Open eliotsykes opened 9 years ago
I've edited the above issue report to correct information on false positives and missing issues. The issue continues to be valid, particularly the Sexp
monkey patch conflicts.
Hey @eliotsykes!
I'm not sure that the Sexp monkey-patching explains the entire issue yet
My investigation is definitely pointing in the same direction as Sexp
is so ubiquitous in brakeman, ruby_parser, code_analyzer.
I've made a repository with an executable test case demonstrating the issue in isolation from pronto and other gems. I hope that it'll be useful for anyone willing to tag along.
It includes:
Please check it out. I'm positive we'll come up with a solution very soon. :smiley:
Hi @nbekirov - thanks for looking into this. Your forking plan looks promising.
Firstly, thanks @mmozuras for pronto. I'm trialling using it to help with teaching Rails, when reviewing student projects.
The running order of pronto-brakeman and pronto-rails_best_practices can affect what issues are detected.
For a Rails 4.2.0 app I'm trying this out with, here are the total counts of issues found when the runners are run alone and together in both orders:
Neither of the aboveThere were missing issues and false positivespronto run
s which ran with both runners quite found all the issues.in bothwhen the running order was "1. brakeman, 2. rails_best_practices" . For more details see the full output further below.Debugging so far shows part of the issue is due to two different gems (brakeman and code_analyzer (code_analyzer is used by rails_best_practices)) monkey-patching the same
Sexp
methods with different behaviours.For example, the
RemoveEmptyHelpersReview#empty_body?(module_node)
is dependent onSexp#body
that behaves differently in brakeman compared to code_analyzer. As a result theRemoveEmptyHelpersReview
from rails_best_practices only detects empty helpers when rails_best_practices runs before brakeman.(I'm not sure that the
Sexp
monkey-patching explains the entire issue yet).I'd like to contribute a fix for this, though I'm not sure where to go from here, so any guidance and ideas would be much appreciated.
One thought is that to help uncover these kind of issues, perhaps the installed
pronto-*
runners could run in a random order when they're run withpronto run
(i.e. no-r=
option).