Issue overview
Project: /Users/achapin/OpenStudio/openstudio-full/OpenStudio
Started: 2025-11-19T04:48:14Z
Files: 0 source files (rb,rake,ru,gemspec,erb,haml,slim,rbi,rbs,jbuilder)
✓ ast-grep available (ast-grep) - full AST analysis enabled
⚠ Bundler or Gemfile not detected - will run tools if globally installed
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
- NIL / DEFENSIVE PROGRAMMING
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: nil equality, deep method chains without guards, dig? usage
Prefer x.nil?, safe navigation (&.), and Hash#dig to avoid NoMethodError.
• == nil or != nil (prefer .nil?)
⚠ Warning (30 found)
Equality to nil
Use x.nil? / !x.nil?
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:61 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L61)
if strArray[i].index(/SWIGEXPORT void Init_/) != nil then
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:72 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L72)
if strArray[i].index(/Document-[\w]*: /) == nil then
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:79 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L79)
if ans != nil then
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:105 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L105)
if (ln.match(/static VALUE/) != nil) ||
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:106 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L106)
(ln.match(/wrap/) != nil) ||
• Deep method chains (use &. / guards)
ℹ Info (307 found)
Fragile deep chaining
Consider &. or guard clauses
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_server.rb:163 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_server.rb#L163)
OpenStudio::LocalBCL.instance.measures.each do |local_measure|
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:28 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L28)
if p.to_s.chars.first == ':' then
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:183 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L183)
elsif path_with_extension.to_s.chars.first == ':'
• Hash#[] chained without dig
ℹ Info (96 found)
Nested [] access
Consider Hash#dig(:a,:b)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
2. NUMERIC / ARITHMETIC PITFALLS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: division by variable, float equality, modulo hazards
Guard divisors and avoid exact float equality.
• Division by variable (possible ÷0)
⚠ Warning (999 found)
Division by variable - verify non-zero
Guard: raise if denom.zero?
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/FindEncodingProblems.rb:9 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/FindEncodingProblems.rb#L9)
if /build/.match(p) || /style/.match(p)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/FindEncodingProblems.rb:16 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/FindEncodingProblems.rb#L16)
if /BOM/.match(output)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/AnalyzeDumpbin.rb:1 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/AnalyzeDumpbin.rb#L1)
# to run this script, change directories to /build/src and call it
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/AnalyzeDumpbin.rb:9 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/AnalyzeDumpbin.rb#L9)
excludes = [/boost-log/, /expat/, /gtest/, /libssh/, /litesql/, /qwt/, /sqlite/]
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/AnalyzeDumpbin.rb:24 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/AnalyzeDumpbin.rb#L24)
system("dumpbin/directives #{file} > #{tmpout1}")
• Float equality (==)
⚠ Warning (13 found)
Float equality comparison
Use tolerance: (a-b).abs < EPS
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/resources/isomodel/SimulationMeasure/measure.rb:1339 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/resources/isomodel/SimulationMeasure/measure.rb#L1339)
if not (wall_areas[i] == 0.0)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/resources/isomodel/SimulationMeasure/measure.rb:1346 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/resources/isomodel/SimulationMeasure/measure.rb#L1346)
if not (wall_U_area[i] == 0.0) # if any wall surfaces have a U value defined, use the weighted average of U values
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/resources/isomodel/SimulationMeasure/measure.rb:1363 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/resources/isomodel/SimulationMeasure/measure.rb#L1363)
if not (window_areas[i] == 0.0)
• Modulo by variable (verify non-zero)
ℹ Info (73 found)
Modulo operations - verify divisor non-zero
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
3. COLLECTION SAFETY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: index risks, mutation during iteration, length checks
Collection misuse leads to IndexError or subtle logic bugs.
• Index arithmetic like arr[i±1]
ℹ Info (6 found)
Index arithmetic present - review bounds
• Mutation during each/map
• length/size explicit zero checks
ℹ Info (54 found)
length/size == 0 checks
Prefer empty?/any?
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
4. COMPARISON & IDIOMS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: 'and/or' precedence, object identity, case equality misuse
Prefer &&/|| for precedence; avoid === misuse outside case.
• 'and'/'or' usage (precedence traps)
ℹ Info (690 found)
and/or used; precedence differs from &&/||
Prefer &&/|| in expressions
• Case equality (===) outside case/when
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
5. EXCEPTIONS & ERROR HANDLING
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: bare rescue, rescue Exception, swallowed errors, raise e
Proper exception handling preserves backtraces and avoids masking bugs.
• Bare rescue
⚠ Warning (13 found)
Bare rescue without class
Rescue specific errors
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager.rb:274 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager.rb#L274)
rescue
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager.rb:421 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager.rb#L421)
rescue
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager.rb:538 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager.rb#L538)
rescue
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_embedded_help.rb:130 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_embedded_help.rb#L130)
rescue
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_embedded_help.rb:172 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_embedded_help.rb#L172)
rescue
• rescue Exception
🔥 CRITICAL (13 found)
Rescuing Exception
Rescue StandardError or specific subclasses
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_server.rb:89 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_server.rb#L89)
rescue Exception => e
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_server.rb:335 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_server.rb#L335)
rescue Exception => e
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:203 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L203)
rescue Exception => e
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_test.rb:31 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_test.rb#L31)
rescue Exception => e
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_test.rb:48 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_test.rb#L48)
rescue Exception => e
• rescue => e; raise e
• rescue modifier (foo rescue nil)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
6. SECURITY VULNERABILITIES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: code injection, unsafe deserialization, TLS off, weak crypto
Security bugs expose users to attacks and data breaches.
• eval/instance_eval/class_eval
🔥 CRITICAL (10 found)
eval*/_*eval present
Avoid executing dynamic code
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:255 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L255)
result = Kernel::eval(s,BINDING,path)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:758 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L758)
result = Kernel::eval(s, BINDING, path_with_extension)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager.rb:65 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager.rb#L65)
eval(OpenStudio::Measure::infoExtractorRubyFunction)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/openstudio_cli.rb:473 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/openstudio_cli.rb#L473)
s = eval(spec)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/openstudio_cli.rb:771 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/openstudio_cli.rb#L771)
eval(cmd, BINDING)
• Marshal/YAML unsafe loads
🔥 CRITICAL (1 found)
Unsafe deserialization
Use YAML.safe_load or JSON
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/test/RubyOperations_Test.rb:125 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/test/RubyOperations_Test.rb#L125)
b = Marshal.load(str)
• Backticks / %x() command execution
⚠ Warning (26 found)
Backtick command execution
Prefer system with argv array and validate inputs
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_bundle.rb:81 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_bundle.rb#L81)
# NOTE: if you have a test named test_bundle_no_install this looks for a
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_bundle.rb:82 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_bundle.rb#L82)
# subfolder named bundle_no_install with test.rb in there
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/FindEncodingProblems.rb:14 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/FindEncodingProblems.rb#L14)
output = file #{p}
• system/exec with single string (shell)
• TLS verify disabled
• Weak hash algorithms
⚠ Warning (2 found)
Weak hash usage
Use Digest::SHA256
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_embedded_ruby.rb:101 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_embedded_ruby.rb#L101)
Digest::MD5.hexdigest 'abc'
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_embedded_ruby.rb:145 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_embedded_ruby.rb#L145)
s = Digest::SHA1.hexdigest 'abc'
• Hardcoded secrets
• SecureRandom absent where tokens generated
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
7. SHELL / SUBPROCESS SAFETY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: system single-string, backticks, Kernel#open pipelines
Prefer argv array to avoid shell injection.
• Kernel#open with pipe
• system with interpolation
⚠ Warning (4 found)
Interpolated shell commands - sanitize inputs
• Preferred exec form
ℹ Info (5 found)
Use system('cmd', arg1, ...) to avoid shell
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
8. I/O & RESOURCE LIFECYCLE CORRELATION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: File.open without block, Dir.chdir global effects, Tempfile misuse
Use blocks to auto-close and avoid global state surprises.
• File.open without block
• Dir.chdir (global working dir)
ℹ Info (19 found)
Dir.chdir affects global state
Prefer chdir blocks or absolute paths
• Tempfile / Dir.mktmpdir without blocks
• Resource lifecycle correlation
🔥 CRITICAL (1 found)
File handles opened without close or block [developer/ruby/BlameFiles.rb]
Use File.open with a block or ensure close() in ensure (acquire=3, release=2)
🔥 CRITICAL (1 found)
File handles opened without close or block [ruby/test/RemoveSpikes&Overlaps_TZ46_TZ47_Test.rb]
Use File.open with a block or ensure close() in ensure (acquire=1, release=0)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
9. PARSING & TYPE CONVERSION BUGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: JSON.load/parse without rescue, Integer(x) vs to_i, time parsing
Prefer strict conversions with exceptions where appropriate.
• JSON.parse without rescue
⚠ Warning (25 found)
JSON.parse without error handling
Rescue JSON::ParserError
• String#to_i fallback vs Integer() strict
• Time.parse without zone/validation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
10. CONTROL FLOW GOTCHAS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: return in ensure, retry, nested ternary, next/break in ensure
Flow pitfalls cause lost exceptions or confusing semantics.
• return/break/next inside ensure
• Nested ternary (?:)
• retry usage
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
11. DEBUGGING & PRODUCTION CODE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: puts/p, pry/binding.irb, sensitive logs
Debug artifacts degrade performance or leak secrets.
• puts/p/pp statements
✓ OK Minimal direct printing
• pry/binding.irb/breakpoint
🔥 CRITICAL (3 found)
Debugger calls present
Remove before commit
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:146 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L146)
'byebug/byebug' => 'init_byebug',
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/run_with_byebug.rb:1 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/run_with_byebug.rb#L1)
require 'byebug'
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/run_with_byebug.rb:4 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/run_with_byebug.rb#L4)
byebug
• Logging sensitive data
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
12. PERFORMANCE & MEMORY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: string concat in loops, regex compile in loops, gsub in loops
Micro-optimizations can matter in hot paths.
• String concatenation in loops
ℹ Info (47 found)
String concat in loops
Use String#<< with capacity or Array#join
• Regexp.new / %r in loops (compile each iteration)
• gsub in loops
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
13. VARIABLE & SCOPE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: global variables, class variables, monkey patching core
Scope issues cause hard-to-debug conflicts and side effects.
• Global variables ($var)
⚠ Warning (240 found)
Use of global variables
Prefer dependency injection or constants
• Class variables (@@var)
ℹ Info (7 found)
Class variables used
Prefer class instance variables
• Core class reopen (monkey patch)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
14. CODE QUALITY MARKERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: TODO, FIXME, HACK, XXX, NOTE
Technical debt markers indicate incomplete or problematic code.
⚠ Warning (125 found)
Significant technical debt
Create tracking tickets
Breakdown:
TODO: 122
HACK: 1
XXX: 2
NOTE: 29
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
15. REGEX & STRING SAFETY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: ReDoS, dynamic regex with input, escaping issues
Regex bugs cause performance issues and security vulnerabilities.
• Nested quantifiers (ReDoS risk)
• Regexp.new from variables
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
16. CONCURRENCY & PARALLELISM
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: Thread.new without join, Ractor misuse patterns
Concurrency bugs lead to leaks and nondeterminism.
• Thread.new without join at callsite
• Ractor.new heavy usage
• Async error path coverage
ℹ Info (0 found)
ast-grep scan failed
Unable to compute async error coverage
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
17. RUBY/RAILS PRACTICALS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: frozen_string_literal pragma, mass assignment hints, csrf skip
Rails conventions and Ruby pragmas that impact safety/perf.
• Missing 'frozen_string_literal: true' pragma (heuristic)
──────── Combined Summary ────────
Files: 3988
Critical: 229
Warning: 30741
Info: 2373
Context
Based on this tool: https://github.com/Dicklesworthstone/ultimate_bug_scanner
Issue overview
Project: /Users/achapin/OpenStudio/openstudio-full/OpenStudio
Started: 2025-11-19T04:48:14Z
Files: 0 source files (rb,rake,ru,gemspec,erb,haml,slim,rbi,rbs,jbuilder)
✓ ast-grep available (ast-grep) - full AST analysis enabled
⚠ Bundler or Gemfile not detected - will run tools if globally installed
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: nil equality, deep method chains without guards, dig? usage
Prefer x.nil?, safe navigation (&.), and Hash#dig to avoid NoMethodError.
• == nil or != nil (prefer .nil?)
⚠ Warning (30 found)
Equality to nil
Use x.nil? / !x.nil?
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:61 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L61)
if strArray[i].index(/SWIGEXPORT void Init_/) != nil then
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:72 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L72)
if strArray[i].index(/Document-[\w]*: /) == nil then
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:79 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L79)
if ans != nil then
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:105 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L105)
if (ln.match(/static VALUE/) != nil) ||
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/SwigWrapToRDoc.rb:106 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/SwigWrapToRDoc.rb#L106)
(ln.match(/wrap/) != nil) ||
• Deep method chains (use &. / guards)
ℹ Info (307 found)
Fragile deep chaining
Consider &. or guard clauses
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_server.rb:163 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_server.rb#L163)
OpenStudio::LocalBCL.instance.measures.each do |local_measure|
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:28 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L28)
if p.to_s.chars.first == ':' then
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:183 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L183)
elsif path_with_extension.to_s.chars.first == ':'
• Hash#[] chained without dig
ℹ Info (96 found)
Nested [] access
Consider Hash#dig(:a,:b)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
2. NUMERIC / ARITHMETIC PITFALLS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: division by variable, float equality, modulo hazards
Guard divisors and avoid exact float equality.
• Division by variable (possible ÷0)
⚠ Warning (999 found)
Division by variable - verify non-zero
Guard: raise if denom.zero?
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/FindEncodingProblems.rb:9 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/FindEncodingProblems.rb#L9)
if /build/.match(p) || /style/.match(p)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/FindEncodingProblems.rb:16 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/FindEncodingProblems.rb#L16)
if /BOM/.match(output)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/AnalyzeDumpbin.rb:1 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/AnalyzeDumpbin.rb#L1)
# to run this script, change directories to /build/src and call it
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/AnalyzeDumpbin.rb:9 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/AnalyzeDumpbin.rb#L9)
excludes = [/boost-log/, /expat/, /gtest/, /libssh/, /litesql/, /qwt/, /sqlite/]
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/AnalyzeDumpbin.rb:24 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/AnalyzeDumpbin.rb#L24)
system("dumpbin/directives #{file} > #{tmpout1}")
• Float equality (==)
⚠ Warning (13 found)
Float equality comparison
Use tolerance: (a-b).abs < EPS
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/resources/isomodel/SimulationMeasure/measure.rb:1339 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/resources/isomodel/SimulationMeasure/measure.rb#L1339)
if not (wall_areas[i] == 0.0)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/resources/isomodel/SimulationMeasure/measure.rb:1346 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/resources/isomodel/SimulationMeasure/measure.rb#L1346)
if not (wall_U_area[i] == 0.0) # if any wall surfaces have a U value defined, use the weighted average of U values
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/resources/isomodel/SimulationMeasure/measure.rb:1363 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/resources/isomodel/SimulationMeasure/measure.rb#L1363)
if not (window_areas[i] == 0.0)
• Modulo by variable (verify non-zero)
ℹ Info (73 found)
Modulo operations - verify divisor non-zero
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
3. COLLECTION SAFETY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: index risks, mutation during iteration, length checks
Collection misuse leads to IndexError or subtle logic bugs.
• Index arithmetic like arr[i±1]
ℹ Info (6 found)
Index arithmetic present - review bounds
• Mutation during each/map
• length/size explicit zero checks
ℹ Info (54 found)
length/size == 0 checks
Prefer empty?/any?
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
4. COMPARISON & IDIOMS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: 'and/or' precedence, object identity, case equality misuse
Prefer &&/|| for precedence; avoid === misuse outside case.
• 'and'/'or' usage (precedence traps)
ℹ Info (690 found)
and/or used; precedence differs from &&/||
Prefer &&/|| in expressions
• Case equality (===) outside case/when
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
5. EXCEPTIONS & ERROR HANDLING
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: bare rescue, rescue Exception, swallowed errors, raise e
Proper exception handling preserves backtraces and avoids masking bugs.
• Bare rescue
⚠ Warning (13 found)
Bare rescue without class
Rescue specific errors
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager.rb:274 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager.rb#L274)
rescue
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager.rb:421 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager.rb#L421)
rescue
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager.rb:538 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager.rb#L538)
rescue
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_embedded_help.rb:130 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_embedded_help.rb#L130)
rescue
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_embedded_help.rb:172 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_embedded_help.rb#L172)
rescue
• rescue Exception
🔥 CRITICAL (13 found)
Rescuing Exception
Rescue StandardError or specific subclasses
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_server.rb:89 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_server.rb#L89)
rescue Exception => e
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_server.rb:335 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_server.rb#L335)
rescue Exception => e
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:203 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L203)
rescue Exception => e
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_test.rb:31 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_test.rb#L31)
rescue Exception => e
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager_test.rb:48 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager_test.rb#L48)
rescue Exception => e
• rescue => e; raise e
• rescue modifier (foo rescue nil)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
6. SECURITY VULNERABILITIES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: code injection, unsafe deserialization, TLS off, weak crypto
Security bugs expose users to attacks and data breaches.
• eval/instance_eval/class_eval
🔥 CRITICAL (10 found)
eval*/_*eval present
Avoid executing dynamic code
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:255 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L255)
result = Kernel::eval(s,BINDING,path)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:758 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L758)
result = Kernel::eval(s, BINDING, path_with_extension)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/measure_manager.rb:65 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/measure_manager.rb#L65)
eval(OpenStudio::Measure::infoExtractorRubyFunction)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/openstudio_cli.rb:473 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/openstudio_cli.rb#L473)
s = eval(spec)
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/openstudio_cli.rb:771 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/openstudio_cli.rb#L771)
eval(cmd, BINDING)
• Marshal/YAML unsafe loads
🔥 CRITICAL (1 found)
Unsafe deserialization
Use YAML.safe_load or JSON
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/test/RubyOperations_Test.rb:125 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/test/RubyOperations_Test.rb#L125)
b = Marshal.load(str)
• Backticks / %x() command execution
⚠ Warning (26 found)
Backtick command execution
Prefer system with argv array and validate inputs
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_bundle.rb:81 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_bundle.rb#L81)
# NOTE: if you have a test named
test_bundle_no_installthis looks for a/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_bundle.rb:82 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_bundle.rb#L82)
# subfolder named
bundle_no_installwith test.rb in there/Users/achapin/OpenStudio/openstudio-full/OpenStudio/developer/ruby/FindEncodingProblems.rb:14 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/developer/ruby/FindEncodingProblems.rb#L14)
output =
file #{p}• system/exec with single string (shell)
• TLS verify disabled
• Weak hash algorithms
⚠ Warning (2 found)
Weak hash usage
Use Digest::SHA256
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_embedded_ruby.rb:101 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_embedded_ruby.rb#L101)
Digest::MD5.hexdigest 'abc'
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/test_embedded_ruby.rb:145 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/test_embedded_ruby.rb#L145)
s = Digest::SHA1.hexdigest 'abc'
• Hardcoded secrets
• SecureRandom absent where tokens generated
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
7. SHELL / SUBPROCESS SAFETY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: system single-string, backticks, Kernel#open pipelines
Prefer argv array to avoid shell injection.
• Kernel#open with pipe
• system with interpolation
⚠ Warning (4 found)
Interpolated shell commands - sanitize inputs
• Preferred exec form
ℹ Info (5 found)
Use system('cmd', arg1, ...) to avoid shell
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
8. I/O & RESOURCE LIFECYCLE CORRELATION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: File.open without block, Dir.chdir global effects, Tempfile misuse
Use blocks to auto-close and avoid global state surprises.
• File.open without block
• Dir.chdir (global working dir)
ℹ Info (19 found)
Dir.chdir affects global state
Prefer chdir blocks or absolute paths
• Tempfile / Dir.mktmpdir without blocks
• Resource lifecycle correlation
🔥 CRITICAL (1 found)
File handles opened without close or block [developer/ruby/BlameFiles.rb]
Use File.open with a block or ensure close() in ensure (acquire=3, release=2)
🔥 CRITICAL (1 found)
File handles opened without close or block [ruby/test/RemoveSpikes&Overlaps_TZ46_TZ47_Test.rb]
Use File.open with a block or ensure close() in ensure (acquire=1, release=0)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
9. PARSING & TYPE CONVERSION BUGS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: JSON.load/parse without rescue, Integer(x) vs to_i, time parsing
Prefer strict conversions with exceptions where appropriate.
• JSON.parse without rescue
⚠ Warning (25 found)
JSON.parse without error handling
Rescue JSON::ParserError
• String#to_i fallback vs Integer() strict
• Time.parse without zone/validation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
10. CONTROL FLOW GOTCHAS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: return in ensure, retry, nested ternary, next/break in ensure
Flow pitfalls cause lost exceptions or confusing semantics.
• return/break/next inside ensure
• Nested ternary (?:)
• retry usage
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
11. DEBUGGING & PRODUCTION CODE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: puts/p, pry/binding.irb, sensitive logs
Debug artifacts degrade performance or leak secrets.
• puts/p/pp statements
✓ OK Minimal direct printing
• pry/binding.irb/breakpoint
🔥 CRITICAL (3 found)
Debugger calls present
Remove before commit
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/ruby/engine/embedded_help.rb:146 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/ruby/engine/embedded_help.rb#L146)
'byebug/byebug' => 'init_byebug',
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/run_with_byebug.rb:1 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/run_with_byebug.rb#L1)
require 'byebug'
/Users/achapin/OpenStudio/openstudio-full/OpenStudio/src/cli/test/run_with_byebug.rb:4 (https://github.com/NREL/OpenStudio/blob/c7f13ad61579ceacf4fbe742b9a6e0c71a14cb4d/src/cli/test/run_with_byebug.rb#L4)
byebug
• Logging sensitive data
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
12. PERFORMANCE & MEMORY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: string concat in loops, regex compile in loops, gsub in loops
Micro-optimizations can matter in hot paths.
• String concatenation in loops
ℹ Info (47 found)
String concat in loops
Use String#<< with capacity or Array#join
• Regexp.new / %r in loops (compile each iteration)
• gsub in loops
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
13. VARIABLE & SCOPE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: global variables, class variables, monkey patching core
Scope issues cause hard-to-debug conflicts and side effects.
• Global variables ($var)
⚠ Warning (240 found)
Use of global variables
Prefer dependency injection or constants
• Class variables (@@var)
ℹ Info (7 found)
Class variables used
Prefer class instance variables
• Core class reopen (monkey patch)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
14. CODE QUALITY MARKERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: TODO, FIXME, HACK, XXX, NOTE
Technical debt markers indicate incomplete or problematic code.
⚠ Warning (125 found)
Significant technical debt
Create tracking tickets
Breakdown:
TODO: 122
HACK: 1
XXX: 2
NOTE: 29
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
15. REGEX & STRING SAFETY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: ReDoS, dynamic regex with input, escaping issues
Regex bugs cause performance issues and security vulnerabilities.
• Nested quantifiers (ReDoS risk)
• Regexp.new from variables
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
16. CONCURRENCY & PARALLELISM
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: Thread.new without join, Ractor misuse patterns
Concurrency bugs lead to leaks and nondeterminism.
• Thread.new without join at callsite
• Ractor.new heavy usage
• Async error path coverage
ℹ Info (0 found)
ast-grep scan failed
Unable to compute async error coverage
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
17. RUBY/RAILS PRACTICALS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
▓▓▓ Detects: frozen_string_literal pragma, mass assignment hints, csrf skip
Rails conventions and Ruby pragmas that impact safety/perf.
• Missing 'frozen_string_literal: true' pragma (heuristic)
──────── Combined Summary ────────
Files: 3988
Critical: 229
Warning: 30741
Info: 2373
Context
Based on this tool: https://github.com/Dicklesworthstone/ultimate_bug_scanner