Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ruby Code Analisis
Search
Dmitry Zhlobo
October 27, 2012
Programming
7
820
Ruby Code Analisis
Tools and practices make your ruby app clear.
Dmitry Zhlobo
October 27, 2012
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
130
Rails: The Good Parts
dimazhlobo
2
110
Ethereum Smart Contracts For Developers
dimazhlobo
0
86
Cross-origin resource sharing
dimazhlobo
1
74
Elasticsearch Introduction
dimazhlobo
0
720
Other Decks in Programming
See All in Programming
猫と暮らす Google Nest Cam生活🐈 / WebRTC with Google Nest Cam
yutailang0119
0
110
MDN Web Docs に日本語翻訳でコントリビュートしたくなる
ohmori_yusuke
1
120
GitHub Copilot and GitHub Codespaces Hands-on
ymd65536
2
150
AIプログラマーDevinは PHPerの夢を見るか?
shinyasaita
1
210
#kanrk08 / 公開版 PicoRubyとマイコンでの自作トレーニング計測装置を用いたワークアウトの理想と現実
bash0c7
1
720
新メンバーも今日から大活躍!SREが支えるスケールし続ける組織のオンボーディング
honmarkhunt
4
6.6k
ISUCON研修おかわり会 講義スライド
arfes0e2b3c
1
440
dbt民主化とLLMによる開発ブースト ~ AI Readyな分析サイクルを目指して ~
yoshyum
3
910
テストから始めるAgentic Coding 〜Claude Codeと共に行うTDD〜 / Agentic Coding starts with testing
rkaga
12
3.5k
なぜ「共通化」を考え、失敗を繰り返すのか
rinchoku
1
640
たった 1 枚の PHP ファイルで実装する MCP サーバ / MCP Server with Vanilla PHP
okashoi
1
240
「テストは愚直&&網羅的に書くほどよい」という誤解 / Test Smarter, Not Harder
munetoshi
0
160
Featured
See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.4k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Facilitating Awesome Meetings
lara
54
6.4k
Why Our Code Smells
bkeepers
PRO
336
57k
Into the Great Unknown - MozCon
thekraken
39
1.9k
Embracing the Ebb and Flow
colly
86
4.7k
A designer walks into a library…
pauljervisheath
207
24k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
For a Future-Friendly Web
brad_frost
179
9.8k
Faster Mobile Websites
deanohume
307
31k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Being A Developer After 40
akosma
90
590k
Transcript
Tools and Practices Ruby Code Analysis
None
Well known smells • long methods and large classes
Well known smells • long methods and large classes •
duplicated code
Well known smells • long methods and large classes •
duplicated code • too many parameters
Well known smells • long methods and large classes •
duplicated code • too many parameters • conditional complexity
Well known smells • long methods and large classes •
duplicated code • too many parameters • conditional complexity • etc...
None
None
ruby -w
$ ruby -w script.rb ruby -w
$ ruby -w script.rb enables verbose mode of ruby interpreter
ruby -w
$ ruby -w script.rb enables verbose mode of ruby interpreter
script.rb:4: warning: assigned but unused variable - file script.rb:11: warning: mismatched indentations at 'end' with 'def' at 7 ruby -w
ruby -w What about ?
ruby -w $ RUBYOPT=-w rails server 2>&1 | grep appname/app
ruby -w $ RUBYOPT=-w rails server 2>&1 | grep errbit/app
errbit/app/models/issue_trackers/github_issues_tracker.rb:38: warning: assigned but unused variable - options errbit/app/models/notice.rb:138: warning: shadowing outer local variable - h errbit/app/models/user.rb:6: warning: `*' interpreted as argument prefix errbit/app/models/watcher.rb:16: warning: method redefined; discarding old watcher_type errbit/app/controllers/apps_controller.rb:90: warning: mismatched indentations at 'end' with 'def' at 83 errbit/app/helpers/notices_helper.rb:72: warning: assigned but unused variable - file http://tinyurl.com/shelrtv-errbit-ruby-verbose
flog
$ flog app.rb flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
flog $ flog -g appname/app or $ flog -g appname/app/models
flog $ flog -g errbit/app/models 1690.0: flog total 11.1: flog/method
average 219.3: App total 88.4: App#none 60.5: App#notification_recipients errbit/app/models/app.rb:144 48.8: App#copy_attributes_from errbit/app/models/app.rb:153 21.7: App#check_issue_tracker errbit/app/models/app.rb:178 http://tinyurl.com/shelrtv-errbit-flog
flay analyzes code for similarities
$ flay app.rb flay
$ flay app.rb Total score (lower is better) = 266
1) IDENTICAL code found in :iter (mass*2 = 152) app.rb:16 app.rb:31 2) Similar code found in :defn (mass = 114) app.rb:74 app.rb:83 flay
None
None
brakeman warning types • Command Injection `ls #{params[:file]}`
brakeman warning types • Command Injection • SQL Injection username=params[:user][:name].downcase
password=params[:user][:password] User.first.where("username = '" + username + "' AND password = '" + password + "'")
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes match ':controller(/:action(/:id(.:format)))'
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access File.open("/tmp/#{cookie[:file]}")
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access • Dangerous Send method = params[:method] @result = User.send(method.to_sym)
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access • Dangerous Send See more in documentation.
$ brakeman shelr.tv -o report.html
rails-brakeman.com
rails_best_practices
rails-bestpractices.com
rails-bestpractices.com advices • Protect mass assignment • Not use time_ago_in_words
• Remove empty helpers • Always add DB index • Use Observer • Remove trailing whitespace
None
railsbp.com
What else • performance • tests and code coverage •
codeclimate
Resume ruby -w + flog + flay + brakeman =
Thank you @proghat github.com/proghat
[email protected]