Cornac for PHP               PHP static code analysisOSCON, Portland, OR, USA, July 28th 2011
Agenda• What is cornac?• Applications and results• How to make your code better
Who’s speaking?• Damien Seguy• In transition from Alter Way, France  to Bysoft, China• Industrialisation coach,  LAMP expe...
Yes, we take
./bin/cornac -I spotweb.ini> Tokenizeur> Auditeur> Done
Quick Inventory
Quick Inventory
Quick Inventory
Quick Inventory
Quick Inventory
Cornac• Static auditor• Analyze PHP code without executing  it• Study the application as a whole
Do not mistake           with• Xdebug • xdebug executes code• grep • grep doesn’t understand PHP semantics• CodeSniffer • ...
Close cousins• PMD • PHP Mess Detector• PHP_Depends
PHP extensions list        • The real list of extensions        • Useful for deployment        • Loved by hosting compan
PHP extensions list        • The real list of extensions        • Useful for deployment        • Loved by hosting compan
PHP extensions list        • The real list of extensions        • Useful for deployment        • Loved by hosting compan
PHP extensions list        • The real list of extensions        • Useful for deployment        • Loved by hosting compan
Static audit• Process large quantities of code• Process the same code over and  over• Depends on auditor expert level• Aut...
Classes
Classes
Classes
Classes
Application        inventory• Taking a global look at the  application• List of structures names• List of used PHP functio...
Technical aspects• Listing all technical aspects • PHP functionalities • Advanced functionalities • Deprecated functionali...
5.3 migration• Incompatible evolutions• Obsolet functions• Reference handling• References with the ‘new’ operator• mktime ...
Structures names• Extract all structures names• Study the convention• Study the whole• Study semantics
Inclusion network
Inclusion network• include*, require*• Ignore variables• Circles represents  files• Arrows represent  inclusions
Constant network• Link between  constant definition  and its usage• Constants are used  within their  definition file• Except...
Global view• Provide a graph for the whole  application• Get a feedback without dwelling on  the precise names
Hierarchies• Dot version• Not too many levels
Hiérarchies • dotclear hierarchy
Hierarchies
Classes network• Gephi version• Link classes  based on  composition
Cornac under the      hood• Cornac depends on PHP tokenizer• It add a layer of structure : spoting  larger structures• It ...
<?php print ("hello $world! "); ?>              Extractions  [1] => Array      (                   [6] => Array          [...
Extractions<?php print ("hello $world! "); ?>
Extractions
Iffectations
Iffectations
Iffectations
Iffectations
Unused classes• Classes, properties, variables, functions,
Inner gearsTokeni      Auditeur   Display zeur            Analyzer
Evolution                      • WebTokeni     Auditeur   • XML zeur                      • ODS                      • PHP...
Rules• Security• Best practices (PHP, CMS..)• In house conventions• PHP 5.3 5.4 migration• Performances• Design patterns
http://www.cornac.info/    damien.seguy@gmail.comSpecial thanks to Christophe Zadowski and Alexis Tellier
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Static code analysis v2
Upcoming SlideShare
Loading in …5
×

Static code analysis v2

1,976
-1

Published on

Most of the time, auditing PHP code is done manually. One need to read the code to understand it, and find flaws (security, business, quality…)

Static analysis takes over manual auditing by providing means to search all the code, without leaving a stone unturned : it still needs to do this according to direction.

During this session, we’ll cover the use an open static analysis tool, also known as cornac, that will provide us invaluable information such as : PHP 5.3 compabitility, security flaws, inclusion tree, unused variables and arguments, GPC manipulations, stange names and classes inventories.

This is the best way to take a look at one’s code with hindsight. We’ll share with the audience code metrics and must-check structures of code.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,976
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
36
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Static code analysis v2

    1. 1. Cornac for PHP PHP static code analysisOSCON, Portland, OR, USA, July 28th 2011
    2. 2. Agenda• What is cornac?• Applications and results• How to make your code better
    3. 3. Who’s speaking?• Damien Seguy• In transition from Alter Way, France to Bysoft, China• Industrialisation coach, LAMP expert• damien.seguy@gmail.com
    4. 4. Yes, we take
    5. 5. ./bin/cornac -I spotweb.ini> Tokenizeur> Auditeur> Done
    6. 6. Quick Inventory
    7. 7. Quick Inventory
    8. 8. Quick Inventory
    9. 9. Quick Inventory
    10. 10. Quick Inventory
    11. 11. Cornac• Static auditor• Analyze PHP code without executing it• Study the application as a whole
    12. 12. Do not mistake with• Xdebug • xdebug executes code• grep • grep doesn’t understand PHP semantics• CodeSniffer • CodeSniffer check for coding and naming conventions
    13. 13. Close cousins• PMD • PHP Mess Detector• PHP_Depends
    14. 14. PHP extensions list • The real list of extensions • Useful for deployment • Loved by hosting compan
    15. 15. PHP extensions list • The real list of extensions • Useful for deployment • Loved by hosting compan
    16. 16. PHP extensions list • The real list of extensions • Useful for deployment • Loved by hosting compan
    17. 17. PHP extensions list • The real list of extensions • Useful for deployment • Loved by hosting compan
    18. 18. Static audit• Process large quantities of code• Process the same code over and over• Depends on auditor expert level• Automates searchs• Make search systematics
    19. 19. Classes
    20. 20. Classes
    21. 21. Classes
    22. 22. Classes
    23. 23. Application inventory• Taking a global look at the application• List of structures names• List of used PHP functionnalities
    24. 24. Technical aspects• Listing all technical aspects • PHP functionalities • Advanced functionalities • Deprecated functionalities • Dependences
    25. 25. 5.3 migration• Incompatible evolutions• Obsolet functions• Reference handling• References with the ‘new’ operator• mktime doesn’t take 7 parameters anymore
    26. 26. Structures names• Extract all structures names• Study the convention• Study the whole• Study semantics
    27. 27. Inclusion network
    28. 28. Inclusion network• include*, require*• Ignore variables• Circles represents files• Arrows represent inclusions
    29. 29. Constant network• Link between constant definition and its usage• Constants are used within their definition file• Except one
    30. 30. Global view• Provide a graph for the whole application• Get a feedback without dwelling on the precise names
    31. 31. Hierarchies• Dot version• Not too many levels
    32. 32. Hiérarchies • dotclear hierarchy
    33. 33. Hierarchies
    34. 34. Classes network• Gephi version• Link classes based on composition
    35. 35. Cornac under the hood• Cornac depends on PHP tokenizer• It add a layer of structure : spoting larger structures• It removes all useless separators • {} [] () ; , ‘’ «»
    36. 36. <?php print ("hello $world! "); ?> Extractions [1] => Array ( [6] => Array [0] => 266 ( [1] => print [0] => 309 [2] => 1 [1] => $world ) [2] => 1 ) [2] => Array ( [7] => Array [0] => 370 ( [1] => [0] => 314 [2] => 1 [1] => ! ) [2] => 1 ) [3] => ( [4] => " [8] => " [5] => Array [9] => ) ( [10] => ; [1] => Array [0] => 314 ( [1] => hello [0] => token PHP [2] => 1 [1] => code PHP ) [2] => ligne ) [2] => "
    37. 37. Extractions<?php print ("hello $world! "); ?>
    38. 38. Extractions
    39. 39. Iffectations
    40. 40. Iffectations
    41. 41. Iffectations
    42. 42. Iffectations
    43. 43. Unused classes• Classes, properties, variables, functions,
    44. 44. Inner gearsTokeni Auditeur Display zeur Analyzer
    45. 45. Evolution • WebTokeni Auditeur • XML zeur • ODS • PHPCodeBrow • Sonar • ... Analyzer
    46. 46. Rules• Security• Best practices (PHP, CMS..)• In house conventions• PHP 5.3 5.4 migration• Performances• Design patterns
    47. 47. http://www.cornac.info/ damien.seguy@gmail.comSpecial thanks to Christophe Zadowski and Alexis Tellier
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×