Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ruby Code Analisis
Search
Dmitry Zhlobo
October 27, 2012
Programming
870
7
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Ruby Code Analisis
Tools and practices make your ruby app clear.
Dmitry Zhlobo
October 27, 2012
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
180
Rails: The Good Parts
dimazhlobo
2
160
Ethereum Smart Contracts For Developers
dimazhlobo
0
130
Cross-origin resource sharing
dimazhlobo
1
88
Elasticsearch Introduction
dimazhlobo
0
770
Other Decks in Programming
See All in Programming
コンテキストの使い捨てをやめる — ビジネスルール駆動開発と miko —
ioki
0
270
例外の正しい扱い方 そのエラー try-catchして大丈夫?
jinwatanabe
0
340
The Bowling Game- From Imperative to Functional Programming - Part 1
philipschwarz
PRO
0
290
Observability in Practice:Grafana 與 Edge Device SRE 的那些事
blueswen
0
190
TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める
geekplus_tech
0
430
コーディングルールの鮮度を保ちたい for SRE NEXT 2026 / keep-fresh-go-internal-conventions-sre-next-2026
handlename
0
120
symfony/aiとlaravel/boost
77web
0
120
初めてのKubernetes 本番運用でハマった話
oku053
0
120
アルゴリズムは何を圧縮しているのか ─ Haskell から育った「圧縮代数」というメンタルモデル
naoya
15
3k
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.7k
Skillsは効率化、Agentsは"自分の拡張"——Builder時代のエージェント編成(CC Night 2026)
wemra
1
200
任せる範囲はこう広がった / How the Scope of AI Delegation Has Expanded
nrslib
1
240
Featured
See All Featured
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
150
Automating Front-end Workflow
addyosmani
1370
210k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.5k
Practical Orchestrator
shlominoach
191
11k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
56k
Optimising Largest Contentful Paint
csswizardry
37
3.8k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.9k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.3k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.9k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
760
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Transcript
Tools and Practices Ruby Code Analysis
None
Well known smells • long methods and large classes
Well known smells • long methods and large classes •
duplicated code
Well known smells • long methods and large classes •
duplicated code • too many parameters
Well known smells • long methods and large classes •
duplicated code • too many parameters • conditional complexity
Well known smells • long methods and large classes •
duplicated code • too many parameters • conditional complexity • etc...
None
None
ruby -w
$ ruby -w script.rb ruby -w
$ ruby -w script.rb enables verbose mode of ruby interpreter
ruby -w
$ ruby -w script.rb enables verbose mode of ruby interpreter
script.rb:4: warning: assigned but unused variable - file script.rb:11: warning: mismatched indentations at 'end' with 'def' at 7 ruby -w
ruby -w What about ?
ruby -w $ RUBYOPT=-w rails server 2>&1 | grep appname/app
ruby -w $ RUBYOPT=-w rails server 2>&1 | grep errbit/app
errbit/app/models/issue_trackers/github_issues_tracker.rb:38: warning: assigned but unused variable - options errbit/app/models/notice.rb:138: warning: shadowing outer local variable - h errbit/app/models/user.rb:6: warning: `*' interpreted as argument prefix errbit/app/models/watcher.rb:16: warning: method redefined; discarding old watcher_type errbit/app/controllers/apps_controller.rb:90: warning: mismatched indentations at 'end' with 'def' at 83 errbit/app/helpers/notices_helper.rb:72: warning: assigned but unused variable - file http://tinyurl.com/shelrtv-errbit-ruby-verbose
flog
$ flog app.rb flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
flog $ flog -g appname/app or $ flog -g appname/app/models
flog $ flog -g errbit/app/models 1690.0: flog total 11.1: flog/method
average 219.3: App total 88.4: App#none 60.5: App#notification_recipients errbit/app/models/app.rb:144 48.8: App#copy_attributes_from errbit/app/models/app.rb:153 21.7: App#check_issue_tracker errbit/app/models/app.rb:178 http://tinyurl.com/shelrtv-errbit-flog
flay analyzes code for similarities
$ flay app.rb flay
$ flay app.rb Total score (lower is better) = 266
1) IDENTICAL code found in :iter (mass*2 = 152) app.rb:16 app.rb:31 2) Similar code found in :defn (mass = 114) app.rb:74 app.rb:83 flay
None
None
brakeman warning types • Command Injection `ls #{params[:file]}`
brakeman warning types • Command Injection • SQL Injection username=params[:user][:name].downcase
password=params[:user][:password] User.first.where("username = '" + username + "' AND password = '" + password + "'")
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes match ':controller(/:action(/:id(.:format)))'
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access File.open("/tmp/#{cookie[:file]}")
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access • Dangerous Send method = params[:method] @result = User.send(method.to_sym)
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access • Dangerous Send See more in documentation.
$ brakeman shelr.tv -o report.html
rails-brakeman.com
rails_best_practices
rails-bestpractices.com
rails-bestpractices.com advices • Protect mass assignment • Not use time_ago_in_words
• Remove empty helpers • Always add DB index • Use Observer • Remove trailing whitespace
None
railsbp.com
What else • performance • tests and code coverage •
codeclimate
Resume ruby -w + flog + flay + brakeman =
Thank you @proghat github.com/proghat
[email protected]