- Notifications
You must be signed in to change notification settings - Fork42
Description
Edited 24/09
Hi again,
I extracted the PHAR and removed the PHP compat tests for all PHPv5 (as that is no longer supported by my code anyway). This appears to have removed the issue below. I wonder now if there is a simple way to disable all of the PHP5 compatibility tests rather than extracting the PHAR and editing the reports directly (so far I've edited Ambassador by changing the YAML and it looks like I need to edit Emissary as well, as that now reports errors).
Many thanks
Richard
Hi,
Great tool, only recently started using.
I'm receiving "Undefined constants" reports on PHP_EOL and STR_PAD_LEFT, as in the following code lines:
$hr = str_pad($hr,2,'0',STR_PAD_LEFT);
$hrp = str_pad($hrp,2,'0',STR_PAD_LEFT);
echo "No access".PHP_EOL;
In all cases above they are not within any class or function, just straight code lines within an IF statement.
I did hunt through the files and can see these defined in the list of constants (constants.ini?).
Doctor output:
exakat :
executable : ./exakat.phar
version : 2.1.8
build : 1141
exakat.ini : ./config/exakat.ini,
environnment
graphdb : gsneo4jv3
reports :
rulesets : CompatibilityPHP70,
CompatibilityPHP71,
CompatibilityPHP72,
Analyze,
Preferences,
Appinfo,
Appcontent,
Dead code,
Security,
Custom
extra rulesets :
ignored rules :
tokenslimit : 1 000 000 000
PHP :
binary : 7.3.19-1~deb10u1
memory_limit : -1
short_open_tags : Off
ext/curl : Yes
ext/hash : Yes
ext/phar : Yes
ext/sqlite3 : Yes
ext/tokenizer : Yes
ext/mbstring : Yes
ext/json : Yes
ext/xmlwriter : Yes
ext/pcntl : Yes
parallel_processing : Yes
pcre.jit : On (Must be off on PHP 7.3 and OSX)
java :
installed : Yes
type : OpenJDK Runtime Environment (build 1.8.0_212-8u212-b01-1-b01)
version : openjdk
$JAVA_HOME :
$JAVA_OPTIONS :
tinkergraph :
configured : No tinkergraph configured in config/exakat.ini.
tinkergraphv3 :
configured : No tinkergraph configured in config/exakat.ini.
gsneo4j :
installed : No (folder : tinkergraph)
gsneo4jv3 :
installed : Yes (folder : /opt/exakat/tinkergraph)
host : 127.0.0.1
port : 8182
gremlin version : 3.4.8
neo4j version : 3.2.3
nogremlin :
installed : Always
project :
name :
url :
phpversion : 7.3
reports : "Ambassador"
rulesets : CompatibilityPHP70, CompatibilityPHP71, CompatibilityPHP72, Analyze, Preferences, Appinfo, Appcontent, Dead code, Security, Custom
included dirs :
ignored dirs : /assets, /cache, /css, /data, /doc, /docker, /docs, /example, /examples, /images, /js, /lang, /spec, /sql, /test, /tests, /tmp, /version, /var
ignored rules :
file extensions : php, php3, inc, tpl, phtml, tmpl, phps, ctp, module
folders :
projects folder : Yes
php73 :
configured : Yes (/usr/bin/php7.3)
actual version : 7.3.19
auditing : with this version
Report run was Ambassador and OWASP.
Also - is there any good way to let it know some constants are defined, just not in a file I'm asking it to scan (in this case, from TCPDF, as I'm not responsible for their code cleanliness).
Many thanks
Richard