Slide 1

Slide 1 text

Tools and Practices Ruby Code Analysis

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

Well known smells ● long methods and large classes

Slide 4

Slide 4 text

Well known smells ● long methods and large classes ● duplicated code

Slide 5

Slide 5 text

Well known smells ● long methods and large classes ● duplicated code ● too many parameters

Slide 6

Slide 6 text

Well known smells ● long methods and large classes ● duplicated code ● too many parameters ● conditional complexity

Slide 7

Slide 7 text

Well known smells ● long methods and large classes ● duplicated code ● too many parameters ● conditional complexity ● etc...

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

ruby -w

Slide 11

Slide 11 text

$ ruby -w script.rb ruby -w

Slide 12

Slide 12 text

$ ruby -w script.rb enables verbose mode of ruby interpreter ruby -w

Slide 13

Slide 13 text

$ ruby -w script.rb enables verbose mode of ruby interpreter script.rb:4: warning: assigned but unused variable - file script.rb:11: warning: mismatched indentations at 'end' with 'def' at 7 ruby -w

Slide 14

Slide 14 text

ruby -w What about ?

Slide 15

Slide 15 text

ruby -w $ RUBYOPT=-w rails server 2>&1 | grep appname/app

Slide 16

Slide 16 text

ruby -w $ RUBYOPT=-w rails server 2>&1 | grep errbit/app errbit/app/models/issue_trackers/github_issues_tracker.rb:38: warning: assigned but unused variable - options errbit/app/models/notice.rb:138: warning: shadowing outer local variable - h errbit/app/models/user.rb:6: warning: `*' interpreted as argument prefix errbit/app/models/watcher.rb:16: warning: method redefined; discarding old watcher_type errbit/app/controllers/apps_controller.rb:90: warning: mismatched indentations at 'end' with 'def' at 83 errbit/app/helpers/notices_helper.rb:72: warning: assigned but unused variable - file http://tinyurl.com/shelrtv-errbit-ruby-verbose

Slide 17

Slide 17 text

flog

Slide 18

Slide 18 text

$ flog app.rb flog

Slide 19

Slide 19 text

$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4: App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog

Slide 20

Slide 20 text

$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4: App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog

Slide 21

Slide 21 text

$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4: App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog

Slide 22

Slide 22 text

$ flog app.rb 311.4: flog total 13.6: flog/method average 73.4: App#none 65.9: App#notify app.rb:124 42.1: App#attributes app.rb:142 flog

Slide 23

Slide 23 text

flog $ flog -g appname/app or $ flog -g appname/app/models

Slide 24

Slide 24 text

flog $ flog -g errbit/app/models 1690.0: flog total 11.1: flog/method average 219.3: App total 88.4: App#none 60.5: App#notification_recipients errbit/app/models/app.rb:144 48.8: App#copy_attributes_from errbit/app/models/app.rb:153 21.7: App#check_issue_tracker errbit/app/models/app.rb:178 http://tinyurl.com/shelrtv-errbit-flog

Slide 25

Slide 25 text

flay analyzes code for similarities

Slide 26

Slide 26 text

$ flay app.rb flay

Slide 27

Slide 27 text

$ flay app.rb Total score (lower is better) = 266 1) IDENTICAL code found in :iter (mass*2 = 152) app.rb:16 app.rb:31 2) Similar code found in :defn (mass = 114) app.rb:74 app.rb:83 flay

Slide 28

Slide 28 text

No content

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

brakeman warning types ● Command Injection `ls #{params[:file]}`

Slide 31

Slide 31 text

brakeman warning types ● Command Injection ● SQL Injection username=params[:user][:name].downcase password=params[:user][:password] User.first.where("username = '" + username + "' AND password = '" + password + "'")

Slide 32

Slide 32 text

brakeman warning types ● Command Injection ● SQL Injection ● Mass Assignment

Slide 33

Slide 33 text

brakeman warning types ● Command Injection ● SQL Injection ● Mass Assignment ● Default Routes match ':controller(/:action(/:id(.:format)))'

Slide 34

Slide 34 text

brakeman warning types ● Command Injection ● SQL Injection ● Mass Assignment ● Default Routes ● File Access File.open("/tmp/#{cookie[:file]}")

Slide 35

Slide 35 text

brakeman warning types ● Command Injection ● SQL Injection ● Mass Assignment ● Default Routes ● File Access ● Dangerous Send method = params[:method] @result = User.send(method.to_sym)

Slide 36

Slide 36 text

brakeman warning types ● Command Injection ● SQL Injection ● Mass Assignment ● Default Routes ● File Access ● Dangerous Send See more in documentation.

Slide 37

Slide 37 text

$ brakeman shelr.tv -o report.html

Slide 38

Slide 38 text

rails-brakeman.com

Slide 39

Slide 39 text

rails_best_practices

Slide 40

Slide 40 text

rails-bestpractices.com

Slide 41

Slide 41 text

rails-bestpractices.com advices ● Protect mass assignment ● Not use time_ago_in_words ● Remove empty helpers ● Always add DB index ● Use Observer ● Remove trailing whitespace

Slide 42

Slide 42 text

No content

Slide 43

Slide 43 text

railsbp.com

Slide 44

Slide 44 text

What else ● performance ● tests and code coverage ● codeclimate

Slide 45

Slide 45 text

Resume ruby -w + flog + flay + brakeman =

Slide 46

Slide 46 text

Thank you @proghat github.com/proghat [email protected]