Exakat 0.12.2 review

Exakat 0.12.2 is just released, like every Monday. This week, Exakat comes with upgraded code, new backends experimentations, and new analyzers : mkdir()’s security, extension lapack, strict_types preferences, and mismatched ternary alternatives. A lot is happening in the gears of the engine, so it is time for the Exakat 0.12.2 review.

Mkdir() security

PHP’s mkdir() function comes with a default second argument of 777. This means that, by default, folders are created by PHP with the universal privileges. In terms of security, it would be better to restrict the access to the new folder to a minimum.

Exakat reports now the usage of mkdir without any arguments. If an argument is provided and it is 777, it is not reported: as usual, explicit setting of configuration are usually voluntary; They are also easier to audit, so it keeps code under control. However, setting directories to 777 is definitely unsafe, so we may make this rule stricter in the future.
Also, this rule shall be upgraded for frameworks. Some, like Zend Framework, has no specific class for folder creation, and fall back to PHP’s mkdir. Others, like Laravel, Symfony or WordPress, behave the same as PHP and creates 777 folder unless specified otherwise.

Extension lapack

If you manipulate matrixes in PHP, and want to extract Eigen values, or calculate the least-square solutions, you should take a look at the lapack extension from PHP.

$a = array(
array( 1.44,  -7.84,  -4.39,   4.53),
array(-9.96,  -0.28,  -3.24,   3.83),
array(-7.55,   3.24,   6.27,  -6.64),
array( 8.34,   8.09,   5.28,   2.06),
array( 7.08,   2.52,   0.74,  -2.47),
array(-5.45,  -5.70,  -1.19,   4.70),

$b = array(
array( 8.58,   9.35),
array( 8.26,  -4.43),
array( 8.48,  -0.70),
array(-5.28,  -0.26),
array( 5.72,  -7.36),
array( 8.93,  -2.52),

$result = Lapack::leastSquaresByFactorisation($a, $b);

Mismatched Ternary Alternatives

The ternary operator should return only one type. It provides a one-line operator to handle cases, and it may be corrupted into returning different types of data, that leads to lots of testing and conditions.
Whenever possible, both branches of the ternary operator are tested for type, and reported when they don’t match.

// typical mismatched ternary operator
$object = class_exists(‘myClass’) ? new myClass() : null;

if ($object === null) {
//deal with null case
} else {

new strict_types preferences

The ambassador report now features a new ‘favorite’ : strict_types. How often does the code use strict_types configuration. strict_types should be used as a project-wide configuration, so the most systematic coders will have it on every file, or almost. This will help track progress, as this is not always the case : here, the airship project is already using strict_types as much as possible.

Airship likes strict_types

Simultaneously, the Ambassador report includes usage of ticks, encoding and strict_types in the ‘appinfo’ section. They are very scarcely used, though we also have to catch up with the numbers to see how popular they are.

Graph database

More work on compatibility between the various drivers. We have experimented with Tinkergraph, the in-memory engine for Gremlin 3, published with Gremlin-server. This engine is great for small-size audits, with quick installation and 30% acceleration. This is a good complement with Neo4j for commodity hardware. For larger application, we’ll have to test larger architecture, especially with spark. New frontiers, here we come!

Happy PHP code reviews

Exakat 0.12.2 also includes a great number of false-positive cleaning. They are reported via the Issue tracker on Github  (Thanks, Nicolas and Jonathan), others emerges while we’re cleaning the code for the new graphs, and lastly, they appears from reading audits and identifying new situations. Please, report to us yours cases or the analysis you’d like to see in Exakat : we’ll take a closer look!
All the 310+ analyzers are presented in the docs, including the classic ‘Dependent trait‘, which spots when a trait depends on existing properties to function properly: hint, make your traits autonomous. Download Exakat on exakat.io, upgrade it with ‘exakat.phar upgrade -u’ and like us on github: https://github.com/exakat/exakat.