Merge pull request #162 from presidentbeef/improve_test_coverage

Improve test coverage

test/apps/rails3.2/Gemfile

+source 'https://rubygems.org'
+
+gem 'rails', '3.2.8'
+
+# Bundle edge Rails instead:
+# gem 'rails', :git => 'git://github.com/rails/rails.git'
+
+gem 'sqlite3'
+
+gem 'json'
+
+# Gems used only for assets and not required
+# in production environments by default.
+group :assets do
+  gem 'sass-rails',   '~> 3.2.3'
+  gem 'coffee-rails', '~> 3.2.1'
+
+  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
+  # gem 'therubyracer', :platforms => :ruby
+
+  gem 'uglifier', '>= 1.0.3'
+end
+
+gem 'jquery-rails'
+
+# To use ActiveModel has_secure_password
+# gem 'bcrypt-ruby', '~> 3.0.0'
+
+# To use Jbuilder templates for JSON
+# gem 'jbuilder'
+
+# Use unicorn as the app server
+# gem 'unicorn'
+
+# Deploy with Capistrano
+# gem 'capistrano'
+
+# To use debugger
+# gem 'ruby-debug'

test/apps/rails3.2/README.rdoc

+== Welcome to Rails
+
+Rails is a web-application framework that includes everything needed to create
+database-backed web applications according to the Model-View-Control pattern.
+
+This pattern splits the view (also called the presentation) into "dumb"
+templates that are primarily responsible for inserting pre-built data in between
+HTML tags. The model contains the "smart" domain objects (such as Account,
+Product, Person, Post) that holds all the business logic and knows how to
+persist themselves to a database. The controller handles the incoming requests
+(such as Save New Account, Update Product, Show Post) by manipulating the model
+and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting Started
+
+1. At the command prompt, create a new Rails application:
+       <tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
+
+2. Change directory to <tt>myapp</tt> and start the web server:
+       <tt>cd myapp; rails server</tt> (run with --help for options)
+
+3. Go to http://localhost:3000/ and you'll see:
+       "Welcome aboard: You're riding Ruby on Rails!"
+
+4. Follow the guidelines to start developing your application. You can find
+the following resources handy:
+
+* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
+* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
+
+
+== Debugging Rails
+
+Sometimes your application goes wrong. Fortunately there are a lot of tools that
+will help you debug it and get it back on the rails.
+
+First area to check is the application log files. Have "tail -f" commands
+running on the server.log and development.log. Rails will automatically display
+debugging and runtime information to these files. Debugging info will also be
+shown in the browser on requests from 127.0.0.1.
+
+You can also log your own messages directly into the log file from your code
+using the Ruby logger class from inside your controllers. Example:
+
+  class WeblogController < ActionController::Base
+    def destroy
+      @weblog = Weblog.find(params[:id])
+      @weblog.destroy
+      logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
+    end
+  end
+
+The result will be a message in your log file along the lines of:
+
+  Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
+
+More information on how to use the logger is at http://www.ruby-doc.org/core/
+
+Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
+several books available online as well:
+
+* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
+* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
+
+These two books will bring you up to speed on the Ruby language and also on
+programming in general.
+
+
+== Debugger
+
+Debugger support is available through the debugger command when you start your
+Mongrel or WEBrick server with --debugger. This means that you can break out of
+execution at any point in the code, investigate and change the model, and then,
+resume execution! You need to install ruby-debug to run the server in debugging
+mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.all
+      debugger
+    end
+  end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the server window. Here you can do things like:
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8
+          @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
+       #<Post:0x14a6620
+          @attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
+  >> @posts.first.title = "hello from a debugger"
+  => "hello from a debugger"
+
+...and even better, you can examine how your runtime objects actually work:
+
+  >> f = @posts.first
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you can enter "cont".
+
+
+== Console
+
+The console is a Ruby shell, which allows you to interact with your
+application's domain model. Here you'll have all parts of the application
+configured, just like it is when the application is running. You can inspect
+domain models, change values, and save to the database. Starting the script
+without arguments will launch it in the development environment.
+
+To start the console, run <tt>rails console</tt> from the application
+directory.
+
+Options:
+
+* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
+  made to the database.
+* Passing an environment name as an argument will load the corresponding
+  environment. Example: <tt>rails console production</tt>.
+
+To reload your controllers and models after launching the console run
+<tt>reload!</tt>
+
+More information about irb can be found at:
+link:http://www.rubycentral.org/pickaxe/irb.html
+
+
+== dbconsole
+
+You can go to the command line of your database directly through <tt>rails
+dbconsole</tt>. You would be connected to the database with the credentials
+defined in database.yml. Starting the script without arguments will connect you
+to the development database. Passing an argument will connect you to a different
+database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
+PostgreSQL and SQLite 3.
+
+== Description of Contents
+
+The default directory structure of a generated Ruby on Rails application:
+
+  |-- app
+  |   |-- assets
+  |       |-- images
+  |       |-- javascripts
+  |       `-- stylesheets
+  |   |-- controllers
+  |   |-- helpers
+  |   |-- mailers
+  |   |-- models
+  |   `-- views
+  |       `-- layouts
+  |-- config
+  |   |-- environments
+  |   |-- initializers
+  |   `-- locales
+  |-- db
+  |-- doc
+  |-- lib
+  |   `-- tasks
+  |-- log
+  |-- public
+  |-- script
+  |-- test
+  |   |-- fixtures
+  |   |-- functional
+  |   |-- integration
+  |   |-- performance
+  |   `-- unit
+  |-- tmp
+  |   |-- cache
+  |   |-- pids
+  |   |-- sessions
+  |   `-- sockets
+  `-- vendor
+      |-- assets
+          `-- stylesheets
+      `-- plugins
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/assets
+  Contains subdirectories for images, stylesheets, and JavaScript files.
+
+app/controllers
+  Holds controllers that should be named like weblogs_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ApplicationController which itself descends from ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb. Models descend from
+  ActiveRecord::Base by default.
+
+app/views
+  Holds the template files for the view that should be named like
+  weblogs/index.html.erb for the WeblogsController#index action. All views use
+  eRuby syntax by default.
+
+app/views/layouts
+  Holds the template files for layouts to be used with views. This models the
+  common header/footer method of wrapping views. In your views, define a layout
+  using the <tt>layout :default</tt> and create a file named default.html.erb.
+  Inside default.html.erb, call <% yield %> to render the view using this
+  layout.
+
+app/helpers
+  Holds view helpers that should be named like weblogs_helper.rb. These are
+  generated for you automatically when using generators for controllers.
+  Helpers can be used to wrap functionality for your views into methods.
+
+config
+  Configuration files for the Rails environment, the routing map, the database,
+  and other dependencies.
+
+db
+  Contains the database schema in schema.rb. db/migrate contains all the
+  sequence of Migrations for your schema.
+
+doc
+  This directory is where your application documentation will be stored when
+  generated using <tt>rake doc:app</tt>
+
+lib
+  Application specific libraries. Basically, any kind of custom code that
+  doesn't belong under controllers, models, or helpers. This directory is in
+  the load path.
+
+public
+  The directory available for the web server. Also contains the dispatchers and the
+  default HTML files. This should be set as the DOCUMENT_ROOT of your web
+  server.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures. When using the rails generate
+  command, template test files will be generated for you and placed in this
+  directory.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins
+  subdirectory. If the app has frozen rails, those gems also go here, under
+  vendor/rails/. This directory is in the load path.

test/apps/rails3.2/Rakefile

+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails32::Application.load_tasks

test/apps/rails3.2/app/assets/javascripts/application.js

+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

test/apps/rails3.2/app/assets/javascripts/users.js.coffee

+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/

test/apps/rails3.2/app/assets/stylesheets/application.css

+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

test/apps/rails3.2/app/assets/stylesheets/scaffolds.css.scss

+body {
+  background-color: #fff;
+  color: #333;
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size: 13px;
+  line-height: 18px;
+}
+
+p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size: 13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a {
+  color: #000;
+  &:visited {
+    color: #666;
+  }
+  &:hover {
+    color: #fff;
+    background-color: #000;
+  }
+}
+
+div {
+  &.field, &.actions {
+    margin-bottom: 10px;
+  }
+}
+
+#notice {
+  color: green;
+}
+
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px;
+  padding-bottom: 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+  h2 {
+    text-align: left;
+    font-weight: bold;
+    padding: 5px 5px 5px 15px;
+    font-size: 12px;
+    margin: -7px;
+    margin-bottom: 0px;
+    background-color: #c00;
+    color: #fff;
+  }
+  ul li {
+    font-size: 12px;
+    list-style: square;
+  }
+}

test/apps/rails3.2/app/assets/stylesheets/users.css.scss

+// Place all the styles related to the Users controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

test/apps/rails3.2/app/controllers/application_controller.rb

+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

test/apps/rails3.2/app/controllers/removal_controller.rb

+class RemovalController < ApplicationController
+  def change_lines
+    <<-X
+    this
+    method
+    is
+    here
+    for line
+    numbers
+    X
+  end
+
+  def remove_this
+    redirect_to params[:url]
+  end
+
+  def remove_this_too
+    @some_input = raw params[:input]
+    @some_other_input = Account.first.name
+
+    render 'removal/controller_removed'
+  end
+end

test/apps/rails3.2/app/controllers/users_controller.rb

+class UsersController < ApplicationController
+  # GET /users
+  # GET /users.json
+  def index
+    @users = User.all
+
+    respond_to do |format|
+      format.html # index.html.erb
+      format.json { render :json => @users }
+    end
+  end
+
+  # GET /users/1
+  # GET /users/1.json
+  def show
+    @user = User.find(params[:id])
+    @user_data = raw params[:user_data]
+
+    respond_to do |format|
+      format.html # show.html.erb
+      format.json { render :json => @user }
+    end
+  end
+
+  # GET /users/new
+  # GET /users/new.json
+  def new
+    @user = User.new
+
+    respond_to do |format|
+      format.html # new.html.erb
+      format.json { render :json => @user }
+    end
+  end
+
+  # GET /users/1/edit
+  def edit
+    @user = User.find(params[:id])
+  end
+
+  # POST /users
+  # POST /users.json
+  def create
+    @user = User.new(params[:user])
+
+    respond_to do |format|
+      if @user.save
+        format.html { redirect_to @user, :notice => 'User was successfully created.' }
+        format.json { render :json => @user, :status => :created, :location => @user }
+      else
+        format.html { render :action => "new" }
+        format.json { render :json => @user.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+
+  # PUT /users/1
+  # PUT /users/1.json
+  def update
+    @user = User.find(params[:id])
+
+    respond_to do |format|
+      if @user.update_attributes(params[:user])
+        format.html { redirect_to @user, :notice => 'User was successfully updated.' }
+        format.json { head :no_content }
+      else
+        format.html { render :action => "edit" }
+        format.json { render :json => @user.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /users/1
+  # DELETE /users/1.json
+  def destroy
+    @user = User.find(params[:id])
+    @user.destroy
+
+    respond_to do |format|
+      format.html { redirect_to users_url }
+      format.json { head :no_content }
+    end
+  end
+end

test/apps/rails3.2/app/helpers/application_helper.rb

+module ApplicationHelper
+end

test/apps/rails3.2/app/helpers/users_helper.rb

+module UsersHelper
+end

test/apps/rails3.2/app/models/account.rb

+class Account < ActiveRecord::Base
+end

test/apps/rails3.2/app/models/user.rb

+class User < ActiveRecord::Base
+  attr_accessible :bio, :name
+end

test/apps/rails3.2/app/views/layouts/application.html.erb

+<!DOCTYPE html>
+<html>
+<head>
+  <title>Rails32</title>
+  <%= stylesheet_link_tag    "application", :media => "all" %>
+  <%= javascript_include_tag "application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

test/apps/rails3.2/app/views/removal/_partial.html.erb

+<%= raw @some_other_input %>

test/apps/rails3.2/app/views/removal/controller_removed.html.erb

+<%= @some_input %>
+
+<%= render 'partial' %>

test/apps/rails3.2/app/views/users/_form.html.erb

+You: <span><%= about %></span>
+
+<%= form_for(@user) do |f| %>
+  <% if @user.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
+
+      <ul>
+      <% @user.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </div>
+  <div class="field">
+    <%= f.label :bio %><br />
+    <%= f.text_field :bio %>
+  </div>
+  <div class="actions">
+    <%= f.submit %>
+  </div>
+<% end %>

test/apps/rails3.2/app/views/users/edit.html.erb

+<h1>Editing user</h1>
+
+<%= render 'form', :locals => { :about => raw(@user.bio) } %>
+
+<%= link_to 'Show', @user %> |
+<%= link_to 'Back', users_path %>

test/apps/rails3.2/app/views/users/index.html.erb

+<h1>Listing users</h1>
+
+<table>
+  <tr>
+    <th>Name</th>
+    <th>Bio</th>
+    <th></th>
+    <th></th>
+    <th></th>
+  </tr>
+
+<% @users.each do |user| %>
+  <tr>
+    <td><%= user.name %></td>
+    <td><%= user.bio %></td>
+    <td><%= link_to 'Show', user %></td>
+    <td><%= link_to 'Edit', edit_user_path(user) %></td>
+    <td><%= link_to 'Destroy', user, :method => :delete, :data => { :confirm => 'Are you sure?' } %></td>
+  </tr>
+<% end %>
+</table>
+
+<br />
+
+<%= link_to 'New User', new_user_path %>

test/apps/rails3.2/app/views/users/new.html.erb

+<h1>New user</h1>
+
+<%= render 'form' %>
+
+<%= link_to 'Back', users_path %>

test/apps/rails3.2/app/views/users/show.html.erb

+<p id="notice"><%= notice %></p>
+
+<p>
+  <b>Name:</b>
+  <%= @user.name %>
+</p>
+
+<p>
+  <b>Bio:</b>
+  <%= @user.bio %>
+</p>
+
+<p>
+  <b>Other Thing:</b>
+  <%= @user_data %>
+</p>
+
+
+<%= link_to 'Edit', edit_user_path(@user) %> |
+<%= link_to 'Back', users_path %>

test/apps/rails3.2/config.ru

+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Rails32::Application

test/apps/rails3.2/config/application.rb

+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+if defined?(Bundler)
+  # If you precompile assets before deploying to production, use this line
+  Bundler.require(*Rails.groups(:assets => %w(development test)))
+  # If you want your assets lazily compiled in production, use this line
+  # Bundler.require(:default, :assets, Rails.env)
+end
+
+module Rails32
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    # Enable escaping HTML in JSON.
+    config.active_support.escape_html_entities_in_json = true
+
+    # Use SQL instead of Active Record's schema dumper when creating the database.
+    # This is necessary if your schema can't be completely dumped by the schema dumper,
+    # like if you have constraints or database-specific column types
+    # config.active_record.schema_format = :sql
+
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    config.active_record.whitelist_attributes = true
+
+    # Enable the asset pipeline
+    config.assets.enabled = true
+
+    # Version of your assets, change this if you want to expire all your assets
+    config.assets.version = '1.0'
+  end
+end

test/apps/rails3.2/config/boot.rb

+require 'rubygems'
+
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])

test/apps/rails3.2/config/database.yml

+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

test/apps/rails3.2/config/environment.rb

+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Rails32::Application.initialize!

test/apps/rails3.2/config/environments/development.rb

+Rails32::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+end

test/apps/rails3.2/config/environments/production.rb

+Rails32::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this)
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Don't fallback to assets pipeline if a precompiled asset is missed
+  config.assets.compile = false
+
+  # Generate digests for assets URLs
+  config.assets.digest = true
+
+  # Defaults to nil and saved in location specified by config.assets.prefix
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Prepend all log lines with the following tags
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+end

test/apps/rails3.2/config/environments/test.rb

+Rails32::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  # Configure static asset server for tests with Cache-Control for performance
+  config.serve_static_assets = true
+  config.static_cache_control = "public, max-age=3600"
+
+  # Log error messages when you accidentally call methods on nil
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

test/apps/rails3.2/config/initializers/backtrace_silencers.rb

+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

test/apps/rails3.2/config/initializers/inflections.rb

+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+#
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.acronym 'RESTful'
+# end

test/apps/rails3.2/config/initializers/mime_types.rb

+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

test/apps/rails3.2/config/initializers/secret_token.rb

+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Rails32::Application.config.secret_token = 'e721d0d7e8e912026b379d7219b5947da6a954f6c1b7c09ab7b44b873346ee17a780890e6d034fe6bd5ac52cced7b4ebe1971c3f34d0d1e735302b0bd4a0bd62'

test/apps/rails3.2/config/initializers/session_store.rb

+# Be sure to restart your server when you modify this file.
+
+Rails32::Application.config.session_store :cookie_store, :key => '_rails3.2_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Rails32::Application.config.session_store :active_record_store

test/apps/rails3.2/config/initializers/wrap_parameters.rb

+# Be sure to restart your server when you modify this file.
+#
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters :format => [:json]
+end
+
+# Disable root element in JSON by default.
+ActiveSupport.on_load(:active_record) do
+  self.include_root_in_json = false
+end

test/apps/rails3.2/config/locales/en.yml

+# Sample localization file for English. Add more files in this directory for other locales.
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

test/apps/rails3.2/config/routes.rb

+Rails32::Application.routes.draw do
+  resources :users
+  
+  match 'remove' => 'removal#remove_this_too'
+
+  # The priority is based upon order of creation:
+  # first created -> highest priority.
+
+  # Sample of regular route:
+  #   match 'products/:id' => 'catalog#view'
+  # Keep in mind you can assign values other than :controller and :action
+
+  # Sample of named route:
+  #   match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
+  # This route can be invoked with purchase_url(:id => product.id)
+
+  # Sample resource route (maps HTTP verbs to controller actions automatically):
+  #   resources :products
+
+  # Sample resource route with options:
+  #   resources :products do
+  #     member do
+  #       get 'short'
+  #       post 'toggle'
+  #     end
+  #
+  #     collection do
+  #       get 'sold'
+  #     end
+  #   end
+
+  # Sample resource route with sub-resources:
+  #   resources :products do
+  #     resources :comments, :sales
+  #     resource :seller
+  #   end
+
+  # Sample resource route with more complex sub-resources
+  #   resources :products do
+  #     resources :comments
+  #     resources :sales do
+  #       get 'recent', :on => :collection
+  #     end
+  #   end
+
+  # Sample resource route within a namespace:
+  #   namespace :admin do
+  #     # Directs /admin/products/* to Admin::ProductsController
+  #     # (app/controllers/admin/products_controller.rb)
+  #     resources :products
+  #   end
+
+  # You can have the root of your site routed with "root"
+  # just remember to delete public/index.html.
+  # root :to => 'welcome#index'
+
+  # See how all your routes lay out with "rake routes"
+
+  # This is a legacy wild controller route that's not recommended for RESTful applications.
+  # Note: This route will make all actions in every controller accessible via GET requests.
+  # match ':controller(/:action(/:id))(.:format)'
+end

test/apps/rails3.2/script/rails

+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

test/test.rb

@@ -4,7 +4,12 @@ $LOAD_PATH.unshift "#{TEST_PATH}/../lib"
 
 begin
   require 'simplecov'
-  SimpleCov.start
+  SimpleCov.start do
+    add_filter 'lib/ruby_parser/ruby18_parser.rb'
+    add_filter 'lib/ruby_parser/ruby19_parser.rb'
+    add_filter 'lib/ruby_parser/ruby_lexer.rb'
+    add_filter 'lib/ruby_parser/ruby_parser_extras.rb'
+  end
 rescue LoadError => e
   $stderr.puts "Install simplecov for test coverage report"
 end
@@ -42,7 +47,7 @@ module BrakemanTester::FindWarning
     warnings = find opts
     assert_not_equal 0, warnings.length, "No warning found"
     assert_equal 1, warnings.length, "Matched more than one warning"
-  end 
+  end
 
   def assert_no_warning opts
     warnings = find opts
@@ -94,7 +99,168 @@ module BrakemanTester::CheckExpected
   end
 
   def test_zero_errors
-    assert_equal 0, report[:errors].length 
+    assert_equal 0, report[:errors].length
+  end
+end
+
+module BrakemanTester::RescanTestHelper
+  attr_reader :original, :rescan, :rescanner
+
+  #Takes care of copying files to a temporary directory, scanning the files,
+  #performing operations in the block (if provided), then rescanning the files
+  #given in `changed`.
+  #
+  #Provide an array of changed files for rescanning.
+  def before_rescan_of changed
+    changed = [changed] unless changed.is_a? Array
+
+    Dir.mktmpdir do |dir|
+      @dir = dir
+
+      FileUtils.cp_r "#{TEST_PATH}/apps/rails3.2/.", dir
+      @original = Brakeman.run :app_path => dir, :debug => false
+
+      yield dir if block_given?
+
+      @rescanner = Brakeman::Rescanner.new(@original.options, @original.processor, changed)
+      @rescan = @rescanner.recheck
+
+      assert_existing
+    end
+  end
+
+  def fixed
+    rescan.fixed_warnings
+  end
+
+  def new
+    rescan.new_warnings
+  end
+
+  def existing
+    rescan.existing_warnings
+  end
+
+  #Check how many fixed warnings were reported
+  def assert_fixed expected
+    assert_equal expected, fixed.length, "Expected #{expected} fixed warnings, but found #{fixed.length}"
+  end
+
+  #Check how many new warnings were reported
+  def assert_new expected
+    assert_equal expected, new.length, "Expected #{expected} new warnings, but found #{new.length}"
+  end
+
+  #Check how many existing warnings were reported
+  def assert_existing
+    expected = (@rescan.old_results.all_warnings.length - fixed.length)
+
+    assert_equal expected, existing.length, "Expected #{expected} existing warnings, but found #{existing.length}"
+  end
+
+  def assert_changes expected = true
+    assert_equal expected, rescanner.changes
+  end
+
+  def assert_reindex *types
+    if types == [:none]
+      assert rescanner.reindex.empty?
+    else
+      assert_equal Set.new(types), rescanner.reindex
+    end
+  end
+
+  def full_path file
+    File.expand_path file, @dir
+  end
+
+  def remove file
+    path = full_path file
+
+    assert File.exist? path
+    File.delete path
+    assert_equal false, File.exist?(path)
+  end
+
+  def append file, code
+    File.open full_path(file), "a" do |f|
+      f.puts code
+    end
+  end
+
+  def replace_with_sexp file
+    path = full_path file
+    parsed = parse File.read path
+
+    output = yield parsed
+
+    File.open path, "w" do |f|
+      f.puts Ruby2Ruby.new.process output
+    end
+  end
+
+  def write_file file, content
+    File.open full_path(file), "w+" do |f|
+      f.puts content
+    end
+  end
+
+  def remove_method file, method_name
+    replace_with_sexp file do |parsed|
+      class_body = parsed.body
+
+      if class_body[1].node_type == :block
+        class_body[1].reject! do |node|
+          node.is_a? Sexp and
+          node.node_type == :defn and
+          node.method_name == method_name
+        end
+      elsif class_body[1].node_type == :defn and
+        class_body[1].method_name == method_name
+
+        class_body[1] = nil
+      end
+
+      parsed
+    end
+  end
+
+  def add_method file, code
+    parsed_method = parse code
+
+    replace_with_sexp file do |parsed|
+      class_body = parsed.body
+
+      if class_body[1].node_type == :block
+        class_body[1] << parsed_method
+      elsif class_body[1]
+        class_body[1] = s(:block,
+                          class_body[1],
+                          parsed_method)
+      else
+        class_body[1] = parsed_method
+      end
+
+      parsed
+    end
+  end
+
+  def parse code
+    if RUBY_VERSION =~ /^1\.9/
+      Ruby19Parser.new.parse code
+    else
+      RubyParser.new.parse code
+    end
+  end
+end
+
+module BrakemanTester::DiffHelper
+  def assert_fixed expected, diff = @diff
+    assert_equal expected, diff[:fixed].length, "Expected #{expected} fixed warnings, but found #{diff[:fixed].length}"
+  end
+
+  def assert_new expected, diff = @diff
+    assert_equal expected, diff[:new].length, "Expected #{expected} new warnings, but found #{diff[:new].length}"
   end
 end
 

test/tests/test_differ.rb

+require 'brakeman/differ'
+
+DiffRun = Brakeman.run :app_path => "#{TEST_PATH}/apps/rails2"
+
+class DifferTests < Test::Unit::TestCase
+  include BrakemanTester::DiffHelper
+
+  def setup
+    @warnings = DiffRun.checks.all_warnings
+  end
+
+  def diff new, old
+    @diff = Brakeman::Differ.new(new, old).diff
+  end
+
+  def assert_fixed expected, diff = @diff
+    assert_equal expected, diff[:fixed].length, "Expected #{expected} fixed warnings, but found #{diff[:fixed].length}"
+  end
+
+  def assert_new expected, diff = @diff
+    assert_equal expected, diff[:new].length, "Expected #{expected} new warnings, but found #{diff[:new].length}"
+  end
+
+  def test_sanity
+    diff @warnings, @warnings
+
+    assert_fixed 0
+    assert_new 0
+  end
+
+  def test_one_fixed
+    old = @warnings
+    new = @warnings.dup
+    new.shift
+
+    diff new, old
+
+    assert_fixed 1
+    assert_new 0
+  end
+
+  def test_one_new
+    new = @warnings
+    old = @warnings.dup
+    old.shift
+
+    diff new, old
+
+    assert_fixed 0
+    assert_new 1
+  end
+
+  def test_new_and_fixed
+    new = @warnings
+    old = @warnings.dup
+
+    new << old.pop
+    old << new.shift
+
+    diff new, old
+
+    assert_new 2
+    assert_fixed 2
+  end
+
+  def test_line_number_change_only
+    new = @warnings
+    old = @warnings.dup
+
+    changed = new.pop.dup
+    if changed.line.nil?
+      changed.instance_variable_set(:@line, 0)
+    else
+      changed.instance_variable_set(:@line, changed.line + 1)
+    end
+
+    new << changed
+
+    diff new, old
+
+    assert_new 0
+    assert_fixed 0
+  end
+end

test/tests/test_json_compare.rb

+class JSONCompareTests < Test::Unit::TestCase
+  include BrakemanTester::DiffHelper
+
+  def setup
+    @path = File.expand_path "#{TEST_PATH}/apps/rails3.2"
+    @json_path = File.join @path, "report.json"
+    File.delete @json_path if File.exist? @json_path
+    Brakeman.run :app_path => @path, :output_files => [@json_path]
+    @report = JSON.parse File.read(@json_path)
+  end
+
+  def update_json
+    File.open @json_path, "w" do |f|
+      f.puts @report.to_json
+    end
+  end
+
+  def diff
+    @diff = Brakeman.compare :app_path => @path, :previous_results_json => @json_path
+  end
+
+  def test_sanity
+    diff
+
+    assert_fixed 0
+    assert_new 0
+  end
+end

test/tests/test_rails31.rb

 abort "Please run using test/test.rb" unless defined? BrakemanTester
 
-Rails31 = BrakemanTester.run_scan "rails3.1", "Rails 3.1", :rails3 => true
+Rails31 = BrakemanTester.run_scan "rails3.1", "Rails 3.1", :rails3 => true, :parallel_checks => false
 
 class Rails31Tests < Test::Unit::TestCase
   include BrakemanTester::FindWarning

test/tests/test_rake_task.rb

+require 'fileutils'
+require 'tmpdir'
+
+class RakeTaskTests < Test::Unit::TestCase
+  def setup
+    # Brakeman is noisy on errors
+    @old_stderr = $stderr.dup
+    $stderr.reopen("/dev/null", "w")
+  end
+
+  def cleanup
+    $stderr = old_stderr
+  end
+
+  def in_temp_app
+    Dir.mktmpdir do |dir|
+      FileUtils.cp_r "#{TEST_PATH}/apps/rails3.2/.", dir
+
+      @rake_task = "#{dir}/lib/tasks/brakeman.rake"
+      @rakefile = "#{dir}/Rakefile"
+
+      current_dir = FileUtils.pwd
+      FileUtils.cd dir
+
+      yield dir
+
+      FileUtils.cd current_dir
+    end
+  end
+
+  def test_create_rake_task
+    in_temp_app do
+      assert_nothing_raised SystemExit do
+        Brakeman.install_rake_task
+      end
+
+      assert File.exist? @rake_task
+    end
+  end
+
+  def test_rake_task_exists
+    in_temp_app do
+      assert_nothing_raised SystemExit do
+        Brakeman.install_rake_task
+      end
+
+      assert_raise SystemExit do
+        Brakeman.install_rake_task
+      end
+    end
+  end
+
+  def test_rake_no_Rakefile
+    in_temp_app do
+      File.delete @rakefile
+
+      assert_raise SystemExit do
+        Brakeman.install_rake_task
+      end
+    end
+  end
+end