Exakat for PHP : smart code reviewing engine
17
http://www.exakat.io/ Exakat Engine Smart Code Reviewing Engine
-
Upload
damien-seguy- -
Category
Technology
-
view
608 -
download
0
Transcript of Exakat for PHP : smart code reviewing engine
http://www.exakat.io/
Let's clean for PHP 7
<?php class foo { function bar() { echo 'I am not static!'; } }
foo::bar(); ?>
10 %
vulne
rable
http://www.exakat.io/
Let's clean for PHP 7
<?php
use foo2 as foo;
class foo2 { function bar() { echo 'I am not static!'; } }
foo::bar(); ?>
Goal : Spot those issues for us
http://www.exakat.io/
Let's clean for PHP 7<?php
use foo2 as foo;
class foo3 { function bar() { echo 'I am not static!'; } }
class foo2 extends foo3 { }
foo::bar(); ?>
Goal : Spot those issues for us
http://www.exakat.io/
Let's clean for PHP 7<?php
use foo2 as foo;
class foo2 extends foo3 { }
foo::bar(); ?>
Goal : Spot those issues
<?php class foo3 { function bar() { echo 'I am not static!'; } } ?>
<?php foo::bar(); ?>
http://www.exakat.io/
PHP code as data
• Understand PHP code just like the binary
• Be able to query the database for special constructs
• Apply this to PHP 7 migration
0 => 376 : T_OPEN_TAG (<?php ) 1 => 379 : T_WHITESPACE ( ) 2 => 344 : T_USE (use) 3 => 379 : T_WHITESPACE ( ) 4 => 310 : T_STRING (foo2) 5 => 379 : T_WHITESPACE ( ) 6 => 329 : T_AS (as) 7 => 379 : T_WHITESPACE ( ) 8 => 310 : T_STRING (foo) ; 10 => 379 : T_WHITESPACE (
) 11 => 358 : T_CLASS (class) 12 => 379 : T_WHITESPACE ( ) 13 => 310 : T_STRING (foo3) 14 => 379 : T_WHITESPACE ( ) { 16 => 379 : T_WHITESPACE ( ) 17 => 337 : T_FUNCTION (function) 18 => 379 : T_WHITESPACE ( ) 19 => 310 : T_STRING (bar) ( ) 22 => 379 : T_WHITESPACE ( ) { 24 => 379 : T_WHITESPACE (
Tokenize PHP code into an AST
PHP 5, PHP 7 Psr-4 ClearPHP Performance
<?php
/** Lots of code **/
class phpthumb {
/** Lots of code **/
function ErrorImage($text, $width=0, $height=0) { $width = ($width ? $width : $this->config_error_image_width); $height = ($height ? $height : $this->config_error_image_height);
/** Lots of code **/
http://www.exakat.io/reports/plogger/
http://www.exakat.io/
How to use it?
• Review current code
• Validate external code
• Prepare for future code
• Hunt bugs and dead code
• An eye over my shoulder
http://www.exakat.io/
Get it!
• Download on http://www.exakat.io/
• Open Source, and free
• Test it on your code
• I'm here, talk to me
• Try it online with phplint.com or at exakat.io
zelfs in het Nederlands, als je moedig bentBeta te
ster w
anted
!
