Class: Brakeman::HamlTemplateProcessor

Inherits:
TemplateProcessor show all
Defined in:
lib/brakeman/processors/haml_template_processor.rb

Overview

Processes HAML templates.

Constant Summary collapse

HAML_FORMAT_METHOD =
/format_script_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)/

Constants included from Util

Util::ALL_PARAMETERS, Util::COOKIES, Util::PARAMETERS, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Instance Attribute Summary

Attributes inherited from BaseProcessor

#ignore

Attributes inherited from SexpProcessor

#context, #env, #expected

Instance Method Summary collapse

Methods inherited from TemplateProcessor

#process, #process_escaped_output, #process_lasgn, #process_output

Methods inherited from BaseProcessor

#find_render_type, #make_render, #make_render_in_view, #process_arglist, #process_attrasgn, #process_class, #process_default, #process_dstr, #process_evstr, #process_hash, #process_if, #process_ignore, #process_iter, #process_lasgn, #process_scope

Methods included from Util

#array?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #node_type?, #number?, #params?, #pluralize, #regexp?, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore

Methods included from ProcessorHelper

#class_name, #process_all, #process_module

Methods inherited from SexpProcessor

#error_handler, #in_context, #process, #process_dummy, #scope

Constructor Details

#initialize(*args) ⇒ HamlTemplateProcessor

Returns a new instance of HamlTemplateProcessor.



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# File 'lib/brakeman/processors/haml_template_processor.rb', line 7

def initialize *args
  super

  @tracker.libs.each do |name, lib|
    if name.to_s =~ /^Haml::Filters/
      begin
        require lib[:file]
      rescue Exception => e
        if @tracker.options[:debug]
          raise e
        end
      end
    end
  end
end

Instance Method Details

#is_buffer_target?(exp) ⇒ Boolean

Checks if the buffer is the target in a method call Sexp. TODO: Test this

Returns:

  • (Boolean)


131
132
133
134
135
136
# File 'lib/brakeman/processors/haml_template_processor.rb', line 131

def is_buffer_target? exp
  exp.node_type == :call and
  node_type? exp.target, :lvar and
  exp.target.value == :_hamlout and
  exp.method == :buffer
end

#process_block(exp) ⇒ Object

If inside an output stream, only return the final expression



107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# File 'lib/brakeman/processors/haml_template_processor.rb', line 107

def process_block exp
  exp.shift
  if @inside_concat
    @inside_concat = false
    exp[0..-2].each do |e|
      process e
    end
    @inside_concat = true
    process exp[-1]
  else
    exp.map! do |e|
      res = process e
      if res.empty?
        nil
      else
        res
      end
    end
    Sexp.new(:rlist).concat(exp).compact
  end
end

#process_call(exp) ⇒ Object

Processes call, looking for template output



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# File 'lib/brakeman/processors/haml_template_processor.rb', line 24

def process_call exp
  target = exp.target
  if sexp? target
    target = process target
  end

  method = exp.method

  if (call? target and target.method == :_hamlout)
    res = case method
          when :adjust_tabs, :rstrip!, :attributes #Check attributes, maybe?
            ignore
          when :options, :buffer
            exp
          when :open_tag
            process(exp.arglist)
            exp
          else
            arg = exp.first_arg

            if arg
              @inside_concat = true
              out = exp.arglist[1] = process(arg)
              @inside_concat = false
            else
              raise Exception.new("Empty _hamlout.#{method}()?")
            end

            if string? out
              ignore
            else
              case method.to_s
              when "push_text"
                s = Sexp.new(:output, out)
                @current_template[:outputs] << s
                s
              when HAML_FORMAT_METHOD
                if $4 == "true"
                  Sexp.new :format_escaped, out
                else
                  Sexp.new :format, out
                end
              else
                raise Exception.new("Unrecognized action on _hamlout: #{method}")
              end
            end

          end

    res.line(exp.line)
    res

    #_hamlout.buffer <<
    #This seems to be used rarely, but directly appends args to output buffer.
    #Has something to do with values of blocks?
  elsif sexp? target and method == :<< and is_buffer_target? target
    @inside_concat = true
    out = exp.arglist[1] = process(exp.arglist[1])
    @inside_concat = false

    if out.node_type == :str #ignore plain strings
      ignore
    else
      s = Sexp.new(:output, out)
      @current_template[:outputs] << s
      s.line(exp.line)
      s
    end
  elsif target == nil and method == :render
    #Process call to render()
    exp.arglist = process exp.arglist
    make_render_in_view exp
  else
    #TODO: Do we really need a new Sexp here?
    args = process exp.arglist
    call = Sexp.new :call, target, method, args
    call.original_line(exp.original_line)
    call.line(exp.line)
    call
  end
end