Exakat 1.7.5 Review
Exakat 1.7.5 has been a lot of work behind the scenes. All containers, may it be variable, arrays or properties have been refactored to keep track of their usage. The Files/MissingInclude analysis was extended to be configured with constants and variables. You code once, and when the Exakat 1.7.5 review is right, once is sufficient!
Configuring Inclusion Paths
Missing include is an analysis that searches for missing included files.
<?php include PATH . 'my_functions.php'; ?>
Nowadays, class inclusions are organized with autoload, which loads classes as they are needed. This is convenient and efficient.
There are still some direct inclusions in modern code. Templating systems, constant, configuration or function inclusion must still be manually added to the PHP code, as no autoload() is available for them.
Generally, such inclusions are built with a path prefix, like in the above example. A constant or a global variable provides a root directory, from which the included files may be found.
As for the analysis, constants and variables are not available to Exakat at auditing time. They are typically outside the code source, provided via config files in other languages (YAML, XML, json…) or via environnement variables (
$_ENV and getenv()). By default, paths that can’t be resolved are ignored, to reduce false positives.
With Exakat 1.7.5, you may configure values for those constants and variables. Those are replaced in the inclusion path during the analysis, and then, checked against the list of available files.
Configuring Missing Include Analysis
To configure this analysis, open the file
projects/<name>/config.ini. At the end of the config file, add the following line :
Files_MissingInclude["HOME_DIR"] = "/tmp/classes/"; Files_MissingInclude["$MY_DIR"] = "/home/my/src/classes/";
Those two lines configure the
Files/MissingInclude analysis with a constant and a variable. The constant’s name is
HOME_DIR and its value is
/tmp/classes/, while the variable’s name is
$MY_DIR and its value is
You may repeat this process as many times as you need, for both variables and constants. Those values will be replaced in include path, with
require and their cousin with
_once. When the final
Configuring Other Analysis
Several analysis uses parameters, like
Files/MissingInclude. The full list is available in the documentation, in the Specific analyser configuration section.
The Weekly Audits: 2019, Week #16
Exakat includes a ‘weekly’ report: this report is built with a selection of five analyses. This means a short audit report, with few issues to review. This is not a lot to read them, and review them in your code. Everyone in the PHP community can focus on one of the classic coding problems and fix it. Talk about the weekly audit around you: you’ll find programmers facing the same challenges.
To obtain the ‘weekly’ audit, run an audit, and request the ‘Weekly’ report.
# Init the project (skip when it is already done) php exakat.phar init -p <yourproject> -R https://github.com/Seldaek/monolog.git -git # Run the project (skip when it is already done) php exakat.phar project -p <yourproject> # Export the weekly project (every monday) php exakat.phar report -p <yourproject> -format Weekly # Open projects/<yourproject>/weekly/index.html in your browser
Every week, you can find here 5 new analysis to review in your code. In fact, when your code is clean, you can also take a quick look at the upcoming
Weekly recommendations for PHP code review: 2019, week 2019-16
- Deprecated Functions : Avoid using deprecated functions.
- Slice Arrays First : Always start by reducing an array before applying some transformation on it.
- Concrete Visibility : Methods that implements an interface in a class must be public.
- No Class As Typehint : Avoid using classes as typehint : always use interfaces.
- Switch To Switch : The following structures are based on if / elseif / else.
Happy PHP Code Reviews
All the 351 analyzers are presented in the docs, including the honest: Should Yield With Key : iteratortoarray() will overwrite generated values with the same key. In particular, this applies when no key is provided in the yield.
It is a rare bug, that bites as hard as it is misunderstood.
You can check all of the Exakat reports at the gallery: exakat gallery.