pluginscan 0.9.0

data/spec/file_creator_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+require 'file_creator'
+
+RSpec.describe FileCreator do
+  describe '#create' do
+    subject(:create) { FileCreator.new.create(file_name) }
+    let(:file_name) { "pluginscan.scan" }
+
+    it 'tries to create a file with the given name' do
+      allow(File).to receive(:new)
+      create
+      expect(File).to have_received(:new).with(file_name, 'w')
+    end
+
+    it 'returns the file if it successfully created it' do
+      file = double(File)
+      allow(File).to receive(:new).and_return file
+      expect(create).to eq file
+    end
+
+    context 'if the filename is not a writeable location' do
+      before { allow(File).to receive(:new).and_raise(Errno::EACCES) }
+      it 'raises an error' do
+        expect{ create }.to raise_error(FileCreator::Error, "You do not have permission to write to that location (#{file_name})")
+      end
+      # Real example:
+      # File.new('/etc/foo', 'w')
+      # => Errno::EACCES: Permission denied @ rb_sysopen - /etc/foo
+    end
+
+    context 'if the filename is a directory name' do
+      before { allow(File).to receive(:new).and_raise(Errno::EISDIR) }
+      it 'raises an error' do
+        expect{ create }.to raise_error(FileCreator::Error, "File name is a directory (#{file_name})")
+      end
+      # Real example:
+      # File.new("/", 'w')
+      # => Errno::EISDIR: Is a directory @ rb_sysopen - /
+    end
+
+    context 'if the filename is in a directory which does not exist' do
+      before { allow(File).to receive(:new).and_raise(Errno::ENOTDIR) }
+      it 'raises an error' do
+        expect{ create }.to raise_error(FileCreator::Error, "File name refers to a directory which does not exist (#{file_name})")
+      end
+      # Real example:
+      # File.new("foo/bar", 'w')
+      # => Errno::ENOTDIR: Not a directory @ rb_sysopen - foo/bar
+    end
+  end
+end

data/spec/pluginscan/cloc_scanner/cloc_scanner_spec.rb

@@ -0,0 +1,64 @@
+require 'process_spec_helper'
+require 'support/heredoc_helper'
+
+RSpec.describe CLOCScanner, type: :process do
+  describe "#scan" do
+    it "returns a CLOC object when cloc is successful" do
+      stub_dir_exists
+      cloc_output = <<-EOS.heredoc_unindent
+        files,language,blank,comment,code,"github.com/AlDanial/cloc v 1.70  T=0.29 s (290.6 files/s, 66866.8 lines/s)"
+        20,PHP,4571,0,6641
+        2,JSON,0,0,1770
+        1,JavaScript,260,184,1263
+      EOS
+      system_cloc = fake_system_cloc(result: cloc_output, process_status: successful_process_status)
+      expect(CLOCScanner.new(system_cloc).scan("my_directory")).to be_a(CLOC)
+    end
+
+    # EXCEPTION HANDLING:
+    #####################
+
+    it "raises an error when no directory is passed" do
+      expect{ CLOCScanner.new(fake_system_cloc).scan(nil) }.to raise_error CLOCScanner::ArgumentError
+    end
+
+    it "raises an error when the directory doesn't exist" do
+      allow(Dir).to receive(:exist?).and_return false
+      expect{ CLOCScanner.new(fake_system_cloc).scan("my_directory") }.to raise_error CLOCScanner::NoDirectory
+    end
+
+    it "raises an error when cloc was not available" do
+      stub_dir_exists
+      system_cloc = fake_system_cloc(which_result: which_failure)
+      expect{ CLOCScanner.new(system_cloc).scan("my_directory") }.to raise_error CLOCScanner::Unavailable
+    end
+
+    it 'raises an error when cloc returns an unrecognised error' do
+      stub_dir_exists
+      system_cloc = fake_system_cloc(result: "Some nonsense", process_status: failed_process_status)
+      expect{ CLOCScanner.new(system_cloc).scan("my_directory") }.to raise_error CLOCScanner::Exception
+    end
+
+    it 'raises an error when the output could not be parsed' do
+      stub_dir_exists
+      cloc_output = <<-EOS.heredoc_unindent
+        files,language,blank,comment,code,"github.com/AlDanial/cloc v 1.70  T=0.29 s (290.6 files/s, 66866.8 lines/s)"
+        20",PHP,4571,0,6641
+      EOS
+      system_cloc = fake_system_cloc(result: cloc_output)
+      expect{ CLOCScanner.new(system_cloc).scan("my_directory") }.to raise_error CLOCScanner::CSVError
+    end
+
+    def fake_system_cloc(result: "foo", process_status: successful_process_status, which_result: which_success('cloc'))
+      instance_double(
+        SystemCloc,
+        call: [result, process_status],
+        which: which_result
+      )
+    end
+
+    def stub_dir_exists
+      allow(Dir).to receive(:exist?).and_return true
+    end
+  end
+end

data/spec/pluginscan/cloc_scanner/cloc_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+
+RSpec.describe CLOC do
+  describe ".language_counts" do
+    it "returns an empty array when there is no code" do
+      csv = CSV.parse("", headers: true)
+      expect(CLOC.new(csv).language_counts).to eq []
+    end
+
+    it "returns an array of language count objects" do
+      csv = CSV.parse(CLOC_CSV_OUTPUT.lstrip, headers: true)
+      cloc = CLOC.new(csv)
+      expect(cloc.language_counts[2].language).to eq "Ruby"
+      expect(cloc.language_counts[2].sloc).to eq 1119
+      expect(cloc.language_counts[2].file_count).to eq 30
+    end
+  end
+
+  # Output starts with a newline
+  CLOC_CSV_OUTPUT = <<-EOS
+
+    files,language,blank,comment,code,"http://cloc.sourceforge.net v 1.62  T=0.34 s (106.4 files/s, 28129.6 lines/s)"
+    1,HTML,2070,0,2734
+    1,Javascript,220,173,1166
+    30,Ruby,303,154,1119
+    2,JSON,0,0,758
+    1,CSS,80,70,649
+    1,YAML,7,0,17
+  EOS
+end

data/spec/pluginscan/file_finder_spec.rb

@@ -0,0 +1,91 @@
+require 'spec_helper'
+
+RSpec.describe Pluginscan::FileFinder, type: :file do
+  describe ".count" do
+    it "returns 0 when there are no files" do
+      setup_tempdir('tmp')
+
+      finder = Pluginscan::FileFinder.new('tmp')
+      expect(finder.count).to eq 0
+    end
+
+    it "returns 0 when there are only directories" do
+      setup_tempdir('tmp')
+      add_directory('tmp', 'foo')
+
+      finder = Pluginscan::FileFinder.new('tmp')
+      expect(finder.count).to eq 0
+    end
+
+    it "returns 3 when there are 3 files" do
+      setup_tempdir('tmp')
+      add_php_file('tmp')
+
+      add_directory('tmp', 'foo')
+      add_non_php_file('tmp/foo')
+
+      add_directory('tmp', 'foo/bar')
+      add_php_file('tmp/foo/bar')
+
+      finder = Pluginscan::FileFinder.new('tmp')
+      expect(finder.count).to eq 3
+    end
+
+    it "caches the value" do
+      setup_tempdir('tmp')
+      add_php_file('tmp')
+
+      finder = Pluginscan::FileFinder.new('tmp')
+      finder.count
+
+      setup_tempdir('tmp')
+
+      # We removed the file, but the result should stay the same:
+      expect(finder.count).to eq 1
+    end
+  end
+
+  describe ".php_files" do
+    it "returns [] when there are no files" do
+      setup_tempdir('tmp')
+
+      finder = Pluginscan::FileFinder.new('tmp')
+      expect(finder.php_files).to eq []
+    end
+
+    it "returns [] when there are only directories" do
+      setup_tempdir('tmp')
+      add_directory('tmp', 'foo')
+
+      finder = Pluginscan::FileFinder.new('tmp')
+      expect(finder.php_files).to eq []
+    end
+
+    it "returns two filenames when there are 2 php files" do
+      setup_tempdir('tmp')
+      php_file_name1 = add_php_file('tmp')
+
+      add_directory('tmp', 'foo')
+      add_non_php_file('tmp/foo')
+
+      add_directory('tmp', 'foo/bar')
+      php_file_name2 = add_php_file('tmp/foo/bar')
+
+      finder = Pluginscan::FileFinder.new('tmp')
+      expect(finder.php_files).to eq [php_file_name1, php_file_name2]
+    end
+
+    it "caches the result" do
+      setup_tempdir('tmp')
+      php_file_name = add_php_file('tmp')
+
+      finder = Pluginscan::FileFinder.new('tmp')
+      finder.php_files
+
+      setup_tempdir('tmp')
+
+      # We removed the file, but the result should stay the same:
+      expect(finder.php_files).to eq [php_file_name]
+    end
+  end
+end

data/spec/pluginscan/issues_scanner/check_findings_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+RSpec.describe Pluginscan::CheckFindings do
+  describe "count" do
+    subject(:check_findings) { Pluginscan::CheckFindings.new(check) }
+    let(:check) { double('Check') }
+
+    it "returns 0 when no issues were found" do
+      expect(check_findings.count).to eq 0
+    end
+
+    it "returns 3 when 3 issues were found" do
+      finding = double('Finding')
+      3.times do
+        check_findings.add [finding]
+      end
+
+      expect(check_findings.count).to eq 3
+    end
+  end
+end
+

data/spec/pluginscan/issues_scanner/error_list_printer_ignores_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+RSpec.describe Pluginscan::ErrorListPrinter do
+  describe "error_lines", "showing ignores" do
+    it 'marks lines as ignored where we think they are safe' do
+      check_double = Struct.new(:name)
+      check = check_double.new("Bad thing")
+      check_findings = Pluginscan::CheckFindings.new(check)
+      check_findings.add [Pluginscan::Finding.new(17, "  foo bar baz", "bar", true)]
+
+      issues = Pluginscan::Issues.new(
+        "./foo/bar.php" => [check_findings],
+      )
+
+      expect(Pluginscan::ErrorListPrinter.new.error_lines(issues)).to eq [
+        %("./foo/bar.php", line 17, col 7: [Bad thing][IGNORE] foo bar baz),
+      ]
+    end
+  end
+
+  describe "error_lines", "hiding ignores" do
+    it 'hide lines where we think they are safe' do
+      check_double = Struct.new(:name)
+      check = check_double.new("Bad thing")
+      check_findings = Pluginscan::CheckFindings.new(check)
+      check_findings.add [Pluginscan::Finding.new(17, "  foo bar baz", "bar", true)]
+
+      issues = Pluginscan::Issues.new(
+        "./foo/bar.php" => [check_findings],
+      )
+
+      expect(Pluginscan::ErrorListPrinter.new(true).error_lines(issues)).to be_empty
+    end
+  end
+end

data/spec/pluginscan/issues_scanner/error_list_printer_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+RSpec.describe Pluginscan::ErrorListPrinter do
+  describe "error_lines" do
+    it 'returns nothing when there are no issues' do
+      issues = Pluginscan::Issues.new({})
+      expect(Pluginscan::ErrorListPrinter.new.error_lines(issues)).to eq []
+    end
+
+    it 'returns an array of vim-compatible error lines when there were two issues in two different files' do
+      check1 = double(name: "Bad thing")
+      check_findings1 = Pluginscan::CheckFindings.new(check1)
+      check_findings1.add [Pluginscan::Finding.new(17, "  foo bar baz", "bar")]
+
+      check2 = double(name: "Other bad thing")
+      check_findings2 = Pluginscan::CheckFindings.new(check2)
+      check_findings2.add [Pluginscan::Finding.new(23, "\thaz qux qix", "qux")]
+
+      issues = Pluginscan::Issues.new(
+        "./foo/bar.php" => [check_findings1],
+        "./foo/bar/baz.php" => [],
+        "./foo/bar/qux.php" => [check_findings2],
+      )
+
+      expect(Pluginscan::ErrorListPrinter.new.error_lines(issues)).to eq [
+        %("./foo/bar.php", line 17, col 7: [Bad thing] foo bar baz),
+        %("./foo/bar/qux.php", line 23, col 6: [Other bad thing] haz qux qix), # looks like vim treats tabs as single spaces for the purposes of using columns
+      ]
+    end
+
+    it 'escapes colons (:) - these mess with the formatting' do
+      check = double(name: "Bad thing")
+      check_findings = Pluginscan::CheckFindings.new(check)
+      source_line = %($retrieved_stats = $wpdb->get_var("SELECT COUNT(*) FROM " . $wpdb->prefix . "mlw_results W    HERE (time_taken_real BETWEEN '".$stat_date." 00:00:00' AND '".$stat_end_date." 23:59:59') AND deleted=0");)
+      check_findings.add [Pluginscan::Finding.new(23, source_line, '$wpdb')]
+      issues = Pluginscan::Issues.new(
+        "./foo/bar.php" => [check_findings],
+      )
+      expect(Pluginscan::ErrorListPrinter.new.error_lines(issues).first).to include %q(00\:00\:00)
+    end
+  end
+end

data/spec/pluginscan/issues_scanner/file_issues_scanner_spec.rb

@@ -0,0 +1,25 @@
+require 'support/shared_examples_for_issue_checks'
+
+RSpec.describe Pluginscan::FileIssuesScanner do
+  before(:all) { @scanner = Pluginscan::FileIssuesScanner.new(Pluginscan::THE_CHECKS) }
+  let(:runner_run_results) { @scanner.scan(file_contents) }
+
+  describe 'run' do
+    context 'with an empty file' do
+      let(:file_contents) { "" }
+      it "finds no results" do
+        expect(runner_run_results).to eq []
+      end
+    end
+
+    describe "matches at the beginning of the line" do
+      # Artificial examples, but older versions of the `function list` helper
+      # would have failed to match these
+      it_behaves_like "matches lines containing", "$_POST",         %($_POST[$tagname] : '';)
+      it_behaves_like "matches lines containing", "$wpdb",          %($wpdb->prepare( " AND meta_value = %d", $old_id );)
+      it_behaves_like "matches lines containing", "wp_remote_post", %(wp_remote_post( $url, $req_args );)
+      it_behaves_like "matches lines containing", "glob",           %(glob( $directory_pattern );)
+      it_behaves_like "matches lines containing", "wp_unslash",     %(wp_unslash( $answer );)
+    end
+  end
+end

data/spec/pluginscan/issues_scanner/issues_printer_factory_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+RSpec.describe Pluginscan::IssuesPrinterFactory do
+  describe ".create_printer" do
+    it 'raises an error if it gets an unknown format' do
+      expect{ Pluginscan::IssuesPrinterFactory.create_printer(:foo) }.to raise_error(Pluginscan::UnknownIssuesFormat)
+    end
+  end
+end

data/spec/pluginscan/issues_scanner/issues_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+RSpec.describe Pluginscan::Issues do
+  def no_files_scanned
+    Pluginscan::Issues.new({})
+  end
+
+  def three_files_scanned_no_issues
+    files_findings = {
+      "a" => [],
+      "b" => [],
+      "c" => [],
+    }
+    Pluginscan::Issues.new(files_findings)
+  end
+
+
+  describe "scanned_files_count" do
+    it "returns 0 when no files were scanned" do
+      report = no_files_scanned
+      expect(report.scanned_files_count).to eq 0
+    end
+
+    it "returns 3 when 3 files were scanned" do
+      report = three_files_scanned_no_issues
+      expect(report.scanned_files_count).to eq 3
+    end
+  end
+
+  describe "found_problems_count" do
+    it "returns 0 when no files were scanned" do
+      report = no_files_scanned
+      expect(report.found_problems_count).to eq 0
+    end
+
+    it "returns 0 when no issues were found" do
+      report = three_files_scanned_no_issues
+      expect(report.found_problems_count).to eq 0
+    end
+
+    it "returns 6 when 6 issues were found" do
+      check_findings1 = double(count: 1)
+      check_findings2 = double(count: 3)
+      check_findings3 = double(count: 0)
+      check_findings4 = double(count: 2)
+      files_findings = {
+        "a" => [check_findings1, check_findings2],
+        "b" => [check_findings3],
+        "c" => [check_findings4],
+      }
+      report = Pluginscan::Issues.new(files_findings)
+      expect(report.found_problems_count).to eq 6
+    end
+  end
+end

data/spec/pluginscan/issues_scanner/variable_check_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+RSpec.describe Pluginscan::VariableCheck do
+  describe "#ignore?" do
+    it "returns true when there is 1 match and it is known to be safe" do
+      expect(described_class.new({}).ignore?("$_GET", "if ( isset( $_GET['action'] ) ) {")).to eq true
+    end
+
+    # it "returns false when there are 2 matches and only 1 is known safe" do
+    #   expect(described_class.match_count("$_POST", "$submitted = isset( $_POST[$tagname] ) ? $_POST[$tagname] : '';")).to eq 2
+    # end
+  end
+end