/PHPLinter

Lint and score PHP files based on a simple ruleset

Primary LanguagePHPGNU General Public License v3.0GPL-3.0

PHPLinter. Static code analyser.
V3.3

A simple fast lint and score for PHP files. Attempts to analyze the code to
locate problem areas, flagging infractions to the rule set and giving a score
anywhere from 10.0 to minus infinity.

Disclaimer:

	No real codebase will have a perfect score. The results of phplinter are
	an estimation and thus not perfect. It does not parse expressions and it
	can not find runtime errors. There will be false positives from time to time.
	It was built for speed and efficiency to use with our massive and rather
	messy codebase.
	
	It is not meant as a replacement for other, more customizable tools.

Usage
=====

Usage phplinter [Options] [file|directory]

	-q: Quiet mode (Surpress output)
	-v: Verbose mode
	-N: Turn off color output.
	-S: Score only.
	-c FILE: Configuration file.

Filters:
	-I: Report extra information (default off).
	-C: Dont report conventions.
	-W: Dont report warnings.
	-R: Dont report refactor warnings.
	-E: Dont report errors.
	-D: Dont report documentation warnings.
	-P: Dont report deprecated warnings.
	-X: Dont report security warnings.
	-O: Security report only.

Debugging:
	-M: View scope map.
	-V: Debug mode. Again for extra debug info.
	-T: Time execution. Again for extra time info.

Reporting:
	-H PATH: HTML report.
	-J PATH: JSON report.
	-i PATTERN: Ignore pattern (| delimited)
	-e PATTERN: file extensions (| delimited) (default 'php')
	-w: Overwrite output directory. (Warning: Will empty directory)

Other (Experimental):
	-Z PATH: Harvest documentation into json-file.
	-F: Report formatting errors.
	
Configuration file
==================

Uses JSON format file. See 'example.config.json'  for details.

Rules
=====

Ruleset (some rules may not be active)

    * I: Information
    * C: Conventions
    * D: Depricated
    * W: Warnings
    * R: Refactor
    * S: Security

(I)nformation (No penalty)

    * I1: FIXME/TODO
    * I2: Possible unsecure function
    * I3: Possible information disclosure
    * I4: Loose comparison operator used

(C)onventions (0.01 penalty)

    * C1: Line to long. Default (85)
    * C2: Class name does not match. Default( /^[A-Z][\w_]{2,}$/ )
    * C3: Function name does not match. Default( /^[a-z][\w_]{2,}$/ )
    * C4: Method name does not match. Default( /^[a-z][\w_]{2,}$/ )
    * C5: Interface name does not match. Default( /^[A-Z][\w_]{2,}$/ )
    * C6: Visibility missing. (public/protected/private) 
    * C7: Possible code commented out
    * C8: Property after method declaration in class
    * C9: Empty comment
    * C10: Too many classes defined in file. Default(1)
    * C11: Property defined in method

(D)ocumentation (0.3 penalty)

    * D1: File not documented
    * D2: Class not documented
    * D3: Method not documented
    * D4: Function not documented
    * D5: Interface not documented
    * D6: Property not documented 

(W)arning (0.3 penalty)

    * W1: PHP4 style constuctor
    * W2: PHP4 style variable
    * W3: Unused argument
    * W4: Unused variable
    * W4: Unused property
    * W11: Empty class
    * W12: Empty function
    * W13: Empty method
    * W14: Empty interface
    * W15: Unreachable code
    * W16: Hack marked
    * W17: Whitespace after closing tag 
    * W18: Token depricated. Default (global)
    * W19: Whitespace before first open tag

(R)efactor (0.8 penalty)

    * R1: Method to long. Default(300)
    * R2: Function to long. Default(300)
    * R3: Class to long. Default(2500)
    * R4: Too many branches. Default(12)
    * R5: Too many local variables. Default(24)
    * R6: Too many arguments. Default(6)
    * R7: Too many ancestors. Default(6)
    * R8: HTML mixed into code
    * R9: HTML output after final close tag 
    * R11: Nested switch
    * R12: Static and nonstatic methods mixed in class
    * R13: To many arguments in use clause
    * R14: Nesting level to deep. Default(6)
    * R15: Too many functions in file. Default(50)
    * R16: Too many methods in class. Default(50)
    * R17: Too many propertys in class. Default(50)
    * R18: Too many globals in file. Default(50)
    * R19: HTML output before first open tag
    * R20: File to long. Default(4000)
    
(S)ecurity (1.0 penalty)

	* S1: GET/POST/REQUEST/FILE used directly in unsecure function
	* S2: Unsecure use of include/require
	* S3: Unsecure callback in function call