Security and code quality enhancements in Dolphin U

AlexT posted 8th of August 2014 in Dolphin.pro News. 2 comments.

A lot has been done in Dolphin U for improving security and code quality. But not only Dolphin code was changed - we build great development environment to make development faster with better code quality. The best available tools allow us to make development more productive and collaborative. 

 

Here is an overview of the enhancements in the code and development environment to make Dolphin U the better version ever released.

 

1. Code, tickets (now issues) and wiki was moved to GitHub

 

Now it is private repository, but after public announcement it will be open project. 

 

2. Automated unit tests

 

Code is automatically tested upon each new code push. However code coverage is low for now, but we will add more unit test in the future. Unit test are powered by PHPUnit

 

3. Automatic packaging

 

Upon every new code push, ready to install version is packaged. It’s not even nightly builds, it prepares new package as soon as new code is added to the repository, even every 2 minutes. So you can always get the latest installable development version and test it for the new features and report bugs. It will allow us to fix reported bugs even before beta version. 

 

4. Automatic live demo install

 

Live demo site is installed upon each new code push to GitHub. So if you don’t want to download and install development version by your own, then live version is always available for tests. It is reset and reinstalled as soon as new code is available. Hopefully this will allow to detect any bugs very early to make future beta and final release bug free as much as possible.

 

5. Automatic code quality analyzation tools

 

Code is continuously tested for any duplicated code. We already cleaned the code to get rid of any duplicates:

 

Dolphin U duplicate code trend

 

and watching for any new ones, if it is occasionally added.

 

6. Continuous integration 

 

Everything above is working together (thanks to Jenkins) and history of changes is saved and presented as visual  graphs. 

 

Importantly it immediately notify developer by email if they commit code which is not installable or some test are failed, making them to fix problem ASAP.

 

7. Command line tools

 

Dolphin can be installed with just one command line with any set of modules, or modules can be installed using command line script. So testing separate install is really easy. Also I believe it will make life easier for hosting operators, allowing them install dolphin just in seconds. 

 

It will also make integration with automated install tools more consistent since the same script is used to install dolphin using build-in wizard, or command line install by operator, or using automated install tools.

 

8. Highest error reporting level during development

 

Dolphin U is developed with E_ALL error reporting level, so even notices are not emitted anymore.

 

9. Standardised code style

 

PSR-1 code style standard was used. Also automated script was used to clean-up existing code.

 

10. No evals in the code

 

We cleaned-up any evals from the code and DB to make code more secure and easier to debug.

 

11. Prepared SQL statements

 

All SQL queries were rewritten to use prepared statements. If properly used then no SQL injection is possible at all. We encourage others to use prepared statements as well.

 

12. Proper file inclusion check 

 

Every file has inclusion check, so PHP files which are supposed for inclusion can’t be accessed directly. It will make code more secure in general.

 

 

 
Recommended by
 
 
Comments
·Oldest
·Top
Please login to post a comment.
nazzal
now im sure that the next release will be much better than the previous ones..
such technologies and tools should have been implemented from the get go.
good luck guys :)
myhuntprofile
I hope GitHub serves your desired purposes well. It was a terrible move for a prior project I worked with when they decided to move from SourceForge to GitHub. The collaboration tools were just not there. Perhaps in this case it will be suitable. Improvements sound great so far. Thanks for working on the product.
 
 
PET:0.079640865325928