pluginscan 0.9.0

data/lib/pluginscan.rb

@@ -0,0 +1,69 @@
+require 'pluginscan/reports/sloccount_report'
+require 'pluginscan/reports/cloc_report'
+require 'pluginscan/reports/vulnerability_report'
+require 'pluginscan/reports/issues_report'
+require 'pluginscan/reports/issues_report/issues_printer_factory'
+require 'pluginscan/error'
+
+module Pluginscan
+  class Scanner
+    DEFAULT_OPTIONS = {
+      output: $stdout,
+      sloccount: true,
+      cloc: true,
+      advisories: true,
+      issues_format: :report,
+      hide_ignores: false,
+    }.freeze
+
+    def initialize(options = {})
+      @options = DEFAULT_OPTIONS.merge options
+    end
+
+    def scan(plugin_directory)
+      fail Errno::ENOENT unless Dir.exist? plugin_directory
+
+      output_sloccount_report(plugin_directory) if @options[:sloccount]
+      output_cloc_report(plugin_directory)      if @options[:cloc]
+
+      output_vulnerability_report(plugin_directory) if @options[:advisories]
+
+      output_issues_report(plugin_directory)
+      output_error_list_to_file(plugin_directory) if @options[:error_list_file]
+
+      true
+    end
+
+    private def output_sloccount_report(plugin_directory)
+      sloccount_printer = SLOCCountPrinter.new(@options[:output])
+      Reports::SLOCCountReport.print(plugin_directory, sloccount_printer, error_printer)
+    end
+
+    private def output_cloc_report(plugin_directory)
+      cloc_printer = CLOCPrinter.new(@options[:output])
+      Reports::CLOCReport.print(plugin_directory, cloc_printer, error_printer)
+    end
+
+    private def output_vulnerability_report(plugin_directory)
+      vulnerabilities_printer = VulnerabilitiesPrinter.new(@options[:output])
+      Reports::VulnerabilityReport.print(plugin_directory, vulnerabilities_printer, error_printer)
+    end
+
+    private def output_issues_report(plugin_directory)
+      printer = IssuesPrinterFactory.create_printer(@options[:issues_format], @options[:hide_ignores], @options[:output])
+      Reports::IssuesReport.new(plugin_directory, printer).print
+    end
+
+    private def error_printer
+      @error_printer ||= ErrorPrinter.new(@options[:output])
+    end
+
+    private def output_error_list_to_file(plugin_directory)
+      error_list_file = @options[:error_list_file]
+      fail(IOError, IOError.message(error_list_file.class)) unless error_list_file.respond_to?(:puts)
+
+      printer = IssuesPrinterFactory.create_printer(:error_list, @options[:hide_ignores], error_list_file)
+      Reports::IssuesReport.new(plugin_directory, printer).print
+    end
+  end
+end

data/lib/pluginscan/error.rb

@@ -0,0 +1,9 @@
+module Pluginscan
+  class Error < StandardError; end
+  class UnknownIssuesFormat < Error; end
+  class IOError < Error
+    def self.message(file_class)
+      "Expected error_list_file to be an I/O object (e.g. a file) which implements `puts`. Got a #{file_class}"
+    end
+  end
+end

data/lib/pluginscan/error_printer.rb

@@ -0,0 +1,17 @@
+require 'pluginscan/printer'
+
+module Pluginscan
+  class ErrorPrinter < Printer
+    def print(error)
+      print_error_line(error)
+      print_blank_line
+    end
+
+  private
+
+    def print_error_line(error)
+      label = "[ERROR]".color(:red)
+      @output.puts "#{label} #{error}"
+    end
+  end
+end

data/lib/pluginscan/file_finder.rb

@@ -0,0 +1,42 @@
+require 'find'
+
+module Pluginscan
+  # Responsible for searching through a directory for php files, and counting the total files
+  class FileFinder
+    def initialize(directory)
+      @directory = directory
+    end
+
+    def count
+      found_files.count
+    end
+
+    def php_files
+      found_files.php_files
+    end
+
+  private
+
+    def found_files
+      @found_files ||= find_files
+    end
+
+    def find_files
+      found_files = FoundFiles.new
+
+      Find.find @directory do |file|
+        found_files.count += 1 unless Dir.exist?(file) # Skip directories
+        found_files.php_files << file if file =~ /\.php$/
+      end
+
+      found_files
+    end
+
+    FoundFiles = Struct.new(:php_files, :count) do
+      def initialize
+        self.php_files = []
+        self.count = 0
+      end
+    end
+  end
+end

data/lib/pluginscan/printer.rb

@@ -0,0 +1,14 @@
+require 'rainbow'
+require 'rainbow/ext/string'
+
+module Pluginscan
+  class Printer
+    def initialize(output = $stdout)
+      @output = output
+    end
+
+    def print_blank_line
+      @output.puts ""
+    end
+  end
+end

data/lib/pluginscan/reports/cloc_report.rb

@@ -0,0 +1,27 @@
+require 'pluginscan/reports/cloc_report/cloc'
+require 'pluginscan/reports/cloc_report/system_cloc'
+require 'pluginscan/reports/cloc_report/cloc_scanner'
+require 'pluginscan/reports/cloc_report/cloc_printer'
+require 'pluginscan/error_printer'
+
+module Pluginscan
+  module Reports
+    module CLOCReport
+      def self.print(plugin_directory, printer, error_printer)
+        cloc = CLOCScanner.new.scan(plugin_directory)
+        printer.print(cloc)
+
+      rescue CLOCScanner::Unavailable
+        error_printer.print("The 'cloc' command is unavailable. Is it installed and in your path?")
+      rescue CLOCScanner::Exception => e
+        error_printer.print("An error occurred while calculating the sloccount with CLOC:\n          #{e.message}")
+      rescue StandardError => e
+        # We don't want an error with CLOC to interrupt the rest of pluginscan
+        # TODO: not sure this is sensible
+        error_printer.print("An error occurred while calculating the sloccount with CLOC:\n          #{e.message}")
+      else
+        return true
+      end
+    end
+  end
+end

data/lib/pluginscan/reports/cloc_report/cloc.rb

@@ -0,0 +1,21 @@
+class CLOC
+  class CSVError < StandardError; end
+
+  def initialize(cloc_csv)
+    fail "Not a CSV: #{cloc_csv}" unless cloc_csv.is_a? CSV::Table
+    @cloc_csv = cloc_csv
+  end
+
+  def language_counts
+    @cloc_csv.map { |row|
+      next if row.empty?
+      language    = row["language"]
+      sloc        = Integer(row["code"])
+      file_count  = Integer(row["files"])
+      LanguageCount.new(language, sloc, file_count)
+    }.compact
+  end
+
+  LanguageCount = Struct.new(:language, :sloc, :file_count)
+end
+

data/lib/pluginscan/reports/cloc_report/cloc_printer.rb

@@ -0,0 +1,42 @@
+require 'pluginscan/printer'
+
+module Pluginscan
+  class CLOCPrinter < Printer
+    def print(cloc)
+      print_headline
+      print_results(cloc)
+      print_blank_line
+    end
+
+  private
+
+    def print_headline
+      @output.puts "SLOC counts from the 'CLOC' tool:".color(:blue)
+    end
+
+    def print_results(cloc)
+      print_no_result if cloc.language_counts.empty?
+
+      cloc.language_counts.each{ |language_count| print_result language_count }
+    end
+
+    def print_result(language_count)
+      data = {
+        language:   language_count.language.color(:green),
+        sloc:       language_count.sloc.to_s.color(:red),
+        file_count: language_count.file_count,
+      }
+      # Field widths need to account for the colouring characters: 9 of them in total
+      # e.g. for red this is \e[31m at the beginning and \e[0m at the end,
+      # with \e counting as one character:
+      #   pad sloc     to 5  (+9 = 14)
+      #   pad language to 12 (+9 = 21)
+      @output.puts format("  %<language>-21s %<sloc>14s lines across %<file_count>2d files\n", data)
+    end
+
+    def print_no_result
+      sadface = ":(".color(:red)
+      @output.puts "  CLOC didn't find any code #{sadface}"
+    end
+  end
+end

data/lib/pluginscan/reports/cloc_report/cloc_scanner.rb

@@ -0,0 +1,41 @@
+require 'csv'
+
+# Responsible for running the `cloc` system command and handling any resulting errors
+class CLOCScanner
+  class Exception < StandardError; end
+  class ArgumentError < RuntimeError; end
+  class Unavailable < RuntimeError; end
+  class NoDirectory < RuntimeError; end
+  class CSVError < RuntimeError; end
+
+  def initialize(system_cloc = SystemCloc.new)
+    @system_cloc = system_cloc
+  end
+
+  def scan(directory)
+    fail ArgumentError, "directory must must be a string (or quack like a string)" unless directory.respond_to?(:to_str)
+    fail Unavailable, "The 'cloc' command is unavailable. Is it installed and in your path?" unless cloc_available?
+    fail NoDirectory, "No such directory: '#{directory}'" unless Dir.exist?(directory)
+
+    result, status = @system_cloc.call(directory)
+
+    if status.success?
+      CLOC.new(cloc_csv(result))
+    else
+      raise Exception, "CLOC raised an error we didn't recognise. Here's the output:\n#{result}"
+    end
+  end
+
+  private
+
+  def cloc_csv(cloc_result)
+    CSV.parse(cloc_result.lstrip, headers: true)
+  rescue CSV::MalformedCSVError => e
+    raise CSVError, "The CSV generated by CLOC was malformed: #{e}"
+  end
+
+  def cloc_available?
+    _result, status = @system_cloc.which
+    status.success?
+  end
+end

data/lib/pluginscan/reports/cloc_report/system_cloc.rb

@@ -0,0 +1,33 @@
+# A thin wrapper around the `cloc` system call
+# The CLOC project is at http://cloc.sourceforge.net/ and can be installed on OSX using homebrew:
+#     brew install cloc
+#
+# DANGER: not covered by tests
+class SystemCloc
+  def initialize(command_name = 'cloc')
+    @command_name = command_name
+  end
+
+  def which
+    # DANGER!!! calling system command
+    Open3.capture2("which #{@command_name}")
+  end
+
+  def call(directory)
+    # DANGER!!! calling system command
+    # Should be safe from injection because of the `Dir.exist?` check.
+    Open3.capture2("#{@command_name} --csv --quiet #{directory} 2> #{error_log_name}")
+  ensure
+    delete_empty_error_log
+  end
+
+  private
+
+  def error_log_name
+    "#{@command_name}_error.log"
+  end
+
+  def delete_empty_error_log
+    File.delete(error_log_name) if File.zero?(error_log_name)
+  end
+end

data/lib/pluginscan/reports/issues_report.rb

@@ -0,0 +1,24 @@
+require 'pluginscan/file_finder'
+require 'pluginscan/reports/issues_report/issues_scanner'
+require 'pluginscan/reports/issues_report/issue_checks'
+
+module Pluginscan
+  module Reports
+    class IssuesReport
+      def initialize(plugin_directory, printer = IssuesPrinter.new)
+        found_files = FileFinder.new(plugin_directory)
+        issues = IssuesScanner.new(THE_CHECKS).scan(found_files.php_files)
+        @data = {
+          issues: issues,
+          file_count: found_files.count,
+        }
+        @printer = printer
+      end
+
+      def print
+        @printer.print(@data)
+        true
+      end
+    end
+  end
+end

data/lib/pluginscan/reports/issues_report/error_list_printer.rb

@@ -0,0 +1,99 @@
+module Pluginscan
+  class ErrorListPrinter < Printer
+    def initialize(hide_ignores = false, output = $stdout)
+      @hide_ignores = hide_ignores
+      @output = output
+      @line_printer = ErrorLinePrinter.new
+    end
+
+    def print(data)
+      issues = data[:issues]
+      @output.puts error_lines(issues)
+    end
+
+    # TODO: this should be the print method; return an array of lines, and let the caller be responsible for outputting it
+    def error_lines(issues)
+      issues.inject([]) do |output, (file, file_findings)|
+        output + file_error_lines(file, file_findings)
+      end
+    end
+
+    private def file_error_lines(file, file_findings)
+      file_findings.inject([]) do |checks_output, check_findings|
+        checks_output + check_output(file, check_findings.check, check_findings.findings)
+      end
+    end
+
+    private def check_output(file, check, findings)
+      findings.reject!(&:ignored) if @hide_ignores
+      findings.map do |finding|
+        error_line = ErrorLineFactory.build(file, check.name, finding)
+        @line_printer.print(error_line)
+      end
+    end
+  end
+
+  class ErrorLinePrinter
+    def print(el)
+      "\"#{el.file}\", line #{el.line_number}, col #{el.column_number}: #{el.message}"
+    end
+  end
+
+  # This is almost like a view model: exposes methods for use in a template
+  class ErrorLine
+    attr_reader :file
+
+    def initialize(file, check_name, finding)
+      @file         = file
+      @check_name   = check_name
+      @finding      = PrintableFinding.new(finding)
+    end
+
+    def line_number
+      # TODO: why is the original called lineno?? That's a rubbish name!
+      @finding.lineno
+    end
+
+    def column_number
+      @finding.col_number
+    end
+
+    def message
+      "[#{@check_name}] #{@finding.line}"
+    end
+  end
+
+  class IgnoredErrorLine < ErrorLine
+    # TODO: would decoration be better here?
+    def message
+      super.sub("]", "][IGNORE]")
+    end
+  end
+
+  class ErrorLineFactory
+    def self.build(file, check_name, finding)
+      klass(finding.ignored).new(file, check_name, finding)
+    end
+
+    def self.klass(ignored)
+      ignored ? IgnoredErrorLine : ErrorLine
+    end
+  end
+
+  class PrintableFinding < SimpleDelegator
+    def col_number
+      # Seems like vim treats tabs as single spaces for the purposes of calculating columns - at least on my setup
+      # so we don't need to expand the tabs
+      __getobj__.line.index(match) + 1
+    end
+
+    def line
+      escape_special_chars(__getobj__.line.strip)
+    end
+
+    private def escape_special_chars(string)
+      # Vim interprets `:` as a delimiter
+      string.gsub(":", '\:')
+    end
+  end
+end