1616167310
5 Reasons To Test Your Code - EP 93
In episode 93 of the How To Code Well podcast we are going to talk about software testing. I’m going to give you 5 reasons why you should test you code and discuss how writing tests will help you become a better software professional.
#developer
What is GEEK
Buddha Community
1675304280
How to Use Hotwire Rails
Introduction
We are back with another exciting and much-talked-about Rails tutorial on how to use Hotwire with the Rails application. This Hotwire Rails tutorial is an alternate method for building modern web applications that consume a pinch of JavaScript.
Rails 7 Hotwire is the default front-end framework shipped with Rails 7 after it was launched. It is used to represent HTML over the wire in the Rails application. Previously, we used to add a hotwire-rails gem in our gem file and then run rails hotwire: install. However, with the introduction of Rails 7, the gem got deprecated. Now, we use turbo-rails and stimulus rails directly, which work as Hotwire’s SPA-like page accelerator and Hotwire’s modest JavaScript framework.
What is Hotwire?
Hotwire is a package of different frameworks that help to build applications. It simplifies the developer’s work for writing web pages without the need to write JavaScript, and instead sending HTML code over the wire.
Introduction to The Hotwire Framework:
1. Turbo:
It uses simplified techniques to build web applications while decreasing the usage of JavaScript in the application. Turbo offers numerous handling methods for the HTML data sent over the wire and displaying the application’s data without actually loading the entire page. It helps to maintain the simplicity of web applications without destroying the single-page application experience by using the below techniques:
Turbo Frames: Turbo Frames help to load the different sections of our markup without any dependency as it divides the page into different contexts separately called frames and updates these frames individually.
Turbo Drive: Every link doesn’t have to make the entire page reload when clicked. Only the HTML contained within the tag will be displayed.
Turbo Streams: To add real-time features to the application, this technique is used. It helps to bring real-time data to the application using CRUD actions.
2. Stimulus
It represents the JavaScript framework, which is required when JS is a requirement in the application. The interaction with the HTML is possible with the help of a stimulus, as the controllers that help those interactions are written by a stimulus.
3. Strada
Not much information is available about Strada as it has not been officially released yet. However, it works with native applications, and by using HTML bridge attributes, interaction is made possible between web applications and native apps.
Simple diagrammatic representation of Hotwire Stack:
Prerequisites For Hotwire Rails Tutorial
As we are implementing the Ruby on Rails Hotwire tutorial, make sure about the following installations before you can get started.
- Ruby on Rails
- Hotwire gem
- PostgreSQL/SQLite (choose any one database)
- Turbo Rails
- Stimulus.js
Looking for an enthusiastic team of ROR developers to shape the vision of your web project?
Contact Bacancy today and hire Ruby developers to start building your dream project!
Create a new Rails Project
Find the following commands to create a rails application.
mkdir ~/projects/railshotwire
cd ~/projects/railshotwire
echo "source 'https://rubygems.org'" > Gemfile
echo "gem 'rails', '~> 7.0.0'" >> Gemfile
bundle install
bundle exec rails new . --force -d=postgresqlNow create some files for the project, up till now no usage of Rails Hotwire can be seen.
Fire the following command in your terminal.
- For creating a default controller for the application
echo "class HomeController < ApplicationController" > app/controllers/home_controller.rb
echo "end" >> app/controllers/home_controller.rb- For creating another controller for the application
echo "class OtherController < ApplicationController" > app/controllers/other_controller.rb
echo "end" >> app/controllers/home_controller.rb- For creating routes for the application
echo "Rails.application.routes.draw do" > config/routes.rb
echo ' get "home/index"' >> config/routes.rb
echo ' get "other/index"' >> config/routes.rb
echo ' root to: "home#index"' >> config/routes.rb
echo 'end' >> config/routes.rb- For creating a default view for the application
mkdir app/views/home
echo '<h1>This is Rails Hotwire homepage</h1>' > app/views/home/index.html.erb
echo '<div><%= link_to "Enter to other page", other_index_path %></div>' >> app/views/home/index.html.erb
- For creating another view for the application
mkdir app/views/other
echo '<h1>This is Another page</h1>' > app/views/other/index.html.erb
echo '<div><%= link_to "Enter to home page", root_path %></div>' >> app/views/other/index.html.erb
- For creating a database and schema.rb file for the application
bin/rails db:create
bin/rails db:migrate- For checking the application run bin/rails s and open your browser, your running application will have the below view.
Additionally, you can clone the code and browse through the project. Here’s the source code of the repository: Rails 7 Hotwire application
Now, let’s see how Hotwire Rails can work its magic with various Turbo techniques.
Hotwire Rails: Turbo Drive
Go to your localhost:3000 on your web browser and right-click on the Inspect and open a Network tab of the DevTools of the browser.
Now click on go to another page link that appears on the home page to redirect from the home page to another page. In our Network tab, we can see that this action of navigation is achieved via XHR. It appears only the part inside HTML is reloaded, here neither the CSS is reloaded nor the JS is reloaded when the navigation action is performed.
By performing this action we can see that Turbo Drive helps to represent the HTML response without loading the full page and only follows redirect and reindeer HTML responses which helps to make the application faster to access.
Hotwire Rails: Turbo Frame
This technique helps to divide the current page into different sections called frames that can be updated separately independently when new data is added from the server.
Below we discuss the different use cases of Turbo frame like inline edition, sorting, searching, and filtering of data.
Let’s perform some practical actions to see the example of these use cases.
Make changes in the app/controllers/home_controller.rb file
#CODE
class HomeController < ApplicationController
def turbo_frame_form
end
def turbo_frame submit
extracted_anynumber = params[:any][:anynumber]
render :turbo_frame_form, status: :ok, locals: {anynumber: extracted_anynumber, comment: 'turbo_frame_submit ok' }
end
end
Add app/views/home/turbo_frame_form.html.erb file to the application and add this content inside the file.
#CODE
<section>
<%= turbo_frame_tag 'anyframe' do %>
<div>
<h2>Frame view</h2>
<%= form_with scope: :any, url: turbo_frame_submit_path, local: true do |form| %>
<%= form.label :anynumber, 'Type an integer (odd or even)', 'class' => 'my-0 d-inline' %>
<%= form.text_field :anynumber, type: 'number', 'required' => 'true', 'value' => "#{local_assigns[:anynumber] || 0}", 'aria-describedby' => 'anynumber' %>
<%= form.submit 'Submit this number', 'id' => 'submit-number' %>
<% end %>
</div>
<div>
<h2>Data of the view</h2>
<pre style="font-size: .7rem;"><%= JSON.pretty_generate(local_assigns) %></pre>
</div>
<% end %>
</section>
Make some adjustments in routes.rb
#CODE
Rails.application.routes.draw do
get 'home/index'
get 'other/index'
get '/home/turbo_frame_form' => 'home#turbo_frame_form', as: 'turbo_frame_form'
post '/home/turbo_frame_submit' => 'home#turbo_frame_submit', as: 'turbo_frame_submit'
root to: "home#index"
end- Next step is to change homepage view in app/views/home/index.html.erb
#CODE
<h1>This is Rails Hotwire home page</h1>
<div><%= link_to "Enter to other page", other_index_path %></div>
<%= turbo_frame_tag 'anyframe' do %>
<div>
<h2>Home view</h2>
<%= form_with scope: :any, url: turbo_frame_submit_path, local: true do |form| %>
<%= form.label :anynumber, 'Type an integer (odd or even)', 'class' => 'my-0 d-inline' %>
<%= form.text_field :anynumber, type: 'number', 'required' => 'true', 'value' => "#{local_assigns[:anynumber] || 0}", 'aria-describedby' => 'anynumber' %>
<%= form.submit 'Submit this number', 'id' => 'submit-number' %>
<% end %>
<div>
<% end %>
After making all the changes, restart the rails server and refresh the browser, the default view will appear on the browser.
Now in the field enter any digit, after entering the digit click on submit button, and as the submit button is clicked we can see the Turbo Frame in action in the below screen, we can observe that the frame part changed, the first title and first link didn’t move.
Hotwire Rails: Turbo Streams
Turbo Streams deliver page updates over WebSocket, SSE or in response to form submissions by only using HTML and a series of CRUD-like operations, you are free to say that either
- Update the piece of HTML while responding to all the other actions like the post, put, patch, and delete except the GET action.
- Transmit a change to all users, without reloading the browser page.
This transmit can be represented by a simple example.
- Make changes in app/controllers/other_controller.rb file of rails application
#CODE
class OtherController < ApplicationController
def post_something
respond_to do |format|
format.turbo_stream { }
end
end
end
Add the below line in routes.rb file of the application
#CODE
post '/other/post_something' => 'other#post_something', as: 'post_something'
Superb! Rails will now attempt to locate the app/views/other/post_something.turbo_stream.erb template at any moment the ‘/other/post_something’ endpoint is reached.
For this, we need to add app/views/other/post_something.turbo_stream.erb template in the rails application.
#CODE
<turbo-stream action="append" target="messages">
<template>
<div id="message_1">This changes the existing message!</div>
</template>
</turbo-stream>
This states that the response will try to append the template of the turbo frame with ID “messages”.
Now change the index.html.erb file in app/views/other paths with the below content.
#CODE
<h1>This is Another page</h1>
<div><%= link_to "Enter to home page", root_path %></div>
<div style="margin-top: 3rem;">
<%= form_with scope: :any, url: post_something_path do |form| %>
<%= form.submit 'Post any message %>
<% end %>
<turbo-frame id="messages">
<div>An empty message</div>
</turbo-frame>
</div>
- After making all the changes, restart the rails server and refresh the browser, and go to the other page.
- Once the above screen appears, click on the Post any message button
This action shows that after submitting the response, the Turbo Streams help the developer to append the message, without reloading the page.
Another use case we can test is that rather than appending the message, the developer replaces the message. For that, we need to change the content of app/views/other/post_something.turbo_stream.erb template file and change the value of the action attribute from append to replace and check the changes in the browser.
#CODE
<turbo-stream action="replace" target="messages">
<template>
<div id="message_1">This changes the existing message!</div>
</template>
</turbo-stream>
When we click on Post any message button, the message that appear below that button will get replaced with the message that is mentioned in the app/views/other/post_something.turbo_stream.erb template
Stimulus
There are some cases in an application where JS is needed, therefore to cover those scenarios we require Hotwire JS tool. Hotwire has a JS tool because in some scenarios Turbo-* tools are not sufficient. But as we know that Hotwire is used to reduce the usage of JS in an application, Stimulus considers HTML as the single source of truth. Consider the case where we have to give elements on a page some JavaScript attributes, such as data controller, data-action, and data target. For that, a stimulus controller that can access elements and receive events based on those characteristics will be created.
Make a change in app/views/other/index.html.erb template file in rails application
#CODE
<h1>This is Another page</h1>
<div><%= link_to "Enter to home page", root_path %></div>
<div style="margin-top: 2rem;">
<%= form_with scope: :any, url: post_something_path do |form| %>
<%= form.submit 'Post something' %>
<% end %>
<turbo-frame id="messages">
<div>An empty message</div>
</turbo-frame>
</div>
<div style="margin-top: 2rem;">
<h2>Stimulus</h2>
<div data-controller="hello">
<input data-hello-target="name" type="text">
<button data-action="click->hello#greet">
Greet
</button>
<span data-hello-target="output">
</span>
</div>
</div>
Make changes in the hello_controller.js in path app/JavaScript/controllers and add a stimulus controller in the file, which helps to bring the HTML into life.
#CODE
import { Controller } from "@hotwired/stimulus"
export default class extends Controller {
static targets = [ "name", "output" ]
greet() {
this.outputTarget.textContent =
`Hello, ${this.nameTarget.value}!`
}
}
Go to your browser after making the changes in the code and click on Enter to other page link which will navigate to the localhost:3000/other/index page there you can see the changes implemented by the stimulus controller that is designed to augment your HTML with just enough behavior to make it more responsive.
With just a little bit of work, Turbo and Stimulus together offer a complete answer for applications that are quick and compelling.
Using Rails 7 Hotwire helps to load the pages at a faster speed and allows you to render templates on the server, where you have access to your whole domain model. It is a productive development experience in ROR, without compromising any of the speed or responsiveness associated with SPA.
Conclusion
We hope you were satisfied with our Rails Hotwire tutorial. Write to us at service@bacancy.com for any query that you want to resolve, or if you want us to share a tutorial on your query.
For more such solutions on RoR, check out our Ruby on Rails Tutorials. We will always strive to amaze you and cater to your needs.
Original article source at: https://www.bacancytechnology.com/
1619519725
Immediate $olution to Fix AOL Blerk Error Code 5 with easy instructions
AOL Email is one of the leading web email services. It has a number of features who access easily at any place. Through this, you can easily share messages, documents or files, etc.AOL Blerk Error is not a big issue. It is a temporary error and it occurs when there is an issue in loading messages from the AOL server. If your mind is stuck, How to Resolve or Fix AOL Blerk Error Code 5? Here, In this article, we mentioned troubleshooting steps to fix AOL Blerk Error Code 5.
What are the causes of AOL Blerk Error Code 5?
AOL mail usually presents an AOL Blerk Error 5 after the AOL connection details have been entered. meaning. Your password and your username. This error is usually found in words! Or 'BLERK! Error 5 Authentication problem, 'Your sign-in has been received.
Some of the reasons for the error are as follows:
• Internet browser configuration problem
• Saved erroneous bookmark addresses
• browser cache or cookie
• An AOL Desktop Gold technical error.
How to Fix AOL Mail Blerk Error 5 in a Simple Way
This type of error is mostly due to your browser settings or the use of outdated, obsolete software. Users should remember that the steps to solve problems vary, depending on the browser you are using. Here are the steps to fix the mistake, check your browser and follow the steps.
Internet Explorer: Make sure you use the most recent web browser version. Open a new window and follow the “Tools> Web Options> Security> Internet Zone” thread. Activate ‘Safeguard Mode’ and follow the steps to include AOL Mail in the list of assured websites. Start the browser again to save changes and run Internet Explorer without additional information.
Firefox Mozilla: Open a new Firefox window and press Menu. To start the browser in safe mode, disable the add-on and choose the option to restart Firefox. You can see two options in the dialog box. Use the “Start in Safe Mode” option to disable all themes and extensions. The browser also turns off the hardware speed and resets the toolbar. You should be able to execute AOL mail when this happens.
Google Chrome: Update to the latest version of Chrome. Open the browser and go to the Advanced Options section. Go to ‘Security and Privacy’ and close the appropriate add-ons. Once the browsing history is deleted, the password, cookies saved and the cache will be cleared. Restart your system and try to log in to your AOL account with a new window.
Safari: Some pop-up windows block AOL mail when it comes to Safari and causes authentication issues. To fix the error, use Safari Security Preferences to enable the pop-up window and disable the security warning.
If you see, even when you change the required browser settings, the black error will not disappear, you can consult a skilled professional and see all the AOL email customer support numbers.
Get Connect to Fix Blerk Error Even After Clearing Cache & Cookies?
Somehow you can contact AOL technical support directly and get immediate help if you still get the error. Call +1(888)857-5157 to receive assistance from the AOL technical support team.
Source: https://email-expert247.blogspot.com/2021/04/immediate-olution-to-fix-aol-blerk.html “How to Resolve or Fix AOL Blerk Error Code 5”)**? Here, In this article, we mentioned troubleshooting steps to fix AOL Blerk Error Code 5.
What are the causes of AOL Blerk Error Code 5?
AOL mail usually presents an AOL Blerk Error 5 after the AOL connection details have been entered. meaning. Your password and your username. This error is usually found in words! Or 'BLERK! Error 5 Authentication problem, 'Your sign-in has been received.
Some of the reasons for the error are as follows:
• Internet browser configuration problem
• Saved erroneous bookmark addresses
• browser cache or cookie
• An AOL Desktop Gold technical error.
How to Fix AOL Mail Blerk Error 5 in a Simple Way
This type of error is mostly due to your browser settings or the use of outdated, obsolete software. Users should remember that the steps to solve problems vary, depending on the browser you are using. Here are the steps to fix the mistake, check your browser and follow the steps.
-
Internet Explorer: Make sure you use the most recent web browser version. Open a new window and follow the “Tools> Web Options> Security> Internet Zone” thread. Activate ‘Safeguard Mode’ and follow the steps to include AOL Mail in the list of assured websites. Start the browser again to save changes and run Internet Explorer without additional information.
-
Firefox Mozilla: Open a new Firefox window and press Menu. To start the browser in safe mode, disable the add-on and choose the option to restart Firefox. You can see two options in the dialog box. Use the “Start in Safe Mode” option to disable all themes and extensions. The browser also turns off the hardware speed and resets the toolbar. You should be able to execute AOL mail when this happens.
-
Google Chrome: Update to the latest version of Chrome. Open the browser and go to the Advanced Options section. Go to ‘Security and Privacy’ and close the appropriate add-ons. Once the browsing history is deleted, the password, cookies saved and the cache will be cleared. Restart your system and try to log in to your AOL account with a new window.
-
Safari: Some pop-up windows block AOL mail when it comes to Safari and causes authentication issues. To fix the error, use Safari Security Preferences to enable the pop-up window and disable the security warning.
If you see, even when you change the required browser settings, the black error will not disappear, you can consult a skilled professional and see all the AOL email customer support numbers.
Get Connect to Fix Blerk Error Even After Clearing Cache & Cookies?
Somehow you can contact AOL technical support directly and get immediate help if you still get the error. Call +1(888)857-5157 to receive assistance from the AOL technical support team.
Source: https://email-expert247.blogspot.com/2021/04/immediate-olution-to-fix-aol-blerk.html
#aol blerk error code 5 #aol blerk error 5 #aol mail blerk error code 5 #aol mail blerk error 5 #aol error code 5 #aol error 5
1597564800
Top Security Penetration Testing Companies
Cybercrime is one of the world’s fastest-growing threats, with malicious actors constantly elaborating their methods of undetectable intrusion. According to Verizon’s Business 2020 Data Breach Investigations report, there has been a 100% increase in web app breaches, and stolen credentials were used in more than 80% of these cases. These statistics are worrying for many businesses that actively move their processes to the cloud and deal heavily with customers’ personal data.
Under these circumstances, companies need to run regular automated and manual tests to determine weak spots in their infrastructure, software, network and physical perimeter security. One of the most efficient testing methods is security penetration testing, or pentesting.
Pentesting is a benign hacking attempt, manual or automated, to break into the system and uncover its vulnerabilities before actual cyber criminals do it. This method is directed at testing the system security controls for their real-world effectiveness. It involves such stages as data collection, threat modeling, vulnerability scans, penetration tests, and so on.
To get proactive with their cyber security protection, many businesses cooperate with professional security testing companies that are able to comprehensively check the system, identify risks, fix vulnerabilities, and stay one step ahead of potential hackers.
The ranking criteria for security testing companies
When asking a professional software testing company to check your system’s security, in most cases you need to grant them access to sensitive information. For this reason, it’s important to choose a reliable company with an exceptional reputation, which will become your trusted partner.
Unsurprisingly, the market of security penetration testing companies is overwhelmingly crowded. To narrow down your search, we have analyzed hundreds of testing companies and compiled the list of top testing professionals. We have applied the following criteria:
- Pentesting expertise
- Portfolio
- Software QA experience
- Market penetration
- Online reviews
As a result, we’ve picked 30 skilled security testing companies and rated them accordingly.
1. a1qa
a1qa is a software testing company from Lakewood, CO, that has delivered over 1,500 successful projects and established 10 Centers of Excellence during their 17 years of operation. It has partnered with more than 500 companies, from smaller businesses to Fortune 500 giants. The company’s prominent customers include adidas, Kaspersky Lab, SAP, Yandex, Forex Club, and more.
a1qa specializes in delivering full-cycle QA and testing services, including comprehensive security penetration testing. Its expertise covers testing of web apps such as portals, ecommerce, media and e-learning platforms, games and online casinos, and line-of-business testing, such as CRM, collaboration, document management, and financial systems. The company also runs a specialized security testing lab.
2. QA Mentor
Founded in New York in 2010, QA Mentor has managed to establish a strong global presence with 12 testing centers around the world. Its team consists of 300 certified QA professionals that have successfully completed over 870 projects, including the ones for Amazon, eBay, Bosch, HTC, and more. The company offers more than 30 testing services, with cyber security penetration testing among them.
QA Mentor is recognized as a top software testing company by Clutch, GoodFirms, and Gartner.
3. UnderDefense
UnderDefense is a certified computer and network security company that was established in New York in 2016. It provides a wide range of testing services, with a special focus on security penetration testing. The company’s certified security testing team has performed hundreds of penetration tests, including compliance-specific tests, app and wireless network penetration testing, and social engineering security testing. UnderDefense has been repeatedly awarded by Clutch.
#testing #software-testing #security-testing #penetration-testing #top-software-testing-companies #software-testing-companies #good-company #code-quality
1596754901
Testing Microservices Applications
The shift towards microservices and modular applications makes testing more important and more challenging at the same time. You have to make sure that the microservices running in containers perform well and as intended, but you can no longer rely on conventional testing strategies to get the job done.
This is where new testing approaches are needed. Testing your microservices applications require the right approach, a suitable set of tools, and immense attention to details. This article will guide you through the process of testing your microservices and talk about the challenges you will have to overcome along the way. Let’s get started, shall we?
A Brave New World
Traditionally, testing a monolith application meant configuring a test environment and setting up all of the application components in a way that matched the production environment. It took time to set up the testing environment, and there were a lot of complexities around the process.
Testing also requires the application to run in full. It is not possible to test monolith apps on a per-component basis, mainly because there is usually a base code that ties everything together, and the app is designed to run as a complete app to work properly.
Microservices running in containers offer one particular advantage: universal compatibility. You don’t have to match the testing environment with the deployment architecture exactly, and you can get away with testing individual components rather than the full app in some situations.
Of course, you will have to embrace the new cloud-native approach across the pipeline. Rather than creating critical dependencies between microservices, you need to treat each one as a semi-independent module.
The only monolith or centralized portion of the application is the database, but this too is an easy challenge to overcome. As long as you have a persistent database running on your test environment, you can perform tests at any time.
Keep in mind that there are additional things to focus on when testing microservices.
- Microservices rely on network communications to talk to each other, so network reliability and requirements must be part of the testing.
- Automation and infrastructure elements are now added as codes, and you have to make sure that they also run properly when microservices are pushed through the pipeline
- While containerization is universal, you still have to pay attention to specific dependencies and create a testing strategy that allows for those dependencies to be included
Test containers are the method of choice for many developers. Unlike monolith apps, which lets you use stubs and mocks for testing, microservices need to be tested in test containers. Many CI/CD pipelines actually integrate production microservices as part of the testing process.
Contract Testing as an Approach
As mentioned before, there are many ways to test microservices effectively, but the one approach that developers now use reliably is contract testing. Loosely coupled microservices can be tested in an effective and efficient way using contract testing, mainly because this testing approach focuses on contracts; in other words, it focuses on how components or microservices communicate with each other.
Syntax and semantics construct how components communicate with each other. By defining syntax and semantics in a standardized way and testing microservices based on their ability to generate the right message formats and meet behavioral expectations, you can rest assured knowing that the microservices will behave as intended when deployed.
Ways to Test Microservices
It is easy to fall into the trap of making testing microservices complicated, but there are ways to avoid this problem. Testing microservices doesn’t have to be complicated at all when you have the right strategy in place.
There are several ways to test microservices too, including:
- Unit testing: Which allows developers to test microservices in a granular way. It doesn’t limit testing to individual microservices, but rather allows developers to take a more granular approach such as testing individual features or runtimes.
- Integration testing: Which handles the testing of microservices in an interactive way. Microservices still need to work with each other when they are deployed, and integration testing is a key process in making sure that they do.
- End-to-end testing: Which—as the name suggests—tests microservices as a complete app. This type of testing enables the testing of features, UI, communications, and other components that construct the app.
What’s important to note is the fact that these testing approaches allow for asynchronous testing. After all, asynchronous development is what makes developing microservices very appealing in the first place. By allowing for asynchronous testing, you can also make sure that components or microservices can be updated independently to one another.
#blog #microservices #testing #caylent #contract testing #end-to-end testing #hoverfly #integration testing #microservices #microservices architecture #pact #testing #unit testing #vagrant #vcr
1604008800
Static Code Analysis: What It Is? How to Use It?
Static code analysis refers to the technique of approximating the runtime behavior of a program. In other words, it is the process of predicting the output of a program without actually executing it.
Lately, however, the term “Static Code Analysis” is more commonly used to refer to one of the applications of this technique rather than the technique itself — program comprehension — understanding the program and detecting issues in it (anything from syntax errors to type mismatches, performance hogs likely bugs, security loopholes, etc.). This is the usage we’d be referring to throughout this post.
“The refinement of techniques for the prompt discovery of error serves as well as any other as a hallmark of what we mean by science.”
- J. Robert Oppenheimer
Outline
We cover a lot of ground in this post. The aim is to build an understanding of static code analysis and to equip you with the basic theory, and the right tools so that you can write analyzers on your own.
We start our journey with laying down the essential parts of the pipeline which a compiler follows to understand what a piece of code does. We learn where to tap points in this pipeline to plug in our analyzers and extract meaningful information. In the latter half, we get our feet wet, and write four such static analyzers, completely from scratch, in Python.
Note that although the ideas here are discussed in light of Python, static code analyzers across all programming languages are carved out along similar lines. We chose Python because of the availability of an easy to use ast module, and wide adoption of the language itself.
How does it all work?
Before a computer can finally “understand” and execute a piece of code, it goes through a series of complicated transformations:
As you can see in the diagram (go ahead, zoom it!), the static analyzers feed on the output of these stages. To be able to better understand the static analysis techniques, let’s look at each of these steps in some more detail:
Scanning
The first thing that a compiler does when trying to understand a piece of code is to break it down into smaller chunks, also known as tokens. Tokens are akin to what words are in a language.
A token might consist of either a single character, like (, or literals (like integers, strings, e.g., 7, Bob, etc.), or reserved keywords of that language (e.g, def in Python). Characters which do not contribute towards the semantics of a program, like trailing whitespace, comments, etc. are often discarded by the scanner.
Python provides the tokenize module in its standard library to let you play around with tokens:
Python
1
import io
2
import tokenize
3
4
code = b"color = input('Enter your favourite color: ')"
5
6
for token in tokenize.tokenize(io.BytesIO(code).readline):
7
print(token)
Python
1
TokenInfo(type=62 (ENCODING), string='utf-8')
2
TokenInfo(type=1 (NAME), string='color')
3
TokenInfo(type=54 (OP), string='=')
4
TokenInfo(type=1 (NAME), string='input')
5
TokenInfo(type=54 (OP), string='(')
6
TokenInfo(type=3 (STRING), string="'Enter your favourite color: '")
7
TokenInfo(type=54 (OP), string=')')
8
TokenInfo(type=4 (NEWLINE), string='')
9
TokenInfo(type=0 (ENDMARKER), string='')
(Note that for the sake of readability, I’ve omitted a few columns from the result above — metadata like starting index, ending index, a copy of the line on which a token occurs, etc.)
#code quality #code review #static analysis #static code analysis #code analysis #static analysis tools #code review tips #static code analyzer #static code analysis tool #static analyzer