Even nowadays, PHP code is mostly manually audited. Expert pore over actual code, in search for bugs or code smells. Actually, it is possible to have PHP do this work itself ! Strengthened with the internal Tokenizer, bolstered by the manual, it is able to scan thousands of lines of code, without getting bored, and bringing pragmatic pieces of wisdom: official manual recommendations, version migration, code pruning and security. In the end, it deliver a global overview of the code, without reading it.
8. Found
Dead code
Undefined structures
Unused structures
Illogical exp.
Slow code
Bad practices
Unsafe code
Maintainability
Bug issue
Ancient style
Uninitialized vars
Taint propagation
9. <?php
switch ($this->consume())
{
case "x09":
case "x0A":
case "x0B":
case "x0B":
case "x0C":
case "x20":
case "x3C":
case "x26":
case false:
break;
case "x23":
switch ($this->consume())
{
case "x78":
case "x58":
$range = '0123456789ABCDEFabcdef';
$hex = true;
break;
}
}{
?>
11. Spot bugs early
Code Test PreProd Production
Run it at commit Run it as audit
12. Static audit vs Unit test
No running
100% of the code
Symbolic testing
Little configuration
Has false positive
Mostly internal
Needs dedicated servers
Will only scan a part
Test only provided data
Write scenario
Has false negative
Can be handed to users
13. When does it help
Help port to a new system
Search for weak code fragments
Audit external libraries
Hint at refactoring