The Exakat engine is a smart code reviewing tool designed for PHP, particularly to assist in code validation and migration to PHP 7. It enables developers to identify vulnerabilities, validate existing code, detect bugs, and clean up codebases using a structured query approach. The engine is open-source, free to download, and can be tested online.

1. http://www.exakat.io/
Exakat Engine
Smart Code Reviewing Engine

2. http://www.exakat.io/

3. http://www.exakat.io/
Let's clean for PHP 7
<?php
class foo {
function bar() {
echo 'I am not static!';
}
}
foo::bar();
?>
10
%
vulnerable

4. http://www.exakat.io/
Let's clean for PHP 7
<?php
use foo2 as foo;
class foo2 {
function bar() {
echo 'I am not static!';
}
}
foo::bar();
?>
Goal : Spot those issues for us

5. http://www.exakat.io/
Let's clean for PHP 7
<?php
use foo2 as foo;
class foo3 {
function bar() {
echo 'I am not static!';
}
}
class foo2 extends foo3 { }
foo::bar();
?>
Goal : Spot those issues for us

6. http://www.exakat.io/
Let's clean for PHP 7
s foo;
extends foo3 { }
;
Goal : Spot those issues
<?php
class foo3 {
function bar(
echo 'I a
}
}
?>
<?php
foo::bar();
?>

7. http://www.exakat.io/
PHP code as data
• Understand PHP code just like the binary
• Be able to query the database for special
constructs
• Apply this to PHP 7 migration

8. 0 => 376 : T_OPEN_TAG (<?php
)
1 => 379 : T_WHITESPACE (
)
2 => 344 : T_USE (use)
3 => 379 : T_WHITESPACE ( )
4 => 310 : T_STRING (foo2)
5 => 379 : T_WHITESPACE ( )
6 => 329 : T_AS (as)
7 => 379 : T_WHITESPACE ( )
8 => 310 : T_STRING (foo)
;
10 => 379 : T_WHITESPACE (
)
11 => 358 : T_CLASS (class)
12 => 379 : T_WHITESPACE ( )
13 => 310 : T_STRING (foo3)
14 => 379 : T_WHITESPACE ( )
{
16 => 379 : T_WHITESPACE (
)
17 => 337 : T_FUNCTION (function)
18 => 379 : T_WHITESPACE ( )
19 => 310 : T_STRING (bar)
(
)
22 => 379 : T_WHITESPACE ( )
{

9. Tokenize PHP code
into an AST

10. PHP 5, PHP 7
Psr-4
ClearPHP
Performance
 
 


11. <?php
/** Lots of code **/
class phpthumb {
/** Lots of code **/
function ErrorImage($text, $width=0, $height=0) {
$width = ($width ? $width : $this->config_error_image_width);
$height = ($height ? $height : $this->config_error_image_height);
/** Lots of code **/

13. http://www.exakat.io/reports/plogger/

15. http://www.exakat.io/
How to use it?
• Review current code
• Validate external code
• Prepare for future code
• Hunt bugs and dead code
• An eye over my shoulder

16. http://www.exakat.io/
Get it!
• Download on http://www.exakat.io/
• Open Source, and free
• Test it on your code
• I'm here, talk to me
• Try it online with phplint.com or at exakat.io
zelfs in het Nederlands, als je moedig bent
B
eta
tester
w
an
ted!

17. http://www.exakat.io/
The Exakat Engine
@exakat