Shift Left - Find Bugs as Early as Possible

1f686da361195e15bb4e478397a4fc8f?s=47 emanuil
September 26, 2015

Shift Left - Find Bugs as Early as Possible

Shift Left is development paradigm centered on the fact that problems are cheaper to fix the early they are found. In web development world where fixes can be deployed instantly, you do not want to wait for the nightly build to pass or for the manual regression tests. Let the machined do what they are really good at. You want to have a system that will give you comprehensive status about the code you’ve just committed. Ideally in less than 5 minutes (the average developer attention span). Despite the fact that PHP lacks the comprehensive quality tooling compared to the compiled languages, this talk will show you how to make it up and do even better with custom designed tools.

You’ll learn how to create robust build system for PHP that will give you the edge in this DevOps world to deploy faster and with great quality. It will save you a bunch of time and enable your team to focus on more creative and challenging tasks. The talk is technical, focusing on topics such as CI, Phing, linters, HHVM, static code quality, unit tests, api tests. There will also be practical tips and tricks to building your own custom tools for fast, static analysis of PHP code for problems such as SQL Injections, incidental DB table locks.

This talk is from BGPHP conference http://bgphp.org presented on 26/09/2015

EmanuilSlavov.com, @EmanuilSlavov

1f686da361195e15bb4e478397a4fc8f?s=128

emanuil

September 26, 2015
Tweet

Transcript

  1. 5.
  2. 6.
  3. 13.

    Black Box application fully operational Unit Tests in memory execution

    only Static Analysis code parsing; no execution whatsoever
  4. 14.
  5. 15.
  6. 16.
  7. 18.
  8. 20.
  9. 23.
  10. 25.

    CYCLOMATIC COMPLEXITY function testPrint() { echo('Hello World'); } Complexity: 1

    function testPrint($parameter) { if($parameter) { echo('Hello World'); } } Complexity: 2
  11. 26.

    In theory method complexity should be less and than 10.

    PHP is dynamic, loosely typed language, so keep it less than 15.
  12. 37.
  13. 43.

    Execute in memory No external dependencies Easy to test edge

    cases Write tests on the lowest level possible Fast
  14. 45.
  15. 47.

    Test the whole deployed system Can turn them in load/performance

    tests Exercise end to end logic Advantages
  16. 49.

    We had more than 600 API test with 3 hours

    of execution time. Which was a big problem.
  17. 52.

    If you want to be high performing organization you need

    to solve the problem with slow tests.
  18. 54.

    Dedicated test environment Stub all external dependencies Run parallel, solve

    concurrency issues Design tests to be fully independent
  19. 55.
  20. 57.

    The only true ‘customer’ tests UI is talking to the

    right API Can turn them in automated security tests 3rd party attacking proxy - Burp, Zap Advantages
  21. 60.

    HHVM PHPMD PHP Reaper Unit API UI Linter 45 seconds

    15 seconds 3 min 12 min Less than 5 minutes (run on every commit) Too slow
  22. 64.

    Setup a CI job Add basic checks on every commit

    All complete in less than 5 minutes Constantly add new checks
  23. 65.

    When you locate a problem, think how you can detect

    it automatically the next time.
  24. 66.