4.4. Code Quality#

We use a variety of tools to check for errors and vulnerabilities, and to enforce a coding standard and coding style.

To check the quality of your pull request, go to the top level of the edx- platform codebase and run the following command.

paver run_quality

Most other repos use the command

make quality

The following topics provide additional details on the tools that we use.

4.4.1. Clean Code#

Here are the primary tools we use to keep our code clean.

  • We use the pep8 tool to follow PEP-8 guidelines.

  • We use pylint for static analysis and to uncover trouble spots in our code.

Our codebase is far from perfect, but the goal is to steadily improve its quality over time. To do this, we wrote a pypi package called diff-cover, which includes the tool diff-quality. The diff-quality tool reports on quality violations only on lines that have changed in a pull request. Using this tool, we can ensure that pull requests do not introduce new quality violations, and also clean up existing violations in the process of introducing other changes.

To run diff-quality along with our other quality based tools, go to the top level of the edx-platform codebase and run the following command.

paver run_quality

You can also use the paver run_pep8 and paver run_pylint commands to run only pep8 or pylint.

This will print a report of the quality violations that your branch has made.

Although we try to be vigilant in resolving all quality violations, some Pylint violations are too challenging to resolve, so we opt to ignore them via use of a pragma. A pragma tells Pylint to ignore the violation in the given line. An example is.

self.assertEquals(msg, form._errors['course_id'][0])  # pylint: disable=protected-access

The pragma starts with a # two spaces after the end of the line. We prefer that you use the full name of the error (pylint: disable=unused-argument as opposed to pylint: disable=W0613), to make more clear what you are disabling in the line.

4.4.2. Safe Code#

To keep our code safe from Cross Site Scripting (XSS) vulnerabilities, the XSS Linter is also run as part of paver run_quality.

To run the XSS Linter against your current branch, run the following command.

paver run_xsscommitlint

For more options for running the XSS Linter, or instructions for fixing violations, see XSS Linter.