11
Increasing Code Quality and Security With PHPCS Increasing Code Quality and Security With PHPCS Topher DeRosia @topher1kenobe

Increasing Quality and Security with PHPCS

Embed Size (px)

Citation preview

Page 1: Increasing Quality and Security with PHPCS

Increasing Code Quality and Security

With PHPCS

Increasing Code Quality and Security With PHPCS

Topher DeRosia@topher1kenobe

Page 2: Increasing Quality and Security with PHPCS

Developer and Documenter from

Increasing Code Quality and Security With PHPCS

Topher DeRosia@topher1kenobe

Page 3: Increasing Quality and Security with PHPCS

Why Coding Standards?● They make it so that a very large codebase can appear

to be built by a single person

● They make it easy to return to a project and pick up where you left off

● They can enforce pre-determined security standards

Page 4: Increasing Quality and Security with PHPCS

WordPress Coding StandardsWordPress has coding standards for

PHP: https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/

HTML: https://make.wordpress.org/core/handbook/best-practices/coding-standards/html/

CSS: https://make.wordpress.org/core/handbook/best-practices/coding-standards/css/

Javascript: https://make.wordpress.org/core/handbook/best-practices/coding-standards/javascript/

https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/
https://make.wordpress.org/core/handbook/best-practices/coding-standards/html/
https://make.wordpress.org/core/handbook/best-practices/coding-standards/css/
https://make.wordpress.org/core/handbook/best-practices/coding-standards/javascript/
Page 5: Increasing Quality and Security with PHPCS

What is PHPCS?

● PHP Code Sniffer examines PHP code and compares it to a standards file

● Each project (WordPress, Drupal, Joomla, etc.) has its own standards file

● PHPCS is a Pear package found at http://pear.php.net/package/PHP_CodeSniffer/

Page 6: Increasing Quality and Security with PHPCS

Installing PHPCS

The docs for installing the WordPress standards file include instructions on installing PHPCS

https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards

PHPCS can then be run from the command line or installed to an IDE like PHPStorm, Sublime Text, or Atom

https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards
Page 7: Increasing Quality and Security with PHPCS

What does it do for us?Warnings:

$customer_id = (int)$args['customer_id'];

$customer_id = ( int )$args['customer_id'];

if ( isset( $_GET['edd_notice'] ) && 'customer-contacted' == $_GET['edd_notice'] ) {

if ( isset( $_GET['edd_notice'] ) && 'customer-contacted' == $_GET['edd_notice'] ) { // WPCS: XSS ok.

Page 8: Increasing Quality and Security with PHPCS

What does it do for us?

Errors:

if ( is_admin() )require_once WPCF7_PLUGIN_DIR . '/admin/admin.php';

elserequire_once WPCF7_PLUGIN_DIR . '/includes/controller.php';

Reflections on Curly Braces – Apple’s SSL Bug and What We Should Learn From It

https://blog.codecentric.de/en/2014/02/curly-braces/
https://blog.codecentric.de/en/2014/02/curly-braces/
Page 9: Increasing Quality and Security with PHPCS

What does it do for us?

Security:

<section id="footer-1" class="widget-area <?php echo $sidebar_id; ?>

Should be

<section id="footer-1" class="widget-area <?php echo esc_attr( $sidebar_id ); ?>”>

Page 10: Increasing Quality and Security with PHPCS

Make it a habit

Test every file

Test every time

Don’t release code that has errors and warnings

It’s good for your resume

Page 11: Increasing Quality and Security with PHPCS

THANKS FOR

LISTENING

Increasing Code Quality and Security With PHPCSTopher DeRosia

http://topher1kenobe.comhttp://heropress.com

Follow me @topher1kenobe

@topher1kenobe

http://topher1kenobe.com/
http://heropress.com/

Healthcare in Saudi Arabia - increasing capacity, improving quality?

Healthcare in Saudi Arabia - increasing capacity, improving quality?

Health & Medicine
ImprovIng QualIty and IncreasIng affordabIlIty In

ImprovIng QualIty and IncreasIng affordabIlIty In

Documents
Corporate sustainability: increasing the quality of

Corporate sustainability: increasing the quality of

Documents
Increasing Coding Quality Productivity_Precyse_2010

Increasing Coding Quality Productivity_Precyse_2010

Documents
Concepts in Network Security - VMwaredownload3.vmware.com/vmworld/2005/sln070.pdfTrends in Network Security Attackers Increasing sophistication Increasing communication/ collaboration

Concepts in Network Security - VMwaredownload3.vmware.com/vmworld/2005/sln070.pdfTrends in Network Security Attackers Increasing sophistication Increasing communication/ collaboration

Documents
Increasing Security Reliability in E-Commerce ... - IJOART

Increasing Security Reliability in E-Commerce ... - IJOART

Documents
Smart Borders Increasing security without sacrificing mobility · Smart Borders Increasing security without sacrificing mobility 3 Executive Summary 5 Introduction 6 Trends from Across

Smart Borders Increasing security without sacrificing mobility · Smart Borders Increasing security without sacrificing mobility 3 Executive Summary 5 Introduction 6 Trends from Across

Documents
Increasing our security exports - gov.uk · Increasing our security exports: Security A new government approach 1 The know-how, capability and technologies which secure our nation

Increasing our security exports - gov.uk · Increasing our security exports: Security A new government approach 1 The know-how, capability and technologies which secure our nation

Documents
Increasing Income. Improving Food Security. · Increasing Income. Improving Food Security. Abbreviations 3 Letter From The Chairperson 4 ... ETG investment was facilitated by the

Increasing Income. Improving Food Security. · Increasing Income. Improving Food Security. Abbreviations 3 Letter From The Chairperson 4 ... ETG investment was facilitated by the

Documents
Increasing the Social Security Retir&&it ,Age: Older

Increasing the Social Security Retir&&it ,Age: Older

Documents
Increasing efficiency in airport security screening · 2014-05-19 · Increasing efficiency in airport security screening A. Schwaninger Department of Psychology, University of Zurich,

Increasing efficiency in airport security screening · 2014-05-19 · Increasing efficiency in airport security screening A. Schwaninger Department of Psychology, University of Zurich,

Documents
Increasing the Quality of 360° Video Streaming by ... · Increasing the Quality of 360° Video Streaming by Transitioning between Viewport Quality Adaptation Mechanisms Christian

Increasing the Quality of 360° Video Streaming by ... · Increasing the Quality of 360° Video Streaming by Transitioning between Viewport Quality Adaptation Mechanisms Christian

Documents
Security Conceptions Security Security Functionality Functionality Quality Quality Performance Performance

Security Conceptions Security Security Functionality Functionality Quality Quality Performance Performance

Documents
Increasing the Data Quality in CRM

Increasing the Data Quality in CRM

Business
2015 Newsletter: Increasing Our Local Food Security

2015 Newsletter: Increasing Our Local Food Security

Documents
Increasing JIIM Interoperability in the Security Cooperation ...Increasing JIIM Interoperability in the Security Cooperation Environment We based our strategies on the principle that

Increasing JIIM Interoperability in the Security Cooperation ...Increasing JIIM Interoperability in the Security Cooperation Environment We based our strategies on the principle that

Documents
08 Increasing Security for Windows Servers

08 Increasing Security for Windows Servers

Documents
MEASURE UP: Measuring and Increasing Quality of Hires

MEASURE UP: Measuring and Increasing Quality of Hires

Career
Increasing Education Access, Quality, and Equity in … Profiles/LACGuatemalaTAG.pdf · INCREASING EDUCATION ACCESS, QUALITY, AND EQUITY IN GUATEMALA Latin American and Caribbean

Increasing Education Access, Quality, and Equity in … Profiles/LACGuatemalaTAG.pdf · INCREASING EDUCATION ACCESS, QUALITY, AND EQUITY IN GUATEMALA Latin American and Caribbean

Documents
Increasing the Value of Your Security Solution Offerings › Conference › 2005 › presentations › ... · 2020-04-13 · Increasing the Value of Your Security Solution Offerings

Increasing the Value of Your Security Solution Offerings › Conference › 2005 › presentations › ... · 2020-04-13 · Increasing the Value of Your Security Solution Offerings

Documents
Increasing Your Security: Fingerprint Readers and Facial

Increasing Your Security: Fingerprint Readers and Facial

Documents
Increasing Value Of Security Assessment Services

Increasing Value Of Security Assessment Services

Technology
Webcast Presentation: Increasing Product Quality through DevOps

Webcast Presentation: Increasing Product Quality through DevOps

Technology
RE:FINE Project ‘Assessment for increasing quality, equal ... · equal opportunities and accountability in education’ ... increasing quality, equal opportunities and accountability

RE:FINE Project ‘Assessment for increasing quality, equal ... · equal opportunities and accountability in education’ ... increasing quality, equal opportunities and accountability

Documents
Case Study: Hawke Media-- Increasing Security with Bitium

Case Study: Hawke Media-- Increasing Security with Bitium

Software
Increasing the quality of seismic interpretation

Increasing the quality of seismic interpretation

Documents
Increasing Coverage & Quality of PMTCT Services Beyond 2010

Increasing Coverage & Quality of PMTCT Services Beyond 2010

Documents
INCREASING SAFETY IN A HIGH SECURITY SITE

INCREASING SAFETY IN A HIGH SECURITY SITE

Documents
Anticlick : Increasing Desktop security

Anticlick : Increasing Desktop security

Documents
INCREASING OF QUALITY IN HIGHER EDUCATION · INCREASING OF QUALITY IN HIGHER EDUCATION Eva Kormanikova, ... Mechanics of composite materials in order to increase the quality of educational

INCREASING OF QUALITY IN HIGHER EDUCATION · INCREASING OF QUALITY IN HIGHER EDUCATION Eva Kormanikova, ... Mechanics of composite materials in order to increase the quality of educational

Documents