about processes and engines


I was surprised to see a mention to the gem rufus-treechecker in an InfoQ article about Ruby static analysis tools.

Maybe it’s time for me to explain what this tree hugging checking is about.

Here is a tiny example that detects call to exit or exit!

require 'rubygems'
require 'rufus/treechecker'
  # sudo gem install -y rufus-treechecker

tc = do
  exclude_call_to :exit
  exclude_call_to :exit!

tc.check("def sum (a, b)\na + b\nend")
  # no worries, code seems OK

tc.check("def die (msg)\nputs msg; exit 1; end")
  # will throw a Rufus::SecurityException

rufus-treechecker attempts at detecting some patterns in code during its check run. If some excluded pattern is detected it will complain (Rufus::SecurityException). It leverages ruby_parser by Ryan Davis.

I’m using this gem inside of Ruote to check the source of ruby process definitions before they get evaluated. Ruote uses two tree checkers, their rulesets attempt to exclude some code patterns.

Maybe this gem will be useful to someone else. Hints at [potential] flaws are welcome.

(OK, I know, I shouldn’t be that lazy, I could write a grammar and bypass all that checking ritual)

rdoc :
github :
rubyforge :

the whole rufus family :

Written by John Mettraux

November 10, 2008 at 6:57 am

Posted in ruby, rufus, ruote

%d bloggers like this: