Exakat changelog

This is the Exakat Changelog, up to version 0.12.3.

 

Version 0.12.3

2017-07-17 – Golden Winged Great Peng

• Architecture
  • Prepared options for several back servers : Tinkergraph, Gremlin-Server/Neo4j, Janusgraph

• Report
  • New report : Marmelab (GraphQL server)

• Analyzer
  • New analyzer : Report when a property is used as object or scalar
  • New analyzer : Mismatched Typehint
  • New analyzer : Mismatched Default values
  • Upgraded analysis :
  • Fixed a gremlin bug in noAtomInside

• Tokenizer
  • Added support for trailing comma in group use (PHP 7.2)
  • Fixed building of constants’ values

Version 0.12.2

2017-07-10 – Samantabhadra

• Architecture
  • Added support for Tinkergraph as graph backend

• Report
  • Ambassador : reports callback/closures, all 3 declares (ticks, encoding, strict_types)
  • Ambassador : reports strict_types as favorite
  • PlantUML : upgraded report

• Analyzer
  • New analyzer : Mismatched ternary branches
  • New analyzer : mkdir, by default, uses 777.
  • New analyzer : ext/lapack
  • Upgraded analysis : option E for preg_match, refined results
  • Checked unit tests : 2337 / 2366 test pass (99% pass).

• Tokenizer
  • Added support for Instanceof and GROUPUSE with Nsname

Version 0.12.1

2017-07-03 – Yellow Toothed Elephant

• Architecture
  • Refactored structures extractions in dump

• Report
  • New report : PlantUML
  • Ambassador : Appinfo now reports how popular is a feature

• Analyzer
  • New analysis : Const / Define() favorite for constants
  • New analysis : do not return in finally
  • Upgraded analysis : Add Zero was refactored

• Tokenizer
  • Prepared list of tokens and relations

Version 0.12.0

2017-06-26 – Manjusri

• Architecture
  • Added support for Janusgraph (Gremlin 3)
  • Refactored dump’s data collection for speed.bb

• Report
  • Added support for WordPress and Joomla as Frameworks

• Analyzer
  • New analyzer : Avoid Optional properties
  • New analyzer : Multiple declarations of functions
  • New analyzer : Non breakable spaces in names
  • New analyzer : Favorite Heredoc delimiter
  • New analyzer : ext/swoole

• Tokenizer
  • Modified several nodes/links names, for compatibility purposes

Version 0.11.8

2017-06-19 – Xiaozuanfeng

• Architecture
  • Starte working on JanusGraph to add to Neo4j/Gremlin3

• Report
  • Ambassador : reports Strings encoding and Unicode-block (when available)
  • Ambassador : reports framework founds (first 6, more as we go).
  • Ambassador : reports how frequently an analysis yield results to compare with current situation

• Analyzer
  • New analyzer : Classes where declaration order differs from : use, const, properties and methods.
  • New analyzer : Could use interface (but implements is missing)
  • New analyzer : Cant Inherit Abstract Method (PHP 7.2 upgrade)
  • New analyzer : use session_start() options
  • Updated analyzer : Dynamica method calls cover {} too
  • Checked unit tests : 2305 / 2305 test pass (100% pass).

• Tokenizer
  • Checked code on early PHP 7.2 version

Version 0.11.7

2017-06-12 – Long Armed Ape Monkey

• Report
  • Ambassador : report detected patterns (2 firsts)
  • None report : for when dump is sufficient

• Analyzer
  • New analyzer : could factor functioncalls
  • New analyzers : PSR-* usage
  • New analyzers : support for Judy and Gender extensions
  • Added thema for Compatibility PHP 7.3
  • Added thema for Dependency Injection

• Tokenizer
  • Fixed edge case where classes starting with ‘namespace’ where mistakenly processed
  • Removed Block from CIT

Version 0.11.6

2017-06-05 – Red Bottomed Horse Monkey

• Architecture
  • Removed singleton to Config. WIP

• Report
  • Ambassador : reports usage of PSR 3,6,7,11,13,16.
  • UML : report now protects file names

• Analyzer
  • New analyzer : Ext stats
  • New analyzer : report mixed concatenation / interpolation strings
  • Updated analyzer : htmlentities actually uses combinaison, not alternatives,
  • Updated analyzer : Close Tag consistency ignores __HALT_COMPILER files

Version 0.11.5

2017-05-30 – Intelligent Stone Monkey

• Report
  • Ambassador : fixed visibility suggestion
  • New report : Dependency wheel

• Analyzer
  • New analyzer : avoid typehinting with classes
  • New analyzer : implemented methods must be public
  • New analyzer : no reference on left of assignement
  • New analyzer : Could typehint with instanceof
  • Updated analysis : Useless parenthesis cover clone, yield, yield from.
  • Updated analysis : Make One Call also reports nested calls

• Tokenizer
  • Split functions and closures,
  • Split classes and anonymous classes
  • Split variable with definitions (Property, Static and Global)
  • File count is always reported (even 0)

Version 0.11.4

2017-05-22 – Six Eared Macaque

• Architecture
  • Results : returns now multiple results at once

• Report
  • New report : codeflower
  • Ambassador : report usage of Debug functions, browscap
  • Ambassador : omits 0 in donuts
  • Ambassador : faceted search for compatiblity

• Analyzer
  • New analyzer : report functions whose return is not used
  • New analyzer : only variable can be passed by reference
  • Added limits to all in-depth searches
  • Checked unit tests : 2216 / 2216 test pass (100% pass).

• Tokenizer
  • Fixed edge case, where return is finished by a close tag
  • Split Variables into Variables, Objects and Arrays.

Version 0.11.3

2017-05-15 – Sun Deity of Mao

• Architecture
  • Speed up batch processing for lists of analyzers
  • Split data collection from the initial dump.

• Report
  • Ambassador : Upgraded presentation of issues, and internals links.

• Analyzer
  • New analyzer : Sphinx extension
  • New analyzer : GRPC extension
  • New analyzer : reports arrays that are randomly sorted.
  • New analyzer : report multiple catch clauses
  • Updated analyser : direct injections include all SERVER_* values
  • Upgrade for PHP 7.1.15 and 7.0.19

• Tokenizer
  • Split Functioncall into Functioncall, MethocallCall and Newcall.
  • Added support for ‘namespace’ in any full name.

Version 0.11.2

2017-05-08 – Scorpion Demon

• Architecture
  • Code cleaning, and more stability

• Analyzer
  • New analyzer : Report preference between != and <>
  • New analyzer : report empty regex and wrong delimiters
  • Added protection for $ in RegexDelimiters

Version 0.11.1

2017-05-01 – Ruler of Women’s Country

• Architecture
  • Fixed handling for large list of data in gremlin queries
  • Handles static in anonymous classes correctly

• Report
  • Reports handle traits like class.

• Analyzer
  • New analyzer : ends arrays with , or not (favorite)
  • New analyzer : suspicious comparison
  • New analyzer : strange spaces in strings

• Tokenizer
  • Arrays are now Arrayliteral, split from Functioncall

Version 0.11.0

2017-04-24 – Immortal Ruyi

• Architecture
  • Removed prepared statements from loops in dump
  • made Gremlin cache compatible with 32bits platforms

• Report
  • Ambassador : first work on upgrading visibilities for properties.

• Analyzer
  • New analyzer : could use str_repeat()
  • New analyzer : Crc32() Might Be Negative
  • Update analysis : Queries in loop reports cubrid and sqlsrv, prepared statements.
  • Update analysis : type mismatch for indices works on constants too.
  • Update analysis : Loop calling covers less ground

• Tokenizer
  • Split function and method entities for differentiated processing

Version 0.10.9

2017-04-17 – Single Horned Rhinoceros King

• Architecture
  • File extensions are processed before include/ignore dirs.
  • Reduced number of DEFINITION links, leading to less processing.
  • Added several assertion() in the code
  • Added assertions report in doctor (better leave them out with phar)

• Report
  • Added support for PHP 7.0.18 and 7.1.4
  • Ambassador : better layout for favorites
  • Zend Framework : 8 new components supported
  • Zend Framework : now supports zendframework/zendframework too
  • Zend Framework : report unused components

• Analyzer
  • New analyzer : report nested Use expressions
  • New analyzer : report repeated regex (to be federated)
  • New analyzer : report code that output directly to std
  • Updated analyzer : Should use this now omits overwritten methods
  • New analyzer : report overwritten methods
  • Upgraded analysis : 2123 / 2123 test pass (100% pass)

Version 0.10.8

2017-04-10 – King of Spiritual Touch

• Report
  • Slim report : list of routes used.

• Analyzer
  • New analyzer : report Group Use Declaration (PHP 7.0+)
  • Zend Framework : 30 components are now covered.
  • Slim : No echo in route callable and Inventory of routes.
  • PHP : list of new PHP 7.2 functions.

• Tokenizer
  • Sped up loading time by 10%.
  • Added support for PHP6 binary string : $a = u’b’;

Version 0.10.7

2017-04-03 – Immortal of Antelope Power

• Report
  • Ambassador : fixed composer report.
  • Added report for Composer (beta phase)
  • Added report for Slim framework.

• Analyzer
  • Added support for Slim versions.
  • Added 10 new components for Zend Framework 3

• Tokenizer
  • Fixed support for $ in file names.

Version 0.10.6

2017-03-27 – Immortal of Elk Power

• Architecture
  • Major speed up of loading and analysis
  • Fixed themes configuration.

• Report
  • Ambassador : report cookies usage, infinite and NAN usage
  • Zend Framework : Report incompatibilites component/version for ZF3

• Analyzer
  • Upgraded analysis : 1941 / 1941 test pass (100.00% pass)
  • New analyzer : Zend Framework 3 Deprecated
  • New analyzer : Zend cache, view, db.
  • New analyzer : Report missing type tests.
  • New analyzer : suggest setcookie() with safe arguments
  • New analyzer : Do not cast to Int
  • New analyzer : CakePHP classes compatibilities from 2.5 to 3.3
  • Upgraded analyzer : instanceof doesn’t report traits anymore
  • Upgraded analyzer : mb_ereg has options in the 4th arguments
  • Upgraded analyzer : more strange names

• Tokenizer
  • Reviewed most of the load processing.
  • Reduced the number of ‘fullnspath’ properties.

Version 0.10.5

2017-03-13 – Immortal of Tiger Power

• Architecture
  • Collect graph size in dump.sqlite
  • Collect memory usage in dump.sqlite
  • Now uses the calling PHP version to run all parts of exakat (no config)
  • Doctor report the ran gremlin version.

• Report
  • Ported the Zend Framework report to ambassador
  • Added regex delimiter in favorites.
  • Ambassador : syntax coloring

• Analyzer
  • New analyzer : could be typehinted ‘callable’
  • New analyzer : encoded letters in strings for security
  • New analyzer : report arguments that may be callable
  • New analyzer : report strangely named variables
  • New analyzer : report strangely named constants
  • New analyzer : too many FindsBy*() methods
  • Updated analyzer : Useless Instructions doesn’t report array_merge(_recursive) with one argument
  • Updated analyzer : array_replace handles …
  • Updated analyzer : 7.2 deprecation with assert()
  • Generalized usage of commons for CIT
  • Added first 4 set of analysis for Zend Framework 3
  • Added support for dynamic new $a[i];

• Tokenizer
  • Fixed fullnspath with new on functioncall
  • Reduced the number of fullnspath loaded
  • Added support for ‘s'() as functioncall
  • Fixed case where file names has ‘ ‘ in it

Version 0.10.4

2017-03-06 – Dragon King of the West Sea

• Architecture
  • Ignore some classic files by default (README, LICENSE…)

• Report
  • Ambassador : protection of HTML values
  • PHPcompilation : fixed export to stdout

• Analyzer
  • New analyzer : report useless else branches
  • New analyzer : should regenerate session Id, for PHP and Zend Framework
  • Added support for Extension Data structures (ext/ds)
  • Upgraded analyzer : Hardcoded Hash
  • Speed up analysis for extensions

• Tokenizer
  • Fixed edge case where a constant was used inside a ternary operator
  • Fixed processing of labels

Version 0.10.3

2017-02-27 – Dragon King of the Jing River

• Architecture
  • Added URL glossary to Manual.
  • Extended CS ruleset
  • Use exakat/exakat as user/login for git.
  • New helper to rename analyzers
  • Project command now accept -P/-T to run one analyzer/Thema directly

• Report
  • New report style : Codesniffer

• Analyzer
  • New analyzer : suggest usage for array_column()
  • New analyzer : __DIR__ must be concatenated with a string starting with ‘/’
  • New analyzer : report usage of parent, self and static outside a class/trait
  • New analyzer : report properties used only in one method
  • New analyzer : report properties used only once at all
  • New analyzer : multiple aliases per class
  • Updated analyzer : Fopen() mode support ‘e’ option (7.1.2 + )
  • Updated analyzer : Make One Call covers str_replace, substr_replace, preg_replace*
  • Updated analyzer : Unused arguments : now ignores arguments from interface or parent

• Tokenizer
  • Removed double DEFINITION link. Faster loading, less processing.
  • Fixed an edge case when function name is boolean or null.
  • Cleaned atom and tokens names
  • Fixed edge case when object is instantiated in a ternary

Version 0.10.2

2017-02-20 – Water Lizard Dragon

• Architecture

• Report
  • Text format now understand -T, -P to extract only some of the results.
  • Fixed dump of extends.

• Analyzer
  • Added support for PHP 7.1.2 and PHP 7.0.16
  • New analyzer : report forgotten ‘throw’ keyword.
  • New analyzer : report class / function confusing name
  • Added support for libsodium
  • Upgraded PHP Relaxed Keyword : Ignore properties.
  • Upgraded analysis : 1824 / 1826 test pass (99.9% pass)

• Tokenizer
  • Fixed a bug that mistakes native PHP classes for functions
  • Fixed rare situation with grouped const/function.

Version 0.10.1

2017-02-13 – King of Wuji Kingdom

• Architecture
  • Report SVN revision when updating or not.
  • Default reports are in config.
  • Configure now supports include_dirs, to include files.
  • Project name is now noted in datastore.
  • Inventories is a default themas; PHP Compatibility < 5.6 are not default anymore.

• Documentation
  • Fixed outgoing links
  • Better coverage of PHP functions

• Report
  • Added ‘Inventories’ report : reports all names and literals
  • Ambassador : Added list of included files, Yield From and classes stats

• Analyzer
  • New Analyzer : Strange Names For Methods (Classes/StrangeName)
  • New Analyzer : SQL queries (Type/Sql)
  • New Analyzer : Avoid Non WordPress Globals (WordPress/AvoidOtherGlobals)
  • Upgraded analyzer : Should be single quote, escape sequences refined.
  • Upgraded analyzer : Should Preprocess now support determinist PHP functions
  • Upgraded analysis : 1817 / 1824 test pass (99.6% pass)

• Tokenizer
  • Fixed LOC counting.
  • Fixed edge case when closure is directly use as argument
  • Fixed double inventories for Use’s Definitions

Version 0.10.0

2017-02-06 – Azure Lion

• Architecture
  • Replacement of booleans with constants (WIP)
  • Removed PHPloc (merged features into load)
  • Added coding standard for Code Sniffer (ruleset.xml)
  • PHP version used default to running script version
  • Now reading Token Constants from the binaries
  • Doctor reports project configuration if -p is used

• Report

• Analyzer
  • New Analyzer : No Boolean As Default
  • New Analyzer : Raised Access Level
  • New Analyzer : Recommend Wpdb->prepare when variables are in query
  • Directive suggestion now include error_log
  • Upgraded analyzer : UselessParenthesis also checks Typehint
  • Upgraded analysis : 1804 / 1811 test pass (99.6% pass)

• Tokenizer
  • Reinforced detection of parsable PHP script
  • Fixed Files command : it now cleans data before running
  • Removed warning about memory
  • Index creation made lighter

Version 0.9.9

2017/01/30 – Pilanpo Bodhisattva

• Architecture
  • Moving true/false to constants

• Report
  • Ambassador : Added ‘Compilation’ and Version compatibility reports.
  • Prepared collection of dependencies in dump

• Analyzer
  • New Thema : Compatibility PHP 7.2
  • New analyzer : Deprecated Features of PHP 7.2
  • New analyzer : Removed Function for PHP 7.2
  • New preference : New Line Style
  • Upgraded analysis : 1781 / 1802 test pass (98.9% pass)

Version 0.9.8

2017-01-23 – Multiple Eyed Creature

• Architecture
  • Moved ‘Truthy/Falsy’ as ‘boolean’ characteristics
  • Updated Gremlin3 interface to handle Groovy maps
  • Added default name when creating project

• Report
  • Added checks on merged table at Dump stage
  • Added support for PHP 7.1.1 and 7.0.15

• Analyzer
  • New analyzer : variables assigned twice or more
  • New preference : new x() / new x;
  • Upgraded analysis : 1785 / 1794 test pass (99.5% pass)
  • Fixed Interface usage : missing interfaces extends interfaces
  • Added extra check for Functioncalls

• Tokenizer
  • Added support for instanceof + several names

Version 0.9.7

2017-01-16 – Hundred Eyed Demon Lord

• Architecture
  • Fixed constant names for tokens in Load
  • Changed duplication check to dedup(). Cleaned analysis for duplicates.
  • Speed but for large projects. Work in Progress.
  • Reduced usage of static properties
  • Better detection of PHP scripts during project

• Report
  • Fixed generation of inventories when no target is provided

• Analyzer
  • New analyzer : Could Be Protected Property (not a public)
  • New analyzer : avoid large literal arrays in local variables.
  • New analyzer : report long arguments.
  • Removed analyzer : Structures/EchoArguments (double with Echo With Concat)

• Tokenizer
  • Fixed list of constants for PHP 7.1

Version 0.9.6

2017-01-09 – Spider Demons

• Architecture
  • Added support for report/analysis theme list in config (exakat and project)
  • Better cleaning of projects
  • Doctor : Initialisation with themes/reports; Reports executable being used.
  • Added a log for gremlin Queries
  • Rebuild the server command
  • Added ‘catalog’ command

• Report
  • Split Phpconfiguration into eponymous and Phpcompilation

• Analyzer
  • New analyzer : avoid Glob, use scandir without sorting.
  • New analyzer : always configure ext/sqlite3 FetchRow()
  • New analyzer : no string with append
  • Removed analyzer : Structures/ForeachSourcesNotVariable
  • Upgraded Analyzer ‘Should Import Functions’
  • Upgraded analysis : 1764 / 1773 test pass (99.5% pass).

• Tokenizer
  • Added ‘aliased’ property to nodes.

Version 0.9.5

2017-01-04 – Immortal Ziyang

• Architecture
  • Better check of PHP version

• Report
  • Ambassador : report analyzer settings
  • PHP Compilations : supports all extensions
  • New report : Inventories

• Analyzer
  • New analyzer : Don’t Use Fallback to Global space
  • New analyzer : MongoDB (ext/mongo version 3)
  • New analyzer : zbarcode
  • Bug : Fixed intval for octals in Arrays/MultipleIdenticalKeys
  • Removed analyzer : Php/InconsistantClosingTag (double)

• Tokenizer
  • Ranking arguments, not functioncall

Version 0.9.4

2016-12-19 – Lady of Jinsheng Palace

• Architecture
  • Rewrote the concurrence check (removed needs for ext/sem)
  • Results are never double anymore
  • Upgraded gremlin calls, to handle \n
  • Dump cleans the previous values before dumping
  • Excluded namespaces classes when searching for external libraries

• Report
  • Ambassador : extension usage, inventories, global lists, stats, PHP Compilation directives
  • Covers more compilation directives (Not finished)

• Analyzer
  • New analyzer : Final by Ocramius
  • Upgraded : Comparison with == : added curl_exec
  • Upgraded : isset with constant (mistake on properties as arrays)
  • Upgraded : Avoid using now uses full NS path
  • Upgraded : Useless instructions handles for() correctly
  • Upgraded : Recursive, IsGenerator and Loop Calling includes yield from
  • Upgraded analysis : 1741 / 1750 test pass (99.5% pass).

Version 0.9.3

2016-12-12 – Purple-Gold Bells

• Architecture
  • Lots of cleaned code
  • Harmonized data for extensions
  • Stop ‘project’ if no code is available
  • Now using stub in phar.

• Report
  • Added directives, bugfixes, external services and
  • Added support for PHP 7.0.14 and 5.6.29

• Analyzer
  • New analyzer : WordPress, recommend prepare()
  • More favorite reports : final ?> and unset()/(unset)
  • Reduced number of double reports for many analysis
  • Update : Fixed analysis with $THIS
  • Upgrade : report useless casting of comparisons
  • Update : Should use this takes into account parent::

Version 0.9.2

2016-12-05 – Golden Haired Hou

• Architecture
  • First version of Exakat for docker (beta)
  • Added a waiting loop in cleandb
  • Docs include a list of new analyzers per version

• Report
  • Added 2 first inventories, Appinfo() in Ambassador
  • Favorites now reports global/$GLOBALS
  • Restore composer.lock report
  • Upgraded uselessReturn for the final return.

• Analyzer
  • New analyzers for Newt, Nsapi,
  • New analyzer : __ in methods names
  • New analyzer : Too many local variables
  • New analyzer : Avoid array_push()
  • Upgraded ext/apache coverage

Version 0.9.1

2016-11-28 – Sai Tai Sui

• Architecture
  • Docker supported in exakat/config.ini for PHP binaries.
  • Added exakatSince in analyzers documentation
  • Added some missing tokens in anonymize command

• Report
  • Added several new analyzers for PHP 7.1

• Analyzer
  • new analyzer : find methods that could return Void
  • new analyzer : find malformed octal sequence in strings
  • new analyzer : spot rethrown exception
  • new analyzer : reach the last element
  • new analyzers : find undefined Zend Framework classes (2.0 to 3.0)
  • Upgraded analysis : 1706 / 1714 test pass (99.5% pass).

• Tokenizer
  • Fixed handling references (some were missing)
  • Fixed handling of ellipsis (some were missing)

Version 0.9.0

2016-11-21 – Python Demon

• Architecture
  • Project now include ‘Preference’ analysis
  • Dump is now incremental (-u option), and doesn’t need to be run in paralell
  • Added new hashAnalyzer table, to handle generic results from analysers.
  • Added project name in the graph.
  • New command ‘status’ to report the current status of exakat

• Report
  • Ambassador includes ‘Preferences’ section and new menu system
  • Upgraded progressbar to display project processing

• Analyzer
  • New analysis : Early Bail Out (with if/then)
  • New analysis : PHP 7.1 backward incompatibilities with microseconds
  • New analysis : WordPress : recommend using WP api, not PHP.
  • Upgraded ‘Constant condition’ to include do..while()
  • Upgraded ‘Useless Abstract’ to include methodless classes
  • Upgraded analysis : 1687 / 1697 test pass (99% pass).

• Tokenizer
  • Added ‘Array’ to list of determinist functions (more constants are spotted)
  • Fixed ‘Name’ for Array Short Syntax.
  • Fixed variadic support

Version 0.8.9

2016-11-14 – Yellow Brows Great King

• Architecture
  • Fixed and document -tgz and -zip option of init
  • Removed progress folder
  • Made MagicNumber a parallel task in Project.
  • Turned some die into assertion()
  • .phar doesn’t report any PHP errors.
  • Checked compilation with PHP 5.3->7.2

• Report
  • Removed Faceted report
  • Added Bugfixes for PHP 7.0.13, 5.6.28 and PHP 7.2
  • Added ‘One variable string’ to Radwell report

• Analyzer
  • New analyzer : Object Calisthenics #1, #4
  • New analyzer : check that properties are all set at constructor time.
  • New analyzer : spot useless checks
  • Updated UndefinedParentMP to take PHP ext classes into account
  • Upgraded ‘array_merge in loops’ with file_put_contents
  • Upgraded ‘useless parenthesis’ with math operations
  • Upgraded analysis : 1666 / 1682 test pass (99% pass).
  • Added debug Query method to analyzer

• Tokenizer
  • Fixed Files to compile first, then count tokens
  • Find Ext Lib handle UT classes better
  • Added limit to ‘code’ before loading into database. There is a 2M limit.
  • Fixed edge case with nested foreach()
  • Fixed segmentation fault when getting tokens from a script with wrong encoding

Version 0.8.8

2016-11-07 – Apricot Immortal

• Architecture
  • Added concurency test to avoid running several instance at the same time
  • Report error when it happens with git clone
  • Added UT classes to external libraries
  • Dump is now hidden until finished.
  • Better detection of java and composer (Thanks Julien)

• Report
  • New report : Radwell
  • New report : PhpConfiguration helping with configure and php.ini
  • Ambassador : Fixed dashboard values

• Analyzer
  • New analyzer : time() vs strtotime(‘now’)
  • New analyzer : useless casting
  • New analyzer : No Isset() with Empty()
  • New analyzer : don’t echo errors
  • New analyzer : ext/rar
  • New analyzer : use Class::class when possible
  • Added array_key_exists() to slow functions list.
  • Upgraded UpperCaseKeywords to handle partial uppercase
  • Added reported directives for ext/filter
  • Upgraded ‘Variables used once’ to exclude $this and arguments
  • Upgraded Unreachable Code with break/continue;
  • Multiple Identical Keys now handles null, boolean, real.
  • Upgraded analysis : 1652 / 1668 test pass (99% pass).

• Tokenizer
  • Now spots \true, \false, \null as Boolean and Null
  • Removed ‘xargs too many arguments’ error on Linux

Version 0.8.7

2016-10-31 – Naked Demon

• Architecture
  • Upgraded Boolean and Integer to report results without storing them in graph

• Analyzer
  • New analysis : modernizable empty() calls
  • New analysis : recommend Positive conditions
  • New analysis : drop else after return
  • Upgraded analysis : unreacheable code handles if/then with returns.
  • Added tests for Boolean and Null
  • More not Hashes dict.
  • Upgraded analysis : 1637 / 1650 test pass (99% pass).

• Tokenizer
  • Fixed line number of
  • Fixed token on arguments

Version 0.8.6

2016-10-24 – Fuyun Sou

• Architecture
  • New command to ping a queue
  • More documentation

• Report
  • Ambassador report sped up multiple times
  • Text, Json and XML all report only analyzers (not the dependencies)

• Analyzer
  • New analyzer : suggest ternary instead of Ifthen
  • New analyzer : check for returned value usage
  • Added support for PHP 7.0.12 and 5.6.27
  • Added more bugs fixing from extensions
  • Fixed analysis for Zend Framework 1
  • Ignore $this in variable used once
  • Fixed report with unlimited arguments functions
  • Overwritten literals : Ignore assignations in for()
  • Upgraded old PHP 5.* analysis to Gremlin 3
  • Upgraded analysis : 1639 / 1645 test pass (99% pass).

• Tokenizer
  • Fixed precedence between require and .
  • Better fullcode for

Version 0.8.5

2016-10-17 – Naked Demon

• Architecture
  • Moved all classes under Exakat folder for clean hierarchy

• Report
  • Ambassador : restored line number in display

• Analyzer
  • New analyzer, check for substr() comparisons with literals
  • New analyzer, suggest boolean cast, instead of Ternary.
  • New analyzer, spot 3 levels of if/then
  • Upgraded ‘hardcoded password’, for kadm5 and hash_* functions
  • Upgraded ‘external libs’, with Zend Framework
  • Upgraded analysis : 1625 / 1638 test pass (99% pass).

Version 0.8.4

2016-10-10 – Lingkongzi

• Architecture
  • Moved Tasks into Exkat\Tasks
  • Fixed findExternalLibs

• Report
  • Ambassador report got good annex, fixed settings and faceted search
  • Omit clearPHP if not present in docs

• Analyzer
  • New analyzer : detect multiple identical traits/interface in CIT
  • New analyzer : suggest creating aliases to reduce code
  • New analyzer : spot aliases that may be reused again
  • New analyzer : hidden use, that are not at the beginning of the code
  • Upgraded analysis : 1607 / 1618 test pass (99% pass).
  • More documentations to many analyzers
  • HasMagicProperty report all magic methods
  • Upgraded ‘Useless Parenthesis’ with more situations
  • Upgraded ‘Unchecked resources’ with 2 more situations
  • Fixed several analyzers when using Boolean and Null as a class
  • Fixed analyzerIsNot with arrays
  • Removed include-like from undefined functions
  • Arrays/AmbiguousKeys : Extended to arrays calls

• Tokenizer
  • Fixed edge case with return ?>
  • Fixed path for reporting

Version 0.8.3

2016-10-03 – Guzhi Gong

• Architecture
  • Created temp folder .exakat in projects_dir
  • Removed mentions of float, only using Real
  • Moved Config to Exakat\Config
  • More examples in docs

• Report
  • Added settings and files to Ambassador

• Analyzer
  • New analyzer for dependant Traits
  • Added new Theme ‘Cakephp’ with 6 analyzers for migration
  • New values for Not-a-hash
  • Unresolved Catch now takes Throwable into account

• Tokenizer
  • Fixed edge case where return is used inside if/then without {} nor value.
  • Fixed ‘code’ and ‘token’ for ?: and ()

Version 0.8.2

2016-09-26 – Jinjie Shiba Gong

• Architecture
  • More examples in docs
  • Fixed ‘file’ in results

• Report
  • Added more media for Ambassador

• Analyzer
  • New analyzer for count/strlen compared to 0
  • Upgraded analysis : 1563 / 1579 test pass (99% pass).
  • Backported all 4 WordPress analysis (wpdb, nonce usage)
  • Added new WordPress Analysis : variable escaping in templates

• Tokenizer
  • Fixed

Version 0.8.1

2016-09-19 – Babo’erben

• Architecture
  • Added main Try/Catch

• Report
  • Added ‘Ambassador’ report.

• Analyzer
  • Upgraded analysis : 1540 / 1561 test pass (99% pass).
  • More documentation (examples, glossary)
  • Added a list of stopwords for No Hardcoded Hash
  • Upgraded analyzer ‘No Hardcoded Path’ with protocols and glob with wildcards
  • Upgraded analyzer ‘No Hardcoded Hash’ with stopwords
  • Added new Analyzer for portability : spot common Linux files
  • Added new Analyzer : use system temp dir, not hardcoded one
  • New analyzer that spot unused protected methods
  • Added Time-to-fix and severity to all analyzers

• Tokenizer
  • Fixed edge case with if/then and try/catch
  • Synchronized constants in Tokens/Consts*.php
  • Added support for PHP 7.2

Version 0.8.0

2016-09-12 – Benbo’erba

• Architecture
  • More examples in the docs
  • Better find root in export

• Report
  • Prepared code for new report style

• Analyzer
  • New analysis : no throw in __destruct
  • New analysis : spot empty blocks in control structures
  • Update : Check parse_str and mb_parse_str()
  • Upgraded analysis : 1524 / 1540 test pass (99% pass).

• Tokenizer
  • Fixed representation of [] and [index] with static properties

Version 0.7.10

2016-09-05 – Nine Headed Bug

• Architecture
  • Added optional dependency to mbstring in Doctor

• Analyzer
  • Added analysers for PHP 7.1 features
  • Upgraded analysis : 1377 / 1510 test pass (91% pass).

• Tokenizer
  • Removed parasit ‘void’ added in sequences.
  • Raised export max depth to 15.
  • Fixed FQN for new without parenthesis
  • Fixed support for PHP 5.5/5.6.
  • Added support for iterable
  • Checked support for extensions and ignore dirs

Version 0.7.9

2016-08-29 – Wansheng Princess

fallback FQN in functions, link constant to definitions.

• Architecture
  • Added several features at Loading time : mark global variables in $GLOBALS,

• Analyzer
  • Added analysis for impossible comparisons (count($a) < or >= 0)
  • Added analysis for PHP 7.1 : removed directives, added functions
  • Upgraded analysis : 1485 / 1522 test pass (97.5% pass).

• Tokenizer
  • Fixed edge case with
  • Fixed priorities between include and .
  • Better support of trait in classes

Version 0.7.8

2016-08-22 – Wansheng Dragon King

• Architecture
  • Prepared databases for PHP 7.2

• Analyzer
  • Reports that preg_match results are not checked
  • Report List short syntax usage.
  • Upgraded analysis : 1224 / 1493 test pass.

• Tokenizer

Version 0.7.7

2016-08-17 – Water Repelling Golden Crystal Beast

• Analyzer
  • Upgraded Bug database to handle PHP 7.0.10, 5.6.24 and 5.5.38

Version 0.7.5

2016-07-19 – Jade Faced Princess

• Architecture
  • Added ‘anonymize’ command, that anonymize files and projects

• Analyzer
  • new analyzer : recommend preg_replace_callback_array() when there are several call to preg_replace_callback_array()
  • Upgraded analysis : 1103 / 1464 test pass.

• Tokenizer
  • Lots of fixes for stability : tested on 28M tokens

Version 0.7.4

2016-07-12 – Great Sage Who Pacifies Heaven

• Architecture
  • Entirely rewrote the ‘Tokenizer’ part
  • Upgraded database schema

• Analyzer
  • Upgraded analysis : 1027 / 1461 test pass.

• Tokenizer
  • Entirely rewrote the ‘Tokenizer’ part
  • 1851 UT pass correctly (extra 51)

Version 0.6.7

2016-05-30 – Red boy

• Report
  • Added List With Keys in Appinfo()
  • Added by-reference functions mention
  • Now reporting good visibility/static for __callstatic
  • Added bug info for PHP 7.0.7, 5.5.36, 5.6.21

• Analyzer
  • New : recommend instanceof over is_object()
  • Fixed several ignored limitations, due to case : $phpversion

• Tokenizer
  • Fixed ‘originclass’ in namespaced use

Version 0.6.6

2016-05-23 – Princess Iron Fan

• Report
  • New report, suggest disable_functions directive value.
  • Added support for memcached directives

• Analyzer
  • New analyzer : spot throw without new
  • New analyzer : suggest adding 2nd parameter to unserialize in PHP 7.0+
  • New analyzer : spot successive if/then with the same condition
  • Added support for zendoptimizer and suhosin extensions
  • PHP7 indirect expression : added support for {} in properties

• Tokenizer
  • Raised cycle count, to speed up building AST for large projects

Version 0.6.5

2016-05-16 – Great Sage Who Pacifies Heaven

• Analyzer
  • New analyzer : spot globals that may be turned into property
  • New analyzer : check that ZF1 classes are well located
  • Upgraded ‘dangling foreach reference’ to support key=>value
  • Better support for PHP 7 indirect expression
  • More directives for xdebug
  • Eval Without Try is PHP 7 only
  • No Choice analysis is now case insensitive

• Tokenizer
  • Added support for keys in list() (PHP 7.1)
  • Added support for constant visibility (PHP 7.2)
  • Added support for Multi catch : catch(A|B $e) (PHP 7.1)
  • Fixed bug with + and instanceof
  • Fixed precedence between :: and ??

Version 0.6.4

2016-05-09 – Bull Demon King

• Architecture
  • Externalized the list of recognized libraries to Json
  • Added ‘WordPress’ and ‘Coding convention’ as Recipes

• Report
  • Initial report for Zend Framework. Still prototyping.

• Analyzer
  • Accelerated analysis for Implicit GLobals variables
  • New analyze : Indirect Injections (Security)
  • New analyze : Should Use Coalesce (code upgrade)
  • New analyze : Suggest dirname(__FILE__) => __DIR__
  • Added ‘str_rot13’ as unsafe ‘crypto’
  • Properties without default can’t be redefined
  • Added Yield and Yield From as structures without parenthesis needs
  • Double Assignation, unless 2nd call is a functioncall (less false positives)

Version 0.6.3

2016-05-02 – Jade Faced Princess

• Architecture
  • Removed several useless pieces of code (self analysis)
  • Added documentation for WordPress Recipes
  • Lengthened Cycle for tokenizer

• Report
  • Added bugfixes for PHP 7.0.6, 5.6.21, 5.5.35.
  • Now reporting token counts per files

• Analyzer
  • New analyzer : Spot variable that holds $_GET, $_POST, $_REQUEST or $_COOKIE values (internal)
  • New analyzer : Report variables that are overwritten by themselves
  • New analyzer : Report useless switch (empty, 1 case only)
  • Upgraded NoChoice to handle larger sequences
  • Upgraded Useless Global to handle global $x / $GLOBALS[‘x’] situations
  • New analyzer : WordPress Recipe : Unverified Nonce, Best Usage for $wpdb
  • New analyzer : Void for PHP 7.1

• Tokenizer
  • Fixed but with Typehint
  • Added phppowerpoint class in external libraries

Version 0.6.2

2016-04-25 – Long Armed Ape Monkey

• Architecture
  • Fixed phar detection (based on ext/phar)
  • Cleaned code with myself

• Report
  • New report format : clustergrammer

• Analyzer
  • New analyzer : same conditions in If / Then
  • New analyzer : spot dead code in catch expressions
  • Static loops now exclude methods usage
  • Indirect variable expression are stricter
  • preg_* Option e has better support for delimiters
  • Upgraded Direct Injection in case of concatenation
  • Detect Ellipsis when counting arguments
  • Could use short assignation : avoid $a += $a + 3;

• Tokenizer
  • Sped up Typehint detection
  • No indexing for T_STRING in properties
  • Reduced errors from token_get_all()

Version 0.6.1

2016-04-18 – Red Bottomed Horse Monkey

• Architecture
  • Prepared to support PHP 7.1
  • Fixed bug in user / passwords when initing the project
  • Better support for ::class when searching for libraries

• Analyzer
  • UselessParenthesis : spot nested parenthesis
  • Spot exceptions that are thrown but uncaught by the current code
  • Support for ext/lua,
  • New : Check catch order in try/catch
  • Better identification of Composer classes, based on composer.json
  • Now spot interfaces in use declarations (less undefined interfaces)

• Tokenizer
  • Added support for PHP 7.1
  • key => value in list() calls
  • visibility for constants in Classes and Interfaces
  • Accelerated up Typehint support

Version 0.6.0

2016-04-11 – Intelligent Stone Monkey

Hardcoded hashes

• Architecture
  • Fixed a bug in Find external libraries
  • Applied fixed based on new analyzers’s audit
  • Fixed a bug that prevented results to be prepared for report (Thanks Philippe G.)

• Report
  • Now reports reason for excluding a file from analysis

• Analyzer
  • New analyzers : Logical Mistake (first version),
  • Upgrade List with appends with variable name
  • Upgrade /e option detection
  • Fixed detection of unused use, with long namespaces.
  • Added finfo to ext/finfo
  • Finds exceptions that are reserved for later throwing
  • Exclude anonymous classes from Already Defined Interface

• Tokenizer
  • Extended cycle number to speed up tokenizer.
  • Better escaping of file names

Version 0.5.9

2016-04-04 – Six Eared Macaque

• Architecture
  • One progressbar per Recipe during project analysis
  • report’s documentation
  • Upgraded ‘External Lib’ to ignore Composer folders.
  • Fixed a bug about interpreting tokens
  • Dump collects classes, interfaces, traits definitions
  • Now storing project name in database for future use
  • Removed PHP configuration modifications (error_reporting, display_errors)

• Report
  • Added ‘Uml’ report : hierarchy report
  • Now reports Pear Usage
  • Upgraded Bugfix database for 7.0.5, 5.6.20 and 5.5.34
  • Report Yield (from) usage
  • New external configuration files : bazar, github, docker, openshift

• Analyzer
  • Added detection for undefined classes in ZF (1.8 to 1.12)
  • New : report undefined Traits
  • Added support for parent/grandparent when checking argument numbers
  • Added support for V8js

• Tokenizer
  • Fixed bug in fullnspath for use within trait or class
  • It is possible to reach a property on an array append
  • Fixed AST between PHP 5 and 7 for globals
  • Simplified ++ analyzers

Version 0.5.8

2016-03-28 – Sun Deity of Mao

• Architecture
  • Moved to self::, instead of static::.
  • First UT for command line
  • Sped up phploc. Prepare code for finite states, in Tasks.
  • Prepare for Gremlin3 (moved gremlin calls to class)
  • Reduced shell_exec usage

• Report
  • Fixed display bugs in Devoops report
  • Removed double analysis
  • ‘Wrong number of arguments’ now supports constructors

• Analyzer
  • Upgraded ‘No Hardcoded IP’ to handle constants, spot domains
  • Added support for TokyoTyrant
  • New analyzer : spot simple regex, and suggest strpos
  • Excluded “$a[b]” from undefined constants

• Tokenizer
  • Fixed bug with nested call to echo.
  • Fixed bug where concatenation ends on a ‘AS’ keyword
  • Added support of Constants in Foreach
  • Fixed multiple bugs in Grouped Use
  • Support for function as ‘class’ in static calls
  • Comparison accepts powers
  • Added support for empty array short syntax in sequence
  • Support constant with visibility
  • Parenthesis may be the base for Arrays

Version 0.5.7

2016-03-21 – Scorpion Demon

• Architecture
  • Added support for folders in UT, for tests that requires several files
  • Improved compatibility with PHPunit
  • Moving gremlin_query() to Gremlin2 class
  • Doctor also reports for phar
  • Improved adaptation to PHP and Exakt in server mode
  • Autoload shouldn’t die
  • Fixed case when calling Phpexec
  • Upgraded status presentation in server mode

• Report
  • More details for Global Variable list

• Analyzer
  • Now spotting class when it is inside a string
  • Check for $this outside a trait/class
  • Check for ternary/concatenation precedence
  • Spot classes that attempt to extend final
  • Spot set_exception_handler() that may need rework
  • Refined array_merge analysis, in case of nested loops

• Tokenizer
  • Yield [from] may be inside an array
  • Refactored for/foreach tokens
  • Added support for a ‘Project’ node

Version 0.5.6

2016-03-14 – Ruler of Women’s Country

• Architecture
  • Fixed some backward compatibility with PHP 5.4
  • Started revamping ‘Status’ command
  • Centralized all tokenizations to PhpExec class
  • Removed usage of __DIR__ and __FILE__

• Analyzer
  • Spot usage of empty() that can’t work on PHP 5.4
  • Suggest using random_int instead of rand
  • Upgraded ‘No Array_merge in loops’ with array_merge_recursive
  • Added support for scalar type hint in Undefined Classes
  • New analyzer : Better rand()

• Tokenizer
  • Instanceof has lower precedence than comparison

Version 0.5.5

2016-03-07 – Immortal Ruyi

• Architecture
  • Added default values for all neo4j_* configs

• Report
  • Added support for bugfixes in 7.0.4, 5.6.19 and 5.5.33
  • Added support for bugfixes in 7.1.0-dev

• Analyzer
  • Added support for Typehint in Undeclared Classes
  • Extended ‘Multiple Classes in One File’ to interfaces and traits
  • Added analyzers for truthy and falsy
  • Spot interfaces implemented by parents (Thanks PHP Inspect)
  • Report usage for unsafe Curl options

• Tokenizer
  • Fixed emptyString inside a Heredoc
  • Fixed bug where Sign has lower priority than Power

Version 0.5.4

2016-02-29 – Nezha

• Architecture
  • Removed some shell_exec() to help with portability
  • Clean command now rebuilds an empty datastore
  • Check the availability of php binaries before using
  • Produce report in a hidden folder, then push it

• Report
  • Report the list of bug fixes that apply to code

• Analyzer
  • Help using preg_match_all options

• Tokenizer
  • Fixed a bug with reference and instanceof

Version 0.5.3

2016-02-22 – Li Jing

• Architecture
  • More UT
  • Supports symlinks for neo4j’s folder
  • Supports symlinks for ‘code’ folder in projects
  • Added upgrade command to check for exakat’s available versions and upgrade

• Analyzer
  • Spot CLI scripts
  • Undefined Interfaces avoids self, parent, static
  • Fixed bug in spotting undefined Interface
  • Variable Used Once in a method are not arguments
  • Added support for all structures in Double Assignation

Version 0.5.2

2016-02-15 – Single Horned Rhinoceros King

• Analyzer
  • Fixed functioncall detection with ’empty’
  • Refined ‘Buried assignation’ analysis
  • Fixed a bug when using definitions (class, trait, interface, functions…)
  • Better support for case-insensitive constants

• Tokenizer
  • Fixed bug in use statement
  • Now spots PHP code in files without extension
  • Upgraded support for grouped Use statement
  • namespace may be a valid nsname part
  • Fixed bracket reports in do…while

Version 0.5.1

2016-02-08 – King of Spiritual Touch

• Architecture
  • Added test in UT to skip incompilable sources
  • Stabilized tokenizer’s UT (partial)

• Report
  • HTML protection in Devoops format
  • No display of negative stats
  • Added support for directives : wincache, xcache, apc, opcache
  • Added support for eaccelerator and openssl

• Analyzer
  • New analyzer : Spot unknown PHP directive names
  • Fixed Constants/MultipleDefinedConstants
  • Better detection of functioncalls (with List)
  • Better spotting of ini_set arguments
  • Unreachable code now finds die and exit
  • ObjectReference won’t report references on scalar types
  • Revamped ‘pregOptionE’ analyzer
  • Cleaned code with too many arguments
  • Removed useless print
  • Better report of eval() usage
  • Revamped ‘Dynamic code’ report
  • Fixed bug in Case/Default that are empty
  • Avoided sequences of sequences in Case/Default
  • Fixed Detection of classes’ usage with extension

• Tokenizer
  • Fixed bracket detection on While and DoWhile
  • Detect void in DoWhile
  • Removed useless T_DIE token
  • Fixed fullcode processing for anonymous classes

Version 0.5.0

2016-02-01 – Immortal of Antelope Power

• Architecture
  • Added support for HTTP API, through ‘server’ command.

• Analyzer
  • Fopen modes checked
  • Redefined default, in class’s properties

• Tokenizer
  • Fixed situation where echo and print used parenthesis (they don’t)
  • Fixed rare but with instanceof and concatenation
  • Fixed support of integers in Gremlin
  • Fixed bug in addslashes and and $ protection order
  • Made Assignations more robust (no un-processed tokens)
  • Reduced the number of shell_exec usage => speed up
  • Finished support for relaxed keyword support in classes (PHP 7)

Version 0.4.6

2016-01-25 – Immortal of Elk Power

• Architecture
  • New installation script with Vagrant and Ansible (Thanks Alexis!)
  • Updated documentation
  • Added a command to remove a project

• Report
  • Devoops reports has case-insensitive menu sort

• Analyzer
  • Spot redefined properties, classes and methods.
  • Spot properties that may be turned private
  • Fixed special case in Wrong Number Of Arguments
  • Fixed ‘OnePage’ analysis

• Tokenizer
  • Finished support for relaxed keywords in classes
  • Sped up tokenizer by keeping counts of tokens in datastore
  • Fixed detection of CakePHP
  • Fixed special case with Labels
  • Fixed rare case with die() within ternary operator

Version 0.4.5

2016-01-18 – Immortal of Tiger Power

• Architecture
  • Upgraded documentation
  • Default command is ‘help’

• Report
  • Better version for FacetedJson report

• Analyzer
  • New analyzer that spots wrong type of argument in PHP internal functions
  • Fixed Isset With Constant for PHP 7
  • Fixed a bug that limited query size during analysis (good for bigger projects)
  • Include variadic (…) to Variable Argument Number

• Tokenizer
  • Fixed a bug that blocked tokenizer when a analyzed script generated parse errors.
  • Added support for bazar, svn.
  • Fixed a bug in Nsnames at Loading time.

Version 0.4.4

2016-01-11 – Crown Prince Mo’ang

• Architecture
  • Reviewed OnePage analysis
  • Dump as now an option to select Recipes
  • Dump forces line to be integer
  • Added a task to update a project’s code (git only ATM)

• Report
  • Better check when opening database for report (more to come)
  • FacetedJson (and Json) report ignore non-unicode lines
  • Added ‘search’ box to facetedJson

• Analyzer
  • Switch To Switch suggestions
  • Unused arguments patch for arguments used in methods
  • Unused properties doesn’t mistake function static variable

• Tokenizer
  • All Nsnames are now build at Loading time
  • Constants may be calld ‘const’
  • More relaxed syntax for methods (exit, include, eval…)
  • Foreach may use coalesce
  • Fixed an edge case with Closures in functioncall

Version 0.4.3

2015-01-04 – Tuolong

• Architecture
  • Copyright year bump
  • Doctor reports memory_limit and php version consistency
  • Switched to rmDirRecursive

• Report
  • Removed old style reporting system

• Analyzer
  • Fixed fileupload and filesystem directives reports
  • Added report of Environnement variable usage
  • Added iconv_set_encoding to the list of directive usage
  • Extension analyzes now takes into account namespaces and traits
  • Analyzers all have severity and time to fix

• Tokenizer

Version 0.4.2

2015-12-22 – Red Boy

• Architecture
  • Published documentation on http://exakat.readthedocs.org
  • First version of the faceted report (-format Faceted)

• Report
  • First version of the faceted report (-format Faceted)
  • Fixed Dump that actually finishes after some time

• Analyzer
  • Spot unused arguments
  • Fixed notInInterface() filter
  • Upgraded HtmlEntitiesCall

Version 0.4.1

2015-12-14 – Azure Lion

• Architecture
  • Rebuild the report system, for speed and versatility.

• Report
  • Available format : JSON, Sqlite, XML, Text and HTML (Devoops).
  • Rules are now part of the documentation.

• Analyzer
  • Upgraded ‘Buried assignations’
  • Locally Unused also spots properties without visibility (but with definition)
  • Could be class constant, if the property is used at least once
  • Better detection of files that are Definitions only (fix at Namespace calls)
  • ++ is now correctly reported as isRead and isWritten in Arguments
  • Closure’s use($x) are now reported in both context (calling and called)
  • Removed usage of ‘back’ method, that is blocking at high token counts

• Tokenizer
  • Fixed support for {} and {$ } inside strings
  • Fixed bug with Typehint, that prevented compilation
  • Fixed several (rare) edge cases with Sign and Staticproperties.
  • Fixed detection of closing tags

Version 0.4.0

2015-12-07 – Lion Lynx Demon

• Architecture
  • Made PHP 7.0 the default (moved to 0.4.0)
  • Ran unit tests on PHPunit 5.1
  • Added a background tasks to build report. Will allow for progressive report.

• Report
  • Rewrote the report from scratch. Should be finished next iteration.
  • New report is working for XML and Text report.

• Analyzer
  • Added support for ext/pecl_http
  • Added several classic folders as ignored by default (change this in config.ini)
  • Create a check for functioncall (and not methods)
  • Spots join(”, file())
  • Safely ignoring some dynamic calls in undefined functions (Thanks Marc Delisle)
  • Removed ArrayAppend from double assignation

• Tokenizer
  • Fixed a bug when class was auto-referenced.
  • Fixed detecting Static properties when they are also arrays.
  • Fixed fatal errors for mal-formed octals

Version 0.3.12

2015-11-30 – Nine Tailed Vixen

• Architecture
  • ProgressBar is now displayed during Analyze phase.

• Report
  • Report list of error messages used in the library

• Analyzer
  • Omit eval with hardcoded strings
  • Exclude some index from _SERVER from the report (they are safe)
  • Exclude php://* files as hard coded path
  • Report usage of timestamp to calculate duration
  • Spots unused traits
  • Fixed support for big integers

• Tokenizer
  • First support for relaxed keywords in classes. More to come.
  • Checked UT on PHP 7 (Soon to become default version)
  • Fixed version detection in Tokenizer
  • Fixed fullnspath in Use expression;

Version 0.3.11

2015-11-16 – Hu A’qi

• Architecture
  • Report external services files that may be in the repository

• Report
  • Report nested dirname calls (may be changed in PHP 7)

• Analyzer
  • Better spotting of static loops
  • Don’t confuse $globals and $GLOBALS

• Tokenizer
  • Rewrote support for As in classes.
  • Fixed arguments that were indexed as Void
  • Trimmed code

Version 0.3.10

2015-11-09 – Silver Horned King

• Architecture
  • Centralized call to cypher.

• Report
  • Sped up several analyzes

• Analyzer
  • Fixed naming bug with reflexion
  • Support class name in arrays, short syntax
  • Report Relay Functions
  • More PHP 7 incompatibilities reports

• Tokenizer
  • Support for 7.1 compilation (dev only)
  • Added cakephp to external libraries
  • Fixed parsing bug with static (as property definition)
  • Fixed ‘count’ in sequences from Function
  • Rewrote Argument detection (when there is no parenthesis)

Version 0.3.9

2015-11-02 up – Golden Horned King

• Architecture
  • Cleaned code with Exakat

• Analyzer
  • Refined report about double assignation
  • Fixed argument counting in Function Definition
  • Better support of array in Locally Used Properties
  • Updated Composer database

• Tokenizer
  • Fixed a bug that ignored Blocks
  • Fixed a rare bug with echo and the following arguments

Version 0.3.8

2015-10-26 – Baihuaxiu

• Architecture
  • Cleaned too many display (they go to log now), leaving commandline empty (or -v)
  • A lot more PHP 7 incompatibilities spotted

• Report
  • Added the list of global variables in the projects (if any)
  • Fixed reports for PHP 5.2 (they were ignored)

• Analyzer
  • Better handling of composer in unresolved classes
  • Spot setlocale with string (PHP 7)
  • Spot string unpacking (PHP 7)
  • Upgraded static method call, to avoid classes of the same family
  • Report eval without try/catch
  • Report preg_replace with /e
  • Fixed report for empty list()
  • Spot hexadecimal in strings
  • Report usort (and co) as incompatibilities between PHP 7 and 5

• Tokenizer
  • Fixed edge case with Sign and namespaced function
  • Added xajax, adodb and gacl as common library
  • Fixed arguments in short array syntax
  • Fixed case where [3] was spotted inside a string

Version 0.3.7

2015-10-19 – Yellow Robe Demon

• Architecture
  • Added and reviewed many UT. More stability.

• Report
  • Fixed the report of the actual version of PHP being used.
  • Non-run analysis are not marked with a stethoscope
  • Report now report closures and not the containing method
  • Removed some dashboard that would generate empty links

• Analyzer
  • Better spot of blocks inside Alternative syntax
  • Speed up method spotting
  • Fixed properties which were mistaken with deep definitions

• Tokenizer
  • Fixed fullcode for Typehint
  • Removed Ppp and moved it to Visibility

Version 0.3.6

2015-10-12 – White Bone Demon

• Architecture
  • Large speed up at Parsing stage, for large projects
  • Added git informations in Doctor

• Tokenizer
  • Changed processing for Arguments.
  • Support for more PHP 7 features, including Use Grouping,
  • Fixed support for ~
  • Simplified ::class handling

Version 0.3.5

2015-10-06 – Mingyue

• Architecture
  • Reported usage of array constants, improving backward compatibility
  • Checked running on PHP 7

• Report
  • Added Definition annex
  • Fixed ‘version incompatible’ report that was mistaken with ‘no result’
  • List all directives being modified in the code
  • List more directives that should be set for production.

• Analyzer
  • Reworked the Themes about compatibility.
  • Added many tests for PHP 7.0 compatibility
  • Sped up UsedMethod analyzer
  • Added support for PHP 7 feature : Unicode Escape Sequences, New functions/classes/interfaces, Removed Functions,

• Tokenizer
  • Changed processing for Empty PHP code
  • Support Variable Indirection for both PHP 5 and 7 (depends on exec version)
  • Avoid ignoring all code when finding External Libraries
  • Fixed edge cases with declare() when it is conditional.
  • Support for PHP 7’s f()()()

Version 0.3.4

2015-09-28 up – Qingfeng

• Architecture
  • Added token_limit configuration to avoid running too large project (default is 1 000 000)
  • Several new tools for internal consistency check.
  • Removed support for neo-contrib’s gremlin plugin

• Report
  • Report libraries that were found and ignored

• Analyzer
  • Sped up queries that required previous analyzers or multiples atoms
  • Spot global keywords inside loops (perf)
  • Better spotting of Composer classes
  • Report double assignations

• Tokenizer
  • Added support for Anonymous classes (PHP 7)
  • Fixed namespace manipulations (They weren’t lower case)
  • Mark constants as fail back globals or local to the namespace
  • Support Null Coalesce operator (PHP 7)
  • Fixed rare case for empty strings and noDelimiter

Version 0.3.3

2015-09-21 – Immortal Zhenyuan

• Architecture
  • Removed some shell stderr that leaked to the main script

• Report
  • Added the list of used analyzers
  • favicon is now used in the report (Devoops)
  • Fixed count report for Else
  • Fixed directive reports for trader, bcmath and ldap.

• Analyzer
  • Rebuild the composer database
  • Fixed htmlentities analyze
  • Spot usage of ‘substr($s, $p, +/- 1)’ and recommend ‘$s[$p]’

• Tokenizer
  • Fixed Multiplication with instantiation

Version 0.3.2

2015-09-14 – Tiger Vanguard

• Report
  • Added link back from analyzers to its themes.

• Analyzer
  • Useless Returns are now Trait compatible
  • Optimized Composer validation
  • Removed IsKnownVendor analyze (replaced by Composer)
  • Spot inconsistent concatenations (“$a b”.$c)

• Tokenizer
  • Fixed situation where forgotten white spaces didn’t have a file
  • Removed DELETE and S_STRING index
  • Fixed compatibility with Debian (shell commands)
  • Added UT for and / && precedence versus =
  • Fixed identification of empty instructions (Functions / Closure have different behaviors)

Version 0.3.1

2015-09-03 – Yellow Wind Demon

• Architecture
  • Removed usage of Everyman dependencies
  • Added support for Neo4j Authentication
  • Added a JobQueue
  • Cleaned code with exakat itself

• Report
  • Added Dump to SQLITE format for custom manipulations of the results
  • Added new collection of rules for Calesthenics (dev)
  • Updated composer database
  • Now reporting found Composer.

• Analyzer
  • Fixed Compilation spotting

• Tokenizer
  • Fixed an edge case with Sign, when used in a concatenation

Version 0.3.0

2015-Aug-25 – Lingxuzi

This is a important release, with some noticeable changes.

• Architecture
  • Moved to Thinkaurelius’s gremlin plug-in, Neo4j 2.2.4 and Java 8.

• Report
  • Added a view by File
  • Added sorting for results (by file and by analyze)

• Analyzer
  • Spot functions whose results should be checked before they are used
  • Spot breaks/continue out of a loop
  • Exports all the results in a dump.sqlite file

• Tokenizer
  • Fixed a minor bug with ::class (messed up the {} counts)
  • removed dependency to Everyman’s Neo4j classes.
  • Added a step that removes big and identifiable libraries in PHP (such as tcpdf, jpgraph, etc..)

Version 0.2.5

2015-Aug-17 – Scholar in a White Robe

This is a maintenance release, with improved ease of use.

• Report
  • List the files that are ignored in the annex

• Analyzer
  • Updated Knowledge Database for memcache, aliases, zlib, standard
  • Added more directives to Review
  • Added support for xhprof

• Tokenizer
  • Fixed bug with Else (Not-alternative)
  • Fixed Sequence creation with If-Then
  • Yield may be assigned
  • Removed one Tokenizer’s operation (filterOut2)
  • Fixed priorities with Concatenation, Multiplication, Additions
  • Process Echo and Print separately
  • Automatically removes common bundled libraries to reduce app size

Version 0.2.4

2015-06-22 – Black Wind Demon

This is a maintenance release, with improved ease of use and new analyzes.

• Analyzer
  • Rebuild the composer database
  • Lots of new extensions supported : ev, libevent, event, php-ast, wikidiff2, proctitle, inotify, ibase, amqp, geoip, output buffering,
  • Report errors when non-variables are returned by reference
  • Marked more analyzes for PHP 7
  • Fixed Unpreprocess structures with split
  • Upgraded spotting for useless parenthesis
  • Added a check ++$i vs $i++;
  • Exclude abstract methods from Variables Used Once
  • Added new directives
  • Also check for ASP Tags

• Tokenizer
  • Fixed the fullpath for functions when they are not defined in the code
  • Upgraded support for Return Type (PHP 7.0+)
  • error_reporting with -1 is OK
  • Fixed a precedence problem with & and &&
  • Refactored Ifthen token to support return type
  • Added a kill command when cleaning Database

Version 0.2.3

2015-06-22 – Techu Shi

This is a maintenance release, with improved ease of use.

• Analyzer
  • Report usage of Return Typehint, and Scalar Typehint
  • Report usage of classes that used to return null on new
  • Report useless abstract classes

• Tokenizer
  • Upgraded ‘init’ command, to handle various VCS
  • Added support for Return Typehint

Version 0.2.2

2015-06-16 – Xiong Shangjun

This is a maintenance release, with vastly improved speed

• Analyzer
  • Now spots short assignations
  • More UselessInstructions spotted
  • Ignore Unset as modified values in loops

• Tokenizer
  • Added support for PHP7 new tokens (T_SPACESHIP, T_COALESCE, T_YIELD_FROM)
  • Split loading into more .csv files for lighter and more robust queries
  • Better support for arrays [1,2,3] as functioncall (just like array())
  • Process tokens by batches of 800
  • Clean vertex at each queries, not Sequence

Version 0.2.1

2015-06-02 – General Yin

This is a maintenance release

• Analyzer
  • sizeOf may have 2 arguments
  • 2 clearPHP link added in documentation

• Tokenizer
  • Fixed bug with Bitshift and Addition
  • Fixed bug with Sequence when merging sequences
  • Fixed bug with String and Addition
  • Fixed Visibility in Use instruction
  • Foreach accepts Constants as Source
  • Fixed special case for nested IfThen

Version 0.2.0

2015-05-15 – Demon of Confusion

• First version