We are pleased to announce that Sider has started supporting Phinder, a new analyzer for PHP! This is the latest in our series of in-house tools which help you sharing project-specific knowledge within your team.

Using Phinder, you can define custom rules for your team. It helps to share project specific knowledge and best practices among developers. Here’s an example Phinder rule configuration.

A Phinder rule is essentially a pair of pattern and message . When Phinder detects a PHP code piece which matches the given pattern, it prints the message.

Define your own rules, put them in your repository, and use Sider to check for problems.

Using Phinder on Sider

We are sure this new tool will help make your code review super efficient!

For readers who are already familiar with Goodcheck or Querly: Phinder does the same thing for PHP.

What is Project Knowledge?

When we talk about code review automation, we often focus on general best practices, which all projects in the language or framework should follow. Sider supports some tools for this — PHPMD and PHP_CodeSniffer. These tools detect anti-pattern instances in your code and help you to fix them.

However, as a code base grows, project-specific best practices become more important. As your API grows, some areas will need special attention to use them safely, and you end up spending extra time explaining this to other developers.

General rules vs project rules.

The problem is that the general analysis tools do not support this project-specific knowledge, because they don’t know anything about your project. You can develop plug-ins for the tools you’re using, but it is not as easy or cost effective.

Sider focuses on this problem: helping dev teams share project knowledge. Instead of having a code review rulebook or code review checklist, we allow you to codify the knowledge in Phinder rules, and let it check automatically.

Examples

We show some examples here to demonstrate how you can utilize the tool. Each rule in the examples is just showing a basic idea — you probably need to customize the patterns and messages for your project.

Security alert on credentials

Assume you have User class with oauthToken() method, which returns the user’s OAuth token. The token is a credential so that developers should take extra care not expose the value unexpectedly. Let’s see a Phinder rule for this:

_ in Phinder matches any PHP expression. The pattern above matches with $user->oauthToken() , $this->currentUser()->oauthToken() , and any oauthToken() method call.

Reference to Past Service Issues

Assume your service had an outage because of a PostCategory::import_records(associations) call. The method implements bulk insertion of given rows into a table. It is faster than inserting the rows one by one but may result in a deadlock, which is what caused the service outage. You can put links to the issue reports to help the developer to understand what they have to do to make the function call safe.

Generally, checking the preconditions automatically is too difficult to implement in a tool, but we can make a tool to ask developers to do the precondition check themselves.

Announcing New API

Now assume you have implemented a new API to load posts records, which loads related records including tags and authors. So, you want to ask developers to use this API when they try to fetch records using the native ORM API. Here’s how you could use Phinder to do this.

The rule includes justification attributes, which explains when the developer can ignore the alert safely.

Give It a Try!

The easiest way to try Phinder is to use it on Sider. You can also install it locally to test its configuration and understand how it works. Visit the Phinder web page to read setup instructions.

We hope Phinder and Sider can help make your code review more efficient and your Ship it!s more confident.

For Teams working in Other Languages

Phinder is for PHP programs. Sider offers two other tools with the same philosophy — Querly and Goodcheck. Querly is for Ruby programs. Goodcheck is regular expression based. Its expressiveness is limited compared with Phinder and Querly, but it runs on any text files.

If your team does not use PHP, you can try Querly and Goodcheck.

References