Skip to content
/ ruby-cop Public

RubyCop scans Ruby code and tells you whether it's safe or not.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RubyOnWorld/ruby-cop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
lib
lib
 
 
spec
spec
 
 
tasks
tasks
 
 
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
ruby_cop.gemspec
ruby_cop.gemspec
 
 

Repository files navigation

RubyCop

RubyCop scans Ruby code and tells you whether it's safe or not. We use it at CodeSchool to check user-submitted code before we eval it on the server.

RubyCop is made up of two pieces: NodeBuilder and Policy. NodeBuilder is responsible for parsing Ruby code (using Ripper) and building an AST (Abstract Syntax Tree). Policy then scans the AST and tells you whether the code is safe or not.

Requirements

RubyCop requires Ruby 1.9, though it should work under 1.8 if you include the "ripper" gem.

Usage

Here's a quick example of building the AST, and evaluating it with the Policy:

>> require "ruby_cop"
=> true
>> policy = RubyCop::Policy.new
>> ast = RubyCop::NodeBuilder.build("x = 1 + 2")
>> ast.accept(policy)
=> true

And if you pass in some unsafe code:

>> ast = RubyCop::NodeBuilder.build("x = `ls -la`")
>> ast.accept(policy)
=> false

Drawbacks

Ruby is a very dynamic language, so this kind of static analysis will only get you so far. RubyCop blocks obvious things like backticks and unsafe Kernel methods (#eval, #exec, #fork, etc.), but has to err on the side of safety in other places. For instance, #send is considered unsafe.

About

RubyCop scans Ruby code and tells you whether it's safe or not.

Topics

safe cop rubycop

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages