Exakat 1.3.2 review

Another week, another set of features for Exakat 1.3. This week we worked on the local idioms: the Ambassador audit now reports the fight between strict and relaxed comparison, along with > or < preference. Also, we sped up the processing a bit, by moving the internal structure. Finally, git will fail silently if credentials are necessary. All in all, an excellent Exakat 1.3.2 review.

Git fails silently when credentials fail

Those were two interesting bits of learning last week. First, git supports an environment variable called GIT_TERMINAL_PROMPT. When set to 0, git will avoid asking the username and the password if the remote server asks for it : it will simply fail with an error, that Exakat can catch. This allows for a smoother batch processing of Exakat, when you have to handle several projects in a row.

The second bit of learning is the important config.ini file. Each project, stored in the projects folder has a config.ini file. This is where the initial information about the code location are stored. In case you need to update it, there is project_url which handles the projects URI, including login and password.

You may also change various configurations for the project itself, including the special configuration directives. Those allow some of the analysis to be adapted, case to case. They are listed in the Specific analyser configurations and in each rules’ documentation. For example, Too many local variables is one rule you may want to update.

The local PHP idiom

With its vast array of features and functions, PHP is so vast that no one speaks it fluently and plainly. Depending on the personality of your team and your projects, its history, you may favor some specific features over others.

Examples are legions. They may easily start a trenches war between the ones who like echo, the ones who prefer print, and all the others who don’t care, or would like to mention printf or any contemplating system.

Although they all provide small advantages over the competition, it is nearly impossible to convince anyone about it. In fact, however we (and I) wouldn’t change our opinion, it happens that we happily adopt any local convention as soon as they are important enough to keep the harmony in the team.

The main problem is often to discover those common practices. And this is why Exakat offers a whole section to them. You’ll find them in the Favorites sections, also known as the local idiom.

There, you’ll find over 20 different idioms reported. There may be three situations, when looking at the pie chart. Let’s say we look at strict versus relaxed comparison.

Code favorites

Everytime PHP offers two alternatives for the same features, the code has a choice to make : choose echo, choose print, or choose any of them. All those choices are characteristics of your coding style : they make you unique.

Exakat checks the code for any usage of ==, === and != and !==. It split them between relaxed and strict, then checks the ratio.

  • if strict is over 90%, then relaxed is not the standard. All relaxed usage is considered a violation and is reported as such.
  • if relaxed is over 90%, then strict is not the standard. All strict usage is considered a violation and is reported as such. This is the exact contrary to the above.
  • Finally, if the ratio is anywhere between 90 % and 10%, then the situation is not settled enough to be important. Either this choice was not made, or it is still being worked on: the ratio is presented and you may simply look at it and ‘bah’ it.

Those pie chart are definitely interesting to visit when starting with a new piece of code: those conventions and practices are the personality, and you’d better adopt it unless you like running into a beehive.

Speed up the engine

We’ve been working on several fronts to speed up the engine. You may notice that some early analysis disappeared : they used to provide some inventories, like integers or strings, which are now collected by other means. That means less work for the database.

The slower analysis are also being refactored, now that the underlying engine provides more infrastructures. For example, nowadays Functioncalls are directly linked to their definitions, making checks on arguments easier to do.

Happy PHP code reviews

All the 352 analyzers are presented in the docs, including the thoughtless Use === null : it is faster to use === null instead of is_null(). Although this is a micro-optimization, given the amount of usage of this function (top 30 of all PHP functions and its usage in loops, it probably yields more than little. Besides it is a common bug : 48% applications are vulnerable.

You can check all of the exakat reports at the gallery: exakat gallery.

Download Exakat on exakat.io, install it with Docker, upgrade it with ‘exakat.phar upgrade -u’ and like us on github.