Exakat 1.8.1 Review

Exakat 1.8.1 brings several new reports formats for a better bug hunt. This week, we introduce the Top 10 reports, the Yaml and the ExakatYaml reports. Plus Json, Text and XML got upgraded with extra new fields. The Exakat 1.8.1 review is all in the reports! 

Start collecting your own success

The ExakatYaml report was created to help select the analysis that you want to apply to your code base. 

Initially, Exakat comes with several practical rulesets, such as ‘Analyze‘, ‘Classreview‘, ‘Security‘, ‘Performances‘, etc. They are convenient, and used by the distribution reports, so you don’t have to configure anything until you are more experienced with the engine.

As Exakat becomes more familiar, it becomes necessary to tailor the list of analysis to run to your particular coding style. This means cherry-picking a solid list of rules out of the few hundreds available. This is a lot.

To get you started, the ExakatYaml report is here to help you. It reviews the last reports, and provides the list of analysis, ready to use in the configuration file, and sorted by the number of issues that were found. This looks like this : 

rulesets:     ruleset_0: # 0 errors found
"Avoid option arrays in constructors":               Classes/AvoidOptionArrays
"Bad Constants Names":                               Constants/BadConstantnames
"Can't Count Non-Countable":                         Structures/CanCountNonCountable
"Can't Extend Final":                                Classes/CantExtendFinal
"Can't Throw Throwable":                             Exceptions/CantThrow
"Cant Inherit Abstract Method":                      Classes/CantInheritAbstractMethod
"Cant Instantiate Class":                            Classes/CantInstantiateClass     ruleset_1: # 1 errors found
"$this Belongs To Classes Or Traits":                Classes/ThisIsForClasses
"Assign And Compare":                                Structures/AssigneAndCompare
"Avoid set_error_handler $context Argument":         Php/AvoidSetErrorHandlerContextArg
"Callback Needs Return":                             Functions/CallbackNeedsReturn
"Could Use str_repeat()":                            Structures/CouldUseStrrepeat
"Don't Change Incomings":                            Structures/NoChangeIncomingVariables
"Don't Echo Error":                                  Security/DontEchoError     ruleset_2: # 2 errors found
"Casting Ternary":                                   Structures/CastingTernary
"Could Use Short Assignation":                       Structures/CouldUseShortAssignation
"Empty Try Catch":                                   Structures/EmptyTryCatch     ruleset_3: # 3 errors found
"Else If Versus Elseif":                             Structures/ElseIfElseif
"If With Same Conditions":                           Structures/IfWithSameConditions
"Multiple Constant Definition":                      Constants/MultipleConstantDefinition     ruleset_4: # 4 errors found
"Direct Injection":                                  Security/DirectInjection
"Don't Unset Properties":                            Classes/DontUnsetProperties     ruleset_5: # 5 errors found
"No Substr Minus One":                               Php/NoSubstrMinusOne
"Undefined Class Constants":                         Classes/UndefinedConstants     ruleset_6: # 6 errors found
"Avoid sleep()/usleep()":                            Security/NoSleep 

One rule set is created for all the rules that returns currently no results : this is ruleset_0. Then, there is ruleset_1, which collects all rules that reported only one result, and ruleset_2, which collects all rules that reported only two results, etc. 

Each list is configured with the documentation name of the rule, on the left. For example, "Avoid option arrays in constructors": Classes/AvoidOptionArrays. The title itself is easier for us, humans, to read the configuration, and the important part for Exakat is the right side, the rule ID. Here, it is Classes/AvoidOptionArrays.

This report is in Yaml format, so you can edit it as you like before putting it in the configuration file .exakat.yml

Top 10 Classic PHP Traps

If you have been to PHP Serbia, in English, or AFUP Marseille, in French, you may have listened to the popular Top 10 Classic PHP Traps (slides), with a wide selection of little-known features and sneaky bugs that come with using PHP. They do have their own dedicated report, so you can à your code for them, right after listening to the presentation. The top 10 includes a dashboard with grades applied to each participant of the top 10. 

Some of the entries are actually spread over several analyses. For example, ‘No arraymerge in loops’ is actually checking for arraymerge, but also for fputcsv() or concatenations in loops, which may be speeding up significantly, as explained in the presentation. All are documented directly in the report. 

The top 10 is usually included in many other reports, so you may also access it, even after running an audit, with the following command : 

php exakat.phar report -p <my_project> -format Top10 

Yaml report, and upgrade for Text

The Yaml report is a new report with Exakat 1.8.1. It is from the same family as TextJson, or XML

Those reports are machine-oriented reports : they are meant to be an exchange format with other software, may it be CI, dashboards, command line scripts or spreadsheets. They are convenient when you need to reworks Exakat’s massive information database, and only need a specific part of it. 

/repository/Templates/helpers/breadcrumb.php:8 Functions/AvoidBooleanArgument Use Named Boolean In Argument Definition public function __invoke($showCurrentItem = true) { /**/ }  
/repository/Listener/QuoteListener.php:51 Classes/WeakType Weak Typing if($page !== null) { /**/ }  
/repository/Command/FakeDataCommand.php:168 Performances/PrePostIncrement Pre-increment $i++ 

With those reports, you can specify a list of rules to extract, using two options. -T expects a rule set, such as Analyze or Security-P expects a rule Id, such as Performances/PrePostIncrement, or Functions/AvoidBooleanArgument. It is possible to use multiple -P options, but not multiple -T options. 

> php exakat.phar  report -p <myproject> -P Functions/AvoidBooleanArgument -P Performances/PrePostIncrement -format Json -file stdout

> php exakat.phar  report -p <myproject> -T Security -format Text

Depending on the report’s default, the result may be written to the disk, or to stdout. This is controlled with the -file option. It accepts either stdout, for display to the command line, and otherwise, a file name. The file will be located in projects/<my_project>/, with its own extension. 

The Weekly Audits: 2019, Week #22

Exakat includes a ‘weekly’ report: this report is built with a selection of five analyses. This means a short audit report, with few issues to review. This is not a lot to read them, and review them in your code. Everyone in the PHP community can focus on one of the classic coding problems and fix it. Talk about the weekly audit around you: you’ll find programmers facing the same challenges.

To obtain the ‘weekly’ audit, run an audit, and request the ‘Weekly’ report.

# Init the project (skip when it is already done)    
php exakat.phar init -p <yourproject> -R https://github.com/Seldaek/monolog.git -git 

# Run the project (skip when it is already done)    
php exakat.phar project -p <yourproject> 

# Export the weekly project (every monday)    
php exakat.phar report -p <yourproject> -format Weekly 

# Open projects/<yourproject>/weekly/index.html in your browser    

Every week, you can find here 5 new analysis to review in your code. In fact, when your code is clean, you can also take a quick look at the upcoming 

Weekly recommendations for PHP code review : 2019, week 2019-22

Happy PHP Code Reviews 

All the 357 analyzers are presented in the docs, including the grand :  Redefined Class Constants. Unlike global constants, class constants may be redefined by a child class, leading to multiple values for the same syntax. It is an unusual bug (15%).

You can check all of the Exakat reports at the gallery: exakat gallery.

Download Exakat on exakat.io, install it with Docker, upgrade it with ‘exakat.phar upgrade -u’ and like us on github.