warder 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7afe9d3043a0b79203eae14a874da4b7e7476b7f
-  data.tar.gz: 77b48c7afb507db85255b71e0e8630db14e45a4b
+  metadata.gz: 113fd7d19ada4fb760793d5c72fd0c3e739653e7
+  data.tar.gz: bdc5fb0e9de6c1bf0c5a5bbdef4f7427c29f798a
 SHA512:
-  metadata.gz: b76bcd34640d62415548719b48c4d7ba13608cccf4382ec08992912ae53b904ac308ae9d2d208b9667918e50bd5fed0cd93356d201fdebdc5bd6f8296ec6324e
-  data.tar.gz: c56a8c2cd0659cb171d6372f873ffedf6bac5cc7c68e4212c95ab936f4a6cbad7328cff1b41fc53a9251b810ac0ccecc6b35558c41f28e384dbcbb8cc4ae741d
+  metadata.gz: 199fb858d92abff4390d4691616134ab2818816eeeaa67a5739e32074e253c1a704e35dada071a84d084b6f1bd20a952a36289daf4795b7ca376937e5ecb8c14
+  data.tar.gz: f07d90d73cf49617f9d7bff699fe16e3307cddcdaabb86bf6606914553f8cb02dec510f2224ff039d00be7be81ba0076efc3406277b172a87dabc131cf8991e1

data/README.md

@@ -1,7 +1,8 @@
 # Warder
 
-[![Travis CI](https://travis-ci.org/yltsrc/warder.png)](https://travis-ci.org/yltsrc/warder)
+[![Build Status](https://travis-ci.org/yltsrc/warder.png?branch=master)](https://travis-ci.org/yltsrc/warder)
 [![Code Climate](https://codeclimate.com/github/yltsrc/warder.png)](https://codeclimate.com/github/yltsrc/warder)
+[![Dependency Status](https://gemnasium.com/yltsrc/warder.png)](https://gemnasium.com/yltsrc/warder)
 
 TODO: Write a gem description
 

data/bin/warder

@@ -1,50 +1,7 @@
 #!/usr/bin/env ruby
 
-$LOAD_PATH.unshift(File.expand_path('../../lib', __FILE__))
+lib = File.expand_path('../../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
-require 'optparse'
 require 'warder'
-
-options = {}
-OptionParser.new do |opts|
-  opts.banner = 'Usage: warder [options] [dir1 file1 file2 ...]'
-
-  desc = 'Run style guide validation'
-  opts.on('-g', '--[no-]style-guide', desc) do |value|
-    options[:style_guide] = value
-  end
-
-  desc = 'Run magick numbers validation'
-  opts.on('-m', '--[no-]magick-numbers', desc) do |value|
-    options[:magick_numbers] = value
-  end
-
-  desc = 'Run code duplication validation'
-  opts.on('-d', '--[no-]code-duplication', desc) do |value|
-    options[:code_duplication] = value
-  end
-
-  desc = 'Run code smells validation'
-  opts.on('-s', '--[no-]code-smells', desc) do |value|
-    options[:code_smells] = value
-  end
-
-  desc = 'Run code complexity validation'
-  opts.on('-c', '--[no-]code-complexity', desc) do |value|
-    options[:code_complexity] = value
-  end
-
-  desc = 'Run bundle freshness validation'
-  opts.on('-b', '--[no-]bundle-audit', desc) do |value|
-    options[:bundle_audit] = value
-  end
-
-  opts.on('-v', '--version', 'Show version') do |value|
-    puts Warder::VERSION
-    exit 0
-  end
-end.parse!
-
-options[:files] = ARGV.empty? ? '.' : ARGV.join(' ')
-
-Warder::CLI.new(options).perform
+Warder::CLI.new(ARGV).execute!

data/features/checks_for_rails_related_security_issues.feature

@@ -0,0 +1,25 @@
+Feature: checks for rails related security issues
+  In order to find security issues
+  As a ruby developer
+  I want to run warder with --rails-security option
+
+  Scenario: run warder with enabled rails security option
+    Given I have valid_rails_app project in directory
+    And I am on project directory
+    When I run `warder --rails-security`
+    Then warder detects rails security issues
+    Then the exit status should be 0
+
+  Scenario: run warder with enabled rails security option on invalid project
+    Given I have invalid_rails_app project in directory
+    And I am on project directory
+    When I run `warder --rails-security`
+    Then warder detects rails security issues
+    Then the exit status should be 1
+
+  Scenario: run warder with disabled rails security option on invalid project
+    Given I have invalid_rails_app project in directory
+    And I am on project directory
+    When I run `warder --no-rails-security`
+    Then warder does nothing
+    Then the exit status should be 0

data/features/step_definitions/checks_for_rails_security_issues_steps.rb

@@ -0,0 +1,20 @@
+def executing_rails_security
+  "executing 'brakeman -q -p .'"
+end
+
+def rails_security_output
+  `cd tmp/aruba/#{@projectname}/ && brakeman -q -p .`
+    .split("\n")
+    .reject { |line| !line.match(/^\+|\|/) }
+    .join("\n")
+end
+
+Given(/^I have ((in)?valid_rails_app) project in directory$/) do |name, _|
+  @projectname = name
+  FileUtils.ln_s "../../spec/fixtures/#{@projectname}", 'tmp/aruba/'
+  expect(`ls tmp/aruba`).to match(@projectname)
+end
+
+Given(/^I am on project directory$/) do
+  @dirs = ["tmp/aruba/#{@projectname}"]
+end

data/features/support/env.rb

@@ -1,4 +1,20 @@
 require 'aruba/cucumber'
+require 'aruba/in_process'
+
+require 'simplecov'
+SimpleCov.start do
+  add_filter '/features/'
+  add_filter '/spec/'
+  add_filter '/vendor/'
+  add_group 'Libraries', 'lib'
+end
+SimpleCov::MINIMUM_COVERAGE = 100
+SimpleCov.minimum_coverage SimpleCov::MINIMUM_COVERAGE
 
 bin_path = "#{File.expand_path('../../../bin', __FILE__)}"
 ENV['PATH'] = "#{bin_path}#{File::PATH_SEPARATOR}#{ENV['PATH']}"
+
+require 'warder'
+
+Aruba::InProcess.main_class = Warder::CLI
+Aruba.process = Aruba::InProcess

data/lib/warder/bundle_audit_runner.rb

@@ -1,13 +1,16 @@
 module Warder
   # responsible for run bundle freshness validation
   class BundleAuditRunner < Runner
+    CLI_OPTION = 'b'
+    CLI_FULL_OPTION = 'bundle-audit'
+    DESCRIPTION = 'Run bundle freshness validation'
     COMMAND_NAME = 'bundle-audit'
     FAILURE_REGEXP = /Unpatched versions found!/
 
     private
 
     def command_with_options
-      path = @options.files[0]
+      path = @options.files.split(' ').first
       "#{COMMAND_NAME} update; (cd #{path} && #{COMMAND_NAME} check)"
     end
 

data/lib/warder/cli/arguments.rb

@@ -0,0 +1,58 @@
+require 'optparse'
+
+module Warder
+  class CLI
+    # responsible for parsing cli arguments
+    class Arguments
+      def initialize(argv, stdout, kernel)
+        @argv = argv
+        @stdout = stdout
+        @kernel = kernel
+        @options = {}
+      end
+
+      def parse
+        parse_options
+        assign_files
+        OpenStruct.new(@options)
+      end
+
+      private
+
+      def parse_options
+        OptionParser.new do |opts|
+          opts.banner = 'Usage: warder [options] [dir1 file1 file2 ...]'
+          validators(opts)
+          version(opts)
+        end.parse!(@argv)
+      end
+
+      def assign_files
+        @options['files'] = @argv.empty? ? '.' : @argv.join(' ')
+      end
+
+      def validators(opts)
+        Warder.validators.each do |validator|
+          validator(opts, validator)
+        end
+      end
+
+      def validator(opts, validator)
+        option = validator::CLI_OPTION
+        full_option = validator::CLI_FULL_OPTION
+        desc = validator::DESCRIPTION
+
+        opts.on("-#{option}", "--[no-]#{full_option}", desc) do |value|
+          @options[option] = value
+        end
+      end
+
+      def version(opts)
+        opts.on('-v', '--version', 'Show version') do |value|
+          @stdout.puts Warder::VERSION
+          @kernel.exit 0
+        end
+      end
+    end
+  end
+end

data/lib/warder/cli.rb

@@ -1,72 +1,39 @@
 module Warder
   # responsible for executing warder tools
   class CLI
-    def initialize(options)
-      @options = OpenStruct.new(options)
+    def initialize(argv, stdin = STDIN, stdout = STDOUT,
+                   stderr = STDERR, kernel = Kernel)
+      @argv = argv
+      @stdin = stdin
+      @stdout = stdout
+      @stderr = stderr
+      @kernel = kernel
     end
 
-    def perform
-      exit perform_style_guide_validation +
-             perform_magick_numbers_validation +
-             perform_code_duplication_validation +
-             perform_code_smells_validation +
-             perform_code_complexity_validation +
-             perform_bundle_freshness_validation
+    def execute!
+      @kernel.exit execute
     end
 
     private
 
-    def perform_style_guide_validation
-      if @options.style_guide
-        runner = StyleGuideRunner.new(@options)
-        runner.perform
-      else
-        0
-      end
-    end
-
-    def perform_magick_numbers_validation
-      if @options.magick_numbers
-        runner = MagickNumbersRunner.new(@options)
-        runner.perform
-      else
-        0
+    def execute
+      parse_arguments
+      exit_codes = Warder.validators.map do |validator|
+        perform_validation(validator)
       end
+      exit_codes.compact.inject(0, :+)
     end
 
-    def perform_code_duplication_validation
-      if @options.code_duplication
-        runner = CodeDuplicationRunner.new(@options)
-        runner.perform
-      else
-        0
-      end
-    end
-
-    def perform_code_smells_validation
-      if @options.code_smells
-        runner = CodeSmellsRunner.new(@options)
-        runner.perform
-      else
-        0
-      end
-    end
-
-    def perform_code_complexity_validation
-      if @options.code_complexity
-        runner = CodeComplexityRunner.new(@options)
-        runner.perform
-      else
-        0
-      end
+    def parse_arguments
+      args = Arguments.new(@argv, @stdout, @kernel)
+      @options = args.parse
     end
 
-    def perform_bundle_freshness_validation
-      if @options.bundle_audit
-        runner = BundleAuditRunner.new(@options)
+    def perform_validation(validator)
+      key = validator::CLI_OPTION
+      if @options.send(key)
+        runner = validator.new(@stdout, @options)
         runner.perform
-      else
-        0
       end
     end
   end

data/lib/warder/code_complexity_runner.rb

@@ -1,8 +1,12 @@
 module Warder
   # responsible for run code complexity validation
   class CodeComplexityRunner < Runner
-    FLOG_SCORE = SCORE
+    CLI_OPTION = 'c'
+    CLI_FULL_OPTION = 'code-complexity'
+    DESCRIPTION = 'Run code complexity validation'
     COMMAND_NAME = 'flog'
+    FLOG_SCORE = SCORE
+    FAILURE_REGEXP = /^\s+(\d+.\d+)\:\s.*$/
     TOTAL_REGEXP = /^\s+\d+.\d+\:.*(total|average)$/
 
     private
@@ -12,7 +16,7 @@ module Warder
     end
 
     def failed?(line)
-      match = line.match(/^\s+(\d+.\d+)\:\s.*$/)
+      match = FAILURE_REGEXP.match(line)
       return false if total?(line)
       match && match[1].to_f > FLOG_SCORE
     end

data/lib/warder/code_duplication_runner.rb

@@ -1,8 +1,11 @@
 module Warder
   # responsible for run code duplication validation
   class CodeDuplicationRunner < Runner
-    FLAY_SCORE = SCORE / 2
+    CLI_OPTION = 'd'
+    CLI_FULL_OPTION = 'code-duplication'
+    DESCRIPTION = 'Run code duplication validation'
     COMMAND_NAME = 'flay'
+    FLAY_SCORE = SCORE / 2
     FAILURE_REGEXP = /Total score \(lower is better\) = (\d+)/
 
     private

data/lib/warder/code_smells_runner.rb

@@ -1,6 +1,9 @@
 module Warder
   # responsible for run code smells validation
   class CodeSmellsRunner < Runner
+    CLI_OPTION = 's'
+    CLI_FULL_OPTION = 'code-smells'
+    DESCRIPTION = 'Run code smells validation'
     COMMAND_NAME = 'reek'
     FAILURE_REGEXP = / -- (\d+) warnings?:/
   end

data/lib/warder/magick_numbers_runner.rb

@@ -1,6 +1,9 @@
 module Warder
   # responsible for run magick numbers validation
   class MagickNumbersRunner < Runner
+    CLI_OPTION = 'm'
+    CLI_FULL_OPTION = 'magick-numbers'
+    DESCRIPTION = 'Run magick numbers validation'
     COMMAND_NAME = 'mago'
 
     private

data/lib/warder/rails_security_runner.rb

@@ -0,0 +1,22 @@
+module Warder
+  # responsible for run rails security validation
+  class RailsSecurityRunner < Runner
+    CLI_OPTION = 'i'
+    CLI_FULL_OPTION = 'rails-security'
+    DESCRIPTION = 'Run magick numbers validation'
+    COMMAND_NAME = 'brakeman'
+    FAILURE_REGEXP = /^\| Security Warnings \| (\d)+/
+    PRINTABLE_REGEXP = /^(\+|\||View Warnings:)/
+
+    private
+
+    def command_with_options
+      path = @options.files.split(' ').first
+      "#{COMMAND_NAME} -q -p #{path}"
+    end
+
+    def printable?(line)
+      PRINTABLE_REGEXP.match(line)
+    end
+  end
+end

data/lib/warder/runner.rb

@@ -3,14 +3,15 @@ module Warder
   class Runner
     SCORE = 30
 
-    def initialize(options = {})
+    def initialize(stdout, options = {})
+      @stdout = stdout
       @options = options
       @exit_code = 0
     end
 
     def perform
       run_command do |line|
-        print line if printable?(line)
+        @stdout.puts(line) if printable?(line)
         @exit_code = 1 if failed?(line)
       end
       @exit_code
@@ -19,7 +20,7 @@ module Warder
     private
 
     def run_command
-      puts "executing '#{command_with_options}'\n"
+      @stdout.puts "executing '#{command_with_options}'\n"
       IO.popen(command_with_options).each do |line|
         yield(line)
       end
@@ -30,7 +31,7 @@ module Warder
     end
 
     def failed?(line)
-      match = line.match(self.class::FAILURE_REGEXP)
+      match = self.class::FAILURE_REGEXP.match(line)
       match && match[1].to_i != 0
     end
 

data/lib/warder/style_guide_runner.rb

@@ -1,6 +1,9 @@
 module Warder
   # responsible for run style guide validation
   class StyleGuideRunner < Runner
+    CLI_OPTION = 'g'
+    CLI_FULL_OPTION = 'style-guide'
+    DESCRIPTION = 'Run style guide validation'
     COMMAND_NAME = 'rubocop'
     FAILURE_REGEXP = /(\d+|no) offence/
   end

data/lib/warder/version.rb

@@ -1,4 +1,4 @@
 # define warder version
 module Warder
-  VERSION = '0.1.2'
+  VERSION = '0.1.3'
 end

data/lib/warder.rb

@@ -6,5 +6,16 @@ require 'warder/magick_numbers_runner'
 require 'warder/code_duplication_runner'
 require 'warder/code_smells_runner'
 require 'warder/code_complexity_runner'
+require 'warder/rails_security_runner'
 require 'warder/bundle_audit_runner'
+require 'warder/cli/arguments'
 require 'warder/cli'
+
+# scope for validators
+module Warder
+  def self.validators
+    Warder.constants.grep(/\w+Runner/).map do |validator|
+      Warder.const_get(validator)
+    end
+  end
+end

data/spec/fixtures/invalid_code_smells.rb

@@ -1,4 +1,4 @@
-def faild?(str)
+def failed?(str)
   match = str.match(/\d+/)
   match && match[1].to_i != 0
 end

data/spec/fixtures/invalid_rails_app/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gem 'rails', '4.0.0'

data/spec/fixtures/invalid_rails_app/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Invalid::Application.load_tasks

data/spec/fixtures/invalid_rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/fixtures/invalid_rails_app/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Invalid</title>
+  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
+  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/fixtures/invalid_rails_app/config/application.rb

@@ -0,0 +1,23 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(:default, Rails.env)
+
+module Invalid
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+  end
+end

data/spec/fixtures/invalid_rails_app/config/boot.rb

@@ -0,0 +1,4 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])

data/spec/fixtures/invalid_rails_app/config/database.yml

@@ -0,0 +1,25 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

data/spec/fixtures/invalid_rails_app/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require File.expand_path('../application', __FILE__)
+
+# Initialize the Rails application.
+Invalid::Application.initialize!

data/spec/fixtures/invalid_rails_app/config/environments/development.rb

@@ -0,0 +1,29 @@
+Invalid::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send.
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise an error on page load if there are pending migrations
+  config.active_record.migration_error = :page_load
+
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
+  config.assets.debug = true
+end