sign in sign up
<<
Home , Behat (computer science), PRADO (framework), Selenium (software), Silex (web framework)

Date: 11th October, 2016 Project: Auditors: Kamil F. (Senior PHP Developer), Radosław M. (Senior PHP Developer)

CODE AUDIT REPORT

The purpose of the audit was to decide whether or not DeSmart will agree to maintain and / or develop the project.

Technology: - PHP (probably 5.3) - PostgreSQL (database)

PHP frameworks: - - Prado - - CodeIgniter

JavaScript frameworks / libraries: - jQuery 1.6.3 (current version: 3.1.1) - 1.x (current version: 2.0)

PHONE: +48 506 524 954 ADDRESS: 81-366 Gdynia, 37/8 Abrahama st., Poland WEB: desmart.com 1. Low quality code The codebase of the application is of poor quality. The files can be very big (around 1000 lines). Application logic is mixed and obscure - one class can be responsible for data validation, processing and storing in the database. There is no clear separation of responsibilities - there are no services, managers, handlers and so on. Each class can do a variety of things, making it difficult to understand, debug and test. Supporting such codebase is highly troublesome.

2. Domain logic is not separated The domain logic (business rules, e.g. loans, clients, users) is mixed with framework code. This means that the code is tightly coupled with the framework - it's difficult (in some cases even impossible) to test.

3. Bad practices and complex structure The codebase is full of examples of bad practices, e.g. nested foreach loops and if-else blocks, hard-coded values (i.e. values that should reside in config files but instead are placed in the code directly).

4. Undocumented code Huge amount of code is not documented at all. This means that the developers have to thoroughly inspect each piece of code in order to understand what it does. This is not easy because of the complexity and poor quality of the code.

5. Application relies heavily on SQL The database should be only a storage engine. Instead, much business logic is bound with the SQL, e.g. triggers, functions, views. This makes the application tightly coupled with the database, making it very difficult to maintain and / or upgrade. Moving to a different storage engine (e.g. MongoDB) would be very difficult.

PHONE: +48 506 524 954 E-MAIL: [email protected] ADDRESS: 81-366 Gdynia, 37/8 Abrahama st., Poland WEB: desmart.com 6. No unit tests The application has no unit tests. This means that implementing new features or even refactoring the code might introduce bugs and result in errors. Developers have no certainty that the changes they introduce will not have impact on existing functionalities.

7. and tests value unknown The application has several Behat and Selenium tests but their value and code coverage is unknown. We don't know how many paths and scenarios are covered by these tests.

8. Usage of several frameworks We found several frameworks in the codebase - Prado, Silex, Drupal and CodeIgniter. This is not a good situation - the application should depend on one framework. If the application is bound to several frameworks it makes upgrading much more difficult. It also requires the developers to have knowledge about every framework used.

9. Application consists of several different applications This means that in one repository there is the main application, a CMS and some landing pages. These projects should reside in their own repositories, not be part of the main application.

10. Packages embedded in codebase Third-party libraries, extensions and packages are part of the repository. They are not installed using a package manager (e.g. , NPM). This means that these packages can not be easily updated. Third-party packages may have potential vulnerabilities and / or security issues, but automatic update is not possible. Developers would have to monitor each package and update them manually (it may not always be possible).

PHONE: +48 506 524 954 E-MAIL: [email protected] ADDRESS: 81-366 Gdynia, 37/8 Abrahama st., Poland WEB: desmart.com 11. Outdated environment The application is dependent probably on PHP 5.3. Current version of PHP is 7.0 (7.1 will be released in a few weeks). This version of PHP is deprecated and no longer maintained so the application is prone to known (and yet unknown) security breaches. JavaScript framework jQuery is used in version 1.6.3. Current version of jQuery is 3.1.1.

12. Loose XML / SQL files The codebase has several XML / SQL files of unknown purpose. They might be used for backup or as a data source, but this is only a guess. We don't know if they are vital for the application to run properly or are they experimental / test data.

CONCLUSION

We have to refuse to maintain and / or develop this project. The biggest problem for us is lack of unit tests and poor code quality.

PHONE: +48 506 524 954 ADDRESS: 81-366 Gdynia, 37/8 Abrahama st., Poland WEB: desmart.com