exakat.1.8.5 Review

exakat.1.8.4和5是维护版本,专注于修复边缘案例和加速分析。特别是,有几种分析利用了恒定分辨率系统,以对文字和常量进行检查。我们还包括一个新的分析,检查文字是否可以由现有的常量替换。 Embassador报告现在包括当前审核的配置文件,配置另一个存储库。我能’T更改Exakat 1.8.5审查,但我可以调整我的代码以始终到达目的地。




const MY_FORMAT = "[%s]\n";

printf(MY_FORMAT, $s, $t); // Too many parameters provided


While constants are a formidable tool to federate literals, and have a central point to update them, they also tend to hide the actual value behind a name. This is the case above, where MY_FORMAT is not telling about the actual format, but about the author of the format. As such, resolving the constant, and finding its actual literal value help find bugs that are not obvious.



与促进更常数使用的想法,如上所述,一个新的‘Suggestions’已添加:IT报告 字面价值 这可以被实际常量所取代。


const MY_CONSTANT = "abc";

$a = 'abc';


Here, $a is initialized with ‘abc’,虽然已经存在该值的常量。如果这适用,建议使用初始化的常量。稍后,它将有助于更新值‘abc’到另一个值,没有证明整个应用程序。

Special values like true, false, 0, and 1 are ignored. While they may very well end up being constant, for the same reasons as above, they are usually too often used, and yields a huge amount of false positive. Or real issues, which are all interlaced. This doesn’t help.



可以使用特质 是一个关闭的表兄弟可以使用界面:它检测到一个类,它具有与特定特征相同的方法,但却并未’使用这种特征。看看这个学术榜样:


trait t {
    function foo($a) { return ++$a;}
    function foo1($a) {return ++$a;}
class x {
    function foo($a) { return ++$a;}
    function foo1($b) {return ++$b;}
    function bar() {}
    function bar1() {}


In the example above, foo and foo1 are defined in the x class. They are also defined in the t trait, and they are actually identical. This way, class x could be simplified, and make use of use t;.

exakat.has a clone type 1 representation of each method, and use them to compare the methods between the trait and the class. A clone type 1 is a clone based on tokens : the tokens are the same in both methods, and in the same order. Yet, the value of the token may differ. For example, note that foo1 in class x uses a $b as argument, while it is a $a in trait t.

在另一个分析中,exakat报告 可用于表征类的接口, but which has not been added with the implements keyword.


大使报告 includes a new item in the Annex section : the Audit Configuration presents the configuration used to create the current audit. They are in INI and YAML format, which are the two formats used by Exakat.

You can copy/paste those configuration in your config.ini or .exakat.yaml files, in another repository. This is convenient to spread the same configuration across multiple code repositories, in the same company.


exakat包括A.‘weekly’报告:此报告采用五项分析为构建。这意味着短暂的审计报告,几乎没有问题审查。读取它们并不是很多,并在代码中查看它们。 PHP社区中的每个人都可以专注于一个经典的编码问题并解决它。谈谈周围的每周审计:你’LL找到面临同样挑战的程序员。

获得‘weekly’审核,运行审计,请求‘Weekly’ report.

#init项目(在已经完成后跳过) php exakat.phar init -p <yourproject> -R //github.com/Seldaek/monolog.git -git #运行项目(跳过已经完成的时间) php exakat.phar项目-p<yourproject> #导出每周项目(每个星期一) php exakat.phar报告-p<yourproject> -format Weekly # Open projects/<yourproject>/ weekly/index.html在浏览器中


每周 recommendations for PHP code review : 2019, week 2019-24


: 多种类型的变量:避免使用不同类型的数据使用相同的变量。它很难跟踪价值本身。


您可以查看图库中的所有exakat报告: exakat画廊.

下载exakat.io,安装它 Docker.,升级它‘exakat.phar升级-u’ and like us on GitHub..