Performs advanced static analysis on PHP code

Overview

PHP Analyzer

Please report bugs or feature requests via our website support system ? in bottom right or by emailing [email protected].

Contributing Stubs

PHP Analyzer uses stubs for built-in PHP classes and functions. These stubs look like regular PHP code and define the available parameters, their types, properties, methods etc. If you would like to contribute a fix or additional stubs, please fork and submit a patch to the legacy branch:

https://github.com/scrutinizer-ci/php-analyzer/tree/legacy/res

You might also like...
A project to add Psalm support for Drupal for security testing, focused only on taint analysis.

psalm-plugin-drupal A Drupal integration for Psalm focused on security scanning (SAST) taint analysis. Features Stubs for sinks, sources, and sanitize

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness. Phan looks f

A static analyzer for PHP version migration
A static analyzer for PHP version migration

PHP Migration Readme in Chinese 中文 This is a static analyzer for PHP version migration and compatibility checking. It can suppose your current code ru

SonarPHP: PHP static analyzer for SonarQube & SonarLint

Code Quality and Security for PHP This SonarSource project is a static code analyser for PHP language used as an extension for the SonarQube platform.

A full-scale PHP sandbox class that utilizes PHP-Parser to prevent sandboxed code from running unsafe code
A full-scale PHP sandbox class that utilizes PHP-Parser to prevent sandboxed code from running unsafe code

A full-scale PHP 7.4+ sandbox class that utilizes PHP-Parser to prevent sandboxed code from running unsafe code. It also utilizes FunctionParser to di

Parse: A Static Security Scanner

Parse: A PHP Security Scanner PLEASE NOTE: This tool is still in a very early stage. The work continues... The Parse scanner is a static scanning tool

A full-scale PHP 5.3.2+ sandbox class that utilizes PHPParser to prevent sandboxed code from running unsafe code.
A full-scale PHP 5.3.2+ sandbox class that utilizes PHPParser to prevent sandboxed code from running unsafe code.

##DEPRECATED: The PHPSandbox project has transfered to Corveda/PHPSandbox and will be actively maintained there. This branch is no longer being active

Library for counting the lines of code in PHP source code

sebastian/lines-of-code Library for counting the lines of code in PHP source code. Installation You can add this library as a local, per-project depen

Provides functionality that helps writing PHP code that has runtime-specific (PHP / HHVM) execution paths

sebastian/environment This component provides functionality that helps writing PHP code that has runtime-specific (PHP / HHVM) execution paths. Instal

Comments
  • Output Formatting

    Output Formatting

    Added prototype for output formatting of the run command. Its not perfect yet, because in XML case, notifications are outputed as well.

    Question here is, should XML be a byproduct, and you pick a file where it goes? Or should xml be a secondary output channel?

    I would refactor in both ways.

    opened by beberlei 13
  • Update PDO.php

    Update PDO.php

    Solves #254 - added inTransaction to the PHP 5.3 stub. Copied from the PHP 5.4 stub.

    Added a note based on the documentation to indicate that in PHP 5.3 this method did not conform to the documented behaviour (returned int instead of bool).

    opened by kander-zz 2
  • Move enabled check to analyze method in LoopMustUseBracesPass

    Move enabled check to analyze method in LoopMustUseBracesPass

    As far as I can tell this moves the check to just before anything memory intensive is done which should solve problems of running out of memory on this pass when it is disabled in the config.

    opened by addshore 2
  • @method static support, based off the phpstorm ide syntax

    @method static support, based off the phpstorm ide syntax

    RE Issue #208

    Does not introduce any backwards compatibility issues. No Unit Test provided as there is none for @method's currently (feel free to provide one for me to base this off). Code appears to work in a simple test case - I do not have a fully working environment to run php-analyser

    Also included is a gitignore line for phpstorm IDE files

    opened by splitice 0
A static php code analysis tool using the Graph Theory

Mondrian Ok guyz, you have a master degree in Graph Theory, you follow Law of Demeter and you live on S.O.L.I.D principles ? Let's have some Fun ! (^ω

Florent Genette 391 Nov 30, 2022
Deptrac is a static code analysis tool for PHP that helps you communicate, visualize and enforce architectural decisions in your projects

Deptrac is a static code analysis tool for PHP that helps you communicate, visualize and enforce architectural decisions in your projects. You can freely define your architectural layers over classes and which rules should apply to them.

QOSSMIC GmbH 2.2k Dec 30, 2022
Static code analysis to find violations in a dependency graph

PhpDependencyAnalysis PhpDependencyAnalysis is an extendable static code analysis for object-oriented PHP-Projects to generate dependency graphs from

Marco Muths 546 Dec 7, 2022
Beautiful and understandable static analysis tool for PHP

PhpMetrics PhpMetrics provides metrics about PHP project and classes, with beautiful and readable HTML report. Documentation | Twitter | Contributing

PhpMetrics 2.3k Dec 22, 2022
The Exakat Engine : smart static analysis for PHP

Exakat The Exakat Engine is an automated code reviewing engine for PHP. Installation Installation with the phar Phar is the recommended installation p

Exakat 370 Dec 28, 2022
A static analysis tool for finding errors in PHP applications

Psalm Psalm is a static analysis tool for finding errors in PHP applications. Installation To get started, check out the installation guide. Live Demo

Vimeo 5k Jan 2, 2023
A static analysis tool for security

progpilot A static analyzer for security purposes Only PHP language is currently supported Installation Option 1: use standalone phar Download the lat

null 271 Dec 27, 2022
Static Analysis Results Baseliner

Static Analysis Results Baseliner (SARB) Why SARB Requirements Installing Using SARB Examples Further reading Why SARB? If you've tried to introduce a

Dave Liddament 151 Jan 3, 2023
Infection Static Analysis Plugin

Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis

Roave, LLC 108 Jan 2, 2023
A set of tools for lexical and syntactical analysis written in pure PHP.

Welcome to Dissect! master - this branch always contains the last stable version. develop - the unstable development branch. Dissect is a set of tools

Jakub Lédl 221 Nov 29, 2022