The document discusses using static code analysis tools like PHP tokenizer and Rips to find bugs in PHP code. It shows how PHP tokenizer can be used to parse code and how Rips builds on it to perform taint analysis. The document demonstrates Rips on sample PHP scripts, WordPress plugins, and a Yii app. It notes that while these tools help find bugs, they are not ideal for large object-oriented projects due to limitations of the PHP tokenizer.

1. PHP STATIC CODE ANALISYS
Belakhdar Abdeldjalil
1

2. Show the code
● Simple php script
● Few pages
● Few code lines
2

3. Find the bug
Try to find it manually ?
3

4. Are there better ways to do it ?
4

5. Find the bug
How about grep ?
5

6. Are there better way to do it ?
6

7. Find the bug
How about Php tokenizer ?
7

8. Find the bug
Rips is in the party
8

9. Find the bug
Rips and taint analysis
9

10. Find the bug
Php tokenizer in action with Rips
10

11. Demo
Try rips on rips
11

12. Demo
Try rips on wordpress plugins
12

13. Demo
Try rips on yii app
13

14. Demo
Rips is not the miracle answer
14

15. In the end
● Php tokenizer is a big help
● Rips make it easier
● Not the best way for object oriented (mvc) project
15

16. Thanks
16

17. Questions Now ?
Or later by email
riemann@opendz.org
17