מרץ 19

patrickallaert/php-apm: PHP APM (Alternative PHP Monitor)

APM (Alternative PHP Monitor) is a monitoring extension enabling native Application Performance Management (APM) for PHP. It doesn’t require any modification to your application’s code and let’s you collect performance metrics as well as catching issues that may arise.

Source: patrickallaert/php-apm: PHP APM (Alternative PHP Monitor)

מרץ 06

Moodle 3.3 Database schema / Zoola Analytics

Searching the Moodle database schema is no longer a challenge and table fields names and purposes are no longer a mystery 🙂

With the Zoola analytics DB schema explorer, we can now search and filter tables, table fields, and explorer 1st and 2nd level external key connections between tables.

Source: Moodle 3.3 Database schema / Zoola Analytics

פבר 08

Check your PHP project for known security issues – SensioLabs Security Advisories Checker

“You manage your PHP project dependencies with Composer, right? But are you sure that your project is not dependent on a package with known security issues? The SensioLabs security advisories checker is a simple tool, available as a web service or as an online application, that uses the information from your composer.lock file to check for known security vulnerabilities. This checker is a frontend for the security advisories database.” / SensioLabs.

Source: Check your PHP project for known security issues – SensioLabs Security Advisories Checker

ינו 06

MyToDo list – demonstrate usage of advanced coding techniques available in recent Moodle versions

Simple plugin implementing a personal ToDo list on the user’s Moodle dashboard.

Simple plugin implementing a personal ToDo list on the user’s Moodle dashboard.

The main purpose of this plugin is to demonstrate usage of advanced coding techniques available in recent Moodle versions. Most notably:

Source: Moodle plugins directory: My ToDo list

דצמ 10

phpcs-security-audit – PHP_CodeSniffer

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds flaws or weaknesses related to security in PHP and its popular CMS or frameworks.

It currently has core PHP rules as well as Drupal 7 specific rules. Next planned CMS/framework is Symfony 2, which are also relevant to Moodle.

As a bonus set of rules, the tool also check for CVE issues and security advisories related to CMS/framework. You can use it in order to follow the versioning of components during static code analysis.

The main reasons of this project for being an extension of PHP_CodeSniffer is to have easy integration into continuous integration systems and to be able to find security bugs that are not detected with object oriented analysis (like in RIPS or PHPMD).

phpcs-security-audit is backed by Floe design + technologies and written by Jonathan Marcil.

מקור: FloeDesignTechnologies/phpcs-security-audit

phpStorm setup

  • Install: https://moodle.org/plugins/local_codechecker
  • Git clone above github project (phpcs-security-audit)
  • Follow project’s README install instructions, and also…
  • Copy https://github.com/FloeDesignTechnologies/phpcs-security-audit/tree/master/Security/Sniffs/BadFunctions folder into your Moodle local/codechecker/moodle/Sniffs
  • Copy https://github.com/FloeDesignTechnologies/phpcs-security-audit/tree/master/Security/Sniffs/CVE folder into your Moodle local/codechecker/moodle/Sniffs
אוג 11

Netflix/dynomite: A generic master-master dynamo implementation for different k-v storage engines – Redis and Memcached

As the request goes through a Dynomite node, the data gets replicated and eventually stored in the target storage. The data can then be read back either through Dynomite or directly from the underlying storage’s API.

Dynomite and the target storage engine run on the same node. Clients connect to Dynomite, and requests are proxied to either the storage engine on the same node or to Dynomite processes running on other nodes.

Dynomite, inspired by Dynamo whitepaper, is a thin, distributed dynamo layer for different storage engines and protocols. Currently these include Redis and Memcached. Dynomite supports multi-datacenter replication and is designed for high availability.

The ultimate goal with Dynomite is to be able to implement high availability and cross-datacenter replication on storage engines that do not inherently provide that functionality. The implementation is efficient, not complex (few moving parts), and highly performant.

מקור: Netflix/dynomite: A generic dynamo implementation for different k-v storage engines

Also, checkout (alternatives?):

יול 14

jokkedk/webgrind: Xdebug Profiling Web Frontend in PHP

Webgrind is a Xdebug profiling web frontend in PHP. It implements a subset of the features of kcachegrind and installs in seconds and works on all platforms. For quick’n’dirty optimizations it does the job. Here’s a screenshot showing the output from profiling:

webgrind PHP profiler

Features

  • Super simple, cross platform installation – obviously 🙂
  • Track time spent in functions by self cost or inclusive cost. Inclusive cost is time inside function + calls to other functions.
  • See if time is spent in internal or user functions.
  • See where any function was called from and which functions it calls.
  • Generate a call graph using gprof2dot.py

Suggestions for improvements and new features are more than welcome – this is just a start.

מקור: jokkedk/webgrind: Xdebug Profiling Web Frontend in PHP

יונ 04

Php Inspections (EA Extended) :: JetBrains Plugin Repository

This plugin is a Static Code Analysis tool for PHP (aka inspections in JetBrains products).

It covers:
– architecture related issues (e.g. design pattern violations)
– weak types control and possible code construct simplifications
– performance issues
– non-optimal, duplicate and suspicious “if” conditions
– validation of magic methods usage
– regular expressions
– validation of exception handling workflow
– compatibility issues
– variety of time-consuming bugs
– PhpUnit API usage
– security issues

מקור: Php Inspections (EA Extended) :: JetBrains Plugin Repository