Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Exakat Blog:
Up and running exakat in 15 mins
Jun 01, 2017 @ 11:32:41

On the Eakat blog they've written up a post showing you how to get the scanner up and running quickly on your system and start performing scans of the code based on their ruleset.

Exakat is a smart static analysis engine for PHP. It reviews the code fast and produces reports tailored for every needs : issues and code smell for programmers, inventories and maps for architect ; compilation and configurations lists for sys admins ; dashboards for team leaders. Including over 320 analysis and spanning versions from 5.2 to currently WIP 7.2, it helps you audit your code and keep it under control. Let’s see how to get up and running exakat in 15 mins.

The post then walks you through the installation process and defines some prerequisites you'll need before getting started. The Exakat installation is basically just grabbing a phar archive from the exakat.io server. Once it's installed they show you how to run your first scans and view the resulting output. The guide also shows you how to add additional options to the reporting and the command to update Exakat itself.

tagged: exakat scanner tool setup configuration quickstart tutorial

Link: https://www.exakat.io/up-and-running-with-exakat/

Exakat Blog:
Prevent multiple PHP scripts at the same time
Dec 16, 2016 @ 11:09:23

The Exakat.io blog has a post with an interesting method for preventing the execution of multiple instances of a script at once - locking execution with an external indicator (like files, semaphores and streams/sockets).

Like everything, it all started from a simple problem : how to prevent multiple PHP scripts at the same time. And turned into an odyssey of learning, full of evil traps and inglorious victories. In the end, it works, that’s the most satisfying and it possibly matters to no one except me. But "the way is the goal", as said Confucius, so, I decided to share the various findings.

Exakat runs in command line, and it uses a graph database. The database is central to the processing, and it is crucial to avoid running several scripts at the same time : they will write over each other. So, the problem is simple : preventing several instances to run at the same time, on the database. In commandline, there is no web server that may serve as common place between scripts, sharing some memory and implementing a locking system. It requires to use another common ground : the system.

He shares some of the methods he tried to help prevent the simultaneous execution of the Exakat process including:

  • file locking using flock
  • creating a "lock" file
  • making it "crash proof"
  • using semaphores
  • using a socket for the lock

He describes some of the issues he found when running the tool using locking inside of a Docker container and, finally, the use of sockets and streams to place a "hold" until the script closes (also preventing issues on a crash). He ends the post talking about the "final boss" in his battle for locking support - the handing off of the socket connection to another process between parent and child. The final list in the post is a list of each method he tried, their benefits and downsides (but only in certain situations).

tagged: exakat prevention multiple scripts locking execution solutions

Link: https://www.exakat.io/prevent-multiple-php-scripts-at-the-same-time/

Exakat.io Blog:
Automatically Enforcing Coding Reference For PHP
Nov 10, 2016 @ 09:42:07

On the Exakat.io blog there's a post continuing on from a "dos and donts" article about programmer practices. In this new post cover some of the rules in a bit more detail from the original article.

Last week, I ran into ‘PHP Dos and Don’ts aka Programmers I Don’t Like‘ on reddit’s PHP group. It features a list of 11 points that the author hates finding in PHP code. [...] The most interesting point is that coding references are used to asses code. They may very well be automated, thanks to static analysis. I thought it was a good challenge for Exakat.

The list covers several of the rules in the list, providing a brief explanation (and a bit of how it relates back to PHP) including:

  • Unnecessary casting
  • Extra bracket and braces
  • Lack of coding standard
  • Too many nested if statements

He ends the post with a bit of detail about how the Exakat service is checking for these "failures" in it's newer "RadwellCode" report. He even gives the scores of some of the more well-known and used PHP projects including the Zend Framework (v1.12), WordPress, Composer and even Exakat itself.

tagged: enforce coding reference exakat code staticanalysis tool oliverradwell

Link: https://www.exakat.io/enforcing-coding-reference/