Class: Brakeman::AliasProcessor
- Inherits:
-
SexpProcessor
- Object
- SexpProcessor
- Brakeman::AliasProcessor
- Includes:
- ProcessorHelper, Util
- Defined in:
- lib/brakeman/processors/alias_processor.rb
Overview
Returns an s-expression with aliases replaced with their value. This does not preserve semantics (due to side effects, etc.), but it makes processing easier when searching for various things.
Direct Known Subclasses
ConfigAliasProcessor, ControllerAliasProcessor, RouteAliasProcessor, TemplateAliasProcessor
Constant Summary
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::PARAMETERS, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION
Constants inherited from SexpProcessor
Instance Attribute Summary collapse
-
#result ⇒ Object
readonly
Returns the value of attribute result.
Attributes inherited from SexpProcessor
Instance Method Summary collapse
- #duplicate?(exp) ⇒ Boolean
-
#find_push_target(exp) ⇒ Object
Finds the inner most call target which is not the target of a call to <<.
-
#initialize(tracker = nil) ⇒ AliasProcessor
constructor
Returns a new AliasProcessor with an empty environment.
-
#join_arrays(array1, array2) ⇒ Object
Join two array literals into one.
-
#join_strings(string1, string2) ⇒ Object
Join two string literals into one.
-
#only_ivars(include_request_vars = false) ⇒ Object
Returns a new SexpProcessor::Environment containing only instance variables.
-
#process_array_access(target, args) ⇒ Object
Process single integer access to an array.
-
#process_attrasgn(exp) ⇒ Object
‘Attribute’ assignment x.y = 1 or x = 1.
-
#process_block(exp) ⇒ Object
Start new scope for block.
-
#process_call(exp) ⇒ Object
Process a method call.
-
#process_cdecl(exp) ⇒ Object
Constant assignments like BIG_CONSTANT = 234810983.
-
#process_cvdecl(exp) ⇒ Object
Class variable assignment @@x = 1.
-
#process_default(exp) ⇒ Object
Process a Sexp.
-
#process_gasgn(exp) ⇒ Object
Global assignment $x = 1.
-
#process_hash_access(target, args) ⇒ Object
Process hash access by returning the value associated with the given arguments.
-
#process_hash_merge(hash, args) ⇒ Object
Return a new hash Sexp with the given values merged into it.
-
#process_hash_merge!(hash, args) ⇒ Object
Merge values into hash when processing.
-
#process_iasgn(exp) ⇒ Object
Instance variable assignment.
-
#process_if(exp) ⇒ Object
Sets @inside_if = true.
-
#process_lasgn(exp) ⇒ Object
Local assignment x = 1.
-
#process_methdef(exp) ⇒ Object
(also: #process_defn)
Process a method definition.
-
#process_op_asgn1(exp) ⇒ Object
Assignments like this x ||= 1.
-
#process_op_asgn2(exp) ⇒ Object
Assignments like this x.y ||= 1.
-
#process_safely(src, set_env = nil) ⇒ Object
This method processes the given Sexp, but copies it first so the original argument will not be modified.
-
#process_scope(exp) ⇒ Object
Process a new scope.
-
#process_selfdef(exp) ⇒ Object
(also: #process_defs)
Process a method definition on self.
- #process_svalue(exp) ⇒ Object
-
#set_line(exp, line_number) ⇒ Object
Set line nunber for
exp
and every Sexp it contains.
Methods included from Util
#array?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #node_type?, #number?, #params?, #pluralize, #regexp?, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #process, #process_dummy, #scope
Constructor Details
#initialize(tracker = nil) ⇒ AliasProcessor
Returns a new AliasProcessor with an empty environment.
The recommended usage is:
AliasProcessor.new.process_safely src
19 20 21 22 23 24 25 26 27 28 |
# File 'lib/brakeman/processors/alias_processor.rb', line 19 def initialize tracker = nil super() @env = SexpProcessor::Environment.new @inside_if = false @ignore_ifs = false @exp_context = [] @current_module = nil @tracker = tracker #set in subclass as necessary set_env_defaults end |
Instance Attribute Details
#result ⇒ Object (readonly)
Returns the value of attribute result.
12 13 14 |
# File 'lib/brakeman/processors/alias_processor.rb', line 12 def result @result end |
Instance Method Details
#duplicate?(exp) ⇒ Boolean
540 541 542 543 544 545 546 |
# File 'lib/brakeman/processors/alias_processor.rb', line 540 def duplicate? exp @exp_context[0..-2].reverse_each do |e| return true if exp == e end false end |
#find_push_target(exp) ⇒ Object
Finds the inner most call target which is not the target of a call to <<
532 533 534 535 536 537 538 |
# File 'lib/brakeman/processors/alias_processor.rb', line 532 def find_push_target exp if call? exp and exp[2] == :<< find_push_target exp[1] else exp end end |
#join_arrays(array1, array2) ⇒ Object
Join two array literals into one.
476 477 478 479 480 |
# File 'lib/brakeman/processors/alias_processor.rb', line 476 def join_arrays array1, array2 result = Sexp.new(:array) result.concat array1[1..-1] result.concat array2[1..-1] end |
#join_strings(string1, string2) ⇒ Object
Join two string literals into one.
483 484 485 486 487 488 489 490 491 |
# File 'lib/brakeman/processors/alias_processor.rb', line 483 def join_strings string1, string2 result = Sexp.new(:str) result[1] = string1[1] + string2[1] if result[1].length > 50 string1 else result end end |
#only_ivars(include_request_vars = false) ⇒ Object
Returns a new SexpProcessor::Environment containing only instance variables. This is useful, for example, when processing views.
495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 |
# File 'lib/brakeman/processors/alias_processor.rb', line 495 def only_ivars include_request_vars = false res = SexpProcessor::Environment.new if include_request_vars env.all.each do |k, v| #TODO Why would this have nil values? if (k.node_type == :ivar or request_value? k) and not v.nil? res[k] = v.dup end end else env.all.each do |k, v| #TODO Why would this have nil values? if k.node_type == :ivar and not v.nil? res[k] = v.dup end end end res end |
#process_array_access(target, args) ⇒ Object
Process single integer access to an array.
Returns the value inside the array, if possible.
452 453 454 455 456 457 458 459 460 461 |
# File 'lib/brakeman/processors/alias_processor.rb', line 452 def process_array_access target, args if args.length == 1 and integer? args.first index = args.first.value #Have to do this because first element is :array and we have to skip it target[1..-1][index] else nil end end |
#process_attrasgn(exp) ⇒ Object
‘Attribute’ assignment x.y = 1 or x = 1
299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 |
# File 'lib/brakeman/processors/alias_processor.rb', line 299 def process_attrasgn exp tar_variable = exp.target target = exp.target = process(exp.target) method = exp.method args = exp.args if method == :[]= index = exp.first_arg = process(args.first) value = exp.second_arg = process(args.second) match = Sexp.new(:call, target, :[], Sexp.new(:arglist, index)) env[match] = value if hash? target env[tar_variable] = hash_insert target.deep_clone, index, value end elsif method.to_s[-1,1] == "=" value = exp.first_arg = process(args.first) #This is what we'll replace with the value match = Sexp.new(:call, target, method.to_s[0..-2].to_sym, Sexp.new(:arglist)) if @inside_if and val = env[match] if val != value env[match] = Sexp.new(:or, env[match], value) end else env[match] = value end else raise "Unrecognized assignment: #{exp}" end exp end |
#process_block(exp) ⇒ Object
Start new scope for block.
197 198 199 200 201 |
# File 'lib/brakeman/processors/alias_processor.rb', line 197 def process_block exp env.scope do process_default exp end end |
#process_call(exp) ⇒ Object
Process a method call.
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
# File 'lib/brakeman/processors/alias_processor.rb', line 99 def process_call exp target_var = exp.target exp = process_default exp #In case it is replaced with something else unless call? exp return exp end target = exp.target method = exp.method args = exp[3] first_arg = exp.first_arg #See if it is possible to simplify some basic cases #of addition/concatenation. case method when :+ if array? target and array? first_arg joined = join_arrays target, first_arg joined.line(exp.line) exp = joined elsif string? first_arg if string? target # "blah" + "blah" joined = join_strings target, first_arg joined.line(exp.line) exp = joined elsif call? target and target.method == :+ and string? target.first_arg joined = join_strings target.first_arg, first_arg joined.line(exp.line) target.first_arg = joined exp = target end elsif number? first_arg if number? target exp = Sexp.new(:lit, target.value + first_arg.value) elsif call? target and target.method == :+ and number? target.first_arg target.first_arg = Sexp.new(:lit, target.first_arg.value + first_arg.value) exp = target end end when :- if number? target and number? first_arg exp = Sexp.new(:lit, target.value - first_arg.value) end when :* if number? target and number? first_arg exp = Sexp.new(:lit, target.value * first_arg.value) end when :/ if number? target and number? first_arg exp = Sexp.new(:lit, target.value / first_arg.value) end when :[] if array? target temp_exp = process_array_access target, exp.args exp = temp_exp if temp_exp elsif hash? target temp_exp = process_hash_access target, exp.args exp = temp_exp if temp_exp end when :merge!, :update if hash? target and hash? first_arg target = process_hash_merge! target, first_arg env[target_var] = target return target end when :merge if hash? target and hash? first_arg return process_hash_merge(target, first_arg) end when :<< if string? target and string? first_arg target.value << first_arg.value env[target_var] = target return target elsif array? target target << first_arg env[target_var] = target return target else target = find_push_target exp env[target] = exp unless target.nil? #Happens in TemplateAliasProcessor end end exp end |
#process_cdecl(exp) ⇒ Object
Constant assignments like BIG_CONSTANT = 234810983
401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 |
# File 'lib/brakeman/processors/alias_processor.rb', line 401 def process_cdecl exp if sexp? exp.rhs exp.rhs = process exp.rhs end if exp.lhs.is_a? Symbol match = Sexp.new(:const, exp.lhs) else match = exp.lhs end env[match] = exp.rhs exp end |
#process_cvdecl(exp) ⇒ Object
Class variable assignment @@x = 1
280 281 282 283 284 285 286 287 288 289 290 291 292 293 |
# File 'lib/brakeman/processors/alias_processor.rb', line 280 def process_cvdecl exp match = Sexp.new(:cvar, exp.lhs) value = exp.rhs = process(exp.rhs) if @inside_if and val = env[match] if val != value env[match] = Sexp.new(:or, env[match], value) end else env[match] = value end exp end |
#process_default(exp) ⇒ Object
Process a Sexp. If the Sexp has a value associated with it in the environment, that value will be returned.
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'lib/brakeman/processors/alias_processor.rb', line 69 def process_default exp @exp_context.push exp begin exp.each_with_index do |e, i| next if i == 0 if sexp? e and not e.empty? exp[i] = process e else e end end rescue Exception => err @tracker.error err if @tracker end #Generic replace if replacement = env[exp] and not duplicate? replacement result = set_line replacement.deep_clone, exp.line else result = exp end @exp_context.pop result end |
#process_gasgn(exp) ⇒ Object
Global assignment $x = 1
263 264 265 266 267 268 269 270 271 272 273 274 275 276 |
# File 'lib/brakeman/processors/alias_processor.rb', line 263 def process_gasgn exp match = Sexp.new(:gvar, exp.lhs) value = exp.rhs = process(exp.rhs) if @inside_if and val = env[match] if val != value env[match] = Sexp.new(:or, env[match], value) end else env[match] = value end exp end |
#process_hash_access(target, args) ⇒ Object
Process hash access by returning the value associated with the given arguments.
465 466 467 468 469 470 471 472 473 |
# File 'lib/brakeman/processors/alias_processor.rb', line 465 def process_hash_access target, args if args.length == 1 index = args[0] hash_access(target, index) else nil end end |
#process_hash_merge(hash, args) ⇒ Object
Return a new hash Sexp with the given values merged into it.
args
should be a hash Sexp as well.
348 349 350 351 352 353 354 |
# File 'lib/brakeman/processors/alias_processor.rb', line 348 def process_hash_merge hash, args hash = hash.deep_clone hash_iterate args do |key, replacement| hash_insert hash, key, replacement end hash end |
#process_hash_merge!(hash, args) ⇒ Object
Merge values into hash when processing
h.merge! :something => “value”
335 336 337 338 339 340 341 342 343 |
# File 'lib/brakeman/processors/alias_processor.rb', line 335 def process_hash_merge! hash, args hash = hash.deep_clone hash_iterate args do |key, replacement| hash_insert hash, key, replacement match = Sexp.new(:call, hash, :[], Sexp.new(:arglist, key)) env[match] = replacement end hash end |
#process_iasgn(exp) ⇒ Object
Instance variable assignment
246 247 248 249 250 251 252 253 254 255 256 257 258 259 |
# File 'lib/brakeman/processors/alias_processor.rb', line 246 def process_iasgn exp exp.rhs = process exp.rhs ivar = Sexp.new(:ivar, exp.lhs).line(exp.line) if @inside_if and val = env[ivar] if val != exp.rhs env[ivar] = Sexp.new(:or, val, exp.rhs).line(exp.line) end else env[ivar] = exp.rhs end exp end |
#process_if(exp) ⇒ Object
Sets @inside_if = true
418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 |
# File 'lib/brakeman/processors/alias_processor.rb', line 418 def process_if exp @ignore_ifs ||= @tracker && @tracker.[:ignore_ifs] condition = process exp.condition if true? condition exps = [exp.then_clause] elsif false? condition exps = exp[3..-1] else exps = exp[2..-1] end was_inside = @inside_if @inside_if = !@ignore_ifs exps.each do |e| if sexp? e if e.node_type == :block process_default e #avoid creating new scope else process e end end end @inside_if = was_inside exp end |
#process_lasgn(exp) ⇒ Object
Local assignment x = 1
226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 |
# File 'lib/brakeman/processors/alias_processor.rb', line 226 def process_lasgn exp exp.rhs = process exp.rhs if sexp? exp.rhs return exp if exp.rhs.nil? local = Sexp.new(:lvar, exp.lhs).line(exp.line || -2) if @inside_if and val = env[local] #avoid setting to value it already is (e.g. "1 or 1") if val != exp.rhs and val[1] != exp.rhs and val[2] != exp.rhs env[local] = Sexp.new(:or, val, exp.rhs).line(exp.line || -2) end else env[local] = exp.rhs end exp end |
#process_methdef(exp) ⇒ Object Also known as: process_defn
Process a method definition.
204 205 206 207 208 209 210 |
# File 'lib/brakeman/processors/alias_processor.rb', line 204 def process_methdef exp env.scope do set_env_defaults process exp.body end exp end |
#process_op_asgn1(exp) ⇒ Object
Assignments like this x ||= 1
358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 |
# File 'lib/brakeman/processors/alias_processor.rb', line 358 def process_op_asgn1 exp return process_default(exp) if exp[3] != :"||" target = exp[1] = process(exp[1]) index = exp[2][1] = process(exp[2][1]) value = exp[4] = process(exp[4]) match = Sexp.new(:call, target, :[], Sexp.new(:arglist, index)) unless env[match] if request_value? target env[match] = Sexp.new(:or, match, value) else env[match] = value end end exp end |
#process_op_asgn2(exp) ⇒ Object
Assignments like this x.y ||= 1
379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 |
# File 'lib/brakeman/processors/alias_processor.rb', line 379 def process_op_asgn2 exp return process_default(exp) if exp[3] != :"||" target = exp[1] = process(exp[1]) value = exp[4] = process(exp[4]) method = exp[2] match = Sexp.new(:call, target, method.to_s[0..-2].to_sym, Sexp.new(:arglist)) unless env[match] env[match] = value end exp end |
#process_safely(src, set_env = nil) ⇒ Object
This method processes the given Sexp, but copies it first so the original argument will not be modified.
set_env should be an instance of SexpProcessor::Environment. If provided, it will be used as the starting environment.
This method returns a new Sexp with variables replaced with their values, where possible.
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/brakeman/processors/alias_processor.rb', line 38 def process_safely src, set_env = nil @env = Marshal.load(Marshal.dump(set_env)) if set_env @result = src.deep_clone process @result #Process again to propogate replaced variables and process more. #For example, # x = [1,2] # y = [3,4] # z = x + y # #After first pass: # # z = [1,2] + [3,4] # #After second pass: # # z = [1,2,3,4] if set_env @env = set_env else @env = SexpProcessor::Environment.new end process @result @result end |
#process_scope(exp) ⇒ Object
Process a new scope.
189 190 191 192 193 194 |
# File 'lib/brakeman/processors/alias_processor.rb', line 189 def process_scope exp env.scope do process exp.block end exp end |
#process_selfdef(exp) ⇒ Object Also known as: process_defs
Process a method definition on self.
213 214 215 216 217 218 219 |
# File 'lib/brakeman/processors/alias_processor.rb', line 213 def process_selfdef exp env.scope do set_env_defaults process exp.body end exp end |
#process_svalue(exp) ⇒ Object
395 396 397 |
# File 'lib/brakeman/processors/alias_processor.rb', line 395 def process_svalue exp exp[1] end |
#set_line(exp, line_number) ⇒ Object
Set line nunber for exp
and every Sexp it contains. Used when replacing expressions, so warnings indicate the correct line.
519 520 521 522 523 524 525 526 527 528 529 |
# File 'lib/brakeman/processors/alias_processor.rb', line 519 def set_line exp, line_number if sexp? exp exp.original_line(exp.original_line || exp.line) exp.line line_number exp.each do |e| set_line e, line_number end end exp end |