lint_fu 0.5.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Tony Spataro
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,20 @@
+= LintFu
+
+Lint-Fu uses some very basic static analysis tricks to find bugs in your Rails
+app. It produces a report (HTML format by default) explaining what it found.
+
+Although Lint-Fu was built for Rails applications, it is modular and extensible
+and rules can be developed for any framework or toolkit, or even for Ruby code
+in general.
+
+Lint-Fu's capabilities are limited to semantic and structural analysis of the
+code; it does model data or control flow. This means it spots a *very small*
+subset of all potential bugs that it knows how to look for. Furthermore, it
+will sometimes report false positives.
+
+= Example
+
+$ rake lint
+
+
+Copyright (c) 2009 Tony Spataro, released under the MIT license

data/bin/lint_fu

@@ -0,0 +1,92 @@
+#!/usr/bin/env ruby
+
+basedir = File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(basedir) unless $LOAD_PATH.include?(basedir)
+
+require 'lint_fu'
+
+def timed(activity)
+  print activity, '...'
+  STDOUT.flush
+  t0 = Time.now.to_i
+  yield
+  t1 = Time.now.to_i
+  dt = t1-t0
+  if dt > 0
+    puts "done (#{t1-t0} sec)"
+    STDOUT.flush
+  else
+    puts "done"
+    STDOUT.flush
+  end
+rescue Exception => e
+  puts 'error!' #ensure we print a newline
+  raise e
+end
+
+app_root = File.expand_path('.')
+
+#Only define the Rake tasks if the plugin loaded successfully
+@scm    = LintFu::SourceControlProvider.for_directory(app_root)
+
+#Build a model of the application we are scanning.
+timed("Build a model of the application") do
+  builder = LintFu::Rails::ModelApplicationBuilder.new(app_root)
+  @application = builder.model_elements[0]
+  raise LintFu::ProviderError.new("Unable to identify the source control provider for #{app_root}") unless @scm
+end
+
+#Using the model we built, scan the controllers for security bugs.
+timed("Scan the application") do
+  builder = LintFu::Rails::ScanBuilder.new(app_root)
+  @scan = builder.scan(@application)
+end
+
+@genuine_issues = @scan.issues.select { |i| !@scan.blessed?(i) }
+if @genuine_issues.empty?
+  puts "Clean scan: no issues found. Skipping report."
+  exit(0)
+end
+
+#CruiseControl.rb integration: write our report to the CC build artifacts folder
+output_dir = ENV['CC_BUILD_ARTIFACTS'] || app_root
+mkdir_p output_dir unless File.directory?(output_dir)
+
+flavor   = ENV['FORMAT'] || 'html'
+typename = "#{flavor}_report".camelize
+
+#Use a filename (or STDOUT) for our report that corresponds to its format
+case flavor
+  when 'html'
+    output_name = File.join(output_dir, 'lint.html')
+    output      = File.open(output_name, 'w')
+  when 'text'
+    output = STDOUT
+  else
+    puts "Unrecognized output format #{flavor} (undefined type #{typename})"
+    exit -1
+end
+
+klass    = LintFu.const_get(typename.to_sym)
+
+timed("Generate report") do
+  klass.new(@scan, @scm, @genuine_issues).generate(output)
+  output.close
+end
+
+#Support automation jobs that need to distinguish between failure due to
+#broken environment and failure to due issues that were genuinely found by
+#the lint task.
+if ENV['STATUS_IF_ISSUES']
+  if(@genuine_issues.size > 0)
+    retval = ENV['STATUS_IF_ISSUES'].to_i
+  else
+    retval = 0
+  end
+else
+  retval = [@genuine_issues.size, 255].min
+end
+
+system("open #{output_name}") if (output != STDOUT && STDOUT.tty?)
+
+exit( retval )

data/lib/lint_fu/action_pack/model_controller.rb

@@ -0,0 +1,7 @@
+module LintFu
+  module ActionPack
+    class ModelController
+      include LintFu::ModelElement
+    end
+  end
+end

data/lib/lint_fu/action_pack/model_controller_builder.rb

@@ -0,0 +1,26 @@
+module LintFu
+  module ActionPack
+    class ModelControllerBuilder < ModelElementBuilder
+      SIGNATURE_SEXP = s(:colon2, s(:const, :ActionController), :Base)
+
+      #sexp:: [:class, <classname>, <superclass|nil>, <CLASS DEFS>]
+      def process_class(sexp)
+        return super(sexp) unless sexp[2] && sexp[2] == SIGNATURE_SEXP
+        
+        unless @current_model_element
+          @current_model_element = ModelController.new(sexp, self.namespace)
+          did_element = true
+        end
+
+        ret = super(sexp)
+
+        if did_element
+          self.model_elements.push @current_model_element
+          @current_model_element = nil
+        end
+
+        return ret
+      end
+    end
+  end
+end

data/lib/lint_fu/action_pack.rb

@@ -0,0 +1,2 @@
+require 'lint_fu/action_pack/model_controller'
+require 'lint_fu/action_pack/model_controller_builder'

data/lib/lint_fu/active_record/model_model.rb

@@ -0,0 +1,21 @@
+module LintFu
+  module ActiveRecord
+    class ModelModel
+      include LintFu::ModelElement
+      
+      attr_reader :associations
+      attr_reader :named_scopes
+      attr_writer :paranoid
+      
+      def initialize(sexp, namespace=nil)
+        super(sexp, namespace)
+        @associations = {}
+        @named_scopes = {}
+      end
+
+      def paranoid?
+        !!@paranoid
+      end
+    end
+  end
+end

data/lib/lint_fu/active_record/model_model_builder.rb

@@ -0,0 +1,72 @@
+module LintFu
+  module ActiveRecord
+    class ModelModelBuilder < ModelElementBuilder
+      SIGNATURE_SEXP = s(:colon2, s(:const, :ActiveRecord), :Base)      
+
+      SINGULAR_ASSOCS = Set.new([:belongs_to, :has_one])
+      PLURAL_ASSOCS   = Set.new([:has_many, :has_and_belongs_to_many])
+      ASSOCS          = SINGULAR_ASSOCS + PLURAL_ASSOCS
+
+      #sexp:: [:class, <classname>, <superclass|nil>, <CLASS DEFS>]
+      def process_class(sexp)
+        return super(sexp) unless sexp[2] && sexp[2] == SIGNATURE_SEXP
+
+        unless @current_model_element
+          @current_model_element = ModelModel.new(sexp, self.namespace)
+          did_element = true
+        end
+
+        ret = super(sexp)
+
+        if did_element
+          self.model_elements.push @current_model_element
+          @current_model_element = nil
+        end
+
+        return ret
+      end
+
+      #s(:call, nil, :belongs_to, s(:arglist, s(:lit, :relation_name)))
+      def process_call(sexp)
+        return sexp unless @current_model_element
+
+        callee, method, arglist = sexp[1], sexp[2], sexp[3]
+        arglist = nil unless arglist[0] == :arglist
+        discover_associations(callee, method, arglist)
+        discover_named_scopes(callee, method, arglist)
+        discover_paranoia(callee, method, arglist)
+        return sexp
+      end
+
+      private
+      def discover_associations(callee, method, arglist)
+        #Is the call declaring an ActiveRecord association?
+        if (callee == nil) && ASSOCS.include?(method) && arglist
+          assoc_name = arglist[1].to_ruby
+
+          # TODO grok :class_name option
+          if SINGULAR_ASSOCS.include?(method)
+            assoc_class_name = assoc_name.to_s.camelize
+          else
+            assoc_class_name = assoc_name.to_s.singularize.camelize
+          end
+
+          @current_model_element.associations[assoc_name] = assoc_class_name
+        end        
+      end
+
+      def discover_named_scopes(callee, method, arglist)
+        #Is the call declaring a named scope?
+        if (callee == nil && method == :named_scope) && arglist
+          scope_name = arglist[1].to_ruby
+          scope_args = arglist[2..-1].to_ruby(:partial=>nil)
+          @current_model_element.named_scopes[scope_name] = scope_args
+        end
+      end
+
+      def discover_paranoia(callee, method, arglist)
+        @current_model_element.paranoid = true if (method == :acts_as_paranoid)
+      end
+    end
+  end
+end

data/lib/lint_fu/active_record.rb

@@ -0,0 +1,2 @@
+require 'lint_fu/active_record/model_model'
+require 'lint_fu/active_record/model_model_builder'

data/lib/lint_fu/checker.rb

@@ -0,0 +1,11 @@
+module LintFu
+  class Checker
+    attr_reader :scan, :context, :file
+
+    def initialize(scan, context, file=nil)
+      @scan           = scan
+      @context = context
+      @file           = file
+    end
+  end
+end

data/lib/lint_fu/issue.rb

@@ -0,0 +1,45 @@
+module LintFu
+  class Issue
+    attr_reader :file, :sexp, :confidence
+    
+    def initialize(scan, file, sexp, confidence=1.0)
+      @scan = scan
+      @file = file
+      @sexp = sexp.deep_clone
+      self.confidence = confidence
+    end
+
+    def line
+      @sexp.line
+    end
+
+    def relative_file
+      File.relative_path(@scan.fs_root, file)
+    end
+
+    def brief
+      self.class.name.split('::')[-1].underscore.gsub('_', ' ').titleize
+    end
+
+    def detail
+      "There is an issue at #{file_basename}:#{line}."
+    end
+
+    def reference_info
+      "No reference information is available for #{brief}."
+    end
+
+    def file_basename
+      File.basename(file)
+    end
+
+    def issue_hash()
+      Digest::SHA1.hexdigest("#{self.class.name} - #{self.relative_file} - #{sexp.fingerprint}")
+    end
+
+    def confidence=(confidence)
+      raise ArgumentError, "Confidence must be a real number in the range (0..1)" unless (0..1).include?(confidence)
+      @confidence = confidence
+    end
+  end
+end

data/lib/lint_fu/mixins/file_class_methods.rb

@@ -0,0 +1,16 @@
+module LintFu
+  module Mixins
+    module FileClassMethods
+      def relative_path(base, path)
+        base = File.expand_path(base)
+        path = File.expand_path(path)
+        raise Errno::ENOENT unless path.index(base) == 0
+        return path[base.length+1..-1]
+      end
+    end
+  end
+end
+
+class <<File
+  include LintFu::Mixins::FileClassMethods
+end

data/lib/lint_fu/mixins/sexp_instance_methods.rb

@@ -0,0 +1,111 @@
+module LintFu
+  module Mixins
+    module SexpInstanceMethods
+      def deep_clone
+        Marshal.load(Marshal.dump(self))
+      end
+
+      #Return a version of this Sexp that preserves the structure of the original, but with
+      #any specific names, quantities or other values replaced with nil. The fingerprint of
+      #a given chunk of code will tend to remain the same over time, even if variable names
+      #or other inconsequential details are changed.
+      #TODO actually implement this method
+      def fingerprint
+        self
+      end
+
+      #Generate a human-readable description for this sexp that is similar to source code.
+      def to_ruby_string
+        Ruby2Ruby.new.process(self.deep_clone)
+      end
+
+      # Translate a sexp containing a Ruby data literal (string, int, array, hash, etc) into the equivalent Ruby object.
+      def to_ruby(options={})
+        typ = self[0]
+
+        case typ
+          when :true
+            return true
+          when :false
+            return false
+          when :lit, :str
+            return self[1]
+          when :array, :arglist
+            return self[1..-1].collect { |x| x.to_ruby(options) }
+          when :hash
+            result = {}
+            key, value = nil, nil
+            flipflop = false
+            self[1..-1].each do |token|
+              if flipflop
+                value = token
+                result[key.to_ruby(options)] = value.to_ruby(options)
+              else
+                key = token
+              end
+              flipflop = !flipflop
+            end
+            return result
+          else
+            return options[:partial] if options.has_key?(:partial)
+            raise StandardError.new("Cannot convert Sexp to Ruby object: " + self.to_s)
+        end
+      end
+
+      def constant?
+        typ = self[0]
+
+        case typ
+          when :true, :false, :lit, :str
+            return true
+          when :array, :arglist
+            self[1..-1].each { |sexp| return false unless sexp.constant? }
+            return true
+          when :hash
+            result = {}
+            key, value = nil, nil
+            flipflop = false
+            self[1..-1].each do |token|
+              if flipflop
+                value = token
+                return false unless key.constant? && value.constant?
+              else
+                key = token
+              end
+              flipflop = !flipflop
+            end
+            return true
+          else
+            return false
+        end
+      end
+
+      def find_recursively(&test)
+        return self if test.call(self)
+
+        self.each do |child|
+          found = child.find_recursively(&test) if (Sexp === child)
+          return found if found
+        end
+
+        return nil
+      end
+
+      def find_all_recursively(results=nil, &test)
+        results ||= []
+        results << self if test.call(self)
+
+        self.each do |child|
+          child.find_all_recursively(results, &test) if (Sexp === child)
+        end
+
+        return nil if results.empty?
+        return results
+      end
+    end
+  end
+end
+
+Sexp.instance_eval do
+  include LintFu::Mixins::SexpInstanceMethods
+end

data/lib/lint_fu/mixins/symbol_instance_methods.rb

@@ -0,0 +1,13 @@
+module LintFu
+  module Mixins
+    module SymbolInstanceMethods
+      def to_ruby_string
+        self.to_s
+      end
+    end
+  end
+end
+
+Symbol.instance_eval do
+  include LintFu::Mixins::SymbolInstanceMethods
+end

data/lib/lint_fu/mixins.rb

@@ -0,0 +1,3 @@
+require 'lint_fu/mixins/file_class_methods'
+require 'lint_fu/mixins/sexp_instance_methods'
+require 'lint_fu/mixins/symbol_instance_methods'

data/lib/lint_fu/model_element.rb

@@ -0,0 +1,48 @@
+module LintFu
+  # An element of a static analysis model that contains, or consists of, submodels. For instance,
+  # an Application might consists of Models, Controllers and Views.
+  module SuperModel
+    def submodels
+      return [].freeze unless @submodels
+      @submodels.dup.freeze
+    end
+
+    def each_submodel(&block)
+      @submodels ||= Set.new()
+      @submodels.each(&block)
+    end
+
+    def add_submodel(sub)
+      @submodels ||= Set.new()
+      @submodels << sub
+    end
+
+    def remove_submodel(sub)
+      @submodels ||= Set.new()
+      @submodels.delete sub
+    end
+  end
+
+  # An element of the static analysis model being created; generally corresponds to a
+  # class (e.g. model, controller or view) within the application being scanned.
+  module ModelElement
+    attr_accessor :supermodel
+    attr_reader   :modeled_class_name, :modeled_class_superclass_name, :parse_tree
+
+    #sexp:: [:class, <classname>, <superclass|nil>, <CLASS DEFS>]
+    #namespace:: Array of enclosing module names for this class 
+    def initialize(sexp, namespace=nil)
+      @parse_tree = sexp
+      if namespace
+        @modeled_class_name = namespace.join('::') + (namespace.empty? ? '' : '::') + sexp[1].to_s
+      else
+        @modeled_class_name = sexp[1]
+      end
+    end
+
+    #Have a pretty string representation
+    def to_s
+      "<<model of #{modeled_class_name}>>"
+    end
+  end
+end

data/lib/lint_fu/model_element_builder.rb

@@ -0,0 +1,29 @@
+module LintFu
+  class ModelElementBuilder < SexpProcessor
+    attr_reader :model_elements, :namespace
+    
+    def initialize(namespace=nil)
+      super()
+      @model_elements = []
+      @namespace = namespace || []
+      self.require_empty   = false
+      self.auto_shift_type = false      
+    end
+
+    #sexp:: [:module, <modulename>, <:scope - MODULE DEFS>]
+    def process_module(sexp)
+      @namespace.push sexp[1]
+      process(sexp[2])
+      @namespace.pop
+      return sexp
+    end
+
+    #sexp:: [:class, <classname>, <superclass|nil>, <:scope - CLASS DEFS>]
+    def process_class(sexp)
+      @namespace.push sexp[1]
+      process(sexp[3])
+      @namespace.pop
+      return sexp
+    end
+  end
+end

data/lib/lint_fu/parser.rb

@@ -0,0 +1,14 @@
+module LintFu
+  module Parser
+    def self.parse_ruby(filename)
+      contents = File.read(filename)
+      sexp = RubyParser.new.parse(contents)
+      sexp.file = filename
+      return sexp
+    rescue SyntaxError => e
+      e2 = SyntaxError.new "In #{filename}: #{e.message}"
+      e2.set_backtrace(e.backtrace)
+      raise e2
+    end
+  end
+end

data/lib/lint_fu/rails/buggy_eager_load_checker.rb

@@ -0,0 +1,110 @@
+module LintFu
+  module Rails
+    class BuggyEagerLoad < Issue
+      def initialize(scan, file, sexp, subject)
+        super(scan, file, sexp)
+        @subject = subject
+      end
+
+      def detail
+        "Instances of the paranoid model <code>#{@subject}</code> are being eager-loaded. This may cause unexpected results."
+      end
+
+      def reference_info
+        return <<EOF
+h4. What is it?
+
+A buggy eager load happens when an ActiveRecord finder performs eager loading of a @:has_many@ association and the "target" of the association acts as paranoid.
+
+The acts_as_paranoid plugin does not correctly eager loads that use a @JOIN@ strategy. If a paranoid model is eager loaded in this way, _all_ models -- even deleted ones -- will be loaded.
+
+h4. When does it happen?
+
+A finder with any of the following properties will cause Rails to eager-load using @JOIN@
+
+* complex @:conditions@ option (containing SQL fragments, or referring to tables using strings)
+* complex @:order@
+* complex @:join@
+* complex @:include@
+* use of named scopes (which almost always add complex options to the query)
+
+If your find exhibits any of these properties and it @:include@s a paranoid model, then you have a problem.
+
+h4. How do I fix it?
+
+Avoid doing complex finds at the same time you @:include@ a paranoid model.
+
+EOF
+      end
+    end
+    
+    # Visit a Rails controller looking for troublesome stuff
+    class BuggyEagerLoadChecker < Checker
+      FINDER_REGEXP  = /^(find|first|all)(_or_initialize)?(_by_.*)?/
+
+      #sexp:: s(:call, <target>, <method_name>, s(:arglist))
+      def observe_call(sexp)
+        return unless finder?(sexp)
+        if finder?(sexp) && (si = spotty_includes(sexp[3]))
+          scan.issues << BuggyEagerLoad.new(scan, self.file, sexp, si.modeled_class_name)
+        end
+      end
+
+      protected
+
+      def finder?(sexp)
+        !!(sexp[2].to_s =~ FINDER_REGEXP)
+      end
+
+      def spotty_includes(sexp)
+        #transform the sexp (if it's an arglist) into a hash for easier scrutiny
+        arglist = ( sexp && (sexp[0] == :arglist) && sexp.to_ruby(:partial=>nil) )
+        #no dice unless we're looking at an arglist
+        return nil unless arglist
+
+        #no options hash in arglist? no problem!
+        return nil unless (options = arglist.last).is_a?(Hash)
+
+        does_eager_loading = options.has_key?(:include)
+        has_complexity_prone_params =
+                options.has_key?(:conditions) ||
+                options.has_key?(:order) ||
+                options.has_key?(:joins) || 
+                options.has_key?(:group)
+
+        #no eager loading, or no complexity-prone params? no problem!
+        return nil unless does_eager_loading && has_complexity_prone_params
+        
+        gather_includes(arglist.last[:include]).each do |inc|
+          plural     = inc.to_s
+          singular   = plural.singularize
+          class_name = singular.camelize
+          type = self.context.models.detect { |m| m.modeled_class_name == class_name }
+          # If we're eager loading a 1:1 association, don't bother to scream; it's likely
+          # that use the user would want to load the deleted thing anyway.
+          # TODO replace this clever hack, which infers a :has_many association using plurality
+          if !type || ( type.paranoid? && (plural != singular) )
+            return type
+          end
+        end
+
+        return nil
+      end
+
+      def gather_includes(data)
+        out = []
+        case data
+          when Array
+            data.each { |elem| out += gather_includes(elem) }
+          when Hash
+            data.keys.each { |elem| out += gather_includes(elem) }
+            data.values.each { |elem| out += gather_includes(elem) } 
+          when Symbol
+            out << data
+        end
+
+        return out
+      end
+    end
+  end
+end