Ruby Code Analisis

Transcript

1. Tools and Practices Ruby Code Analysis

2. None

3. Well known smells • long methods and large classes

4. Well known smells • long methods and large classes •

   duplicated code

5. Well known smells • long methods and large classes •

   duplicated code • too many parameters

6. Well known smells • long methods and large classes •

   duplicated code • too many parameters • conditional complexity

7. Well known smells • long methods and large classes •

   duplicated code • too many parameters • conditional complexity • etc...
8. None
9. None

10. ruby -w

11. $ ruby -w script.rb ruby -w

12. $ ruby -w script.rb enables verbose mode of ruby interpreter

    ruby -w

13. $ ruby -w script.rb enables verbose mode of ruby interpreter

    script.rb:4: warning: assigned but unused variable - file script.rb:11: warning: mismatched indentations at 'end' with 'def' at 7 ruby -w

14. ruby -w What about ?

15. ruby -w $ RUBYOPT=-w rails server 2>&1 | grep appname/app

16. ruby -w $ RUBYOPT=-w rails server 2>&1 | grep errbit/app

    errbit/app/models/issue_trackers/github_issues_tracker.rb:38: warning: assigned but unused variable - options errbit/app/models/notice.rb:138: warning: shadowing outer local variable - h errbit/app/models/user.rb:6: warning: `*' interpreted as argument prefix errbit/app/models/watcher.rb:16: warning: method redefined; discarding old watcher_type errbit/app/controllers/apps_controller.rb:90: warning: mismatched indentations at 'end' with 'def' at 83 errbit/app/helpers/notices_helper.rb:72: warning: assigned but unused variable - file http://tinyurl.com/shelrtv-errbit-ruby-verbose

17. flog

18. $ flog app.rb flog

19. $ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:

    App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog

20. $ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:

    App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog

21. $ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:

    App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog

22. $ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:

    App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog

23. flog $ flog -g appname/app or $ flog -g appname/app/models

24. flog $ flog -g errbit/app/models 1690.0: flog total 11.1: flog/method

    average 219.3: App total 88.4: App#none 60.5: App#notification_recipients errbit/app/models/app.rb:144 48.8: App#copy_attributes_from errbit/app/models/app.rb:153 21.7: App#check_issue_tracker errbit/app/models/app.rb:178 http://tinyurl.com/shelrtv-errbit-flog

25. flay analyzes code for similarities

26. $ flay app.rb flay

27. $ flay app.rb Total score (lower is better) = 266

    1) IDENTICAL code found in :iter (mass*2 = 152) app.rb:16 app.rb:31 2) Similar code found in :defn (mass = 114) app.rb:74 app.rb:83 flay
28. None
29. None

30. brakeman warning types • Command Injection `ls #{params[:file]}`

31. brakeman warning types • Command Injection • SQL Injection username=params[:user][:name].downcase

    password=params[:user][:password] User.first.where("username = '" + username + "' AND password = '" + password + "'")

32. brakeman warning types • Command Injection • SQL Injection •

    Mass Assignment

33. brakeman warning types • Command Injection • SQL Injection •

    Mass Assignment • Default Routes match ':controller(/:action(/:id(.:format)))'

34. brakeman warning types • Command Injection • SQL Injection •

    Mass Assignment • Default Routes • File Access File.open("/tmp/#{cookie[:file]}")

35. brakeman warning types • Command Injection • SQL Injection •

    Mass Assignment • Default Routes • File Access • Dangerous Send method = params[:method] @result = User.send(method.to_sym)

36. brakeman warning types • Command Injection • SQL Injection •

    Mass Assignment • Default Routes • File Access • Dangerous Send See more in documentation.

37. $ brakeman shelr.tv -o report.html

38. rails-brakeman.com

39. rails_best_practices

40. rails-bestpractices.com

41. rails-bestpractices.com advices • Protect mass assignment • Not use time_ago_in_words

    • Remove empty helpers • Always add DB index • Use Observer • Remove trailing whitespace
42. None

43. railsbp.com

44. What else • performance • tests and code coverage •

    codeclimate

45. Resume ruby -w + flog + flay + brakeman =

46. Thank you @proghat github.com/proghat [email protected]