Php Sat Bug Patterns
Static analysis for PHP
What is a bug-pattern?
Let us start with a definition:
A bug-pattern describes a common mistake at the application level.
So each bug-pattern describes a pattern that is correct according to the grammar of PHP, but holds a mistake that is
probably not intended by the programmer. The patterns are based on the documentation of PHP, past experience and common sense. Notice that the patterns holds information about
possible mistakes, the programmer has to decide whether the pattern is an actual mistake in the specific situation.
Descriptions
Each pattern is described according to this structure:
[Code]
Number of the pattern, First capitals of the category followed by a three-digit number.
[Affected versions]
PHP versions that are affected by this pattern.
[Example]
Code example that shows the pattern in a generalized way.
[Usage]
The situations in which this pattern can arise.
[Why]
Explanation of the mistake in this pattern.
[Solution]
How the pattern can be eliminated.
The bug-patterns are divided into the following categories:
- Correctness
- Exposing Info
- Optimization
- Style
- Malicious Code Vulnerability
There is no nicely formatted descriptions of the patterns (yet), but there is documentation about the patterns in the
SVN-repository. Some of the patterns are not implemented, see this
issue-list for the status of these patterns. If you have a pattern that can is useful, please
share your idea!
Correctness
These patterns describe a situation that is incorrect according to type-casting, control-flow or the PHP documentation.
Exposing Info
These patterns describe a situation where information can leak from your application to the outside world. This is a mistake in general because it reveals information to attackers.
Optimization
These patterns indicate places where you can gain a (microscopic) performance boost. None of the patterns will double the speed of your application at once, but together they help you to get the best out of your server resources.
Style
These patterns flag situations that violate a certain style-guide. Notice that they are subjective, but they also have a non-arbitrary reason to flag the situation.
Malicious Code Vulnerability
This category consists of only one bug-pattern
MCV000. This pattern flags parameters that do not meet the pre-condition of the called function. This pattern finds pieces of code that might have security issues, please take a good look at the code before ignoring the pattern.
Results
Within normal mode the output of PHP-Sat looks like this:
Pattern [number] found in file [file-name] on line [line-number].
However, if you pass the
--extended-ouput
option to PHP-Sat the generated files will contain special code blocks that look like this:
/**
* PHP-SAT check (Category name)
* Pattern ID : Pattern code
* Description: Short description / pattern name
*/
Interpretation
The patterns that PHP-Sat flags are common mistakes, but not necessarily bad in your situation. You have to decide for yourself whether or not you want to adjust your code. We just want to provide you with more information to make the right decision, we know you can do it!