Category Archives: devise

Trailblazer + Devise: Integrating Devise validatable model with Trailblazer operation + error propagation

Devise is one of those gems that are tightly bound to the Rails stack. It means that as long as you follow the “Rails way” and you do things the recommended way, you should not have any problems. However, Trailblazer is not the recommended way and the way it works, not always makes it painless […]

Read more at the source

Ruby on Rails: Migrating to Devise from your own authentication engine – Using custom Encryptors

Having your own authentication engine can be fun. You get to know how things work, why you should use salt, pepper, SHA2 instead of MD5 and much more. It also allows you to work with many old systems built before anyone heard about Devise. Still, I must say, that in old, maintained systems, sometimes it […]

Read more at the source

Tips for keeping your Open Source Software issues tracker tidy

Charlie Somerville recently tweeted he wished there was a good guide about maintaining open source software: I wish there was a good guide on maintaining OSS projects. I’m a maintainer of a reasonably popular project and I have NFI what I’m doing. — Charlie Somerville (@charliesome) April 26, 2014 In between consultancy jobs and building […]

Read more at the source

E-mail enumeration in Devise in paranoid mode

It has been reported that malicious users can do e-mail enumeration on sign in via timing attacks despite paranoid mode being enabled. Whenever you try to reset your password or confirm your account, Devise gives you precise information on how to proceed, if the e-mail given is valid, if the token has not expired and […]

Read more at the source

Ruby 2.2.5 Released

April 26, 2016

Ruby 2.2.5 has been released.

This release includes many bug fixes. See the ChangeLog for details.

Download

https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.5.tar.bz2

SIZE:   13350551 bytes
SHA1:   f78473fe60a632b778599374ae64612592c2c9c1
SHA256: 22f0c6f34c0024e0bcaaa8e6831b7c0041e1ef6120c781618b833bde29626700
SHA512: d3224814361c297bc36646c2e40f63c461ccf5a77fea5a3acdcb2c7ad1705bb229ac6abbd7ad1ae61cbe0fefd7a008c6102568d11366ad3107179302cd3e734e

https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.5.tar.gz

SIZE:   16654395 bytes
SHA1:   457707459827bd527347a5cee7b4dc509b486713
SHA256: 30c4b31697a4ca4ea0c8db8ad30cf45e6690a0f09687e5d483c933c03ca335e3
SHA512: 3dd8688c64b8b143bdd6b0f123b7c2ecdd1b93c7c9ee51b2774a3b0b864897789932c7ad406293a6ab12c9eb9db9cfb2940fc14e2afc4f79718994f7668cbd5f

https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.5.tar.xz

SIZE:   10457620 bytes
SHA1:   58484284dd613e139e8f7023b1168e9034a8766d
SHA256: f86feaa0a578e8da0924ced3ec68b25b50d69fc9a72cc8d919bc3c73f85f87d7
SHA512: 6da4bdb0a43d56c7a8e4dddbcacf237e998ebb54706c8f835b53713dbdf924e40d5f89f63017515e1d66904ca01f28058cf296567104e06540c57f036dcdd0fe

https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.5.zip

SIZE:   18493821 bytes
SHA1:   e4f497e5b79768ae93dd73ac26da4ff5dd722bfe
SHA256: d5094d7cc50266772a8352c68b7fcd865889fd174c09e2f11bb003696cd04bb3
SHA512: b3789063252e361aa4598ecd9170fc360f0d5685497975ce09442fe5815c438b67b95fc67e56b99ab4044a49715ed1a8b1fb089f757c7c0d1a777536e06de8cf

Release Comment

Thanks to everyone who helped with this release.

With this release, the maintainer of Ruby 2.2 changed from nagachika-san to usa. About two thirds of the changes included in this release were made by nagachika-san. Thanks for his great contributions.

The maintenance of Ruby 2.2, including this release, is based on the “Agreement for the Ruby stable version” of the Ruby Association.

Posted by usa on 26 Apr 2016

[…]

Build your own Code Climate Analysis Engine

July 7, 2015

Recently, we announced the release of the Code Climate Platform, which lets anyone create and deploy static analysis tools to an audience of over 50,000 developers. These Open Source static analysis tools are called “engines,” and in this post I’ll show you how to create one from scratch.

We’ll create an engine that greps through your source code and looks for instances of problematic words like FIXME, TODO, and BUG. This engine conforms to the Code Climate engine specification, and all of the code for this engine is available on GitHub. When we get up and running, you’ll see results like this on your command line:

Engines that you create can be tested with the Code Climate command line tool. Once you’ve got an Open Source engine that works, we’d love to chat with you about making it available on our cloud platform, so that your whole community can have access to it!

For more information join our Developer Program.

What’s an engine made of?

Instead of asking you to dive into the Code Climate engine specification, to learn what an engine is, I’ll give you a brief overview here.

A Code Climate engine is a containerized program which analyzes source code and prints issues in JSON to STDOUT.

Sound simple? We really think it is! Hopefully this blog post will illustrate what we mean.

More concretely, the FIXME engine we’re going to create contains three important files:

A Dockerfile which specifies the Docker image
A bin/fixme executable wrapper script that runs the engine
The index.js file, which contains the engine source code

There are other requirements in the specification regarding resource allocation, timing, and the shape of the output data (which we’ll see more of below), but that’s really all there is to it.

A little bit of setup

Before we write any code, you need a few things running locally to test your engine, so you might as well get that out of the way now. You’ll need the following things running locally:

A Docker environment (we recommend Docker For Mac for OSX development.
The Code Climate CLI tool (you can brew tap codeclimate/formulae && brew install codeclimate on OSX)

Run codeclimate -v when you’re done. If it print a version number, you should be ready to go!

FIXME

The idea for FIXME came to us when we were brainstorming new engine ideas which were both high value and easy to implement. We wanted to release a sort of Hello, world engine, but didn’t want it to be one that did something totally pointless. Thus, FIXME was born.

The FIXME engine looks for (case-insensitive, whole word) instances of the following strings in your project’s files:

TODO
FIXME
HACK
BUG
XXX

This is not a novel idea. It’s well known that instances of these phrases in your code are lurking problems, waiting to manifest themselves when you least expect it. We also felt it worth implementing because running a FIXME engine in your workflow has the following benefits:

Existing FIXMEs hacks will be more visible to you and your team
New FIXMEs will bubble up and can even fail your pull requests if you configure them properly on codeclimate.com

Pretty nifty for around 75 lines of code.

To achieve this, the engine performs a case insensitive grep command on all of the files you specify, and emits Code Climate issues wherever it finds one.

Implementing an engine in JavaScript

The meat of the actual engine is in the index.js file, which contains around 50 lines of JavaScript. The entirety of the file can be found here. I’ll highlight a few important sections of the code for the engine below, but if you have any questions, please open an issue on the GitHub repo and I’ll try my best to answer promptly!

On to the code. After requiring our dependencies and typing out the module boilerplate, we put the phrases we want to find in grep pattern format:

var fixmeStrings = "'(FIXME|TODO|HACK|XXX|BUG)'";

This will be used in a case insensitive search against all of the files the engine we’ll analyze.

Next, we create a function that we will use to print issues to STDOUT according to the issue data type specification in the engine spec. The printIssue function accepts a file name, a line number, and the issue string,

var printIssue = function(fileName, lineNum, matchedString){
  var issue = {
    "type": "issue",
    "check_name": "FIXME found",
    "description": matchedString + " found",
    "categories": ["Bug Risk"],
    "location":{
      "path": fileName,
      "lines": {
        "begin": lineNum,
        "end": lineNum
      }
    }
  };

  // Issues must be followed by a null byte
  var issueString = JSON.stringify(matchedString)+"\0";
  console.log(issueString);
}

This data format contains information about the location, category, and description of each issue your engine emits. It’s at the heart of our engine specification and massaging data from an existing tool to conform to this format is typically straightforward.

The data in the JSON your engine prints will be consumed by the CLI and if you join our Developer Program and work with us, it can also be made available to all users of codeclimate.com. We’ll work with you to ensure your engine is spec compliant and meets our security and performance standards, and get your work in front of a lot of people!

The actual code that greps each file isn’t super interesting, but you should check it out on GitHub and open an issue on the repo if you have a question.

Because it’s a requirement of engines to respect the file exclusion rules passed to it by the CLI or our cloud services, though, I’ll show a bit of how that works:

// Uses glob to traverse code directory and find files to analyze,
// excluding files passed in with by CLI config
var fileWalk = function(excludePaths){
  var analysisFiles = [];
  var allFiles = glob.sync("/code/**/**", {});

  allFiles.forEach(function(file, i, a){
    if(excludePaths.indexOf(file.split("/code/")[1]) < 0) {
      if(!fs.lstatSync(file).isDirectory()){
        analysisFiles.push(file);
      }
    }
  });

  return analysisFiles;
}

Here I am using the NPM glob module to iterate over all of the files starting at /code recursively. This location also comes from the engine specification. The fileWalk function takes an array of excludePaths, which it extracts from /config.json (this will be made available to your engine after the CLI parses a project’s .codeclimate.yml file). This all happens in the main function of the engine, runEngine:

FixMe.prototype.runEngine = function(){
  // Check for existence of config.json, parse exclude paths if it exists
  if (fs.existsSync("/config.json")) {
    var engineConfig = JSON.parse(fs.readFileSync("/config.json"));
    var excludePaths = engineConfig.exclude_paths;
  } else {
    var excludePaths = [];
  }

  // Walk /code/ path and find files to analyze
  var analysisFiles = fileWalk(excludePaths);

  // Execute main loop and find fixmes in valid files
  analysisFiles.forEach(function(f, i, a){
    findFixmes(f);
  });
}

This main function gives hopefully gives you a clear picture of what this engine does:

It parses a JSON file and extracts an array of files to exclude from analysis
It passes this list of files to a function that walks all files available to the engine, and produces a list of files to be analyzed
It passes the list of analyzable files to the findFixmes function, which greps individual files and prints them to STDOUT

Packaging it up

How engines are packaged as Docker containers is important: it has it’s own section of the engine specification. The Dockerfile for FIXME is pretty typical:

FROM node

MAINTAINER Michael R. Bernstein

RUN useradd -u 9000 -r -s /bin/false app

RUN npm install glob

WORKDIR /code
COPY . /usr/src/app

USER app
VOLUME /code

CMD ["/usr/src/app/bin/fixme"]

Here’s a breakdown of each line (for more information about each directive, see the official Docker documentation):

The official node Docker container is the basis for this engine container. It has node and npm installed, and generally makes our lives easier.
Declare a maintainer for the container.
Create the app user to run the command as specified.
Install packages with npm install glob so that the external dependency is available when the engine runes.
Set the WORKDIR to /code, where the source to be analyzed will be mounted.
Copy the engine code to /usr/src/app.
Use the app user that we created earlier.
Mount /code as a VOLUME per the spec
Our engine specification says that the engine should launch and run immediately, so we use CMD to achieve this. In the case of FIXME, the executable wrapper script instantiates the engine we wrote in JavaScript above, and runs it. Check it out:

#!/usr/bin/env node

var FixMe = require('../index');
var fixMe = new FixMe();

fixMe.runEngine();

We now have all of the pieces in places. Let’s test it out.

Testing your engine locally

If you want to test the code for this engine locally, you can clone the codeclimate-fixme repository locally, and follow these steps:

Build the docker image with docker build -t codeclimate/codeclimate-fixme . (You must be inside the project directory to do this)
Make sure the engine is enabled in the .codeclimate.yml file of the project you want to analyze:

  engines:
    fixme:
      enabled: true

Test the engine against the engine code itself (whoooah) with codeclimate analyze --dev

And you should see some results from test/test.js! Pretty cool, right?

Note that if you want to test modifications you are making to this engine, you should build the image with a different image name, e.g. codeclimate/codeclimate-fixme-YOURNAME. You would then add fixme-YOURNAME to your .codeclimate.yml file as well.

If you get stuck during development, invoke codeclimate console and run:

Analyze.new(['-e', 'my-engine', '--dev']).run

And you should be able to see what’s going on under the hood.

What will you build?

Hopefully seeing how straightforward an engine can be will give you lots of great ideas for engines you can implement on your own. If tools for your language don’t exist, contact us, and maybe we can help you out!

Simple ideas like FIXME have a lot of power when your entire team has access to them. Wire up the codeclimate CLI tool in your build process, push your repositories to Code Climate, and keep pursuing healthy code. We can’t wait to see what you’ll build.

[…]

The Ruby Rails Aggregator