Merge remote-tracking branch 'g3/Gremlin3'

docs/Installation.rst

@@ -21,7 +21,7 @@ Exakat is a PHP static analyzer. It relies on PHP to lint and tokenize the targe
 
 Exakat itself runs on PHP 7.2, with a short selection of extensions. It is tested with PHP 7.0 and more recent.
 
-.. image:: exakat.architecture.png
+.. image:: images/exakat.architecture.png
     :alt: exakat architecture
 
 Source code is imported into exakat using VCS client, like git, SVN, mercurial, tar, zip, bz2 or even symlink. Only reading access is actually required : the code is never modified in any way. 

docs/Introduction.rst

@@ -3,7 +3,7 @@
 Introduction
 ============
 
-This is the documentation of the Exakat engine, version 1.1.5 (Build 694), on 1.1.5.
+This is the documentation of the Exakat engine, version 1.1.5 (Build 696), on 1.1.5.
 
 What is Exakat ? 
 ================

docs/Recipes.rst

@@ -66,8 +66,8 @@ Recipes details
 
 .. comment: The rest of the document is automatically generated. Don't modify it manually. 
 .. comment: Recipes details
-.. comment: Generation date : Mon, 19 Feb 2018 21:40:49 +0000
-.. comment: Generation hash : dc1c6ebd4dc6a83d90a42d730c111a5ef991b47c
+.. comment: Generation date : Wed, 21 Feb 2018 10:10:58 +0000
+.. comment: Generation hash : b471bd3aa5add983c1df9be7592cba47b014c95b
 
 
 .. _analyze:

docs/Reports.rst

@@ -10,6 +10,7 @@ There are several reports that may be extracted from Exakat :
 * XML
 * CodeSniffer
 * Codeflower
+* Dependencywheel
 * Owasp
 * Ambassador
 * Uml
@@ -48,7 +49,12 @@ Very simple text format, one result per line, including :
 
 Example : 
 
-   /src/NlpTools/Documents/RawDocument.php:10 Class, Interface Or Trait With Identical Names
+::
+
+    /helpers/translation/class.TranslationFileReader.php:99 No Need For Else
+    /helpers/translation/class.TranslationFileReader.php:99 Avoid Optional Properties
+    /test/ClientLibRegistryTest.php:83 Confusing Names
+    /helpers/form/elements/xhtml/class.Radiobox.php:53 Local Globals
 
 It may be output to stdout.
 
@@ -73,7 +79,9 @@ Simple Json format. It is a structured array with all results, described as obje
                     ]
                 ]
 
-Example :::
+Example : 
+
+::
 
     {  
        "\/src\/Path\/To\/File.php":{  
@@ -106,7 +114,7 @@ XML version of the reports. It uses the same format than PHP Code Sniffer to out
 
 Here is an extract of the resulting XML 
 
-:::
+::
 
    <?xml version="1.0" encoding="UTF-8"?>
    <phpcs version="0.8.6">
@@ -123,7 +131,7 @@ This format reports analysis using the Codesniffer's result format.
 
 Here is an example of the resulting format : 
 
-:::
+::
 
     FILE : /Path/To/View/The/File.php
     --------------------------------------------------------------------------------
@@ -142,11 +150,28 @@ Codeflower
 
 Codeflower is a javascript visualization of the code. It is based on Francois Zaninotto's [CodeFlower Source code visualization](http://www.redotheweb.com/CodeFlower/).
 
+.. image:: images/report.codeflower.png
+    :alt: dependency wheel report
+
+
+Dependency Wheel
+----------------
+
+Dependency Wheel is a javascript visualization of the classes dependencies in the code. Every class, interface and trait are represented as a circle, and every relation between the classes are represented by a link between them, inside the circle. 
+
+.. image:: images/report.dependencywheel.png
+    :alt: dependency wheel report
+
+It is based on Francois Zaninotto's [DependencyWheel](http://fzaninotto.github.com/DependencyWheel) and the [d3.js](https://github.com/mbostock/d3).
+
 Owasp
 -----
 
 The OWASP report is a security report, that focuses on the [OWASP top 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project). It reports all the security analysis, distributed across the 10 categories of vulnerabilities. 
 
+.. image:: images/report.owasp.png
+    :alt: dependency wheel report
+
 Ambassador
 ----------
 
@@ -169,13 +194,22 @@ Uml
 
 This report produces a dot file with a representation of the classes used in the repository. 
 
+.. image:: images/report.uml.general.png
+    :alt: General view of a UML report
+
+.. image:: images/report.uml.detail.png
+    :alt: Detail view of a UML report
+
 .dot files are best seen with [graphviz](http://www.graphviz.org/) : they are easily convert into PNG or PDF.
 
 PlanUml
 -------
 
 This report produces a .puml file, compatible with [PlantUML](http://plantuml.com/).
 
+.. image:: images/report.plantuml.png
+    :alt: General view of a UML report
+
 PlantUML is an Open Source component that creates class diagrams. 
 
 Simpletable
@@ -191,22 +225,48 @@ Marmelab
 Marmelab is a report format to build GraphQL server with exakat's results. Export the results of the audit in this JSON file, then use the [json-graphql-server](https://github.com/marmelab/json-graphql-server) to have a GraphQL server with all the results.
 You may also learn more about GraphQL at [Introducing Json GraphQL Server](https://marmelab.com/blog/2017/07/12/json-graphql-server.html)
 
-:::
+::
     php exakat.phar report -p -format Marmelab -file marmelab
     cp projects/myproject/marmelab.json path/to/marmelab
     json-graphql-server db.json
 
 
+
 Clustergrammer
 --------------
 
 Clustergrammer is a visualisation tool that may be found online. After generation of this report, a TEXT file is available in the project directory. Upload it on [http://amp.pharm.mssm.edu/clustergrammer/](http://amp.pharm.mssm.edu/clustergrammer/) to visualize it. 
 
+.. image:: images/report.plantuml.png
+    :alt: General view of a UML report
+
+See it live here : [Clustergrammer](http://amp.pharm.mssm.edu/clustergrammer/viz_sim_mats/5a8d41bf3a82d32a9dacddd9/clustergrammer.txt).
+
 Composer
 --------
 
 Composer is a report that enhances your composer.json with all the extensions requirement that your code has. If you don't have a composer.json, exakat produces a simple composer.json with those contraints. 
 
+::
+
+    {
+    "name": "pawka\/phrozn",
+    "description": "Static Site Generator for PHP",
+    "require": {
+        "twig/twig": "1.12.*",
+        "symfony/yaml": "2.0.*",
+        "pear/Console_Color2": "*",
+        "pear/Console_Table": "*",
+        "pear/archive_tar": "*",
+        "pear/console_commandline": "*",
+        "leafo/lessphp": "0.4.*",
+        "michelf/php-markdown": "1.3.*",
+        "netcarver/textile": "3.5.*",
+        "ext-ctype": "*",
+        "ext-pear": "*"
+    },
+    .... 
+
 The composer.json itself is not updated : review all suggestions before actually adopting them.
 
 Inventories
@@ -238,22 +298,132 @@ Literal values are hardcoded values : strings, integers, floats, heredoc; Struct
 
 Inventories are great to review spelling, check unusual names and frequencies. 
 
+:: 
+
+    variable,type
+    $path,var
+    $loader,var
+    $runner,var
+    $runner,object
+    $base,var
+    $instance,var
+    $dirs,var
+    $dir,var
+    $file,var
+    $datadir,var
+
 The result is a directory, containing CSV files. Empty results creates files containing only the headers.
 
 PhpCompilation
 ---------------
 
 PhpCompilation produces a list of php.ini compilation directives to compile a PHP binary tailored for the code. 
 
+::
+
+    ;;;;;;;;;;;;;;;;;;;;;;;;
+    ; PHP configure list   ;
+    ;;;;;;;;;;;;;;;;;;;;;;;;
+    
+    ./configure
+      --disable-dom
+     --disable-fileinfo
+     --disable-filter
+     --disable-hash
+     --disable-json
+     --disable-libxml
+     --disable-pdo
+     --disable-posix
+     --disable-session
+     --without-sqlite3
+     --disable-tokenizer
+     --disable-xml
+     --disable-xmlreader
+     --with-xmlrpc[=DIR]
+     --disable-xmlwriter
+    
+    ; For debug purposes
+    ;--enable-dtrace
+    ;--disable-phpdbg
+    
+    ;--enable-zend-signals
+    ;--disable-opcacheReported 0 messages in PhpCompilation
+
+
 The result itself is a Text file.
 
 PhpConfiguration
 ----------------
 
 PhpConfiguration suggest a list of directive to check when setting up the hosting server, tailored for the code.
 
-The result is a Text file.
+::
+
+    ;;;;;;;;;;;;;;;;;;;;;;;;;;
+    ; Suggestion for php.ini ;
+    ;;;;;;;;;;;;;;;;;;;;;;;;;;
+    
+    ; The directives below are selected based on the code provided. 
+    ; They only cover the related directives that may have an impact on the code
+    ;
+    ; The list may not be exhaustive
+    ; The suggested values are not recommendations, and should be reviewed and adapted
+    ;
+    
+    
+    [date]
+    ; It is not safe to rely on the system's timezone settings. Make sure the
+    ; directive date.timezone is set in php.ini.
+    date.timezone = Europe/Amsterdam
+    
+    
+    
+    [pcre]
+    ; More information about pcre : 
+    ;http://php.net/manual/en/pcre.configuration.php
+    
+    
+    
+    [standard]
+    ; This sets the maximum amount of memory in bytes that a script is allowed to
+    ; allocate. This helps prevent poorly written scripts for eating up all available
+    ; memory on a server. It is recommended to set this as low as possible and avoid
+    ; removing the limit.
+    memory_limit = 120
+    
+    ; This sets the maximum amount of time, in seconds, that a script is allowed to
+    ; run. The lower the value, the better for the server, but also, the better has
+    ; the script to be written. Avoid really large values that are only useful for
+    ; admin, and set them per directory.
+    max_execution_time = 90
+    
+    ; Exposes to the world that PHP is installed on the server. For security reasons,
+    ; it is better to keep this hidden.
+    expose_php = Off
+    
+    ; This determines whether errors should be printed to the screen as part of the
+    ; output or if they should be hidden from the user.
+    display_errors = Off
+    
+    ; Set the error reporting level. Always set this high, so as to have the errors
+    ; reported, and logged.
+    error_reporting = E_ALL
+    
+    ; Always log errors for future use
+    log_errors = On
+    
+    ; Name of the file where script errors should be logged. 
+    error_log = Name of a writable file, suitable for logging.
+    
+    ; More information about standard : 
+    ;http://php.net/manual/en/info.configuration.php
+    
+    ; Name of the file where script errors should be logged. 
+    disable_functions = curl_init,ftp_connect,ftp_ssl_connect,ldap_connect,mail,mysqli_connect,mysqli_pconnect,pg_connect,pg_pconnect,socket_create,socket_accept,socket_connect,socket_listen
+    disable_classes = mysqli
+
 
+The result is a Text file.
 
 RadwellCode
 -----------
@@ -262,5 +432,16 @@ RadwellCodes is a report based on Oliver Radwell's [PHP Do And Don't](https://bl
 
 This is a Text report, with the file name and line of issue, and the report's error. 
 
+::
+
+    /Phrozn/Vendor/Extra/scss.inc.php:594 Slow PHP built-in functions
+    /Phrozn/Vendor/Extra/scss.inc.php:2554 Too many nested if statements
+    /Phrozn/Vendor/Extra/scss.inc.php:1208 Long if-else blocks
+    /Phrozn/Vendor/Extra/scss.inc.php:1208 Too many nested if statements
+    /Phrozn/Vendor/Extra/scss.inc.php:3935 Wrong function / class name casing
+    /Phrozn/Vendor/Extra/scss.inc.php:3452 Too many nested if statements
+    /Phrozn/Site/View/OutputPath/Entry/Parametrized.php:58 Slow PHP built-in functions
+    /Phrozn/Runner/CommandLine/Callback/Init.php:82 Extra brackets and braces and quotes
+
 Note that all rules are not implemented, especially the 'coding conventions' ones, as this is beyond the scope of this tool.
 

docs/Rules.rst

@@ -8,8 +8,8 @@ Introduction
 
 .. comment: The rest of the document is automatically generated. Don't modify it manually. 
 .. comment: Rules details
-.. comment: Generation date : Mon, 19 Feb 2018 21:40:49 +0000
-.. comment: Generation hash : dc1c6ebd4dc6a83d90a42d730c111a5ef991b47c
+.. comment: Generation date : Wed, 21 Feb 2018 10:10:58 +0000
+.. comment: Generation hash : b471bd3aa5add983c1df9be7592cba47b014c95b
 
 
 .. _$http\_raw\_post\_data:
@@ -6849,20 +6849,25 @@ Interpolation
 
 The following strings contain variables that are will be replaced. However, the following characters are ambiguous, and may lead to confusion. 
 
-<?php
-
-class b { 
-    public $b = 'c';
-    function `'__toString() <http://php.net/manual/en/language.oop5.magic.php>`_ { return `'__CLASS__ <http://php.net/manual/en/language.constants.predefined.php>`_; }
-}
-$x = array(1 => new B());
+.. code-block:: php
 
-// -> after the $x[1] looks like a 2nd dereferencing, but it is not. 
-print $x[1]->b;
-// displays : b->b
+   <?php
+
+   class b { 
+       public $b = 'c';
+       function '__toString() { return '__CLASS__; }
+   }
+   $x = array(1 => new B());
+
+   // -> after the $x[1] looks like a 2nd dereferencing, but it is not. 
+   print $x[1]->b;
+   // displays : b->b
+
+   print {$x[1]->b};
+   // displays : c
+
+   ?>
 
-print {$x[1]->b};
-// displays : c
 
 It is advised to add curly brackets around those structures to make them non-ambiguous.
 

docs/src/Installation.rst

@@ -21,7 +21,7 @@ Exakat is a PHP static analyzer. It relies on PHP to lint and tokenize the targe
 
 Exakat itself runs on PHP 7.2, with a short selection of extensions. It is tested with PHP 7.0 and more recent.
 
-.. image:: exakat.architecture.png
+.. image:: images/exakat.architecture.png
     :alt: exakat architecture
 
 Source code is imported into exakat using VCS client, like git, SVN, mercurial, tar, zip, bz2 or even symlink. Only reading access is actually required : the code is never modified in any way.