Exakat is a PHP static analyzer. It relies on PHP to lint and tokenize the target code; a graph database to process the AST and the tokens; a SQLITE database to store the results and produce the various reports.
Exakat relies on several parts :
- the exakat.phar, which is the main code. This is usually the one invoked.
- Neo4j and gremline : exakat uses this graph database, with the Gremlin 3 plugin.
- config folder : this is in the working directory, holding the general directive for running exakat.
- projects folder : this has all the data about the code, including the reports. This project keeps a sub-folder per project.
- PHP 7.0 or later to run. This version requires curl, hash, phar, sqlite3, tokenizer, mbstring and json.
- PHP 5.2 to 7.2 for analysis. Those versions only require the ext/tokenizer extension to be available.
- VCS (Version Control Software), such as Git, SVN, bazaar, Mercurial. They all are optional.
- Archives, such as zip, tgz, tbz2 may also be opened with optional helpers.
Exakat has beed tested on OSX, Debian and Ubuntu (up to 14.04). Exakat should work on Linux distributions, may be with little work. Exakat hasn’t been tested on Windows at all.
Installation guide with Docker¶
Installation with docker is easy, and convenient. It hides the dependency on the graph database, and keeps all files in the ‘projects’ folder, created in the working directory.
Currently, Docker installation only ships with one PHP version (7.0).
- Install Docker
- Start Docker
- Pull exkat :
docker pull exakat/exakat
- Run exakat :
docker run -it -v $(pwd)/projects:/usr/src/exakat/projects --rm --name my-exakat exakat/exakat version
- Init a project :
docker run -it -v $(pwd)/projects:/usr/src/exakat/projects --rm --name my-exakat exakat/exakat init -p <project name> -R <vcs_url>
- Run exakat :
docker run -it -v $(pwd)/projects:/usr/src/exakat/projects --rm --name my-exakat exakat/exakat project -p <project name>
You may simply run any exakat command by prefixing it with the following command :
docker run -it -v $(pwd)/projects:/usr/src/exakat/projects --rm --name my-exakat exakat/exakat
You may also create a handy shortcut, by creating an exakat.sh script and put it in your PATH :
cat 'docker run -it -v $(pwd)/projects:/usr/src/exakat/projects --rm --name my-exakat exakat/exakat $1' > /etc/local/sbin/exakat.sh chmod u+x /etc/local/sbin/exakat.sh ./exakat.sh version
Installation guide with Vagrant and Ansible¶
The exakat-vagrant repository contains an automated install for exakat. It installs everything in the working directory, or the system. Vagrant install works with Debian and Ubuntu images (not yet 16.04, though). Other images may be usable, but not tested.
You need the following tools :
Most may easily be installed with the local package manager, or with a direct download from the editor’s website.
Install with Vagrant and Ansible¶
git clone https://github.com/exakat/exakat-vagrant cd exakat-vagrant // Review the Vagrant file to check the size of the virtualbox vagrant up --provision vagrant ssh
You are now ready to run a project.
Installation guide for Debian/Ubuntu¶
These is the installation guide for a Debian server. This also serves as general installation guide.
- Java 1.8
- Neo4j 2.3.*
- Gremlin 3.2 plugin
This list of apt-get will install several needed libs for the installation.
apt-get install gcc make libc-dev libtool re2c autoconf automake git curl libcurl3 libcurl3-dev php5-curl apt-get update apt-get upgrade apt-get clean
Java 8 is needed. Java 7 might work but is not recommended.
The following shell code install Java 8. Root privileges are needed.
## You'll need to run this as root echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" > /etc/apt/sources.list.d/webupd8team-java.list echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" >> /etc/apt/sources.list.d/webupd8team-java.list apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886 apt-get update apt-get install oracle-java8-installer # Check java -version
Download Neo4j 2.3.* version (currently, 2.3.9). Neo4j 2.2 is not supported anymore. Neo4j 3.0 has no support for Gremlin at the moment (2017-03-01)
wget http://dist.neo4j.org/neo4j-community-2.3.9-unix.tar.gz tar -xvf neo4j-community-2.3.9-unix.tar.gz mv neo4j-community-2.3.9 neo4j
In the neo4j folder, update the server configuration. The configuration is in the neo4j_home/conf/neo4j-server.properties :
Activate the gremlin plugin.
#org.neo4j.server.thirdparty_jaxrs_classes=org.neo4j.examples.server.unmanaged=/examples/unmanaged # add this line below the above one org.neo4j.server.thirdparty_jaxrs_classes=com.thinkaurelius.neo4j.plugins=/tp
You may also disable authentication. If not, do not forget to update the config/exakat.ini file, with the right credential.
Exakat uses gremlin plug-in for Neo4j. Follow the install instructions there.
Make the following changes in the following files :
- change the tinkerpop-version tag from 3.1.0-incubating to 3.2.0-incubating
Then, in command line :
git clone https://github.com/thinkaurelius/neo4j-gremlin-plugin gremlin cd gremlin mvn clean package -Dtp.version=3 unzip target/neo4j-gremlin-plugin-tp3-2.3.1-server-plugin.zip -d ../neo4j/plugins/gremlin-plugin cd ../neo4j bin/neo4j restart
Various versions of PHP¶
Extra PHP-CLI versions allow more checks on the code. They only need to have the tokenizer extension available.
Exakat recommends PHP 7.1.0 (or latest version) to run Exakat. We also recommend the installation of PHP versions 5.2, 5.3, 5.4, 5.5, 5.6, 7.1 and 7.2 (aka php-src master).
From the commandline, run php exakat.phar doctor. This will check if all of the above has be correctly run and will report some diagnostic.