sql_safety_net 1.1.11 → 2.0.0

data/lib/sql_safety_net/rack_handler.rb

@@ -1,196 +0,0 @@
-require 'rack'
-
-module SqlSafetyNet
-  # This Rack handler must be added to the middleware stack in order for query analysis to be output.
-  # If the configuration option for debug is set to true, it will add response headers indicating information
-  # about the queries executed in the course of the request.
-  class RackHandler
-    
-    X_SQL_SAFETY_NET_HEADER = "X-SqlSafetyNet".freeze
-    HTML_CONTENT_TYPE_PATTERN = /text\/(x?)html/i
-    XML_CONTENT_TYPE_PATTERN = /application\/xml/i
-    
-    def initialize(app, logger = Rails.logger)
-      @app = app
-      @logger = logger
-    end
-    
-    def call(env)
-      response = nil
-      analysis = QueryAnalysis.analyze do
-        response = @app.call(env)
-      end
-      
-      if @logger && (analysis.too_many_selects? || analysis.too_many_rows?)
-        request = Rack::Request.new(env)
-        @logger.warn("Excess database usage: request generated #{analysis.selects} queries and returned #{analysis.rows} rows [#{request.request_method} #{request.url}]")
-      end
-      
-      # Add a response header that contains a summary of the debug info
-      if SqlSafetyNet.config.header? || SqlSafetyNet.config.debug?
-        headers = response[1]
-        headers[X_SQL_SAFETY_NET_HEADER] = "selects=#{analysis.selects}; rows=#{analysis.rows}; elapsed_time=#{(analysis.elapsed_time * 1000).round}; flagged_queries=#{analysis.flagged_queries.size}" if headers
-      end
-      
-      if SqlSafetyNet.config.debug?
-        wrapped_response = Rack::Response.new(response[2], response[0], response[1])
-        if analysis.flagged? || SqlSafetyNet.config.always_show?
-          request = Rack::Request.new(env)
-          # Ignore Ajax calls
-          unless request.xhr?
-            # Only if content type is text/html
-            type = wrapped_response.content_type
-            if type.nil? || type.to_s.match(HTML_CONTENT_TYPE_PATTERN)
-              wrapped_response.write(flagged_sql_html(analysis))
-            elsif type.to_s.match(XML_CONTENT_TYPE_PATTERN)
-              wrapped_response.write(xml_comment(flagged_sql_text(analysis)))
-            end
-          end
-        end
-        response = wrapped_response.finish
-      end
-      
-      response
-    end
-
-    def flagged_sql_html(analysis)
-      flagged_html = ''
-      cached_selects = 0
-      cached_rows = 0
-      cached_elapsed_time = 0.0
-      
-      if analysis.flagged_queries?
-        flagged_html << '<div style="color:#C00;">'
-        flagged_html << "<div style=\"font-weight:bold; margin-bottom:10px;\">#{analysis.flagged_queries.size == 1 ? 'This query has' : "These #{analysis.flagged_queries.size} queries have"} flagged query plans:</div>"
-        analysis.flagged_queries.each do |query|
-          if query[:cached]
-            cached_selects += 1
-            cached_rows += query[:rows]
-            cached_elapsed_time += query[:elapsed_time]
-          end
-          flagged_html << '<div style="margin-bottom:10px;">'
-          flagged_html << "<div style=\"font-weight:bold; margin-bottom: 5px;\">#{query[:rows]} rows returned, #{(query[:elapsed_time] * 1000).round} ms#{ " <span style='color:teal;'>(CACHED)</span>" if query[:cached]}</div>"
-          flagged_html << "<div style=\"font-weight:bold; margin-bottom: 5px;\">#{query[:flags].join(', ')}</div>"
-          flagged_html << "<div style=\"margin-bottom: 5px;\">#{Rack::Utils.escape_html(query[:sql])}</div>"
-          flagged_html << "<div style=\"margin-bottom: 5px;\">Query Plan: #{Rack::Utils.escape_html(query[:query_plan].inspect)}</div>" if query[:query_plan]
-          flagged_html << '</div>'
-        end
-        flagged_html << '</div>'
-      end
-      
-      if analysis.too_many_selects? || analysis.too_many_rows? || SqlSafetyNet.config.always_show?
-        flagged_html << "<div style=\"font-weight:bold; margin-bottom:10px;\">#{analysis.non_flagged_queries.size == 1 ? 'This query' : "These #{analysis.non_flagged_queries.size} queries"} did not have flagged query plans:</div>"
-        analysis.non_flagged_queries.each do |query|
-          if query[:cached]
-            cached_selects += 1
-            cached_rows += query[:rows]
-            cached_elapsed_time += query[:elapsed_time]
-          end
-          flagged_html << '<div style="margin-bottom:10px;">'
-          flagged_html << "<div style=\"font-weight:bold; margin-bottom: 5px;\">#{query[:rows]} rows returned, #{(query[:elapsed_time] * 1000).round} ms#{ " <span style='color:teal;'>(CACHED)</span>" if query[:cached]}</div>"
-          flagged_html << "<div style=\"margin-bottom: 5px;\">#{Rack::Utils.escape_html(query[:sql])}</div>"
-          flagged_html << '</div>'
-        end
-      end
-
-      color_scheme = '#060'
-      if analysis.flagged_queries?
-        color_scheme = '#C00' 
-      elsif analysis.flagged?
-        color_scheme = '#C60'
-      end
-      label = (analysis.flagged?) ? 'SQL WARNING' : 'SQL INFO'
-      
-      cache_html = nil
-      if cached_selects > 0
-        cache_html = <<-EOS
-          <div style="margin-bottom:10px; font-weight:bold;">
-            Some of the queries will be cached.
-            <div style="color:#C00;">
-              Uncached: #{analysis.selects - cached_selects} selects, #{analysis.rows - cached_rows} rows, #{((analysis.elapsed_time - cached_elapsed_time) * 1000).round} ms
-            </div> 
-            <div style="color:teal;">
-              Cached: #{cached_selects} selects, #{cached_rows} rows, #{(cached_elapsed_time * 1000).round} ms
-            </div> 
-          </div>
-        EOS
-      end
-      
-      <<-EOS
-        <div id="sql_safety_net_warning" style="font-family:sans-serif; font-size:10px; position:fixed; z-index:999999999; text-align:left; #{SqlSafetyNet.config.position}">
-          <div style="background-color:#{color_scheme}; color:#FFF; padding:4px; width:160px; float:right;">
-            <a href="javascript:void(document.getElementById('sql_safety_net_warning').style.display = 'none')" style="text-decoration:none; float:right; display:block; font-size:9px;"><span style="color:#FFF; text-decoration:none; font-weight:bold;">&times;</span></a>
-            <a href="javascript:void(document.getElementById('sql_safety_net_flagged_queries').style.display = (document.getElementById('sql_safety_net_flagged_queries').style.display == 'block' ? 'none' : 'block'))" style="text-decoration:none;">
-              <span style="color:#FFF; text-decoration:none; font-weight:bold;">#{label} &raquo;</span>
-            </a>
-            <div>#{analysis.selects} selects, #{analysis.rows} rows, #{(analysis.elapsed_time * 1000).round} ms</div>
-          </div>
-          <div id="sql_safety_net_flagged_queries" style="clear:right; display:none; width:500px; padding:2px; border:1px solid #{color_scheme}; background-color:#FFF; color:#000; overflow:auto; max-height:500px;">
-            <div style="margin-bottom:10px; font-weight:bold;">
-              There are #{analysis.selects} queries on this page that return #{analysis.rows} rows and took #{(analysis.elapsed_time * 1000).round} ms to execute.
-            </div>
-            #{cache_html}
-            #{flagged_html}
-          </div>
-        </div>
-      EOS
-    end
-
-    def flagged_sql_text(analysis)
-      flagged_text = ''
-      cached_selects = 0
-      cached_rows = 0
-      cached_elapsed_time = 0.0
-      
-      if analysis.flagged_queries?
-        flagged_text << "#{analysis.flagged_queries.size == 1 ? 'This query has' : "These #{analysis.flagged_queries.size} queries have"} flagged query plans:\n\n"
-        analysis.flagged_queries.each do |query|
-          if query[:cached]
-            cached_selects += 1
-            cached_rows += query[:rows]
-            cached_elapsed_time += query[:elapsed_time]
-          end
-          flagged_text << "#{query[:rows]} rows returned, #{(query[:elapsed_time] * 1000).round} ms#{ " (CACHED)" if query[:cached]}\n"
-          flagged_text << "#{query[:flags].join(', ')}\n\n"
-          flagged_text << "#{query[:sql]}\n\n"
-          flagged_text << "Query Plan: #{Rack::Utils.escape_html(query[:query_plan].inspect)}\n" if query[:query_plan]
-          flagged_text << "\n"
-        end
-        flagged_text << "\n"
-      end
-      
-      if analysis.too_many_selects? || analysis.too_many_rows? || SqlSafetyNet.config.always_show?
-        flagged_text << "#{analysis.non_flagged_queries.size == 1 ? 'This query' : "These #{analysis.non_flagged_queries.size} queries"} did not have flagged query plans:\n\n"
-        analysis.non_flagged_queries.each do |query|
-          if query[:cached]
-            cached_selects += 1
-            cached_rows += query[:rows]
-            cached_elapsed_time += query[:elapsed_time]
-          end
-          flagged_text << "#{query[:rows]} rows returned, #{(query[:elapsed_time] * 1000).round} ms#{ " (CACHED)" if query[:cached]}\n\n"
-          flagged_text << "#{query[:sql]}\n\n"
-          flagged_text << "\n"
-        end
-      end
-
-      label = (analysis.flagged?) ? 'SQL WARNING' : 'SQL INFO'
-      
-      cache_text = ""
-      if cached_selects > 0
-        cache_text << "Some of the queries will be cached.\n\n"
-        cache_text << "Uncached: #{analysis.selects - cached_selects} selects, #{analysis.rows - cached_rows} rows, #{((analysis.elapsed_time - cached_elapsed_time) * 1000).round} ms\n"
-        cache_text << "Cached: #{cached_selects} selects, #{cached_rows} rows, #{(cached_elapsed_time * 1000).round} ms\n\n"
-      end
-      
-      text = "SqlSafetyNet\n\n"
-      text << "There are #{analysis.selects} queries on this page that return #{analysis.rows} rows and took #{(analysis.elapsed_time * 1000).round} ms to execute.\n\n"
-      text << cache_text
-      text << flagged_text
-      text
-    end
-    
-    def xml_comment(text)
-      "<!-- #{text.gsub('-->', '\\-\\->')} -->"
-    end
-  end
-end

data/spec/example_database.yml

@@ -1,14 +0,0 @@
-# Copy this file to database.yml to run the test with connection settings for you environment.
-# You must create the database in both mysql and postgres.
-
-mysql:
-  adapter: mysql
-  username: root
-  password: ""
-  database: sql_safety_net_test
-
-postgresql:
-  adapter: postgresql
-  username: postgres
-  password: postgres
-  database: sql_safety_net_test

data/spec/mysql_connection_adapter_spec.rb

@@ -1,32 +0,0 @@
-require 'spec_helper'
-
-describe SqlSafetyNet::ConnectionAdapter::MysqlAdapter do
-  
-  before(:each) do
-    @connection = SqlSafetyNet::MysqlTestModel.connection
-  end
-
-  it "should use query plan analysis to flag queries" do
-    query_plan = [{'type' => 'ALL', 'rows' => 200}]
-    @connection.should_receive(:select_without_sql_safety_net).with('EXPLAIN Select sql', 'EXPLAIN', []).and_return(query_plan)
-    @connection.should_receive(:analyze_query_plan).with(query_plan).and_return(["bad query"])
-    @connection.analyze_query('Select sql', 'name', []).should == {:query_plan => query_plan, :flags => ["bad query"]}
-  end
-
-  it "should only analyze query plans for select statements" do
-    @connection.should_not_receive(:select_without_sql_safety_net)
-    @connection.should_not_receive(:analyze_query_plan)
-    @connection.analyze_query('Execute sql', 'name', []).should == nil
-  end
-
-  it "should translate query plans into flags" do
-    @connection.send(:analyze_query_plan, [{'type' => 'ALL', 'rows' => 500}]).should == ["table scan", "no index used", "no indexes possible"]
-    @connection.send(:analyze_query_plan, [{'Extra' => 'using temporary table; using filesort', 'rows' => 200, 'key' => 'index', 'possible_keys' => 'index'}]).should == ["uses temporary table for 200 rows", "uses filesort for 200 rows"]
-    @connection.send(:analyze_query_plan, [{'select_type' => 'dependent subquery', 'rows' => 20, 'key' => 'index', 'possible_keys' => 'index'}]).should == ["dependent subquery"]
-    @connection.send(:analyze_query_plan, [{'select_type' => 'uncacheable subquery', 'rows' => 20, 'key' => 'index', 'possible_keys' => 'index'}]).should == ["uncacheable subquery"]
-    @connection.send(:analyze_query_plan, [{'rows' => 20000, 'key' => 'index', 'possible_keys' => 'index'}]).should == ["examines 20000 rows"]
-    @connection.send(:analyze_query_plan, [{'select_type' => 'SIMPLE', 'rows' => 1, 'key' => 'index', 'possible_keys' => 'index'}]).should == []
-  end
-  
-end
-

data/spec/postgres_connection_adapter_spec.rb

@@ -1,43 +0,0 @@
-require 'spec_helper'
-
-describe SqlSafetyNet::ConnectionAdapter::PostgreSQLAdapter do
-
-  before(:each) do
-    @connection = SqlSafetyNet::PostgresqlTestModel.connection
-  end
-
-  it "should use query plan analysis to flag queries" do
-    query_plan = [{"QUERY PLAN"=>"Limit  (cost=0.00..0.06 rows=1 width=335)"}, {"QUERY PLAN"=>"  ->  Seq Scan on records  (cost=0.00..12.20 rows=220 width=335)"}]
-    @connection.should_receive(:select_without_sql_safety_net).with('EXPLAIN Select sql', 'EXPLAIN', []).and_return(query_plan)
-    @connection.should_receive(:analyze_query_plan).with(query_plan).and_return(["bad query"])
-    @connection.analyze_query('Select sql', 'name', []).should == {:query_plan => query_plan, :flags => ["bad query"]}
-  end
-
-  it "should only analyze query plans for select statements" do
-    @connection.should_not_receive(:select_without_sql_safety_net)
-    @connection.should_not_receive(:analyze_query_plan)
-    @connection.analyze_query('Execute sql', 'name', []).should == nil
-  end
-  
-  it "should not flag a small table scan" do
-    query_plan = [{"QUERY PLAN"=>"Seq Scan on records  (cost=0.00..12.20 rows=10 width=335)"}]
-    @connection.send(:analyze_query_plan, query_plan).should == []
-  end
-  
-  it "should flag a table scan" do
-    query_plan = [{"QUERY PLAN"=>"Seq Scan on records  (cost=0.00..12.20 rows=1000000 width=335)"}]
-    @connection.send(:analyze_query_plan, query_plan).should == ["table scan"]
-  end
-  
-  it "should flag too many rows returned" do
-    query_plan = [{"QUERY PLAN"=>"Index Scan using records_pkey on records  (cost=0.00..8.27 rows=1000000 width=336)"}]
-    @connection.send(:analyze_query_plan, query_plan).should == ["examines 1000000 rows"]
-  end
-    
-  it "should apply a limit to the rows returned" do
-    query_plan = [{"QUERY PLAN"=>"Limit  (cost=0.00..0.06 rows=1 width=335)"}, {"QUERY PLAN"=>"  ->  Seq Scan on records  (cost=0.00..12.20 rows=1000000 width=335)"}]
-    @connection.send(:analyze_query_plan, query_plan).should == []
-  end
-  
-end
-

data/spec/rack_handler_spec.rb

@@ -1,193 +0,0 @@
-require 'spec_helper'
-
-describe SqlSafetyNet::RackHandler do
-
-  class SqlSafetyNet::TestApp
-    attr_accessor :response, :block
-    
-    def initialize
-      @response = Rack::Response.new
-    end
-    
-    def call (env)
-      @block.call(env) if @block
-      @response["Content-Type"] = env["response_content_type"] if env["response_content_type"]
-      @response.finish
-    end
-  end
-  
-  before(:each) do
-    SqlSafetyNet.config.debug = true
-    SqlSafetyNet::QueryAnalysis.clear
-  end
-  
-  let(:logger) do
-    logger = Object.new
-    def logger.warn (message)
-      # noop
-    end
-    logger
-  end
-  
-  let(:app){ SqlSafetyNet::TestApp.new }
-  
-  let(:handler){ SqlSafetyNet::RackHandler.new(app, logger) }
-  
-  let(:env) do
-    {
-      "rack.url_scheme" => "http",
-      "PATH_INFO" => "/test",
-      "SERVER_PORT" => 80,
-      "HTTP_HOST" => "example.com",
-      "REQUEST_METHOD" => "GET"
-    }
-  end
-
-  it "should append the bad queries to the HTML when debug is enabled and always_show is false" do
-    SqlSafetyNet.config.always_show = false
-    
-    app.block = lambda do |env|
-      SqlSafetyNet::QueryAnalysis.current.flagged_queries << {:sql => 'sql', :query_plan => 'bad plan', :flags => ['bad query'], :rows => 4, :elapsed_time => 0.1}
-    end
-    app.response.write("Monkeys are neat.")
-    
-    r = handler.call(env)
-    response = Rack::Response.new(r[2], r[0], r[1])
-    
-    response.body.join("").should include('<div id="sql_safety_net_warning"')
-    response.body.join("").should include("Monkeys are neat.")
-    response["X-SqlSafetyNet"].should == "selects=0; rows=0; elapsed_time=0; flagged_queries=1"
-  end
-
-  it "should not append the bad queries to the HTML when there are none and always_show is false" do
-    SqlSafetyNet.config.always_show = false
-    
-    app.response.write("Monkeys are neat.")
-       
-    r = handler.call(env)
-    response = Rack::Response.new(r[2], r[0], r[1])
-    
-    response.body.join("").should == "Monkeys are neat."
-    response["X-SqlSafetyNet"].should == "selects=0; rows=0; elapsed_time=0; flagged_queries=0"
-  end
-  
-  it "should append the queries to the HTML when there are none and always_show is true" do
-    SqlSafetyNet.config.always_show = true
-    
-    app.response.write("Monkeys are neat.")
-    
-    r = handler.call(env)
-    response = Rack::Response.new(r[2], r[0], r[1])
-    
-    response.body.join("").should include('<div id="sql_safety_net_warning"')
-    response.body.join("").should include("Monkeys are neat.")
-    response["X-SqlSafetyNet"].should == "selects=0; rows=0; elapsed_time=0; flagged_queries=0"
-  end
-  
-  it "should append the bad queries to XML when debug is enabled" do
-    SqlSafetyNet.config.always_show = false
-    
-    app.block = lambda do |env|
-      SqlSafetyNet::QueryAnalysis.current.flagged_queries << {:sql => 'sql', :query_plan => 'bad plan', :flags => ['bad query'], :rows => 4, :elapsed_time => 0.1}
-    end
-    app.response.write("<woot>Monkeys are neat.</woot>")
-    
-    r = handler.call(env.merge("response_content_type" => "application/xml"))
-    response = Rack::Response.new(r[2], r[0], r[1])
-    
-    response.body.join("").should_not include('<div id="sql_safety_net_warning"')
-    response.body.join("").should include("<!-- SqlSafetyNet")
-    response.body.join("").should include("<woot>Monkeys are neat.</woot>")
-    Hash.from_xml(response.body.join('')).should == {"woot" => "Monkeys are neat."}
-    response["X-SqlSafetyNet"].should == "selects=0; rows=0; elapsed_time=0; flagged_queries=1"
-  end
-  
-  it "should not append the bad queries to the HTML or add a response header if debug is not enabled" do
-    SqlSafetyNet.config.debug = false
-
-    app.block = lambda do |env|
-      SqlSafetyNet::QueryAnalysis.current.flagged_queries << {:sql => 'sql', :query_plan => 'bad plan', :flags => ['bad query'], :rows => 4, :elapsed_time => 0.1}
-    end
-    app.response.write("Monkeys are neat.")
-    
-    r = handler.call(env)
-    response = Rack::Response.new(r[2], r[0], r[1])
-    
-    response.body.join("").should == "Monkeys are neat."
-    response["X-SqlSafetyNet"].should == nil
-  end
-  
-  it "should not append the bad queries to the HTML if not text/html" do
-    app.block = lambda do |env|
-      SqlSafetyNet::QueryAnalysis.current.flagged_queries << {:sql => 'sql', :query_plan => 'bad plan', :flags => ['bad query'], :rows => 4, :elapsed_time => 0.1}
-    end
-    app.response.write("Monkeys are neat.")
-    app.response["Content-Type"] = "text/plain"
-    
-    r = handler.call(env)
-    response = Rack::Response.new(r[2], r[0], r[1])
-    
-    response.body.join("").should == "Monkeys are neat."
-    response["X-SqlSafetyNet"].should == "selects=0; rows=0; elapsed_time=0; flagged_queries=1"
-  end
-  
-  it "should not append the bad queries to the HTML if Ajax request" do
-    app.block = lambda do |env|
-      SqlSafetyNet::QueryAnalysis.current.flagged_queries << {:sql => 'sql', :query_plan => 'bad plan', :flags => ['bad query'], :rows => 4, :elapsed_time => 0.1}
-    end
-    app.response.write("Monkeys are neat.")
-    app.response["Content-Type"] = "text/plain"
-    
-    r = handler.call(env.merge("HTTP_X_REQUESTED_WITH" => "XMLHttpRequest"))
-    response = Rack::Response.new(r[2], r[0], r[1])
-    
-    response.body.join("").should == "Monkeys are neat."
-    response["X-SqlSafetyNet"].should == "selects=0; rows=0; elapsed_time=0; flagged_queries=1"
-  end
-  
-  it "should log too many selects even if debug is not enabled" do
-    SqlSafetyNet.config.debug = false
-    app.block = lambda do |env|
-      SqlSafetyNet::QueryAnalysis.current.selects = 1000
-    end
-    logger.should_receive(:warn).with("Excess database usage: request generated 1000 queries and returned 0 rows [GET http://example.com/test]")
-    r = handler.call(env)
-  end
-  
-  it "should log too many rows even if debug is not enabled" do
-    SqlSafetyNet.config.debug = false
-    SqlSafetyNet.config.header = false
-    app.block = lambda do |env|
-      SqlSafetyNet::QueryAnalysis.current.rows = 10000
-    end
-    app.response.write("Monkeys are neat.")
-    
-    logger.should_receive(:warn).with("Excess database usage: request generated 0 queries and returned 10000 rows [GET http://example.com/test]")
-    r = handler.call(env)
-    response = Rack::Response.new(r[2], r[0], r[1])
-    
-    response.body.join("").should == "Monkeys are neat."
-    response["X-SqlSafetyNet"].should == nil
-  end
-  
-  it "should log too many rows even if debug is not enabled" do
-    SqlSafetyNet.config.debug = false
-    SqlSafetyNet.config.header = true
-    app.block = lambda do |env|
-      SqlSafetyNet::QueryAnalysis.current.rows = 10
-    end
-    app.response.write("Monkeys are neat.")
-    r = handler.call(env)
-    response = Rack::Response.new(r[2], r[0], r[1])
-    
-    response.body.join("").should == "Monkeys are neat."
-    response["X-SqlSafetyNet"].should == "selects=0; rows=10; elapsed_time=0; flagged_queries=0"
-  end
-  
-  it "should not log warnings if there are none" do
-    SqlSafetyNet.config.debug = false
-    logger.should_not_receive(:warn)
-    r = handler.call(env)
-  end
-
-end