Enforce code auditing like Facebook

Giant IT companies like Facebook and Google all have well-developed code library management and code review systems. Code audit can eliminate some bugs, but in fact, this is not the main purpose of code audit, because reviewer is difficult to find deep bugs by reviewing the Code. Code auditing is more important because it helps maintain the quality of the Code, because reviewer can discover whether the code is written in a standardized way, learn from each other during the audit process, and identify problems in the code. In addition, developers will have more consciousness to write higher-quality code. If someone else points out too many problems or low-level problems, it shows that there is no face to face ,:). Therefore, I think code auditing is an important part of the product maintenance process. Facebook uses careful auditing to prevent code problems.

Facebook has a very strong security guarantee to avoid people (you can imagine someone has this permission inside) from being careful/deliberately doing something bad. If you have already "become" a person who requires support from others, the reasons will be recorded and audited with caution. Drilling holes are not allowed here.

You can also view. Next, I will introduce how to use the tools visualsvn + bugtracker. NET + totoisesvn/ankhsvn to ensure code audit implementation during product implementation and maintenance. Visualsvn is a configuration management tool for product code; bugtracker. net is a defect tracking system and a collaboration platform between developers and auditors in the Code audit process. It can be seamlessly integrated with visual SVN; totoisesvn/ankhsvn is an auxiliary tool for code check in/check out and other operations.

First, make sure that the Code audit is strictly implemented based on the two constraints of Check In in our product development process, as follows:

1. Without a bugid, nothing can be checked in to the code base;
2. If the bug corresponding to the Code is not in the "Review passed" status, nothing can be checked in to the code base.

These two restrictions can be used to prevent developers from bringing Invalid code check in to the repository without review. Therefore, when no specified bug/bugid does not exist/the bug is not in the review passed status, the developer will be prevented from checking in code and an error message will be prompted to it.

To implement the restrictions before checking in, we need to register a pre-commit hook from the code repository of visualsvn, use this hook to check whether the code to check in is in the correct state. The following is the hook for performing this operation. This hook will get the current bugid and pass it to the bugtracker. in. net, svn_hook.aspx queries the bug status. If the check-in is allowed, a response code containing "OK:" is returned. Otherwise, "error:" is returned :".

 

#! /Usr/local/bin/Python
Import sys
Import subprocess
Import re
Import urllib
Import OS
Svnlook = 'C: // progra ~ 1 // visual ~ 1 // bin // svnlook.exe'
This_repository_url = "https: // ladanfking: 8443/SVN/monoaddins"
Btnet_url = "http: // ladanfking/btnet/svn_hook.aspx"
Btnet_username = "admin"
Btnet_password = "admin"
Repos = SYS. argv [1]
Txn = SYS. argv [2]
# Pre-commit tag
Status =-1
Bdebug = false

Def debug_out (s ):
If (bdebug ):
F = open ('d: \ btnet_svn_hook_log.txt ', 'A ')
F. Write (s)
F. Write ('\ n ')
F. Close
Print s
Log_cmd = svnlook + 'Log-T "'+ txn +'" '+ repos + '"'
Process = subprocess. popen (log_cmd, stdout = subprocess. Pipe, stderr = subprocess. Pipe)
Log_string = process. stdout. Read ()
Debug_out (log_string)
Params = urllib. urlencode ({
'Svn _ log': log_string,
'Repo': this_repository_url,
'Username': btnet_username,
'Password': btnet_password,
'Status': Status })
Response = urllib. urlopen (btnet_url, Params)
Data = response. Read ()
Debug_out (data)
NPOs = data. Find ('OK :')
Print data
If NPOs> = 0 and NPOs = (LEN (data)-3 ):
SYS. Exit (0)
Else:
SYS. Exit (1)

 

Therefore, before you want to check in, you must create a bug and assign it to someone for review. The procedure is as follows:

1 create BUG: This step is generally completed by qa. developers can also create bugs themselves. As shown below.

2 assign Review

(1) create a patch: Go to your code working directory, right-click it, and use "create patch" of totoisesvn to create a patch.

After the patch is enabled, the code changes before and after the patch is enabled.

(2) Assign Review: This step uploads the patch file to the specified bug through bugtracker. NET as an attachment and assigns the bug to someone for auditing.

3 Review: The Auditor enters the bugtracker.. Net to view the patch file. If the audit succeeds, change the status to "review passed". Otherwise, change it to "review failed ", in this way, developers need to change the code and apply for a new audit.

After the bug corresponding to the Code for checking in is audited, the developer can check in. The following is the case after the code check in.

In addition, you can click "SVN revisions" to view this update, as shown below.

In this way, the introduction of mandatory code auditing can constrain developers' inability to check in code at will, nor check in code that does not meet quality requirements. In addition, other developers can query bugtracker. net repository to see how similar bugs are fixed.