Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ruby Code Analisis
Search
Dmitry Zhlobo
October 27, 2012
Programming
7
830
Ruby Code Analisis
Tools and practices make your ruby app clear.
Dmitry Zhlobo
October 27, 2012
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
140
Rails: The Good Parts
dimazhlobo
2
110
Ethereum Smart Contracts For Developers
dimazhlobo
0
96
Cross-origin resource sharing
dimazhlobo
1
74
Elasticsearch Introduction
dimazhlobo
0
730
Other Decks in Programming
See All in Programming
Platformに“ちょうどいい”責務ってどこ? 関心の熱さにあわせて考える、責務分担のプラクティス
estie
2
520
メモリ不足との戦い〜大量データを扱うアプリでの実践例〜
kwzr
1
670
defer f()とdefer fの挙動を 誤解していた話
kogamochiduki
2
160
そのpreloadは必要?見過ごされたpreloadが技術的負債として爆発した日
mugitti9
2
2.7k
気づいて!アプリからのSOS 〜App Store Connect APIで始めるパフォーマンス健康診断〜
waka12
0
250
PostgreSQLで手軽にDuckDBを使う!DuckDB&pg_duckdb入門/osk2025-duckdb
takahashiikki
1
230
あなたの知らない「動画広告」の世界 - iOSDC Japan 2025
ukitaka
0
320
OWASP Kansai DAY 2025.09: OSINTにふれてみよう
deka_morita
0
200
ててべんす独演会〜Flowの全てを語ります〜
tbsten
1
220
なぜあの開発者はDevRelに伴走し続けるのか / Why Does That Developer Keep Running Alongside DevRel?
nrslib
1
250
CSC305 Lecture 01
javiergs
PRO
1
380
LLMとPlaywright/reg-suitを活用した jQueryリファクタリングの実際
kinocoboy2
4
660
Featured
See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
114
20k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.6k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Designing Experiences People Love
moore
142
24k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.1k
A designer walks into a library…
pauljervisheath
208
24k
How to Think Like a Performance Engineer
csswizardry
27
2k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
3k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.5k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Transcript
Tools and Practices Ruby Code Analysis
None
Well known smells • long methods and large classes
Well known smells • long methods and large classes •
duplicated code
Well known smells • long methods and large classes •
duplicated code • too many parameters
Well known smells • long methods and large classes •
duplicated code • too many parameters • conditional complexity
Well known smells • long methods and large classes •
duplicated code • too many parameters • conditional complexity • etc...
None
None
ruby -w
$ ruby -w script.rb ruby -w
$ ruby -w script.rb enables verbose mode of ruby interpreter
ruby -w
$ ruby -w script.rb enables verbose mode of ruby interpreter
script.rb:4: warning: assigned but unused variable - file script.rb:11: warning: mismatched indentations at 'end' with 'def' at 7 ruby -w
ruby -w What about ?
ruby -w $ RUBYOPT=-w rails server 2>&1 | grep appname/app
ruby -w $ RUBYOPT=-w rails server 2>&1 | grep errbit/app
errbit/app/models/issue_trackers/github_issues_tracker.rb:38: warning: assigned but unused variable - options errbit/app/models/notice.rb:138: warning: shadowing outer local variable - h errbit/app/models/user.rb:6: warning: `*' interpreted as argument prefix errbit/app/models/watcher.rb:16: warning: method redefined; discarding old watcher_type errbit/app/controllers/apps_controller.rb:90: warning: mismatched indentations at 'end' with 'def' at 83 errbit/app/helpers/notices_helper.rb:72: warning: assigned but unused variable - file http://tinyurl.com/shelrtv-errbit-ruby-verbose
flog
$ flog app.rb flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4:
App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog
flog $ flog -g appname/app or $ flog -g appname/app/models
flog $ flog -g errbit/app/models 1690.0: flog total 11.1: flog/method
average 219.3: App total 88.4: App#none 60.5: App#notification_recipients errbit/app/models/app.rb:144 48.8: App#copy_attributes_from errbit/app/models/app.rb:153 21.7: App#check_issue_tracker errbit/app/models/app.rb:178 http://tinyurl.com/shelrtv-errbit-flog
flay analyzes code for similarities
$ flay app.rb flay
$ flay app.rb Total score (lower is better) = 266
1) IDENTICAL code found in :iter (mass*2 = 152) app.rb:16 app.rb:31 2) Similar code found in :defn (mass = 114) app.rb:74 app.rb:83 flay
None
None
brakeman warning types • Command Injection `ls #{params[:file]}`
brakeman warning types • Command Injection • SQL Injection username=params[:user][:name].downcase
password=params[:user][:password] User.first.where("username = '" + username + "' AND password = '" + password + "'")
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes match ':controller(/:action(/:id(.:format)))'
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access File.open("/tmp/#{cookie[:file]}")
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access • Dangerous Send method = params[:method] @result = User.send(method.to_sym)
brakeman warning types • Command Injection • SQL Injection •
Mass Assignment • Default Routes • File Access • Dangerous Send See more in documentation.
$ brakeman shelr.tv -o report.html
rails-brakeman.com
rails_best_practices
rails-bestpractices.com
rails-bestpractices.com advices • Protect mass assignment • Not use time_ago_in_words
• Remove empty helpers • Always add DB index • Use Observer • Remove trailing whitespace
None
railsbp.com
What else • performance • tests and code coverage •
codeclimate
Resume ruby -w + flog + flay + brakeman =
Thank you @proghat github.com/proghat
[email protected]