla as Frameworks + Analysis + New analysis : Avoid Optional properties + New analysis : Multiple declarations of functions + New analysis : Non breakable spaces in names + New analysis : Favorite Heredoc delimiter + New analysis : ext/swoole + Tokenizer + Modified several nodes/links names, for compatibility purposes Version 0.11.8 (Xiaozuanfeng, 2017-06-19) + Architecture + Starte working on JanusGraph to add to Neo4j/Gremlin3 + Report + Ambassador : reports Strings encoding and Unicode-block (when available) + Ambassador : reports framework founds (first 6, more as we go). + Ambassador : reports how frequently an analysis yield results to compare with current situation + Analysis + New analysis : Classes where declaration order differs from : use, const, properties and methods. + New analysis : Could use interface (but implements is missing) + New analysis : Cant Inherit Abstract Method (PHP 7.2 upgrade) + New analysis : use session_start() options + Updated analysis : Dynamica method calls cover {} too + Checked unit tests : 2305 / 2305 test pass (100% pass). + Tokenizer + Checked code on early PHP 7.2 version Version 0.11.7 (Long Armed Ape Monkey, 2017-06-12) + Report + Ambassador : report detected patterns (2 firsts) + None report : for when dump is sufficient + Analysis + New analysis : could factor functioncalls + New analysis : PSR-* usage + New analysis : support for Judy and Gender extensions + Added thema for Compatibility PHP 7.3 + Added thema for Dependency Injection + Tokenizer + Fixed edge case where classes starting with 'namespace' where mistakenly processed + Removed Block from CIT Version 0.11.6 (Red Bottomed Horse Monkey, 2017-06-05) + Architecture + Removed singleton to Config. WIP + Report + Ambassador : reports usage of PSR 3,6,7,11,13,16. + UML : report now protects file names + Analysis + New analysis : Ext stats + New analysis : report mixed concatenation / interpolation strings + Updated analysis : htmlentities actually uses combinaison, not alternatives, + Updated analysis : Close Tag consistency ignores __HALT_COMPILER files Version 0.11.5 (Intelligent Stone Monkey, 2017-05-30) + Report + Ambassador : fixed visibility suggestion + New report : Dependency wheel + Analysis + New analysis : avoid typehinting with classes + New analysis : implemented methods must be public + New analysis : no reference on left of assignement + New analysis : Could typehint with instanceof + Updated analysis : Useless parenthesis cover clone, yield, yield from. + Updated analysis : Make One Call also reports nested calls + Tokenizer + Split functions and closures, + Split classes and anonymous classes + Split variable with definitions (Property, Static and Global) + File count is always reported (even 0) Version 0.11.4 (Six Eared Macaque, 2017-05-22) + Architecture + Results : returns now multiple results at once + Report + New report : codeflower + Ambassador : report usage of Debug functions, browscap + Ambassador : omits 0 in donuts + Ambassador : faceted search for compatiblity + Analysis + New analysis : report functions whose return is not used + New analysis : only variable can be passed by reference + Added limits to all in-depth searches + Checked unit tests : 2216 / 2216 test pass (100% pass). + Tokenizer + Fixed edge case, where return is finished by a close tag + Split Variables into Variables, Objects and Arrays. Version 0.11.3 (Sun Deity of Mao, 2017-05-15) + Architecture + Speed up batch processing for lists of analysis + Split data collection from the initial dump. + Report + Ambassador : Upgraded presentation of issues, and internals links. + Analysis + New analysis : Sphinx extension + New analysis : GRPC extension + New analysis : reports arrays that are randomly sorted. + New analysis : report multiple catch clauses + Updated analysis : direct injections include all SERVER_* values + Upgrade for PHP 7.1.15 and 7.0.19 + Tokenizer + Split Functioncall into Functioncall, MethocallCall and Newcall. + Added support for 'namespace' in any full name. Version 0.11.2 (Scorpion Demon, 2017-05-08) + Architecture + Code cleaning, and more stability + Analysis + New analysis : Report preference between != and <> + New analysis : report empty regex and wrong delimiters + Added protection for $ in RegexDelimiters Version 0.11.1 (Ruler of Women's Country, 2017-05-01) + Architecture + Fixed handling for large list of data in gremlin queries + Handles static in anonymous classes correctly + Report + Reports handle traits like class. + Analysis + New analysis : ends arrays with , or not (favorite) + New analysis : suspicious comparison + New analysis : strange spaces in strings + Tokenizer + Arrays are now Arrayliteral, split from Functioncall Version 0.11.0 (Immortal Ruyi, 2017-04-24) + Architecture + Removed prepared statements from loops in dump + made Gremlin cache compatible with 32bits platforms + Report + Ambassador : first work on upgrading visibilities for properties. + Analysis + New analysis : could use str_repeat() + New analysis : Crc32() Might Be Negative + Update analysis : Queries in loop reports cubrid and sqlsrv, prepared statements. + Update analysis : type mismatch for indices works on constants too. + Update analysis : Loop calling covers less ground + Tokenizer + Split function and method entities for differentiated processing Version 0.10.9 (Single Horned Rhinoceros King, 2017-04-17) + Architecture + File extensions are processed before include/ignore dirs. + Reduced number of DEFINITION links, leading to less processing. + Added several assertion() in the code + Added assertions report in doctor (better leave them out with phar) + Report + Added support for PHP 7.0.18 and 7.1.4 + Ambassador : better layout for favorites + Zend Framework : 8 new components supported + Zend Framework : now supports zendframework/zendframework too + Zend Framework : report unused components + Analysis + New analysis : report nested Use expressions + New analysis : report repeated regex (to be federated) + New analysis : report code that output directly to std + Updated analysis : Should use this now omits overwritten methods + New analysis : report overwritten methods + Upgraded analysis : 2123 / 2123 test pass (100% pass) Version 0.10.8 (King of Spiritual Touch, 2017-04-10) + Report + Slim report : list of routes used. + Analysis + New analysis : report Group Use Declaration (PHP 7.0+) + Zend Framework : 30 components are now covered. + Slim : No echo in route callable and Inventory of routes. + PHP : list of new PHP 7.2 functions. + Tokenizer + Sped up loading time by 10%. + Added support for PHP6 binary string : $a = u'b'; Version 0.10.7 (Immortal of Antelope Power, 2017-04-03) + Report + Ambassador : fixed composer report. + Added report for Composer (beta phase) + Added report for Slim framework. + Analysis + Added support for Slim versions. + Added 10 new components for Zend Framework 3 + Tokenizer + Fixed support for $ in file names. Version 0.10.6 (Immortal of Elk Power, 2017-03-27) + Architecture + Major speed up of loading and analysis + Fixed themes configuration. + Report + Ambassador : report cookies usage, infinite and NAN usage + Zend Framework : Report incompatibilites component/version for ZF3 + Analysis + Upgraded analysis : 1941 / 1941 test pass (100.00% pass) + New analysis : Zend Framework 3 Deprecated + New analysis : Zend cache, view, db. + New analysis : Report missing type tests. + New analysis : suggest setcookie() with safe arguments + New analysis : Do not cast to Int + New analysis : CakePHP classes compatibilities from 2.5 to 3.3 + Upgraded analysis : instanceof doesn't report traits anymore + Upgraded analysis : mb_ereg has options in the 4th arguments + Upgraded analysis : more strange names + Tokenizer + Reviewed most of the load processing. + Reduced the number of 'fullnspath' properties. Version 0.10.5 (Immortal of Tiger Power, 2017-03-13) + Architecture + Collect graph size in dump.sqlite + Collect memory usage in dump.sqlite + Now uses the calling PHP version to run all parts of exakat (no config) + Doctor report the ran gremlin version. + Report + Ported the Zend Framework report to ambassador + Added regex delimiter in favorites. + Ambassador : syntax coloring + Analysis + New analysis : could be typehinted 'callable' + New analysis : encoded letters in strings for security + New analysis : report arguments that may be callable + New analysis : report strangely named variables + New analysis : report strangely named constants + New analysis : too many FindsBy*() methods + Updated analysis : Useless Instructions doesn't report array_merge(_recursive) with one argument + Updated analysis : array_replace handles ... + Updated analysis : 7.2 deprecation with assert() + Generalized usage of commons for CIT + Added first 4 set of analysis for Zend Framework 3 + Added support for dynamic new $a[i]; + Tokenizer + Fixed fullnspath with new on functioncall + Reduced the number of fullnspath loaded + Added support for 's'() as functioncall + Fixed case where file names has ' ' in it Version 0.10.4 (Dragon King of the West Sea, 2017-03-06) + Architecture + Ignore some classic files by default (README, LICENSE...) + Report + Ambassador : protection of HTML values + PHPcompilation : fixed export to stdout + Analysis + New analysis : report useless else branches + New analysis : should regenerate session Id, for PHP and Zend Framework + Added support for Extension Data structures (ext/ds) + Upgraded analysis : Hardcoded Hash + Speed up analysis for extensions + Tokenizer + Fixed edge case where a constant was used inside a ternary operator + Fixed processing of labels Version 0.10.3 (Dragon King of the Jing River, 2017-02-27) + Architecture + Added URL glossary to Manual. + Extended CS ruleset + Use exakat/exakat as user/login for git. + New helper to rename analysis + Project command now accept -P/-T to run one analysis/Thema directly + Report + New report style : Codesniffer + Analysis + New analysis : suggest usage for array_column() + New analysis : __DIR__ must be concatenated with a string starting with '/' + New analysis : report usage of parent, self and static outside a class/trait + New analysis : report properties used only in one method + New analysis : report properties used only once at all + New analysis : multiple aliases per class + Updated analysis : Fopen() mode support 'e' option (7.1.2 + ) + Updated analysis : Make One Call covers str_replace, substr_replace, preg_replace* + Updated analysis : Unused arguments : now ignores arguments from interface or parent + Tokenizer + Removed double DEFINITION link. Faster loading, less processing. + Fixed an edge case when function name is boolean or null. + Cleaned atom and tokens names + Fixed edge case when object is instantiated in a ternary Version 0.10.2 (Water Lizard Dragon, 2017-02-20) + Architecture + + Report + Text format now understand -T, -P to extract only some of the results. + Fixed dump of extends. + Analysis + Added support for PHP 7.1.2 and PHP 7.0.16 + New analysis : report forgotten 'throw' keyword. + New analysis : report class / function confusing name + Added support for libsodium + Upgraded PHP Relaxed Keyword : Ignore properties. + Upgraded analysis : 1824 / 1826 test pass (99.9% pass) + Tokenizer + Fixed a bug that mistakes native PHP classes for functions + Fixed rare situation with grouped const/function. Version 0.10.1 (King of Wuji Kingdom, 2017-02-13) + Architecture + Report SVN revision when updating or not. + Default reports are in config. + Configure now supports include_dirs, to include files. + Project name is now noted in datastore. + Inventories is a default themas; PHP Compatibility < 5.6 are not default anymore. + Documentation + Fixed outgoing links + Better coverage of PHP functions + Report + Added 'Inventories' report : reports all names and literals + Ambassador : Added list of included files, Yield From and classes stats + Analysis + New Analysis : Strange Names For Methods (Classes/StrangeName) + New Analysis : SQL queries (Type/Sql) + New Analysis : Avoid Non Wordpress Globals (Wordpress/AvoidOtherGlobals) + Upgraded analysis : Should be single quote, escape sequences refined. + Upgraded analysis : Should Preprocess now support determinist PHP functions + Upgraded analysis : 1817 / 1824 test pass (99.6% pass) + Tokenizer + Fixed LOC counting. + Fixed edge case when closure is directly use as argument + Fixed double inventories for Use's Definitions Version 0.10.0 (Azure Lion, 2017-02-06) + Architecture + Replacement of booleans with constants (WIP) + Removed PHPloc (merged features into load) + Added coding standard for Code Sniffer (ruleset.xml) + PHP version used default to running script version + Now reading Token Constants from the binaries + Doctor reports project configuration if -p is used + Report + + Analysis + New Analysis : No Boolean As Default + New Analysis : Raised Access Level + New Analysis : Recommend Wpdb->prepare when variables are in query + Directive suggestion now include error_log + Upgraded analysis : UselessParenthesis also checks Typehint + Upgraded analysis : 1804 / 1811 test pass (99.6% pass) + Tokenizer + Reinforced detection of parsable PHP script + Fixed Files command : it now cleans data before running + Removed warning about memory + Index creation made lighter Version 0.9.9 (Pilanpo Bodhisattva, 2017/01/30) + Architecture + Moving true/false to constants + Report + Ambassador : Added 'Compilation' and Version compatibility reports. + Prepared collection of dependencies in dump + Analysis + New Thema : Compatibility PHP 7.2 + New analysis : Deprecated Features of PHP 7.2 + New analysis : Removed Function for PHP 7.2 + New preference : New Line Style + Upgraded analysis : 1781 / 1802 test pass (98.9% pass) **Version 0.9.8 (Multiple Eyed Creature, 2017-01-23)** + Architecture + Moved 'Truthy/Falsy' as 'boolean' characteristics + Updated Gremlin3 interface to handle Groovy maps + Added default name when creating project + Report + Added checks on merged table at Dump stage + Added support for PHP 7.1.1 and 7.0.15 + Analysis + New analysis : variables assigned twice or more + New preference : new x() / new x; + Upgraded analysis : 1785 / 1794 test pass (99.5% pass) + Fixed Interface usage : missing interfaces extends interfaces + Added extra check for Functioncalls + Tokenizer + Added support for instanceof + several names **Version 0.9.7 (Hundred Eyed Demon Lord, 2017-01-16)** + Architecture + Fixed constant names for tokens in Load + Changed duplication check to dedup(). Cleaned analysis for duplicates. + Speed but for large projects. Work in Progress. + Reduced usage of static properties + Better detection of PHP scripts during project + Report + Fixed generation of inventories when no target is provided + Analysis + New analysis : Could Be Protected Property (not a public) + New analysis : avoid large literal arrays in local variables. + New analysis : report long arguments. + Removed analysis : Structures/EchoArguments (double with Echo With Concat) + Tokenizer + Fixed list of constants for PHP 7.1 **Version 0.9.6 (Spider Demons, 2017-01-09)** + Architecture + Added support for report/analysis theme list in config (exakat and project) + Better cleaning of projects + Doctor : Initialisation with themes/reports; Reports executable being used. + Added a log for gremlin Queries + Rebuild the server command + Added 'catalog' command + Report + Split Phpconfiguration into eponymous and Phpcompilation + Analysis + New analysis : avoid Glob, use scandir without sorting. + New analysis : always configure ext/sqlite3 FetchRow() + New analysis : no string with append + Removed analysis : Structures/ForeachSourcesNotVariable + Upgraded Analysis 'Should Import Functions' + Upgraded analysis : 1764 / 1773 test pass (99.5% pass). + Tokenizer + Added 'aliased' property to nodes. **Version 0.9.5 (Immortal Ziyang, 2017-01-04)** + Architecture + Better check of PHP version + Report + Ambassador : report analysis settings + PHP Compilations : supports all extensions + New report : Inventories + Analysis + New analysis : Don't Use Fallback to Global space + New analysis : MongoDB (ext/mongo version 3) + New analysis : zbarcode + Bug : Fixed intval for octals in Arrays/MultipleIdenticalKeys + Removed analysis : Php/InconsistantClosingTag (double) + Tokenizer + Ranking arguments, not functioncall **Version 0.9.4 (Lady of Jinsheng Palace, 2016-12-19)** + Architecture + Rewrote the concurrence check (removed needs for ext/sem) + Results are never double anymore + Upgraded gremlin calls, to handle \n + Dump cleans the previous values before dumping + Excluded namespaces classes when searching for external libraries + Report + Ambassador : extension usage, inventories, global lists, stats, PHP Compilation directives + Covers more compilation directives (Not finished) + Analysis + New analysis : Final by Ocramius + Upgraded : Comparison with == : added curl_exec + Upgraded : isset with constant (mistake on properties as arrays) + Upgraded : Avoid using now uses full NS path + Upgraded : Useless instructions handles for() correctly + Upgraded : Recursive, IsGenerator and Loop Calling includes yield from + Upgraded analysis : 1741 / 1750 test pass (99.5% pass). **Version 0.9.3 (Purple-Gold Bells, 2016-12-12)** + Architecture + Lots of cleaned code + Harmonized data for extensions + Stop 'project' if no code is available + Now using stub in phar. + Report + Added directives, bugfixes, external services and + Added support for PHP 7.0.14 and 5.6.29 + Analysis + New analysis : Wordpress, recommend prepare() + More favorite reports : final ?> and unset()/(unset) + Reduced number of double reports for many analysis + Update : Fixed analysis with $THIS + Upgrade : report useless casting of comparisons + Update : Should use this takes into account parent **Version 0.9.2 (Golden Haired Hou, 2016-12-05)** + Architecture + First version of Exakat for docker (beta) + Added a waiting loop in cleandb + Docs include a list of new analysis per version + Report + Added 2 first inventories, Appinfo() in Ambassador + Favorites now reports global/$GLOBALS + Restore composer.lock report + Upgraded uselessReturn for the final return. + Analysis + New analysis for Newt, Nsapi, + New analysis : __ in methods names + New analysis : Too many local variables + New analysis : Avoid array_push() + Upgraded ext/apache coverage **Version 0.9.1 (Sai Tai Sui, 2016-11-28)** + Architecture + Docker supported in exakat/config.ini for PHP binaries. + Added exakatSince in analysis documentation + Added some missing tokens in anonymize command + Report + Added several new analysis for PHP 7.1 + Analysis + new analysis : find methods that could return Void + new analysis : find malformed octal sequence in strings + new analysis : spot rethrown exception + new analysis : reach the last element + new analysis : find undefined Zend Framework classes (2.0 to 3.0) + Upgraded analysis : 1706 / 1714 test pass (99.5% pass). + Tokenizer + Fixed handling references (some were missing) + Fixed handling of ellipsis (some were missing) **Version 0.9.0 (Python Demon, 2016-11-21)** + Architecture + Project now include 'Preference' analysis + Dump is now incremental (-u option), and doesn't need to be run in paralell + Added new hashAnalysis table, to handle generic results from analysis. + Added project name in the graph. + New command 'status' to report the current status of exakat + Report + Ambassador includes 'Preferences' section and new menu system + Upgraded progressbar to display project processing + Analysis + New analysis : Early Bail Out (with if/then) + New analysis : PHP 7.1 backward incompatibilities with microseconds + New analysis : Wordpress : recommend using WP api, not PHP. + Upgraded 'Constant condition' to include do..while() + Upgraded 'Useless Abstract' to include methodless classes + Upgraded analysis : 1687 / 1697 test pass (99% pass). + Tokenizer + Added 'Array' to list of determinist functions (more constants are spotted) + Fixed 'Name' for Array Short Syntax. + Fixed variadic support **Version 0.8.9 (Yellow Brows Great King, 2016-11-14)** + Architecture + Fixed and document -tgz and -zip option of init + Removed progress folder + Made MagicNumber a parallel task in Project. + Turned some die into assertion() + .phar doesn't report any PHP errors. + Checked compilation with PHP 5.3->7.2 + Report + Removed Faceted report + Added Bugfixes for PHP 7.0.13, 5.6.28 and PHP 7.2 + Added 'One variable string' to Radwell report + Analysis + New analysis : Object Calisthenics #1, #4 + New analysis : check that properties are all set at constructor time. + New analysis : spot useless checks + Updated UndefinedParentMP to take PHP ext classes into account + Upgraded 'array_merge in loops' with file_put_contents + Upgraded 'useless parenthesis' with math operations + Upgraded analysis : 1666 / 1682 test pass (99% pass). + Added debug Query method to analysis + Tokenizer + Fixed Files to compile first, then count tokens + Find Ext Lib handle UT classes better + Added limit to 'code' before loading into database. There is a 2M limit. + Fixed edge case with nested foreach() + Fixed segmentation fault when getting tokens from a script with wrong encoding **Version 0.8.8 (Apricot Immortal, 2016-11-07)** + Architecture + Added concurency test to avoid running several instance at the same time + Report error when it happens with git clone + Added UT classes to external libraries + Dump is now hidden until finished. + Better detection of java and composer (Thanks Julien) + Report + New report : Radwell + New report : PhpConfiguration helping with configure and php.ini + Ambassador : Fixed dashboard values + Analysis + New analysis : time() vs strtotime('now') + New analysis : useless casting + New analysis : No Isset() with Empty() + New analysis : don't echo errors + New analysis : ext/rar + New analysis : use Class::class when possible + Added array_key_exists() to slow functions list. + Upgraded UpperCaseKeywords to handle partial uppercase + Added reported directives for ext/filter + Upgraded 'Variables used once' to exclude $this and arguments + Upgraded Unreachable Code with break/continue; + Multiple Identical Keys now handles null, boolean, real. + Upgraded analysis : 1652 / 1668 test pass (99% pass). + Tokenizer + Now spots \true, \false, \null as Boolean and Null + Removed 'xargs too many arguments' error on Linux **Version 0.8.7 (Naked Demon, 2016-10-31)** + Architecture + Upgraded Boolean and Integer to report results without storing them in graph + Analysis + New analysis : modernizable empty() calls + New analysis : recommend Positive conditions + New analysis : drop else after return + Upgraded analysis : unreacheable code handles if/then with returns. + Added tests for Boolean and Null + More not Hashes dict. + Upgraded analysis : 1637 / 1650 test pass (99% pass). + Tokenizer + Fixed line number of + Fixed path for reporting **Version 0.8.3 (Guzhi Gong, 2016-10-03)** + Architecture + Created temp folder .exakat in projects_dir + Removed mentions of float, only using Real + Moved Config to Exakat\Config + More examples in docs + Report + Added settings and files to Ambassador + Analysis + New analysis for dependant Traits + Added new Theme 'Cakephp' with 6 analysis for migration + New values for Not-a-hash + Unresolved Catch now takes Throwable into account + Tokenizer + Fixed edge case where return is used inside if/then without {} nor value. + Fixed 'code' and 'token' for ?: and () **Version 0.8.2 (Jinjie Shiba Gong, 2016-09-26)** + Architecture + More examples in docs + Fixed 'file' in results + Report + Added more media for Ambassador + Analysis + New analysis for count/strlen compared to 0 + Upgraded analysis : 1563 / 1579 test pass (99% pass). + Backported all 4 Wordpress analysis (wpdb, nonce usage) + Added new Wordpress analysis : variable escaping in templates + Tokenizer + Fixed = 0) + Added analysis for PHP 7.1 : removed directives, added functions + Upgraded analysis : 1485 / 1522 test pass (97.5% pass). + Tokenizer + Fixed edge case with value + Better support for PHP 7 indirect expression + More directives for xdebug + Eval Without Try is PHP 7 only + No Choice analysis is now case insensitive + Tokenizer + Added support for keys in list() (PHP 7.1) + Added support for constant visibility (PHP 7.2) + Added support for Multi catch : catch(A|B $e) (PHP 7.1) + Fixed bug with + and instanceof + Fixed precedence between :: and ?? **Version 0.6.4 (Bull Demon King, 2016-05-09)** + Architecture + Externalized the list of recognized libraries to Json + Added 'Wordpress' and 'Coding convention' as Recipes + Report + Initial report for Zend Framework. Still prototyping. + Analysis + Accelerated analysis for Implicit GLobals variables + New analyze : Indirect Injections (Security) + New analyze : Should Use Coalesce (code upgrade) + New analyze : Suggest dirname(__FILE__) => __DIR__ + Added 'str_rot13' as unsafe 'crypto' + Properties without default can't be redefined + Added Yield and Yield From as structures without parenthesis needs + Double Assignation, unless 2nd call is a functioncall (less false positives) **Version 0.6.3 (Jade Faced Princess, 2016-05-02)** + Architecture + Removed several useless pieces of code (self analysis) + Added documentation for Wordpress Recipes + Lengthened Cycle for tokenizer + Report + Added bugfixes for PHP 7.0.6, 5.6.21, 5.5.35. + Now reporting token counts per files + Analysis + New analysis : Spot variable that holds $_GET, $_POST, $_REQUEST or $_COOKIE values (internal) + New analysis : Report variables that are overwritten by themselves + New analysis : Report useless switch (empty, 1 case only) + Upgraded NoChoice to handle larger sequences + Upgraded Useless Global to handle global $x / $GLOBALS['x'] situations + New analysis : Wordpress Recipe : Unverified Nonce, Best Usage for $wpdb + New analysis : Void for PHP 7.1 + Tokenizer + Fixed but with Typehint + Added phppowerpoint class in external libraries **Version 0.6.2 (Long Armed Ape Monkey, 2016-04-25)** + Architecture + Fixed phar detection (based on ext/phar) + Cleaned code with myself + Report + New report format : clustergrammer + Analysis + New analysis : same conditions in If / Then + New analysis : spot dead code in catch expressions + Static loops now exclude methods usage + Indirect variable expression are stricter + preg_* Option e has better support for delimiters + Upgraded Direct Injection in case of concatenation + Detect Ellipsis when counting arguments + Could use short assignation : avoid $a += $a + 3; + Tokenizer + Sped up Typehint detection + No indexing for T_STRING in properties + Reduced errors from token_get_all() **Version 0.6.1 (Red Bottomed Horse Monkey, 2016-04-18)** + Architecture + Prepared to support PHP 7.1 + Fixed bug in user / passwords when initing the project + Better support for ::class when searching for libraries + Analysis + UselessParenthesis : spot nested parenthesis + Spot exceptions that are thrown but uncaught by the current code + Support for ext/lua, + New : Check catch order in try/catch + Better identification of Composer classes, based on composer.json + Now spot interfaces in use declarations (less undefined interfaces) + Tokenizer + Added support for PHP 7.1 + key => value in list() calls + visibility for constants in Classes and Interfaces + Accelerated up Typehint support **Version 0.6.0 (Intelligent Stone Monkey, 2016-04-11)** + Architecture + Fixed a bug in Find external libraries + Applied fixed based on new analysis audit + Fixed a bug that prevented results to be prepared for report (Thanks Philippe G.) + Report + Now reports reason for excluding a file from analysis + Analysis + New analysis : Logical Mistake (first version), + New analysis : Iffectations (code restoration) + New analysis : Common alternatives + New analysis : No Choice (No alternatives) + New analysis : Random_* Without Try (security risk) + New analysis : Unknown PCRE options + New analysis : Identical conditions + New analysis : Hardcoded hashes + Upgrade List with appends with variable name + Upgrade /e option detection + Fixed detection of unused use, with long namespaces. + Added finfo to ext/finfo + Finds exceptions that are reserved for later throwing + Exclude anonymous classes from Already Defined Interface + Tokenizer + Extended cycle number to speed up tokenizer. + Better escaping of file names **Version 0.5.9 (Six Eared Macaque, 2016-04-04)** + Architecture + One progressbar per Recipe during project analysis + report's documentation + Upgraded 'External Lib' to ignore Composer folders. + Fixed a bug about interpreting tokens + Dump collects classes, interfaces, traits definitions + Now storing project name in database for future use + Removed PHP configuration modifications (error_reporting, display_errors) + Report + Added 'Uml' report : hierarchy report + Now reports Pear Usage + Upgraded Bugfix database for 7.0.5, 5.6.20 and 5.5.34 + Report Yield (from) usage + New external configuration files : bazar, github, docker, openshift + Analysis + Added detection for undefined classes in ZF (1.8 to 1.12) + New : report undefined Traits + Added support for parent/grandparent when checking argument numbers + Added support for V8js + Tokenizer + Fixed bug in fullnspath for use within trait or class + It is possible to reach a property on an array append + Fixed AST between PHP 5 and 7 for globals + Simplified ++ analysis **Version 0.5.8 (Sun Deity of Mao, 2016-03-28)** + Architecture + Moved to self::, instead of static::. + First UT for command line + Sped up phploc. Prepare code for finite states, in Tasks. + Prepare for Gremlin3 (moved gremlin calls to class) + Reduced shell_exec usage + Report + Fixed display bugs in Devoops report + Removed double analysis + 'Wrong number of arguments' now supports constructors + Analysis + Upgraded 'No Hardcoded IP' to handle constants, spot domains + Added support for TokyoTyrant + New analysis : spot simple regex, and suggest strpos + Excluded "$a[b]" from undefined constants + Tokenizer + Fixed bug with nested call to echo. + Fixed bug where concatenation ends on a 'AS' keyword + Added support of Constants in Foreach + Fixed multiple bugs in Grouped Use + Support for function as 'class' in static calls + Comparison accepts powers + Added support for empty array short syntax in sequence + Support constant with visibility + Parenthesis may be the base for Arrays **Version 0.5.7 (Scorpion Demon, 2016-03-21)** + Architecture + Added support for folders in UT, for tests that requires several files + Improved compatibility with PHPunit + Moving gremlin_query() to Gremlin2 class + Doctor also reports for phar + Improved adaptation to PHP and Exakt in server mode + Autoload shouldn't die + Fixed case when calling Phpexec + Upgraded status presentation in server mode + Report + More details for Global Variable list + Analysis + Now spotting class when it is inside a string + Check for $this outside a trait/class + Check for ternary/concatenation precedence + Spot classes that attempt to extend final + Spot set_exception_handler() that may need rework + Refined array_merge analysis, in case of nested loops + Tokenizer + Yield [from] may be inside an array + Refactored for/foreach tokens + Added support for a 'Project' node **Version 0.5.6 (Ruler of Women's Country, 2016-03-14)** + Architecture + Fixed some backward compatibility with PHP 5.4 + Started revamping 'Status' command + Centralized all tokenizations to PhpExec class + Removed usage of __DIR__ and __FILE__ + Analysis + Spot usage of empty() that can't work on PHP 5.4 + Suggest using random_int instead of rand + Upgraded 'No Array_merge in loops' with array_merge_recursive + Added support for scalar type hint in Undefined Classes + New analysis : Better rand() + Tokenizer + Instanceof has lower precedence than comparison **Version 0.5.5 (Immortal Ruyi, 2016-03-07)** + Architecture + Added default values for all neo4j_* configs + Report + Added support for bugfixes in 7.0.4, 5.6.19 and 5.5.33 + Added support for bugfixes in 7.1.0-dev + Analysis + Added support for Typehint in Undeclared Classes + Extended 'Multiple Classes in One File' to interfaces and traits + Added analysis for truthy and falsy + Spot interfaces implemented by parents (Thanks PHP Inspect) + Report usage for unsafe Curl options + Tokenizer + Fixed emptyString inside a Heredoc + Fixed bug where Sign has lower priority than Power **Version 0.5.4 (Nezha, 2016-02-29)** + Architecture + Removed some shell_exec() to help with portability + Clean command now rebuilds an empty datastore + Check the availability of php binaries before using + Produce report in a hidden folder, then push it + Report + Report the list of bug fixes that apply to code + Analysis + Help using preg_match_all options + Tokenizer + Fixed a bug with reference and instanceof **Version 0.5.3 (Li Jing, 2016-02-22)** + Architecture + More UT + Supports symlinks for neo4j's folder + Supports symlinks for 'code' folder in projects + Added upgrade command to check for exakat's available versions and upgrade + Analysis + Spot CLI scripts + Undefined Interfaces avoids self, parent, static + Fixed bug in spotting undefined Interface + Variable Used Once in a method are not arguments + Added support for all structures in Double Assignation **Version 0.5.2 (Single Horned Rhinoceros King, 2016-02-15)** + Analysis + Fixed functioncall detection with 'empty' + Refined 'Buried assignation' analysis + Fixed a bug when using definitions (class, trait, interface, functions...) + Better support for case-insensitive constants + + Tokenizer + Fixed bug in use statement + Now spots PHP code in files without extension + Upgraded support for grouped Use statement + namespace may be a valid nsname part + Fixed bracket reports in do...while **Version 0.5.1 (King of Spiritual Touch, 2016-02-08)** + Architecture + Added test in UT to skip incompilable sources + Stabilized tokenizer's UT (partial) + Report + HTML protection in Devoops format + No display of negative stats + Added support for directives : wincache, xcache, apc, opcache + Added support for eaccelerator and openssl + Analysis + New analysis : Spot unknown PHP directive names + Fixed Constants/MultipleDefinedConstants + Better detection of functioncalls (with List) + Better spotting of ini_set arguments + Unreachable code now finds die and exit + ObjectReference won't report references on scalar types + Revamped 'pregOptionE' analysis + Cleaned code with too many arguments + Removed useless print + Better report of eval() usage + Revamped 'Dynamic code' report + Fixed bug in Case/Default that are empty + Avoided sequences of sequences in Case/Default + Fixed Detection of classes' usage with extension + Tokenizer + Fixed bracket detection on While and DoWhile + Detect void in DoWhile + Removed useless T_DIE token + Fixed fullcode processing for anonymous classes **Version 0.5.0 (Immortal of Antelope Power, 2016-02-01)** + Architecture + Added support for HTTP API, through 'server' command. + Analysis + Fopen modes checked + Redefined default, in class's properties + Tokenizer + Fixed situation where echo and print used parenthesis (they don't) + Fixed rare but with instanceof and concatenation + Fixed support of integers in Gremlin + Fixed bug in addslashes and and $ protection order + Made Assignations more robust (no un-processed tokens) + Reduced the number of shell_exec usage => speed up + Finished support for relaxed keyword support in classes (PHP 7) **Version 0.4.6 (Immortal of Elk Power, 2016-01-25)** + Architecture + New installation script with Vagrant and Ansible (Thanks Alexis!) + Updated documentation + Added a command to remove a project + Report + Devoops reports has case-insensitive menu sort + Analysis + Spot redefined properties, classes and methods. + Spot properties that may be turned private + Fixed special case in Wrong Number Of Arguments + Fixed 'OnePage' analysis + Tokenizer + Finished support for relaxed keywords in classes + Sped up tokenizer by keeping counts of tokens in datastore + Fixed detection of CakePHP + Fixed special case with Labels + Fixed rare case with die() within ternary operator **Version 0.4.5 (Immortal of Tiger Power, 2016-01-18)** + Architecture + Upgraded documentation + Default command is 'help' + Report + Better version for FacetedJson report + Analysis + New analysis that spots wrong type of argument in PHP internal functions + Fixed Isset With Constant for PHP 7 + Fixed a bug that limited query size during analysis (good for bigger projects) + Include variadic (...) to Variable Argument Number + Tokenizer + Fixed a bug that blocked tokenizer when a analyzed script generated parse errors. + Added support for bazar, svn. + Fixed a bug in Nsnames at Loading time. **Version 0.4.4 (Crown Prince Mo'ang, 2016-01-11)** + Architecture + Reviewed OnePage analysis + Dump as now an option to select Recipes + Dump forces line to be integer + Added a task to update a project's code (git only ATM) + Report + Better check when opening database for report (more to come) + FacetedJson (and Json) report ignore non-unicode lines + Added 'search' box to facetedJson + Analysis + Switch To Switch suggestions + Unused arguments patch for arguments used in methods + Unused properties doesn't mistake function static variable + Tokenizer + All Nsnames are now build at Loading time + Constants may be calld 'const' + More relaxed syntax for methods (exit, include, eval...) + Foreach may use coalesce + Fixed an edge case with Closures in functioncall **Version 0.4.3 (Tuolong, 2015-01-04)** + Architecture + Copyright year bump + Doctor reports memory_limit and php version consistency + Switched to rmDirRecursive + Report + Removed old style reporting system + Analysis + Fixed fileupload and filesystem directives reports + Added report of Environment variable usage + Added iconv_set_encoding to the list of directive usage + Extension analyzes now takes into account namespaces and traits + Analysiss all have severity and time to fix + Tokenizer + **Version 0.4.2 (Red Boy, 2015-12-22)** + Architecture + Published documentation on http://exakat.readthedocs.org + First version of the faceted report (-format Faceted) + Report + First version of the faceted report (-format Faceted) + Fixed Dump that actually finishes after some time + Analysis + Spot unused arguments + Fixed notInInterface() filter + Upgraded HtmlEntitiesCall **Version 0.4.1 (Azure Lion, 2015-12-14)** + Architecture + Rebuild the report system, for speed and versatility. + Report + Available format : JSON, Sqlite, XML, Text and HTML (Devoops). + Rules are now part of the documentation. + Analysis + Upgraded 'Buried assignations' + Locally Unused also spots properties without visibility (but with definition) + Could be class constant, if the property is used at least once + Better detection of files that are Definitions only (fix at Namespace calls) + ++ is now correctly reported as isRead and isWritten in Arguments + Closure's use($x) are now reported in both context (calling and called) + Removed usage of 'back' method, that is blocking at high token counts + Tokenizer + Fixed support for {} and {$ } inside strings + Fixed bug with Typehint, that prevented compilation + Fixed several (rare) edge cases with Sign and Staticproperties. + Fixed detection of closing tags **Version 0.4.0 (Lion Lynx Demon, 2015-12-07)** + Architecture + Made PHP 7.0 the default (moved to 0.4.0) + Ran unit tests on PHPunit 5.1 + Added a background tasks to build report. Will allow for progressive report. + Report + Rewrote the report from scratch. Should be finished next iteration. + New report is working for XML and Text report. + Analysis + Added support for ext/pecl_http + Added several classic folders as ignored by default (change this in config.ini) + Create a check for functioncall (and not methods) + Spots join('', file()) + Safely ignoring some dynamic calls in undefined functions (Thanks Marc Delisle) + Removed ArrayAppend from double assignation + Tokenizer + Fixed a bug when class was auto-referenced. + Fixed detecting Static properties when they are also arrays. + Fixed fatal errors for mal-formed octals Version 0.3.12 (Nine Tailed Vixen, 2015-11-30) + Architecture + ProgressBar is now displayed during Analyze phase. + Report + Report list of error messages used in the library + Analysis + Omit eval with hardcoded strings + Exclude some index from _SERVER from the report (they are safe) + Exclude php://* files as hard coded path + Report usage of timestamp to calculate duration + Spots unused traits + Fixed support for big integers + Tokenizer + First support for relaxed keywords in classes. More to come. + Checked UT on PHP 7 (Soon to become default version) + Fixed version detection in Tokenizer + Fixed fullnspath in Use expression; Version 0.3.11 (Hu A'qi, 2015-11-16) + Architecture + Report external services files that may be in the repository + Report + Report nested dirname calls (may be changed in PHP 7) + Analysis + Better spotting of static loops + Don't confuse $globals and $GLOBALS + Tokenizer + Rewrote support for As in classes. + Fixed arguments that were indexed as Void + Trimmed code Version 0.3.10 (Silver Horned King, 2015-11-09) + Architecture + Centralized call to cypher. + Report + Sped up several analyzes + Analysis + Fixed naming bug with reflexion + Support class name in arrays, short syntax + Report Relay Functions + More PHP 7 incompatibilities reports + Tokenizer + Support for 7.1 compilation (dev only) + Added cakephp to external libraries + Fixed parsing bug with static (as property definition) + Fixed 'count' in sequences from Function + Rewrote Argument detection (when there is no parenthesis) Version 0.3.9 (Golden Horned King, 2015-11-02 up) + Architecture + Cleaned code with Exakat + Analysis + Refined report about double assignation + Fixed argument counting in Function Definition + Better support of array in Locally Used Properties + Updated Composer database + Tokenizer + Fixed a bug that ignored Blocks + Fixed a rare bug with echo and the following arguments **Version 0.3.8 (Baihuaxiu, 2015-10-26)** + Architecture + Cleaned too many display (they go to log now), leaving commandline empty (or -v) + A lot more PHP 7 incompatibilities spotted + Report + Added the list of global variables in the projects (if any) + Fixed reports for PHP 5.2 (they were ignored) + Analysis + Better handling of composer in unresolved classes + Spot setlocale with string (PHP 7) + Spot string unpacking (PHP 7) + Upgraded static method call, to avoid classes of the same family + Report eval without try/catch + Report preg_replace with /e + Fixed report for empty list() + Spot hexadecimal in strings + Report usort (and co) as incompatibilities between PHP 7 and 5 + Tokenizer + Fixed edge case with Sign and namespaced function + Added xajax, adodb and gacl as common library + Fixed arguments in short array syntax + Fixed case where [3] was spotted inside a string **Version 0.3.7 (Yellow Robe Demon, 2015-10-19)** + Architecture + Added and reviewed many UT. More stability. + Report + Fixed the report of the actual version of PHP being used. + Non-run analysis are not marked with a stethoscope + Report now report closures and not the containing method + Removed some dashboard that would generate empty links + Analysis + Better spot of blocks inside Alternative syntax + Speed up method spotting + Fixed properties which were mistaken with deep definitions + Tokenizer + Fixed fullcode for Typehint + Removed Ppp and moved it to Visibility **Version 0.3.6 (White Bone Demon, 2015-10-12)** + Architecture + Large speed up at Parsing stage, for large projects + Added git informations in Doctor + Tokenizer + Changed processing for Arguments. + Support for more PHP 7 features, including Use Grouping, + Fixed support for ~ + Simplified ::class handling **Version 0.3.5 (Mingyue, 2015-10-06)** + Architecture + Reported usage of array constants, improving backward compatibility + Checked running on PHP 7 + Report + Added Definition annex + Fixed 'version incompatible' report that was mistaken with 'no result' + List all directives being modified in the code + List more directives that should be set for production. + Analysis + Reworked the Themes about compatibility. + Added many tests for PHP 7.0 compatibility + Sped up UsedMethod analysis + Added support for PHP 7 feature : Unicode Escape Sequences, New functions/classes/interfaces, Removed Functions, + Tokenizer + Changed processing for Empty PHP code + Support Variable Indirection for both PHP 5 and 7 (depends on exec version) + Avoid ignoring all code when finding External Libraries + Fixed edge cases with declare() when it is conditional. + Support for PHP 7's f()()() Version 0.3.4 (Qingfeng, 2015-09-28 up) + Architecture + Added token_limit configuration to avoid running too large project (default is 1 000 000) + Several new tools for internal consistency check. + Removed support for neo-contrib's gremlin plugin + Report + Report libraries that were found and ignored + Analysis + Sped up queries that required previous analysis or multiples atoms + Spot global keywords inside loops (perf) + Better spotting of Composer classes + Report double assignations + Tokenizer + Added support for Anonymous classes (PHP 7) + Fixed namespace manipulations (They weren't lower case) + Mark constants as fail back globals or local to the namespace + Support Null Coalesce operator (PHP 7) + Fixed rare case for empty strings and noDelimiter **Version 0.3.3 (Immortal Zhenyuan, 2015-09-21)** + Architecture + Removed some shell stderr that leaked to the main script + Report + Added the list of used analysis + favicon is now used in the report (Devoops) + Fixed count report for Else + Fixed directive reports for trader, bcmath and ldap. + Analysis + Rebuild the composer database + Fixed htmlentities analyze + Spot usage of 'substr($s, $p, +/- 1)' and recommend '$s[$p]' + Tokenizer + Fixed Multiplication with instantiation **Version 0.3.2 (Tiger Vanguard, 2015-09-14)** + Report + Added link back from analysis to its themes. + Analysis + Useless Returns are now Trait compatible + Optimized Composer validation + Removed IsKnownVendor analyze (replaced by Composer) + Spot inconsistent concatenations ("$a b".$c) + Tokenizer + Fixed situation where forgotten white spaces didn't have a file + Removed DELETE and S_STRING index + Fixed compatibility with Debian (shell commands) + Added UT for and / && precedence versus = + Fixed identification of empty instructions (Functions / Closure have different behaviors) **Version 0.3.1 (Yellow Wind Demon, 2015-09-03)** + Architecture + Removed usage of Everyman dependencies + Added support for Neo4j Authentication + Added a JobQueue + Cleaned code with exakat itself + Report + Added Dump to SQLITE format for custom manipulations of the results + Added new collection of rules for Calesthenics (dev) + Updated composer database + Now reporting found Composer. + Analysis + Fixed Compilation spotting + Tokenizer + Fixed an edge case with Sign, when used in a concatenation Version 0.3.0 (Lingxuzi, 2015-Aug-25) + Architecture + Moved to Thinkaurelius's gremlin plug-in, Neo4j 2.2.4 and Java 8. + Report + Added a view by File + Added sorting for results (by file and by analyze) + Analysis + Spot functions whose results should be checked before they are used + Spot breaks/continue out of a loop + Exports all the results in a dump.sqlite file + Tokenizer + Fixed a minor bug with ::class (messed up the {} counts) + removed dependency to Everyman's Neo4j classes. + Added a step that removes big and identifiable libraries in PHP (such as tcpdf, jpgraph, etc..) Version 0.2.5 (Scholar in a White Robe, 2015-Aug-17) + Report + List the files that are ignored in the annex + Analysis + Updated Knowledge Database for memcache, aliases, zlib, standard + Added more directives to Review + Added support for xhprof + Tokenizer + Fixed bug with Else (Not-alternative) + Fixed Sequence creation with If-Then + Yield may be assigned + Removed one Tokenizer's operation (filterOut2) + Fixed priorities with Concatenation, Multiplication, Additions + Process Echo and Print separately + Automatically removes common bundled libraries to reduce app size **Version 0.2.4 (Black Wind Demon, 2015-06-22)** + Analysis + Rebuild the composer database + Lots of new extensions supported : ev, libevent, event, php-ast, wikidiff2, proctitle, inotify, ibase, amqp, geoip, output buffering, + Report errors when non-variables are returned by reference + Marked more analyzes for PHP 7 + Fixed Unpreprocess structures with split + Upgraded spotting for useless parenthesis + Added a check ++$i vs $i++; + Exclude abstract methods from Variables Used Once + Added new directives + Also check for ASP Tags + Tokenizer + Fixed the fullpath for functions when they are not defined in the code + Upgraded support for Return Type (PHP 7.0+) + error_reporting with -1 is OK + Fixed a precedence problem with & and && + Refactored Ifthen token to support return type + Added a kill command when cleaning Database **Version 0.2.3 (Techu Shi, 2015-06-22)** + Analysis + Report usage of Return Typehint, and Scalar Typehint + Report usage of classes that used to return null on new + Report useless abstract classes + Tokenizer + Upgraded 'init' command, to handle various VCS + Added support for Return Typehint **Version 0.2.2 (Xiong Shangjun, 2015-06-16)** + Analysis + Now spots short assignations + More UselessInstructions spotted + Ignore Unset as modified values in loops + Tokenizer + Added support for PHP7 new tokens (T_SPACESHIP, T_COALESCE, T_YIELD_FROM) + Split loading into more .csv files for lighter and more robust queries + Better support for arrays [1,2,3] as functioncall (just like array()) + Process tokens by batches of 800 + Clean vertex at each queries, not Sequence **Version 0.2.1 (General Yin, 2015-06-02)** + Analysis + sizeOf may have 2 arguments + 2 clearPHP link added in documentation + Tokenizer + Fixed bug with Bitshift and Addition + Fixed bug with Sequence when merging sequences + Fixed bug with String and Addition + Fixed Visibility in Use instruction + Foreach accepts Constants as Source + Fixed special case for nested IfThen **Version 0.2.0 (Demon of Confusion, 2015-05-15)** + First version