Static Code Analysis
Static Code Analysis
Static code analysis is a method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure, and can help to ensure that the code adheres to industry standards. Automated tools can assist programmers and developers in carrying out static analysis. The process of scrutinizing code by visual inspection alone (by looking at a printout, for example), without the assistance of automated tools, is sometimes called program understanding or program comprehension.
Rubocop
A Ruby static code analyzer, based on the community Ruby style guide.
RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide.
Most aspects of its behavior can be tweaked via various configuration options.
Apart from reporting problems in your code, RuboCop can also automatically fix some of the problems for you.
Installation
$ gem install rubocopBash
or using bundler
gem 'rubocop', require: falseRuby
Quickstart
$ cd my/cool/ruby/project $ rubocopBash
Report example
HTML Formatter
rubocop app -R --format html -o result.htmlBash
Report example
JSON Formatter
rubocop app -R --format json -o result.jsonBash
{ "metadata": { "rubocop_version": "0.9.0", "ruby_engine": "ruby", "ruby_version": "2.0.0", "ruby_patchlevel": "195", "ruby_platform": "x86_64-darwin12.3.0" }, "files": [{ "path": "lib/foo.rb", "offenses": [] }, { "path": "lib/bar.rb", "offenses": [{ "severity": "convention", "message": "Line is too long. [81/80]", "cop_name": "LineLength", "corrected": true, "location": { "line": 546, "column": 80, "length": 4 } }, { "severity": "warning", "message": "Unreachable code detected.", "cop_name": "UnreachableCode", "corrected": false, "location": { "line": 15, "column": 9, "length": 10 } } ] } ], "summary": { "offense_count": 2, "target_file_count": 2, "inspected_file_count": 2 } }JSON
Awesome Rubocops docs here
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications.
Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.
Installation
gem install brakemanBash
or using bundler:
group :development do gem 'brakeman', :require => false endRuby
Usage
brakemanBash
The output format is determined by the file extension or by using the -f option. Current options are: text, html, tabs, json, markdown, csv, and codeclimate
brakeman -o output.html -o output.jsonBash
Report example
Who is Using Brakeman?
- Code Climate
- GitHub
- Groupon
- New Relic
Reek
Code smell detector for Ruby
Installation
gem install reekBash
Run
reek [options] [dir_or_source_file]*Bash
Example
# Smelly class class Smelly # This will reek of UncommunicativeMethodName def x y = 10 # This will reek of UncommunicativeVariableName end endRuby
$ reek demo.rb Inspecting 1 file(s): S demo.rb -- 2 warnings: [4]:UncommunicativeMethodName: Smelly#x has the name 'x' [https://github.com/troessner/reek/blob/master/docs/Uncommunicative-Method-Name.md] [5]:UncommunicativeVariableName: Smelly#x has the variable name 'y' [https://github.com/troessner/reek/blob/master/docs/Uncommunicative-Variable-Name.md]Bash
Report example
reek app --format html > report.htmlBash
SimpleCov
Code coverage for Ruby 1.9+ with a powerful configuration library and automatic merging of coverage across test suites
SimpleCov is a code coverage analysis tool for Ruby. It uses Ruby’s built-in Coverage library to gather code coverage data, but makes processing its results much easier by providing a clean API to filter, group, merge, format, and display those results, giving you a complete code coverage suite that can be set up with just a couple lines of code.
Getting started
Add SimpleCov to your
Gemfileandbundle install:gem 'simplecov', :require => false, :group => :testRubyLoad and launch SimpleCov at the very top of your
test/test_helper.rb(orspec_helper.rb, cucumberenv.rb, or whatever your preferred test framework uses):if ENV['RAILS_ENV'] == 'test' require 'simplecov' SimpleCov.start 'rails' puts "required simplecov" endRubyRun your tests, open up
coverage/index.htmlin your browser and check out what you’ve missed so far.Add the following to your
.gitignorefile to ensure that coverage results are not tracked by Git (optional):coverage
Example output
Coverage results report, fully browsable locally with sorting and much more:
Source file coverage details view:
Overcommit
Overcommit is a gem for configuring Git hooks. It is excellent for keeping the code quality high. It allows tuning git hooks for linters launch before every commit.
Code Analysis and Metrics Tools
- Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
- Bullet - help you increase your application’s performance by reducing the number of queries it makes
- bundler-audit - Patch-level verification for bundler.
- Fasterer - Make your Rubies go faster with this command line tool highly inspired by fast-ruby and Sferik’s talk at Baruco Conf.
- Reek - Code smell detector for Ruby.
- RuboCop - A static code analyzer, based on the community Ruby style guide.
- Pry - A runtime developer console and IRB alternative with powerful introspection capabilities.
- SimpleCov - Code coverage for Ruby 1.9+ with a powerful configuration library and automatic merging of coverage across test suites.
- Traceroute - A Rake task gem that helps you find the dead routes and actions for your Rails 3+ app
- Active Record Doctor - Identify database issues before they hit production.
- Overcommit - A fully configurable and extendable Git hook manager.
- lol_dba - A small package of rake tasks that scan your application models and displays a list of columns that probably should be indexed. Also, it can generate .sql migration scripts.
Control questions
- What is
Rubocop? - What is
Fasterer? - What is
Simplecov? - What is
Overcommit? - Why is it important to follow ruby style guide?