bullet 7.0.2 → 7.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9190b7377e0184967fec123b7926cc2287755989ceea1a4c90a949721d29f411
-  data.tar.gz: 9ae038298d2367a5862eeb6480565f9ac9d104887b97f417e390266e0bfbdb8e
+  metadata.gz: 0f47e147f5df074217ee7a65123f54a1918f98bde162c7d4bf1f76bffc9f15a6
+  data.tar.gz: e05e48b96a5e68bfbcac63f4dce4601d717ec1a32ee83a5c45aad738e1bfc48b
 SHA512:
-  metadata.gz: 5b8679cc1801319b7527c472be94d75a5df7a3e03a16f2ef444d3708de584f1f8985ceedd079c35c43cc9ffb39ee5a1664b5c12d38d3d194a686692495873612
-  data.tar.gz: 6309d7925415f5a6339ab4e180a6ef0cd3d27c3308f3a39f6bbfa120c4cb0825f6c2728365942f71e810cb967504b72ad6fa2893334adb4ce6597299cbc4abbd
+  metadata.gz: 87bf095754befedb8f1137ae039191807baa1f1bcadb09c923b4f1a6abd385e73e4143e50077358a8f7155e3bf367edb1b405e3b0b260c8de5dd572699b7bafc
+  data.tar.gz: fd692ae67a1695ee4598b24d3cd030a7f091deb42f30df0f92085b3c54f765960c0b5eabaace7b306fadf8539b514fe77076cff825c27a292c5e36f56916646b

data/.github/workflows/main.yml

@@ -9,9 +9,9 @@ name: CI
 
 on:
   push:
-    branches: [ master ]
+    branches: [ main ]
   pull_request:
-    branches: [ master ]
+    branches: [ main ]
 
 jobs:
   test_rails_4:

data/CHANGELOG.md

@@ -1,5 +1,30 @@
 ## Next Release
 
+## 7.0.7 (03/01/2023)
+
+* Check `Rails.application.config.content_security_policy` before insert `Bullet::Rack`
+
+## 7.0.6 (03/01/2023)
+
+* Better way to check if `ActionDispatch::ContentSecurityPolicy::Middleware` exists
+
+## 7.0.5 (01/01/2023)
+
+* Fix n+1 false positives in AR 7.0
+* Fix eager_load nested has_many :through false positives
+* Respect Content-Security-Policy nonces
+* Added CallStacks support for avoid eager loading
+* Iterate fewer times over objects
+
+## 7.0.4 (11/28/2022)
+
+* Fix `eager_load` `has_many :through` false positives
+* mongoid7x: add dynamic methods
+
+## 7.0.3 (08/13/2022)
+
+* Replace `Array()` with `Array.wrap()`
+
 ## 7.0.2 (05/31/2022)
 
 * Drop growl support

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2009 - 2010 Richard Huang (flyerhzm@gmail.com)
+Copyright (c) 2009 - 2022 Richard Huang (flyerhzm@gmail.com)
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -222,7 +222,7 @@ end
 
 ### Work with sinatra
 
-Configure and use `Bullet::Rack`
+Configure and use `Bullet::Rack`.
 
 ```ruby
 configure :development do
@@ -232,6 +232,8 @@ configure :development do
 end
 ```
 
+If your application generates a Content-Security-Policy via a separate middleware, ensure that `Bullet::Rack` is loaded _before_ that middleware.
+
 ### Run in tests
 
 First you need to enable Bullet in test environment.
@@ -285,7 +287,7 @@ $ rails g scaffold comment name:string post_id:integer
 $ bundle exec rake db:migrate
 ```
 
-2\. Change `app/model/post.rb` and `app/model/comment.rb`
+2\. Change `app/models/post.rb` and `app/models/comment.rb`
 
 ```ruby
 class Post < ActiveRecord::Base

data/lib/bullet/active_record5.rb

@@ -177,16 +177,18 @@ module Bullet
             if Bullet.start?
               if is_a? ::ActiveRecord::Associations::ThroughAssociation
                 refl = reflection.through_reflection
-                Bullet::Detector::NPlusOneQuery.call_association(owner, refl.name)
-                association = owner.association refl.name
-                Array(association.target).each do |through_record|
-                  Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
-                end
+                association = owner.association(refl.name)
+                if association.loaded?
+                  Bullet::Detector::NPlusOneQuery.call_association(owner, refl.name)
+                  Array.wrap(association.target).each do |through_record|
+                    Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
+                  end
 
-                if refl.through_reflection?
-                  refl = refl.through_reflection while refl.through_reflection?
+                  if refl.through_reflection?
+                    refl = refl.through_reflection while refl.through_reflection?
 
-                  Bullet::Detector::NPlusOneQuery.call_association(owner, refl.name)
+                    Bullet::Detector::NPlusOneQuery.call_association(owner, refl.name)
+                  end
                 end
               end
               Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name) unless @inversed

data/lib/bullet/active_record52.rb

@@ -150,14 +150,16 @@ module Bullet
 
             if Bullet.start?
               if is_a? ::ActiveRecord::Associations::ThroughAssociation
-                Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
-                association = owner.association reflection.through_reflection.name
-                Array(association.target).each do |through_record|
-                  Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
-                end
+                association = owner.association(reflection.through_reflection.name)
+                if association.loaded?
+                  Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
+                  Array.wrap(association.target).each do |through_record|
+                    Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
+                  end
 
-                if reflection.through_reflection != through_reflection
-                  Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  if reflection.through_reflection != through_reflection
+                    Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  end
                 end
               end
               Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name) unless @inversed
@@ -199,7 +201,7 @@ module Bullet
                 if is_a? ::ActiveRecord::Associations::ThroughAssociation
                   Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
                   association = owner.association reflection.through_reflection.name
-                  Array(association.target).each do |through_record|
+                  Array.wrap(association.target).each do |through_record|
                     Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
                   end
 

data/lib/bullet/active_record60.rb

@@ -177,14 +177,16 @@ module Bullet
 
             if Bullet.start?
               if is_a? ::ActiveRecord::Associations::ThroughAssociation
-                Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
                 association = owner.association(reflection.through_reflection.name)
-                Array(association.target).each do |through_record|
-                  Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
-                end
+                if association.loaded?
+                  Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
+                  Array.wrap(association.target).each do |through_record|
+                    Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
+                  end
 
-                if reflection.through_reflection != through_reflection
-                  Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  if reflection.through_reflection != through_reflection
+                    Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  end
                 end
               end
               Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name) unless @inversed
@@ -226,7 +228,7 @@ module Bullet
                 if is_a? ::ActiveRecord::Associations::ThroughAssociation
                   Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
                   association = owner.association(reflection.through_reflection.name)
-                  Array(association.target).each do |through_record|
+                  Array.wrap(association.target).each do |through_record|
                     Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
                   end
 

data/lib/bullet/active_record61.rb

@@ -177,14 +177,16 @@ module Bullet
 
             if Bullet.start?
               if is_a? ::ActiveRecord::Associations::ThroughAssociation
-                Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
                 association = owner.association(reflection.through_reflection.name)
-                Array(association.target).each do |through_record|
-                  Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
-                end
+                if association.loaded?
+                  Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
+                  Array.wrap(association.target).each do |through_record|
+                    Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
+                  end
 
-                if reflection.through_reflection != through_reflection
-                  Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  if reflection.through_reflection != through_reflection
+                    Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  end
                 end
               end
               Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name) unless @inversed
@@ -226,7 +228,7 @@ module Bullet
                 if is_a? ::ActiveRecord::Associations::ThroughAssociation
                   Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
                   association = owner.association(reflection.through_reflection.name)
-                  Array(association.target).each do |through_record|
+                  Array.wrap(association.target).each do |through_record|
                     Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
                   end
 

data/lib/bullet/active_record70.rb

@@ -170,6 +170,13 @@ module Bullet
             end
             super
           end
+
+          def inversed_from_queries(record)
+            if Bullet.start? && inversable?(record)
+              Bullet::Detector::NPlusOneQuery.add_inversed_object(owner, reflection.name)
+            end
+            super
+          end
         end
       )
 
@@ -180,14 +187,16 @@ module Bullet
 
             if Bullet.start?
               if is_a? ::ActiveRecord::Associations::ThroughAssociation
-                Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
                 association = owner.association(reflection.through_reflection.name)
-                Array(association.target).each do |through_record|
-                  Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
-                end
+                if association.loaded?
+                  Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
+                  Array.wrap(association.target).each do |through_record|
+                    Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
+                  end
 
-                if reflection.through_reflection != through_reflection
-                  Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  if reflection.through_reflection != through_reflection
+                    Bullet::Detector::NPlusOneQuery.call_association(owner, through_reflection.name)
+                  end
                 end
               end
               Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.name)
@@ -229,7 +238,7 @@ module Bullet
                 if is_a? ::ActiveRecord::Associations::ThroughAssociation
                   Bullet::Detector::NPlusOneQuery.call_association(owner, reflection.through_reflection.name)
                   association = owner.association(reflection.through_reflection.name)
-                  Array(association.target).each do |through_record|
+                  Array.wrap(association.target).each do |through_record|
                     Bullet::Detector::NPlusOneQuery.call_association(through_record, source_reflection.name)
                   end
 

data/lib/bullet/detector/association.rb

@@ -13,6 +13,7 @@ module Bullet
             'Detector::Association#add_object_associations',
             "object: #{object.bullet_key}, associations: #{associations}"
           )
+          call_stacks.add(object.bullet_key)
           object_associations.add(object.bullet_key, associations)
         end
 
@@ -25,6 +26,7 @@ module Bullet
             'Detector::Association#add_call_object_associations',
             "object: #{object.bullet_key}, associations: #{associations}"
           )
+          call_stacks.add(object.bullet_key)
           call_object_associations.add(object.bullet_key, associations)
         end
 
@@ -76,6 +78,12 @@ module Bullet
         def eager_loadings
           Thread.current[:bullet_eager_loadings]
         end
+
+        # cal_stacks keeps stacktraces where querie-objects were called from.
+        # e.g. { 'Object:111' => [SomeProject/app/controllers/...] }
+        def call_stacks
+          Thread.current[:bullet_call_stacks]
+        end
       end
     end
   end

data/lib/bullet/detector/counter_cache.rb

@@ -20,7 +20,7 @@ module Bullet
           return unless Bullet.start?
           return unless Bullet.counter_cache_enable?
 
-          objects = Array(object_or_objects)
+          objects = Array.wrap(object_or_objects)
           return if objects.map(&:bullet_primary_key_value).compact.empty?
 
           Bullet.debug(
@@ -54,7 +54,7 @@ module Bullet
         private
 
         def create_notification(klazz, associations)
-          notify_associations = Array(associations) - Bullet.get_safelist_associations(:counter_cache, klazz)
+          notify_associations = Array.wrap(associations) - Bullet.get_safelist_associations(:counter_cache, klazz)
 
           if notify_associations.present?
             notice = Bullet::Notification::CounterCache.new klazz, notify_associations

data/lib/bullet/detector/n_plus_one_query.rb

@@ -7,7 +7,7 @@ module Bullet
       extend StackTraceFilter
 
       class << self
-        # executed when object.assocations is called.
+        # executed when object.associations is called.
         # first, it keeps this method call for object.association.
         # then, it checks if this associations call is unpreload.
         #   if it is, keeps this unpreload associations and caller.
@@ -25,7 +25,7 @@ module Bullet
           )
           if !excluded_stacktrace_path? && conditions_met?(object, associations)
             Bullet.debug('detect n + 1 query', "object: #{object.bullet_key}, associations: #{associations}")
-            create_notification caller_in_project, object.class.to_s, associations
+            create_notification caller_in_project(object.bullet_key), object.class.to_s, associations
           end
         end
 
@@ -33,15 +33,26 @@ module Bullet
           return unless Bullet.start?
           return unless Bullet.n_plus_one_query_enable?
 
-          objects = Array(object_or_objects)
-          return if objects.map(&:bullet_primary_key_value).compact.empty?
-          return if objects.all? { |obj| obj.class.name =~ /^HABTM_/ }
-
-          Bullet.debug(
-            'Detector::NPlusOneQuery#add_possible_objects',
-            "objects: #{objects.map(&:bullet_key).join(', ')}"
-          )
-          objects.each { |object| possible_objects.add object.bullet_key }
+          objects = Array.wrap(object_or_objects)
+          class_names_match_regex = true
+          primary_key_values_are_empty = true
+          keys_joined = ""
+          objects.each do |obj|
+            unless obj.class.name =~ /^HABTM_/
+              class_names_match_regex = false
+            end
+            unless obj.bullet_primary_key_value.nil?
+              primary_key_values_are_empty = false
+            end
+            keys_joined += "#{(keys_joined.empty?? '' : ', ')}#{obj.bullet_key}"
+          end
+          unless class_names_match_regex || primary_key_values_are_empty
+            Bullet.debug(
+              'Detector::NPlusOneQuery#add_possible_objects',
+              "objects: #{keys_joined}"
+            )
+            objects.each { |object| possible_objects.add object.bullet_key }
+          end
         end
 
         def add_impossible_object(object)
@@ -95,7 +106,7 @@ module Bullet
         private
 
         def create_notification(callers, klazz, associations)
-          notify_associations = Array(associations) - Bullet.get_safelist_associations(:n_plus_one_query, klazz)
+          notify_associations = Array.wrap(associations) - Bullet.get_safelist_associations(:n_plus_one_query, klazz)
 
           if notify_associations.present?
             notice = Bullet::Notification::NPlusOneQuery.new(callers, klazz, notify_associations)

data/lib/bullet/detector/unused_eager_loading.rb

@@ -10,7 +10,7 @@ module Bullet
         # check if there are unused preload associations.
         #   get related_objects from eager_loadings associated with object and associations
         #   get call_object_association from associations of call_object_associations whose object is in related_objects
-        #   if association not in call_object_association, then the object => association - call_object_association is ununsed preload assocations
+        #   if association not in call_object_association, then the object => association - call_object_association is ununsed preload associations
         def check_unused_preload_associations
           return unless Bullet.start?
           return unless Bullet.unused_eager_loading_enable?
@@ -20,7 +20,7 @@ module Bullet
             next if object_association_diff.empty?
 
             Bullet.debug('detect unused preload', "object: #{bullet_key}, associations: #{object_association_diff}")
-            create_notification(caller_in_project, bullet_key.bullet_class_name, object_association_diff)
+            create_notification(caller_in_project(bullet_key), bullet_key.bullet_class_name, object_association_diff)
           end
         end
 
@@ -65,7 +65,7 @@ module Bullet
         private
 
         def create_notification(callers, klazz, associations)
-          notify_associations = Array(associations) - Bullet.get_safelist_associations(:unused_eager_loading, klazz)
+          notify_associations = Array.wrap(associations) - Bullet.get_safelist_associations(:unused_eager_loading, klazz)
 
           if notify_associations.present?
             notice = Bullet::Notification::UnusedEagerLoading.new(callers, klazz, notify_associations)

data/lib/bullet/mongoid7x.rb

@@ -4,22 +4,20 @@ module Bullet
   module Mongoid
     def self.enable
       require 'mongoid'
+      require 'rubygems'
       ::Mongoid::Contextual::Mongo.class_eval do
         alias_method :origin_first, :first
         alias_method :origin_last, :last
         alias_method :origin_each, :each
         alias_method :origin_eager_load, :eager_load
 
-        def first(opts = {})
-          result = origin_first(opts)
-          Bullet::Detector::NPlusOneQuery.add_impossible_object(result) if result
-          result
-        end
-
-        def last(opts = {})
-          result = origin_last(opts)
-          Bullet::Detector::NPlusOneQuery.add_impossible_object(result) if result
-          result
+        %i[first last].each do |context|
+          default = Gem::Version.new(::Mongoid::VERSION) >= Gem::Version.new('7.5') ? nil : {}
+          define_method(context) do |opts = default|
+            result = send(:"origin_#{context}", opts)
+            Bullet::Detector::NPlusOneQuery.add_impossible_object(result) if result
+            result
+          end
         end
 
         def each(&block)

data/lib/bullet/rack.rb

@@ -4,6 +4,8 @@ module Bullet
   class Rack
     include Dependency
 
+    NONCE_MATCHER = /script-src .*'nonce-(?<nonce>[A-Za-z0-9+\/]+={0,2})'/
+
     def initialize(app)
       @app = app
     end
@@ -20,11 +22,15 @@ module Bullet
         if Bullet.inject_into_page? && !file?(headers) && !sse?(headers) && !empty?(response) && status == 200
           if html_request?(headers, response)
             response_body = response_body(response)
-            response_body = append_to_html_body(response_body, footer_note) if Bullet.add_footer
-            response_body = append_to_html_body(response_body, Bullet.gather_inline_notifications)
-            if Bullet.add_footer && !Bullet.skip_http_headers
-              response_body = append_to_html_body(response_body, xhr_script)
+
+            with_security_policy_nonce(headers) do |nonce|
+              response_body = append_to_html_body(response_body, footer_note) if Bullet.add_footer
+              response_body = append_to_html_body(response_body, Bullet.gather_inline_notifications)
+              if Bullet.add_footer && !Bullet.skip_http_headers
+                response_body = append_to_html_body(response_body, xhr_script(nonce))
+              end
             end
+
             headers['Content-Length'] = response_body.bytesize.to_s
           elsif !Bullet.skip_http_headers
             set_header(headers, 'X-bullet-footer-text', Bullet.footer_info.uniq) if Bullet.add_footer
@@ -118,8 +124,34 @@ module Bullet
     end
 
     # Make footer work for XHR requests by appending data to the footer
-    def xhr_script
-      "<script type='text/javascript'>#{File.read("#{__dir__}/bullet_xhr.js")}</script>"
+    def xhr_script(nonce = nil)
+      script = File.read("#{__dir__}/bullet_xhr.js")
+
+      if nonce
+        "<script type='text/javascript' nonce='#{nonce}'>#{script}</script>"
+      else
+        "<script type='text/javascript'>#{script}</script>"
+      end
+    end
+
+    def with_security_policy_nonce(headers)
+      matched = (headers['Content-Security-Policy'] || '').match(NONCE_MATCHER)
+      nonce = matched[:nonce] if matched
+
+      if nonce
+        console_enabled = UniformNotifier.console
+        alert_enabled = UniformNotifier.alert
+
+        UniformNotifier.console = { attributes: { nonce: nonce } } if console_enabled
+        UniformNotifier.alert = { attributes: { nonce: nonce } } if alert_enabled
+
+        yield nonce
+
+        UniformNotifier.console = console_enabled
+        UniformNotifier.alert = alert_enabled
+      else
+        yield
+      end
     end
   end
 end

data/lib/bullet/registry/call_stack.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Bullet
+  module Registry
+    class CallStack < Base
+      # remembers found association backtrace
+      def add(key)
+        @registry[key] = Thread.current.backtrace
+      end
+    end
+  end
+end

data/lib/bullet/registry.rb

@@ -5,5 +5,6 @@ module Bullet
     autoload :Base, 'bullet/registry/base'
     autoload :Object, 'bullet/registry/object'
     autoload :Association, 'bullet/registry/association'
+    autoload :CallStack, 'bullet/registry/call_stack'
   end
 end

data/lib/bullet/stack_trace_filter.rb

@@ -6,10 +6,11 @@ module Bullet
     VENDOR_PATH = '/vendor'
     IS_RUBY_19 = Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.0.0')
 
-    def caller_in_project
+    # @param bullet_key[String] - use this to get stored call stack from call_stacks object.
+    def caller_in_project(bullet_key = nil)
       vendor_root = Bullet.app_root + VENDOR_PATH
       bundler_path = Bundler.bundle_path.to_s
-      select_caller_locations do |location|
+      select_caller_locations(bullet_key) do |location|
         caller_path = location_as_path(location)
         caller_path.include?(Bullet.app_root) && !caller_path.include?(vendor_root) &&
           !caller_path.include?(bundler_path) || Bullet.stacktrace_includes.any? { |include_pattern|
@@ -50,15 +51,16 @@ module Bullet
     end
 
     def location_as_path(location)
+      return location if location.is_a?(String)
+
       IS_RUBY_19 ? location : location.absolute_path.to_s
     end
 
-    def select_caller_locations
-      if IS_RUBY_19
-        caller.select { |caller_path| yield caller_path }
-      else
-        caller_locations.select { |location| yield location }
-      end
+    def select_caller_locations(bullet_key = nil)
+      return caller.select { |caller_path| yield caller_path } if IS_RUBY_19
+
+      call_stack = bullet_key ? call_stacks[bullet_key] : caller_locations
+      call_stack.select { |location| yield location }
     end
   end
 end

data/lib/bullet/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bullet
-  VERSION = '7.0.2'
+  VERSION = '7.0.7'
 end

data/lib/bullet.rb

@@ -23,7 +23,11 @@ module Bullet
   if defined?(Rails::Railtie)
     class BulletRailtie < Rails::Railtie
       initializer 'bullet.configure_rails_initialization' do |app|
-        app.middleware.use Bullet::Rack
+        if defined?(ActionDispatch::ContentSecurityPolicy::Middleware) && Rails.application.config.content_security_policy
+          app.middleware.insert_before ActionDispatch::ContentSecurityPolicy::Middleware, Bullet::Rack
+        else
+          app.middleware.use Bullet::Rack
+        end
       end
     end
   end
@@ -109,7 +113,7 @@ module Bullet
     end
 
     def get_safelist_associations(type, class_name)
-      Array(@safelist[type][class_name])
+      Array.wrap(@safelist[type][class_name])
     end
 
     def reset_safelist
@@ -144,6 +148,7 @@ module Bullet
       Thread.current[:bullet_impossible_objects] = Bullet::Registry::Object.new
       Thread.current[:bullet_inversed_objects] = Bullet::Registry::Base.new
       Thread.current[:bullet_eager_loadings] = Bullet::Registry::Association.new
+      Thread.current[:bullet_call_stacks] = Bullet::Registry::CallStack.new
 
       Thread.current[:bullet_counter_possible_objects] ||= Bullet::Registry::Object.new
       Thread.current[:bullet_counter_impossible_objects] ||= Bullet::Registry::Object.new

data/spec/bullet/detector/n_plus_one_query_spec.rb

@@ -39,7 +39,7 @@ module Bullet
 
         it 'should be false if object, association pair is not existed' do
           NPlusOneQuery.add_object_associations(@post, :association1)
-          expect(NPlusOneQuery.association?(@post, :associatio2)).to eq false
+          expect(NPlusOneQuery.association?(@post, :association2)).to eq false
         end
       end
 
@@ -127,38 +127,6 @@ module Bullet
         end
       end
 
-      context '.caller_in_project' do
-        it 'should include only paths that are in the project' do
-          in_project = OpenStruct.new(absolute_path: File.join(Dir.pwd, 'abc', 'abc.rb'))
-          not_in_project = OpenStruct.new(absolute_path: '/def/def.rb')
-
-          expect(NPlusOneQuery).to receive(:caller_locations).and_return([in_project, not_in_project])
-          expect(NPlusOneQuery).to receive(:conditions_met?).with(@post, :association).and_return(true)
-          expect(NPlusOneQuery).to receive(:create_notification).with([in_project], 'Post', :association)
-          NPlusOneQuery.call_association(@post, :association)
-        end
-
-        context 'stacktrace_includes' do
-          before { Bullet.stacktrace_includes = ['def', /xyz/] }
-          after { Bullet.stacktrace_includes = nil }
-
-          it 'should include paths that are in the stacktrace_include list' do
-            in_project = OpenStruct.new(absolute_path: File.join(Dir.pwd, 'abc', 'abc.rb'))
-            included_gems = [OpenStruct.new(absolute_path: '/def/def.rb'), OpenStruct.new(absolute_path: 'xyz/xyz.rb')]
-            excluded_gem = OpenStruct.new(absolute_path: '/ghi/ghi.rb')
-
-            expect(NPlusOneQuery).to receive(:caller_locations).and_return([in_project, *included_gems, excluded_gem])
-            expect(NPlusOneQuery).to receive(:conditions_met?).with(@post, :association).and_return(true)
-            expect(NPlusOneQuery).to receive(:create_notification).with(
-              [in_project, *included_gems],
-              'Post',
-              :association
-            )
-            NPlusOneQuery.call_association(@post, :association)
-          end
-        end
-      end
-
       context '.add_possible_objects' do
         it 'should add possible objects' do
           NPlusOneQuery.add_possible_objects([@post, @post2])

data/spec/bullet/detector/unused_eager_loading_spec.rb

@@ -65,6 +65,11 @@ module Bullet
           expect(UnusedEagerLoading).not_to receive(:create_notification).with('Post', [:association])
           UnusedEagerLoading.check_unused_preload_associations
         end
+
+        it 'should create call stack for notification' do
+          UnusedEagerLoading.add_object_associations(@post, :association)
+          expect(UnusedEagerLoading.send(:call_stacks).registry).not_to be_empty
+        end
       end
 
       context '.add_eager_loadings' do

data/spec/bullet/rack_spec.rb

@@ -50,7 +50,7 @@ module Bullet
       end
 
       it 'should be true if no response body' do
-        response = double()
+        response = double
         expect(middleware).to be_empty(response)
       end
     end
@@ -129,6 +129,23 @@ module Bullet
             expect(response).to eq(%w[<html><head></head><body><bullet></bullet></body></html>])
           end
 
+          it 'should include CSP nonce in inline script if console_enabled and a CSP is applied' do
+            allow(Bullet).to receive(:add_footer).at_least(:once).and_return(true)
+            expect(Bullet).to receive(:console_enabled?).and_return(true)
+            allow(middleware).to receive(:xhr_script).and_call_original
+
+            nonce = '+t9/wTlgG6xbHxXYUaDNzQ=='
+            app.headers = {
+              'Content-Type' => 'text/html',
+              'Content-Security-Policy' => "default-src 'self' https:; script-src 'self' https: 'nonce-#{nonce}'"
+            }
+
+            _, headers, response = middleware.call('Content-Type' => 'text/html')
+
+            size = 56 + middleware.send(:footer_note).length + middleware.send(:xhr_script, nonce).length
+            expect(headers['Content-Length']).to eq(size.to_s)
+          end
+
           it 'should change response body for html safe string if console_enabled is true' do
             expect(Bullet).to receive(:console_enabled?).and_return(true)
             app.response =

data/spec/bullet/stack_trace_filter_spec.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+module Bullet
+  RSpec.describe StackTraceFilter do
+    let(:dummy_class) { Class.new { extend StackTraceFilter } }
+    let(:root_path) { Dir.pwd }
+    let(:bundler_path) { Bundler.bundle_path }
+
+    describe '#caller_in_project' do
+      it 'gets the caller in the project' do
+        expect(dummy_class).to receive(:call_stacks).and_return({
+          'Post:1' => [
+            File.join(root_path, 'lib/bullet.rb'),
+            File.join(root_path, 'vendor/uniform_notifier.rb'),
+            File.join(bundler_path, 'rack.rb')
+          ]
+        })
+        expect(dummy_class.caller_in_project('Post:1')).to eq([
+          File.join(root_path, 'lib/bullet.rb')
+        ])
+      end
+    end
+  end
+end

data/spec/integration/active_record/association_spec.rb

@@ -58,6 +58,19 @@ if active_record?
         expect(Bullet::Detector::Association).to be_completely_preloading_associations
       end
 
+      it 'should detect non preload comment => post with inverse_of from a query' do
+        Post.first.comments.find_each do |comment|
+          comment.name
+          comment.post.name
+        end
+
+        Bullet::Detector::UnusedEagerLoading.check_unused_preload_associations
+        expect(Post.first.comments.count).not_to eq(0)
+        expect(Bullet::Detector::Association).not_to be_has_unused_preload_associations
+
+        expect(Bullet::Detector::Association).to be_completely_preloading_associations
+      end
+
       it 'should detect non preload post => comments with empty?' do
         Post.all.each { |post| post.comments.empty? }
         Bullet::Detector::UnusedEagerLoading.check_unused_preload_associations
@@ -474,7 +487,15 @@ if active_record?
       end
 
       it 'should detect preload associations' do
-        Firm.includes(:clients).each { |firm| firm.clients.map(&:name) }
+        Firm.preload(:clients).each { |firm| firm.clients.map(&:name) }
+        Bullet::Detector::UnusedEagerLoading.check_unused_preload_associations
+        expect(Bullet::Detector::Association).not_to be_has_unused_preload_associations
+
+        expect(Bullet::Detector::Association).to be_completely_preloading_associations
+      end
+
+      it 'should detect eager load association' do
+        Firm.eager_load(:clients).each { |firm| firm.clients.map(&:name) }
         Bullet::Detector::UnusedEagerLoading.check_unused_preload_associations
         expect(Bullet::Detector::Association).not_to be_has_unused_preload_associations
 
@@ -508,7 +529,15 @@ if active_record?
       end
 
       it 'should detect preload associations' do
-        Firm.includes(:groups).each { |firm| firm.groups.map(&:name) }
+        Firm.preload(:groups).each { |firm| firm.groups.map(&:name) }
+        Bullet::Detector::UnusedEagerLoading.check_unused_preload_associations
+        expect(Bullet::Detector::Association).not_to be_has_unused_preload_associations
+
+        expect(Bullet::Detector::Association).to be_completely_preloading_associations
+      end
+
+      it 'should detect eager load associations' do
+        Firm.eager_load(:groups).each { |firm| firm.groups.map(&:name) }
         Bullet::Detector::UnusedEagerLoading.check_unused_preload_associations
         expect(Bullet::Detector::Association).not_to be_has_unused_preload_associations
 

data/spec/support/sqlite_seed.rb

@@ -92,7 +92,7 @@ module Support
       page3 = Page.create(name: 'page3', parent_id: folder2.id, author_id: author2.id)
       page4 = Page.create(name: 'page4', parent_id: folder2.id, author_id: author2.id)
 
-      role1 = Role.create(name: 'Amdin')
+      role1 = Role.create(name: 'Admin')
       role2 = Role.create(name: 'User')
 
       user1 = User.create(name: 'user1', category: category1)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bullet
 version: !ruby/object:Gem::Version
-  version: 7.0.2
+  version: 7.0.7
 platform: ruby
 authors:
 - Richard Huang
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-31 00:00:00.000000000 Z
+date: 2023-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -104,6 +104,7 @@ files:
 - lib/bullet/registry.rb
 - lib/bullet/registry/association.rb
 - lib/bullet/registry/base.rb
+- lib/bullet/registry/call_stack.rb
 - lib/bullet/registry/object.rb
 - lib/bullet/stack_trace_filter.rb
 - lib/bullet/version.rb
@@ -126,6 +127,7 @@ files:
 - spec/bullet/registry/association_spec.rb
 - spec/bullet/registry/base_spec.rb
 - spec/bullet/registry/object_spec.rb
+- spec/bullet/stack_trace_filter_spec.rb
 - spec/bullet_spec.rb
 - spec/integration/active_record/association_spec.rb
 - spec/integration/counter_cache_spec.rb
@@ -195,7 +197,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
 summary: help to kill N+1 queries and unused eager loading.
@@ -216,6 +218,7 @@ test_files:
 - spec/bullet/registry/association_spec.rb
 - spec/bullet/registry/base_spec.rb
 - spec/bullet/registry/object_spec.rb
+- spec/bullet/stack_trace_filter_spec.rb
 - spec/bullet_spec.rb
 - spec/integration/active_record/association_spec.rb
 - spec/integration/counter_cache_spec.rb