platformos-check 0.4.7 → 0.4.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aebbd738b1045c874460b7f1de2cf2774297f36136fce816521dda29ce371652
-  data.tar.gz: c348e3afc68f2a664fe1ad313d41497ad7c977f8de72f3b82df9dda297926c38
+  metadata.gz: e41eee4e2aa717be9663df4efbc1acf79bc8b571784808b80177f9298fdad9e9
+  data.tar.gz: 6bed8f9e1e3e22dbd02cee00a15d5e9ce1787f7826ee09e3e461fcf0161c681d
 SHA512:
-  metadata.gz: 368d39315a05ab34eff3797012af56775ca9a5ff4d8209ed0c44aa2916f97fe5740afa859bbfbbdf34409aa40967efe4236b2394eafcdecfc313c97f62a4dba7
-  data.tar.gz: f912bda1de7e0be84e887ab2f19cde9072e03468ea52265f910e20ff5a7317b7f7f4e6fe83aef690350f21543ffbd495e01c72eddca5c393acfc5500055d6939
+  metadata.gz: 71a9feab2a3d5e31a2436652036bf1669c65424f24cfa550feedb49bd43e03264f2feb51b0367c84a79805c3cda0d24ed3ccccdd27d2b63a09dd15f3e26a94b4
+  data.tar.gz: 56961261716dae13fce53dadb2c6e03d8c3f268195748e81783cfe4dd7162c18ffb05063530975939ad2805f2a2e33d5d63aab1da51de65f3c98e17e1e2df2b4

data/CHANGELOG.md

@@ -1,4 +1,30 @@
-v0.4.7 / 2023-12-22
+v0.4.9 / 2024-01-10
+==================
+
+  * Skip FormAuthenticityToken check for GET forms
+  * Skip FormAuthenticityToken for action which is not relative path
+  * Fix FormAction to not report offenses on valid scenarios
+  * UnusedAssign will not automatically remove assign if it might change the business logic (which is a scenario when filters modifying objects are used)
+  * UnusedAssign will automatically rename result of background tag if variable not used
+  * Fix reporting UndefinedObject's missing argument offenses when the same partial is used multiple times (previously offenses where displayed only for the last render)
+  * Add autocorrector for UndefinedObject's missing argument error (explicitly provide null)
+  * Add autocorrector for ImgLazyLoading
+  * ConvertIncludeToRender will not report offense as autocorrect
+  * Improve inline GraphQL syntax check to raise error if result variable not provided
+  * Add autocorrector for UndefinedObject (Unused Argument offense) (FIXME: for N unused arguments in the same line it needs to be invoked N times)
+  * Add autocorrector for InvalidArgs - remove duplicates arguments
+  * Do not report ConvertIncludeToRender offenses for valid use cases (using `break` and using variable as a template name)
+  * Add IncludeInRender check
+  * Improve autocorrector for UndefinedObject's missing argument error - if variable is defined, it will be passed instead of hardcoding null
+  * Re-enable autocorrector for ConvertIncludeToRender
+  * Make UndefinedObject more clever - it will report undefined object if variable is used before declaration
+
+v0.4.8 / 2023-12-20
+==================
+
+  * Add GraphqlInForLoop check
+
+v0.4.7 / 2023-12-27
 ==================
 
   * Add UnreachableCode check

data/README.md

@@ -11,7 +11,7 @@ PlatformOS Check currently checks for the following:
 ✅ Liquid syntax errors
 ✅ JSON syntax errors
 ✅ Missing partials and graphqls
-✅ Unused `{% assign ... %}`
+✅ Unused variables (via `{% assign var = ... %}`, {% function var = ... %} etc.)
 ✅ Unused partials
 ✅ Template length
 ✅ Deprecated tags
@@ -23,14 +23,14 @@ PlatformOS Check currently checks for the following:
 ✅ Deprecated filters
 ✅ Missing `platformos-check-enable` comment
 ✅ Invalid arguments provided to `{% graphql %}` tags
+✅ Missing `authenticity_token` in `<form>`
+✅ Unreachable code
 
 As well as checks that prevent easy to spot performance problems:
 
+✅ [GraphQL in for loop](/docs/checks/graphql_in_for_loop.md)
 ✅ Use of [parser-blocking](/docs/checks/parser_blocking_javascript.md) JavaScript
-✅ [Use of non-platformOS domains for assets](/docs/checks/remote_asset.md)
 ✅ [Missing width and height attributes on `img` tags](/docs/checks/img_width_and_height.md)
-✅ [Too much JavaScript](/docs/checks/asset_size_javascript.md)
-✅ [Too much CSS](/docs/checks/asset_size_css.md)
 
 For detailed descriptions and configuration options, [take a look at the complete list.](/docs/checks/)
 
@@ -52,12 +52,21 @@ With more to come! Suggestions welcome ([create an issue](https://github.com/Pla
 ### Install ruby and platform-check gem
 
 1. Download the latest version of Ruby - https://www.ruby-lang.org/en/documentation/installation/
+
+Verify that you've installed at least version 3.2:
+
+`ruby -v`
+
+⚠️ **Note:**  You might need to restart  the terminal after installing.
+⚠️ **Note:*** Please make sure you install ruby for your user, not the root
+
 2. Install platformos-check gem
 
 `gem install platformos-check`
 
 You can verify the installation was successful by invoking `platformos-check --version`. If you chose this method, use `platformos-check-language-server` as a path to your language server instead of `/Users/<username/platformos-check-language-server`
 
+⚠️ **Note:*** Please make sure you  install the gem for your user, not the root - i.e. without `sudo`
 
 ### Using Docker
 

data/config/default.yml

@@ -15,6 +15,10 @@ ConvertIncludeToRender:
   enabled: true
   ignore: []
 
+IncludeInRender:
+  enabled: true
+  ignore: []
+
 LiquidTag:
   enabled: true
   ignore: []
@@ -69,7 +73,6 @@ ValidYaml:
 UndefinedObject:
   enabled: true
   ignore: []
-  config_type: :default
 
 DeprecatedFilter:
   enabled: true
@@ -99,6 +102,10 @@ FormAuthenticityToken:
   enabled: true
   ignore: []
 
+GraphqlInForLoop:
+  enabled: true
+  ignore: []
+
 HtmlParsingError:
   enabled: true
   ignore: []

data/docs/checks/form_action.md

@@ -30,6 +30,12 @@ This check is aimed at ensuring you have not forgotten to start the path with /.
 </form>
 ```
 
+```liquid
+<form action="https://example.com/external">
+ ...
+</form>
+```
+
 ## Check Options
 
 The default configuration for this check is the following:

data/docs/checks/form_authenticity_token.md

@@ -3,7 +3,7 @@
 In platformOS all POST/PATCH/PUT/DELETE requests are protected from [CSRF Attacks][csrf-attack] through [authenticity_token][page-csrf]
 Form action defines the endpoint to which browser will make a request after submitting it.
 
-As a general rule you should include hidden input `<input type="hidden" name="authenticity_token" value="{{ context.authenticity_token }}">` in every form. Missing it will result in session invalidation and any logged in user will be automatically logged out.
+As a general rule you should include hidden input `<input type="hidden" name="authenticity_token" value="{{ context.authenticity_token }}">` in every form. Missing it will result in session invalidation and the logged in user will be automatically logged out.
 
 ## Check Details
 
@@ -12,18 +12,37 @@ This check is aimed at ensuring you have not forgotten to include authenticity_t
 :-1: Examples of **incorrect** code for this check:
 
 ```liquid
-<form action="dummy/create">
+<form action="/dummy/create" method="post">
 </form>
 ```
 
 :+1: Examples of **correct** code for this check:
 
+With token:
 ```liquid
-<form action="/dummy/create">
+<form action="/dummy/create" method="post">
   <input type="hidden" name="authenticity_token" value="{{ context.authenticity_token }}">
 </form>
 ```
 
+For GET request:
+```liquid
+<form action="/dummy/create">
+</form>
+```
+
+For external request:
+```liquid
+<form action="https://example.com/dummy/create" method="post">
+</form>
+```
+
+For parameterized request:
+```liquid
+<form action="{{ context.constants.MY_REQUEST_URL }}" method="post">
+</form>
+```
+
 ## Check Options
 
 The default configuration for this check is the following:

data/docs/checks/graphql_in_for_loop.md

@@ -0,0 +1,56 @@
+# GraphQL in for loop (`GraphqlInForLoop`)
+
+This check is aimed towards identifying performance problems before they arise. Invoking GraphQL queries/mutations inside the `for loop` can lead to performance issues such as increased database load, higher latency, and inefficient use of network resources. It is particularly problematic when dealing with large datasets or when the number of entities grows.
+
+Invoking a GraphQL query within a `for loop` might also be a sign of a so called N+1 problem. The N+1 pattern often arises when dealing with relationships between entities. In an attempt to retrieve related data, developers may inadvertently end up executing a large number of queries, resulting in a significant performance overhead.
+
+To address this problem, developers can use techniques like eager loading, which involves fetching the related data in a single query instead of issuing separate queries for each entity. This helps reduce the number of database round-trips and improves overall system performance. In platformOS the most common technique to fix the N+1 issue is by [using related_records][relalted_records].
+
+## Check Details
+
+This check is aimed towards identifying GraphQL queries invoked within a for loop.
+
+:-1: Examples of **incorrect** code for this check:
+
+```liquid
+{% assign arr = 'a,b,c' | split: ','}
+{% for el in arr %}
+  {% graphql g = 'my/graphql', el: el %}
+  {% print el %}
+{% endfor %}
+
+```
+
+:+1: Examples of **correct** code for this check:
+
+```liquid
+{% assign arr = 'a,b,c' | split: ','}
+{% graphql g = 'my/graphql', arr: arr %}
+```
+
+## Check Options
+
+The default configuration for this check is the following:
+
+```yaml
+GraphqlInForLoop:
+  enabled: true
+```
+
+## When Not To Use It
+
+In the perfect world, there should be no cases where disabling this rule is needed - platformOS most likely already has a way to solve a problem without using GraphQL query / mutation in the for loop.
+
+## Version
+
+This check has been introduced in PlatformOS Check 0.4.9.
+
+## Resources
+
+- [Rule Source][codesource]
+- [Documentation Source][docsource]
+- [platformOS - loading related records][related_records]
+
+[codesource]: /lib/platformos_check/checks/graphql_in_for_loop.rb
+[docsource]: /docs/checks/graphql_in_for_loop.md
+[related_records]: https://documentation.platformos.com/developer-guide/records/loading-related-records

data/docs/checks/include_in_render.md

@@ -0,0 +1,62 @@
+# Reports usage of `include` tag inside `render` (`IncludeInRender`)
+
+Runtime error is used when `include` tag is used inside `render` tag.
+
+## Check Details
+
+This check is aimed at eliminating the use of `include` tags `render` tag.
+
+:-1: Examples of **incorrect** code for this check:
+
+```liquid
+{% liquid
+  # app/views/pages/index.liquid
+  render 'foo'
+%}
+```liquid
+{% liquid
+  # app/views/partials/foo.liquid
+  include 'bar'
+%}
+```
+
+:+1: Examples of **correct** code for this check:
+
+```liquid
+{% liquid
+  # app/views/pages/index.liquid
+  render 'foo'
+%}
+```liquid
+{% liquid
+  # app/views/partials/foo.liquid
+  render 'bar'
+%}
+```
+
+## Check Options
+
+The default configuration for this check is the following:
+
+```yaml
+IncludeInRender:
+  enabled: true
+```
+
+## When Not To Use It
+
+It is discouraged to disable this rule.
+
+## Version
+
+This check has been introduced in PlatformOS Check 0.4.9.
+
+## Resources
+
+- [Deprecated Tags Reference][deprecated]
+- [Rule Source][codesource]
+- [Documentation Source][docsource]
+
+[deprecated]: https://documentation.platformos.com/api-reference/liquid/include
+[codesource]: /lib/platformos_check/checks/convert_include_to_render.rb
+[docsource]: /docs/checks/convert_include_to_render.md

data/lib/platformos_check/analyzer.rb

@@ -2,13 +2,15 @@
 
 module PlatformosCheck
   class Analyzer
-    def initialize(platformos_app, checks = Check.all.map(&:new), auto_correct = false)
+    def initialize(platformos_app, checks = Check.all.map(&:new), auto_correct = false, store_warnings = false)
       @platformos_app = platformos_app
       @auto_correct = auto_correct
+      @store_warnings = store_warnings
 
       @liquid_checks = Checks.new
       @yaml_checks = Checks.new
       @html_checks = Checks.new
+      @warnings = {}
 
       checks.each do |check|
         check.platformos_app = @platformos_app
@@ -30,6 +32,8 @@ module PlatformosCheck
         @html_checks.flat_map(&:offenses)
     end
 
+    attr_reader :warnings
+
     def yaml_file_count
       @yaml_file_count ||= @platformos_app.yaml.size
     end
@@ -54,6 +58,7 @@ module PlatformosCheck
           yield(liquid_file.relative_path.to_s, i, total_file_count) if block_given?
           liquid_visitor.visit_liquid_file(liquid_file)
           html_visitor.visit_liquid_file(liquid_file)
+          @warnings[liquid_file.path] = liquid_file.warnings if @store_warnings && !liquid_file.warnings&.empty?
         end
       end
 

data/lib/platformos_check/checks/convert_include_to_render.rb

@@ -3,15 +3,54 @@
 module PlatformosCheck
   # Recommends replacing `include` for `render`
   class ConvertIncludeToRender < LiquidCheck
+    RENDER_INCOMPATIBLE_TAGS = %w[break include].freeze
+
     severity :suggestion
     category :liquid
     doc docs_url(__FILE__)
 
+    def initialize
+      @processed_files = {}
+    end
+
     def on_include(node)
+      return if allowed_usecase?(node)
+
       add_offense("`include` is deprecated - convert it to `render`", node:) do |corrector|
-        # We need to fix #445 and pass the variables from the context or don't replace at all.
-        # corrector.replace(node, "render \'#{node.value.template_name_expr}\' ")
+        match = node.markup.match(/(?<include>include\s*)/)
+        corrector.replace(node, node.markup.sub(match[:include], 'render '), node.start_index...node.end_index)
+      end
+    end
+
+    protected
+
+    def allowed_usecase?(node)
+      return true if name_is_variable?(node)
+      return true if include_node_contains_render_incompatible_tag?(root_node_from_include(node.value.template_name_expr))
+
+      false
+    end
+
+    def name_is_variable?(node)
+      !node.value.template_name_expr.is_a?(String)
+    end
+
+    def include_node_contains_render_incompatible_tag?(node)
+      return false if node.nil?
+
+      node.nodelist.any? do |n|
+        if RENDER_INCOMPATIBLE_TAGS.include?(n.respond_to?(:tag_name) && n.tag_name)
+          true
+        elsif n.respond_to?(:nodelist) && n.nodelist
+          include_node_contains_render_incompatible_tag?(n)
+        else
+          false
+        end
       end
     end
+
+    def root_node_from_include(path)
+      @platformos_app.grouped_files[PlatformosCheck::PartialFile][path]&.parse&.root
+    end
   end
 end

data/lib/platformos_check/checks/form_action.rb

@@ -6,11 +6,13 @@ module PlatformosCheck
     categories :html
     doc docs_url(__FILE__)
 
+    VALID_ACTION_START = ['/', '{%', '{{', '#', 'http'].freeze
+
     def on_form(node)
       action = node.attributes["action"]&.strip
       return if action.nil?
       return if action.empty?
-      return if action.start_with?('/', '{{')
+      return if action.start_with?(*VALID_ACTION_START)
 
       add_offense("Use action=\"/#{action}\" (start with /) to ensure the form can be submitted multiple times in case of validation errors", node:)
     end

data/lib/platformos_check/checks/form_authenticity_token.rb

@@ -9,6 +9,9 @@ module PlatformosCheck
     AUTHENTICITY_TOKEN_VALUE = /\A\s*{{\s*context\.authenticity_token\s*}}\s*\z/
 
     def on_form(node)
+      return if method_is_get(node.attributes['method'])
+      return unless action_is_relative_url(node.attributes['action'])
+
       authenticity_toke_inputs = node.children.select { |c| c.name == 'input' && c.attributes['name'] == 'authenticity_token' && c.attributes['value']&.match?(AUTHENTICITY_TOKEN_VALUE) }
       return if authenticity_toke_inputs.size == 1
       return add_offense('Duplicated authenticity_token inputs', node:) if authenticity_toke_inputs.size > 1
@@ -17,5 +20,22 @@ module PlatformosCheck
         corrector.insert_after(node, "\n<input type=\"hidden\" name=\"authenticity_token\" value=\"{{ context.authenticity_token }}\">")
       end
     end
+
+    protected
+
+    def method_is_get(method)
+      return true if method.nil?
+
+      method = method.downcase.strip
+      return true if method == ''
+
+      method == 'get'
+    end
+
+    def action_is_relative_url(action)
+      return true if action.nil?
+
+      action.lstrip[0] == '/'
+    end
   end
 end

data/lib/platformos_check/checks/graphql_in_for_loop.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+module PlatformosCheck
+  class GraphqlInForLoop < LiquidCheck
+    severity :suggestion
+    categories :liquid, :performance
+    doc docs_url(__FILE__)
+
+    PARTIAL_TAG = %i[render include]
+    OFFENSE_MSG = "Do not invoke GraphQL in a for loop"
+
+    class PartialInfo
+      attr_reader :node, :app_file
+
+      def initialize(node:, app_file:)
+        @node = node
+        @app_file = app_file
+      end
+    end
+
+    def self.single_file(**_args)
+      true
+    end
+
+    def initialize
+      @partials = []
+      @all_partials = Set.new
+    end
+
+    def on_for(_node)
+      @in_for = true
+    end
+
+    def on_graphql(node)
+      add_graphql_offense(node:, graphql_node: node) if should_report?
+    end
+
+    def after_for(_node)
+      @in_for = false
+    end
+
+    def on_background(_node)
+      @in_background = true
+    end
+
+    def after_background(_node)
+      @in_background = false
+    end
+
+    def on_include(node)
+      return unless should_report?
+
+      add_partial(path: node.value.template_name_expr, node:)
+    end
+
+    def on_render(node)
+      return unless should_report?
+
+      add_partial(path: node.value.template_name_expr, node:)
+    end
+
+    def on_function(node)
+      return unless should_report?
+
+      add_partial(path: node.value.from, node:)
+    end
+
+    def on_end
+      while (partial_info = @partials.shift)
+        report_offense_on_graphql(LiquidNode.new(partial_info.app_file.parse.root, nil, partial_info.app_file), offense_node: partial_info.node)
+      end
+    end
+
+    protected
+
+    def add_partial(path:, node:)
+      return unless path.is_a?(String)
+      return if @all_partials.include?(path)
+      return if @platformos_app.grouped_files[PlatformosCheck::PartialFile][path].nil?
+
+      @all_partials << path
+      @partials << PartialInfo.new(node:, app_file: @platformos_app.grouped_files[PlatformosCheck::PartialFile][path])
+    end
+
+    def should_report?
+      @in_for && !@in_background
+    end
+
+    def add_graphql_offense(node:, graphql_node:)
+      return add_offense(OFFENSE_MSG, node:) unless graphql_node.value.partial_name
+
+      partial_name = graphql_node.value.partial_name.is_a?(String) ? graphql_node.value.partial_name : "variable: #{graphql_node.value.partial_name.name}"
+      add_offense("#{OFFENSE_MSG} (#{partial_name})", node:)
+    end
+
+    def report_offense_on_graphql(node, offense_node:)
+      if node.type_name == :graphql
+        add_graphql_offense(node: offense_node, graphql_node: node)
+      elsif PARTIAL_TAG.include?(node.type_name)
+        add_partial(path: node.value.template_name_expr, node: offense_node)
+      elsif node.type_name == :function
+        add_partial(path: node.value.from, node: offense_node)
+      elsif node.children && !node.children.empty?
+        node.children.each { |c| report_offense_on_graphql(c, offense_node:) }
+      end
+    end
+  end
+end

data/lib/platformos_check/checks/img_lazy_loading.rb

@@ -6,13 +6,17 @@ module PlatformosCheck
     categories :html, :performance
     doc docs_url(__FILE__)
 
-    ACCEPTED_LOADING_VALUES = %w[lazy eager]
+    ACCEPTED_LOADING_VALUES = Set.new(%w[lazy eager]).freeze
+    LOADING_DEFAULT_ATTRIBUTE = ' loading="eager"'
 
     def on_img(node)
       loading = node.attributes["loading"]&.downcase
       return if ACCEPTED_LOADING_VALUES.include?(loading)
 
-      add_offense("Use loading=\"eager\" for images visible in the viewport on load and loading=\"lazy\" for others", node:)
+      add_offense("Use loading=\"eager\" for images visible in the viewport on load and loading=\"lazy\" for others", node:) do |corrector|
+        start_pos = node.start_index + node.markup.index('>')
+        corrector.insert_after(node, LOADING_DEFAULT_ATTRIBUTE, start_pos...start_pos)
+      end
     end
   end
 end

data/lib/platformos_check/checks/include_in_render.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module PlatformosCheck
+  # Recommends replacing `include` for `render`
+  class IncludeInRender < LiquidCheck
+    severity :error
+    category :liquid
+    doc docs_url(__FILE__)
+
+    def initialize
+      @processed_files = {}
+    end
+
+    def on_render(node)
+      path = node.value.template_name_expr
+      return unless include_tag_in_render?(root_node_for_render(path))
+
+      add_offense("`render` context does not allow to use `include`, either remove all includes from `#{app_file_for_path(path).relative_path}` or change `render` to `include`", node:)
+    end
+
+    protected
+
+    def include_tag_in_render?(node)
+      return false if node.nil?
+
+      node.nodelist.any? do |n|
+        if n.respond_to?(:tag_name) && n.tag_name == 'include'
+          true
+        elsif n.respond_to?(:nodelist) && n.nodelist
+          include_tag_in_render?(n)
+        else
+          false
+        end
+      end
+    end
+
+    def root_node_for_render(path)
+      app_file_for_path(path)&.parse&.root
+    end
+
+    def app_file_for_path(path)
+      @platformos_app.grouped_files[PlatformosCheck::PartialFile][path]
+    end
+  end
+end

data/lib/platformos_check/checks/invalid_args.rb

@@ -42,7 +42,10 @@ module PlatformosCheck
 
     def add_duplicated_key_offense(node)
       node.value.duplicated_attrs.each do |duplicated_arg|
-        add_offense("Duplicated argument `#{duplicated_arg}`", node:)
+        add_offense("Duplicated argument `#{duplicated_arg}`", node:) do |corrector|
+          match = node.markup.match(/(?<attribute>,?\s*#{duplicated_arg}\s*:\s*#{Liquid::QuotedFragment})\s*/)
+          corrector.replace(node, node.markup.sub(match[:attribute], ''), node.start_index...node.end_index)
+        end
       end
     end
   end

data/lib/platformos_check/checks/undefined_object.rb

@@ -6,6 +6,9 @@ module PlatformosCheck
     doc docs_url(__FILE__)
     severity :error
 
+    NOTIFICATION_GLOBAL_OBJECTS = %w[data response form].freeze
+    FORM_GLOBAL_OBJECTS = %w[form form_builder].freeze
+
     class TemplateInfo
       def initialize(app_file: nil)
         @all_variable_lookups = {}
@@ -19,7 +22,8 @@ module PlatformosCheck
       attr_reader :all_assigns, :all_captures, :all_forloops, :app_file, :all_renders
 
       def add_render(name:, node:)
-        @all_renders[name] = node
+        @all_renders[name] ||= []
+        @all_renders[name] << node
       end
 
       def add_variable_lookup(name:, node:)
@@ -39,8 +43,10 @@ module PlatformosCheck
       end
 
       def each_partial
-        @all_renders.each do |(name, info)|
-          yield [name, info]
+        @all_renders.each do |(name, nodes)|
+          nodes.each do |node|
+            yield [name, node]
+          end
         end
       end
 
@@ -56,14 +62,17 @@ module PlatformosCheck
           yield [key, info]
         end
       end
+
+      def first_declaration(name)
+        [all_assigns[name], all_captures[name]].compact.sort_by(&:line_number).first
+      end
     end
 
     def self.single_file(**_args)
       true
     end
 
-    def initialize(config_type: :default)
-      @config_type = config_type
+    def initialize
       @files = {}
     end
 
@@ -72,15 +81,15 @@ module PlatformosCheck
     end
 
     def on_assign(node)
-      @files[node.app_file.name].all_assigns[node.value.to] = node
+      @files[node.app_file.name].all_assigns[node.value.to] ||= node
     end
 
     def on_capture(node)
-      @files[node.app_file.name].all_captures[node.value.instance_variable_get(:@to)] = node
+      @files[node.app_file.name].all_captures[node.value.instance_variable_get(:@to)] ||= node
     end
 
     def on_parse_json(node)
-      @files[node.app_file.name].all_captures[node.value.to] = node
+      @files[node.app_file.name].all_captures[node.value.to] ||= node
     end
 
     def on_for(node)
@@ -102,7 +111,7 @@ module PlatformosCheck
     end
 
     def on_function(node)
-      @files[node.app_file.name].all_assigns[node.value.to] = node
+      @files[node.app_file.name].all_assigns[node.value.to] ||= node
 
       return unless node.value.from.is_a?(String)
 
@@ -113,13 +122,13 @@ module PlatformosCheck
     end
 
     def on_graphql(node)
-      @files[node.app_file.name].all_assigns[node.value.to] = node
+      @files[node.app_file.name].all_assigns[node.value.to] ||= node
     end
 
     def on_background(node)
       return unless node.value.partial_syntax
 
-      @files[node.app_file.name].all_assigns[node.value.to] = node
+      @files[node.app_file.name].all_assigns[node.value.to] ||= node
 
       return unless node.value.partial_name.is_a?(String)
 
@@ -155,10 +164,10 @@ module PlatformosCheck
       each_template do |(_name, info)|
         if info.app_file.notification?
           # NOTE: `data` comes from graphql for notifications
-          check_object(info, all_global_objects + %w[data response form])
+          check_object(info, all_global_objects + NOTIFICATION_GLOBAL_OBJECTS)
         elsif info.app_file.form?
           # NOTE: `data` comes from graphql for notifications
-          check_object(info, all_global_objects + %w[form form_builder])
+          check_object(info, all_global_objects + FORM_GLOBAL_OBJECTS)
         else
           check_object(info, all_global_objects)
         end
@@ -167,42 +176,37 @@ module PlatformosCheck
 
     private
 
-    attr_reader :config_type
-
     def each_template
       @files.each do |(name, info)|
         yield [name, info]
       end
     end
 
-    def check_object(info, all_global_objects, render_node = nil, visited_partials = Set.new, level = 0)
+    def check_object(info, all_global_objects, render_node = nil, level = 0)
       return if level > 1
 
       check_undefined(info, all_global_objects, render_node) unless info.app_file.partial? && render_node.nil? # ||
 
       info.each_partial do |(partial_name, node)|
-        next if visited_partials.include?(partial_name)
+        next unless @files[partial_name] # NOTE: undefined partial
 
         partial_info = @files[partial_name]
-
-        next unless partial_info # NOTE: undefined partial
-
         partial_variables = node.value.attributes.keys +
                             [node.value.instance_variable_get(:@alias_name)]
-        visited_partials << partial_name
-        check_object(partial_info, all_global_objects + partial_variables, node, visited_partials, level + 1)
+
+        check_object(partial_info, all_global_objects + partial_variables, node, level + 1)
       end
     end
 
     def check_undefined(info, all_global_objects, render_node)
-      all_variables = info.all_variables
       potentially_unused_variables = render_node.value.attributes.keys if render_node
+      missing_arguments = []
       info.each_variable_lookup(!!render_node) do |(key, node)|
         name, line_number = key
 
         potentially_unused_variables&.delete(name)
 
-        next if all_variables.include?(name)
+        next if info.all_variables.include?(name) && variable_declared_before_used?(name, info, line_number)
         next if all_global_objects.include?(name)
 
         node = node.parent
@@ -211,7 +215,7 @@ module PlatformosCheck
         next if node.variable? && node.filters.any? { |(filter_name)| filter_name == "default" }
 
         if render_node
-          add_offense("Missing argument `#{name}`", node: render_node)
+          missing_arguments << name
         elsif !info.app_file.partial?
           add_offense("Undefined object `#{name}`", node:, line_number:)
         end
@@ -219,8 +223,33 @@ module PlatformosCheck
 
       potentially_unused_variables -= render_node.value.internal_attributes if render_node && render_node.value.respond_to?(:internal_attributes)
       potentially_unused_variables&.each do |name|
-        add_offense("Unused argument `#{name}`", node: render_node)
+        add_offense("Unused argument `#{name}`", node: render_node) do |corrector|
+          match = render_node.markup.match(/(?<attribute>,?\s*#{name}\s*:\s*#{Liquid::QuotedFragment})\s*/)
+
+          corrector.replace(render_node, render_node.markup.sub(match[:attribute], ''), render_node.start_index...render_node.end_index)
+        end
       end
+
+      return if missing_arguments.empty?
+
+      add_offense("Missing arguments: #{missing_arguments.map { |name| "`#{name}`" }.join(', ')}", node: render_node) do |corrector|
+        new_attributes = ''
+        missing_arguments.each do |name|
+          new_attributes += ", #{name}: "
+          new_attributes += @files[render_node.app_file.name].all_assigns.key?(name) ? name : 'null'
+        end
+
+        start_pos = render_node.end_index
+        start_pos -= 1 while start_pos > 0 && render_node.source[start_pos - 1] == ' '
+        corrector.replace(render_node, new_attributes, start_pos...start_pos)
+      end
+    end
+
+    def variable_declared_before_used?(name, info, line_number_when_used)
+      declaration = info.first_declaration(name)
+      return true if declaration.nil?
+
+      declaration.line_number <= line_number_when_used
     end
   end
 end

data/lib/platformos_check/checks/unreachable_code.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 module PlatformosCheck
-  # Recommends using {% liquid ... %} if 5 or more consecutive {% ... %} are found.
   class UnreachableCode < LiquidCheck
     severity :error
     category :liquid
@@ -9,7 +8,7 @@ module PlatformosCheck
 
     FLOW_COMMAND = %i[break continue return]
     CONDITION_TYPES = Set.new(%i[condition else_condition])
-    INCLUDE_FLOW_COMMAND = %w[break]
+    INCLUDE_FLOW_COMMAND = %w[break].freeze
 
     def on_document(node)
       @processed_files = {}
@@ -95,16 +94,16 @@ module PlatformosCheck
       @processed_files[path]
     end
 
-    def include_node_contains_flow_command?(root)
-      return false if root.nil?
+    def include_node_contains_flow_command?(node)
+      return false if node.nil?
 
-      root.nodelist.any? do |node|
-        if INCLUDE_FLOW_COMMAND.include?(node.respond_to?(:tag_name) && node.tag_name)
+      node.nodelist.any? do |n|
+        if INCLUDE_FLOW_COMMAND.include?(n.respond_to?(:tag_name) && n.tag_name)
           true
-        elsif node.respond_to?(:nodelist) && node.nodelist
-          include_node_contains_flow_command?(node)
-        elsif node.respond_to?(:tag_name) && node.tag_name == 'include' && node.template_name_expr.is_a?(String)
-          evaluate_include(node.template_name_expr)
+        elsif n.respond_to?(:nodelist) && n.nodelist
+          include_node_contains_flow_command?(n)
+        elsif n.respond_to?(:tag_name) && n.tag_name == 'include' && n.template_name_expr.is_a?(String)
+          evaluate_include(n.template_name_expr)
         else
           false
         end

data/lib/platformos_check/checks/unused_assign.rb

@@ -7,6 +7,13 @@ module PlatformosCheck
     category :liquid
     doc docs_url(__FILE__)
 
+    TAGS_FOR_AUTO_VARIABLE_PREPEND = Set.new(%i[graphql function background]).freeze
+    FILTERS_THAT_MODIFY_OBJECT = Set.new(%w[array_add add_to_array
+                                            prepend_to_array array_prepend
+                                            assign_to_hash_key hash_add_key add_hash_key
+                                            remove_hash_key hash_delete_key delete_hash_key]).freeze
+    PREPEND_CHARACTER = '_'
+
     class TemplateInfo < Struct.new(:used_assigns, :assign_nodes, :includes)
       def collect_used_assigns(templates, visited = Set.new)
         collected = used_assigns
@@ -34,7 +41,8 @@ module PlatformosCheck
     end
 
     def on_assign(node)
-      return if ignore_underscored?(node)
+      return if ignore_prepended?(node)
+      return if node.value.from.filters.any? { |filter_name, *_arguments| FILTERS_THAT_MODIFY_OBJECT.include?(filter_name) }
 
       @templates[node.app_file.name].assign_nodes[node.value.to] = node
     end
@@ -44,13 +52,21 @@ module PlatformosCheck
     end
 
     def on_function(node)
-      return if ignore_underscored?(node)
+      return if ignore_prepended?(node)
 
       @templates[node.app_file.name].assign_nodes[node.value.to] = node
     end
 
     def on_graphql(node)
-      return if ignore_underscored?(node)
+      return if node.value.to.nil?
+      return if ignore_prepended?(node)
+
+      @templates[node.app_file.name].assign_nodes[node.value.to] = node
+    end
+
+    def on_background(node)
+      return if node.value.to.nil?
+      return if ignore_prepended?(node)
 
       @templates[node.app_file.name].assign_nodes[node.value.to] = node
     end
@@ -77,25 +93,8 @@ module PlatformosCheck
           next if used.include?(name)
 
           add_offense("`#{name}` is never used", node:) do |corrector|
-            case node.type_name
-            when :graphql
-              offset = node.markup.match(/^graphql\s+/)[0].size
-
-              corrector.insert_before(
-                node,
-                '_',
-                (node.start_index + offset)...(node.start_index + offset)
-              )
-            when :function
-              offset = node.markup.match(/^function\s+/)[0].size
-
-              corrector.insert_before(
-                node,
-                '_',
-                (node.start_index + offset)...(node.start_index + offset)
-              )
-            when :parse_json
-              # noop
+            if TAGS_FOR_AUTO_VARIABLE_PREPEND.include?(node.type_name)
+              prepend_variable(node, corrector)
             else
               corrector.remove(node)
             end
@@ -106,8 +105,18 @@ module PlatformosCheck
 
     private
 
-    def ignore_underscored?(node)
-      node.value.to.start_with?('_')
+    def ignore_prepended?(node)
+      node.value.to.start_with?(PREPEND_CHARACTER)
+    end
+
+    def prepend_variable(node, corrector)
+      offset = node.markup.match(/^#{node.type_name}\s+/)[0].size
+
+      corrector.insert_before(
+        node,
+        PREPEND_CHARACTER,
+        (node.start_index + offset)...(node.start_index + offset)
+      )
     end
   end
 end

data/lib/platformos_check/cli.rb

@@ -188,7 +188,7 @@ module PlatformosCheck
     def check(out_stream = STDOUT)
       update_docs
 
-      warn "Checking #{@config.root} ..."
+      warn "Checking #{@config.root}:"
       storage = PlatformosCheck::FileSystemStorage.new(@config.root, ignored_patterns: @config.ignored_patterns)
       raise Abort, "No platformos_app files found." if storage.platformos_app.all.empty?
 

data/lib/platformos_check/graphql_file.rb

@@ -71,6 +71,10 @@ module PlatformosCheck
       end
     end
 
+    def optional_arguments
+      @optional_arguments ||= defined_arguments - required_arguments
+    end
+
     def defined_arguments
       @defined_arguments ||= variables.map(&:name)
     end

data/lib/platformos_check/liquid_file.rb

@@ -68,7 +68,7 @@ module PlatformosCheck
     end
 
     def warnings
-      @ast.warnings
+      parse&.warnings
     end
 
     def root

data/lib/platformos_check/tags/context.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module PlatformosCheck
+  module Tags
+    class Context < Base
+      class ParseTreeVisitor < Liquid::ParseTreeVisitor
+        def children
+          @node.attributes_expr.values
+        end
+      end
+    end
+  end
+end

data/lib/platformos_check/tags/graphql.rb

@@ -5,6 +5,7 @@ module PlatformosCheck
     class Graphql < Base
       QUERY_NAME_SYNTAX = /(#{Liquid::VariableSignature}+)\s*=\s*(.*)\s*/om
       INLINE_SYNTAX = /(#{Liquid::QuotedFragment}+)(\s*(#{Liquid::QuotedFragment}+))?/o
+      INLINE_SYNTAX_WITHOUT_RESULT_VARIABLE = /\A([\w\-\.\[\]])+\s*:\s*/om
       CLOSE_TAG_SYNTAX = /\A(.*)(?-mix:\{%-?)\s*(\w+)\s*(.*)?(?-mix:%\})\z/m # based on Liquid::Raw::FullTokenPossiblyInvalid
 
       attr_reader :to, :from, :inline_query, :value_expr, :partial_name, :attributes_expr, :attributes
@@ -28,6 +29,8 @@ module PlatformosCheck
           @partial_name = value_expr
           @from = Liquid::Variable.new(after_assign_markup.join('|'), options)
         elsif INLINE_SYNTAX.match?(markup)
+          raise Liquid::SyntaxError, 'Invalid syntax for inline graphql tag - missing result name. Valid syntax: graphql result, arg1: var1, ...' if markup.match?(INLINE_SYNTAX_WITHOUT_RESULT_VARIABLE)
+
           @inline_query = true
           parse_markup(tag_name, markup)
           @attributes = attributes_expr.keys

data/lib/platformos_check/tags.rb

@@ -53,6 +53,8 @@ module PlatformosCheck
         register_tag('background', Background)
         register_tag('content_for', ContentFor)
         register_tag('session', Session)
+        register_tag('context', Context)
+        register_tag('context_rc', Context)
         register_tag('sign_in', SignIn)
         register_tag('yield', Yield)
         register_tag('graphql', Graphql)

data/lib/platformos_check/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PlatformosCheck
-  VERSION = "0.4.7"
+  VERSION = "0.4.9"
 end

data/lib/platformos_check.rb

@@ -47,6 +47,7 @@ require_relative "platformos_check/tags/base"
 require_relative "platformos_check/tags/base_block"
 require_relative "platformos_check/tags/background"
 require_relative "platformos_check/tags/cache"
+require_relative "platformos_check/tags/context"
 require_relative "platformos_check/tags/export"
 require_relative "platformos_check/tags/form"
 require_relative "platformos_check/tags/function"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: platformos-check
 version: !ruby/object:Gem::Version
-  version: 0.4.7
+  version: 0.4.9
 platform: ruby
 authors:
 - Piotr Bliszczyk
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-12-27 00:00:00.000000000 Z
+date: 2024-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -119,9 +119,11 @@ files:
 - docs/checks/deprecated_filter.md
 - docs/checks/form_action.md
 - docs/checks/form_authenticity_token.md
+- docs/checks/graphql_in_for_loop.md
 - docs/checks/html_parsing_error.md
 - docs/checks/img_lazy_loading.md
 - docs/checks/img_width_and_height.md
+- docs/checks/include_in_render.md
 - docs/checks/invalid_args.md
 - docs/checks/liquid_tag.md
 - docs/checks/missing_enable_comment.md
@@ -164,9 +166,11 @@ files:
 - lib/platformos_check/checks/deprecated_filter.rb
 - lib/platformos_check/checks/form_action.rb
 - lib/platformos_check/checks/form_authenticity_token.rb
+- lib/platformos_check/checks/graphql_in_for_loop.rb
 - lib/platformos_check/checks/html_parsing_error.rb
 - lib/platformos_check/checks/img_lazy_loading.rb
 - lib/platformos_check/checks/img_width_and_height.rb
+- lib/platformos_check/checks/include_in_render.rb
 - lib/platformos_check/checks/invalid_args.rb
 - lib/platformos_check/checks/liquid_tag.rb
 - lib/platformos_check/checks/missing_enable_comment.rb
@@ -316,6 +320,7 @@ files:
 - lib/platformos_check/tags/base_block.rb
 - lib/platformos_check/tags/base_tag_methods.rb
 - lib/platformos_check/tags/cache.rb
+- lib/platformos_check/tags/context.rb
 - lib/platformos_check/tags/export.rb
 - lib/platformos_check/tags/form.rb
 - lib/platformos_check/tags/function.rb