SlideShare a Scribd company logo

Automated code reading with JavaScript static analysis tools

Noah Sussman
Noah Sussman

This document discusses various tools for static analysis of JavaScript code, including JSLint, JSHint, JSONLint, the Google Closure Compiler, and others. It provides examples of how to use each tool and configure options. Regular expressions are demonstrated for filtering output. The importance of tuning tools to the specific codebase is emphasized.

Technology
1 of 35
NoahSussman ns@noahsussman.com @noahsussman ToolsandTechniques JavaScriptStaticAnalysis SoftwareTestProfessionalsonlinesession NewYork May2013
“Lint”
“StaticAnalysis”means“AutomatedReading”
spinroot.com/gerard/pdf/ScrubPaper_rev.pdf
Thegoalofstaticanalysisisto automateyourselfreadingcode. —SebastianBergmann
TheCaseForStaticAnalysis Static analysis can reveal interesting places to start reading in an unfamiliar code base. It can also be used to locate areas of the code base that may benefit from refactoring. Additionally static analysis may highlight potential sources of latent bugs.
“Errors”aren’tnecessarilybad. Edsger Dijkstra famously said that tests can show the presence of bugs, but never their absence. Static analysis can tell you where to start reading, but it can’t tell you where and when to stop reading and take action. The feedback from any of these tools is ultimately just another data point. How to respond to that data is a problem static analysis can’t solve ;-)
Goodhart’sLaw Anymetricthatisusedtogauge performance,willbegamedsuch thatitisnolongeranaccurate measureofperformance.
—GerardHolzmann(NASA/JPL) "reliabilityisasystemproperty,notacomponentproperty" "sincesmalldefectscanlineupandleadtoabiganomaly…being meticulousaboutevensmalldefectscanreallypayoff.Everysmall defectthatyoueliminate,eliminatesonelinkinthechainthatcould buildtowardalargerproblem. Acodingstandardcouldhelp.Almosteveryorganizationhasacoding standardandinmostcasesthedevelopersarecompletelyunawareofit --theydon'treadit...Ifyoucomeupwithacodingstandardyoubetter haverulesthatmatter,thatcorrelatewithriskandyoubettermakesure thatyoucancheckcompliancemechanically."
UniformityandComprehensibility
Checksfordetectableerrors Find places where semicolon insertion might produce unintended results Detect unintentional declaration of global variables Detect undeclared variables Warn about potential unintended behavior from == Flag usages of eval()
Firstweneedanexistingcodebase. wget http://code.jquery.com/jquery-1.10.1.js mv jquery-1.10.1.js jquery.js
JSLint npm -g install jslint jslint jquery.js JSLint is Douglas Crockford's personal linting tool. It ships with a great default ruleset -- Crockford's own, constantly updated as he continues to learn about JavaScript and its pitfalls. JSLint is highly opinionated. While this is generally seen as a good thing, there's a limited amount of flexibility when it comes to disabling individual rules. It’s hard to apply JSLint to legacy code.
JSHint npm -g install jshint jshint jquery.js JSHint is very similar to JSLint (in fact it began life as JSLint fork) but all of JSHint’s warnings and errors can be configured or disabled via command line options or with a .jshintrc configuration file.
JSONLint npm -g install jsonlint jsonlint myFile.json JSONLint is a validator for the JSON data-interchange format. JSON is used by almost all modern Web APIs. JSONLint automates the process of testing whether there are parsiing errors in a block of JSON.
GoogleClosureCompiler curl -sO http://closure-compiler.googlecode.com/files/compiler-latest.zip unzip -qo compiler-latest.zip java -jar compiler.jar jquery.js Closure compilation is the closest thing that JavaScript has to an "interpreter" syntax check like php  -­‐l or ruby  -­‐c   Closure also warns you about potential issues such as missing parameters and undeclared or redefined variables. If code won't compile with the Closure Compiler, then you can be certain said code is deeply hosed in some fundamental way.
TheGoogleJavaScriptLinter(gjslint) fixjsstyle yardstick ProjectMessDetector(PMD) Copy-PasteDetector(CPD) CSSLint TidyforHTML5 PHPCodeSniffer
JSONLint GoogleClosureCompiler JSHint UseandConfiguration
jsonlint myFile.json JSONLintinaction
GoogleClosureCompilerinaction
jslint jquery.js JSLintinaction
jshint jquery.js JSHintinaction
ConfigureJSHintandClosureCompiler
.jshintrcfile
Usea.jshintrcfile
OutputTuning http://www.jslint.com/lint.html#options http://www.jshint.com/docs/#enforcing_options http://jslinterrors.com https://developers.google.com/closure/compiler/docs/error-ref
In-the-wildexamplesofoutputtuning
RegularExpressions jslint jquery.js | egrep -v 'is OK.$' | egrep -v '^ *$' This relatively simple regex suppresses status messages from JSLint. The only lines that will be printed are lines containing errors and warnings.
RegularExpressions tidy_ignore_regex='(DOCTYPE|title|not approved|proprietary attribute| implicit <body>|trimming empty| missing <li>)|"tabindex" has invalid value "-1"|missing </template> before <li>|inserting implicit <ul>|missing </ul> before </template>|missing quote mark for attribute value'
TunetheToolsToMatchTheCode jslint --predef Meteor --predef Template --predef '$' --predef '_' --predef Session --predef setTitle --predef Conf --predef google --predef Npm --predef makeInfoWindowEvent --predef IS_DEV --predef IS_PRODUCTION --plusplus --devel --vars --nomen --sloppy --white --terse --browser jquery.js | egrep -v 'is OK.$' | egrep -v '^ *$'
TunetheToolsToMatchTheCode java compiler.jar jquery.js --warning_level DEFAULT --jscomp_off missingProperties --compilation_level ADVANCED_OPTIMIZATIONS --externs ../../tests/conf/externs.js | > /dev/null
Don’tFeartheFilter yardstick_runner () { reasonable_upper_bound_for_CCN=10 result=$(echo $* | xargs yardstick | grep -v @ | egrep -v '^ ' | perl -lnwe 's{^(S+)(s+)(d+).*}{$3$2$1} and print' | sort -rn | head -n1 | xargs -I @ echo @: high cyclomatic complexity.) count=`echo $result | cut -d ' ' -f1` if [ $count -gt $reasonable_upper_bound_for_CCN ] then echo WARNING: $result >&2 fi }
Don’tFeartheFilter
ThewholetimeI’mwritingcode, I’mconstantlytestingmy assumptions. —RasmusLerdorf
Questions? @noahsussman ns@noahsussman.com infiniteundo.com

Recommended

JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeNishant Das Patnaik
 
Ustream vs Legacy, It's never too late to start your fight! #Jsist 2014
Ustream vs Legacy, It's never too late to start your fight! #Jsist 2014Ustream vs Legacy, It's never too late to start your fight! #Jsist 2014
Ustream vs Legacy, It's never too late to start your fight! #Jsist 2014Máté Nádasdi
 
New c sharp4_features_part_v
New c sharp4_features_part_vNew c sharp4_features_part_v
New c sharp4_features_part_vNico Ludwig
 
Spock pres
Spock presSpock pres
Spock preselizhender
 
J90 X
J90 XJ90 X
J90 Xmpmenne
 
How to add Fixtures into your Django app with Mixer
How to add Fixtures into your Django app with MixerHow to add Fixtures into your Django app with Mixer
How to add Fixtures into your Django app with MixerGuinsly Mondesir
 
Mocking in python
Mocking in pythonMocking in python
Mocking in pythonOoblioob
 
Django Introdcution
Django IntrodcutionDjango Introdcution
Django IntrodcutionNagi Annapureddy
 

Recommended

JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeNishant Das Patnaik
 
Ustream vs Legacy, It's never too late to start your fight! #Jsist 2014
Ustream vs Legacy, It's never too late to start your fight! #Jsist 2014Ustream vs Legacy, It's never too late to start your fight! #Jsist 2014
Ustream vs Legacy, It's never too late to start your fight! #Jsist 2014Máté Nádasdi
 
New c sharp4_features_part_v
New c sharp4_features_part_vNew c sharp4_features_part_v
New c sharp4_features_part_vNico Ludwig
 
Spock pres
Spock presSpock pres
Spock preselizhender
 
J90 X
J90 XJ90 X
J90 Xmpmenne
 
How to add Fixtures into your Django app with Mixer
How to add Fixtures into your Django app with MixerHow to add Fixtures into your Django app with Mixer
How to add Fixtures into your Django app with MixerGuinsly Mondesir
 
Mocking in python
Mocking in pythonMocking in python
Mocking in pythonOoblioob
 
Django Introdcution
Django IntrodcutionDjango Introdcution
Django IntrodcutionNagi Annapureddy
 
Web development basics (Part-4)
Web development basics (Part-4)Web development basics (Part-4)
Web development basics (Part-4)Rajat Pratap Singh
 
20151117 es lint
20151117 es lint20151117 es lint
20151117 es lintNakajima Shigeru
 
me-and-python
me-and-pythonme-and-python
me-and-pythonJan Stavel
 
Advanced debugging
Advanced debuggingAdvanced debugging
Advanced debuggingAli Akhtar
 
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...Iosif Itkin
 
[Srijan Wednesday Webinars] Choosing the Right Testing Framework
[Srijan Wednesday Webinars] Choosing the Right Testing Framework[Srijan Wednesday Webinars] Choosing the Right Testing Framework
[Srijan Wednesday Webinars] Choosing the Right Testing FrameworkSrijan Technologies
 
Working with Legacy Code
Working with Legacy CodeWorking with Legacy Code
Working with Legacy CodeEyal Golan
 
Code analyzer: FindBugs and PMD
Code analyzer: FindBugs and PMDCode analyzer: FindBugs and PMD
Code analyzer: FindBugs and PMDKan-Han (John) Lu
 
Functional programming principles and Java 8
Functional programming principles and Java 8Functional programming principles and Java 8
Functional programming principles and Java 8Dragos Balan
 
Specifications pattern
Specifications patternSpecifications pattern
Specifications patternTung Nguyen
 
Thinking Functionally
Thinking FunctionallyThinking Functionally
Thinking FunctionallyPiyush Katariya
 
5 levels of api test automation
5 levels of api test automation5 levels of api test automation
5 levels of api test automationShekharRamphal
 
Measuring Code Quality in WTF/min.
Measuring Code Quality in WTF/min. Measuring Code Quality in WTF/min.
Measuring Code Quality in WTF/min. David Gómez García
 
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...Laura M. Castro
 
Tablas dinamicas
Tablas dinamicasTablas dinamicas
Tablas dinamicasallisonog
 
Portafolio de servicios
Portafolio de serviciosPortafolio de servicios
Portafolio de serviciosLavacentro
 
Manual uh DCS
Manual uh DCSManual uh DCS
Manual uh DCSSeptimo Regimiento de Caballería
 
Hidup Lebih Mulia 2
Hidup Lebih Mulia 2Hidup Lebih Mulia 2
Hidup Lebih Mulia 2suman sutra
 
Curriculum vitae 03-29-2016
Curriculum vitae 03-29-2016Curriculum vitae 03-29-2016
Curriculum vitae 03-29-2016Gokhan Baris Ozdener
 
Noriman
NorimanNoriman
NorimanObispoPerello
 
Criteria Recursos Humanos
Criteria Recursos HumanosCriteria Recursos Humanos
Criteria Recursos HumanosCriteria RRHH
 
Herramientas web 2
Herramientas web 2Herramientas web 2
Herramientas web 2Brigitte Chugcho Lugo
 

More Related Content

What's hot

Web development basics (Part-4)
Web development basics (Part-4)Web development basics (Part-4)
Web development basics (Part-4)Rajat Pratap Singh
 
Advanced debugging
Advanced debuggingAdvanced debugging
Advanced debuggingAli Akhtar
 
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...Iosif Itkin
 
[Srijan Wednesday Webinars] Choosing the Right Testing Framework
[Srijan Wednesday Webinars] Choosing the Right Testing Framework[Srijan Wednesday Webinars] Choosing the Right Testing Framework
[Srijan Wednesday Webinars] Choosing the Right Testing FrameworkSrijan Technologies
 
Working with Legacy Code
Working with Legacy CodeWorking with Legacy Code
Working with Legacy CodeEyal Golan
 
Code analyzer: FindBugs and PMD
Code analyzer: FindBugs and PMDCode analyzer: FindBugs and PMD
Code analyzer: FindBugs and PMDKan-Han (John) Lu
 
Functional programming principles and Java 8
Functional programming principles and Java 8Functional programming principles and Java 8
Functional programming principles and Java 8Dragos Balan
 
Specifications pattern
Specifications patternSpecifications pattern
Specifications patternTung Nguyen
 
5 levels of api test automation
5 levels of api test automation5 levels of api test automation
5 levels of api test automationShekharRamphal
 
Measuring Code Quality in WTF/min.
Measuring Code Quality in WTF/min. Measuring Code Quality in WTF/min.
Measuring Code Quality in WTF/min. David Gómez García
 
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...Laura M. Castro
 

What's hot (14)

Web development basics (Part-4)
Web development basics (Part-4)Web development basics (Part-4)
Web development basics (Part-4)
 
20151117 es lint
20151117 es lint20151117 es lint
20151117 es lint
 
me-and-python
me-and-pythonme-and-python
me-and-python
 
Advanced debugging
Advanced debuggingAdvanced debugging
Advanced debugging
 
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
 
[Srijan Wednesday Webinars] Choosing the Right Testing Framework
[Srijan Wednesday Webinars] Choosing the Right Testing Framework[Srijan Wednesday Webinars] Choosing the Right Testing Framework
[Srijan Wednesday Webinars] Choosing the Right Testing Framework
 
Working with Legacy Code
Working with Legacy CodeWorking with Legacy Code
Working with Legacy Code
 
Code analyzer: FindBugs and PMD
Code analyzer: FindBugs and PMDCode analyzer: FindBugs and PMD
Code analyzer: FindBugs and PMD
 
Functional programming principles and Java 8
Functional programming principles and Java 8Functional programming principles and Java 8
Functional programming principles and Java 8
 
Specifications pattern
Specifications patternSpecifications pattern
Specifications pattern
 
Thinking Functionally
Thinking FunctionallyThinking Functionally
Thinking Functionally
 
5 levels of api test automation
5 levels of api test automation5 levels of api test automation
5 levels of api test automation
 
Measuring Code Quality in WTF/min.
Measuring Code Quality in WTF/min. Measuring Code Quality in WTF/min.
Measuring Code Quality in WTF/min.
 
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...
 

Viewers also liked

Tablas dinamicas
Tablas dinamicasTablas dinamicas
Tablas dinamicasallisonog
 
Portafolio de servicios
Portafolio de serviciosPortafolio de servicios
Portafolio de serviciosLavacentro
 
Hidup Lebih Mulia 2
Hidup Lebih Mulia 2Hidup Lebih Mulia 2
Hidup Lebih Mulia 2suman sutra
 
Criteria Recursos Humanos
Criteria Recursos HumanosCriteria Recursos Humanos
Criteria Recursos HumanosCriteria RRHH
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingRob Ragan
 
Chapter19 foreigncurrencytransactions2008
Chapter19 foreigncurrencytransactions2008Chapter19 foreigncurrencytransactions2008
Chapter19 foreigncurrencytransactions2008Sajid Ali
 
Chapter 1 introduction to computers
Chapter 1 introduction to computersChapter 1 introduction to computers
Chapter 1 introduction to computersMuhammad Faisal
 
Información, Trucos y Consejos de impresión
Información, Trucos y Consejos de impresiónInformación, Trucos y Consejos de impresión
Información, Trucos y Consejos de impresiónimpresum
 
La experiencia estética.- Estefania Cabezas.
La experiencia estética.- Estefania Cabezas.La experiencia estética.- Estefania Cabezas.
La experiencia estética.- Estefania Cabezas.sharonbr96
 
Management de projet agile vs classique pmi atlantic 20120322
Management de projet agile vs classique pmi atlantic 20120322Management de projet agile vs classique pmi atlantic 20120322
Management de projet agile vs classique pmi atlantic 20120322Jean-Luc MAZE
 
Nunca.conte.com.ratinhos
Nunca.conte.com.ratinhosNunca.conte.com.ratinhos
Nunca.conte.com.ratinhosLuzania Lima
 
Code style 2014-07-18-pub
Code style 2014-07-18-pubCode style 2014-07-18-pub
Code style 2014-07-18-pubpersia cai
 
淺談 QR Code
淺談 QR Code淺談 QR Code
淺談 QR CodeKun Chen
 

Viewers also liked (20)

Tablas dinamicas
Tablas dinamicasTablas dinamicas
Tablas dinamicas
 
Portafolio de servicios
Portafolio de serviciosPortafolio de servicios
Portafolio de servicios
 
Manual uh DCS
Manual uh DCSManual uh DCS
Manual uh DCS
 
Hidup Lebih Mulia 2
Hidup Lebih Mulia 2Hidup Lebih Mulia 2
Hidup Lebih Mulia 2
 
Curriculum vitae 03-29-2016
Curriculum vitae 03-29-2016Curriculum vitae 03-29-2016
Curriculum vitae 03-29-2016
 
Noriman
NorimanNoriman
Noriman
 
Criteria Recursos Humanos
Criteria Recursos HumanosCriteria Recursos Humanos
Criteria Recursos Humanos
 
Herramientas web 2
Herramientas web 2Herramientas web 2
Herramientas web 2
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without Fighting
 
Chapter19 foreigncurrencytransactions2008
Chapter19 foreigncurrencytransactions2008Chapter19 foreigncurrencytransactions2008
Chapter19 foreigncurrencytransactions2008
 
Museo Hermitage
Museo HermitageMuseo Hermitage
Museo Hermitage
 
Maestria En Pedagogia
Maestria En PedagogiaMaestria En Pedagogia
Maestria En Pedagogia
 
Chapter 1 introduction to computers
Chapter 1 introduction to computersChapter 1 introduction to computers
Chapter 1 introduction to computers
 
Información, Trucos y Consejos de impresión
Información, Trucos y Consejos de impresiónInformación, Trucos y Consejos de impresión
Información, Trucos y Consejos de impresión
 
Luz y el movimiento ondulatorio
Luz y el movimiento ondulatorioLuz y el movimiento ondulatorio
Luz y el movimiento ondulatorio
 
La experiencia estética.- Estefania Cabezas.
La experiencia estética.- Estefania Cabezas.La experiencia estética.- Estefania Cabezas.
La experiencia estética.- Estefania Cabezas.
 
Management de projet agile vs classique pmi atlantic 20120322
Management de projet agile vs classique pmi atlantic 20120322Management de projet agile vs classique pmi atlantic 20120322
Management de projet agile vs classique pmi atlantic 20120322
 
Nunca.conte.com.ratinhos
Nunca.conte.com.ratinhosNunca.conte.com.ratinhos
Nunca.conte.com.ratinhos
 
Code style 2014-07-18-pub
Code style 2014-07-18-pubCode style 2014-07-18-pub
Code style 2014-07-18-pub
 
淺談 QR Code
淺談 QR Code淺談 QR Code
淺談 QR Code
 

Similar to Automated code reading with JavaScript static analysis tools

Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code AnalysisAndrey Karpov
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopPVS-Studio
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysisalice yang
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
 
Copy-Paste and Muons
Copy-Paste and MuonsCopy-Paste and Muons
Copy-Paste and MuonsAndrey Karpov
 
PVS-Studio: analyzing ReactOS's code
PVS-Studio: analyzing ReactOS's codePVS-Studio: analyzing ReactOS's code
PVS-Studio: analyzing ReactOS's codePVS-Studio
 
Runtime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsRuntime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsIRJET Journal
 
Six reasons to learn JavaScript
Six reasons to learn JavaScriptSix reasons to learn JavaScript
Six reasons to learn JavaScriptOtto Kekäläinen
 
Checking PVS-Studio with Clang
Checking PVS-Studio with ClangChecking PVS-Studio with Clang
Checking PVS-Studio with ClangAndrey Karpov
 
Professional JavaScript: AntiPatterns
Professional JavaScript: AntiPatternsProfessional JavaScript: AntiPatterns
Professional JavaScript: AntiPatternsMike Wilcox
 
Concurrency in Eclipse: Best Practices and Gotchas
Concurrency in Eclipse: Best Practices and GotchasConcurrency in Eclipse: Best Practices and Gotchas
Concurrency in Eclipse: Best Practices and Gotchasamccullo
 
ProGuard / DexGuard Tips and Tricks
ProGuard / DexGuard Tips and TricksProGuard / DexGuard Tips and Tricks
ProGuard / DexGuard Tips and Tricksnetomi
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
BDD Testing Using Godog - Bangalore Golang Meetup # 32
BDD Testing Using Godog - Bangalore Golang Meetup # 32BDD Testing Using Godog - Bangalore Golang Meetup # 32
BDD Testing Using Godog - Bangalore Golang Meetup # 32OpenEBS
 
Neo4j Stored Procedure Training Part 1
Neo4j Stored Procedure Training Part 1Neo4j Stored Procedure Training Part 1
Neo4j Stored Procedure Training Part 1Max De Marzi
 
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11Dennis de Greef
 
How to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one eveningHow to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one eveningPVS-Studio
 
Testing Storm components with Groovy and Spock
Testing Storm components with Groovy and SpockTesting Storm components with Groovy and Spock
Testing Storm components with Groovy and SpockEugene Dvorkin
 

Similar to Automated code reading with JavaScript static analysis tools (20)

Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code Analysis
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelop
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysis
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
 
Copy-Paste and Muons
Copy-Paste and MuonsCopy-Paste and Muons
Copy-Paste and Muons
 
PVS-Studio: analyzing ReactOS's code
PVS-Studio: analyzing ReactOS's codePVS-Studio: analyzing ReactOS's code
PVS-Studio: analyzing ReactOS's code
 
Runtime Behavior of JavaScript Programs
Runtime Behavior of JavaScript ProgramsRuntime Behavior of JavaScript Programs
Runtime Behavior of JavaScript Programs
 
Six reasons to learn JavaScript
Six reasons to learn JavaScriptSix reasons to learn JavaScript
Six reasons to learn JavaScript
 
Checking PVS-Studio with Clang
Checking PVS-Studio with ClangChecking PVS-Studio with Clang
Checking PVS-Studio with Clang
 
Professional JavaScript: AntiPatterns
Professional JavaScript: AntiPatternsProfessional JavaScript: AntiPatterns
Professional JavaScript: AntiPatterns
 
All of Javascript
All of JavascriptAll of Javascript
All of Javascript
 
Concurrency in Eclipse: Best Practices and Gotchas
Concurrency in Eclipse: Best Practices and GotchasConcurrency in Eclipse: Best Practices and Gotchas
Concurrency in Eclipse: Best Practices and Gotchas
 
ProGuard / DexGuard Tips and Tricks
ProGuard / DexGuard Tips and TricksProGuard / DexGuard Tips and Tricks
ProGuard / DexGuard Tips and Tricks
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis technique
 
BDD Testing Using Godog - Bangalore Golang Meetup # 32
BDD Testing Using Godog - Bangalore Golang Meetup # 32BDD Testing Using Godog - Bangalore Golang Meetup # 32
BDD Testing Using Godog - Bangalore Golang Meetup # 32
 
Neo4j Stored Procedure Training Part 1
Neo4j Stored Procedure Training Part 1Neo4j Stored Procedure Training Part 1
Neo4j Stored Procedure Training Part 1
 
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
 
How to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one eveningHow to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one evening
 
Testing Storm components with Groovy and Spock
Testing Storm components with Groovy and SpockTesting Storm components with Groovy and Spock
Testing Storm components with Groovy and Spock
 
All of javascript
All of javascriptAll of javascript
All of javascript
 

More from Noah Sussman

The Invisible Art Of Software Testing
The Invisible Art Of Software TestingThe Invisible Art Of Software Testing
The Invisible Art Of Software TestingNoah Sussman
 
Continuous Automated Testing - Cast conference workshop august 2014
Continuous Automated Testing - Cast conference workshop august 2014Continuous Automated Testing - Cast conference workshop august 2014
Continuous Automated Testing - Cast conference workshop august 2014Noah Sussman
 
Continuous Improvement (GroupOn, Palo Alto 2013)
Continuous Improvement (GroupOn, Palo Alto 2013)Continuous Improvement (GroupOn, Palo Alto 2013)
Continuous Improvement (GroupOn, Palo Alto 2013)Noah Sussman
 
Jenkins data mining on the command line - Jenkins User Conference NYC 2012
Jenkins data mining on the command line - Jenkins User Conference NYC 2012Jenkins data mining on the command line - Jenkins User Conference NYC 2012
Jenkins data mining on the command line - Jenkins User Conference NYC 2012Noah Sussman
 
The user experience of CI systems - Penguicon 2012
The user experience of CI systems - Penguicon 2012The user experience of CI systems - Penguicon 2012
The user experience of CI systems - Penguicon 2012Noah Sussman
 
Selenium in the enterprise what went right and what went wrong so far - sel...
Selenium in the enterprise what went right and what went wrong so far - sel...Selenium in the enterprise what went right and what went wrong so far - sel...
Selenium in the enterprise what went right and what went wrong so far - sel...Noah Sussman
 
Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Noah Sussman
 
Fast and Good: Alternate Approaches to Quality at Etsy - STPCon fall 2011
Fast and Good: Alternate Approaches to Quality at Etsy - STPCon fall 2011Fast and Good: Alternate Approaches to Quality at Etsy - STPCon fall 2011
Fast and Good: Alternate Approaches to Quality at Etsy - STPCon fall 2011Noah Sussman
 

More from Noah Sussman (9)

The Invisible Art Of Software Testing
The Invisible Art Of Software TestingThe Invisible Art Of Software Testing
The Invisible Art Of Software Testing
 
Continuous Automated Testing - Cast conference workshop august 2014
Continuous Automated Testing - Cast conference workshop august 2014Continuous Automated Testing - Cast conference workshop august 2014
Continuous Automated Testing - Cast conference workshop august 2014
 
Continuous Improvement (GroupOn, Palo Alto 2013)
Continuous Improvement (GroupOn, Palo Alto 2013)Continuous Improvement (GroupOn, Palo Alto 2013)
Continuous Improvement (GroupOn, Palo Alto 2013)
 
Jenkins data mining on the command line - Jenkins User Conference NYC 2012
Jenkins data mining on the command line - Jenkins User Conference NYC 2012Jenkins data mining on the command line - Jenkins User Conference NYC 2012
Jenkins data mining on the command line - Jenkins User Conference NYC 2012
 
The user experience of CI systems - Penguicon 2012
The user experience of CI systems - Penguicon 2012The user experience of CI systems - Penguicon 2012
The user experience of CI systems - Penguicon 2012
 
Selenium in the enterprise what went right and what went wrong so far - sel...
Selenium in the enterprise what went right and what went wrong so far - sel...Selenium in the enterprise what went right and what went wrong so far - sel...
Selenium in the enterprise what went right and what went wrong so far - sel...
 
Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?
 
Fast and Good: Alternate Approaches to Quality at Etsy - STPCon fall 2011
Fast and Good: Alternate Approaches to Quality at Etsy - STPCon fall 2011Fast and Good: Alternate Approaches to Quality at Etsy - STPCon fall 2011
Fast and Good: Alternate Approaches to Quality at Etsy - STPCon fall 2011
 
Scaling Selenium
Scaling SeleniumScaling Selenium
Scaling Selenium
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Automated code reading with JavaScript static analysis tools