simplabs-excellent 1.5.1 → 1.5.2

data/History.txt

@@ -1,3 +1,10 @@
+= 1.5.2
+
+* added GlobalVariableCheck
+* added Rails::CustomInitializeMethodCheck
+* added Rails::ParamsHashInViewCheck
+* added Rails::SessionHashInViewCheck
+
 = 1.5.1
 
 * removed duplication checks (they are just too coarse for dynamic languages like Ruby and especially Rails apps where you would call e.g. params all over the place)

data/README.rdoc

@@ -3,6 +3,7 @@
 Excellent detects commonly regarded bad code snippets like empty +rescue+ blocks etc. It combines roodi (http://github.com/martinjandrews/roodi), most checks of reek (http://github.com/kevinrutherford/reek), flog (http://github.com/seattlerb/flog) and also adds some Rails specific checks.
 
 See the API documentation at http://docs.github.com/simplabs/excellent and the WIKI at http://wiki.github.com/simplabs/excellent.
+Join the Google Group and discuss about the future and possibilities of Excellent: http://groups.google.com/group/excellent-gem.
 
 == Installation
 

data/VERSION.yml

@@ -1,4 +1,4 @@
 --- 
 :major: 1
 :minor: 5
-:patch: 1
+:patch: 2

data/lib/simplabs/excellent/checks.rb

@@ -15,6 +15,7 @@ require 'simplabs/excellent/checks/case_missing_else_check'
 require 'simplabs/excellent/checks/class_line_count_check'
 require 'simplabs/excellent/checks/class_name_check'
 require 'simplabs/excellent/checks/singleton_variable_check'
+require 'simplabs/excellent/checks/global_variable_check'
 require 'simplabs/excellent/checks/control_coupling_check'
 require 'simplabs/excellent/checks/cyclomatic_complexity_block_check'
 require 'simplabs/excellent/checks/cyclomatic_complexity_method_check'

data/lib/simplabs/excellent/checks/global_variable_check.rb

@@ -0,0 +1,33 @@
+require 'simplabs/excellent/checks/base'
+
+module Simplabs
+
+  module Excellent
+
+    module Checks
+
+      # This check reports global variables. Global variables introduce strong dependencies between otherwise unrelated parts of code and their use is
+      # usually considered extremely bad style.
+      #
+      # ==== Applies to
+      #
+      # * global variables
+      class GlobalVariableCheck < Base
+
+        def initialize #:nodoc:
+          super
+          @interesting_nodes = [:gvar, :gasgn]
+          @interesting_files = [/\.rb$/, /\.erb$/]
+        end
+
+        def evaluate(context) #:nodoc:
+          add_warning(context, 'Global variable {{variable}} used.', { :variable => context.full_name })
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/lib/simplabs/excellent/checks/rails.rb

@@ -17,3 +17,6 @@ require 'simplabs/excellent/checks/rails/attr_accessible_check'
 require 'simplabs/excellent/checks/rails/attr_protected_check'
 require 'simplabs/excellent/checks/rails/instance_var_in_partial_check'
 require 'simplabs/excellent/checks/rails/validations_check'
+require 'simplabs/excellent/checks/rails/params_hash_in_view_check'
+require 'simplabs/excellent/checks/rails/session_hash_in_view_check'
+require 'simplabs/excellent/checks/rails/custom_initialize_method_check'

data/lib/simplabs/excellent/checks/rails/custom_initialize_method_check.rb

@@ -0,0 +1,37 @@
+require 'simplabs/excellent/checks/base'
+
+module Simplabs
+
+  module Excellent
+
+    module Checks
+
+      module Rails
+
+        # This check reports +ActiveRecord+ models that define a custom +initialize+ method. Since +ActiveRecord+ does not always call +new+ to
+        # create instances, these custom +initialize+ methods might not always be called, which makes the behavior of the application very hard to
+        # understand.
+        #
+        # ==== Applies to
+        #
+        # * +ActiveRecord+ models
+        class CustomInitializeMethodCheck < Base
+
+          def initialize #:nodoc:
+            super
+            @interesting_nodes = [:class]
+          end
+
+          def evaluate(context) #:nodoc:
+            add_warning(context, '{{class}} defines initialize method.', { :class => context.full_name }) if context.active_record_model? && !context.defines_initializer?
+          end
+
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/lib/simplabs/excellent/checks/rails/instance_var_in_partial_check.rb

@@ -13,7 +13,7 @@ module Simplabs
         #
         # ==== Applies to
         #
-        # * instance variables
+        # * partials
         class InstanceVarInPartialCheck < Base
 
           def initialize #:nodoc:

data/lib/simplabs/excellent/checks/rails/params_hash_in_view_check.rb

@@ -0,0 +1,38 @@
+require 'simplabs/excellent/checks/base'
+
+module Simplabs
+
+  module Excellent
+
+    module Checks
+
+      module Rails
+
+        # This check reports views (and partials) that access the +params+ hash. Accessing the +params+ hash directly in views can result in security
+        # problems if the value is printed to the HTML output and in general is a bad habit because the controller, which is actually the part of the
+        # application that is responsible for dealing with parameters, is circumvented.
+        #
+        # ==== Applies to
+        #
+        # * partials and regular views
+        class ParamsHashInViewCheck < Base
+
+          def initialize #:nodoc:
+            super
+            @interesting_nodes = [:call]
+            @interesting_files = [/^.*\.(erb|rhtml)$/]
+          end
+
+          def evaluate(context) #:nodoc:
+            add_warning(context, 'Params hash used in view.') if (context.full_name == 'params')
+          end
+
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/lib/simplabs/excellent/checks/rails/session_hash_in_view_check.rb

@@ -0,0 +1,38 @@
+require 'simplabs/excellent/checks/base'
+
+module Simplabs
+
+  module Excellent
+
+    module Checks
+
+      module Rails
+
+        # This check reports views (and partials) that access the +session+ hash. Accessing the +session+ hash directly in views can result in security
+        # problems if the value is printed to the HTML output and in general is a bad habit because the controller, which is actually the part of the
+        # application that is responsible for dealing with session data, is circumvented.
+        #
+        # ==== Applies to
+        #
+        # * partials and regular views
+        class SessionHashInViewCheck < Base
+
+          def initialize #:nodoc:
+            super
+            @interesting_nodes = [:call]
+            @interesting_files = [/^.*\.(erb|rhtml)$/]
+          end
+
+          def evaluate(context) #:nodoc:
+            add_warning(context, 'Session hash used in view.') if (context.full_name == 'session')
+          end
+
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/lib/simplabs/excellent/parsing/class_context.rb

@@ -39,6 +39,7 @@ module Simplabs
           @line_count       = count_lines
           @attr_accessible  = false
           @attr_protected   = false
+          @initializer      = false
           @validations      = []
         end
 
@@ -54,6 +55,10 @@ module Simplabs
           @attr_protected
         end
 
+        def defines_initializer?
+          @initializer
+        end
+
         def validating?
           !@validations.empty? || @methods.any?{ |method| %(validate validate_on_create validate_on_update).include?(method.name) }
         end
@@ -64,6 +69,11 @@ module Simplabs
           super
         end
 
+        def process_defn(exp)
+          @initializer = true if exp[2] == :initialize
+          super
+        end
+
         private
 
           def get_base_class_name

data/lib/simplabs/excellent/parsing/code_processor.rb

@@ -11,6 +11,7 @@ require 'simplabs/excellent/parsing/for_loop_context'
 require 'simplabs/excellent/parsing/while_context'
 require 'simplabs/excellent/parsing/until_context'
 require 'simplabs/excellent/parsing/cvar_context'
+require 'simplabs/excellent/parsing/gvar_context'
 require 'simplabs/excellent/parsing/ivar_context'
 require 'simplabs/excellent/parsing/resbody_context'
 require 'simplabs/excellent/parsing/call_context'
@@ -62,6 +63,14 @@ module Simplabs
           process_default(exp, CvarContext.new(exp, @contexts.last))
         end
 
+        def process_gvar(exp)
+          process_default(exp, GvarContext.new(exp, @contexts.last))
+        end
+
+        def process_gasgn(exp)
+          process_default(exp, GvarContext.new(exp, @contexts.last))
+        end
+
         def process_if(exp)
           process_default(exp, IfContext.new(exp, @contexts.last))
         end

data/lib/simplabs/excellent/parsing/gvar_context.rb

@@ -0,0 +1,21 @@
+module Simplabs
+
+  module Excellent
+
+    module Parsing
+
+      class GvarContext < SexpContext #:nodoc:
+
+        def initialize(exp, parent)
+          super
+          @name      = exp[1].to_s.sub(/^\$/, '')
+          @full_name = @name
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/lib/simplabs/excellent/runner.rb

@@ -12,27 +12,31 @@ module Simplabs
     class Runner
 
       DEFAULT_CONFIG = {
-        :AssignmentInConditionalCheck       => { },
-        :CaseMissingElseCheck               => { },
-        :ClassLineCountCheck                => { :threshold      => 300 },
-        :ClassNameCheck                     => { :pattern         => /^[A-Z][a-zA-Z0-9]*$/ },
-        :SingletonVariableCheck             => { },
-        :CyclomaticComplexityBlockCheck     => { :complexity      => 4 },
-        :CyclomaticComplexityMethodCheck    => { :complexity      => 8 },
-        :EmptyRescueBodyCheck               => { },
-        :ForLoopCheck                       => { },
-        :MethodLineCountCheck               => { :line_count      => 20 },
-        :MethodNameCheck                    => { :pattern         => /^[_a-z<>=\[|+-\/\*`]+[_a-z0-9_<>=~@\[\]]*[=!\?]?$/ },
-        :ModuleLineCountCheck               => { :line_count      => 300 },
-        :ModuleNameCheck                    => { :pattern         => /^[A-Z][a-zA-Z0-9]*$/ },
-        :ParameterNumberCheck               => { :parameter_count => 3 },
-        :FlogMethodCheck                    => { },
-        :FlogBlockCheck                     => { },
-        :FlogClassCheck                     => { },
-        :'Rails::AttrProtectedCheck'        => { },
-        :'Rails::AttrAccessibleCheck'       => { },
-        :'Rails::InstanceVarInPartialCheck' => { },
-        :'Rails::ValidationsCheck'          => { }
+        :AssignmentInConditionalCheck         => { },
+        :CaseMissingElseCheck                 => { },
+        :ClassLineCountCheck                  => { :threshold      => 300 },
+        :ClassNameCheck                       => { :pattern         => /^[A-Z][a-zA-Z0-9]*$/ },
+        :SingletonVariableCheck               => { },
+        :GlobalVariableCheck                  => { },
+        :CyclomaticComplexityBlockCheck       => { :complexity      => 4 },
+        :CyclomaticComplexityMethodCheck      => { :complexity      => 8 },
+        :EmptyRescueBodyCheck                 => { },
+        :ForLoopCheck                         => { },
+        :MethodLineCountCheck                 => { :line_count      => 20 },
+        :MethodNameCheck                      => { :pattern         => /^[_a-z<>=\[|+-\/\*`]+[_a-z0-9_<>=~@\[\]]*[=!\?]?$/ },
+        :ModuleLineCountCheck                 => { :line_count      => 300 },
+        :ModuleNameCheck                      => { :pattern         => /^[A-Z][a-zA-Z0-9]*$/ },
+        :ParameterNumberCheck                 => { :parameter_count => 3 },
+        :FlogMethodCheck                      => { },
+        :FlogBlockCheck                       => { },
+        :FlogClassCheck                       => { },
+        :'Rails::AttrProtectedCheck'          => { },
+        :'Rails::AttrAccessibleCheck'         => { },
+        :'Rails::InstanceVarInPartialCheck'   => { },
+        :'Rails::ValidationsCheck'            => { },
+        :'Rails::ParamsHashInViewCheck'       => { },
+        :'Rails::SessionHashInViewCheck'      => { },
+        :'Rails::CustomInitializeMethodCheck' => { }
       }
 
       attr_accessor :config #:nodoc:

data/spec/checks/global_variable_check_spec.rb

@@ -0,0 +1,66 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe Simplabs::Excellent::Checks::GlobalVariableCheck do
+
+  before(:each) do
+    @excellent = Simplabs::Excellent::Runner.new(Simplabs::Excellent::Checks::GlobalVariableCheck.new)
+  end
+
+  describe '#evaluate' do
+
+    it 'should reject global variables' do
+      code = <<-END
+        $foo = 'bar'
+      END
+      @excellent.check_code(code)
+      warnings = @excellent.warnings
+
+      warnings.should_not be_empty
+      warnings[0].info.should        == { :variable => 'foo' }
+      warnings[0].line_number.should == 1
+      warnings[0].message.should     == 'Global variable foo used.'
+    end
+
+    it 'should also work in modules' do
+      code = <<-END
+        module Outer
+          module Inner
+            class Class
+              $foo = 'bar'
+            end
+          end
+        end
+      END
+      @excellent.check_code(code)
+      warnings = @excellent.warnings
+
+      warnings.should_not be_empty
+      warnings[0].info.should        == { :variable => 'foo' }
+      warnings[0].line_number.should == 4
+      warnings[0].message.should     == 'Global variable foo used.'
+    end
+
+    it 'should also work for global variables that occur within methods' do
+      code = <<-END
+        module Outer
+          module Inner
+            class Class
+              def method
+                $foo == 'bar'
+              end
+            end
+          end
+        end
+      END
+      @excellent.check_code(code)
+      warnings = @excellent.warnings
+
+      warnings.should_not be_empty
+      warnings[0].info.should        == { :variable => 'foo' }
+      warnings[0].line_number.should == 5
+      warnings[0].message.should     == 'Global variable foo used.'
+    end
+
+  end
+
+end

data/spec/checks/rails/custom_initialize_method_check_spec.rb

@@ -0,0 +1,58 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe Simplabs::Excellent::Checks::Rails::CustomInitializeMethodCheck do
+
+  before do
+    @excellent = Simplabs::Excellent::Runner.new(Simplabs::Excellent::Checks::Rails::CustomInitializeMethodCheck.new)
+  end
+
+  describe '#evaluate' do
+
+    it 'should ignore classes that are not active record models' do
+      code = <<-END
+        class Test
+          def initialize
+          end
+        end
+      END
+      @excellent.check_code(code)
+      warnings = @excellent.warnings
+
+      warnings.should be_empty
+    end
+
+    it 'should reject an active record model that defines initialize' do
+      code = <<-END
+        class User < ActiveRecord::Base
+          def initialize
+          end
+        end
+      END
+      @excellent.check_code(code)
+      warnings = @excellent.warnings
+
+      warnings.should_not be_empty
+      warnings[0].info.should        == { :class => 'User' }
+      warnings[0].line_number.should == 1
+      warnings[0].message.should     == 'User defines initialize method.'
+    end
+
+    it 'should also work with namespaced models' do
+      code = <<-END
+        class Backend::User < ActiveRecord::Base
+          def initialize
+          end
+        end
+      END
+      @excellent.check_code(code)
+      warnings = @excellent.warnings
+
+      warnings.should_not be_empty
+      warnings[0].info.should        == { :class => 'Backend::User' }
+      warnings[0].line_number.should == 1
+      warnings[0].message.should     == 'Backend::User defines initialize method.'
+    end
+
+  end
+
+end

data/spec/checks/rails/params_hash_in_view_check_spec.rb

@@ -0,0 +1,40 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe Simplabs::Excellent::Checks::Rails::ParamsHashInViewCheck do
+
+  before do
+    @excellent = Simplabs::Excellent::Runner.new(Simplabs::Excellent::Checks::Rails::ParamsHashInViewCheck.new)
+  end
+
+  describe '#evaluate' do
+
+    it 'should accept views that do not use the params hash' do
+      code = <<-END
+        <div>
+          <%= 'some text' %>
+        </div>
+      END
+      @excellent.check('dummy-file.html.erb', code)
+      warnings = @excellent.warnings
+
+      warnings.should be_empty
+    end
+
+    it 'should reject views that use the params hash' do
+      code = <<-END
+        <div>
+          <%= params[:q] %>
+        </div>
+      END
+      @excellent.check('dummy-file.html.erb', code)
+      warnings = @excellent.warnings
+
+      warnings.should_not be_empty
+      warnings[0].info.should        == {}
+      warnings[0].line_number.should == 2
+      warnings[0].message.should     == 'Params hash used in view.'
+    end
+
+  end
+
+end

data/spec/checks/rails/session_hash_in_view_check_spec.rb

@@ -0,0 +1,40 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe Simplabs::Excellent::Checks::Rails::SessionHashInViewCheck do
+
+  before do
+    @excellent = Simplabs::Excellent::Runner.new(Simplabs::Excellent::Checks::Rails::SessionHashInViewCheck.new)
+  end
+
+  describe '#evaluate' do
+
+    it 'should accept views that do not use the session hash' do
+      code = <<-END
+        <div>
+          <%= 'some text' %>
+        </div>
+      END
+      @excellent.check('dummy-file.html.erb', code)
+      warnings = @excellent.warnings
+
+      warnings.should be_empty
+    end
+
+    it 'should reject views that use the session hash' do
+      code = <<-END
+        <div>
+          <%= session[:someCount] %>
+        </div>
+      END
+      @excellent.check('dummy-file.html.erb', code)
+      warnings = @excellent.warnings
+
+      warnings.should_not be_empty
+      warnings[0].info.should        == {}
+      warnings[0].line_number.should == 2
+      warnings[0].message.should     == 'Session hash used in view.'
+    end
+
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: simplabs-excellent
 version: !ruby/object:Gem::Version 
-  version: 1.5.1
+  version: 1.5.2
 platform: ruby
 authors: 
 - Marco Otte-Witte
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-05-06 00:00:00 -07:00
+date: 2009-08-05 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -61,6 +61,7 @@ files:
 - lib/simplabs/excellent/checks/flog_class_check.rb
 - lib/simplabs/excellent/checks/flog_method_check.rb
 - lib/simplabs/excellent/checks/for_loop_check.rb
+- lib/simplabs/excellent/checks/global_variable_check.rb
 - lib/simplabs/excellent/checks/line_count_check.rb
 - lib/simplabs/excellent/checks/method_line_count_check.rb
 - lib/simplabs/excellent/checks/method_name_check.rb
@@ -71,7 +72,10 @@ files:
 - lib/simplabs/excellent/checks/parameter_number_check.rb
 - lib/simplabs/excellent/checks/rails/attr_accessible_check.rb
 - lib/simplabs/excellent/checks/rails/attr_protected_check.rb
+- lib/simplabs/excellent/checks/rails/custom_initialize_method_check.rb
 - lib/simplabs/excellent/checks/rails/instance_var_in_partial_check.rb
+- lib/simplabs/excellent/checks/rails/params_hash_in_view_check.rb
+- lib/simplabs/excellent/checks/rails/session_hash_in_view_check.rb
 - lib/simplabs/excellent/checks/rails/validations_check.rb
 - lib/simplabs/excellent/checks/rails.rb
 - lib/simplabs/excellent/checks/singleton_variable_check.rb
@@ -94,6 +98,7 @@ files:
 - lib/simplabs/excellent/parsing/cyclomatic_complexity_measure.rb
 - lib/simplabs/excellent/parsing/flog_measure.rb
 - lib/simplabs/excellent/parsing/for_loop_context.rb
+- lib/simplabs/excellent/parsing/gvar_context.rb
 - lib/simplabs/excellent/parsing/if_context.rb
 - lib/simplabs/excellent/parsing/ivar_context.rb
 - lib/simplabs/excellent/parsing/method_context.rb
@@ -124,6 +129,7 @@ files:
 - spec/checks/flog_class_check_spec.rb
 - spec/checks/flog_method_check_spec.rb
 - spec/checks/for_loop_check_spec.rb
+- spec/checks/global_variable_check_spec.rb
 - spec/checks/method_line_count_check_spec.rb
 - spec/checks/method_name_check_spec.rb
 - spec/checks/module_line_count_check_spec.rb
@@ -132,13 +138,17 @@ files:
 - spec/checks/parameter_number_check_spec.rb
 - spec/checks/rails/attr_accessible_check_spec.rb
 - spec/checks/rails/attr_protected_check_spec.rb
+- spec/checks/rails/custom_initialize_method_check_spec.rb
 - spec/checks/rails/instance_var_in_partial_check_spec.rb
+- spec/checks/rails/params_hash_in_view_check_spec.rb
+- spec/checks/rails/session_hash_in_view_check_spec.rb
 - spec/checks/rails/validations_check_spec.rb
 - spec/checks/singleton_variable_check_spec.rb
 - spec/extensions/string_spec.rb
 - spec/spec_helper.rb
 has_rdoc: true
 homepage: http://github.com/simplabs/excellent
+licenses: 
 post_install_message: 
 rdoc_options: 
 - --inline-source
@@ -160,7 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.2.0
+rubygems_version: 1.3.5
 signing_key: 
 specification_version: 2
 summary: Source Code analysis gem for Ruby and Rails