Understanding static analysis php amsterdam 2018
•
0 likes•260 views
Static analysis for PHP Static analysis is an emerging field, in particular in the PHP world. Reviewing source code at the speed of a computer requires powerful theoretical tools: control flow diagram, abstract syntactic trees, acyclic dependency graph. If all this seems far and remote from PHP, come and learn how they apply to your favorite language! We'll see how to combine all those aspects to build a useful auditing engine.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Understanding static analysis php amsterdam 2018
Similar to Understanding static analysis php amsterdam 2018 (20)
More from Damien Seguy
More from Damien Seguy (20)
Recently uploaded
Recently uploaded (20)
Understanding static analysis php amsterdam 2018
- 1. Understanding static analysis AmsterdamPHP 2018, The Netherlands
- 2. Agenda What is static analysis How does it work How can you take advantage of it
- 3. Damien Seguy CTO at Exakat Static analysis engine for PHP Ik ben een boterham
- 4. Code review Reading on the IDE Automated code review L'analyse statique, c'est quoi? Manual code review Higher abstraction Simple review Systématic
- 5. Synopsis Convert PHP code into data Add more knowledge Query the internal database
- 6. Static analysis Performences Hosting Sécurity Migration 7.3 Tokenization Memory Source Audits
- 7. An extra step Opcode cache Optimization Text file Tokens / syntax Static analysis Execution
- 8. PHP Tokens token_get_all() Comments, phpDoc, spaces Delimiters : ' " () {} [] ` 2 tokens out of 3 are ignored [248] => Array ( [0] => 382 [1] => [2] => 167 ) [249] => Array ( [0] => 319 [1] => define [2] => 167 ) [250] => ( [251] => Array ( [0] => 323 [1] => 'EXT' [2] => 167 ) [252] => , [253] => Array ( [0] => 382 [1] => [2] => 167 ) <?php //.... define('EXT', '.php');
- 10. Playing in the tree Spot PHP features Variable, Function, Addition, Multiplication, Ifthen, Return
- 11. Jouons dans l'arbre Parameters, Variables Properties, array variable, object variable, static property name, global variable, static variable Everything is a T_VARIABLE
- 12. Parameter counts
- 13. Local variable counts 0,00 25,00 50,00 75,00 100,00 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
- 14. Play in the tree Local patterns $a = 1 + $b; $a = $a + 1; $z = $a + $b + $d - $b + $e; Assignat ion $a Addition LEFT RIGHT $b RIGHT 1 LEFT Motif Analyse Analyse
- 15. PHP is not a tree Link definitions with usage
- 16. Definitions and usage Function and functioncalls class X and instantiations define('A') or const A and A or A $variable and their hidden definition
- 19. Definitions and usage Function definition Parameters Functioncall Arguments Context foo($a) DEFINITION function foo($b) $a = 2 NEXT echo $a Sequence NEXT BLOCK
- 20. Definitions and usage Function definition Parameters Functioncall Arguments Context foo($a[1]) DEFINITION function foo($b) foo($b) foo($a) foo($a) DEFINITION DEFINITION DEFINITION
- 21. Definitions and usage Function definition Parameters Functioncall Arguments Context foo($a[1]) DEFINITION function foo($b)
- 22. What is that? One function call, Multiple definition? function foo($b) DEFINITION foo($a) function foo($b) function foo($b) function foo($b) DEFINITION DEFINITION DEFINITION
- 24. Dead Function A function without outgoing DEFINITION function foo($b)
- 27. Dead Function (Hard) The linear propagation of death function foob($b) function fooa($b) DEFINITION
- 28. Dead Function (very hard) <?php function morte($z) { }
- 29. Dead Function (very hard) Fonctions récursives function foo($b) foo($a) BLOCK DEFINITION EXPRESSION Sequence
- 31. Dead Function (hardest) Recursive, level 2 Recursive, level 3 Recursive, level 4… DEFINITION function foob($b) function fooa($b) DEFINITION
- 32. Dead Function (hardest) Recursive, level 2 Recursive, level 3 Recursive, level 4… DEFINITION function foob($b) function fooa($b) DEFINITION function fooc($b) DEFINITION
- 33. Dead functions No call to the function Function called by dead functions Recursive functions Level 2+ recursive functions
- 34. What fresh hell is that? Call to function without definition ? bar($a)
- 35. Functions without definition PHP extensions Components Higher level of abstraction Components PHP Extensions Code PHP
- 36. Identifying extensions API Functions, constants Classes, interfaces, traits, namespaces Configuration directives Natives extensions, PECL, independent
- 37. Extension usage Removed extensions APC, posix Added extensions AST, libsodium Extension evolution Nouvelle classe, fonctions obsolètes, corrections… APIExt PHP code
- 42. Compatibility Check the API version Check the correct usage of the API Validate contextual usage : error_reporting(E_ERROR | E_WARNING | E_PARSE)
- 45. Beyond the docs Coach your users Usage stats Compatibility usage Suggestions