Page 1 of 1

Bludit Code Review

Posted: Thu Mar 08, 2018 8:28 pm
by Tango
Hello,

I've noticed that the Bludit project, doesn't use any tools for code analysis.
This is a bad thing, as sometimes bugs and vulnerabilities that are hard to spot, sneak in.

Now here's CODACY, which is free to use for open source projects.
It's an invaluable tool for checking the code quality, that should be added to the project asap.

Also, I've noticed that it's used by many high-profile CMS's.

Thanks!

Re: Bludit Code Review

Posted: Thu Mar 08, 2018 10:47 pm
by Edi
Thank you for your remarks. Codacy could be an interesting tool.

On the other hand keep in mind that the development of Bludit is not as complicated as other projects. Look at the numbers of commits, issues etc. GitHub gives a good overview without any additional tool:

https://github.com/bludit/bludit

This is my opinion, not the one of the developer.

I will give Codacy a try for my own projects related to Bludit, and give some feedback.

Re: Bludit Code Review

Posted: Fri Mar 09, 2018 9:33 am
by diego
Hi,
thank you for your comments, I going to try this CODACY.

Regards

Re: Bludit Code Review

Posted: Mon Apr 23, 2018 1:56 am
by Tango
I hope it's obvious now, how valuable CODACY really is.
It's main advantage is that it pinpoints the exact issue and offers suggestions on how to fix it.

The analysis revealed a lot of issues regarding stability and security, so I think those should be the main concerns for the Bludit v2.4 release.

Thanks!

Re: Bludit Code Review

Posted: Mon Apr 23, 2018 2:14 am
by Edi
No idea what I should think about Codacy... I gave it a try for two of my plugins some weeks ago.

First problem: After starting the analysis, it looped... No analysis of the tool itself? Anyway, the support excused afterwards.

Second problem: Issues that are not real issues.

Therefore it makes no sense to warn here about security problems that do not exist.

Re: Bludit Code Review

Posted: Mon Apr 23, 2018 10:44 am
by diego
Tango wrote:
Mon Apr 23, 2018 1:56 am
I hope it's obvious now, how valuable CODACY really is.
It's main advantage is that it pinpoints the exact issue and offers suggestions on how to fix it.

The analysis revealed a lot of issues regarding stability and security, so I think those should be the main concerns for the Bludit v2.4 release.

Thanks!
Yeap, as Edi said, I don't see any security issue, only warnings and best practices to archive. Anyway, for the moment I don't have time to check in deep this warnings, but you are welcome to improve the code and let me know what can I do better.
Regards