8. Rulesets

8.1. Presentation

Analysis are grouped in different rulesets, that may be run independantly. Each ruleset has a focus target,

Rulesets runs all its analysis and any needed dependency.

Rulesets are configured with the -T option, when running exakat in command line. For example :

php exakat.phar analyze -p <project> -T <Security>

8.2. List of rulesets

Here is the list of the current rulesets supported by Exakat Engine.

Name	Description
Analyze	Check for common best practices.
CI-checks	Quick check for common best practices.
Dead code	Check the unused code or unreachable code.
Suggestions	List of possible modernisation of the PHP code.
CompatibilityPHP74	List features that are incompatible with PHP 7.4. It is known as php-src, work in progress.
CompatibilityPHP73	List features that are incompatible with PHP 7.3.
CompatibilityPHP72	List features that are incompatible with PHP 7.2.
CompatibilityPHP71	List features that are incompatible with PHP 7.1.
CompatibilityPHP80	Work in progress. The first rules are in, but far from finished
Performances	Check the code for slow code.
Security	Check the code for common security bad practices, especially in the Web environnement.
Top10	The most common issues found in the code
ClassReview	A set of rules dedicate to class hygiene
LintButWontExec	Check the code for common errors that will lead to a Fatal error on production, but lint fine.
CompatibilityPHP70	List features that are incompatible with PHP 7.0.
CompatibilityPHP56	List features that are incompatible with PHP 5.6.
CompatibilityPHP55	List features that are incompatible with PHP 5.5.
CompatibilityPHP54	List features that are incompatible with PHP 5.4.
CompatibilityPHP53	List features that are incompatible with PHP 5.3.
Coding Conventions	List coding conventions violations.
Semantics	Checks the meanings found the names of the code.
Typechecks	Checks related to types.
Rector	Suggests configuration to apply changes with Rector
php-cs-fixable	Suggests configuration to apply changes with PHP-CS-FIXER

Note : in command line, don’t forget to add quotes to rulesets’ names that include white space.

8.3. Rulesets details

8.3.1. Analyze

This ruleset centralizes a large number of classic trap and pitfalls when writing PHP.

Total : 412 analysis

• $this Belongs To Classes Or Traits
• $this Is Not An Array
• $this Is Not For Static Methods
• @ Operator
• Abstract Or Implements
• Abstract Static Methods
• Access Protected Structures
• Accessing Private
• Adding Zero
• Aliases Usage
• Already Parents Interface
• Already Parents Trait
• Altering Foreach Without Reference
• Alternative Syntax Consistence
• Always Positive Comparison
• Ambiguous Array Index
• Ambiguous Static
• Ambiguous Visibilities
• Array_Fill() With Objects
• Array_merge Needs Array Of Arrays
• Assert Function Is Reserved
• Assign And Compare
• Assign Default To Properties
• Assign With And
• Assigned Twice
• Assumptions
• Avoid Optional Properties
• Avoid Parenthesis
• Avoid Substr() One
• Avoid Using stdClass
• Avoid get_class()
• Avoid mb_dectect_encoding()
• Avoid option arrays in constructors
• Bad Constants Names
• Bail Out Early
• Break Outside Loop
• Buried Assignation
• Callback Needs Return
• Can’t Extend Final
• Can’t Throw Throwable
• Cant Implement Traversable
• Cant Instantiate Class
• Cast To Boolean
• Casting Ternary
• Catch Overwrite Variable
• Catch Undefined Variable
• Check All Types
• Check JSON
• Check On __Call Usage
• Class Could Be Final
• Class Should Be Final By Ocramius
• Class Without Parent
• Class, Interface Or Trait With Identical Names
• Clone With Non-Object
• Coalesce And Concat
• Common Alternatives
• Compared Comparison
• Concat And Addition
• Concat Empty String
• Concrete Visibility
• Constant Class
• Constant Comparison
• Constants Created Outside Its Namespace
• Constants With Strange Names
• Continue Is For Loop
• Could Be Abstract Class
• Could Be Else
• Could Be Static
• Could Be Stringable
• Could Make A Function
• Could Use Short Assignation
• Could Use __DIR__
• Could Use self
• Could Use str_repeat()
• Crc32() Might Be Negative
• Cyclic References
• Dangling Array References
• Deep Definitions
• Dependant Abstract Classes
• Dependant Trait
• Deprecated Functions
• Different Argument Counts
• Don’t Change Incomings
• Don’t Echo Error
• Don’t Pollute Global Space
• Don’t Read And Write In One Expression
• Don’t Send $this In Constructor
• Don’t Unset Properties
• Dont Change The Blind Var
• Dont Collect Void
• Dont Mix ++
• Double Assignation
• Double Instructions
• Double Object Assignation
• Drop Else After Return
• Echo With Concat
• Else If Versus Elseif
• Empty Blocks
• Empty Classes
• Empty Function
• Empty Instructions
• Empty Interfaces
• Empty List
• Empty Namespace
• Empty Traits
• Empty Try Catch
• Eval() Usage
• Exit() Usage
• Failed Substr Comparison
• Fn Argument Variable Confusion
• Foreach On Object
• Foreach Reference Is Not Modified
• Forgotten Interface
• Forgotten Thrown
• Forgotten Visibility
• Forgotten Whitespace
• Fully Qualified Constants
• Global Usage
• Hardcoded Passwords
• Hash Algorithms
• Hidden Nullable
• Hidden Use Expression
• Htmlentities Calls
• Identical Conditions
• Identical Consecutive Expression
• Identical On Both Sides
• If With Same Conditions
• Iffectations
• Illegal Name For Method
• Implement Is For Interface
• Implemented Methods Are Public
• Implied If
• Implode() Arguments Order
• Inclusion Wrong Case
• Incompatible Signature Methods
• Incompatible Signature Methods With Covariance
• Incompilable Files
• Inconsistent Elseif
• Indices Are Int Or String
• Infinite Recursion
• Instantiating Abstract Class
• Insufficient Typehint
• Interfaces Don’t Ensure Properties
• Interfaces Is Not Implemented
• Invalid Constant Name
• Invalid Pack Format
• Invalid Regex
• Is Actually Zero
• Is_A() With String
• Logical Mistakes
• Logical Should Use Symbolic Operators
• Logical To in_array
• Lone Blocks
• Long Arguments
• Lost References
• Make Global A Property
• Max Level Of Nesting
• Mbstring Third Arg
• Mbstring Unknown Encoding
• Memoize MagicCall
• Merge If Then
• Method Collision Traits
• Method Could Be Static
• Method Signature Must Be Compatible
• Methods Without Return
• Mismatch Parameter And Type
• Mismatch Parameter Name
• Mismatch Properties Typehints
• Mismatch Type And Default
• Mismatched Default Arguments
• Mismatched Ternary Alternatives
• Mismatched Typehint
• Missing Abstract Method
• Missing Cases In Switch
• Missing Include
• Missing New ?
• Missing Parenthesis
• Missing Returntype In Method
• Mixed Concat And Interpolation
• Modernize Empty With Expression
• Modified Typed Parameter
• Multiple Alias Definitions
• Multiple Alias Definitions Per File
• Multiple Class Declarations
• Multiple Constant Definition
• Multiple Declaration Of Strict_types
• Multiple Identical Trait Or Interface
• Multiple Index Definition
• Multiple Type Variable
• Multiples Identical Case
• Multiply By One
• Must Call Parent Constructor
• Must Return Methods
• Negative Power
• Nested Ifthen
• Nested Ternary
• Never Used Parameter
• Never Used Properties
• Next Month Trap
• No Append On Source
• No Boolean As Default
• No Choice
• No Class In Global
• No Direct Call To Magic Method
• No Direct Usage
• No Empty Regex
• No Hardcoded Hash
• No Hardcoded Ip
• No Hardcoded Path
• No Hardcoded Port
• No Literal For Reference
• No Magic With Array
• No Need For Else
• No Need For Triple Equal
• No Parenthesis For Language Construct
• No Public Access
• No Real Comparison
• No Reference For Ternary
• No Reference On Left Side
• No Return Used
• No Self Referencing Constant
• No Spread For Hash
• No array_merge() In Loops
• No get_class() With Null
• No isset() With empty()
• Non Ascii Variables
• Non Nullable Getters
• Non Static Methods Called In A Static
• Non-constant Index In Array
• Not Equal Is Not !==
• Not Not
• Null Or Boolean Arrays
• Objects Don’t Need References
• Old Style Constructor
• Old Style __autoload()
• One Variable String
• Only Variable For Reference
• Only Variable Passed By Reference
• Only Variable Returned By Reference
• Or Die
• Overwritten Exceptions
• Overwritten Literals
• Overwritten Source And Value
• PHP Keywords As Names
• Parent First
• Parent, Static Or Self Outside Class
• Pathinfo() Returns May Vary
• Possible Infinite Loop
• Possible Missing Subpattern
• Pre-increment
• Preprocessable
• Print And Die
• Printf Number Of Arguments
• Property Could Be Local
• Property Used In One Method Only
• Queries In Loops
• Randomly Sorted Arrays
• Redeclared PHP Functions
• Redefined Class Constants
• Redefined Default
• Redefined Private Property
• Relay Function
• Repeated Interface
• Repeated Regex
• Repeated print()
• Results May Be Missing
• Return True False
• Same Conditions In Condition
• Same Variable Foreach
• Scalar Are Not Arrays
• Scalar Or Object Property
• Several Instructions On The Same Line
• Short Open Tags
• Should Chain Exception
• Should Make Alias
• Should Make Ternary
• Should Typecast
• Should Use Coalesce
• Should Use Constants
• Should Use Explode Args
• Should Use Local Class
• Should Use Prepared Statement
• Should Use SetCookie()
• Should Yield With Key
• Silently Cast Integer
• Static Loop
• Static Methods Called From Object
• Static Methods Can’t Contain $this
• Strange Name For Constants
• Strange Name For Variables
• Strict Comparison With Booleans
• String May Hold A Variable
• Strings With Strange Space
• Strpos()-like Comparison
• Strtr Arguments
• Suspicious Comparison
• Swapped Arguments
• Switch To Switch
• Switch Without Default
• Ternary In Concat
• Test Then Cast
• Throw Functioncall
• Throw In Destruct
• Throws An Assignement
• Timestamp Difference
• Too Many Array Dimensions
• Too Many Dereferencing
• Too Many Finds
• Too Many Injections
• Too Many Local Variables
• Too Many Native Calls
• Trait Not Found
• Typehint Must Be Returned
• Typehinted References
• Uncaught Exceptions
• Unchecked Resources
• Unconditional Break In Loop
• Undefined Class Constants
• Undefined Classes
• Undefined Constant Name
• Undefined Constants
• Undefined Functions
• Undefined Insteadof
• Undefined Interfaces
• Undefined Parent
• Undefined Properties
• Undefined Trait
• Undefined Variable
• Undefined ::class
• Undefined static:: Or self::
• Unknown Parameter Name
• Unknown Pcre2 Option
• Unkown Regex Options
• Unpreprocessed Values
• Unresolved Classes
• Unresolved Instanceof
• Unresolved Use
• Unset In Foreach
• Unsupported Types With Operators
• Unthrown Exception
• Unused Arguments
• Unused Class Constant
• Unused Classes
• Unused Global
• Unused Inherited Variable In Closure
• Unused Returned Value
• Use === null
• Use Class Operator
• Use Constant
• Use Constant As Arguments
• Use Instanceof
• Use Named Boolean In Argument Definition
• Use PHP Object API
• Use Pathinfo
• Use Positive Condition
• Use System Tmp
• Use With Fully Qualified Name
• Use array_slice()
• Use const
• Use random_int()
• Used Once Property
• Used Once Variables (In Scope)
• Used Once Variables
• Useless Abstract Class
• Useless Alias
• Useless Brackets
• Useless Casting
• Useless Catch
• Useless Check
• Useless Constructor
• Useless Final
• Useless Global
• Useless Instructions
• Useless Interfaces
• Useless Parenthesis
• Useless Referenced Argument
• Useless Return
• Useless Switch
• Useless Unset
• Uses Default Values
• Using $this Outside A Class
• Using Deprecated Method
• Var Keyword
• Variable Is Not A Condition
• Weak Typing
• While(List() = Each())
• Written Only Variables
• Wrong Access Style to Property
• Wrong Argument Type
• Wrong Number Of Arguments
• Wrong Optional Parameter
• Wrong Parameter Type
• Wrong Range Check
• Wrong Returned Type
• Wrong Type For Native PHP Function
• Wrong Type With Call
• Wrong Typed Property Default
• Wrong fopen() Mode
• __DIR__ Then Slash
• __toString() Throws Exception
• array_key_exists() Works On Arrays
• array_merge() And Variadic
• error_reporting() With Integers
• eval() Without Try
• func_get_arg() Modified
• include_once() Usage
• list() May Omit Variables
• preg_replace With Option e
• self, parent, static Outside Class
• strip_tags Skips Closed Tag
• strpos() Too Much
• var_dump()… Usage

8.3.2. CI-checks

This ruleset is a collection of important rules to run in a CI pipeline.

Total : 177 analysis

• @ Operator
• Adding Zero
• Aliases Usage
• Altering Foreach Without Reference
• Always Positive Comparison
• Assign And Compare
• Assign With And
• Avoid Parenthesis
• Avoid Substr() One
• Avoid get_class()
• Callback Needs Return
• Cant Implement Traversable
• Casting Ternary
• Check JSON
• Check On __Call Usage
• Class Without Parent
• Coalesce And Concat
• Concat And Addition
• Constant Class
• Constants With Strange Names
• Could Use Short Assignation
• Could Use __DIR__
• Could Use str_repeat()
• Dangling Array References
• Deprecated Functions
• Don’t Echo Error
• Don’t Unset Properties
• Drop Else After Return
• Else If Versus Elseif
• Empty Blocks
• Empty Namespace
• Exit() Usage
• Failed Substr Comparison
• Foreach Reference Is Not Modified
• Forgotten Visibility
• Forgotten Whitespace
• Hidden Use Expression
• Htmlentities Calls
• Identical Conditions
• Identical On Both Sides
• If With Same Conditions
• Implied If
• Implode() Arguments Order
• Indices Are Int Or String
• Interfaces Is Not Implemented
• Invalid Pack Format
• Invalid Regex
• Is Actually Zero
• Is_A() With String
• Logical Mistakes
• Logical Should Use Symbolic Operators
• Lone Blocks
• Mbstring Third Arg
• Mbstring Unknown Encoding
• Merge If Then
• Missing Parenthesis
• Missing Returntype In Method
• Multiple Alias Definitions
• Multiple Alias Definitions Per File
• Multiple Class Declarations
• Multiple Constant Definition
• Multiple Identical Trait Or Interface
• Multiple Index Definition
• Multiples Identical Case
• Multiply By One
• Must Return Methods
• Negative Power
• Nested Ternary
• Next Month Trap
• No Choice
• No Class In Global
• No Direct Call To Magic Method
• No Empty Regex
• No Literal For Reference
• No Magic With Array
• No Parenthesis For Language Construct
• No Real Comparison
• No Reference For Ternary
• No Reference On Left Side
• No array_merge() In Loops
• No isset() With empty()
• Non Static Methods Called In A Static
• Not Equal Is Not !==
• Not Not
• Objects Don’t Need References
• One Variable String
• Or Die
• Overwritten Exceptions
• Possible Missing Subpattern
• Pre-increment
• Print And Die
• Printf Number Of Arguments
• Redeclared PHP Functions
• Redefined Class Constants
• Redefined Default
• Repeated Regex
• Repeated print()
• Results May Be Missing
• Return True False
• Same Conditions In Condition
• Same Variable Foreach
• Scalar Are Not Arrays
• Should Chain Exception
• Should Make Alias
• Should Make Ternary
• Should Typecast
• Should Use Coalesce
• Should Use Explode Args
• Should Use Prepared Statement
• Should Yield With Key
• Silently Cast Integer
• Static Methods Called From Object
• Static Methods Can’t Contain $this
• Strict Comparison With Booleans
• Strings With Strange Space
• Strpos()-like Comparison
• Strtr Arguments
• Switch Without Default
• Ternary In Concat
• Throw Functioncall
• Throw In Destruct
• Throws An Assignement
• Timestamp Difference
• Typehint Must Be Returned
• Typehinted References
• Unchecked Resources
• Unconditional Break In Loop
• Undefined Class Constants
• Undefined Constants
• Undefined Functions
• Undefined Insteadof
• Undefined Interfaces
• Undefined Properties
• Undefined Trait
• Undefined Variable
• Undefined ::class
• Unknown Parameter Name
• Unused Inherited Variable In Closure
• Use === null
• Use Class Operator
• Use Constant
• Use Constant As Arguments
• Use Instanceof
• Use PHP Object API
• Use Pathinfo
• Use System Tmp
• Use array_slice()
• Use const
• Use random_int()
• Useless Alias
• Useless Brackets
• Useless Casting
• Useless Catch
• Useless Check
• Useless Final
• Useless Instructions
• Useless Parenthesis
• Useless Unset
• Uses Default Values
• While(List() = Each())
• Wrong Access Style to Property
• Wrong Number Of Arguments
• Wrong Optional Parameter
• Wrong Parameter Type
• Wrong Returned Type
• Wrong Type For Native PHP Function
• Wrong Type With Call
• Wrong Typed Property Default
• Wrong fopen() Mode
• __DIR__ Then Slash
• error_reporting() With Integers
• eval() Without Try
• list() May Omit Variables
• preg_replace With Option e
• strip_tags Skips Closed Tag
• strpos() Too Much
• var_dump()… Usage

8.3.3. ClassReview

This ruleset focuses on classes construction issues, and their related structures : traits, interfaces, methods, properties, constants.

Total : 51 analysis

• Avoid Self In Interface
• Avoid option arrays in constructors
• Cancel Common Method
• Class Could Be Final
• Class Without Parent
• Classes Mutually Extending Each Other
• Could Be Abstract Class
• Could Be Class Constant
• Could Be Parent Method
• Could Be Private Class Constant
• Could Be Protected Class Constant
• Could Be Protected Method
• Could Be Protected Property
• Could Be Static
• Could Use self
• Cyclic References
• Dependant Abstract Classes
• Different Argument Counts
• Disconnected Classes
• Double Object Assignation
• Exceeding Typehint
• Final Class Usage
• Final Methods Usage
• Fossilized Method
• Hidden Nullable
• Insufficient Property Typehint
• Interfaces Don’t Ensure Properties
• Interfaces Is Not Implemented
• Memoize MagicCall
• Method Could Be Private Method
• Method Could Be Static
• Mismatch Properties Typehints
• Missing Abstract Method
• Modified Typed Parameter
• No Self Referencing Constant
• Non Nullable Getters
• Nullable Without Check
• Property Could Be Local
• Property Could Be Private Property
• Raised Access Level
• Redefined Property
• Self Using Trait
• Uninitilized Property
• Unreachable Class Constant
• Unused Class Constant
• Unused Trait In Class
• Useless Interfaces
• Useless Typehint
• Wrong Access Style to Property
• Wrong Returned Type
• Wrong Typed Property Default

8.3.4. Coding Conventions

This ruleset centralizes all analysis related to coding conventions. Sometimes, those are easy to extract with static analysis, and so here they are. No all o them are available.

Total : 27 analysis

• All Uppercase Variables
• Bracketless Blocks
• Close Tags
• Constant Comparison
• Don’t Be Too Manual
• Echo Or Print
• Empty Slots In Arrays
• Heredoc Delimiter
• Interpolation
• Mistaken Concatenation
• Mixed Concat And Interpolation
• Multiple Classes In One File
• No Plus One
• Non-lowercase Keywords
• One Letter Functions
• Order Of Declaration
• Return With Parenthesis
• Should Be Single Quote
• Similar Integers
• Unusual Case For PHP Functions
• Use With Fully Qualified Name
• Use const
• Wrong Case Namespaces
• Wrong Class Name Case
• Wrong Function Name Case
• Wrong Typehinted Name
• Yoda Comparison

8.3.5. CompatibilityPHP53

This ruleset centralizes all analysis for the migration from PHP 5.2 to 5.3.

Total : 79 analysis

• Anonymous Classes
• Binary Glossary
• Break With 0
• Cant Inherit Abstract Method
• Cant Use Return Value In Write Context
• Child Class Removes Typehint
• Class Const With Array
• Closure May Use $this
• Coalesce Equal
• Concat And Addition
• Const Visibility Usage
• Const With Array
• Constant Scalar Expressions
• Continue Is For Loop
• Define With Array
• Dereferencing String And Arrays
• Direct Call To __clone()
• Ellipsis Usage
• Exponent Usage
• Flexible Heredoc
• Foreach With list()
• Function Subscripting
• Generator Cannot Return
• Group Use Declaration
• Group Use Trailing Comma
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 7.1-
• Integer As Property
• List Short Syntax
• List With Keys
• List With Reference
• Malformed Octal
• Methodcall On New
• Mixed Keys Arrays
• Multiple Definition Of The Same Argument
• Multiple Exceptions Catch()
• New Functions In PHP 5.4
• New Functions In PHP 5.5
• New Functions In PHP 5.6
• New Functions In PHP 7.0
• New Functions In PHP 7.3
• No List With String
• No Reference For Static Property
• No Return For Generator
• No String With Append
• No Substr Minus One
• No get_class() With Null
• Non Static Methods Called In A Static
• Null On New
• PHP 7.0 New Classes
• PHP 7.0 New Interfaces
• PHP 7.0 Scalar Typehints
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• PHP 7.3 Last Empty Argument
• PHP5 Indirect Variable Expression
• PHP7 Dirname
• Parenthesis As Parameter
• Php 7 Indirect Expression
• Php 7.1 New Class
• Php 7.2 New Class
• Php7 Relaxed Keyword
• Short Syntax For Arrays
• Switch With Too Many Default
• Trailing Comma In Calls
• Typed Property Usage
• Unicode Escape Partial
• Unicode Escape Syntax
• Unpacking Inside Arrays
• Use Const And Functions
• Use Lower Case For Parent, Static And Self
• Use Nullable Type
• Variable Global
• ::class
• __debugInfo() Usage
• ext/dba
• ext/fdf
• ext/ming
• isset() With Constant

8.3.6. CompatibilityPHP54

This ruleset centralizes all analysis for the migration from PHP 5.3 to 5.4.

Total : 75 analysis

• Anonymous Classes
• Break With Non Integer
• Calltime Pass By Reference
• Cant Inherit Abstract Method
• Cant Use Return Value In Write Context
• Child Class Removes Typehint
• Class Const With Array
• Coalesce Equal
• Concat And Addition
• Const Visibility Usage
• Const With Array
• Constant Scalar Expressions
• Continue Is For Loop
• Define With Array
• Dereferencing String And Arrays
• Direct Call To __clone()
• Ellipsis Usage
• Exponent Usage
• Flexible Heredoc
• Foreach With list()
• Functions Removed In PHP 5.4
• Generator Cannot Return
• Group Use Declaration
• Group Use Trailing Comma
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Hash Algorithms Incompatible With PHP 7.1-
• Integer As Property
• List Short Syntax
• List With Keys
• List With Reference
• Malformed Octal
• Mixed Keys Arrays
• Multiple Definition Of The Same Argument
• Multiple Exceptions Catch()
• New Functions In PHP 5.5
• New Functions In PHP 5.6
• New Functions In PHP 7.0
• New Functions In PHP 7.3
• No List With String
• No Reference For Static Property
• No Return For Generator
• No String With Append
• No Substr Minus One
• No get_class() With Null
• Non Static Methods Called In A Static
• Null On New
• PHP 7.0 New Classes
• PHP 7.0 New Interfaces
• PHP 7.0 Scalar Typehints
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• PHP 7.3 Last Empty Argument
• PHP5 Indirect Variable Expression
• PHP7 Dirname
• Parenthesis As Parameter
• Php 7 Indirect Expression
• Php 7.1 New Class
• Php 7.2 New Class
• Php7 Relaxed Keyword
• Switch With Too Many Default
• Trailing Comma In Calls
• Typed Property Usage
• Unicode Escape Partial
• Unicode Escape Syntax
• Unpacking Inside Arrays
• Use Const And Functions
• Use Lower Case For Parent, Static And Self
• Use Nullable Type
• Variable Global
• ::class
• __debugInfo() Usage
• crypt() Without Salt
• ext/mhash
• isset() With Constant

8.3.7. CompatibilityPHP55

This ruleset centralizes all analysis for the migration from PHP 5.4 to 5.5.

Total : 67 analysis

• Anonymous Classes
• Cant Inherit Abstract Method
• Child Class Removes Typehint
• Class Const With Array
• Coalesce Equal
• Concat And Addition
• Const Visibility Usage
• Const With Array
• Constant Scalar Expressions
• Continue Is For Loop
• Define With Array
• Direct Call To __clone()
• Ellipsis Usage
• Exponent Usage
• Flexible Heredoc
• Functions Removed In PHP 5.5
• Generator Cannot Return
• Group Use Declaration
• Group Use Trailing Comma
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Hash Algorithms Incompatible With PHP 7.1-
• Integer As Property
• List Short Syntax
• List With Keys
• List With Reference
• Malformed Octal
• Multiple Definition Of The Same Argument
• Multiple Exceptions Catch()
• New Functions In PHP 5.6
• New Functions In PHP 7.0
• New Functions In PHP 7.3
• No List With String
• No Reference For Static Property
• No Return For Generator
• No String With Append
• No Substr Minus One
• No get_class() With Null
• Non Static Methods Called In A Static
• Null On New
• PHP 7.0 New Classes
• PHP 7.0 New Interfaces
• PHP 7.0 Scalar Typehints
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• PHP 7.3 Last Empty Argument
• PHP5 Indirect Variable Expression
• PHP7 Dirname
• Parenthesis As Parameter
• Php 7 Indirect Expression
• Php 7.1 New Class
• Php 7.2 New Class
• Php7 Relaxed Keyword
• Switch With Too Many Default
• Trailing Comma In Calls
• Typed Property Usage
• Unicode Escape Partial
• Unicode Escape Syntax
• Unpacking Inside Arrays
• Use Const And Functions
• Use Nullable Type
• Use password_hash()
• Variable Global
• __debugInfo() Usage
• ext/apc
• ext/mysql
• isset() With Constant

8.3.8. CompatibilityPHP56

This ruleset centralizes all analysis for the migration from PHP 5.5 to 5.6.

Total : 57 analysis

• $HTTP_RAW_POST_DATA Usage
• Anonymous Classes
• Cant Inherit Abstract Method
• Child Class Removes Typehint
• Coalesce Equal
• Concat And Addition
• Const Visibility Usage
• Continue Is For Loop
• Define With Array
• Direct Call To __clone()
• Flexible Heredoc
• Generator Cannot Return
• Group Use Declaration
• Group Use Trailing Comma
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Hash Algorithms Incompatible With PHP 7.1-
• Integer As Property
• List Short Syntax
• List With Keys
• List With Reference
• Malformed Octal
• Multiple Definition Of The Same Argument
• Multiple Exceptions Catch()
• New Functions In PHP 7.0
• New Functions In PHP 7.3
• No List With String
• No Reference For Static Property
• No Return For Generator
• No String With Append
• No Substr Minus One
• No get_class() With Null
• Non Static Methods Called In A Static
• Null On New
• PHP 7.0 New Classes
• PHP 7.0 New Interfaces
• PHP 7.0 Scalar Typehints
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• PHP 7.3 Last Empty Argument
• PHP5 Indirect Variable Expression
• PHP7 Dirname
• Parenthesis As Parameter
• Php 7 Indirect Expression
• Php 7.1 New Class
• Php 7.2 New Class
• Php 8.0 Only TypeHints
• Php7 Relaxed Keyword
• Switch With Too Many Default
• Trailing Comma In Calls
• Typed Property Usage
• Unicode Escape Partial
• Unicode Escape Syntax
• Unpacking Inside Arrays
• Use Nullable Type
• Variable Global
• isset() With Constant

8.3.9. CompatibilityPHP70

This ruleset centralizes all analysis for the migration from PHP 5.6 to 7.0.

Total : 49 analysis

• Break Outside Loop
• Cant Inherit Abstract Method
• Child Class Removes Typehint
• Coalesce Equal
• Concat And Addition
• Const Visibility Usage
• Continue Is For Loop
• Empty List
• Flexible Heredoc
• Foreach Don’t Change Pointer
• Group Use Trailing Comma
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Hash Algorithms Incompatible With PHP 7.1-
• Hexadecimal In String
• Integer As Property
• List Short Syntax
• List With Appends
• List With Keys
• List With Reference
• Magic Visibility
• Multiple Exceptions Catch()
• New Functions In PHP 7.3
• No Reference For Static Property
• No Substr Minus One
• No get_class() With Null
• PHP 7.0 Removed Directives
• PHP 7.0 Removed Functions
• PHP 7.1 Scalar Typehints
• PHP 7.2 Scalar Typehints
• PHP 7.3 Last Empty Argument
• Php 7 Indirect Expression
• Php 7.1 New Class
• Php 7.2 New Class
• Php 8.0 Only TypeHints
• Reserved Keywords In PHP 7
• Setlocale() Uses Constants
• Simple Global Variable
• Trailing Comma In Calls
• Typed Property Usage
• Union Typehint
• Unpacking Inside Arrays
• Use Nullable Type
• Usort Sorting In PHP 7.0
• ext/ereg
• func_get_arg() Modified
• mcrypt_create_iv() With Default Values
• preg_replace With Option e
• set_exception_handler() Warning

8.3.10. CompatibilityPHP71

This ruleset centralizes all analysis for the migration from PHP 7.0 to 7.1.

Total : 36 analysis

• Avoid Substr() One
• Cant Inherit Abstract Method
• Child Class Removes Typehint
• Coalesce Equal
• Concat And Addition
• Continue Is For Loop
• Flexible Heredoc
• Group Use Trailing Comma
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Hexadecimal In String
• Integer As Property
• Invalid Octal In String
• List With Reference
• New Functions In PHP 7.1
• New Functions In PHP 7.3
• No Reference For Static Property
• No get_class() With Null
• PHP 7.0 Removed Directives
• PHP 7.0 Removed Functions
• PHP 7.1 Microseconds
• PHP 7.1 Removed Directives
• PHP 7.2 Scalar Typehints
• PHP 7.3 Last Empty Argument
• Php 7.2 New Class
• Php 8.0 Only TypeHints
• Signature Trailing Comma
• String Initialization
• Trailing Comma In Calls
• Typed Property Usage
• Union Typehint
• Unpacking Inside Arrays
• Use random_int()
• Using $this Outside A Class
• ext/mcrypt
• preg_replace With Option e

8.3.11. CompatibilityPHP72

This ruleset centralizes all analysis for the migration from PHP 7.1 to 7.2.

Total : 29 analysis

• Avoid set_error_handler $context Argument
• Can’t Count Non-Countable
• Coalesce Equal
• Concat And Addition
• Continue Is For Loop
• Flexible Heredoc
• Hash Algorithms Incompatible With PHP 5.3
• Hash Algorithms Incompatible With PHP 5.4/5.5
• Hash Will Use Objects
• List With Reference
• New Constants In PHP 7.2
• New Functions In PHP 7.2
• New Functions In PHP 7.3
• No Reference For Static Property
• No get_class() With Null
• PHP 7.2 Deprecations
• PHP 7.2 Object Keyword
• PHP 7.2 Removed Functions
• PHP 7.3 Last Empty Argument
• Php 7.2 New Class
• Php 8.0 Only TypeHints
• Signature Trailing Comma
• Throw Was An Expression
• Trailing Comma In Calls
• Typed Property Usage
• Undefined Constants
• Union Typehint
• Unpacking Inside Arrays
• preg_replace With Option e

8.3.12. CompatibilityPHP73

This ruleset centralizes all analysis for the migration from PHP 7.2 to 7.3.

Total : 18 analysis

• Assert Function Is Reserved
• Case Insensitive Constants
• Coalesce Equal
• Compact Inexistant Variable
• Concat And Addition
• Continue Is For Loop
• Don’t Read And Write In One Expression
• New Functions In PHP 7.3
• Numeric Literal Separator
• PHP 7.3 Removed Functions
• PHP 74 New Directives
• Php 8.0 Only TypeHints
• Signature Trailing Comma
• Throw Was An Expression
• Typed Property Usage
• Union Typehint
• Unknown Pcre2 Option
• Unpacking Inside Arrays

8.3.13. CompatibilityPHP74

This ruleset centralizes all analysis for the migration from PHP 7.3 to 7.4.

Total : 29 analysis

• Concat And Addition
• Detect Current Class
• Don’t Read And Write In One Expression
• Filter To add_slashes()
• Hash Algorithms Incompatible With PHP 7.4-
• Nested Ternary Without Parenthesis
• New Constants In PHP 7.4
• New Functions In PHP 7.4
• New Functions In PHP 8.0
• No More Curly Arrays
• PHP 7.4 Constant Deprecation
• PHP 7.4 Removed Directives
• PHP 7.4 Removed Functions
• PHP 7.4 Reserved Keyword
• Php 7.4 New Class
• Php 8.0 Only TypeHints
• Php 8.0 Variable Syntax Tweaks
• Php/UseMatch
• Reflection Export() Is Deprecated
• Scalar Are Not Arrays
• Signature Trailing Comma
• Throw Was An Expression
• Unbinding Closures
• Union Typehint
• array_key_exists() Works On Arrays
• curl_version() Has No Argument
• idn_to_ascii() New Default
• mb_strrpos() Third Argument
• openssl_random_pseudo_byte() Second Argument

8.3.14. CompatibilityPHP80

This ruleset centralizes all analysis for the migration from PHP 7.4 to 8.0.

Total : 11 analysis

• $php_errormsg Usage
• Cast Unset Usage
• Concat And Addition
• Mismatch Parameter Name
• Negative Start Index In Array
• Nullable With Constant
• Old Style Constructor
• PHP 8.0 Removed Constants
• PHP 8.0 Removed Directives
• PHP 8.0 Removed Functions
• Unsupported Types With Operators

8.3.15. Dead code

This ruleset focuses on dead code : expressions or even structures that are written, valid but never used.

Total : 26 analysis

• Can’t Extend Final
• Empty Instructions
• Empty Namespace
• Exception Order
• Locally Unused Property
• Rethrown Exceptions
• Self Using Trait
• Undefined Caught Exceptions
• Unreachable Code
• Unresolved Catch
• Unresolved Instanceof
• Unset In Foreach
• Unthrown Exception
• Unused Classes
• Unused Constants
• Unused Functions
• Unused Inherited Variable In Closure
• Unused Interfaces
• Unused Label
• Unused Methods
• Unused Private Methods
• Unused Private Properties
• Unused Protected Methods
• Unused Returned Value
• Unused Use
• Useless Type Check

8.3.16. LintButWontExec

This ruleset focuses on PHP code that lint (php -l), but that will not run. As such, this ruleset tries to go further than PHP, by connecting files, just like during execution.

Total : 29 analysis

• Abstract Or Implements
• Can’t Throw Throwable
• Cant Implement Traversable
• Classes Mutually Extending Each Other
• Clone With Non-Object
• Concrete Visibility
• Could Be Stringable
• Final Class Usage
• Final Methods Usage
• Incompatible Signature Methods
• Interfaces Is Not Implemented
• Method Collision Traits
• Method Signature Must Be Compatible
• Mismatch Properties Typehints
• Mismatch Type And Default
• Must Return Methods
• No Magic With Array
• No Self Referencing Constant
• Only Variable For Reference
• Raised Access Level
• Repeated Interface
• Trait Not Found
• Typehint Must Be Returned
• Undefined Insteadof
• Undefined Trait
• Useless Alias
• Using $this Outside A Class
• Wrong Typed Property Default
• self, parent, static Outside Class

8.3.17. Performances

This ruleset focuses on performances issues : anything that slows the code’s execution.

Total : 46 analysis

• @ Operator
• Always Use Function With array_key_exists()
• Autoappend
• Avoid Concat In Loop
• Avoid Large Array Assignation
• Avoid Substr() One
• Avoid array_push()
• Avoid array_unique()
• Avoid glob() Usage
• Cache Variable Outside Loop
• Closure Could Be A Callback
• Could Use Short Assignation
• Do In Base
• Double array_flip()
• Echo With Concat
• Eval() Usage
• Fetch One Row Format
• For Using Functioncall
• Getting Last Element
• Global Inside Loop
• Isset() On The Whole Array
• Joining file()
• Make Magic Concrete
• Make One Call With Array
• No Count With 0
• No array_merge() In Loops
• No mb_substr In Loop
• Optimize Explode()
• Pre-increment
• Processing Collector
• Regex On Arrays
• Should Use Function
• Should Use array_column()
• Simple Switch
• Simplify Regex
• Slice Arrays First
• Slow Functions
• Substring First
• Use Class Operator
• Use PHP7 Encapsed Strings
• Use The Blind Var
• Use pathinfo() Arguments
• While(List() = Each())
• array_key_exists() Speedup
• fputcsv() In Loops
• time() Vs strtotime()

8.3.18. Rector

RectorPHP is a reconstructor tool. It applies modifications in the PHP code automatically. Exakat finds results which may be automatically updated with rector.

Total : 3 analysis

• Else If Versus Elseif
• Is_A() With String
• Preprocessable

8.3.19. Security

This ruleset focuses on code security.

Total : 44 analysis

• Always Anchor Regex
• Avoid Those Hash Functions
• Avoid sleep()/usleep()
• Check Crypto Key Length
• Compare Hash
• Configure Extract
• Direct Injection
• Don’t Echo Error
• Dynamic Library Loading
• Encoded Simple Letters
• Eval() Usage
• Hardcoded Passwords
• Indirect Injection
• Integer Conversion
• Keep Files Access Restricted
• Minus One On Error
• Mkdir Default
• No ENT_IGNORE
• No Hardcoded Hash
• No Hardcoded Ip
• No Hardcoded Port
• No Net For Xml Load
• No Return Or Throw In Finally
• No Weak SSL Crypto
• Phpinfo
• Random Without Try
• Register Globals
• Safe Curl Options
• Safe HTTP Headers
• Session Lazy Write
• Set Cookie Safe Arguments
• Should Use Prepared Statement
• Should Use session_regenerateid()
• Sqlite3 Requires Single Quotes
• Switch Fallthrough
• Unserialize Second Arg
• Upload Filename Injection
• Use random_int()
• eval() Without Try
• filter_input() As A Source
• move_uploaded_file Instead Of copy
• parse_str() Warning
• preg_replace With Option e
• var_dump()… Usage

8.3.20. Semantics

This ruleset focuses on human interpretation of the code. It reviews special values of literals, and named structures.

Total : 13 analysis

• Class Function Confusion
• Duplicate Literal
• Fn Argument Variable Confusion
• Mismatch Parameter And Type
• One Letter Functions
• Parameter Hiding
• Prefix And Suffixes With Typehint
• Property Variable Confusion
• Semantic Typing
• Similar Integers
• Variables With One Letter Names
• Weird Array Index
• Wrong Typehinted Name

8.3.21. Suggestions

This ruleset focuses on possibly better syntax than the one currently used. Those may be code modernization, alternatives, more efficient solutions, or simply left over from older versions.

Total : 92 analysis

• ** For Exponent
• Abstract Away
• Add Default Value
• Already Parents Interface
• Avoid Real
• Avoid Substr() One
• Cancel Common Method
• Closure Could Be A Callback
• Compact Inexistant Variable
• Complex Dynamic Names
• Could Be Constant
• Could Be Static Closure
• Could Make A Function
• Could Use Alias
• Could Use Compact
• Could Use Promoted Properties
• Could Use Try
• Could Use __DIR__
• Could Use array_fill_keys
• Could Use array_unique
• Could Use self
• Detect Current Class
• Directly Use File
• Don’t Loop On Yield
• Dont Compare Typed Boolean
• Drop Else After Return
• Drop Substr Last Arg
• Echo With Concat
• Empty With Expression
• Function Subscripting, Old Style
• Implode One Arg
• Isset Multiple Arguments
• Isset() On The Whole Array
• Large Try Block
• Logical Should Use Symbolic Operators
• Mismatched Ternary Alternatives
• Multiple Unset()
• Multiple Usage Of Same Trait
• Named Regex
• Never Used Parameter
• No Need For get_class()
• No Parenthesis For Language Construct
• No Return Used
• One If Is Sufficient
• Overwritten Exceptions
• PHP7 Dirname
• Parent First
• Possible Alias Confusion
• Possible Increment
• Preprocess Arrays
• Randomly Sorted Arrays
• Repeated print()
• Return With Parenthesis
• Reuse Variable
• Set Aside Code
• Should Deep Clone
• Should Have Destructor
• Should Preprocess Chr()
• Should Use Coalesce
• Should Use Foreach
• Should Use Math
• Should Use Operator
• Should Use array_column()
• Should Use array_filter()
• Slice Arrays First
• Static Global Variables Confusion
• Strict Comparison With Booleans
• Substr To Trim
• Substring First
• Too Long A Block
• Too Many Children
• Too Many Parameters
• Too Much Indented
• Unitialized Properties
• Unreachable Code
• Unused Interfaces
• Use Array Functions
• Use Basename Suffix
• Use Case Value
• Use Count Recursive
• Use DateTimeImmutable Class
• Use List With Foreach
• Use Url Query Functions
• Use is_countable
• Use json_decode() Options
• Use session_start() Options
• Useless Default Argument
• Useless Typehint
• While(List() = Each())
• array_key_exists() Speedup
• list() May Omit Variables
• preg_match_all() Flag

8.3.22. Top10

This ruleset is a selection of analysis, with the top 10 most common. Actually, it is a little larger than that.

Total : 28 analysis

• Avoid Concat In Loop
• Avoid Real
• Avoid Substr() One
• Concat And Addition
• Could Use str_repeat()
• Dangling Array References
• Don’t Unset Properties
• Failed Substr Comparison
• For Using Functioncall
• Logical Operators Favorite
• Logical Should Use Symbolic Operators
• Next Month Trap
• No Choice
• No Real Comparison
• No array_merge() In Loops
• Objects Don’t Need References
• Possible Missing Subpattern
• Queries In Loops
• Repeated print()
• Should Yield With Key
• Strpos()-like Comparison
• Substring First
• Unitialized Properties
• Unresolved Instanceof
• Use List With Foreach
• Use const
• Used Once Variables
• fputcsv() In Loops

8.3.23. Typechecks

This ruleset focuses on typehinting. Missing typehint, or inconsistent typehint, are reported.

Total : 23 analysis

• Argument Should Be Typehinted
• Bad Typehint Relay
• Child Class Removes Typehint
• Could Be Callable
• Could Be Float
• Could Be Integer
• Could Be Iterable
• Could Be Null
• Could Be Parent
• Could Be Self
• Could Be String
• Could Be Void
• Fossilized Method
• Insufficient Typehint
• Mismatch Type And Default
• Mismatched Default Arguments
• Mismatched Typehint
• Missing Typehint
• No Class As Typehint
• Not A Scalar Type
• Useless Interfaces
• Wrong Argument Type
• Wrong Type With Call

8.3.24. php-cs-fixable

[PHP-CS-fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer) is a tool to automatically fix PHP Coding Standards issues. It applies modifications in the PHP code automatically. Exakat finds results which may be automatically updated with php-cs-fixer.

Total : 11 analysis

• ** For Exponent
• Could Use __DIR__
• Don’t Unset Properties
• Else If Versus Elseif
• Implode One Arg
• Isset Multiple Arguments
• Logical Should Use Symbolic Operators
• Multiple Unset()
• PHP7 Dirname
• Use === null
• Use Constant