ruby_cop 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +6 -0
- data/Gemfile +4 -0
- data/README.md +44 -0
- data/Rakefile +3 -0
- data/lib/ruby_cop/gray_list.rb +26 -0
- data/lib/ruby_cop/node_builder.rb +521 -0
- data/lib/ruby_cop/policy.rb +354 -0
- data/lib/ruby_cop/ruby/args.rb +26 -0
- data/lib/ruby_cop/ruby/array.rb +13 -0
- data/lib/ruby_cop/ruby/assignment.rb +43 -0
- data/lib/ruby_cop/ruby/assoc.rb +13 -0
- data/lib/ruby_cop/ruby/blocks.rb +21 -0
- data/lib/ruby_cop/ruby/call.rb +31 -0
- data/lib/ruby_cop/ruby/case.rb +22 -0
- data/lib/ruby_cop/ruby/constants.rb +47 -0
- data/lib/ruby_cop/ruby/definitions.rb +25 -0
- data/lib/ruby_cop/ruby/for.rb +15 -0
- data/lib/ruby_cop/ruby/hash.rb +11 -0
- data/lib/ruby_cop/ruby/if.rb +31 -0
- data/lib/ruby_cop/ruby/list.rb +15 -0
- data/lib/ruby_cop/ruby/node.rb +9 -0
- data/lib/ruby_cop/ruby/operators.rb +52 -0
- data/lib/ruby_cop/ruby/params.rb +21 -0
- data/lib/ruby_cop/ruby/position.rb +13 -0
- data/lib/ruby_cop/ruby/range.rb +15 -0
- data/lib/ruby_cop/ruby/statements.rb +32 -0
- data/lib/ruby_cop/ruby/string.rb +24 -0
- data/lib/ruby_cop/ruby/tokens.rb +44 -0
- data/lib/ruby_cop/ruby/variables.rb +24 -0
- data/lib/ruby_cop/ruby/version.rb +3 -0
- data/lib/ruby_cop/ruby/while.rb +27 -0
- data/lib/ruby_cop/ruby.rb +23 -0
- data/lib/ruby_cop/version.rb +3 -0
- data/lib/ruby_cop.rb +10 -0
- data/ruby_cop.gemspec +25 -0
- data/spec/analyzer/node_builder_spec.rb +374 -0
- data/spec/analyzer/policy_spec.rb +406 -0
- data/spec/spec_helper.rb +13 -0
- data/tasks/rspec.rake +8 -0
- data/tasks/yard.rake +2 -0
- metadata +123 -0
@@ -0,0 +1,406 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe RubyCop::Policy do
|
4
|
+
let(:policy) { described_class.new }
|
5
|
+
subject { policy }
|
6
|
+
|
7
|
+
RSpec::Matchers.define(:allow) do |ruby|
|
8
|
+
match { |policy| RubyCop::NodeBuilder.build(ruby).accept(policy) }
|
9
|
+
end
|
10
|
+
|
11
|
+
context "assignment" do
|
12
|
+
context "class variables" do
|
13
|
+
it { should_not allow('@@x = 1') }
|
14
|
+
it { should_not allow('@@x ||= 1') }
|
15
|
+
it { should_not allow('@@x += 1') }
|
16
|
+
end
|
17
|
+
|
18
|
+
context "constants" do
|
19
|
+
it { should allow('Foo = 1') }
|
20
|
+
it { should allow('Foo::Bar = 1') }
|
21
|
+
it { should allow('::Bar = 1') }
|
22
|
+
|
23
|
+
it { should_not allow('Foo = Kernel') }
|
24
|
+
it { should_not allow('Foo = ::Kernel') }
|
25
|
+
it { should_not allow('Foo = Object::Kernel') }
|
26
|
+
end
|
27
|
+
|
28
|
+
context "globals" do
|
29
|
+
it { should_not allow('$x = 1') }
|
30
|
+
it { should_not allow('$x ||= 1') }
|
31
|
+
it { should_not allow('$x += 1') }
|
32
|
+
end
|
33
|
+
|
34
|
+
context "instance variables" do
|
35
|
+
it { should allow('@x = 1') }
|
36
|
+
it { should allow('@x += 1') }
|
37
|
+
it { should_not allow('@x = $x') }
|
38
|
+
it { should_not allow('@x = @@x') }
|
39
|
+
end
|
40
|
+
|
41
|
+
context "locals" do
|
42
|
+
it { should allow('x = 1') }
|
43
|
+
it { should allow('x ||= 1') }
|
44
|
+
it { should allow('x += 1') }
|
45
|
+
it { should_not allow('x = $x') }
|
46
|
+
it { should_not allow('x = @@x') }
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
context "begin/rescue/ensure" do
|
51
|
+
it { should allow('begin; x; rescue; end') }
|
52
|
+
it { should allow('x rescue 1') }
|
53
|
+
|
54
|
+
it { should_not allow('begin; `ls`; rescue; x; end') }
|
55
|
+
it { should_not allow('begin; x; rescue; `ls`; end') }
|
56
|
+
it { should_not allow('begin; x; rescue; 1; ensure `ls`; end') }
|
57
|
+
it { should_not allow('`ls` rescue 1') }
|
58
|
+
it { should_not allow('x rescue `ls`') }
|
59
|
+
it { should_not allow('begin; x; rescue (`ls`; RuntimeError) => err; end') }
|
60
|
+
end
|
61
|
+
|
62
|
+
context "blocks" do
|
63
|
+
it { should_not allow('->(a = $x) { }') }
|
64
|
+
it { should_not allow('->(a) { $x }') }
|
65
|
+
it { should_not allow('lambda { $x }') }
|
66
|
+
it { should_not allow('proc { $x }') }
|
67
|
+
end
|
68
|
+
|
69
|
+
context "calls" do
|
70
|
+
it { should allow('foo { 1 }') }
|
71
|
+
it { should_not allow('foo { $x }') }
|
72
|
+
|
73
|
+
context "blacklist" do
|
74
|
+
# This is a tricky case where we want to allow methods like
|
75
|
+
# Enumerable#select, but not Kernel#select / IO#select.
|
76
|
+
it { should allow('[1, 2, 3].select { |x| x.odd? }') }
|
77
|
+
it { pending('Kernel#select') { should_not allow('select([$stdin], nil, nil, 1.5)') } }
|
78
|
+
|
79
|
+
# TODO: these are a possible concern because symbols are not GC'ed and
|
80
|
+
# an attacker could create a large number of them to eat up memory. If
|
81
|
+
# these methods are blacklisted, then dyna-symbols (:"foo#{x}") need to
|
82
|
+
# be restricted as well.
|
83
|
+
it { should allow('"abc".intern') }
|
84
|
+
it { should allow('"abc".to_sym') }
|
85
|
+
|
86
|
+
it { should_not allow('abort("fail")') }
|
87
|
+
it { should_not allow('alias :foo :bar') }
|
88
|
+
it { should_not allow('alias foo bar') }
|
89
|
+
it { should_not allow('alias_method(:foo, :bar)') }
|
90
|
+
it { should_not allow('at_exit { puts "Bye!" }')}
|
91
|
+
it { should_not allow('autoload(:Foo, "foo")') }
|
92
|
+
it { should_not allow('binding') }
|
93
|
+
it { should_not allow('binding()') }
|
94
|
+
it { should_not allow('callcc { |cont| }') }
|
95
|
+
it { should_not allow('caller') }
|
96
|
+
it { should_not allow('caller()') }
|
97
|
+
it { should_not allow('caller(1)') }
|
98
|
+
it { should_not allow('class_eval("$x = 1")') }
|
99
|
+
it { should_not allow('const_get(:Kernel)') }
|
100
|
+
it { should_not allow('const_set(:Foo, ::Kernel)') }
|
101
|
+
it { should_not allow('eval("`ls`")') }
|
102
|
+
it { should_not allow('exec("ls")') }
|
103
|
+
it { should_not allow('exit') }
|
104
|
+
it { should_not allow('exit()') }
|
105
|
+
it { should_not allow('fail') }
|
106
|
+
it { should_not allow('fail("failed")') }
|
107
|
+
it { should_not allow('fail()') }
|
108
|
+
it { should_not allow('fork { }') }
|
109
|
+
it { should_not allow('fork') }
|
110
|
+
it { should_not allow('fork()') }
|
111
|
+
it { should_not allow('gets') }
|
112
|
+
it { should_not allow('gets()') }
|
113
|
+
it { should_not allow('global_variables') }
|
114
|
+
it { should_not allow('global_variables()') }
|
115
|
+
it { should_not allow('load("foo")') }
|
116
|
+
it { should_not allow('loop { }') }
|
117
|
+
it { should_not allow('method(:eval)') }
|
118
|
+
it { should_not allow('module_eval("`ls`")') }
|
119
|
+
it { should_not allow('open("/etc/passwd")') }
|
120
|
+
it { should_not allow('readline') }
|
121
|
+
it { should_not allow('readline()') }
|
122
|
+
it { should_not allow('readlines') }
|
123
|
+
it { should_not allow('readlines()') }
|
124
|
+
it { should_not allow('redo') }
|
125
|
+
it { should_not allow('remove_const(:Kernel)') }
|
126
|
+
it { should_not allow('require("digest/md5")') }
|
127
|
+
it { should_not allow('send(:eval, "`ls`")') }
|
128
|
+
it { should_not allow('set_trace_func(proc { |event,file,line,id,binding,classname| })') }
|
129
|
+
it { should_not allow('sleep(100**100)') }
|
130
|
+
it { should_not allow('spawn("ls", :chdir => "/")') }
|
131
|
+
it { should_not allow('srand') }
|
132
|
+
it { should_not allow('srand()') }
|
133
|
+
it { should_not allow('srand(1)') }
|
134
|
+
it { should_not allow('syscall(4, 1, "hello\n", 6)') }
|
135
|
+
it { should_not allow('system("ls")') }
|
136
|
+
it { should_not allow('trap("EXIT") { }') }
|
137
|
+
it { should_not allow('undef :raise') }
|
138
|
+
it { should_not allow('undef raise') }
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
142
|
+
context "case" do
|
143
|
+
it { should allow('case x; when 1; 2; end') }
|
144
|
+
|
145
|
+
it { should_not allow('case $x; when 1; 2; end') }
|
146
|
+
it { should_not allow('case $x = 1; when 1; 2; end') }
|
147
|
+
it { should_not allow('case x; when $x; 2; end') }
|
148
|
+
it { should_not allow('case x; when 1; $x; end') }
|
149
|
+
end
|
150
|
+
|
151
|
+
context "class / module definition" do
|
152
|
+
it { should allow("class Foo\nend") }
|
153
|
+
it { should allow("class Foo::Bar\nend") }
|
154
|
+
|
155
|
+
it { should allow("module Foo\nend") }
|
156
|
+
it { should allow("module Foo::Bar\nend") }
|
157
|
+
it { should_not allow("module Kernel\nend") }
|
158
|
+
it { should_not allow("module ::Kernel\nend") }
|
159
|
+
end
|
160
|
+
|
161
|
+
context "defined?" do
|
162
|
+
it { should_not allow('defined?(Kernel)') }
|
163
|
+
end
|
164
|
+
|
165
|
+
context "dynamic strings" do
|
166
|
+
it { should_not allow('"abc#{`ls`}"') }
|
167
|
+
it { should_not allow('"#{`ls`}abc"') }
|
168
|
+
it { should_not allow('"#$0"') }
|
169
|
+
end
|
170
|
+
|
171
|
+
context "dynamic symbols" do
|
172
|
+
it { should_not allow(':"abc#{`ls`}"') }
|
173
|
+
it { should_not allow(':"#{`ls`}abc"') }
|
174
|
+
end
|
175
|
+
|
176
|
+
context "for" do
|
177
|
+
it { should_not allow('for i in ENV; puts i; end') }
|
178
|
+
it { should_not allow('for $x in [1, 2, 3]; puts $x; end') }
|
179
|
+
end
|
180
|
+
|
181
|
+
context "if/elsif/else" do
|
182
|
+
it { should allow('x if true') }
|
183
|
+
|
184
|
+
it { should_not allow('$x ? 1 : 2') }
|
185
|
+
it { should_not allow('true ? $x : 2') }
|
186
|
+
it { should_not allow('true ? 1 : $x') }
|
187
|
+
it { should_not allow('if $x; 1; end') }
|
188
|
+
it { should_not allow('if true; $x; end') }
|
189
|
+
it { should_not allow('$x if true') }
|
190
|
+
it { should_not allow('true if $x') }
|
191
|
+
it { should_not allow('if $x; 1; else 2; end') }
|
192
|
+
it { should_not allow('if 1; $x; else 2; end') }
|
193
|
+
it { should_not allow('if 1; 1; else $x; end') }
|
194
|
+
it { should_not allow('if 1; 1; elsif 2; 2; else $x; end') }
|
195
|
+
end
|
196
|
+
|
197
|
+
context "literals" do
|
198
|
+
it { should allow('"abc"') }
|
199
|
+
it { should allow('/abc/') }
|
200
|
+
it { should allow('1') }
|
201
|
+
it { should allow('1..2') }
|
202
|
+
it { should allow('1.2') }
|
203
|
+
it { should allow('false') }
|
204
|
+
it { should allow('nil') }
|
205
|
+
it { should allow('true') }
|
206
|
+
it { should allow('[]') }
|
207
|
+
it { should allow('[1,2,3]') }
|
208
|
+
it { should allow('%w[ a b c ]') }
|
209
|
+
it { should allow('{}') }
|
210
|
+
it { should allow('{1 => 2}') }
|
211
|
+
end
|
212
|
+
|
213
|
+
context "magic variables" do
|
214
|
+
it { should_not allow('__callee__') }
|
215
|
+
it { should_not allow('__FILE__') }
|
216
|
+
it { should_not allow('__method__') }
|
217
|
+
end
|
218
|
+
|
219
|
+
context "methods" do
|
220
|
+
it { should allow('def initialize(attributes={}); end') }
|
221
|
+
end
|
222
|
+
|
223
|
+
context "singleton class" do
|
224
|
+
it { should_not allow('class << Kernel; end') }
|
225
|
+
it { should_not allow('class << Kernel; `ls`; end') }
|
226
|
+
end
|
227
|
+
|
228
|
+
context "super" do
|
229
|
+
it { should allow('super') }
|
230
|
+
it { should allow('super()') }
|
231
|
+
it { should allow('super(1)') }
|
232
|
+
it { should_not allow('super($x)') }
|
233
|
+
end
|
234
|
+
|
235
|
+
context "system" do
|
236
|
+
it { should_not allow('`ls`') }
|
237
|
+
it { should_not allow('%x[ls]') }
|
238
|
+
it { should_not allow('system("ls")') }
|
239
|
+
end
|
240
|
+
|
241
|
+
context "unless" do
|
242
|
+
it { should_not allow('unless $x; 1; end') }
|
243
|
+
it { should_not allow('unless true; $x; end') }
|
244
|
+
it { should_not allow('$x unless true') }
|
245
|
+
it { should_not allow('true unless $x') }
|
246
|
+
it { should_not allow('unless $x; 1; else 2; end') }
|
247
|
+
it { should_not allow('unless 1; $x; else 2; end') }
|
248
|
+
it { should_not allow('unless 1; 1; else $x; end') }
|
249
|
+
end
|
250
|
+
|
251
|
+
context "until" do
|
252
|
+
it { should_not allow('true until false') }
|
253
|
+
end
|
254
|
+
|
255
|
+
context "while" do
|
256
|
+
it { should_not allow('true while true') }
|
257
|
+
end
|
258
|
+
|
259
|
+
context "yield" do
|
260
|
+
it { should allow('def foo; yield; end') }
|
261
|
+
end
|
262
|
+
|
263
|
+
context "Rails for Zombies" do
|
264
|
+
before(:each) do
|
265
|
+
policy.whitelist_const('GenericController')
|
266
|
+
policy.whitelist_const('Tweet')
|
267
|
+
policy.whitelist_const('Weapon')
|
268
|
+
policy.whitelist_const('Zombie')
|
269
|
+
policy.whitelist_const('ZombiesController')
|
270
|
+
end
|
271
|
+
|
272
|
+
[
|
273
|
+
"1 = Ash\nAsh = Glen Haven Memorial Cemetary",
|
274
|
+
"<% zombies = Zombie.all %>\n\n<ul>\n <% zombies.each do |zombie| %>\n <li>\n <%= zombie.name %>\n <% if zombie.Tweet >= 1 %>\n <p><%= SMART ZOMBIE =%></p>\n <% end %>\n </li>\n <% end %>\n</ul>\n",
|
275
|
+
"class HelloRils",
|
276
|
+
"Class NAme\n\nend",
|
277
|
+
"class tweet < ActiveRecord::Base\n belongs_to :zombie \n z = zombie.find(2)\nend",
|
278
|
+
"class zombie < ActiveRecord :: Base\n\nend\n",
|
279
|
+
"Class Zombie < ActiveRecord::Base\n validates_presence_of :name\nend",
|
280
|
+
"Class Zombie < ActiveRecord::Base\nend",
|
281
|
+
"Class Zombie < ActiveRecord::Base\nvalidates_presence_of :status\nvalidates_presence_of :ww\nend",
|
282
|
+
"Class Zombie < ActiveRecord::Base{\ndef name\ndef graveyard\n\n}\n",
|
283
|
+
"class zombie < ActiveRecord\nend class",
|
284
|
+
"Class Zombie <ActiveRecord :: Base\n\nend\n\n\n",
|
285
|
+
"Class Zombie <ActiveRecord::Base>\nvalidates_presence_of\nend",
|
286
|
+
"class.load(Zombie)",
|
287
|
+
"Poop = Zombie.find(:id=1)",
|
288
|
+
"SELECT * WHERE ID = 1;",
|
289
|
+
"String myNewZombie = select name from Zombies where id=1",
|
290
|
+
"w = Weapon.find(1)\nZombie.create( :Weapon => \"Hammer\", Zombie => 1)\nend\n",
|
291
|
+
"Zodfsdsfdsdfsz=Zombies.find()1\n"
|
292
|
+
].each do |error|
|
293
|
+
it "raises SyntaxError on #{error.inspect}" do
|
294
|
+
expect { RubyCop::NodeBuilder.build(error) }.to raise_error(SyntaxError)
|
295
|
+
end
|
296
|
+
end
|
297
|
+
|
298
|
+
[
|
299
|
+
"1\nZombie = 1\n",
|
300
|
+
"A = t.find(1)\n\n\n\n",
|
301
|
+
"Ash = 1\n",
|
302
|
+
"Ash = 1\n\n",
|
303
|
+
"Ash = Weapons.find.zombie_id(1)",
|
304
|
+
"Ash = Zombie.find(1)\nAsh.weapons.count",
|
305
|
+
"class Com\n\nhasmany dog\n\nend",
|
306
|
+
"class Finder < Tweet\n z = Tweet.find(1)\nend",
|
307
|
+
"class Post < ActiveRecord::Base\nend",
|
308
|
+
"class Weapons < ActiveRecord::Base\n belongs_to :Zombies\nend\n\nclass Zombies < ActiveRecord::Base\n has_many :Weapons\nend",
|
309
|
+
"Class Zombie < ActiveRecord::Base\n\nEnd",
|
310
|
+
"class Zombie < Rails::ActiveModel\n \nend",
|
311
|
+
"Class Zombie {\n validates :name, :presence => true\n}",
|
312
|
+
"Class Zombies < ActiveRecord::Base\nEnd",
|
313
|
+
"class ZombiesController < ApplicationController\n before_filter :find_zombie, :only => [:show]\n\n def show\n render :action => :show\n end\n\n def find_zombie\n @zombie = Zombie.find params[:id]\n @numTweets = Tweet.where(:zombie_id => @zombie).count\n if @numTweets < 1 \n redirect_to(zombies_path)\n end\n end\nend\n",
|
314
|
+
"class Zomvie <ActiveRecord::Base\nhas_many:Zombies\nend\n",
|
315
|
+
"class Zoombie < ActiveRecord::Base\nend\nz = Zoombie.last",
|
316
|
+
"class Zoombie\nend\nZoombie.create(:name => \"Jim\", :graveyard=> \"My Fathers Basement\")",
|
317
|
+
"cuntZombie=Zombies[1];",
|
318
|
+
"def create\n @newZombie = Zombie.create( :name => params[:name], :graveyard => params[:graveyard] )\n \n render action => :create\nend\n",
|
319
|
+
"Destroy Zombie where ID = 3",
|
320
|
+
"Find.Tweet.id = (1)\nZombie = Tweet.id",
|
321
|
+
"firstZombie = Zombies[id '1']\n",
|
322
|
+
"First_user = initialuser\n",
|
323
|
+
"Hash tag + lik",
|
324
|
+
"Hold = Tweets.find 1",
|
325
|
+
"jh = new Zombie()\njh.name = \"JHDI\"\njh.graveYard = \"JHDI cemetary\"\njh.save",
|
326
|
+
"Location = puts graveyard.Ash",
|
327
|
+
"newZombie = Zombie.new\nnewZombie.name = \"Craig\"\nnewZombie.graveyard = \"my cube\"\nnewZombie.save",
|
328
|
+
"newZombie = Zombie.new\nnewZombie['name'] = \"Renan\"\nnewZombie['graveyard'] = \"Lavras Cemetary\"\nnewZombie.save\n",
|
329
|
+
"newZombie = Zombies.new\nnewZombie.id = 4\nnewZombie.name = \"Arek\"\nnewZombie.graveyard = \"Centralny cmentarz komunalny\"\nnewZombie.save",
|
330
|
+
"newZombie=Zombie.new {}\nnewZombie.name = \"Manish\"\nnewZombie.graveyard = \"Shillong Bastards Cemetary\"",
|
331
|
+
"numeroUno = Zombie(1).name;\n",
|
332
|
+
"splatid = id.find(1)\nsplatName = splatid[:name]",
|
333
|
+
"t = new Tweet();\nminTweet == t.find(3);",
|
334
|
+
"t = Tweet.find(1)\nZombie = t.id",
|
335
|
+
"T = Zombie.find(3)\nT.graveyard = 'Benny Hills Memorial'\nT.save",
|
336
|
+
"t = Zombie.find(3)\nt.Zombie = \"Benny Hills Memorial\"\nt.save\n",
|
337
|
+
"T = Zombie.where(1)\nputs t.name\n",
|
338
|
+
"t= \nt.Name=\"Hello\"\nt.Graveyard=\"yes\"\nt.save",
|
339
|
+
"t=Zombie.find(3)\nt.Zombie = \"pucho\"",
|
340
|
+
"T=Zombie[1]\n",
|
341
|
+
"Ticket = Tweet.find(1)",
|
342
|
+
"Tweet = new Tweet;\na = Tweet.find(1);\n",
|
343
|
+
"Tweet = new Tweet\nt = Tweet.where(:id => 1)\n",
|
344
|
+
"Tweet = t\nt.zombie = 1",
|
345
|
+
"Tweet.find(1)\nZombie1 = tweet(1)",
|
346
|
+
"Tweet=id1\n",
|
347
|
+
"UPDATE Zombies\nSET name='vijay',graveyard='Ahmedabad'\nWhere Id='2';\n",
|
348
|
+
"w = Weapon.create(:name => \"Punto\", :Zombie => z)\nash = Zombie.find(1)",
|
349
|
+
"z = ID=1",
|
350
|
+
"Z = Zombie.find(1)\n",
|
351
|
+
"z = Zombie.find(1)\nWeapon.where( :Zombie => z )",
|
352
|
+
"z = Zombie.find(1)\nZombie1 = z.name",
|
353
|
+
"Z = Zombie.find(1)\n\n\n\n\n",
|
354
|
+
"Z = Zombie.find(3)",
|
355
|
+
"Z = zombie.id(1)",
|
356
|
+
"z = Zombie.new\nz.name = \"Charly\"\nz.Graveyard = \"EL carlos\"",
|
357
|
+
"Z=Zombie.new\nz.find(1)",
|
358
|
+
"Zombie = new Zombie",
|
359
|
+
"Zombie = Tweet.find(1)",
|
360
|
+
"Zombie = Zombie.find(Weapons.find(:zombie_id))",
|
361
|
+
"Zombie = Zombie.find[1]",
|
362
|
+
"Zombie = Zombies.find(1)",
|
363
|
+
"Zombie3=Zombie.find(3)\nZombie3.graveyard = \"Benny Hills Memorial\"\nZombie3.save",
|
364
|
+
"Zombies = '123456'",
|
365
|
+
"Zombies = id \nZombies.create( :name=>\"roger\" )",
|
366
|
+
"Zombies = Zombies.find(1)\nput Zombies",
|
367
|
+
"Zombies = {:Ash => \"Glen Haven mernorial Cemetary\"}\nvar = Zombies.find(1)\nvar.save\n\n",
|
368
|
+
"Zombies = {:name => [\"Ash\", \"Bob\", \"Jim\"], :graveyard => [\"Glen Haven Memorial Cemetary\",\"Chapel Hill Cemetary\",\"My Fathers Basement\"] }\na = z.find(1)",
|
369
|
+
"Zombies = {\n :id => 1 }\nt = zombie.find(1)",
|
370
|
+
"Zombies.find(1)\nputs Zombies.find(1)\nZ=Zombies.find(1)\nZ.lat=[:id]\nz.save\nz\n",
|
371
|
+
"zoombieID = table.find(1)\n",
|
372
|
+
'class << Zombie; self; end',
|
373
|
+
'myZombie = Tweet.find(1)',
|
374
|
+
'Zombie.create(:name => "Whoa. A Green String")',
|
375
|
+
'Zombie.create(name: "Fal", graveyard: "fail")',
|
376
|
+
].each do |good|
|
377
|
+
it "allows #{good.inspect}" do
|
378
|
+
should allow(good)
|
379
|
+
end
|
380
|
+
end
|
381
|
+
|
382
|
+
[
|
383
|
+
"Class",
|
384
|
+
"def show\n @zombie = Zombie.find(params[:id])\n\n respond_to do |format|\n `ls`\n end\nend\n",
|
385
|
+
"Module.delete(3)",
|
386
|
+
"Module.find(\"Ash\")",
|
387
|
+
"require 'tweet'\nt = Tweet.find(1)",
|
388
|
+
"require 'Tweet'\nTweet.find(2).name\n",
|
389
|
+
"require \"tempfile\"\nt = Zombies.new('Zombies')\nZombies.where(:id => 1)\nt.save",
|
390
|
+
"system('ls')",
|
391
|
+
"t = Zombies.open()",
|
392
|
+
"Tweet.find(1)\nDim var as String\nvar=Tweet.name",
|
393
|
+
"Zombie.load(1)\n\n",
|
394
|
+
"`echo 1`",
|
395
|
+
"`ls -l`",
|
396
|
+
"`ps ax`\n",
|
397
|
+
"`uname -a`",
|
398
|
+
'const_get',
|
399
|
+
'const_get()'
|
400
|
+
].each do |bad|
|
401
|
+
it "does not allow #{bad.inspect}" do
|
402
|
+
should_not allow(bad)
|
403
|
+
end
|
404
|
+
end
|
405
|
+
end
|
406
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
3
|
+
require "bundler/setup"
|
4
|
+
Bundler.require(:default, :test)
|
5
|
+
|
6
|
+
require 'ruby_cop'
|
7
|
+
|
8
|
+
# Requires supporting files with custom matchers and macros, etc,
|
9
|
+
# in ./support/ and its subdirectories.
|
10
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
11
|
+
|
12
|
+
RSpec.configure do |config|
|
13
|
+
end
|
data/tasks/rspec.rake
ADDED
data/tasks/yard.rake
ADDED
metadata
ADDED
@@ -0,0 +1,123 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ruby_cop
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Dray Lacy
|
9
|
+
- Eric Allam
|
10
|
+
autorequire:
|
11
|
+
bindir: bin
|
12
|
+
cert_chain: []
|
13
|
+
date: 2012-02-20 00:00:00.000000000Z
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: geminabox
|
17
|
+
requirement: &70324209695840 !ruby/object:Gem::Requirement
|
18
|
+
none: false
|
19
|
+
requirements:
|
20
|
+
- - ! '>='
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '0'
|
23
|
+
type: :development
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: *70324209695840
|
26
|
+
- !ruby/object:Gem::Dependency
|
27
|
+
name: rspec
|
28
|
+
requirement: &70324209695340 !ruby/object:Gem::Requirement
|
29
|
+
none: false
|
30
|
+
requirements:
|
31
|
+
- - ~>
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 2.3.0
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: *70324209695340
|
37
|
+
- !ruby/object:Gem::Dependency
|
38
|
+
name: yard
|
39
|
+
requirement: &70324209694920 !ruby/object:Gem::Requirement
|
40
|
+
none: false
|
41
|
+
requirements:
|
42
|
+
- - ! '>='
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
version: '0'
|
45
|
+
type: :development
|
46
|
+
prerelease: false
|
47
|
+
version_requirements: *70324209694920
|
48
|
+
description: Statically analyze Ruby and neutralize nefarious code
|
49
|
+
email:
|
50
|
+
- dray@envylabs.com
|
51
|
+
- eric@envylabs.com
|
52
|
+
executables: []
|
53
|
+
extensions: []
|
54
|
+
extra_rdoc_files: []
|
55
|
+
files:
|
56
|
+
- .gitignore
|
57
|
+
- Gemfile
|
58
|
+
- README.md
|
59
|
+
- Rakefile
|
60
|
+
- lib/ruby_cop.rb
|
61
|
+
- lib/ruby_cop/gray_list.rb
|
62
|
+
- lib/ruby_cop/node_builder.rb
|
63
|
+
- lib/ruby_cop/policy.rb
|
64
|
+
- lib/ruby_cop/ruby.rb
|
65
|
+
- lib/ruby_cop/ruby/args.rb
|
66
|
+
- lib/ruby_cop/ruby/array.rb
|
67
|
+
- lib/ruby_cop/ruby/assignment.rb
|
68
|
+
- lib/ruby_cop/ruby/assoc.rb
|
69
|
+
- lib/ruby_cop/ruby/blocks.rb
|
70
|
+
- lib/ruby_cop/ruby/call.rb
|
71
|
+
- lib/ruby_cop/ruby/case.rb
|
72
|
+
- lib/ruby_cop/ruby/constants.rb
|
73
|
+
- lib/ruby_cop/ruby/definitions.rb
|
74
|
+
- lib/ruby_cop/ruby/for.rb
|
75
|
+
- lib/ruby_cop/ruby/hash.rb
|
76
|
+
- lib/ruby_cop/ruby/if.rb
|
77
|
+
- lib/ruby_cop/ruby/list.rb
|
78
|
+
- lib/ruby_cop/ruby/node.rb
|
79
|
+
- lib/ruby_cop/ruby/operators.rb
|
80
|
+
- lib/ruby_cop/ruby/params.rb
|
81
|
+
- lib/ruby_cop/ruby/position.rb
|
82
|
+
- lib/ruby_cop/ruby/range.rb
|
83
|
+
- lib/ruby_cop/ruby/statements.rb
|
84
|
+
- lib/ruby_cop/ruby/string.rb
|
85
|
+
- lib/ruby_cop/ruby/tokens.rb
|
86
|
+
- lib/ruby_cop/ruby/variables.rb
|
87
|
+
- lib/ruby_cop/ruby/version.rb
|
88
|
+
- lib/ruby_cop/ruby/while.rb
|
89
|
+
- lib/ruby_cop/version.rb
|
90
|
+
- ruby_cop.gemspec
|
91
|
+
- spec/analyzer/node_builder_spec.rb
|
92
|
+
- spec/analyzer/policy_spec.rb
|
93
|
+
- spec/spec_helper.rb
|
94
|
+
- tasks/rspec.rake
|
95
|
+
- tasks/yard.rake
|
96
|
+
homepage: ''
|
97
|
+
licenses: []
|
98
|
+
post_install_message:
|
99
|
+
rdoc_options: []
|
100
|
+
require_paths:
|
101
|
+
- lib
|
102
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
103
|
+
none: false
|
104
|
+
requirements:
|
105
|
+
- - ! '>='
|
106
|
+
- !ruby/object:Gem::Version
|
107
|
+
version: '0'
|
108
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
109
|
+
none: false
|
110
|
+
requirements:
|
111
|
+
- - ! '>='
|
112
|
+
- !ruby/object:Gem::Version
|
113
|
+
version: '0'
|
114
|
+
requirements: []
|
115
|
+
rubyforge_project: ruby_cop
|
116
|
+
rubygems_version: 1.8.15
|
117
|
+
signing_key:
|
118
|
+
specification_version: 3
|
119
|
+
summary: Statically analyze Ruby and neutralize nefarious code
|
120
|
+
test_files:
|
121
|
+
- spec/analyzer/node_builder_spec.rb
|
122
|
+
- spec/analyzer/policy_spec.rb
|
123
|
+
- spec/spec_helper.rb
|