Static code analysis v2
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Static code analysis v2

on

  • 2,043 views

Most of the time, auditing PHP code is done manually. One need to read the code to understand it, and find flaws (security, business, quality…)...

Most of the time, auditing PHP code is done manually. One need to read the code to understand it, and find flaws (security, business, quality…)

Static analysis takes over manual auditing by providing means to search all the code, without leaving a stone unturned : it still needs to do this according to direction.

During this session, we’ll cover the use an open static analysis tool, also known as cornac, that will provide us invaluable information such as : PHP 5.3 compabitility, security flaws, inclusion tree, unused variables and arguments, GPC manipulations, stange names and classes inventories.

This is the best way to take a look at one’s code with hindsight. We’ll share with the audience code metrics and must-check structures of code.

Statistics

Views

Total Views
2,043
Views on SlideShare
2,008
Embed Views
35

Actions

Likes
3
Downloads
33
Comments
0

2 Embeds 35

http://www.oscon.com 33
http://www.techgig.com 2

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Static code analysis v2 Presentation Transcript

  • 1. Cornac for PHP PHP static code analysisOSCON, Portland, OR, USA, July 28th 2011
  • 2. Agenda• What is cornac?• Applications and results• How to make your code better
  • 3. Who’s speaking?• Damien Seguy• In transition from Alter Way, France to Bysoft, China• Industrialisation coach, LAMP expert• damien.seguy@gmail.com
  • 4. Yes, we take
  • 5. ./bin/cornac -I spotweb.ini> Tokenizeur> Auditeur> Done
  • 6. Quick Inventory
  • 7. Quick Inventory
  • 8. Quick Inventory
  • 9. Quick Inventory
  • 10. Quick Inventory
  • 11. Cornac• Static auditor• Analyze PHP code without executing it• Study the application as a whole
  • 12. Do not mistake with• Xdebug • xdebug executes code• grep • grep doesn’t understand PHP semantics• CodeSniffer • CodeSniffer check for coding and naming conventions
  • 13. Close cousins• PMD • PHP Mess Detector• PHP_Depends
  • 14. PHP extensions list • The real list of extensions • Useful for deployment • Loved by hosting compan
  • 15. PHP extensions list • The real list of extensions • Useful for deployment • Loved by hosting compan
  • 16. PHP extensions list • The real list of extensions • Useful for deployment • Loved by hosting compan
  • 17. PHP extensions list • The real list of extensions • Useful for deployment • Loved by hosting compan
  • 18. Static audit• Process large quantities of code• Process the same code over and over• Depends on auditor expert level• Automates searchs• Make search systematics
  • 19. Classes
  • 20. Classes
  • 21. Classes
  • 22. Classes
  • 23. Application inventory• Taking a global look at the application• List of structures names• List of used PHP functionnalities
  • 24. Technical aspects• Listing all technical aspects • PHP functionalities • Advanced functionalities • Deprecated functionalities • Dependences
  • 25. 5.3 migration• Incompatible evolutions• Obsolet functions• Reference handling• References with the ‘new’ operator• mktime doesn’t take 7 parameters anymore
  • 26. Structures names• Extract all structures names• Study the convention• Study the whole• Study semantics
  • 27. Inclusion network
  • 28. Inclusion network• include*, require*• Ignore variables• Circles represents files• Arrows represent inclusions
  • 29. Constant network• Link between constant definition and its usage• Constants are used within their definition file• Except one
  • 30. Global view• Provide a graph for the whole application• Get a feedback without dwelling on the precise names
  • 31. Hierarchies• Dot version• Not too many levels
  • 32. Hiérarchies • dotclear hierarchy
  • 33. Hierarchies
  • 34. Classes network• Gephi version• Link classes based on composition
  • 35. Cornac under the hood• Cornac depends on PHP tokenizer• It add a layer of structure : spoting larger structures• It removes all useless separators • {} [] () ; , ‘’ «»
  • 36. <?php print ("hello $world! "); ?> Extractions [1] => Array ( [6] => Array [0] => 266 ( [1] => print [0] => 309 [2] => 1 [1] => $world ) [2] => 1 ) [2] => Array ( [7] => Array [0] => 370 ( [1] => [0] => 314 [2] => 1 [1] => ! ) [2] => 1 ) [3] => ( [4] => " [8] => " [5] => Array [9] => ) ( [10] => ; [1] => Array [0] => 314 ( [1] => hello [0] => token PHP [2] => 1 [1] => code PHP ) [2] => ligne ) [2] => "
  • 37. Extractions<?php print ("hello $world! "); ?>
  • 38. Extractions
  • 39. Iffectations
  • 40. Iffectations
  • 41. Iffectations
  • 42. Iffectations
  • 43. Unused classes• Classes, properties, variables, functions,
  • 44. Inner gearsTokeni Auditeur Display zeur Analyzer
  • 45. Evolution • WebTokeni Auditeur • XML zeur • ODS • PHPCodeBrow • Sonar • ... Analyzer
  • 46. Rules• Security• Best practices (PHP, CMS..)• In house conventions• PHP 5.3 5.4 migration• Performances• Design patterns
  • 47. http://www.cornac.info/ damien.seguy@gmail.comSpecial thanks to Christophe Zadowski and Alexis Tellier