Class: Brakeman::ErbTemplateProcessor
- Inherits:
-
TemplateProcessor
- Object
- SexpProcessor
- BaseProcessor
- TemplateProcessor
- Brakeman::ErbTemplateProcessor
- Defined in:
- lib/brakeman/processors/erb_template_processor.rb
Overview
Processes ERB templates (those ending in .html.erb or .rthml).
Constant Summary
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::PARAMETERS, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from BaseProcessor
Attributes inherited from SexpProcessor
Instance Method Summary collapse
-
#process_block(exp) ⇒ Object
Process block, removing irrelevant expressions.
-
#process_call(exp) ⇒ Object
s(:call, TARGET, :method, s(:arglist)).
Methods inherited from TemplateProcessor
#initialize, #process, #process_escaped_output, #process_lasgn, #process_output
Methods inherited from BaseProcessor
#find_render_type, #initialize, #make_render, #make_render_in_view, #process_arglist, #process_attrasgn, #process_class, #process_default, #process_dstr, #process_evstr, #process_hash, #process_if, #process_ignore, #process_iter, #process_lasgn, #process_scope
Methods included from Util
#array?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #node_type?, #number?, #params?, #pluralize, #regexp?, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #initialize, #process, #process_dummy, #scope
Constructor Details
This class inherits a constructor from Brakeman::TemplateProcessor
Instance Method Details
#process_block(exp) ⇒ Object
Process block, removing irrelevant expressions
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/brakeman/processors/erb_template_processor.rb', line 59 def process_block exp exp.shift if @inside_concat @inside_concat = false exp[0..-2].each do |e| process e end @inside_concat = true process exp[-1] else exp.map! do |e| res = process e if res.empty? or res == ignore nil elsif node_type?(res, :lvar) and res.value == :_erbout nil else res end end block = Sexp.new(:rlist).concat(exp).compact block.line(exp.line) block end end |
#process_call(exp) ⇒ Object
s(:call, TARGET, :method, s(:arglist))
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/brakeman/processors/erb_template_processor.rb', line 8 def process_call exp target = exp.target if sexp? target target = process target end method = exp.method #_erbout is the default output variable for erb if node_type? target, :lvar and target.value == :_erbout if method == :concat @inside_concat = true args = exp.arglist = process(exp.arglist) @inside_concat = false if args.length > 2 raise Exception.new("Did not expect more than a single argument to _erbout.concat") end arg = args[1] if arg.node_type == :call and arg.method == :to_s #erb always calls to_s on output arg = arg.target end if arg.node_type == :str #ignore plain strings ignore else s = Sexp.new :output, arg s.line(exp.line) @current_template[:outputs] << s s end elsif method == :force_encoding ignore else abort "Unrecognized action on _erbout: #{method}" end elsif target == nil and method == :render exp.arglist = process(exp.arglist) make_render_in_view exp else #TODO: Is it really necessary to create a new Sexp here? args = exp.arglist = process(exp.arglist) call = Sexp.new :call, target, method, args call.original_line(exp.original_line) call.line(exp.line) call end end |