warder 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/features/checks_for_rails_best_practices.feature +25 -0
- data/features/{checks_for_rails_related_security_issues.feature → checks_for_rails_security_issues.feature} +0 -0
- data/features/step_definitions/checks_for_rails_best_practices_steps.rb +11 -0
- data/features/step_definitions/run_steps.rb +2 -2
- data/lib/warder.rb +1 -0
- data/lib/warder/rails_advice_runner.rb +17 -0
- data/lib/warder/rails_security_runner.rb +1 -1
- data/lib/warder/version.rb +1 -1
- data/spec/fixtures/invalid_rails_app/app/controllers/application_controller.rb +4 -0
- data/spec/fixtures/invalid_rails_app/config/routes.rb +1 -52
- data/spec/fixtures/valid_rails_app/Gemfile +3 -1
- data/spec/fixtures/valid_rails_app/config/routes.rb +0 -54
- data/warder.gemspec +1 -1
- metadata +24 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b03990a126c35737b97b3150aa66006778a705a6
|
4
|
+
data.tar.gz: 87f1978be044393d4036df203d358ca1c98b9bb4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ca3a0d169d92a065fe327d9b0db4fcaed69203d717b0258eedc4a6787900511039bfb0e011c65b0d75bb37fe3e22ee2427fcfa3f77b7f58966720d835502b315
|
7
|
+
data.tar.gz: db3a88db71e0142b8bc2f4a899cda5e90abe47b58ef7a54df085b5c5f240d29ad8ad2a090ed0c805320488a1d2aff0b37585479ca6050cdfdeb1bd68146784d4
|
@@ -0,0 +1,25 @@
|
|
1
|
+
Feature: checks for rails related security issues
|
2
|
+
In order to find security issues
|
3
|
+
As a ruby developer
|
4
|
+
I want to run warder with --rails-advice option
|
5
|
+
|
6
|
+
Scenario: run warder with enabled rails advice option
|
7
|
+
Given I have valid_rails_app project in directory
|
8
|
+
And I am on project directory
|
9
|
+
When I run `warder --rails-advice`
|
10
|
+
Then warder detects rails best practices issues
|
11
|
+
Then the exit status should be 0
|
12
|
+
|
13
|
+
Scenario: run warder with enabled rails advice option on invalid project
|
14
|
+
Given I have invalid_rails_app project in directory
|
15
|
+
And I am on project directory
|
16
|
+
When I run `warder --rails-advice`
|
17
|
+
Then warder detects rails best practices issues
|
18
|
+
Then the exit status should be 1
|
19
|
+
|
20
|
+
Scenario: run warder with disabled rails advice option on invalid project
|
21
|
+
Given I have invalid_rails_app project in directory
|
22
|
+
And I am on project directory
|
23
|
+
When I run `warder --no-rails-advice`
|
24
|
+
Then warder does nothing
|
25
|
+
Then the exit status should be 0
|
File without changes
|
@@ -0,0 +1,11 @@
|
|
1
|
+
def rails_best_practices_cmd
|
2
|
+
'rails_best_practices --silent --spec --test --features .'
|
3
|
+
end
|
4
|
+
|
5
|
+
def executing_rails_best_practices
|
6
|
+
"executing '#{rails_best_practices_cmd}'"
|
7
|
+
end
|
8
|
+
|
9
|
+
def rails_best_practices_output
|
10
|
+
`cd tmp/aruba/#{@projectname}/ && #{rails_best_practices_cmd}`
|
11
|
+
end
|
@@ -17,10 +17,10 @@ Then(/^warder does nothing$/) do
|
|
17
17
|
end
|
18
18
|
|
19
19
|
Then(/^warder detects (.+) issues$/) do |what|
|
20
|
-
executing_output = send(:"executing_#{what.
|
20
|
+
executing_output = send(:"executing_#{what.gsub(' ', '_')}")
|
21
21
|
step "the output should contain \"#{executing_output}\""
|
22
22
|
|
23
|
-
validation_output = send(:"#{what.
|
23
|
+
validation_output = send(:"#{what.gsub(' ', '_')}_output")
|
24
24
|
validation_output.split("\n").each do |string|
|
25
25
|
step "the output should contain \"#{string}\""
|
26
26
|
end
|
data/lib/warder.rb
CHANGED
@@ -7,6 +7,7 @@ require 'warder/code_duplication_runner'
|
|
7
7
|
require 'warder/code_smells_runner'
|
8
8
|
require 'warder/code_complexity_runner'
|
9
9
|
require 'warder/rails_security_runner'
|
10
|
+
require 'warder/rails_advice_runner'
|
10
11
|
require 'warder/bundle_audit_runner'
|
11
12
|
require 'warder/cli/arguments'
|
12
13
|
require 'warder/cli'
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Warder
|
2
|
+
# responsible for run rails best practices validation
|
3
|
+
class RailsAdviceRunner < Runner
|
4
|
+
CLI_OPTION = 'a'
|
5
|
+
CLI_FULL_OPTION = 'rails-advice'
|
6
|
+
DESCRIPTION = 'Run rails best practices validation'
|
7
|
+
COMMAND_NAME = 'rails_best_practices'
|
8
|
+
FAILURE_REGEXP = /Found (\d+) warnings?/
|
9
|
+
|
10
|
+
private
|
11
|
+
|
12
|
+
def command_with_options
|
13
|
+
path = @options.files.split(' ').first
|
14
|
+
"#{COMMAND_NAME} --silent --spec --test --features #{path}"
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -3,7 +3,7 @@ module Warder
|
|
3
3
|
class RailsSecurityRunner < Runner
|
4
4
|
CLI_OPTION = 'i'
|
5
5
|
CLI_FULL_OPTION = 'rails-security'
|
6
|
-
DESCRIPTION = 'Run
|
6
|
+
DESCRIPTION = 'Run rails security validation'
|
7
7
|
COMMAND_NAME = 'brakeman'
|
8
8
|
FAILURE_REGEXP = /^\| Security Warnings \| (\d)+/
|
9
9
|
PRINTABLE_REGEXP = /^(\+|\||View Warnings:)/
|
data/lib/warder/version.rb
CHANGED
@@ -1,56 +1,5 @@
|
|
1
1
|
Invalid::Application.routes.draw do
|
2
|
-
# The priority is based upon order of creation: first created -> highest priority.
|
3
|
-
# See how all your routes lay out with "rake routes".
|
4
2
|
|
5
|
-
|
6
|
-
# root 'welcome#index'
|
3
|
+
root 'application#welcome'
|
7
4
|
|
8
|
-
# Example of regular route:
|
9
|
-
# get 'products/:id' => 'catalog#view'
|
10
|
-
|
11
|
-
# Example of named route that can be invoked with purchase_url(id: product.id)
|
12
|
-
# get 'products/:id/purchase' => 'catalog#purchase', as: :purchase
|
13
|
-
|
14
|
-
# Example resource route (maps HTTP verbs to controller actions automatically):
|
15
|
-
# resources :products
|
16
|
-
|
17
|
-
# Example resource route with options:
|
18
|
-
# resources :products do
|
19
|
-
# member do
|
20
|
-
# get 'short'
|
21
|
-
# post 'toggle'
|
22
|
-
# end
|
23
|
-
#
|
24
|
-
# collection do
|
25
|
-
# get 'sold'
|
26
|
-
# end
|
27
|
-
# end
|
28
|
-
|
29
|
-
# Example resource route with sub-resources:
|
30
|
-
# resources :products do
|
31
|
-
# resources :comments, :sales
|
32
|
-
# resource :seller
|
33
|
-
# end
|
34
|
-
|
35
|
-
# Example resource route with more complex sub-resources:
|
36
|
-
# resources :products do
|
37
|
-
# resources :comments
|
38
|
-
# resources :sales do
|
39
|
-
# get 'recent', on: :collection
|
40
|
-
# end
|
41
|
-
# end
|
42
|
-
|
43
|
-
# Example resource route with concerns:
|
44
|
-
# concern :toggleable do
|
45
|
-
# post 'toggle'
|
46
|
-
# end
|
47
|
-
# resources :posts, concerns: :toggleable
|
48
|
-
# resources :photos, concerns: :toggleable
|
49
|
-
|
50
|
-
# Example resource route within a namespace:
|
51
|
-
# namespace :admin do
|
52
|
-
# # Directs /admin/products/* to Admin::ProductsController
|
53
|
-
# # (app/controllers/admin/products_controller.rb)
|
54
|
-
# resources :products
|
55
|
-
# end
|
56
5
|
end
|
@@ -1,56 +1,2 @@
|
|
1
1
|
Valid::Application.routes.draw do
|
2
|
-
# The priority is based upon order of creation: first created -> highest priority.
|
3
|
-
# See how all your routes lay out with "rake routes".
|
4
|
-
|
5
|
-
# You can have the root of your site routed with "root"
|
6
|
-
# root 'welcome#index'
|
7
|
-
|
8
|
-
# Example of regular route:
|
9
|
-
# get 'products/:id' => 'catalog#view'
|
10
|
-
|
11
|
-
# Example of named route that can be invoked with purchase_url(id: product.id)
|
12
|
-
# get 'products/:id/purchase' => 'catalog#purchase', as: :purchase
|
13
|
-
|
14
|
-
# Example resource route (maps HTTP verbs to controller actions automatically):
|
15
|
-
# resources :products
|
16
|
-
|
17
|
-
# Example resource route with options:
|
18
|
-
# resources :products do
|
19
|
-
# member do
|
20
|
-
# get 'short'
|
21
|
-
# post 'toggle'
|
22
|
-
# end
|
23
|
-
#
|
24
|
-
# collection do
|
25
|
-
# get 'sold'
|
26
|
-
# end
|
27
|
-
# end
|
28
|
-
|
29
|
-
# Example resource route with sub-resources:
|
30
|
-
# resources :products do
|
31
|
-
# resources :comments, :sales
|
32
|
-
# resource :seller
|
33
|
-
# end
|
34
|
-
|
35
|
-
# Example resource route with more complex sub-resources:
|
36
|
-
# resources :products do
|
37
|
-
# resources :comments
|
38
|
-
# resources :sales do
|
39
|
-
# get 'recent', on: :collection
|
40
|
-
# end
|
41
|
-
# end
|
42
|
-
|
43
|
-
# Example resource route with concerns:
|
44
|
-
# concern :toggleable do
|
45
|
-
# post 'toggle'
|
46
|
-
# end
|
47
|
-
# resources :posts, concerns: :toggleable
|
48
|
-
# resources :photos, concerns: :toggleable
|
49
|
-
|
50
|
-
# Example resource route within a namespace:
|
51
|
-
# namespace :admin do
|
52
|
-
# # Directs /admin/products/* to Admin::ProductsController
|
53
|
-
# # (app/controllers/admin/products_controller.rb)
|
54
|
-
# resources :products
|
55
|
-
# end
|
56
2
|
end
|
data/warder.gemspec
CHANGED
@@ -25,9 +25,9 @@ Gem::Specification.new do |spec|
|
|
25
25
|
spec.add_dependency 'flog'
|
26
26
|
spec.add_dependency 'mago'
|
27
27
|
spec.add_dependency 'brakeman'
|
28
|
+
spec.add_dependency 'rails_best_practices'
|
28
29
|
spec.add_dependency 'bundler-audit'
|
29
30
|
# spec.add_dependency 'sandi_meter'
|
30
|
-
# spec.add_dependency 'rails_best_practices'
|
31
31
|
|
32
32
|
spec.add_development_dependency 'bundler', '~> 1.3'
|
33
33
|
spec.add_development_dependency 'rake'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: warder
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yura Tolstik
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-01-
|
11
|
+
date: 2014-01-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rubocop
|
@@ -108,6 +108,20 @@ dependencies:
|
|
108
108
|
- - ">="
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rails_best_practices
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :runtime
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
111
125
|
- !ruby/object:Gem::Dependency
|
112
126
|
name: bundler-audit
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -222,7 +236,8 @@ files:
|
|
222
236
|
- Rakefile
|
223
237
|
- bin/warder
|
224
238
|
- cucumber.yml
|
225
|
-
- features/
|
239
|
+
- features/checks_for_rails_best_practices.feature
|
240
|
+
- features/checks_for_rails_security_issues.feature
|
226
241
|
- features/checks_for_vulnerable_gems.feature
|
227
242
|
- features/detects_code_complexity.feature
|
228
243
|
- features/detects_code_duplication.feature
|
@@ -230,6 +245,7 @@ files:
|
|
230
245
|
- features/detects_magick_numbers.feature
|
231
246
|
- features/run.feature
|
232
247
|
- features/show_version.feature
|
248
|
+
- features/step_definitions/checks_for_rails_best_practices_steps.rb
|
233
249
|
- features/step_definitions/checks_for_rails_security_issues_steps.rb
|
234
250
|
- features/step_definitions/checks_for_vulnerable_gems_steps.rb
|
235
251
|
- features/step_definitions/detects_code_complexity_steps.rb
|
@@ -249,6 +265,7 @@ files:
|
|
249
265
|
- lib/warder/code_duplication_runner.rb
|
250
266
|
- lib/warder/code_smells_runner.rb
|
251
267
|
- lib/warder/magick_numbers_runner.rb
|
268
|
+
- lib/warder/rails_advice_runner.rb
|
252
269
|
- lib/warder/rails_security_runner.rb
|
253
270
|
- lib/warder/runner.rb
|
254
271
|
- lib/warder/style_guide_runner.rb
|
@@ -328,12 +345,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
328
345
|
version: '0'
|
329
346
|
requirements: []
|
330
347
|
rubyforge_project:
|
331
|
-
rubygems_version: 2.2.
|
348
|
+
rubygems_version: 2.2.1
|
332
349
|
signing_key:
|
333
350
|
specification_version: 4
|
334
351
|
summary: Warder of ruby code
|
335
352
|
test_files:
|
336
|
-
- features/
|
353
|
+
- features/checks_for_rails_best_practices.feature
|
354
|
+
- features/checks_for_rails_security_issues.feature
|
337
355
|
- features/checks_for_vulnerable_gems.feature
|
338
356
|
- features/detects_code_complexity.feature
|
339
357
|
- features/detects_code_duplication.feature
|
@@ -341,6 +359,7 @@ test_files:
|
|
341
359
|
- features/detects_magick_numbers.feature
|
342
360
|
- features/run.feature
|
343
361
|
- features/show_version.feature
|
362
|
+
- features/step_definitions/checks_for_rails_best_practices_steps.rb
|
344
363
|
- features/step_definitions/checks_for_rails_security_issues_steps.rb
|
345
364
|
- features/step_definitions/checks_for_vulnerable_gems_steps.rb
|
346
365
|
- features/step_definitions/detects_code_complexity_steps.rb
|