SlideShare ist ein Scribd-Unternehmen logo

Exakat for PHP : smart code reviewing engine

Damien Seguy
Damien Seguy

Presentation of the exakat engine : run the Exakat engine, and keep an eye on all your code : PHP 7 migration, security, code typos, and code quality. All automated and open source!

Technologie
1 von 17
Downloaden Sie, um offline zu lesen
http://www.exakat.io/ Exakat Engine Smart Code Reviewing Engine
http://www.exakat.io/
http://www.exakat.io/ Let's clean for PHP 7 <?php class foo {     function bar() {         echo 'I am not static!';     } } foo::bar(); ?> 10 % vulnerable
http://www.exakat.io/ Let's clean for PHP 7 <?php use foo2 as foo; class foo2 {     function bar() {         echo 'I am not static!';     } } foo::bar(); ?> Goal : Spot those issues for us
http://www.exakat.io/ Let's clean for PHP 7 <?php use foo2 as foo; class foo3 {     function bar() {         echo 'I am not static!';     } } class foo2 extends foo3 { } foo::bar(); ?> Goal : Spot those issues for us
http://www.exakat.io/ Let's clean for PHP 7 s foo; extends foo3 { } ; Goal : Spot those issues <?php class foo3 {     function bar(         echo 'I a     } } ?> <?php foo::bar(); ?>
http://www.exakat.io/ PHP code as data • Understand PHP code just like the binary • Be able to query the database for special constructs • Apply this to PHP 7 migration
0 => 376 : T_OPEN_TAG (<?php ) 1 => 379 : T_WHITESPACE ( ) 2 => 344 : T_USE (use) 3 => 379 : T_WHITESPACE ( ) 4 => 310 : T_STRING (foo2) 5 => 379 : T_WHITESPACE ( ) 6 => 329 : T_AS (as) 7 => 379 : T_WHITESPACE ( ) 8 => 310 : T_STRING (foo) ; 10 => 379 : T_WHITESPACE ( ) 11 => 358 : T_CLASS (class) 12 => 379 : T_WHITESPACE ( ) 13 => 310 : T_STRING (foo3) 14 => 379 : T_WHITESPACE ( ) { 16 => 379 : T_WHITESPACE ( ) 17 => 337 : T_FUNCTION (function) 18 => 379 : T_WHITESPACE ( ) 19 => 310 : T_STRING (bar) ( ) 22 => 379 : T_WHITESPACE ( ) {
Tokenize PHP code 
 into an AST
PHP 5, PHP 7 Psr-4 ClearPHP Performance     
<?php /** Lots of code **/ class phpthumb { /** Lots of code **/ function ErrorImage($text, $width=0, $height=0) { $width = ($width ? $width : $this->config_error_image_width); $height = ($height ? $height : $this->config_error_image_height); /** Lots of code **/
http://www.exakat.io/reports/plogger/
http://www.exakat.io/ How to use it? • Review current code • Validate external code • Prepare for future code • Hunt bugs and dead code • An eye over my shoulder
http://www.exakat.io/ Get it! • Download on http://www.exakat.io/ • Open Source, and free • Test it on your code • I'm here, talk to me • Try it online with phplint.com or at exakat.io zelfs in het Nederlands, als je moedig bent B eta tester w an ted!
http://www.exakat.io/ The Exakat Engine @exakat

Empfohlen

Modern PHP
Modern PHPModern PHP
Modern PHPSimon Jones
 
PHP7 - Scalar Type Hints & Return Types
PHP7 - Scalar Type Hints & Return TypesPHP7 - Scalar Type Hints & Return Types
PHP7 - Scalar Type Hints & Return TypesEric Poe
 
02 Php Vars Op Control Etc
02 Php Vars Op Control Etc02 Php Vars Op Control Etc
02 Php Vars Op Control EtcGeshan Manandhar
 
Key features PHP 5.3 - 5.6
Key features PHP 5.3 - 5.6Key features PHP 5.3 - 5.6
Key features PHP 5.3 - 5.6Federico Damián Lozada Mosto
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13julien pauli
 
Fibonacci Series Program in C++
Fibonacci Series Program in C++Fibonacci Series Program in C++
Fibonacci Series Program in C++Aditi Bhushan
 
Session1+2
Session1+2Session1+2
Session1+2สอนทำโปรเจคจบ วิทคอมไอทีคอมธุรกิจ
 
symfony & jQuery (PUG)
symfony & jQuery (PUG)symfony & jQuery (PUG)
symfony & jQuery (PUG)Massimiliano Arione
 

Weitere ähnliche Inhalte

Was ist angesagt?

How the stack works(1)
How the stack works(1)How the stack works(1)
How the stack works(1)keithrozario
 
PHP「参照渡しできるよ」(君の考えている参照渡しと同じとは言ってない)
PHP「参照渡しできるよ」(君の考えている参照渡しと同じとは言ってない)PHP「参照渡しできるよ」(君の考えている参照渡しと同じとは言ってない)
PHP「参照渡しできるよ」(君の考えている参照渡しと同じとは言ってない)Kana Natsuno
 
Errors, Exceptions & Logging (PHP Hants Oct '13)
Errors, Exceptions & Logging (PHP Hants Oct '13)Errors, Exceptions & Logging (PHP Hants Oct '13)
Errors, Exceptions & Logging (PHP Hants Oct '13)James Titcumb
 
Errors, Exceptions & Logging (PHPNW13 Uncon)
Errors, Exceptions & Logging (PHPNW13 Uncon)Errors, Exceptions & Logging (PHPNW13 Uncon)
Errors, Exceptions & Logging (PHPNW13 Uncon)James Titcumb
 
[4developers2016] PHP 7 (Michał Pipa)
[4developers2016] PHP 7 (Michał Pipa)[4developers2016] PHP 7 (Michał Pipa)
[4developers2016] PHP 7 (Michał Pipa)PROIDEA
 
PHP 7.0 new features (and new interpreter)
PHP 7.0 new features (and new interpreter)PHP 7.0 new features (and new interpreter)
PHP 7.0 new features (and new interpreter)Andrea Telatin
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from insidejulien pauli
 
Surprise! It's PHP :) (unabridged)
Surprise! It's PHP :) (unabridged)Surprise! It's PHP :) (unabridged)
Surprise! It's PHP :) (unabridged)Sharon Levy
 
Php7 HHVM and co
Php7 HHVM and coPhp7 HHVM and co
Php7 HHVM and coweltling
 
Anatomy of a PHP Request ( UTOSC 2010 )
Anatomy of a PHP Request ( UTOSC 2010 )Anatomy of a PHP Request ( UTOSC 2010 )
Anatomy of a PHP Request ( UTOSC 2010 )Joseph Scott
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPwahidullah mudaser
 
PHP - Introduction to PHP - Mazenet Solution
PHP - Introduction to PHP - Mazenet SolutionPHP - Introduction to PHP - Mazenet Solution
PHP - Introduction to PHP - Mazenet SolutionMazenetsolution
 
Gwt wouter
Gwt wouterGwt wouter
Gwt wouterWouter
 
Introduction to web and php mysql
Introduction to web and php mysqlIntroduction to web and php mysql
Introduction to web and php mysqlProgrammer Blog
 

Was ist angesagt? (20)

How the stack works(1)
How the stack works(1)How the stack works(1)
How the stack works(1)
 
PHP「参照渡しできるよ」(君の考えている参照渡しと同じとは言ってない)
PHP「参照渡しできるよ」(君の考えている参照渡しと同じとは言ってない)PHP「参照渡しできるよ」(君の考えている参照渡しと同じとは言ってない)
PHP「参照渡しできるよ」(君の考えている参照渡しと同じとは言ってない)
 
PHP 5.3
PHP 5.3PHP 5.3
PHP 5.3
 
Php operators
Php operatorsPhp operators
Php operators
 
Errors, Exceptions & Logging (PHP Hants Oct '13)
Errors, Exceptions & Logging (PHP Hants Oct '13)Errors, Exceptions & Logging (PHP Hants Oct '13)
Errors, Exceptions & Logging (PHP Hants Oct '13)
 
Errors, Exceptions & Logging (PHPNW13 Uncon)
Errors, Exceptions & Logging (PHPNW13 Uncon)Errors, Exceptions & Logging (PHPNW13 Uncon)
Errors, Exceptions & Logging (PHPNW13 Uncon)
 
[4developers2016] PHP 7 (Michał Pipa)
[4developers2016] PHP 7 (Michał Pipa)[4developers2016] PHP 7 (Michał Pipa)
[4developers2016] PHP 7 (Michał Pipa)
 
PHP 7.0 new features (and new interpreter)
PHP 7.0 new features (and new interpreter)PHP 7.0 new features (and new interpreter)
PHP 7.0 new features (and new interpreter)
 
Introduction to PHP
Introduction to PHPIntroduction to PHP
Introduction to PHP
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from inside
 
Surprise! It's PHP :) (unabridged)
Surprise! It's PHP :) (unabridged)Surprise! It's PHP :) (unabridged)
Surprise! It's PHP :) (unabridged)
 
ZF3 introduction
ZF3 introductionZF3 introduction
ZF3 introduction
 
Perl IO
Perl IOPerl IO
Perl IO
 
Php7 HHVM and co
Php7 HHVM and coPhp7 HHVM and co
Php7 HHVM and co
 
Operators in PHP
Operators in PHPOperators in PHP
Operators in PHP
 
Anatomy of a PHP Request ( UTOSC 2010 )
Anatomy of a PHP Request ( UTOSC 2010 )Anatomy of a PHP Request ( UTOSC 2010 )
Anatomy of a PHP Request ( UTOSC 2010 )
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHP
 
PHP - Introduction to PHP - Mazenet Solution
PHP - Introduction to PHP - Mazenet SolutionPHP - Introduction to PHP - Mazenet Solution
PHP - Introduction to PHP - Mazenet Solution
 
Gwt wouter
Gwt wouterGwt wouter
Gwt wouter
 
Introduction to web and php mysql
Introduction to web and php mysqlIntroduction to web and php mysql
Introduction to web and php mysql
 

Andere mochten auch

Teaching programming for kids
Teaching programming for kidsTeaching programming for kids
Teaching programming for kidsDamien Seguy
 
Presentation for Catalyst workshop, with notes
Presentation for Catalyst workshop, with notesPresentation for Catalyst workshop, with notes
Presentation for Catalyst workshop, with notesAlex Watson
 
Presentación sobre el hiv
Presentación sobre el hivPresentación sobre el hiv
Presentación sobre el hivluzdelalba82
 
STORYTELLING
STORYTELLINGSTORYTELLING
STORYTELLINGtoap
 
Ημερολόγιο Δραστηριοτήτων Π.Ο. 2015-16
Ημερολόγιο Δραστηριοτήτων Π.Ο. 2015-16Ημερολόγιο Δραστηριοτήτων Π.Ο. 2015-16
Ημερολόγιο Δραστηριοτήτων Π.Ο. 2015-16Ioannis Kevrekidis
 
University Talks #1 | Екатерина Мамонтова - Счастье не поддается инфляции
University Talks #1 | Екатерина Мамонтова - Счастье не поддается инфляцииUniversity Talks #1 | Екатерина Мамонтова - Счастье не поддается инфляции
University Talks #1 | Екатерина Мамонтова - Счастье не поддается инфляцииAmir Abdullaev
 
University Talks #2 | Анастасия Чекрыжова — Свежий взгляд на современное иску...
University Talks #2 | Анастасия Чекрыжова — Свежий взгляд на современное иску...University Talks #2 | Анастасия Чекрыжова — Свежий взгляд на современное иску...
University Talks #2 | Анастасия Чекрыжова — Свежий взгляд на современное иску...Amir Abdullaev
 
How to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applicationsHow to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applicationsOndrej Mihályi
 
Social metadata on the web
Social metadata on the webSocial metadata on the web
Social metadata on the webHendrik Dacquin
 
University Talks #2 | Елена Шилова — Свет и безопасность
University Talks #2 | Елена Шилова — Свет и безопасностьUniversity Talks #2 | Елена Шилова — Свет и безопасность
University Talks #2 | Елена Шилова — Свет и безопасностьAmir Abdullaev
 
Bozza della Legge di Bilancio 2017
Bozza della Legge di Bilancio 2017 Bozza della Legge di Bilancio 2017
Bozza della Legge di Bilancio 2017 Voci di Palazzo
 
Social Media Trends 2014
Social Media Trends 2014Social Media Trends 2014
Social Media Trends 2014NUS-ISS
 
Meilleures photos national geo 2015
Meilleures photos national geo 2015Meilleures photos national geo 2015
Meilleures photos national geo 2015Balcon60
 
Keynote 4: Leadership and Education for Sustainable Development, Philip Vaughter
Keynote 4: Leadership and Education for Sustainable Development, Philip VaughterKeynote 4: Leadership and Education for Sustainable Development, Philip Vaughter
Keynote 4: Leadership and Education for Sustainable Development, Philip VaughterESD UNU-IAS
 
Media, Technology and Consumer Trends to Watch in 2016
Media, Technology and Consumer Trends to Watch in 2016Media, Technology and Consumer Trends to Watch in 2016
Media, Technology and Consumer Trends to Watch in 2016The Fisheye Group
 
Proyecto "Song for a change"
Proyecto "Song for a change"Proyecto "Song for a change"
Proyecto "Song for a change"sandaliasonora
 

Andere mochten auch (20)

Teaching programming for kids
Teaching programming for kidsTeaching programming for kids
Teaching programming for kids
 
Code metrics in PHP
Code metrics in PHPCode metrics in PHP
Code metrics in PHP
 
Presentation for Catalyst workshop, with notes
Presentation for Catalyst workshop, with notesPresentation for Catalyst workshop, with notes
Presentation for Catalyst workshop, with notes
 
Presentación sobre el hiv
Presentación sobre el hivPresentación sobre el hiv
Presentación sobre el hiv
 
STORYTELLING
STORYTELLINGSTORYTELLING
STORYTELLING
 
Ημερολόγιο Δραστηριοτήτων Π.Ο. 2015-16
Ημερολόγιο Δραστηριοτήτων Π.Ο. 2015-16Ημερολόγιο Δραστηριοτήτων Π.Ο. 2015-16
Ημερολόγιο Δραστηριοτήτων Π.Ο. 2015-16
 
Piracy
PiracyPiracy
Piracy
 
University Talks #1 | Екатерина Мамонтова - Счастье не поддается инфляции
University Talks #1 | Екатерина Мамонтова - Счастье не поддается инфляцииUniversity Talks #1 | Екатерина Мамонтова - Счастье не поддается инфляции
University Talks #1 | Екатерина Мамонтова - Счастье не поддается инфляции
 
University Talks #2 | Анастасия Чекрыжова — Свежий взгляд на современное иску...
University Talks #2 | Анастасия Чекрыжова — Свежий взгляд на современное иску...University Talks #2 | Анастасия Чекрыжова — Свежий взгляд на современное иску...
University Talks #2 | Анастасия Чекрыжова — Свежий взгляд на современное иску...
 
How to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applicationsHow to bake reactive behavior into your Java EE applications
How to bake reactive behavior into your Java EE applications
 
Social metadata on the web
Social metadata on the webSocial metadata on the web
Social metadata on the web
 
University Talks #2 | Елена Шилова — Свет и безопасность
University Talks #2 | Елена Шилова — Свет и безопасностьUniversity Talks #2 | Елена Шилова — Свет и безопасность
University Talks #2 | Елена Шилова — Свет и безопасность
 
Bozza della Legge di Bilancio 2017
Bozza della Legge di Bilancio 2017 Bozza della Legge di Bilancio 2017
Bozza della Legge di Bilancio 2017
 
Somar com o outono I
Somar com o outono I Somar com o outono I
Somar com o outono I
 
Social Media Trends 2014
Social Media Trends 2014Social Media Trends 2014
Social Media Trends 2014
 
Becoming a Systematic Entrepreneur?
Becoming a Systematic Entrepreneur?Becoming a Systematic Entrepreneur?
Becoming a Systematic Entrepreneur?
 
Meilleures photos national geo 2015
Meilleures photos national geo 2015Meilleures photos national geo 2015
Meilleures photos national geo 2015
 
Keynote 4: Leadership and Education for Sustainable Development, Philip Vaughter
Keynote 4: Leadership and Education for Sustainable Development, Philip VaughterKeynote 4: Leadership and Education for Sustainable Development, Philip Vaughter
Keynote 4: Leadership and Education for Sustainable Development, Philip Vaughter
 
Media, Technology and Consumer Trends to Watch in 2016
Media, Technology and Consumer Trends to Watch in 2016Media, Technology and Consumer Trends to Watch in 2016
Media, Technology and Consumer Trends to Watch in 2016
 
Proyecto "Song for a change"
Proyecto "Song for a change"Proyecto "Song for a change"
Proyecto "Song for a change"
 

Ähnlich wie Exakat for PHP : smart code reviewing engine

The why and how of moving to php 5.4
The why and how of moving to php 5.4The why and how of moving to php 5.4
The why and how of moving to php 5.4Wim Godden
 
Living With Legacy Code
Living With Legacy CodeLiving With Legacy Code
Living With Legacy CodeRowan Merewood
 
Diving into HHVM Extensions (php[tek] 2016)
Diving into HHVM Extensions (php[tek] 2016)Diving into HHVM Extensions (php[tek] 2016)
Diving into HHVM Extensions (php[tek] 2016)James Titcumb
 
GettingStartedWithPHP
GettingStartedWithPHPGettingStartedWithPHP
GettingStartedWithPHPNat Weerawan
 
Diving into HHVM Extensions (Brno PHP Conference 2015)
Diving into HHVM Extensions (Brno PHP Conference 2015)Diving into HHVM Extensions (Brno PHP Conference 2015)
Diving into HHVM Extensions (Brno PHP Conference 2015)James Titcumb
 
Diving into HHVM Extensions (PHPNW Conference 2015)
Diving into HHVM Extensions (PHPNW Conference 2015)Diving into HHVM Extensions (PHPNW Conference 2015)
Diving into HHVM Extensions (PHPNW Conference 2015)James Titcumb
 
What To Expect From PHP7
What To Expect From PHP7What To Expect From PHP7
What To Expect From PHP7Codemotion
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbaivibrantuser
 
The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5Wim Godden
 
Php7 hhvm and co
Php7 hhvm and coPhp7 hhvm and co
Php7 hhvm and coPierre Joye
 
An introduction to PHP 5.4
An introduction to PHP 5.4An introduction to PHP 5.4
An introduction to PHP 5.4Giovanni Derks
 
Orange@php conf
Orange@php confOrange@php conf
Orange@php confHash Lin
 
Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧Orange Tsai
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5Wim Godden
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
CodePolitan Webinar: The Rise of PHP
CodePolitan Webinar: The Rise of PHPCodePolitan Webinar: The Rise of PHP
CodePolitan Webinar: The Rise of PHPSteeven Salim
 

Ähnlich wie Exakat for PHP : smart code reviewing engine (20)

The why and how of moving to php 5.4
The why and how of moving to php 5.4The why and how of moving to php 5.4
The why and how of moving to php 5.4
 
Living With Legacy Code
Living With Legacy CodeLiving With Legacy Code
Living With Legacy Code
 
Diving into HHVM Extensions (php[tek] 2016)
Diving into HHVM Extensions (php[tek] 2016)Diving into HHVM Extensions (php[tek] 2016)
Diving into HHVM Extensions (php[tek] 2016)
 
GettingStartedWithPHP
GettingStartedWithPHPGettingStartedWithPHP
GettingStartedWithPHP
 
Diving into HHVM Extensions (Brno PHP Conference 2015)
Diving into HHVM Extensions (Brno PHP Conference 2015)Diving into HHVM Extensions (Brno PHP Conference 2015)
Diving into HHVM Extensions (Brno PHP Conference 2015)
 
Diving into HHVM Extensions (PHPNW Conference 2015)
Diving into HHVM Extensions (PHPNW Conference 2015)Diving into HHVM Extensions (PHPNW Conference 2015)
Diving into HHVM Extensions (PHPNW Conference 2015)
 
What To Expect From PHP7
What To Expect From PHP7What To Expect From PHP7
What To Expect From PHP7
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbai
 
The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5
 
Php7 hhvm and co
Php7 hhvm and coPhp7 hhvm and co
Php7 hhvm and co
 
An introduction to PHP 5.4
An introduction to PHP 5.4An introduction to PHP 5.4
An introduction to PHP 5.4
 
Orange@php conf
Orange@php confOrange@php conf
Orange@php conf
 
Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5
 
Introduction to PHP
Introduction to PHPIntroduction to PHP
Introduction to PHP
 
php 1
php 1php 1
php 1
 
Php 7 evolution
Php 7 evolutionPhp 7 evolution
Php 7 evolution
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
CodePolitan Webinar: The Rise of PHP
CodePolitan Webinar: The Rise of PHPCodePolitan Webinar: The Rise of PHP
CodePolitan Webinar: The Rise of PHP
 
PHP Quiz
PHP QuizPHP Quiz
PHP Quiz
 

Mehr von Damien Seguy

Strong typing @ php leeds
Strong typing @ php leedsStrong typing @ php leeds
Strong typing @ php leedsDamien Seguy
 
Strong typing : adoption, adaptation and organisation
Strong typing : adoption, adaptation and organisationStrong typing : adoption, adaptation and organisation
Strong typing : adoption, adaptation and organisationDamien Seguy
 
Qui a laissé son mot de passe dans le code
Qui a laissé son mot de passe dans le codeQui a laissé son mot de passe dans le code
Qui a laissé son mot de passe dans le codeDamien Seguy
 
Analyse statique et applications
Analyse statique et applicationsAnalyse statique et applications
Analyse statique et applicationsDamien Seguy
 
Top 10 pieges php afup limoges
Top 10 pieges php afup limogesTop 10 pieges php afup limoges
Top 10 pieges php afup limogesDamien Seguy
 
Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Damien Seguy
 
Meilleur du typage fort (AFUP Day, 2020)
Meilleur du typage fort (AFUP Day, 2020)Meilleur du typage fort (AFUP Day, 2020)
Meilleur du typage fort (AFUP Day, 2020)Damien Seguy
 
Top 10 php classic traps confoo
Top 10 php classic traps confooTop 10 php classic traps confoo
Top 10 php classic traps confooDamien Seguy
 
Tout pour se préparer à PHP 7.4
Tout pour se préparer à PHP 7.4Tout pour se préparer à PHP 7.4
Tout pour se préparer à PHP 7.4Damien Seguy
 
Top 10 php classic traps php serbia
Top 10 php classic traps php serbiaTop 10 php classic traps php serbia
Top 10 php classic traps php serbiaDamien Seguy
 
Top 10 php classic traps
Top 10 php classic trapsTop 10 php classic traps
Top 10 php classic trapsDamien Seguy
 
Top 10 chausse trappes
Top 10 chausse trappesTop 10 chausse trappes
Top 10 chausse trappesDamien Seguy
 
Code review workshop
Code review workshopCode review workshop
Code review workshopDamien Seguy
 
Understanding static analysis php amsterdam 2018
Understanding static analysis php amsterdam 2018Understanding static analysis php amsterdam 2018
Understanding static analysis php amsterdam 2018Damien Seguy
 
Review unknown code with static analysis php ce 2018
Review unknown code with static analysis php ce 2018Review unknown code with static analysis php ce 2018
Review unknown code with static analysis php ce 2018Damien Seguy
 
Everything new with PHP 7.3
Everything new with PHP 7.3Everything new with PHP 7.3
Everything new with PHP 7.3Damien Seguy
 
Php 7.3 et ses RFC (AFUP Toulouse)
Php 7.3 et ses RFC (AFUP Toulouse)Php 7.3 et ses RFC (AFUP Toulouse)
Php 7.3 et ses RFC (AFUP Toulouse)Damien Seguy
 
Tout sur PHP 7.3 et ses RFC
Tout sur PHP 7.3 et ses RFCTout sur PHP 7.3 et ses RFC
Tout sur PHP 7.3 et ses RFCDamien Seguy
 
Review unknown code with static analysis php ipc 2018
Review unknown code with static analysis php ipc 2018Review unknown code with static analysis php ipc 2018
Review unknown code with static analysis php ipc 2018Damien Seguy
 
Code review for busy people
Code review for busy peopleCode review for busy people
Code review for busy peopleDamien Seguy
 

Mehr von Damien Seguy (20)

Strong typing @ php leeds
Strong typing @ php leedsStrong typing @ php leeds
Strong typing @ php leeds
 
Strong typing : adoption, adaptation and organisation
Strong typing : adoption, adaptation and organisationStrong typing : adoption, adaptation and organisation
Strong typing : adoption, adaptation and organisation
 
Qui a laissé son mot de passe dans le code
Qui a laissé son mot de passe dans le codeQui a laissé son mot de passe dans le code
Qui a laissé son mot de passe dans le code
 
Analyse statique et applications
Analyse statique et applicationsAnalyse statique et applications
Analyse statique et applications
 
Top 10 pieges php afup limoges
Top 10 pieges php afup limogesTop 10 pieges php afup limoges
Top 10 pieges php afup limoges
 
Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020
 
Meilleur du typage fort (AFUP Day, 2020)
Meilleur du typage fort (AFUP Day, 2020)Meilleur du typage fort (AFUP Day, 2020)
Meilleur du typage fort (AFUP Day, 2020)
 
Top 10 php classic traps confoo
Top 10 php classic traps confooTop 10 php classic traps confoo
Top 10 php classic traps confoo
 
Tout pour se préparer à PHP 7.4
Tout pour se préparer à PHP 7.4Tout pour se préparer à PHP 7.4
Tout pour se préparer à PHP 7.4
 
Top 10 php classic traps php serbia
Top 10 php classic traps php serbiaTop 10 php classic traps php serbia
Top 10 php classic traps php serbia
 
Top 10 php classic traps
Top 10 php classic trapsTop 10 php classic traps
Top 10 php classic traps
 
Top 10 chausse trappes
Top 10 chausse trappesTop 10 chausse trappes
Top 10 chausse trappes
 
Code review workshop
Code review workshopCode review workshop
Code review workshop
 
Understanding static analysis php amsterdam 2018
Understanding static analysis php amsterdam 2018Understanding static analysis php amsterdam 2018
Understanding static analysis php amsterdam 2018
 
Review unknown code with static analysis php ce 2018
Review unknown code with static analysis php ce 2018Review unknown code with static analysis php ce 2018
Review unknown code with static analysis php ce 2018
 
Everything new with PHP 7.3
Everything new with PHP 7.3Everything new with PHP 7.3
Everything new with PHP 7.3
 
Php 7.3 et ses RFC (AFUP Toulouse)
Php 7.3 et ses RFC (AFUP Toulouse)Php 7.3 et ses RFC (AFUP Toulouse)
Php 7.3 et ses RFC (AFUP Toulouse)
 
Tout sur PHP 7.3 et ses RFC
Tout sur PHP 7.3 et ses RFCTout sur PHP 7.3 et ses RFC
Tout sur PHP 7.3 et ses RFC
 
Review unknown code with static analysis php ipc 2018
Review unknown code with static analysis php ipc 2018Review unknown code with static analysis php ipc 2018
Review unknown code with static analysis php ipc 2018
 
Code review for busy people
Code review for busy peopleCode review for busy people
Code review for busy people
 

Kürzlich hochgeladen

Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 

Kürzlich hochgeladen (20)

Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 

Exakat for PHP : smart code reviewing engine

  • 3. http://www.exakat.io/ Let's clean for PHP 7 <?php class foo {     function bar() {         echo 'I am not static!';     } } foo::bar(); ?> 10 % vulnerable
  • 4. http://www.exakat.io/ Let's clean for PHP 7 <?php use foo2 as foo; class foo2 {     function bar() {         echo 'I am not static!';     } } foo::bar(); ?> Goal : Spot those issues for us
  • 5. http://www.exakat.io/ Let's clean for PHP 7 <?php use foo2 as foo; class foo3 {     function bar() {         echo 'I am not static!';     } } class foo2 extends foo3 { } foo::bar(); ?> Goal : Spot those issues for us
  • 6. http://www.exakat.io/ Let's clean for PHP 7 s foo; extends foo3 { } ; Goal : Spot those issues <?php class foo3 {     function bar(         echo 'I a     } } ?> <?php foo::bar(); ?>
  • 7. http://www.exakat.io/ PHP code as data • Understand PHP code just like the binary • Be able to query the database for special constructs • Apply this to PHP 7 migration
  • 8. 0 => 376 : T_OPEN_TAG (<?php ) 1 => 379 : T_WHITESPACE ( ) 2 => 344 : T_USE (use) 3 => 379 : T_WHITESPACE ( ) 4 => 310 : T_STRING (foo2) 5 => 379 : T_WHITESPACE ( ) 6 => 329 : T_AS (as) 7 => 379 : T_WHITESPACE ( ) 8 => 310 : T_STRING (foo) ; 10 => 379 : T_WHITESPACE ( ) 11 => 358 : T_CLASS (class) 12 => 379 : T_WHITESPACE ( ) 13 => 310 : T_STRING (foo3) 14 => 379 : T_WHITESPACE ( ) { 16 => 379 : T_WHITESPACE ( ) 17 => 337 : T_FUNCTION (function) 18 => 379 : T_WHITESPACE ( ) 19 => 310 : T_STRING (bar) ( ) 22 => 379 : T_WHITESPACE ( ) {
  • 9. Tokenize PHP code 
 into an AST
  • 10. PHP 5, PHP 7 Psr-4 ClearPHP Performance     
  • 11. <?php /** Lots of code **/ class phpthumb { /** Lots of code **/ function ErrorImage($text, $width=0, $height=0) { $width = ($width ? $width : $this->config_error_image_width); $height = ($height ? $height : $this->config_error_image_height); /** Lots of code **/
  • 12.
  • 14.
  • 15. http://www.exakat.io/ How to use it? • Review current code • Validate external code • Prepare for future code • Hunt bugs and dead code • An eye over my shoulder
  • 16. http://www.exakat.io/ Get it! • Download on http://www.exakat.io/ • Open Source, and free • Test it on your code • I'm here, talk to me • Try it online with phplint.com or at exakat.io zelfs in het Nederlands, als je moedig bent B eta tester w an ted!