Pattern-Based Analysis¶
Pattern-based analysis is a static analysis technique that detects issues by matching source code against a library of known patterns, without building a full model of the program’s execution.
Each pattern describes a structural or textual signature that corresponds to a coding mistake, a security vulnerability, or a style violation. When the pattern matches, a finding is reported.
Pattern-based analysis is:
Fast to implement and run, because it requires only a token stream or a partial AST
Easy to extend, because new patterns can be added without modifying the analyser core
Limited in depth, because it cannot reason about data flow, aliasing, or runtime state
Common uses include detecting calls to deprecated functions, flagging unsafe functions (eval(), exec()), enforcing naming conventions, and finding trivially injected values.
Exakat uses pattern-based analysis for many of its rules, alongside deeper analyses.
<?php
// Pattern-based analysis can flag the use of eval() regardless of context
$code = $_GET['snippet'] ?? '';
eval($code); // flagged by pattern: use of eval()
?>
See also Pattern-based analysis — OWASP Code Review Guide.
Related : Analysis, Lexical Analysis, Semantic Analysis, Control Flow Analysis, Data Flow Analysis, Symbolic Analysis, Static Application Security Testing (SAST), Abstract Syntactic Tree (AST), Regular Expression