There are three main phases in the algorithm:
Sanitize/format input source
Search for invalid blocks
Format invalid blocks into something meaningful
The Code frontier is a critical part of the second step
## Knowing where we’ve been
Once a code block is generated it is added onto the frontier. Then it will be sorted by indentation and frontier can be filtered. Large blocks that fully enclose a smaller block will cause the smaller block to be evicted.
CodeFrontier#<<(block) # Adds block to frontier CodeFrontier#pop # Removes block from frontier
## Knowing where we can go
Internally the frontier keeps track of “unvisited” lines which are exposed via ‘next_indent_line` when called, this method returns, a line of code with the highest indentation.
The returned line of code can be used to build a CodeBlock and then that code block is added back to the frontier. Then, the lines are removed from the “unvisited” so we don’t double-create the same block.
CodeFrontier#next_indent_line # Shows next line CodeFrontier#register_indent_block(block) # Removes lines from unvisited
## Knowing when to stop
The frontier knows how to check the entire document for a syntax error. When blocks are added onto the frontier, they’re removed from the document. When all code containing syntax errors has been added to the frontier, the document will be parsable without a syntax error and the search can stop.
CodeFrontier#holds_all_syntax_errors? # Returns true when frontier holds all syntax errors
## Filtering false positives
Once the search is completed, the frontier may have multiple blocks that do not contain the syntax error. To limit the result to the smallest subset of “invalid blocks” call:
CodeFrontier#detect_invalid_blocks
Used for formatting invalid blocks
Converts a SyntaxError message to a path
Handles the case where the filename has a colon in it such as on a windows file system: github.com/ruby/syntax_suggest/issues/111
Example:
message = "/tmp/scratch:2:in `require_relative': /private/tmp/bad.rb:1: syntax error, unexpected `end' (SyntaxError)" puts PathnameFromMessage.new(message).call.name # => "/tmp/scratch.rb"
Keeps track of what elements are in the queue in priority and also ensures that when one element engulfs/covers/eats another that the larger element evicts the smaller element
Holds elements in a priority heap on insert
Instead of constantly calling ‘sort!`, put the element where it belongs the first time around
Example:
queue = PriorityQueue.new queue << 33 queue << 44 queue << 1 puts queue.peek # => 44
Capture parse errors from Ripper
Prism returns the errors with their messages, but Ripper does not. To get them we must make a custom subclass.
Example:
puts RipperErrors.new(" def foo").call.errors # => ["syntax error, unexpected end-of-input, expecting ';' or '\\n'"]
Raised by Timeout.timeout when the block times out.
Base class for all URI exceptions.
Not a URI.
Not a URI component.
URI is valid, bad usage is not.
RefError is raised when a referenced object has been recycled by the garbage collector
Raised when a mathematical function is evaluated outside of its domain of definition.
For example, since cos returns values in the range -1..1, its inverse function acos is only defined on that interval:
Math.acos(42)
produces:
Math::DomainError: Numerical argument is out of domain - "acos"
Raised on attempt to Ractor#take if there was an uncaught exception in the Ractor. Its cause will contain the original exception, and ractor is the original ractor it was raised in.
r = Ractor.new { raise "Something weird happened" } begin r.take rescue => e p e # => #<Ractor::RemoteError: thrown by remote Ractor.> p e.ractor == r # => true p e.cause # => #<RuntimeError: Something weird happened> end
Raised on an attempt to access an object which was moved in Ractor#send or Ractor.yield.
r = Ractor.new { sleep } ary = [1, 2, 3] r.send(ary, move: true) ary.inspect # Ractor::MovedError (can not send any methods to a moved object)
Raised when an attempt is made to send a message to a closed port, or to retrieve a message from a closed and empty port. Ports may be closed explicitly with Ractor#close_outgoing/close_incoming and are closed implicitly when a Ractor terminates.
r = Ractor.new { sleep(500) } r.close_outgoing r.take # Ractor::ClosedError
ClosedError is a descendant of StopIteration, so the closing of the ractor will break the loops without propagating the error:
r = Ractor.new do loop do msg = receive # raises ClosedError and loop traps it puts "Received: #{msg}" end puts "loop exited" end 3.times{|i| r << i} r.close_incoming r.take puts "Continue successfully"
This will print:
Received: 0 Received: 1 Received: 2 loop exited Continue successfully
Raised by Encoding and String methods when the string being transcoded contains a byte invalid for the either the source or target encoding.
Raised by transcoding methods when a named encoding does not correspond with a known converter.
OpenSSL::OCSP implements Online Certificate Status Protocol requests and responses.
Creating and sending an OCSP request requires a subject certificate that contains an OCSP URL in an authorityInfoAccess extension and the issuer certificate for the subject certificate. First, load the issuer and subject certificates:
subject = OpenSSL::X509::Certificate.new subject_pem issuer = OpenSSL::X509::Certificate.new issuer_pem
To create the request we need to create a certificate ID for the subject certificate so the CA knows which certificate we are asking about:
digest = OpenSSL::Digest.new('SHA1') certificate_id = OpenSSL::OCSP::CertificateId.new subject, issuer, digest
Then create a request and add the certificate ID to it:
request = OpenSSL::OCSP::Request.new request.add_certid certificate_id
Adding a nonce to the request protects against replay attacks but not all CA process the nonce.
request.add_nonce
To submit the request to the CA for verification we need to extract the OCSP URI from the subject certificate:
ocsp_uris = subject.ocsp_uris require 'uri' ocsp_uri = URI ocsp_uris[0]
To submit the request we’ll POST the request to the OCSP URI (per RFC 2560). Note that we only handle HTTP requests and don’t handle any redirects in this example, so this is insufficient for serious use.
require 'net/http' http_response = Net::HTTP.start ocsp_uri.hostname, ocsp_uri.port do |http| http.post ocsp_uri.path, request.to_der, 'content-type' => 'application/ocsp-request' end response = OpenSSL::OCSP::Response.new http_response.body response_basic = response.basic
First we check if the response has a valid signature. Without a valid signature we cannot trust it. If you get a failure here you may be missing a system certificate store or may be missing the intermediate certificates.
store = OpenSSL::X509::Store.new store.set_default_paths unless response_basic.verify [], store then raise 'response is not signed by a trusted certificate' end
The response contains the status information (success/fail). We can display the status as a string:
puts response.status_string #=> successful
Next we need to know the response details to determine if the response matches our request. First we check the nonce. Again, not all CAs support a nonce. See Request#check_nonce for the meanings of the return values.
p request.check_nonce basic_response #=> value from -1 to 3
Then extract the status information for the certificate from the basic response.
single_response = basic_response.find_response(certificate_id) unless single_response raise 'basic_response does not have the status for the certificate' end
Then check the validity. A status issued in the future must be rejected.
unless single_response.check_validity
raise 'this_update is in the future or next_update time has passed'
end
case single_response.cert_status
when OpenSSL::OCSP::V_CERTSTATUS_GOOD
puts 'certificate is still valid'
when OpenSSL::OCSP::V_CERTSTATUS_REVOKED
puts "certificate has been revoked at #{single_response.revocation_time}"
when OpenSSL::OCSP::V_CERTSTATUS_UNKNOWN
puts 'responder doesn't know about the certificate'
end