community_plugins icon indicating copy to clipboard operation
community_plugins copied to clipboard

Published 20 hours ago verified publisher icon Elgg

Inspect plugin packages

Open Srokap opened this issue 11 years ago • 1 comments

That would cover:

  • giving preview of package contents (files tree, zip packages handling example here: https://github.com/Srokap/srokap_plugin_installer)
  • extracting manifests (could display it's data and even compare with declared license/compatibility)
    • automatic extraction of screenshots
  • code quality analysis
    • coding standards
    • detect deprecated functions usage - https://github.com/Srokap/code_review
    • existence of comments?
    • some nice tool for potential problems finder?

See https://github.com/Elgg/community_plugins/issues/34

All of it would serve only informative purposes. I wouldn't want to automatically block plugins, trigger an alert at most.

Some existing tools ideas:

  • http://www.sonarsource.com/
  • http://sourceforge.net/projects/rips-scanner/
  • https://www.owasp.org/index.php/Source_Code_Analysis_Tools

Srokap avatar Aug 19 '13 02:08 Srokap

Regarding the analysis of manifest files https://github.com/Elgg/Elgg/issues/5895

jdalsem avatar Sep 10 '13 08:09 jdalsem