Exakat changelog
This is the Exakat Changelog, up to version 1.6.7.
Version 1.6.7
King Chujiang, coming up – Li
- Architecture
- Documentation covers more PHP functions
- Added some missing PHP functions
- Fixed destination folder for extensions
- Report
- Ambassador : limited size of default values in visibility report.
- Ambassador : reporting class depth
- Ambassador : reporting dynamically created constants
- Diplomat : leanner, meaner version of Ambassador
- New category : Top 10 classic mistakes
- Analyzer
- New analysis : Report when relayed typehint are not the sames
- Updated analysis : Regex now handles local variables and constants
- Updated analysis : Variables Used Once now covers closures and use
- Checked unit tests : 2846 / 2867 test pass (99% pass)
- Tokenizer
- Defineconstant may be constant
- Fixed handling of Nullable for typehint
- Started preparing for Gremlin 3.4.0 : WIP
Version 1.6.6
King Qinguang , 2019-02-11 – Jiang
- Architecture
- Removed FetchContext() from DSL
- Added options to follow constants from atomIs.
- Report
- Now dumps magic methods
- Analyzer
- New analysis : Report insufficient interfaces in typehint
- Updated analysis : Class constant now ignore empty classes
- Checked unit tests : 2837 / 2858 test pass (99% pass)
- Tokenizer
- Moved ‘Define’ to its own atom
- Upgraded Logical to hanlde Strings as PHP
- Fixed T_POWER => T_POW
- Refactored calculation for globalpath
- Fixed edgecase with endswitch;
Version 1.6.5
2019-02-04 – Mahagate
- Architecture
- Added CVS as an external service
- Graph GSNeo4j export variable for shell access. putenv is not sufficient
- Dump : report class name, not its code
- Extended listAllThemes to extensions
- Fixed bug in extension loader with phar
- Report
- Ambassador : restored file dependencies tree
- Ambassador : fixed altered directive filename
- Ambassador : added direct link to docs
- Analyzer
- New analysis : arrays that are initialized with strings
- New analysis : Avoid Lone variables as conditions
- New analysis : Added support for weakref and pcov
- Updated analysis : extended regex to arrays in preg_* calls
- Updated analysis : Implicit globals now also marks the variable in global space
- Updated analysis : Add Zero, Multiply by One also cover 2 * $x = 1;
- Updated analysis : Could Use Interface now takes into account PHP interfaces, and classes first level.
- Updated analysis : Relay Functions now omits calls to parent’s __construct and __destruct
- Checked unit tests : 2830 / 2852 test pass (99% pass)
Version 1.6.4
2019-01-28 – Parasamgate
- Architecture
- Added support for CVS as a VCS
- Upgraded support for tar as a VCS
- Added support modification counts by files
- Added first tracking for closures
- Upgraded Tinkergraph driver
- Report
- Added Atoms in the documentations
- Extra protection for Class Changes
- Analyzer
- Updated analysis : Use-arguments are now counted as arguments
- Updated analysis : Max Argument check was refactored
- Updated analysis : IsModified now takes into account extensions
- Updated analysis : Should Use This now exclude empty methods
- Updated analysis : undefined classes now support PHP 7.4 typed properties
- Updated analysis : added missing scalar PHP types
- Updated analysis : uncaught exceptions now cover parents
- Updated analysis : refactored incompatibility checks for methods
- Checked unit tests : 2824 / 2841 test pass (99% pass)
- Tokenizer
- Refactored alternative ending, removed extra VOID
- Upgraded contexts and their nesting
- Added extra checks on variables names
- Added support for ??= (PHP 7.4)
Version 1.6.3
2019-01-21 – Paragate
- Architecture
- Better presentation for exakat extensions
- Added build.xml for Jenkins
- Fixed copyright years
- Report
- Ambassador : fixed class name for Phpcompilation
- Analyzer
- New analysis : assign and compare at the same time
- Updated analysis : uncaught exceptions now cover parents
- Updated analysis : strpos too much is extended to strrpos and strripos
- Updated analysis : Refactored Indirect injections for more refined reports
- Updated analysis : Empty Block doesn’t omit Ifthen anymore
- Updated analysis : Implemented methods are public mistook interface methods
- Updated analysis : Object Reference omits arguments that are wholly assigned
- Checked unit tests : 2808 / 2826 test pass (99% pass)
- Tokenizer
- Added support for PHP 7.4 typed properties (needs PHP 7.4-dev)
Version 1.6.2
2019-01-14 – Silver Headed Gate
- Architecture
- Fixed infinite loop when an option missed a value
- Produce phpversion in config.ini, but leave it commented
- Report
- Ambassador : colored syntax for visibility report
- Ambassador : inventory reports now display number of usages
- Analyzer
- Updated analysis : Added support for PHP 7.2.14
- Updated analysis : Avoid Using Class handles \
- Updated analysis : Unused Functions works with multiple identical functions
- Checked unit tests : 2795 / 2817 test pass (99% pass)
- Tokenizer
- Fixed bug that mixed T_OR and T_XOR
- Fixed bug that missed intval for Power
- Handles multiple definitions of functions
- Removed one Void too many with closing tag
Version 1.6.1
2019-01-07 – Golden Light Gate
- Architecture
- Upgraded documentation for Extensions
- Upgraded processing of files, specially with special chars
- Project stops when no token are found
- Storing hash for each files. RFU.
- Report
- Ambassador : added support for class constant’s changes
- Ambassador : added classSize report
- Ambassador : ‘New issues’ now takes line difference into account
- Themes are better dumped
- Analyzer
- New analysis : array_key_exists() is faster in PHP 7.4
- New analysis : partial report from preg_match()
- Updated analysis : Avoid Using Class handles \
- Updated analysis : Class Usage uses class_alias()
- Updated analysis : Empty traits
- Updated analysis : Unused arguments now skips __set()
- Updated analysis : Path strings
- Updated analysis : Missing include handles more concatenations
- Checked unit tests : 2792 / 2812 test pass (99% pass)
- Tokenizer
- Fixed precedence for identical operators
- Fixed bug with ?> inside switch
Version 1.6.0
2018-12-31 – VirupakSa
- Architecture
- VCS are not tested when they are not used
- Analyzer
- Updated analysis : Php Reserved names ignores variable variables
- Updated analysis : Array not using a constant, with Heredoc
- Updated analysis : Long arguments
- Updated analysis : Empty With Expression ignores simple assignations
- Refactored analysis : Callback needs returns
- Refactored analysis : No Return used
- Checked unit tests : 2780 / 2805 test pass (99% pass)
- Tokenizer
- Fixed regression with Yield and =>
- Fixed edge case “$a[-0x00]”
Version 1.5.9
2018-12-24 – Dhrtarastra
- Architecture
- Use PHP in project config for default PHP version
- cleandb uses -p
- Moved projects/.exakat to projects/<-p>/.exakat folders
- Using $config and not more hardcoded tinkergraph
- Extra check on doctor
- Report
- Ambassador : extra check for ‘previous’ report
- Analyzer
- Upgraded analysis : Empty With Expression skip a few false positive
- Checked unit tests : 2770 / 2795 test pass (99% pass)
- Tokenizer
- Fixed edgecase for methods named ‘class’
- Fixed class name in Project
Version 1.5.8
2018-12-17 – Virudhaka
- Architecture
- Handles themas provided by extensions
- Added busyTimeout for dump.sqlite
- Reduced size of thema tables
- Docs handle parameter dynamically
- Added ‘update’ for extensions
- Report
- Ambassador : added a ‘Path’ inventory, with file paths
- Analyzer
- New analysis : Closures that are identical
- Upgraded analysis : Url and SQL detection, case sensitivity
- Upgraded analysis : Could Use array_fill_keys
- Upgraded analysis : Undefined functions doesn’t miss functions inside classes, handles interfaces
- Upgraded analysis : Empty Functions better handles return;
- Upgraded analysis : Long Argument may be configured
- Upgraded analysis : Fixed bug with empty include path
- Checked unit tests : 2770 / 2795 test pass (99% pass)
- Tokenizer
- Added FNP to strings
- First link between method and definition with typehint
- Support for class_alias
- Fixed edge case with use ?>
- Fixed variable in string behavior for $this and $php variables
Version 1.5.7
2018-12-10 – Vaisravana
- Architecture
- Extended Dump to support aliased methods
- Support for SQLITE in extensions
- Moved each framework to extensions
- Added Laravel extension
- Documentation
- First version for the Extension chapter
- Fixed mysterious ‘ in the docs
- Report
- Ambassador : added a ‘New issues’ section, with new analysis
- Ambassador : added trait matrix
- Ambassador : fixed an infinite loop when trait include themselves in cycles
- Added more message count to several reports
- Analyzer
- New analysis : method could be static
- New analysis : multiple inclusion of traits
- New analysis : avoid self using traits
- New analysis : ext/wasm and ext/async
- Upgraded analysis : No Hardcoded Hash, skip hexadecimal numbers
- Upgraded analysis : Defined properties extends to traits
- Upgraded analysis : PSS outside a class, when PSS are in strings
- Upgraded analysis : Access private works with methods (not just static)
- Checked unit tests : 2772 / 2785 test pass (99% pass)
- Tokenizer
- Fixed bug in Dump, when nothing to clean
- Fixed edge bug on Callable detection
- Extended support for self, static and parent, in typehint and new
- Fixed precedence of yield and yield from
- Fixed handling of throw at the end of a script
- Added support to solve conflict on traits
Version 1.5.6
2018-12-03 – Jingang
- Architecture
- Moved all framework to extensions. WIP.
- Code cleaning
- Refactored the analysis dependency sorting
- Now display progress bar for files
- Fixed configuration for directories and files
- Report
- Fixed FileDependecy and DependencyWheel, to actually count messages
- Analyzer
- Added a lot more new method descriptions for PHP native classes
- New analysis : suggestion simplification for !isset($a) || !isset($a[1])
- New analysis : Useless Trait alias
- New analysis : report usage of ext/sdl
- Upgraded analysis : Refactored IsZero, to handle assignations and parenthesis
- Upgraded analysis : pack format is better checked
- Checked unit tests : 2759 / 2771 test pass (99% pass)
- Tokenizer
- Fixed a missing fullnspath for origin in Use for Traits
- Handles simple aliases for traits methods
- Fixed mishandling of variables inside strings
- Fixed support of negative numbers inside strings
- Fixed bug with yield inside an array
- Fixed strange case with define and integers as constant names
Version 1.5.5
2018-11-25 – Ratnadhvaja
- Architecture
- Initial version of Exakat extensions
- Moved processing of 2-tokens files to Load
- Speed up CSV creations
- Upgrades are read from https, no http
- Moved loading’s sqlite to memory for speed gain
- Doctor now auto-create test folder
- Report
- New report : Php city. See your PHP code as a city
- Ambassador : Appinfo() now reports keywords used as method or property
- Fixed reported names of properties
- Analyzer
- New analysis : checks some HTTP headers for security
- New analysis : Use _file() functions, not file_get_contents()
- New analyzer : Optimize looks for fgetcsv()
- Upgraded analysis : Several refactored analysis
- Checked unit tests : 3083 / 3096 test pass (99% pass)
- Tokenizer
- Fixed encoding error in loading, for clone types.
Version 1.5.4
2018-11-19 – Mahakasyapa
- Architecture
- Added error message for memory limit
- Added GC to Project action
- Migrated Melis to extension
- Dumping data is now done en masse
- Analysers now handle side-queries
- Clear message in case of memory limit
- Doctor doesn’t stop at missing helpers
- VCS leak less errors
- Added support for 7z
- Extended validation for themas
- Restored Tinkergraph driver
- Upgrade logs with extra reports
- Analyzer
- New analyzer : Report problems with class constant visibilities
- New analyzer : Avoid self, parent and static in interfaces
- Upgraded analyzer : Variable reuse now skips empty arrays
- Checked unit tests : 3077 / 3090 test pass (99% pass)
- Tokenizer
- Fixed bug where variable was mistaken for a string inside strings
Version 1.5.3
2018-11-12 – Ananda
- Architecture
- Extended results to methods, traits
- Added support for PHP 7.2.12
- ‘master’ is not used anymore as default branch
- Fixed creation of initial config/exakat.ini
- Fixed handling badly written exakat.ini or PHP binary paths
- Report
- Ambassador : report classes that could be final or abstract
- Analyzer
- New analyzer : Property Used Once : now includes redefined functions
- New analyzer : iterator_to_array() should use yield with keys or array_merge()
- New analyzer : Don’t loop on yield : use yield from
- Upgraded analyzer : Dependant trait now include parent-traits
- Checked unit tests : 3080 / 3093 test pass (99% pass)
- Tokenizer
- Changed handling of variable that are both global AND local
- Disambiguated variables and properties
- Extended OVERWRITE to constants and methods
Version 1.5.2
2018-11-05 – Master Puti
- Report
- Fixed storage of themes in dump.sqlite
- Ambassador : report nothing when there are no trait, interface or class in the tree.
- Analyzer
- New analyzer : idn_to_ascii() will get new default
- New analyzer : support for decimal extension
- New analyzer : support for psr extension
- Upgraded analyzer : Extended support to PHP native exceptions
- Upgraded analyzer : Could use typecast now handles intval() second param
- Upgraded analyzer : Variable strange names avoids properties
- Checked unit tests : 3058 / 3085 test pass (99% pass)
- Tokenizer
- Upgraded support for arrays inside strings (string/constant distinction)
- Added DEFINITION for constant() and defined()
- Fixed value of line for some ***definition
Version 1.5.1
2018-10-29 – Eighteen Arhats
- Analyzer
- New analyzer : could use basename() second args
- Upgraded analyzer : Variables strange names do not report …
- Checked unit tests : 3061 / 3079 test pass (99% pass)
- Tokenizer
- Moved TRAILING as a property
- Moved NULLABLE as a property
- Sync ALIAS with AS
- Fixed link between Use expression when using an alias
Version 1.5.0
2018-10-22 – Pilanpo Bodhisattva
- Architecture
- Fixed ” in the examples of the manual
- Upgraded stability with new history testing
- Report
- Ambassador : now report interface and trait hierarchy
- Ambassador : new format inventory for pack and printf
- Dump : Fixed list of traits
- Analyzer
- New analyzer : Could Use Try, for native calls that may produce an exception
- New analyzer : idn_to_ascii() will get new default
- Upgraded analyzer : Undefined variables exclude $this
- Upgraded analyzer : Variables used once avoid properties
- Upgraded analyzer : ext/json : JsonException
- Upgraded analyzer : added new PHP 7.3 constants (curl, pgsql, mbstring, standard)
- Upgraded analyzer : scalar or object property now ignore NULL as default
- Refactored analyzer : UsedProtectedMethod
- Checked unit tests : 3059 / 3071 test pass (99% pass)
- Tokenizer
- Handles NaN and INF when the literals reach them
- Static constant may be variable if object is variable
- Removed superfluous linking for static calls.
Version 1.4.9
2018-10-15 – Lingji Bodhisattva
- Architecture
- Extended documentation with phpVersion, time to fix and severity
- Upgraded bufixes to PHP 7.2.11
- Added more tests on arguments in the DSL
- Removed double definitions for class constants
- Initial support for extension folder
- Report
- Collect the number of local variables, per method
- Analyzer
- New analyzer : report accessing properties the wrong way
- New analyzer : suggest named patterns
- New analyzer : check Pack() arguments
- New analyzer : Return in generators, for PHP 7.0 +
- New analyzer : Repeated interfaces
- New analyzer : Static properties shouldn’t use references until PHP 7.3
- New analyzer : Don’t read and write in the same expression
- Upgraded analyzer : is interface methods, extended to magic methods
- Upgraded analyzer : empty regex
- Upgraded analyzer : never used properties
- Upgraded analyzer : logical operators in letters
- Upgraded analyzer : could use interface, extended with PHP native interfaces
- Upgraded analyzer : Is Zero, better handling of mixed expressions
- Refactored analyzer : Empty functions
- Refactored analyzer : Used Private Methods
- Checked unit tests : 3036 / 3055 test pass (99% pass)
- Tokenizer
- Added DEFINITION between new and __construct
- Added support for className::class()
- Added better support for dynamic method calls
- Added better support for dynamic property calls
- Removed some usage of TokenIs
Version 1.4.8
2018-10-08 – Ksitigarbha
- Architecture
- Adding more validation at DSL step level : stricter check on args, speed gain
- Cleaning more analysis from MAX_LOOPING variable
- Better protection for file names
- Removed static properties from DSL
- Analyzer
- New analysis : Don’t use __clone before PHP 7.0
- New analysis : Watch out for filter_input as a data source
- Upgraded analysis : Method Used Below refactored for speed
- Upgraded analysis : Undefined class constants now takes into account interfaces
- Removed anaysis : Relaxed Heredoc was double with Flexible Heredoc
- Checked unit tests : 3016 / 3033 test pass (99% pass)
- Tokenizer
- Build links between methodcall and method in a class
- Added links between method and its overwritten version in child
- Fixed fallback for functions
- Fixed linked between traits and their definition
- Removed variable definition for Parametername
- Simplified double usage between return and pushExpression()
Version 1.4.7
2018-10-01 – Maitreya
- Architecture
- Added ‘Suggestions’ section to documentation, for many rules
- WIP : removing usage of MAX_LOOPING in analysis
- Added a lot of new external services
- Added documentation for creating a new analysis
- Analyzer
- Upgraded analysis : No interface was dropped in PHP 7.2
- Upgraded analysis : IsAMagicProperty extended to parents
- Removed anaysis : Relaxed Heredoc was double with Flexible Heredoc
- Checked unit tests : 3017 / 3029 test pass (99% pass)
- Tokenizer
- Linking variable in closure’s use to its local variable
- Removed some unused atoms from GraphElements
Version 1.4.6
2018-09-24 – Dipankara
- Architecture
- Various code refactorisations
- Migration to PHPUnit 7.3.5
- Fixed filenames case
- Better handling of VCS
- More validations for project names
- More docs
- Report
- Ambassador/Weekly : fixed ‘ in analyser titles
- Analyzer
- Upgraded analysis : Fopen mode accepts ‘r+b’
- Upgraded analysis : Unused Traits
- Upgraded analysis : Undefined Variables
- Checked unit tests : 3020 / 3033 test pass (99% pass)
- Tokenizer
- New analysis : report literal used with reference
- Added support for boolval to Keyvalue
- Fixed support for boolval to Arraylist
- Added DEFINITION to static methods
- Added Variabledefinition for local variables
- Fixed bug in Not
Version 1.4.5
2018-09-17 – Guanyin Bodhisattva
- Architecture
- Removed times() for until() in Dumps
- Report
- Manual : added folders tree
- Analyzer
- New analysis : Add Default To Parameter
- Upgraded analysis : Avoid reporting PHP function as classes
- Upgraded analysis : More empty Functions than just foo() {}
- Upgraded analysis : Wrong Number of argument now takes into account variadic
- Upgraded analysis : Should Use Constant now encompasses () and ?: structures
- Upgraded analysis : This Is Not An Array now takes ArrayObject/SimpleXmlElement into account
- Checked unit tests : 3009 / 3020 test pass (99% pass)
- Tokenizer
- Fixed ‘constant’ status with Arrayliteral
- Fixed bug where strings are build close to the end of the script
Version 1.4.4
2018-09-10 – White Dragon Horse
- Architecture
- Doctor reports the set of tokens used
- Lots of docs checks
- Report
- Ambassador / Phpconfiguration : report disable_functions and disable_classes
- Finished Weekly report
- Analyzer
- New analysis : report ext/seaslog
- Upgraded analysis : Incompatible signatures
- Fixed DSL : analyzerIs
- Checked unit tests : 3000 / 3010 test pass (99% pass)
- Tokenizer
- Closure are now processed with runplugin
- Removed depencencies to usedClasses
- Fixed detections of Closure at the end of a script
Version 1.4.3
2018-09-03 – Sha Wujing
- Architecture
- No error if missing svn
- Extended ‘First’ thema
- Now reporting PHP native CIT, constants and functions
- Report
- Ambassador : php.ini suggestions includes disable_functions
- Analyzer
- New analysis : report typecasting for json_decode
- New analysis : report classes that could be final
- New analysis : simplify closure into callback
- New analysis : report inconsistent elseif conditions
- Upgraded analysis : Reduced false positive on Type/Default mismatch
- Upgraded analysis : Drop Else After Return uses elsif
- Upgraded analysis : Unused Private Property (rare)
- Checked unit tests : 2990 / 3004 test pass (99% pass)
- Tokenizer
- Removed extra Void after function definitions
- Fixed fullnspath with define()
Version 1.4.2
2018-08-27 – Zhu Bajie
- Architecture
- Fixed leftover bugs in the new DSL language
- Adopter Query in LoadFinal (first test)
- Extended support for clone type 1
- Report
- New Report : Weekly report
- Analyzer
- New analysis : report forgotten conflict in traits
- New analysis : undefined insteadof
- New analysis : undefined variable
- New analysis : report classes that must call parent::__construct
- Upgraded analysis : Inexistant Compact variable
- Upgraded analysis : Test class was refactored
- Checked unit tests : 2975 / 2989 test pass (99% pass)
- Tokenizer
- New atom : Staticmethod, for Insteadof (replacing ‘Staticconstant’)
- Added DEFINITION link for array(‘class’, ‘method’) structure
Version 1.4.1
2018-08-20 – Tang Sanzang
- Architecture
- Spined off Query for Gremlin, with Exakat DSL.
- Centralized ‘methods’ property in Analyzer class
- Extended MAX_LOOPING usage
- Analyzer
- Added new thema : Class Review
- Upgraded analysis : Defined Parent MP (less queries)
- Upgraded analysis : Less false positives
- Added support for PHP 7.2.9
- Checked unit tests : 2965 / 2980 test pass (99% pass).
- Tokenizer
- Fixed Edge case with Ternary and Boolean
- Added Staticpropertyname to distinguish from variables
- Added support for remote definitions to methods
- Removed global path for CIT (no fallback)
Version 1.4.0
2018-08-13 – Sun Wu Kong
- Architecture
- Chunked result inserts for Dump
- More support for PHP 7.4
- Report
- Ambassador : added new Appinfo for relaxed Heredoc, trailing comma…
- Analyzer
- New analysis : class can be abstract
- New analysis : trailing comma
- New analysis : relaxed heredoc
- New analysis : removed functions in PHP 7.3
- New analysis : continue versus break
- Upgraded analysis : Hardcoded passwords is extended to objects
- Checked unit tests : 2964 / 2979 test pass (99% pass).
- Tokenizer
- Measure definitions stats for classes.
- Added support for relaxed heredoc
- Added support for closure as a return value
- Refactored support for Ternary and Labels
Version 1.3.9
2018-08-06 – Du Ruhui
- Architecture
- Added support for PHP 7.4
- ‘Copy’ won’t update anymore
- Report
- Ambassador : fixed repeated ‘compatibility’ menu entry
- Analyzer
- New analysis : avoid __CLASS__ and get_called_class().
- New analysis : prepare for (real) deprecation
- New analysis : const / define preference
- New analysis : define case sensitivity preference
- New analysis : avoid defining assert() in namespaces
- Removed analysis : Variables/Arguments
- Checked unit tests : 2957 / 2971 test pass (99% pass).
- Tokenizer
- Removed Noscream – AT atom
- Added definition for class constants
- Fixed bug : can’t apply ~ to false
- Extended DEFINITION support to closure’s use and references
Version 1.3.8
2018-07-30 – Fang Xuanling
- Architecture
- ‘Copy’ won’t update code anymore.
- Analyzer
- Upgraded analysis : ‘should use operator’ only applies to constant chr() call
- Upgraded analysis : Useless Instructions is faster
- Checked unit tests : 2948 / 2962 test pass (99% pass).
- Tokenizer
- Added support for variable definitions in methods
Version 1.3.7
2018-07-16 – unnamed demon
- Architecture
- Fixed handling of multiple updates
- Report
- More documentations
- Analyzer
- New analysis : report usage of callback to process array
- New analysis : report usage of case insensitive constants
- Upgraded analysis : Hardcoded passwords is extended to objects
- Upgraded analysis : Go To Key Directly handles comparisons
- Added support for PHP 7.0.20
- Checked unit tests : 2948 / 2962 test pass (99% pass).
Version 1.3.6
2018-07-16 – Zhang Gongjin
- Architecture
- Added support for Rar archives
- Removed call to gremlin server at ‘status’ time
- Analyzer
- New analysis : support for msgpack extension
- New analysis : support for lzf extension
- Upgraded analysis : added missing function names in several extensions
- Checked unit tests : 2941 / 2955 test pass (99% pass).
Version 1.3.5
2018-07-09 – Gao Shilian
- Architecture
- Removed 4 unused exceptions
- Extracted Query from Analysis
- Report
- Reports : centralized all doc reading
- Reports : doc reading now parses sections (avoid overlap)
- Ambassador : Added exakat version and build to dashboard.
- Ambassador : Added Class Tree (All class hierarchies)
- Analyzer
- Fixed bug with ‘last’ and ‘2last’
- New analysis : Report undefined::class
- New analysis : Report returned assignations as useless
- New analysis : Split scalar typehint by versions
- Upgraded analysis : Extended Reuse Variable to instantiations
- Upgraded analysis : Masking parenthesis are only for referenced arguments
- Upgraded analysis : Wrong case doesn’t apply to parent/static/self
- Upgraded analysis : Locally Unused Properties are extended to traits
- Upgraded analysis : Should Preprocess is extended to concatenations
- Upgraded analysis : Array_key_fill exclude variables by default
- Upgraded analysis : Ambiguous static reports the whole property definition
- Checked unit tests : 2919 / 2944 test pass (99% pass).
- Tokenizer
- Added missing constants
- Fixed support for goto true;
- Fixed edge case for nested ternaries and boolean
- Moved Goto and Label to Name Atom
Version 1.3.4
2018-07-02 – Cheng Yaojin
- Architecture
- Added check when unarchiving tar.gz and tar.bz
- Added check for neo4j installation, (error grabing)
- Moved Upgrade to tmp folder
- Analyzer
- Parameters are actually defined in the class
- New analysis : ambiguous visibilities of properties
- New analysis : report usage of PHP 7.1+ hash algorithm
- New analysis : csprng (random_bytes and random_int)
- New analysis : ext/libeio
- New analysis : report incompatible signatures for methods
- Upgraded analysis : Unused Private Methods handles fluent interfaces
- Upgraded analysis : Defined Parent keyword
- Upgraded analysis : Recursion
- Refactored codeIs/codeIsNot
- Checked unit tests : 2908 / 2923 test pass (99% pass).
- Tokenizer
- Added support for ‘parent’ definitions
- Fixed element counts in concatenation
- Fixed operator priority in Strval
- Upgraded handling of undefined constants to string
Version 1.3.3
2018-06-25 – Ma Sanbao
- Architecture
- Better handling of fallback to global for functions
- Weekly code clean
- Refactored several analysis for speed
- Report
- Ambassador : fixed regression in the dashboard
- Fixed edge case with properties
- Analyzer
- New analysis : closure that can be static
- Upgraded analysis : empty function doesn’t count static or global
- Upgraded analysis : reported globals include $GLOBALS also
- Checked unit tests : 2881 / 2911 test pass (98% pass).
- Tokenizer
- Moved collection of functioncall to LoadFinal
- Added collection of interfaces and newcall
- Moved Declare to its own token
- Moved Property definitions to its own token
Version 1.3.1
2018-06-03 – Liu Hongji
- Architecture
- Cleaned code of unused classes and ;
- Fixed connexion script to the database
- Fixed check of php.log folder
- Report
- Ambassador : display correct compilation state
- Analyzer
- Upgraded analysis : used constant is also applied to defined()
- Upgraded analysis : used protected methods is case insensitive
- Upgraded analysis : Empty class omits extended classes
- Upgraded analysis : More sequences to SimplePreg
- Upgraded analysis : Throwable is not ‘unthrown’ anymore
- Removed analysis : Static CPM
- Checked unit tests : 2901 / 2914 test pass (99% pass).
- Tokenizer
- Upgraded support for ::class
Version 1.3.0
2018-06-03 – Xue Rengui
- Architecture
- Added support for Tinkergraph 3.3.3
- Handles situations where exakat has no database
- Check for PHP version at bootstrap
- Report
- Ambassador : Updated PHP recommendation report with PHP 7.3
- All : Variables don’t sport … nor & anymore
- Analyzer
- New analysis : Single Use Variable
- New analysis : Should Use Operator
- New analysis : Check JSON production
- New analysis : Report visibility usage with constants
- Upgraded analysis : used constant is also applied to defined()
- Upgraded analysis : used protected methods is case insensitive
- Upgraded analysis : used directives handle function version
- Upgraded analysis : added lcg_value for better rand
- Upgraded analysis : Use Nullable extended to methods, closures.
- Upgraded analysis : Fixed support for ‘_’ native function
- Checked unit tests : 2895 / 2907 test pass (99% pass).
Version 1.2.9
2018-05-28 – Wang Gui
- Architecture
- Removed query cache from gremlin
- Added pre-query check to prevent queries that have no chance of result
- Report
- Ambassador : first 50% of documentation fix : double quotes are not well displayed
- Ambassador : Results are ordered by files, then by lines
- Analyzer
- New analysis : Flexible Heredoc syntax
- New analysis : Non-compatible methods
- New analysis : Use the Blind Var
- New analysis : Inexistant Compact
- New analysis : Typehint / default value mismatch
- Upgraded analysis : strict_types are not recognized as undefined constant
- Upgraded analysis : More new methods for PHP 7.3
- Upgraded analysis : Dependant traits
- Upgraded analysis : Strpos comparison
- Upgraded analysis : Method Must Return
- Checked unit tests : 2885 / 2889 test pass (99% pass).
- Tokenizer
- Interface may have const, not traits (Loading)
- Added support for static call to methods
Version 1.2.8
2018-05-21 – Xu Jingzong
- Architecture
- Implemented a cache for speed boost.
- Refactored files finding method
- Git VCS always submit a user when cloning (using exakat by default)
- Moved custom themes from themas.ini to themes.ini
- Report
- Ambassador : fixed naming the audit
- Ambassador : added ‘Dead code’ section
- Doctor : split themes display (default/customs)
- Analyzer
- New analysis : Report what should be done in SQL
- New analysis : Typehinted reference
- New analysis : Strpos doing too much work
- New analysis : Can’t instantiate class
- Upgraded analysis : Don’t echo error
- Upgraded analysis : PPP Declaration style
- Upgraded analysis : Useless abstract class
- Upgraded analysis : Buried assignation doesn’t report declare anymore
- Upgraded analysis : Abstract methods are not reported as unused
- Upgraded analysis : relaxed version constraint for all Extensions/*
- Checked unit tests : 2852 / 2856 test pass (99% pass).
- Tokenizer
- Fixed handling of short_open_tags
- Fixed edge case with %
Version 1.2.7
2018-05-14 – Li Yuanji
- Architecture
- Extended status command to all VCS
- Added support for customized themes
- Added Upgrading section, List of parametrized analysis, revamped summary
- Simplified handling of commandline options
- Removed usage of JSON for ‘doctor’
- Report
- A lot more documentation, examples, links.
- Optimized type downloader
- Added report themes pre-requisites
- Analyzer
- New analysis : ext/cmark
- Upgraded analysis : too many children is configurable
- Upgraded analysis : error_reporting 0 and -1 are not reported as issues.
- Checked unit tests : 2835 / 2839 test pass (99% pass).
- Tokenizer
- Fixed bug where constant self referenced.
- Moved Identifiers to Names
- Added first definitions for members.
Version 1.2.6
2018-05-07 – Li Jiancheng
- Architecture
- Moved more classes to helpers
- Removed constants for Tokens
- Upgraded to Robo 1.2.3
- Report
- Added support for custom themas for reports.
- Analyzer
- New analysis : zookeeper
- New analysis : Report missing parenthesis
- New analysis : Report invalid interval checks
- New analysis : Suggest array_unique when possible
- New analysis : Report when callback needs a return
- New analysis : Reduce the number of if
- Updated Exception list, up to PHP 7.3
- Upgraded analysis : Printf Arguments
- Upgraded analysis : Count On Null
- Upgraded analysis : Regex on Collector
- Upgraded analysis : File Inclusion wrong case handles parenthesis
- Upgraded analysis : Make globals a property
- Upgraded analysis : Invalid regex
- Checked unit tests : 2814 / 2818 test pass (99% pass).
- Tokenizer
- Added definition links for staticmethodcalls.
- Added boolean and int values to __DIR__ and co.
- Removed several static properties
- Fixed precedence of instanceof
- Added support for Null val
Version 1.2.5
2018-04-30 – Li Yuan
- Architecture
- Added command ‘config’ to configure project from commandline
- Made Exakat reentrant
- Moved Configuration creation to external file
- Upgraded status when audit isn’t run yet
- Analyzer
- New analysis : Regex on Collector
- Upgraded analysis : Only Variable with reference argument
- Upgraded analysis : File Inclusion Wrong Case
- Upgraded analysis : Invalid Regex
- Added support for PHP 7.2.5, 7.1.17 and 7.0.30
- Checked unit tests : 2802 / 2809 test pass (99% pass).
- Tokenizer
- Fixed various bugs with constant scalar expression
Version 1.2.4
2018-04-23 – Li Chunfeng
- Architecture
- Now fail with explicit message for memory running out
- Report
- Ambassador : Updated ‘confusing variables’ report
- Analyzer
- Upgraded analysis : Could be short assignment
- Upgraded analysis : Could be static
- Upgraded analysis : Fail Substr Comparison (handles constants)
- Checked unit tests : 2796 / 2801 test pass (99% pass).
- Tokenizer
- Added propagation of constants when value can be processed
- Introduced ‘Parameter’ token, to differentiate with Variable
- Fixed syntax highlighting
- Fixed a bug with negative bitshift
Version 1.2.3
2018-04-16 – Yuan Tiangang
- Architecture
- New append for logs
- Report
- New report : Manual.
- Ambassador : Rewrote the export of ‘confusing variables’
- Analyzer
- New analysis : report strtr bad usage
- New analysis : don’t unset properties
- Upgraded analysis : Invalid Regex
- Upgraded analysis : Property Could Be Local
- Upgraded analysis : No Hardcoded path
- Upgraded analysis : echo/print preferences also report printf
- Removed analysis : Close Naming (now done at Report level)
- Checked unit tests : 2770 / 2786 test pass (99% pass).
- Tokenizer
- Removed double definition for functioncalls
Version 1.2.2
2018-04-09 – Yin Kaishan
- Architecture
- Cleaned doctor so it works even without requirements
- Fixed special chars with git URL
- Report
- Ambassador : new inventory with classes changes in heritage
- Ambassador : new inventory of large expressions
- Upgraded report : Defined Exceptions are cleaned of doubles
- Analyzer
- New analysis : report Redefined Private Properties
- New analysis : report substr() usage with strlen
- Upgraded analysis for Inclusion Wrong Case filenames
- Upgraded analysis : Cast To Boolean is extended to True/False
- Upgraded analysis : Omit negative lengths
- Upgraded analysis : interface search also include parameter counts
- Upgraded analysis : Failed Substr Comparison handles special chars
- Upgraded analysis : Identical consecutive omits arrays
- Checked unit tests : 2757 / 2775 test pass (99% pass).
Version 1.2.1
2018-04-02 – Fu Yi
- Architecture
- Fixed generation of analysis logs
- Fixed doctor, which wouldn’t diagnostic the absence of needed extensions
- Report
- More real-life examples in docs
- Analyzer
- New favorites : property declaration unique or multiples ?
- New analysis : $a = +$b;
- New analysis for Melis : Regex check and Route constraints
- Upgraded analysis : Constant used below
- Checked unit tests : 2760 / 2766 test pass (99% pass).
- Tokenizer
- Fixed counts in property declarations
- Fixed final new lines in heredoc/nowdoc
Version 1.2.0
2018-03-26 – Xiao Yu
- Architecture
- Upgraded concurrency with analysis
- Replaced $_SERVER[‘_’] by PHP_BINARY
- Removed old code (> 1.0.0)
- Adopted ‘stable’ version for progressbar
- Fixed loading with Bazaar
- Added support for Parametrized analysis
- Better initial configuration with doctor
- Report
- Ambassador : upgraded analyzer settings table
- Analyzer
- New analyzer : Report Private functions for WordPress
- New analyzer : Suggest simplifying chr(123);
- New analyzer : Too many native calls
- Updated analyzer : fallthrough are not reported with die
- New Theme : Random
- Collecting more stats for classes.
- Checked unit tests : 2758 / 2741 test pass (99% pass).
- Tokenizer
- Upgraded support for Heredoc
Version 1.1.9
2018-03-19 – Qin Qiong
- Architecture
- Better documentation for reports
- Adding Real Code examples to documentation
- Refactored Config reading
- Moved more VCS information to its own class
- Report
- Upgraded report : Ambassador reports the number of parameters in methods
- New report : favorites (spin-off from Ambassador)
- Upgraded report : Inventories also covers Dateformat, Regex, Sql, Url, Email, Unicode Blocks.
- Analyzer
- New analyzer : too many parameters
- New analyzer : report mass creation of arrays
- Checked unit tests : 2755 / 2738 test pass (99% pass).
Version 1.1.8
2018-03-12 – Yuchi Gong
- Architecture
- Reduced cache when running analysis
- Fixed order of analysis
- Report
- Ambassador : fixed faceted search problems
- Codacy : added codacy-style report
- Analyzer
- New analysis : support for IBM db2, leveldb
- New analysis : should use count’s second argument
- Upgraded analysis : Randomly sorted arrays
- Checked unit tests : 2749 / 2731 test pass (99% pass).
- Tokenizer
- Fixed edge case where die is an argument
- Fixed edge case where Yield returns a array
Version 1.1.7
2018-03-05 – Xu Maogong
- Architecture
- Removed most static in Analysis
- Report
- New format : All, that produces all reports
- Ambassador : new report estimates fitting PHP version
- Ambassador : report enable_dl in configuration
- Analyzer
- New analysis : report dynamic library loading
- New analysis : suggest array_fill_keys()
- New analysis : PHP 7.3 optional last argument
- New analysis : added support for xxtea, opencensus, varnish, uopz
- Upgraded BugFixes report to PHP 7.2.3
- Updated analysis : ext/cairo has new functions
- Updated analysis : PHP 7.3 new functions
- Removed analysis : NullCoalesce (double)
- Checked unit tests : 2743 / 2731 test pass (99% pass).
- Tokenizer
- Moved ‘constant’ to plugins
- Fixed bug when updating with HG
Version 1.1.6
2018-02-26 – Wei Zheng
- Architecture
- Created ‘First’, a recipe of initial analysis
- Prepared installation for compose
- Report
- Restored ‘INLINE’ results
- New reports : Stats
- Collect PHP native function cool
- Analyzer
- New analysis : report suggest compact instead of array
- New analysis : list with references (PHP 7.3+)
- New analysis : report situation where check is done on non-cast value
- New analysis : foreach( $array as $o -> $v) as error prone
- Handle cases where PHP regex are not compilable anyway
- Checked unit tests : 2732 / 2722 test pass (99% pass).
- Tokenizer
- Propagate constant concatenation values.
- Fixed calculation of intval
- Refactored Configuration readers
- Fixed bug when calculating __METHOD__
Version 1.1.5
2018-02-19 – Li Shimin
- Architecture
- Refactored all reports
- Removed outdated Devoops report
- Report
- Upgraded BugFixes report to PHP 7.2.2
- Ambassador : generates a list of confusing variables
- New report : OWASP
- Analyzer
- New analyzer : Use Math
- New analyzer : Extensions ext/hrtime
- New analyzer : Possible Infinite Loops
- Upgraded analyzer : addZero, Multiply by one supports new situations
- Upgraded analyzer : added microtime, uniqid .. to better rand.
- Checked unit tests : 2719 / 2724 test pass (99% pass).
- Tokenizer
- Fixed check on script compilation that was too strict.
- Fixed internal assert()
- Exported VCS to separate classes
- Refactored load with 3 separate plugins : intval, noDelimiter, booval
Version 1.1.4
2018-02-12 – The Great White Turle
- Architecture
- Build concatenation values in scalar constante expression.
- Upgraded export of file dependencies values
- Report
- Ambassador : fixed duration of audit.
- Composer : provides a full list of depend extensions
- Analyzer
- New analyzer : Report useless catch
- New analyzer : suggest using array_search / array_keys instead of foreach
- New analyzer : double array_flip is slow
- New analyzer : Suggest using cached values
- New analyzer : Functions that fallback to global namespace
- Upgraded analyzer : Encoded letters supports leading 0 in unicode codepoint
- Upgraded analyzer : Variable strange names now report 3 identical consecutive letters
- Upgraded analyzer : Upgraded support to __dir__
- Checked unit tests : 2716 / 2711 test pass (99% pass).
- Tokenizer
- Fixed definitions link for functions
Version 1.1.3
2018-02-05 – The fairy Su’e
- Report
- Fixed Ambassador : the favorites weren’t displayed.
- Analyzer
- New analyzer : Report useless references
- New analyzer : Melis configuration : Undefined configuration array
- New analyzer : Melis configuration : make string.
- Upgraded analyzer : Parent first
- Checked unit tests : 2700 / 2695 test pass (99% pass).
- Tokenizer
- Better handling of Labels.
- Fixed edge case where class and constants where mistaken one for the other
Version 1.1.2
2018-01-29 – Jade Rabbit Spirit
- Architecture
- Upgraded docs to tinkergraph 3.2.7
- Analyzer
- New analyzer : Report missing included files
- New analyzer : ZF3 : No Echo Outside a View.
- New analyzer : Local Global variable : report variable that looks global but are not
- Upgraded analyzer : Directive names are check with case sensitive analyzer
- Checked unit tests : 2687 / 2693 test pass (99% pass).
- Tokenizer
- Magic Constant hold their actual value
- Fixed Fullnspath for constants (case sensitive)
- Fixed edge case with exit and die
- Fixed edge case with exit and die and -1
Version 1.1.1
2018-01-22 – Wood Xie of Dipper
- Architecture
- Fixed path when calling exakat from outside its install folder
- First analyzer for Melis Framework
- Optimized dictionary collection
- Report
- Ambassador : upgraded graph for class sizes
- Analyzer
- New analyzer : report case problems with includes
- New analyzer : Melis framework
- New analyzer : inventory of view properties for Zend Framework
- New analyzer : report view files for Zend Framework
- Upgraded analyzer : + is accepted as regex delimiter
- Upgraded analyzer : same condition searches inside blocks
- Checked unit tests : 2665 / 2671 test pass (99% pass).
- Tokenizer
- Magic constants __DIR__ and __FILE__ get their actual value in noDelimiter
- Created Eval atom
- Removed ‘Name’ token for echo, print, die, exit.
- Upgraded handling of constant names inside strings
- Removed a bug when storing dictionary.
Version 1.1.0
2018-01-15 – Wood Dragon of Horn
- Architecture
- Replaced ‘code’ property with a dictionary
- Tokenizer
- Introduced ‘Magicmethod’ for Magic methods in class
- Fixed a bug when ‘ is in file path
- Fixed a bug when several raw HTML are in a PHP script.
Version 1.0.11
2018-01-08 – Wood Dragon of Well
- Architecture
- Added assertion for property name.
- Report
- Ambassador : Added report of classes’s size.
- Fixed missing audit end’s time.
- Analyzer
- New analyzer : Sqlite3 doesn’t escape ”
- Upgraded analyzer : Strange names also report qqqq sequences in variable names
- Checked unit tests : 2617 / 2657 test pass (99% pass).
- Tokenizer
- Fixed fullnspath handling for constants (case insensitive for the constant name)
Version 1.0.10
2018-01-01 – Wood Wolf of Legs
- Architecture
- Fixed Sqlite3 escaping error : use ‘, not “
- Report
- Analyzer
- Upgraded analyzer : ? is possible as delimiter
- Analyzer works better with nested structures
- Checked unit tests : 2601 / 2649 test pass (99% pass).
- Tokenizer
- First plugin for Load Task.
- Upgraded support for define-d constant.
- Introduced Phpvariable
- Fixed scoping with array index.
Version 1.0.9
2017-12-25 – King of Dust Protection
- Report
- Ambassador : list complex expressions.
- Dump : added function inventory
- Dump : added begin and end line for structures.
- Analyzer
- New analyzer : report reference error with Ternary operator
- New analyzer : report Undefined classes in WordPress.
- Upgraded analyzer : preg option E, tighter regex.
- Tokenizer
- Better handling of long path name. TBC.
- Introduced Parent, Static, Self, Exit, Echo, Print.
Version 1.0.8
2017-12-18 – King of Heat Protection
- Architecture
- Doctor reports memory_limit and JAVA_OPTIONS/JAVA_HOME
- Made database restart more portable
- Added spell checking on docs
- Report
- Ambassador : Regex inventory added
- Ambassador : Largest expressions reported
- Analyzer
- New analyzer : report identical operands on both sides of operator
- New analyzer : report potentially mistaken concatenation in array
- New analyzer : report mistaken scalar typehint
- New analyzer : report undefined classes by symfony version
- New analyzer : report undefined classes by wordpress version
- Upgraded analyzer : Interfaces are also reported from return typehint
- Upgraded analyzer : Mistaken concatenation got rid of various false-positives
- Checked unit tests : 2601 / 2633 test pass (99% pass).
- Tokenizer
- Isset, Empty, Phpvariables now have their own atom.
- Fixed edge case with $ token
- Fixed Constant fqn building
- UTF-8 protection for propertyname
Version 1.0.7
2017-12-11 – King of Heat Protection
- Architecture
- Added /var to default omitted folders
- Analyzer
- New analyzer : should use array_filter.
- New analyzer : ext/igbinary
- Checked unit tests : 2533 / 2599 test pass (97% pass).
- Tokenizer
- Fixed
Version 1.0.6
2017-12-04 – Fuli
- Architecture
- Refactored description
- Moved PHPsyntax to a function
- Analyzer
- New analyzer : Never used parameter.
- New analyzer : always use named boolean parameters
- Upgraded analyzer : unused arguments
- Checked unit tests : 2573 / 2585 test pass (99% pass).
- Tokenizer
- Added new token : This for $this
- Updated loader to handle PHP 7.3 functioncall syntax (final ,)
- Turned Markcallable into an independant analyzer
Version 1.0.5
2017-11-27 – King of Cold Protection
- Architecture
- Configured Exakat for Tinkergraph 3.3. Still unfinished.
- Documentation now has an external link to extensions.
- Report
- Ambassador : added more inventories : URL SQL, email, GET index, MD5, Mime
- Analyzer
- New analyzer : parent first
- New analyzer : Report uncommon Environnement Vars
- New analyzer : Report invalid Regex
- New analyzer : Report contatenation in Zend DB
- Fixed analyzer : Deprecated Functions
- Fixed analyzer : Unknown PCRE2 option
- Upgraded analyzer : hardcoded password
- Upgraded analyzer : array_merge in loops
- Upgraded analyzer : substr() first. Handle following expressions
- Refactored analyzer : Used Functions
- Refactored analyzer : Add Zero
- Checked unit tests : 2573 / 2585 test pass (99% pass).
- Tokenizer
- Fixed a bug that linked functions and definitions
Version 1.0.4
2017-11-20 – Boxiang Demon
- Architecture
- PhpExec, get only path to binary.
- Cleaned docs of double links
- Cleaned code
- Report
- Added libsodium, Argon2 to Crypto; DL() usage to PHP.
- Compatibility report only focuses on backward incompatibilities.
- New recipes will cover ‘suggestions for better code’. Coming up.
- Analyzer
- New analyzer : ” string is better than ‘ (sorry…)
- New analyzer : PHP 7.3’s PCRE 2
- New analyzer : report missing ‘new’ in front of class name.
- New analyzer : use is_object instead of is_resource for ext/hash
- New analyzer : report non-countable calls
- New analyzer : report DL usage in Appinfo
- New analyzer : slice first, then map arrays.
- New analyzer : Avoid 5th argument in PHP 7.2 for set_error_handler
- New analyzer : avoid null with get_class()
- New analyzer : suggest using list() with foreach instead of arrays
- New analyzer : avoid using $this as argument in constructor
- New analyzer : Report usage of ext/vips
- New inventory : GPC variables
- Updated analyzer : Use Class Operator doesn’t report methods names anymore
- Updated analyzer : Long argument size is raised to 60 chars
- Updated analyzer : ignore when missing break is in last case
- Updated analyzer : Use This ignores ‘self’.
- Updated analyzer : Randomly sorted Arrays ignores arrays of 3 or less.
- Updated analyzer : ext/mcrypt gets its constants
- Updated analyzer : more strange names being used in code
- Updated analyzer : more PHP 7.2 removed functions
- Checked unit tests : 2563 / 2572 test pass (99% pass).
- Tokenizer
- Reduced duplicated that may lead to loading error.
Version 1.0.3
2017-11-13 – Baize Demon
- Architecture
- Fixed driver Tinkergraph, which was not setting the right ids.
- Doctor now reports $JAVA_OPTIONS, in case one need to allocate more memory
- Doctor now reports token limit
- Moved config.ini creation to first phase of init.
- Fixed collect of error when init with git.
- Upgraded driver gremlin-php to 3.0.2
- Report
- Ambassador : Now reports the namespaces as a tree.
- New analyzer : report members that are static and not.
- Updated analyzis : normal method called statically.
- Analyzer
- Added support for Drupal, FuelPHP and Phalcon.
Version 1.0.2
2017-11-06 – Suanni Demon
- Architecture
- Better report of error messages from VCS.
- Updated support for Vagrant
- Report
- Ambassador : Fixed display for ‘Callback’
- Analyzer
- New analyzer : substr() first, then replace.
- New analyzer : report double prepare (WP).
- New analyzer : avoir the +1 month trap
- New analyzer : check for printf() options
- New analyzer : check for placeholder in prepare (WP)
- New analyzer : avoid direct injection into prepare (WP)
- New analyzer : performance recommendation for switch.
- New analyzer : merge if/if into if/then/else
- Checked unit tests : 2500 / 2536 test pass (99% pass).
Version 1.0.1
2017-10-30 – Xueshi Demon
- Architecture
- Created Result class for Graphdb results
- Docker image is updated with version 1.0.1
- Vagrant files are updated with version 1.0.1
- Preparing support for Gremlin 3.3.0
- Report
- Added support for PHP 7.1.11 and 7.0.25
- Analyzer
- New analyzer : could be else (for consecutive opposite if/then)
- Checked unit tests : 2517 / 2527 test pass (99% pass).
Version 1.0.0
2017-10-23 – Roushi Demon
- Architecture
- Tested on Gremlin 3.2.6. Checked Gremlin 3.3.0, but it needs more work.
- Upgraded doctor for installation and report.
- Upgraded docs to set gremlin-server as default install.
- Report
- Added support for Clang-style report.
- Ambassador : fixed link to exception Tree.
- Inventories : Date format,
- Audit names are reported in every Ambassador-style report.
- Analyzer
- Upgraded PHP directive list.
- Functions In For loop : prevent issue if the function uses a loop variable.
- Useless instruction : do not report return $i++ if $i is reference
- Useless instruction : Avoir reporting properties when they are magic
- New analyzer : mark properties to be magic.
- Upgraded list of PHP logins, to report hard coded passwords.
- Upgraded close naming : variables that differ with 1 chars are reported.
- Added assert(false…) to list of branching syntax.
- Checked unit tests : 2515 / 2525 test pass (99% pass).
Version 0.12.16
2017-10-16 – Tawny Lion Demon
- Report
- Beta version for Drill Instructor
- Upgraded Inventories report with Sessions, Cookies, Incoming variables
- Analyzer
- New analyzer : Expression too complex.
- New analyzer : Session Handler must implements SessionUpdateTimestampHandlerInterface
- New analyzer : is Zero : additions that negate some terms
- New analyzer : unconditional loops
- Upgraded Zend Framework review with latest versions (feed, http, eventmanager…)
- Upgraded ‘Strange names’ with new typos
- Upgraded ‘Logical to in_array’ to handle separated comparisons
- Checked unit tests : 2505 / 2515 test pass (99% pass).
- Tokenizer
- Fixed bug with Sign in Additions.
Version 0.12.15
2017-10-09 – Nine Headed Lion
- Architecture
- Server : now supports stop, start and restart.
- Every audit gets a random name, for easy differentiation
- Added support for PHP 7.3
- Report
- Ambassador : list of analyzers that report nothing : Good job!
- Slim report : fixed build
- Analyzer
- New analyzer : file upload names vulnerability check
- New analyzer : variable that may hold different types of date
- New analyzer : always anchor regex
- Checked unit tests : 2475 / 2480 test pass (99% pass).
Version 0.12.14
2017-10-02 – Grand Saint of Nine Spirits
- Architecture
- Support UTF-8 on Gremlin Server (other encoding are not)
- Better display of vcs updates
- Report
- Ambassador : added Security and Performances
- Ambassador : Upgraded exception presentation
- Analyzer
- New analyzer : report fallthrough in switch
- New analyzer : inventory regex
- Added support for PHP 7.1.10 and 7.0.24
Version 0.12.13
2017-09-25 – King of the Southern Hill
- Architecture
- Code cleaning
- Report
- Ambassador : changed display of the audit
- Analyzer
- Refactored several analyzer
Version 0.12.12
2017-09-18 – Ruler of the Kingdom of Miefa
- Report
- Ambassador : fixed collect of interfaces and trait names
- Analyzer
- New analyzer : ext/Parle
- New analyzer : help optimize pathinfo() usage
- New analyzer : catch array_values() usage with list and pathinfo()
- Updated analyzer : Don’t show error messages with catch->getMessage();
- Updated analyzer : No concat in loop handles $x = $c . $x;
- Checked unit tests : 2456 / 2461 test pass (99% pass).
- Tokenizer
- Added support for ‘, ” and > in file names. Still missing support for \
- Restaured fallback to global constants.
- Fixed special case :
Version 0.12.11
2017-09-11 – Half-Guanyin
- Architecture
- Added support options for branches and tags
- Added support for config in server mode
- Report
- Fixed methods dump for interfaces.
- Analyzer
- Added all analyzer to report could be private/protected for
- Tokenizer
- Fixed handling of ‘<' char in paths
Version 0.12.10
2017-09-04 – Golden Nosed Albino Rat Spirit
- Architecture
- Upgraded server version with config alteration features.
- New generated config-cache
- Report
- Fixed property names in Visibility report
- Analyzer
- Arrays/IsModified : arrays are not modified unless in a (unset)
- Tokenizer
- Fixed ‘constant’ for functioncalls
- Introduced ‘Name’ for Identifier without a fullnspath
- Added support for branches and tags in init
- Fixed edge case with $o->$$b
Version 0.12.9
2017-08-28 – Lady Earth Flow
- Architecture
- Creates config.cache, with cached calculated configs. Remove to update.
- Report
- GraphQL : Upgraded GraphQL report, with relationships.
- Analyzer
- New analyzer : suggest moving for() to foreach()
- New analyzer : shell_exec/exec/`backtick` favorite
- Update analyzer : Abstract Static is for PHP 7.0-
- Tokenizer
- Removed Arguments and ARGUMENTS.
- Finished ‘factory’ from Config.
- Better handling of long path names.
Version 0.12.8
2017-08-21 – ruler of the Kingdom of Biqiu
- Analyzer
- New analyzer : use foreach, not for()
- New analyzer : ext/fam, ext/rdkafka
- Tokenizer
- Fixed edge case where pathnames are too long on OSX.
Version 0.12.7
2017-08-14 – Old Man of the South Pole
- Architecture
- Fixed project_vcs when none is used.
- Analyzer
- Better documentation for in_array replacements and array_unique()
- Added support for PHP 7.1.8 and 7.0.22
Version 0.12.6
2017-08-07 – White Faced Vixen Spirit
- Analyzer
- New analyzer : no negative for strings before 7.1
- New analyzer : use in_array instead of ||
- Updated analyzer : preg_quote has no delimiter
- Tokenizer
- Fixed bug in handling real value for negative numbers
Version 0.12.5
2017-07-31 – White Deer Spirit
- Architecture
- Removed config singleton
- Report
- New report : simpletables (HTML)
- Analyzer
- New analyzer : report optional parameters
- New analyzer : report concat inside a loop
- Updated analyzer : Could Be Class Constant, when no visibility is provided.
Version 0.12.4
2017-07-24 – peacock Mahamayuri
- Architecture
- Optimized performances for large projects (over 2M tokens)
- Support Neo4j as a driver for Tinkgerpop
- Report
- Now covering all PHP 7.2 features
- Analyzer
- New analyzer : Extension xattr
- New analyzer : report ‘object’ as a class name
- New analyzer : No Array for magic property
- New analyzer : suggest reducing code for isset
- New favorite : and / &&
- Updated analyzer : fetch correct delimiter, even if escaped.
- Extended coverage for several analyzers
- Removed several nested-subqueries (bad for performances)
- Tokenizer
- Tinkergraph/Neo4j : reworked loading data from disk.
- Added protection for $ in filename
Version 0.12.3
2017-07-17 – Golden Winged Great Peng
- Architecture
- Prepared options for several back servers : Tinkergraph, Gremlin-Server/Neo4j, Janusgraph
- Report
- New report : Marmelab (GraphQL server)
- Analyzer
- New analyzer : Report when a property is used as object or scalar
- New analyzer : Mismatched Typehint
- New analyzer : Mismatched Default values
- Upgraded analyzer :
- Fixed a gremlin bug in noAtomInside
- Tokenizer
- Added support for trailing comma in group use (PHP 7.2)
- Fixed building of constants’ values
Version 0.12.2
2017-07-10 – Samantabhadra
- Architecture
- Added support for Tinkergraph as graph backend
- Report
- Ambassador : reports callback/closures, all 3 declares (ticks, encoding, strict_types)
- Ambassador : reports strict_types as favorite
- PlantUML : upgraded report
- Analyzer
- New analyzer : Mismatched ternary branches
- New analyzer : mkdir, by default, uses 777.
- New analyzer : ext/lapack
- Upgraded analyzer : option E for preg_match, refined results
- Checked unit tests : 2337 / 2366 test pass (99% pass).
- Tokenizer
- Added support for Instanceof and GROUPUSE with Nsname
Version 0.12.1
2017-07-03 – Yellow Toothed Elephant
- Architecture
- Refactored structures extractions in dump
- Report
- New report : PlantUML
- Ambassador : Appinfo now reports how popular is a feature
- Analyzer
- New analyzer : Const / Define() favorite for constants
- New analyzer : do not return in finally
- Upgraded analyzer : Add Zero was refactored
- Tokenizer
- Prepared list of tokens and relations
Version 0.12.0
2017-06-26 – Manjusri
- Architecture
- Added support for Janusgraph (Gremlin 3)
- Refactored dump’s data collection for speed.bb
- Report
- Added support for WordPress and Joomla as Frameworks
- Analyzer
- New analyzer : Avoid Optional properties
- New analyzer : Multiple declarations of functions
- New analyzer : Non breakable spaces in names
- New analyzer : Favorite Heredoc delimiter
- New analyzer : ext/swoole
- Tokenizer
- Modified several nodes/links names, for compatibility purposes
Version 0.11.8
2017-06-19 – Xiaozuanfeng
- Architecture
- Starte working on JanusGraph to add to Neo4j/Gremlin3
- Report
- Ambassador : reports Strings encoding and Unicode-block (when available)
- Ambassador : reports framework founds (first 6, more as we go).
- Ambassador : reports how frequently an analyzer yield results to compare with current situation
- Analyzer
- New analyzer : Classes where declaration order differs from : use, const, properties and methods.
- New analyzer : Could use interface (but implements is missing)
- New analyzer : Cant Inherit Abstract Method (PHP 7.2 upgrade)
- New analyzer : use session_start() options
- Updated analyzer : Dynamica method calls cover {} too
- Checked unit tests : 2305 / 2305 test pass (100% pass).
- Tokenizer
- Checked code on early PHP 7.2 version
Version 0.11.7
2017-06-12 – Long Armed Ape Monkey
- Report
- Ambassador : report detected patterns (2 firsts)
- None report : for when dump is sufficient
- Analyzer
- New analyzer : could factor functioncalls
- New analyzers : PSR-* usage
- New analyzers : support for Judy and Gender extensions
- Added thema for Compatibility PHP 7.3
- Added thema for Dependency Injection
- Tokenizer
- Fixed edge case where classes starting with ‘namespace’ where mistakenly processed
- Removed Block from CIT
Version 0.11.6
2017-06-05 – Red Bottomed Horse Monkey
- Architecture
- Removed singleton to Config. WIP
- Report
- Ambassador : reports usage of PSR 3,6,7,11,13,16.
- UML : report now protects file names
- Analyzer
- New analyzer : Ext stats
- New analyzer : report mixed concatenation / interpolation strings
- Updated analyzer : htmlentities actually uses combinaison, not alternatives,
- Updated analyzer : Close Tag consistency ignores __HALT_COMPILER files
Version 0.11.5
2017-05-30 – Intelligent Stone Monkey
- Report
- Ambassador : fixed visibility suggestion
- New report : Dependency wheel
- Analyzer
- New analyzer : avoid typehinting with classes
- New analyzer : implemented methods must be public
- New analyzer : no reference on left of assignement
- New analyzer : Could typehint with instanceof
- Updated analyzer : Useless parenthesis cover clone, yield, yield from.
- Updated analyzer : Make One Call also reports nested calls
- Tokenizer
- Split functions and closures,
- Split classes and anonymous classes
- Split variable with definitions (Property, Static and Global)
- File count is always reported (even 0)
Version 0.11.4
2017-05-22 – Six Eared Macaque
- Architecture
- Results : returns now multiple results at once
- Report
- New report : codeflower
- Ambassador : report usage of Debug functions, browscap
- Ambassador : omits 0 in donuts
- Ambassador : faceted search for compatiblity
- Analyzer
- New analyzer : report functions whose return is not used
- New analyzer : only variable can be passed by reference
- Added limits to all in-depth searches
- Checked unit tests : 2216 / 2216 test pass (100% pass).
- Tokenizer
- Fixed edge case, where return is finished by a close tag
- Split Variables into Variables, Objects and Arrays.
Version 0.11.3
2017-05-15 – Sun Deity of Mao
- Architecture
- Speed up batch processing for lists of analyzers
- Split data collection from the initial dump.
- Report
- Ambassador : Upgraded presentation of issues, and internals links.
- Analyzer
- New analyzer : Sphinx extension
- New analyzer : GRPC extension
- New analyzer : reports arrays that are randomly sorted.
- New analyzer : report multiple catch clauses
- Updated analyzer : direct injections include all SERVER_* values
- Upgrade for PHP 7.1.15 and 7.0.19
- Tokenizer
- Split Functioncall into Functioncall, MethocallCall and Newcall.
- Added support for ‘namespace’ in any full name.
Version 0.11.2
2017-05-08 – Scorpion Demon
- Architecture
- Code cleaning, and more stability
- Analyzer
- New analyzer : Report preference between != and <>
- New analyzer : report empty regex and wrong delimiters
- Added protection for $ in RegexDelimiters
Version 0.11.1
2017-05-01 – Ruler of Women’s Country
- Architecture
- Fixed handling for large list of data in gremlin queries
- Handles static in anonymous classes correctly
- Report
- Reports handle traits like class.
- Analyzer
- New analyzer : ends arrays with , or not (favorite)
- New analyzer : suspicious comparison
- New analyzer : strange spaces in strings
- Tokenizer
- Arrays are now Arrayliteral, split from Functioncall
Version 0.11.0
2017-04-24 – Immortal Ruyi
- Architecture
- Removed prepared statements from loops in dump
- made Gremlin cache compatible with 32bits platforms
- Report
- Ambassador : first work on upgrading visibilities for properties.
- Analyzer
- New analyzer : could use str_repeat()
- New analyzer : Crc32() Might Be Negative
- Update analyzer : Queries in loop reports cubrid and sqlsrv, prepared statements.
- Update analyzer : type mismatch for indices works on constants too.
- Update analyzer : Loop calling covers less ground
- Tokenizer
- Split function and method entities for differentiated processing
Version 0.10.9
2017-04-17 – Single Horned Rhinoceros King
- Architecture
- File extensions are processed before include/ignore dirs.
- Reduced number of DEFINITION links, leading to less processing.
- Added several assertion() in the code
- Added assertions report in doctor (better leave them out with phar)
- Report
- Added support for PHP 7.0.18 and 7.1.4
- Ambassador : better layout for favorites
- Zend Framework : 8 new components supported
- Zend Framework : now supports zendframework/zendframework too
- Zend Framework : report unused components
- Analyzer
- New analyzer : report nested Use expressions
- New analyzer : report repeated regex (to be federated)
- New analyzer : report code that output directly to std
- Updated analyzer : Should use this now omits overwritten methods
- New analyzer : report overwritten methods
- Upgraded analyzer : 2123 / 2123 test pass (100% pass)
Version 0.10.8
2017-04-10 – King of Spiritual Touch
- Report
- Slim report : list of routes used.
- Analyzer
- New analyzer : report Group Use Declaration (PHP 7.0+)
- Zend Framework : 30 components are now covered.
- Slim : No echo in route callable and Inventory of routes.
- PHP : list of new PHP 7.2 functions.
- Tokenizer
- Sped up loading time by 10%.
- Added support for PHP6 binary string : $a = u’b’;
Version 0.10.7
2017-04-03 – Immortal of Antelope Power
- Report
- Ambassador : fixed composer report.
- Added report for Composer (beta phase)
- Added report for Slim framework.
- Analyzer
- Added support for Slim versions.
- Added 10 new components for Zend Framework 3
- Tokenizer
- Fixed support for $ in file names.
Version 0.10.6
2017-03-27 – Immortal of Elk Power
- Architecture
- Major speed up of loading and analyzer
- Fixed themes configuration.
- Report
- Ambassador : report cookies usage, infinite and NAN usage
- Zend Framework : Report incompatibilites component/version for ZF3
- Analyzer
- Upgraded analyzer : 1941 / 1941 test pass (100.00% pass)
- New analyzer : Zend Framework 3 Deprecated
- New analyzer : Zend cache, view, db.
- New analyzer : Report missing type tests.
- New analyzer : suggest setcookie() with safe arguments
- New analyzer : Do not cast to Int
- New analyzer : CakePHP classes compatibilities from 2.5 to 3.3
- Upgraded analyzer : instanceof doesn’t report traits anymore
- Upgraded analyzer : mb_ereg has options in the 4th arguments
- Upgraded analyzer : more strange names
- Tokenizer
- Reviewed most of the load processing.
- Reduced the number of ‘fullnspath’ properties.
Version 0.10.5
2017-03-13 – Immortal of Tiger Power
- Architecture
- Collect graph size in dump.sqlite
- Collect memory usage in dump.sqlite
- Now uses the calling PHP version to run all parts of exakat (no config)
- Doctor report the ran gremlin version.
- Report
- Ported the Zend Framework report to ambassador
- Added regex delimiter in favorites.
- Ambassador : syntax coloring
- Analyzer
- New analyzer : could be typehinted ‘callable’
- New analyzer : encoded letters in strings for security
- New analyzer : report arguments that may be callable
- New analyzer : report strangely named variables
- New analyzer : report strangely named constants
- New analyzer : too many FindsBy*() methods
- Updated analyzer : Useless Instructions doesn’t report array_merge(_recursive) with one argument
- Updated analyzer : array_replace handles …
- Updated analyzer : 7.2 deprecation with assert()
- Generalized usage of commons for CIT
- Added first 4 set of analyzer for Zend Framework 3
- Added support for dynamic new $a[i];
- Tokenizer
- Fixed fullnspath with new on functioncall
- Reduced the number of fullnspath loaded
- Added support for ‘s'() as functioncall
- Fixed case where file names has ‘ ‘ in it
Version 0.10.4
2017-03-06 – Dragon King of the West Sea
- Architecture
- Ignore some classic files by default (README, LICENSE…)
- Report
- Ambassador : protection of HTML values
- PHPcompilation : fixed export to stdout
- Analyzer
- New analyzer : report useless else branches
- New analyzer : should regenerate session Id, for PHP and Zend Framework
- Added support for Extension Data structures (ext/ds)
- Upgraded analyzer : Hardcoded Hash
- Speed up analyzer for extensions
- Tokenizer
- Fixed edge case where a constant was used inside a ternary operator
- Fixed processing of labels
Version 0.10.3
2017-02-27 – Dragon King of the Jing River
- Architecture
- Added URL glossary to Manual.
- Extended CS ruleset
- Use exakat/exakat as user/login for git.
- New helper to rename analyzers
- Project command now accept -P/-T to run one analyzer/Thema directly
- Report
- New report style : Codesniffer
- Analyzer
- New analyzer : suggest usage for array_column()
- New analyzer : __DIR__ must be concatenated with a string starting with ‘/’
- New analyzer : report usage of parent, self and static outside a class/trait
- New analyzer : report properties used only in one method
- New analyzer : report properties used only once at all
- New analyzer : multiple aliases per class
- Updated analyzer : Fopen() mode support ‘e’ option (7.1.2 + )
- Updated analyzer : Make One Call covers str_replace, substr_replace, preg_replace*
- Updated analyzer : Unused arguments : now ignores arguments from interface or parent
- Tokenizer
- Removed double DEFINITION link. Faster loading, less processing.
- Fixed an edge case when function name is boolean or null.
- Cleaned atom and tokens names
- Fixed edge case when object is instantiated in a ternary
Version 0.10.2
2017-02-20 – Water Lizard Dragon
- Architecture
- Report
- Text format now understand -T, -P to extract only some of the results.
- Fixed dump of extends.
- Analyzer
- Added support for PHP 7.1.2 and PHP 7.0.16
- New analyzer : report forgotten ‘throw’ keyword.
- New analyzer : report class / function confusing name
- Added support for libsodium
- Upgraded PHP Relaxed Keyword : Ignore properties.
- Upgraded analyzer : 1824 / 1826 test pass (99.9% pass)
- Tokenizer
- Fixed a bug that mistakes native PHP classes for functions
- Fixed rare situation with grouped const/function.
Version 0.10.1
2017-02-13 – King of Wuji Kingdom
- Architecture
- Report SVN revision when updating or not.
- Default reports are in config.
- Configure now supports include_dirs, to include files.
- Project name is now noted in datastore.
- Inventories is a default themas; PHP Compatibility < 5.6 are not default anymore.
- Documentation
- Fixed outgoing links
- Better coverage of PHP functions
- Report
- Added ‘Inventories’ report : reports all names and literals
- Ambassador : Added list of included files, Yield From and classes stats
- Analyzer
- New Analyzer : Strange Names For Methods (Classes/StrangeName)
- New Analyzer : SQL queries (Type/Sql)
- New Analyzer : Avoid Non WordPress Globals (WordPress/AvoidOtherGlobals)
- Upgraded analyzer : Should be single quote, escape sequences refined.
- Upgraded analyzer : Should Preprocess now support determinist PHP functions
- Upgraded analyzer : 1817 / 1824 test pass (99.6% pass)
- Tokenizer
- Fixed LOC counting.
- Fixed edge case when closure is directly use as argument
- Fixed double inventories for Use’s Definitions
Version 0.10.0
2017-02-06 – Azure Lion
- Architecture
- Replacement of booleans with constants (WIP)
- Removed PHPloc (merged features into load)
- Added coding standard for Code Sniffer (ruleset.xml)
- PHP version used default to running script version
- Now reading Token Constants from the binaries
- Doctor reports project configuration if -p is used
- Report
- Analyzer
- New Analyzer : No Boolean As Default
- New Analyzer : Raised Access Level
- New Analyzer : Recommend Wpdb->prepare when variables are in query
- Directive suggestion now include error_log
- Upgraded analyzer : UselessParenthesis also checks Typehint
- Upgraded analyzer : 1804 / 1811 test pass (99.6% pass)
- Tokenizer
- Reinforced detection of parsable PHP script
- Fixed Files command : it now cleans data before running
- Removed warning about memory
- Index creation made lighter
Version 0.9.9
2017/01/30 – Pilanpo Bodhisattva
- Architecture
- Moving true/false to constants
- Report
- Ambassador : Added ‘Compilation’ and Version compatibility reports.
- Prepared collection of dependencies in dump
- Analyzer
- New Thema : Compatibility PHP 7.2
- New analyzer : Deprecated Features of PHP 7.2
- New analyzer : Removed Function for PHP 7.2
- New preference : New Line Style
- Upgraded analyzer : 1781 / 1802 test pass (98.9% pass)
Version 0.9.8
2017-01-23 – Multiple Eyed Creature
- Architecture
- Moved ‘Truthy/Falsy’ as ‘boolean’ characteristics
- Updated Gremlin3 interface to handle Groovy maps
- Added default name when creating project
- Report
- Added checks on merged table at Dump stage
- Added support for PHP 7.1.1 and 7.0.15
- Analyzer
- New analyzer : variables assigned twice or more
- New preference : new x() / new x;
- Upgraded analyzer : 1785 / 1794 test pass (99.5% pass)
- Fixed Interface usage : missing interfaces extends interfaces
- Added extra check for Functioncalls
- Tokenizer
- Added support for instanceof + several names
Version 0.9.7
2017-01-16 – Hundred Eyed Demon Lord
- Architecture
- Fixed constant names for tokens in Load
- Changed duplication check to dedup(). Cleaned analyzer for duplicates.
- Speed but for large projects. Work in Progress.
- Reduced usage of static properties
- Better detection of PHP scripts during project
- Report
- Fixed generation of inventories when no target is provided
- Analyzer
- New analyzer : Could Be Protected Property (not a public)
- New analyzer : avoid large literal arrays in local variables.
- New analyzer : report long arguments.
- Removed analyzer : Structures/EchoArguments (double with Echo With Concat)
- Tokenizer
- Fixed list of constants for PHP 7.1
Version 0.9.6
2017-01-09 – Spider Demons
- Architecture
- Added support for report/analyzer theme list in config (exakat and project)
- Better cleaning of projects
- Doctor : Initialisation with themes/reports; Reports executable being used.
- Added a log for gremlin Queries
- Rebuild the server command
- Added ‘catalog’ command
- Report
- Split Phpconfiguration into eponymous and Phpcompilation
- Analyzer
- New analyzer : avoid Glob, use scandir without sorting.
- New analyzer : always configure ext/sqlite3 FetchRow()
- New analyzer : no string with append
- Removed analyzer : Structures/ForeachSourcesNotVariable
- Upgraded Analyzer ‘Should Import Functions’
- Upgraded analyzer : 1764 / 1773 test pass (99.5% pass).
- Tokenizer
- Added ‘aliased’ property to nodes.
Version 0.9.5
2017-01-04 – Immortal Ziyang
- Architecture
- Better check of PHP version
- Report
- Ambassador : report analyzer settings
- PHP Compilations : supports all extensions
- New report : Inventories
- Analyzer
- New analyzer : Don’t Use Fallback to Global space
- New analyzer : MongoDB (ext/mongo version 3)
- New analyzer : zbarcode
- Bug : Fixed intval for octals in Arrays/MultipleIdenticalKeys
- Removed analyzer : Php/InconsistantClosingTag (double)
- Tokenizer
- Ranking arguments, not functioncall
Version 0.9.4
2016-12-19 – Lady of Jinsheng Palace
- Architecture
- Rewrote the concurrence check (removed needs for ext/sem)
- Results are never double anymore
- Upgraded gremlin calls, to handle \n
- Dump cleans the previous values before dumping
- Excluded namespaces classes when searching for external libraries
- Report
- Ambassador : extension usage, inventories, global lists, stats, PHP Compilation directives
- Covers more compilation directives (Not finished)
- Analyzer
- New analyzer : Final by Ocramius
- Upgraded : Comparison with == : added curl_exec
- Upgraded : isset with constant (mistake on properties as arrays)
- Upgraded : Avoid using now uses full NS path
- Upgraded : Useless instructions handles for() correctly
- Upgraded : Recursive, IsGenerator and Loop Calling includes yield from
- Upgraded analyzer : 1741 / 1750 test pass (99.5% pass).
Version 0.9.3
2016-12-12 – Purple-Gold Bells
- Architecture
- Lots of cleaned code
- Harmonized data for extensions
- Stop ‘project’ if no code is available
- Now using stub in phar.
- Report
- Added directives, bugfixes, external services and
- Added support for PHP 7.0.14 and 5.6.29
- Analyzer
- New analyzer : WordPress, recommend prepare()
- More favorite reports : final ?> and unset()/(unset)
- Reduced number of double reports for many analyzer
- Update : Fixed analyzer with $THIS
- Upgrade : report useless casting of comparisons
- Update : Should use this takes into account parent::
Version 0.9.2
2016-12-05 – Golden Haired Hou
- Architecture
- First version of Exakat for docker (beta)
- Added a waiting loop in cleandb
- Docs include a list of new analyzers per version
- Report
- Added 2 first inventories, Appinfo() in Ambassador
- Favorites now reports global/$GLOBALS
- Restore composer.lock report
- Upgraded uselessReturn for the final return.
- Analyzer
- New analyzers for Newt, Nsapi,
- New analyzer : __ in methods names
- New analyzer : Too many local variables
- New analyzer : Avoid array_push()
- Upgraded ext/apache coverage
Version 0.9.1
2016-11-28 – Sai Tai Sui
- Architecture
- Docker supported in exakat/config.ini for PHP binaries.
- Added exakatSince in analyzers documentation
- Added some missing tokens in anonymize command
- Report
- Added several new analyzers for PHP 7.1
- Analyzer
- new analyzer : find methods that could return Void
- new analyzer : find malformed octal sequence in strings
- new analyzer : spot rethrown exception
- new analyzer : reach the last element
- new analyzers : find undefined Zend Framework classes (2.0 to 3.0)
- Upgraded analyzer : 1706 / 1714 test pass (99.5% pass).
- Tokenizer
- Fixed handling references (some were missing)
- Fixed handling of ellipsis (some were missing)
Version 0.9.0
2016-11-21 – Python Demon
- Architecture
- Project now include ‘Preference’ analyzer
- Dump is now incremental (-u option), and doesn’t need to be run in paralell
- Added new hashAnalyzer table, to handle generic results from analyzers.
- Added project name in the graph.
- New command ‘status’ to report the current status of exakat
- Report
- Ambassador includes ‘Preferences’ section and new menu system
- Upgraded progressbar to display project processing
- Analyzer
- New analyzer : Early Bail Out (with if/then)
- New analyzer : PHP 7.1 backward incompatibilities with microseconds
- New analyzer : WordPress : recommend using WP api, not PHP.
- Upgraded ‘Constant condition’ to include do..while()
- Upgraded ‘Useless Abstract’ to include methodless classes
- Upgraded analyzer : 1687 / 1697 test pass (99% pass).
- Tokenizer
- Added ‘Array’ to list of determinist functions (more constants are spotted)
- Fixed ‘Name’ for Array Short Syntax.
- Fixed variadic support
Version 0.8.9
2016-11-14 – Yellow Brows Great King
- Architecture
- Fixed and document -tgz and -zip option of init
- Removed progress folder
- Made MagicNumber a parallel task in Project.
- Turned some die into assertion()
- .phar doesn’t report any PHP errors.
- Checked compilation with PHP 5.3->7.2
- Report
- Removed Faceted report
- Added Bugfixes for PHP 7.0.13, 5.6.28 and PHP 7.2
- Added ‘One variable string’ to Radwell report
- Analyzer
- New analyzer : Object Calisthenics #1, #4
- New analyzer : check that properties are all set at constructor time.
- New analyzer : spot useless checks
- Updated UndefinedParentMP to take PHP ext classes into account
- Upgraded ‘array_merge in loops’ with file_put_contents
- Upgraded ‘useless parenthesis’ with math operations
- Upgraded analyzer : 1666 / 1682 test pass (99% pass).
- Added debug Query method to analyzer
- Tokenizer
- Fixed Files to compile first, then count tokens
- Find Ext Lib handle UT classes better
- Added limit to ‘code’ before loading into database. There is a 2M limit.
- Fixed edge case with nested foreach()
- Fixed segmentation fault when getting tokens from a script with wrong encoding
Version 0.8.8
2016-11-07 – Apricot Immortal
- Architecture
- Added concurency test to avoid running several instance at the same time
- Report error when it happens with git clone
- Added UT classes to external libraries
- Dump is now hidden until finished.
- Better detection of java and composer (Thanks Julien)
- Report
- New report : Radwell
- New report : PhpConfiguration helping with configure and php.ini
- Ambassador : Fixed dashboard values
- Analyzer
- New analyzer : time() vs strtotime(‘now’)
- New analyzer : useless casting
- New analyzer : No Isset() with Empty()
- New analyzer : don’t echo errors
- New analyzer : ext/rar
- New analyzer : use Class::class when possible
- Added array_key_exists() to slow functions list.
- Upgraded UpperCaseKeywords to handle partial uppercase
- Added reported directives for ext/filter
- Upgraded ‘Variables used once’ to exclude $this and arguments
- Upgraded Unreachable Code with break/continue;
- Multiple Identical Keys now handles null, boolean, real.
- Upgraded analyzer : 1652 / 1668 test pass (99% pass).
- Tokenizer
- Now spots \true, \false, \null as Boolean and Null
- Removed ‘xargs too many arguments’ error on Linux
Version 0.8.7
2016-10-31 – Naked Demon
- Architecture
- Upgraded Boolean and Integer to report results without storing them in graph
- Analyzer
- New analyzer : modernizable empty() calls
- New analyzer : recommend Positive conditions
- New analyzer : drop else after return
- Upgraded analyzer : unreacheable code handles if/then with returns.
- Added tests for Boolean and Null
- More not Hashes dict.
- Upgraded analyzer : 1637 / 1650 test pass (99% pass).
- Tokenizer
- Fixed line number of =
- Fixed token on arguments
Version 0.8.6
2016-10-24 – Fuyun Sou
- Architecture
- New command to ping a queue
- More documentation
- Report
- Ambassador report sped up multiple times
- Text, Json and XML all report only analyzers (not the dependencies)
- Analyzer
- New analyzer : suggest ternary instead of Ifthen
- New analyzer : check for returned value usage
- Added support for PHP 7.0.12 and 5.6.27
- Added more bugs fixing from extensions
- Fixed analyzer for Zend Framework 1
- Ignore $this in variable used once
- Fixed report with unlimited arguments functions
- Overwritten literals : Ignore assignations in for()
- Upgraded old PHP 5.* analyzer to Gremlin 3
- Upgraded analyzer : 1639 / 1645 test pass (99% pass).
- Tokenizer
- Fixed precedence between require and .
- Better fullcode for =
Version 0.8.5
2016-10-17 – Naked Demon
- Architecture
- Moved all classes under Exakat folder for clean hierarchy
- Report
- Ambassador : restored line number in display
- Analyzer
- New analyzer, check for substr() comparisons with literals
- New analyzer, suggest boolean cast, instead of Ternary.
- New analyzer, spot 3 levels of if/then
- Upgraded ‘hardcoded password’, for kadm5 and hash_* functions
- Upgraded ‘external libs’, with Zend Framework
- Upgraded analyzer : 1625 / 1638 test pass (99% pass).
Version 0.8.4
2016-10-10 – Lingkongzi
- Architecture
- Moved Tasks into Exkat\Tasks
- Fixed findExternalLibs
- Report
- Ambassador report got good annex, fixed settings and faceted search
- Omit clearPHP if not present in docs
- Analyzer
- New analyzer : detect multiple identical traits/interface in CIT
- New analyzer : suggest creating aliases to reduce code
- New analyzer : spot aliases that may be reused again
- New analyzer : hidden use, that are not at the beginning of the code
- Upgraded analyzer : 1607 / 1618 test pass (99% pass).
- More documentations to many analyzers
- HasMagicProperty report all magic methods
- Upgraded ‘Useless Parenthesis’ with more situations
- Upgraded ‘Unchecked resources’ with 2 more situations
- Fixed several analyzers when using Boolean and Null as a class
- Fixed analyzerIsNot with arrays
- Removed include-like from undefined functions
- Arrays/AmbiguousKeys : Extended to arrays calls
- Tokenizer
- Fixed edge case with return ?>
- Fixed path for reporting
Version 0.8.3
2016-10-03 – Guzhi Gong
- Architecture
- Created temp folder .exakat in projects_dir
- Removed mentions of float, only using Real
- Moved Config to Exakat\Config
- More examples in docs
- Report
- Added settings and files to Ambassador
- Analyzer
- New analyzer for dependant Traits
- Added new Theme ‘Cakephp’ with 6 analyzers for migration
- New values for Not-a-hash
- Unresolved Catch now takes Throwable into account
- Tokenizer
- Fixed edge case where return is used inside if/then without {} nor value.
- Fixed ‘code’ and ‘token’ for ?: and ()
Version 0.8.2
2016-09-26 – Jinjie Shiba Gong
- Architecture
- More examples in docs
- Fixed ‘file’ in results
- Report
- Added more media for Ambassador
- Analyzer
- New analyzer for count/strlen compared to 0
- Upgraded analyzer : 1563 / 1579 test pass (99% pass).
- Backported all 4 WordPress analyzer (wpdb, nonce usage)
- Added new WordPress analyzer : variable escaping in templates
- Tokenizer
- Fixed = so it is handled like echo
Version 0.8.1
2016-09-19 – Babo’erben
- Architecture
- Added main Try/Catch
- Report
- Added ‘Ambassador’ report.
- Analyzer
- Upgraded analyzer : 1540 / 1561 test pass (99% pass).
- More documentation (examples, glossary)
- Added a list of stopwords for No Hardcoded Hash
- Upgraded analyzer ‘No Hardcoded Path’ with protocols and glob with wildcards
- Upgraded analyzer ‘No Hardcoded Hash’ with stopwords
- Added new Analyzer for portability : spot common Linux files
- Added new Analyzer : use system temp dir, not hardcoded one
- New analyzer that spot unused protected methods
- Added Time-to-fix and severity to all analyzers
- Tokenizer
- Fixed edge case with if/then and try/catch
- Synchronized constants in Tokens/Consts*.php
- Added support for PHP 7.2
Version 0.8.0
2016-09-12 – Benbo’erba
- Architecture
- More examples in the docs
- Better find root in export
- Report
- Prepared code for new report style
- Analyzer
- New analyzer : no throw in __destruct
- New analyzer : spot empty blocks in control structures
- Update : Check parse_str and mb_parse_str()
- Upgraded analyzer : 1524 / 1540 test pass (99% pass).
- Tokenizer
- Fixed representation of [] and [index] with static properties
Version 0.7.10
2016-09-05 – Nine Headed Bug
- Architecture
- Added optional dependency to mbstring in Doctor
- Analyzer
- Added analyzer for PHP 7.1 features
- Upgraded analyzer : 1377 / 1510 test pass (91% pass).
- Tokenizer
- Removed parasit ‘void’ added in sequences.
- Raised export max depth to 15.
- Fixed FQN for new without parenthesis
- Fixed support for PHP 5.5/5.6.
- Added support for iterable
- Checked support for extensions and ignore dirs
Version 0.7.9
2016-08-29 – Wansheng Princess
fallback FQN in functions, link constant to definitions.
- Architecture
- Added several features at Loading time : mark global variables in $GLOBALS,
- Analyzer
- Added analyzer for impossible comparisons (count($a) < or >= 0)
- Added analyzer for PHP 7.1 : removed directives, added functions
- Upgraded analyzer : 1485 / 1522 test pass (97.5% pass).
- Tokenizer
- Fixed edge case with = $v;
- Fixed priorities between include and .
- Better support of trait in classes
Version 0.7.8
2016-08-22 – Wansheng Dragon King
- Architecture
- Prepared databases for PHP 7.2
- Analyzer
- Reports that preg_match results are not checked
- Report List short syntax usage.
- Upgraded analyzer : 1224 / 1493 test pass.
- Tokenizer
Version 0.7.7
2016-08-17 – Water Repelling Golden Crystal Beast
- Analyzer
- Upgraded Bug database to handle PHP 7.0.10, 5.6.24 and 5.5.38
Version 0.7.5
2016-07-19 – Jade Faced Princess
- Architecture
- Added ‘anonymize’ command, that anonymize files and projects
- Analyzer
- new analyzer : recommend preg_replace_callback_array() when there are several call to preg_replace_callback_array()
- Upgraded analyzer : 1103 / 1464 test pass.
- Tokenizer
- Lots of fixes for stability : tested on 28M tokens
Version 0.7.4
2016-07-12 – Great Sage Who Pacifies Heaven
- Architecture
- Entirely rewrote the ‘Tokenizer’ part
- Upgraded database schema
- Analyzer
- Upgraded analyzer : 1027 / 1461 test pass.
- Tokenizer
- Entirely rewrote the ‘Tokenizer’ part
- 1851 UT pass correctly (extra 51)
Version 0.6.7
2016-05-30 – Red boy
- Report
- Added List With Keys in Appinfo()
- Added by-reference functions mention
- Now reporting good visibility/static for __callstatic
- Added bug info for PHP 7.0.7, 5.5.36, 5.6.21
- Analyzer
- New : recommend instanceof over is_object()
- Fixed several ignored limitations, due to case : $phpversion
- Tokenizer
- Fixed ‘originclass’ in namespaced use
Version 0.6.6
2016-05-23 – Princess Iron Fan
- Report
- New report, suggest disable_functions directive value.
- Added support for memcached directives
- Analyzer
- New analyzer : spot throw without new
- New analyzer : suggest adding 2nd parameter to unserialize in PHP 7.0+
- New analyzer : spot successive if/then with the same condition
- Added support for zendoptimizer and suhosin extensions
- PHP7 indirect expression : added support for {} in properties
- Tokenizer
- Raised cycle count, to speed up building AST for large projects
Version 0.6.5
2016-05-16 – Great Sage Who Pacifies Heaven
- Analyzer
- New analyzer : spot globals that may be turned into property
- New analyzer : check that ZF1 classes are well located
- Upgraded ‘dangling foreach reference’ to support key=>value
- Better support for PHP 7 indirect expression
- More directives for xdebug
- Eval Without Try is PHP 7 only
- No Choice analyzer is now case insensitive
- Tokenizer
- Added support for keys in list() (PHP 7.1)
- Added support for constant visibility (PHP 7.2)
- Added support for Multi catch : catch(A|B $e) (PHP 7.1)
- Fixed bug with + and instanceof
- Fixed precedence between :: and ??
Version 0.6.4
2016-05-09 – Bull Demon King
- Architecture
- Externalized the list of recognized libraries to Json
- Added ‘WordPress’ and ‘Coding convention’ as Recipes
- Report
- Initial report for Zend Framework. Still prototyping.
- Analyzer
- Accelerated analyzer for Implicit GLobals variables
- New analyze : Indirect Injections (Security)
- New analyze : Should Use Coalesce (code upgrade)
- New analyze : Suggest dirname(__FILE__) => __DIR__
- Added ‘str_rot13’ as unsafe ‘crypto’
- Properties without default can’t be redefined
- Added Yield and Yield From as structures without parenthesis needs
- Double Assignation, unless 2nd call is a functioncall (less false positives)
Version 0.6.3
2016-05-02 – Jade Faced Princess
- Architecture
- Removed several useless pieces of code (self analyzer)
- Added documentation for WordPress Recipes
- Lengthened Cycle for tokenizer
- Report
- Added bugfixes for PHP 7.0.6, 5.6.21, 5.5.35.
- Now reporting token counts per files
- Analyzer
- New analyzer : Spot variable that holds $_GET, $_POST, $_REQUEST or $_COOKIE values (internal)
- New analyzer : Report variables that are overwritten by themselves
- New analyzer : Report useless switch (empty, 1 case only)
- Upgraded NoChoice to handle larger sequences
- Upgraded Useless Global to handle global $x / $GLOBALS[‘x’] situations
- New analyzer : WordPress Recipe : Unverified Nonce, Best Usage for $wpdb
- New analyzer : Void for PHP 7.1
- Tokenizer
- Fixed but with Typehint
- Added phppowerpoint class in external libraries
Version 0.6.2
2016-04-25 – Long Armed Ape Monkey
- Architecture
- Fixed phar detection (based on ext/phar)
- Cleaned code with myself
- Report
- New report format : clustergrammer
- Analyzer
- New analyzer : same conditions in If / Then
- New analyzer : spot dead code in catch expressions
- Static loops now exclude methods usage
- Indirect variable expression are stricter
- preg_* Option e has better support for delimiters
- Upgraded Direct Injection in case of concatenation
- Detect Ellipsis when counting arguments
- Could use short assignation : avoid $a += $a + 3;
- Tokenizer
- Sped up Typehint detection
- No indexing for T_STRING in properties
- Reduced errors from token_get_all()
Version 0.6.1
2016-04-18 – Red Bottomed Horse Monkey
- Architecture
- Prepared to support PHP 7.1
- Fixed bug in user / passwords when initing the project
- Better support for ::class when searching for libraries
- Analyzer
- UselessParenthesis : spot nested parenthesis
- Spot exceptions that are thrown but uncaught by the current code
- Support for ext/lua,
- New : Check catch order in try/catch
- Better identification of Composer classes, based on composer.json
- Now spot interfaces in use declarations (less undefined interfaces)
- Tokenizer
- Added support for PHP 7.1
- key => value in list() calls
- visibility for constants in Classes and Interfaces
- Accelerated up Typehint support
Version 0.6.0
2016-04-11 – Intelligent Stone Monkey
Hardcoded hashes
- Architecture
- Fixed a bug in Find external libraries
- Applied fixed based on new analyzers’s audit
- Fixed a bug that prevented results to be prepared for report (Thanks Philippe G.)
- Report
- Now reports reason for excluding a file from analyzer
- Analyzer
- New analyzers : Logical Mistake (first version),
- Upgrade List with appends with variable name
- Upgrade /e option detection
- Fixed detection of unused use, with long namespaces.
- Added finfo to ext/finfo
- Finds exceptions that are reserved for later throwing
- Exclude anonymous classes from Already Defined Interface
- Tokenizer
- Extended cycle number to speed up tokenizer.
- Better escaping of file names
Version 0.5.9
2016-04-04 – Six Eared Macaque
- Architecture
- One progressbar per Recipe during project analyzer
- report’s documentation
- Upgraded ‘External Lib’ to ignore Composer folders.
- Fixed a bug about interpreting tokens
- Dump collects classes, interfaces, traits definitions
- Now storing project name in database for future use
- Removed PHP configuration modifications (error_reporting, display_errors)
- Report
- Added ‘Uml’ report : hierarchy report
- Now reports Pear Usage
- Upgraded Bugfix database for 7.0.5, 5.6.20 and 5.5.34
- Report Yield (from) usage
- New external configuration files : bazar, github, docker, openshift
- Analyzer
- Added detection for undefined classes in ZF (1.8 to 1.12)
- New : report undefined Traits
- Added support for parent/grandparent when checking argument numbers
- Added support for V8js
- Tokenizer
- Fixed bug in fullnspath for use within trait or class
- It is possible to reach a property on an array append
- Fixed AST between PHP 5 and 7 for globals
- Simplified ++ analyzers
Version 0.5.8
2016-03-28 – Sun Deity of Mao
- Architecture
- Moved to self::, instead of static::.
- First UT for command line
- Sped up phploc. Prepare code for finite states, in Tasks.
- Prepare for Gremlin3 (moved gremlin calls to class)
- Reduced shell_exec usage
- Report
- Fixed display bugs in Devoops report
- Removed double analyzer
- ‘Wrong number of arguments’ now supports constructors
- Analyzer
- Upgraded ‘No Hardcoded IP’ to handle constants, spot domains
- Added support for TokyoTyrant
- New analyzer : spot simple regex, and suggest strpos
- Excluded “$a[b]” from undefined constants
- Tokenizer
- Fixed bug with nested call to echo.
- Fixed bug where concatenation ends on a ‘AS’ keyword
- Added support of Constants in Foreach
- Fixed multiple bugs in Grouped Use
- Support for function as ‘class’ in static calls
- Comparison accepts powers
- Added support for empty array short syntax in sequence
- Support constant with visibility
- Parenthesis may be the base for Arrays
Version 0.5.7
2016-03-21 – Scorpion Demon
- Architecture
- Added support for folders in UT, for tests that requires several files
- Improved compatibility with PHPunit
- Moving gremlin_query() to Gremlin2 class
- Doctor also reports for phar
- Improved adaptation to PHP and Exakt in server mode
- Autoload shouldn’t die
- Fixed case when calling Phpexec
- Upgraded status presentation in server mode
- Report
- More details for Global Variable list
- Analyzer
- Now spotting class when it is inside a string
- Check for $this outside a trait/class
- Check for ternary/concatenation precedence
- Spot classes that attempt to extend final
- Spot set_exception_handler() that may need rework
- Refined array_merge analyzer, in case of nested loops
- Tokenizer
- Yield [from] may be inside an array
- Refactored for/foreach tokens
- Added support for a ‘Project’ node
Version 0.5.6
2016-03-14 – Ruler of Women’s Country
- Architecture
- Fixed some backward compatibility with PHP 5.4
- Started revamping ‘Status’ command
- Centralized all tokenizations to PhpExec class
- Removed usage of __DIR__ and __FILE__
- Analyzer
- Spot usage of empty() that can’t work on PHP 5.4
- Suggest using random_int instead of rand
- Upgraded ‘No Array_merge in loops’ with array_merge_recursive
- Added support for scalar type hint in Undefined Classes
- New analyzer : Better rand()
- Tokenizer
- Instanceof has lower precedence than comparison
Version 0.5.5
2016-03-07 – Immortal Ruyi
- Architecture
- Added default values for all neo4j_* configs
- Report
- Added support for bugfixes in 7.0.4, 5.6.19 and 5.5.33
- Added support for bugfixes in 7.1.0-dev
- Analyzer
- Added support for Typehint in Undeclared Classes
- Extended ‘Multiple Classes in One File’ to interfaces and traits
- Added analyzers for truthy and falsy
- Spot interfaces implemented by parents (Thanks PHP Inspect)
- Report usage for unsafe Curl options
- Tokenizer
- Fixed emptyString inside a Heredoc
- Fixed bug where Sign has lower priority than Power
Version 0.5.4
2016-02-29 – Nezha
- Architecture
- Removed some shell_exec() to help with portability
- Clean command now rebuilds an empty datastore
- Check the availability of php binaries before using
- Produce report in a hidden folder, then push it
- Report
- Report the list of bug fixes that apply to code
- Analyzer
- Help using preg_match_all options
- Tokenizer
- Fixed a bug with reference and instanceof
Version 0.5.3
2016-02-22 – Li Jing
- Architecture
- More UT
- Supports symlinks for neo4j’s folder
- Supports symlinks for ‘code’ folder in projects
- Added upgrade command to check for exakat’s available versions and upgrade
- Analyzer
- Spot CLI scripts
- Undefined Interfaces avoids self, parent, static
- Fixed bug in spotting undefined Interface
- Variable Used Once in a method are not arguments
- Added support for all structures in Double Assignation
Version 0.5.2
2016-02-15 – Single Horned Rhinoceros King
- Analyzer
- Fixed functioncall detection with ’empty’
- Refined ‘Buried assignation’ analyzer
- Fixed a bug when using definitions (class, trait, interface, functions…)
- Better support for case-insensitive constants
- Tokenizer
- Fixed bug in use statement
- Now spots PHP code in files without extension
- Upgraded support for grouped Use statement
- namespace may be a valid nsname part
- Fixed bracket reports in do…while
Version 0.5.1
2016-02-08 – King of Spiritual Touch
- Architecture
- Added test in UT to skip incompilable sources
- Stabilized tokenizer’s UT (partial)
- Report
- HTML protection in Devoops format
- No display of negative stats
- Added support for directives : wincache, xcache, apc, opcache
- Added support for eaccelerator and openssl
- Analyzer
- New analyzer : Spot unknown PHP directive names
- Fixed Constants/MultipleDefinedConstants
- Better detection of functioncalls (with List)
- Better spotting of ini_set arguments
- Unreachable code now finds die and exit
- ObjectReference won’t report references on scalar types
- Revamped ‘pregOptionE’ analyzer
- Cleaned code with too many arguments
- Removed useless print
- Better report of eval() usage
- Revamped ‘Dynamic code’ report
- Fixed bug in Case/Default that are empty
- Avoided sequences of sequences in Case/Default
- Fixed Detection of classes’ usage with extension
- Tokenizer
- Fixed bracket detection on While and DoWhile
- Detect void in DoWhile
- Removed useless T_DIE token
- Fixed fullcode processing for anonymous classes
Version 0.5.0
2016-02-01 – Immortal of Antelope Power
- Architecture
- Added support for HTTP API, through ‘server’ command.
- Analyzer
- Fopen modes checked
- Redefined default, in class’s properties
- Tokenizer
- Fixed situation where echo and print used parenthesis (they don’t)
- Fixed rare but with instanceof and concatenation
- Fixed support of integers in Gremlin
- Fixed bug in addslashes and and $ protection order
- Made Assignations more robust (no un-processed tokens)
- Reduced the number of shell_exec usage => speed up
- Finished support for relaxed keyword support in classes (PHP 7)
Version 0.4.6
2016-01-25 – Immortal of Elk Power
- Architecture
- New installation script with Vagrant and Ansible (Thanks Alexis!)
- Updated documentation
- Added a command to remove a project
- Report
- Devoops reports has case-insensitive menu sort
- Analyzer
- Spot redefined properties, classes and methods.
- Spot properties that may be turned private
- Fixed special case in Wrong Number Of Arguments
- Fixed ‘OnePage’ analyzer
- Tokenizer
- Finished support for relaxed keywords in classes
- Sped up tokenizer by keeping counts of tokens in datastore
- Fixed detection of CakePHP
- Fixed special case with Labels
- Fixed rare case with die() within ternary operator
Version 0.4.5
2016-01-18 – Immortal of Tiger Power
- Architecture
- Upgraded documentation
- Default command is ‘help’
- Report
- Better version for FacetedJson report
- Analyzer
- New analyzer that spots wrong type of argument in PHP internal functions
- Fixed Isset With Constant for PHP 7
- Fixed a bug that limited query size during analyzer (good for bigger projects)
- Include variadic (…) to Variable Argument Number
- Tokenizer
- Fixed a bug that blocked tokenizer when a analyzed script generated parse errors.
- Added support for bazar, svn.
- Fixed a bug in Nsnames at Loading time.
Version 0.4.4
2016-01-11 – Crown Prince Mo’ang
- Architecture
- Reviewed OnePage analyzer
- Dump as now an option to select Recipes
- Dump forces line to be integer
- Added a task to update a project’s code (git only ATM)
- Report
- Better check when opening database for report (more to come)
- FacetedJson (and Json) report ignore non-unicode lines
- Added ‘search’ box to facetedJson
- Analyzer
- Switch To Switch suggestions
- Unused arguments patch for arguments used in methods
- Unused properties doesn’t mistake function static variable
- Tokenizer
- All Nsnames are now build at Loading time
- Constants may be calld ‘const’
- More relaxed syntax for methods (exit, include, eval…)
- Foreach may use coalesce
- Fixed an edge case with Closures in functioncall
Version 0.4.3
2015-01-04 – Tuolong
- Architecture
- Copyright year bump
- Doctor reports memory_limit and php version consistency
- Switched to rmDirRecursive
- Report
- Removed old style reporting system
- Analyzer
- Fixed fileupload and filesystem directives reports
- Added report of Environnement variable usage
- Added iconv_set_encoding to the list of directive usage
- Extension analyzes now takes into account namespaces and traits
- Analyzers all have severity and time to fix
- Tokenizer
Version 0.4.2
2015-12-22 – Red Boy
- Architecture
- Published documentation on http://exakat.readthedocs.org
- First version of the faceted report (-format Faceted)
- Report
- First version of the faceted report (-format Faceted)
- Fixed Dump that actually finishes after some time
- Analyzer
- Spot unused arguments
- Fixed notInInterface() filter
- Upgraded HtmlEntitiesCall
Version 0.4.1
2015-12-14 – Azure Lion
- Architecture
- Rebuild the report system, for speed and versatility.
- Report
- Available format : JSON, Sqlite, XML, Text and HTML (Devoops).
- Rules are now part of the documentation.
- Analyzer
- Upgraded ‘Buried assignations’
- Locally Unused also spots properties without visibility (but with definition)
- Could be class constant, if the property is used at least once
- Better detection of files that are Definitions only (fix at Namespace calls)
- ++ is now correctly reported as isRead and isWritten in Arguments
- Closure’s use($x) are now reported in both context (calling and called)
- Removed usage of ‘back’ method, that is blocking at high token counts
- Tokenizer
- Fixed support for {} and {$ } inside strings
- Fixed bug with Typehint, that prevented compilation
- Fixed several (rare) edge cases with Sign and Staticproperties.
- Fixed detection of closing tags
Version 0.4.0
2015-12-07 – Lion Lynx Demon
- Architecture
- Made PHP 7.0 the default (moved to 0.4.0)
- Ran unit tests on PHPunit 5.1
- Added a background tasks to build report. Will allow for progressive report.
- Report
- Rewrote the report from scratch. Should be finished next iteration.
- New report is working for XML and Text report.
- Analyzer
- Added support for ext/pecl_http
- Added several classic folders as ignored by default (change this in config.ini)
- Create a check for functioncall (and not methods)
- Spots join(”, file())
- Safely ignoring some dynamic calls in undefined functions (Thanks Marc Delisle)
- Removed ArrayAppend from double assignation
- Tokenizer
- Fixed a bug when class was auto-referenced.
- Fixed detecting Static properties when they are also arrays.
- Fixed fatal errors for mal-formed octals
Version 0.3.12
2015-11-30 – Nine Tailed Vixen
- Architecture
- ProgressBar is now displayed during Analyze phase.
- Report
- Report list of error messages used in the library
- Analyzer
- Omit eval with hardcoded strings
- Exclude some index from _SERVER from the report (they are safe)
- Exclude php://* files as hard coded path
- Report usage of timestamp to calculate duration
- Spots unused traits
- Fixed support for big integers
- Tokenizer
- First support for relaxed keywords in classes. More to come.
- Checked UT on PHP 7 (Soon to become default version)
- Fixed version detection in Tokenizer
- Fixed fullnspath in Use expression;
Version 0.3.11
2015-11-16 – Hu A’qi
- Architecture
- Report external services files that may be in the repository
- Report
- Report nested dirname calls (may be changed in PHP 7)
- Analyzer
- Better spotting of static loops
- Don’t confuse $globals and $GLOBALS
- Tokenizer
- Rewrote support for As in classes.
- Fixed arguments that were indexed as Void
- Trimmed code
Version 0.3.10
2015-11-09 – Silver Horned King
- Architecture
- Centralized call to cypher.
- Report
- Sped up several analyzes
- Analyzer
- Fixed naming bug with reflexion
- Support class name in arrays, short syntax
- Report Relay Functions
- More PHP 7 incompatibilities reports
- Tokenizer
- Support for 7.1 compilation (dev only)
- Added cakephp to external libraries
- Fixed parsing bug with static (as property definition)
- Fixed ‘count’ in sequences from Function
- Rewrote Argument detection (when there is no parenthesis)
Version 0.3.9
2015-11-02 up – Golden Horned King
- Architecture
- Cleaned code with Exakat
- Analyzer
- Refined report about double assignation
- Fixed argument counting in Function Definition
- Better support of array in Locally Used Properties
- Updated Composer database
- Tokenizer
- Fixed a bug that ignored Blocks
- Fixed a rare bug with echo and the following arguments
Version 0.3.8
2015-10-26 – Baihuaxiu
- Architecture
- Cleaned too many display (they go to log now), leaving commandline empty (or -v)
- A lot more PHP 7 incompatibilities spotted
- Report
- Added the list of global variables in the projects (if any)
- Fixed reports for PHP 5.2 (they were ignored)
- Analyzer
- Better handling of composer in unresolved classes
- Spot setlocale with string (PHP 7)
- Spot string unpacking (PHP 7)
- Upgraded static method call, to avoid classes of the same family
- Report eval without try/catch
- Report preg_replace with /e
- Fixed report for empty list()
- Spot hexadecimal in strings
- Report usort (and co) as incompatibilities between PHP 7 and 5
- Tokenizer
- Fixed edge case with Sign and namespaced function
- Added xajax, adodb and gacl as common library
- Fixed arguments in short array syntax
- Fixed case where [3] was spotted inside a string
Version 0.3.7
2015-10-19 – Yellow Robe Demon
- Architecture
- Added and reviewed many UT. More stability.
- Report
- Fixed the report of the actual version of PHP being used.
- Non-run analyzer are not marked with a stethoscope
- Report now report closures and not the containing method
- Removed some dashboard that would generate empty links
- Analyzer
- Better spot of blocks inside Alternative syntax
- Speed up method spotting
- Fixed properties which were mistaken with deep definitions
- Tokenizer
- Fixed fullcode for Typehint
- Removed Ppp and moved it to Visibility
Version 0.3.6
2015-10-12 – White Bone Demon
- Architecture
- Large speed up at Parsing stage, for large projects
- Added git informations in Doctor
- Tokenizer
- Changed processing for Arguments.
- Support for more PHP 7 features, including Use Grouping,
- Fixed support for ~
- Simplified ::class handling
Version 0.3.5
2015-10-06 – Mingyue
- Architecture
- Reported usage of array constants, improving backward compatibility
- Checked running on PHP 7
- Report
- Added Definition annex
- Fixed ‘version incompatible’ report that was mistaken with ‘no result’
- List all directives being modified in the code
- List more directives that should be set for production.
- Analyzer
- Reworked the Themes about compatibility.
- Added many tests for PHP 7.0 compatibility
- Sped up UsedMethod analyzer
- Added support for PHP 7 feature : Unicode Escape Sequences, New functions/classes/interfaces, Removed Functions,
- Tokenizer
- Changed processing for Empty PHP code
- Support Variable Indirection for both PHP 5 and 7 (depends on exec version)
- Avoid ignoring all code when finding External Libraries
- Fixed edge cases with declare() when it is conditional.
- Support for PHP 7’s f()()()
Version 0.3.4
2015-09-28 up – Qingfeng
- Architecture
- Added token_limit configuration to avoid running too large project (default is 1 000 000)
- Several new tools for internal consistency check.
- Removed support for neo-contrib’s gremlin plugin
- Report
- Report libraries that were found and ignored
- Analyzer
- Sped up queries that required previous analyzers or multiples atoms
- Spot global keywords inside loops (perf)
- Better spotting of Composer classes
- Report double assignations
- Tokenizer
- Added support for Anonymous classes (PHP 7)
- Fixed namespace manipulations (They weren’t lower case)
- Mark constants as fail back globals or local to the namespace
- Support Null Coalesce operator (PHP 7)
- Fixed rare case for empty strings and noDelimiter
Version 0.3.3
2015-09-21 – Immortal Zhenyuan
- Architecture
- Removed some shell stderr that leaked to the main script
- Report
- Added the list of used analyzers
- favicon is now used in the report (Devoops)
- Fixed count report for Else
- Fixed directive reports for trader, bcmath and ldap.
- Analyzer
- Rebuild the composer database
- Fixed htmlentities analyze
- Spot usage of ‘substr($s, $p, +/- 1)’ and recommend ‘$s[$p]’
- Tokenizer
- Fixed Multiplication with instantiation
Version 0.3.2
2015-09-14 – Tiger Vanguard
- Report
- Added link back from analyzers to its themes.
- Analyzer
- Useless Returns are now Trait compatible
- Optimized Composer validation
- Removed IsKnownVendor analyze (replaced by Composer)
- Spot inconsistent concatenations (“$a b”.$c)
- Tokenizer
- Fixed situation where forgotten white spaces didn’t have a file
- Removed DELETE and S_STRING index
- Fixed compatibility with Debian (shell commands)
- Added UT for and / && precedence versus =
- Fixed identification of empty instructions (Functions / Closure have different behaviors)
Version 0.3.1
2015-09-03 – Yellow Wind Demon
- Architecture
- Removed usage of Everyman dependencies
- Added support for Neo4j Authentication
- Added a JobQueue
- Cleaned code with exakat itself
- Report
- Added Dump to SQLITE format for custom manipulations of the results
- Added new collection of rules for Calesthenics (dev)
- Updated composer database
- Now reporting found Composer.
- Analyzer
- Fixed Compilation spotting
- Tokenizer
- Fixed an edge case with Sign, when used in a concatenation
Version 0.3.0
2015-Aug-25 – Lingxuzi
This is a important release, with some noticeable changes.
- Architecture
- Moved to Thinkaurelius’s gremlin plug-in, Neo4j 2.2.4 and Java 8.
- Report
- Added a view by File
- Added sorting for results (by file and by analyze)
- Analyzer
- Spot functions whose results should be checked before they are used
- Spot breaks/continue out of a loop
- Exports all the results in a dump.sqlite file
- Tokenizer
- Fixed a minor bug with ::class (messed up the {} counts)
- removed dependency to Everyman’s Neo4j classes.
- Added a step that removes big and identifiable libraries in PHP (such as tcpdf, jpgraph, etc..)
Version 0.2.5
2015-Aug-17 – Scholar in a White Robe
This is a maintenance release, with improved ease of use.
- Report
- List the files that are ignored in the annex
- Analyzer
- Updated Knowledge Database for memcache, aliases, zlib, standard
- Added more directives to Review
- Added support for xhprof
- Tokenizer
- Fixed bug with Else (Not-alternative)
- Fixed Sequence creation with If-Then
- Yield may be assigned
- Removed one Tokenizer’s operation (filterOut2)
- Fixed priorities with Concatenation, Multiplication, Additions
- Process Echo and Print separately
- Automatically removes common bundled libraries to reduce app size
Version 0.2.4
2015-06-22 – Black Wind Demon
This is a maintenance release, with improved ease of use and new analyzes.
- Analyzer
- Rebuild the composer database
- Lots of new extensions supported : ev, libevent, event, php-ast, wikidiff2, proctitle, inotify, ibase, amqp, geoip, output buffering,
- Report errors when non-variables are returned by reference
- Marked more analyzes for PHP 7
- Fixed Unpreprocess structures with split
- Upgraded spotting for useless parenthesis
- Added a check ++$i vs $i++;
- Exclude abstract methods from Variables Used Once
- Added new directives
- Also check for ASP Tags
- Tokenizer
- Fixed the fullpath for functions when they are not defined in the code
- Upgraded support for Return Type (PHP 7.0+)
- error_reporting with -1 is OK
- Fixed a precedence problem with & and &&
- Refactored Ifthen token to support return type
- Added a kill command when cleaning Database
Version 0.2.3
2015-06-22 – Techu Shi
This is a maintenance release, with improved ease of use.
- Analyzer
- Report usage of Return Typehint, and Scalar Typehint
- Report usage of classes that used to return null on new
- Report useless abstract classes
- Tokenizer
- Upgraded ‘init’ command, to handle various VCS
- Added support for Return Typehint
Version 0.2.2
2015-06-16 – Xiong Shangjun
This is a maintenance release, with vastly improved speed
- Analyzer
- Now spots short assignations
- More UselessInstructions spotted
- Ignore Unset as modified values in loops
- Tokenizer
- Added support for PHP7 new tokens (T_SPACESHIP, T_COALESCE, T_YIELD_FROM)
- Split loading into more .csv files for lighter and more robust queries
- Better support for arrays [1,2,3] as functioncall (just like array())
- Process tokens by batches of 800
- Clean vertex at each queries, not Sequence
Version 0.2.1
2015-06-02 – General Yin
This is a maintenance release
- Analyzer
- sizeOf may have 2 arguments
- 2 clearPHP link added in documentation
- Tokenizer
- Fixed bug with Bitshift and Addition
- Fixed bug with Sequence when merging sequences
- Fixed bug with String and Addition
- Fixed Visibility in Use instruction
- Foreach accepts Constants as Source
- Fixed special case for nested IfThen
Version 0.2.0
2015-05-15 – Demon of Confusion
- First version