Class: Brakeman::Tracker

Inherits:
Object
  • Object
show all
Defined in:
lib/brakeman/tracker.rb

Overview

The Tracker keeps track of all the processed information.

Constant Summary

UNKNOWN_MODEL =

Place holder when there should be a model, but it is not clear what model it will be.

:BrakemanUnresolvedModel

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (Tracker) initialize(processor = nil, options = {})

Creates a new Tracker.

The Processor argument is only used by other Processors that might need to access it.



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/brakeman/tracker.rb', line 22

def initialize processor = nil, options = {}
  @processor = processor
  @options = options
  @config = {}
  @templates = {}
  @controllers = {}
  #Initialize models with the unknown model so
  #we can match models later without knowing precisely what
  #class they are.
  @models = { UNKNOWN_MODEL => { :name => UNKNOWN_MODEL,
      :parent => nil,
      :includes => [],
      :public => {},
      :private => {},
      :protected => {},
      :options => {} } }
  @routes = {}
  @initializers = {}
  @errors = []
  @libs = {}
  @checks = nil
  @processed = nil
  @template_cache = Set.new
  @call_index = nil
end

Instance Attribute Details

- (Object) checks

Returns the value of attribute checks



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def checks
  @checks
end

- (Object) config

Returns the value of attribute config



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def config
  @config
end

- (Object) controllers

Returns the value of attribute controllers



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def controllers
  @controllers
end

- (Object) errors

Returns the value of attribute errors



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def errors
  @errors
end

- (Object) initializers

Returns the value of attribute initializers



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def initializers
  @initializers
end

- (Object) libs

Returns the value of attribute libs



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def libs
  @libs
end

- (Object) models

Returns the value of attribute models



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def models
  @models
end

- (Object) options

Returns the value of attribute options



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def options
  @options
end

- (Object) processor

Returns the value of attribute processor



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def processor
  @processor
end

- (Object) routes

Returns the value of attribute routes



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def routes
  @routes
end

- (Object) template_cache

Returns the value of attribute template_cache



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def template_cache
  @template_cache
end

- (Object) templates

Returns the value of attribute templates



10
11
12
 
# File 'lib/brakeman/tracker.rb', line 10

def templates
  @templates
end

Instance Method Details

- (Object) check_initializers(target, method)

Searches the initializers for a method call



126
127
128
129
130
131
132
133
134
 
# File 'lib/brakeman/tracker.rb', line 126

def check_initializers target, method
  finder = Brakeman::FindCall.new target, method, self

  initializers.each do |name, initializer|
    finder.process_source initializer
  end

  finder.matches
end

- (Object) each_method

Iterate over all methods in controllers and models.



66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/brakeman/tracker.rb', line 66

def each_method
  [self.controllers, self.models].each do |set|
    set.each do |set_name, info|
      [:private, :public, :protected].each do |visibility|
        info[visibility].each do |method_name, definition|
          if definition.node_type == :selfdef
            method_name = "#{definition[1]}.#{method_name}"
          end

          yield definition, set_name, method_name

        end
      end
    end
  end
end

- (Object) each_template

Iterates over each template, yielding the name and the template. Prioritizes templates which have been rendered.



85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/brakeman/tracker.rb', line 85

def each_template
  if @processed.nil?
    @processed, @rest = templates.keys.partition { |k| k.to_s.include? "." }
  end

  @processed.each do |k|
    yield k, templates[k]
  end

  @rest.each do |k|
    yield k, templates[k]
  end
end

- (Object) error(exception, backtrace = nil)

Add an error to the list. If no backtrace is given, the one from the exception will be used.



50
51
52
53
54
55
56
57
 
# File 'lib/brakeman/tracker.rb', line 50

def error exception, backtrace = nil
  backtrace ||= exception.backtrace
  unless backtrace.is_a? Array
    backtrace = [ backtrace ]
  end

  @errors << { :error => exception.to_s.gsub("\n", " "), :backtrace => backtrace }
end

- (Object) find_call(options)

Find a method call.

Options:

* :target => target name(s)
* :method => method name(s)
* :chained => search in method chains

If :target => false or :target => nil, searches for methods without a target. Targets and methods can be specified as a symbol, an array of symbols, or a regular expression.

If :chained => true, matches target at head of method chain and method at end.

For example:

find_call :target => User, :method => :all, :chained => true

could match

User.human.active.all(...)


120
121
122
123
 
# File 'lib/brakeman/tracker.rb', line 120

def find_call options
  index_call_sites unless @call_index
  @call_index.find_calls options
end

- (Object) index_call_sites 



141
142
143
144
145
146
147
148
149
150
151
152
153
 
# File 'lib/brakeman/tracker.rb', line 141

def index_call_sites
  finder = Brakeman::FindAllCalls.new self

  self.each_method do |definition, set_name, method_name|
    finder.process_source definition, set_name, method_name
  end

  self.each_template do |name, template|
    finder.process_source template[:src], nil, nil, template
  end

  @call_index = Brakeman::CallIndex.new finder.calls
end

- (Object) reindex_call_sites(locations)

Reindex call sites

Takes a set of symbols which can include :templates, :models, or :controllers

This will limit reindexing to the given sets



161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
 
# File 'lib/brakeman/tracker.rb', line 161

def reindex_call_sites locations
  #If reindexing templates, models, and controllers, just redo
  #everything
  if locations.length == 3
    return index_call_sites
  end

  if locations.include? :templates
    @call_index.remove_template_indexes
  end

  classes_to_reindex = Set.new
  method_sets = []

  if locations.include? :models
    classes_to_reindex.merge self.models.keys
    method_sets << self.models
  end

  if locations.include? :controllers
    classes_to_reindex.merge self.controllers.keys
    method_sets << self.controllers
  end

  @call_index.remove_indexes_by_class classes_to_reindex

  finder = Brakeman::FindAllCalls.new self

  method_sets.each do |set|
    set.each do |set_name, info|
      [:private, :public, :protected].each do |visibility|
        info[visibility].each do |method_name, definition|
          if definition.node_type == :selfdef
            method_name = "#{definition[1]}.#{method_name}"
          end

          finder.process_source definition, set_name, method_name

        end
      end
    end
  end

  if locations.include? :templates
    self.each_template do |name, template|
      finder.process_source template[:src], nil, nil, template
    end
  end

  @call_index.index_calls finder.calls
end

- (Object) report

Returns a Report with this Tracker's information



137
138
139
 
# File 'lib/brakeman/tracker.rb', line 137

def report
  Brakeman::Report.new(self)
end

- (Object) reset_model(path)

Clear information related to model



238
239
240
241
242
243
244
245
246
247
248
249
 
# File 'lib/brakeman/tracker.rb', line 238

def reset_model path
  model_name = nil

  @models.each do |name, model|
    if model[:file] == path
      model_name = name
      break
    end
  end

  @models.delete model_name
end

- (Object) reset_routes

Clear information about routes



252
253
254
 
# File 'lib/brakeman/tracker.rb', line 252

def reset_routes
  @routes = {}
end

- (Object) reset_template(name)

Clear information related to template



230
231
232
233
234
235
 
# File 'lib/brakeman/tracker.rb', line 230

def reset_template name
  name = name.to_sym
  @templates.delete name
  @processed = nil
  @rest = nil
end

- (Object) reset_templates(options = { :only_rendered => false })

Clear information related to templates. If :only_rendered => true, will delete templates rendered from controllers (but not those rendered from other templates)



216
217
218
219
220
221
222
223
224
225
226
227
 
# File 'lib/brakeman/tracker.rb', line 216

def reset_templates options = { :only_rendered => false }
  if options[:only_rendered]
    @templates.delete_if do |name, template|
      name.to_s.include? "Controller#"
    end
  else
    @templates = {}
  end
  @processed = nil
  @rest = nil
  @template_cache.clear
end

- (Object) run_checks

Run a set of checks on the current information. Results will be stored in Tracker#checks.



61
62
63
 
# File 'lib/brakeman/tracker.rb', line 61

def run_checks
  @checks = Brakeman::Checks.run_checks(self)
end