PHP-SAT.org

Static analysis for PHP
PHP-Sat is a Static Analysis tool that can be used to check for common mistakes in PHP source code. One of the key-features of PHP-Sat is the automatic detection of different kind of vulnerabilities, allowing you to check your source code for certain security breaches.

Each static check within PHP-Sat is described by a bug-pattern which explains why the pattern is recognized and what one can do to fix it. There are checks for area's such as correctness, style and security. A bug-pattern is not necessarily bad in all cases, although the security check(s) probably are, but we leave it to the programmer to make this decision.

PHP-Sat is based on PHP-Front, a library that provides support for generating, transforming or analyzing PHP code. It includes a handcrafted SDF grammar for PHP, Stratego signatures generated from this grammar and a handcrafted pretty printer.

The packages also provides support for automatic inclusion of files that are included or required. The names of the files that are included can optionally be resolved (to some extend) through constant propagation. PHP-Front also supports PHP-specific traversals and reflection over included files, functions and classes.

Check out the different sections to read about all the unique features of both projects.
If you are experiencing problems, have a suggestion/question or want to share the name of your cat, please do not hesitate to contact us.