The tool to detect code's flaw with static analysis
Ruby C
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin
ext/insns_ext
lib
sample
spec
.gitignore
.travis.yml
Gemfile
LICENSE
README.md
Rakefile
flaw_detector.gemspec

README.md

FlawDetector Build Status

FlawDetector is a tool to detect ruby code's flaw with static analysis. In static analysis, it analyze RubyVM bytecode which is compiled from ruby code.

FlawDetector is similer to FindBugs which is a tool to detect java code's flaw. For details of FindBugs, refer to references section in this text file.

Getting Started

$ gem install flaw_detector

Usage

  flaw_detector [-f outfille] [--help] rbfile ...

Example

$ flaw_detector -f result.csv sample/flaw_in_code.rb

Command Result

Currently, FlawDetector supports only CSV format result. Result example is as follows:

$ cat result.csv
msgid,file,line,short_desc,long_desc,details
RCN_REDUNDANT_FALSECHECK_OF_FALSE_VALUE,sample/flaw_in_code.rb,4,Redundant falsecheck of value known to be false,Redundant falsecheck of a which is known to be false in LINE:2,This method contains a redundant check of a known false value against the constant false.
NP_ALWAYS_FALSE,sample/flaw_in_code.rb,7,False value missing method received,False value missing method received in a,"A false value, which is NilClass or FalseClass, is received missing method here. This will lead to a NoMethodError when the code is executed."

Each line represents a flaw. If you want to know how flaw can be shown in result, refer to message.rb

Fix and Recheck

According to the result, you should fix source code and recheck it by FlawDetector until "OK" is displaied

$ emacs sample/flaw_in_code.rb
$ cat sample/flaw_in_code.rb
def no_flaw(a)
  if a
    rl = a + 1
  else
    rl = a.to_i + 1
  end
end
$ flaw_detector sample/flaw_in_code.rb
OK
$

References