Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ruby Code Analisis
Search
Dmitry Zhlobo
October 27, 2012
Programming
7
790
Ruby Code Analisis
Tools and practices make your ruby app clear.
Dmitry Zhlobo
October 27, 2012
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
110
Rails: The Good Parts
dimazhlobo
2
83
Ethereum Smart Contracts For Developers
dimazhlobo
0
70
Cross-origin resource sharing
dimazhlobo
1
71
Elasticsearch Introduction
dimazhlobo
0
700
Other Decks in Programming
See All in Programming
テストコード文化を0から作り、変化し続けた組織
kazatohiei
2
1.5k
42 best practices for Symfony, a decade later
tucksaun
1
180
Scalaから始めるOpenFeature入門 / Scalaわいわい勉強会 #4
arthur1
1
330
Mermaid x AST x 生成AI = コードとドキュメントの完全同期への道
shibuyamizuho
0
160
「Chatwork」Android版アプリを 支える単体テストの現在
okuzawats
0
180
フロントエンドのディレクトリ構成どうしてる? Feature-Sliced Design 導入体験談
osakatechlab
8
4.1k
20年もののレガシープロダクトに 0からPHPStanを入れるまで / phpcon2024
hirobe1999
0
470
良いユニットテストを書こう
mototakatsu
7
2.2k
Amazon S3 NYJavaSIG 2024-12-12
sullis
0
100
PHPで作るWebSocketサーバー ~リアクティブなアプリケーションを知るために~ / WebSocket Server in PHP - To know reactive applications
seike460
PRO
2
320
Refactor your code - refactor yourself
xosofox
1
260
今年のアップデートで振り返るCDKセキュリティのシフトレフト/2024-cdk-security-shift-left
tomoki10
0
200
Featured
See All Featured
Visualization
eitanlees
146
15k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
2
290
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
520
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
Building Better People: How to give real-time feedback that sticks.
wjessup
365
19k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
Being A Developer After 40
akosma
87
590k
4 Signs Your Business is Dying
shpigford
181
21k
How GitHub (no longer) Works
holman
311
140k
Done Done
chrislema
181
16k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
The Cost Of JavaScript in 2023
addyosmani
45
7k
Transcript
Tools and Practices Ruby Code Analysis
None
Well known smells • long methods and large classes
Well known smells • long methods and large classes •
duplicated code
Well known smells • long methods and large classes •
duplicated code • too many parameters
Well known smells • long methods and large classes •
duplicated code • too many parameters • conditional complexity
Well known smells • long methods and large classes •
duplicated code • too many parameters • conditional complexity • etc...
None
None
ruby -w
$ ruby -w script.rb ruby -w
$ ruby -w script.rb enables verbose mode of ruby interpreter
ruby -w
$ ruby -w script.rb enables verbose mode of ruby interpreter
script.rb:4: warning: assigned but unused variable - file script.rb:11: warning: mismatched indentations at 'end' with 'def' at 7 ruby -w
ruby -w What about ?
ruby -w $ RUBYOPT=-w rails server 2>&1 | grep appname/app
ruby -w $ RUBYOPT=-w rails server 2>&1 | grep errbit/app
errbit/app/models/issue_trackers/github_issues_tracker.rb:38: warning: assigned but unused variable - options errbit/app/models/notice.rb:138: warning: shadowing outer local variable - h errbit/app/models/user.rb:6: warning: `*' interpreted as argument prefix errbit/app/models/watcher.rb:16: warning: method redefined; discarding old watcher_type errbit/app/controllers/apps_controller.rb:90: warning: mismatched indentations at 'end' with 'def' at 83 errbit/app/helpers/notices_helper.rb:72: warning: assigned but unused variable - file http://tinyurl.com/shelrtv-errbit-ruby-verbose
flog
$ flog app.rb flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
flog $ flog -g appname/app or $ flog -g appname/app/models
flog $ flog -g errbit/app/models 1690.0: flog total 11.1: flog/method
average 219.3: App total 88.4: App#none 60.5: App#notification_recipients errbit/app/models/app.rb:144 48.8: App#copy_attributes_from errbit/app/models/app.rb:153 21.7: App#check_issue_tracker errbit/app/models/app.rb:178 http://tinyurl.com/shelrtv-errbit-flog
flay analyzes code for similarities
$ flay app.rb flay
$ flay app.rb Total score (lower is better) = 266
1) IDENTICAL code found in :iter (mass*2 = 152) app.rb:16 app.rb:31 2) Similar code found in :defn (mass = 114) app.rb:74 app.rb:83 flay
None
None
brakeman warning types • Command Injection `ls #{params[:file]}`
brakeman warning types • Command Injection • SQL Injection username=params[:user][:name].downcase
password=params[:user][:password] User.first.where("username = '" + username + "' AND password = '" + password + "'")
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes match ':controller(/:action(/:id(.:format)))'
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access File.open("/tmp/#{cookie[:file]}")
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access • Dangerous Send method = params[:method] @result = User.send(method.to_sym)
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access • Dangerous Send See more in documentation.
$ brakeman shelr.tv -o report.html
rails-brakeman.com
rails_best_practices
rails-bestpractices.com
rails-bestpractices.com advices • Protect mass assignment • Not use time_ago_in_words
• Remove empty helpers • Always add DB index • Use Observer • Remove trailing whitespace
None
railsbp.com
What else • performance • tests and code coverage •
codeclimate
Resume ruby -w + flog + flay + brakeman =
Thank you @proghat github.com/proghat
[email protected]