Class: Brakeman::BaseProcessor
- Inherits:
-
SexpProcessor
- Object
- SexpProcessor
- Brakeman::BaseProcessor
- Includes:
- ProcessorHelper, Util
- Defined in:
- lib/brakeman/processors/base_processor.rb
Overview
Base processor for most processors.
Direct Known Subclasses
ControllerProcessor, FindAllCalls, FindCall, GemProcessor, LibraryProcessor, ModelProcessor, Rails2ConfigProcessor, Rails2RoutesProcessor, Rails3ConfigProcessor, Rails3RoutesProcessor, TemplateProcessor
Constant Summary collapse
- IGNORE =
Sexp.new :ignore
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from SexpProcessor
Instance Method Summary collapse
-
#find_render_type(call, in_view = false) ⇒ Object
Determines the type of a call to render.
- #ignore ⇒ Object
-
#initialize(tracker) ⇒ BaseProcessor
constructor
Return a new Processor.
-
#make_render(exp, in_view = false) ⇒ Object
Generates :render node from call to render.
-
#make_render_in_view(exp) ⇒ Object
Convenience method for ‘make_render exp, true`.
-
#process_arglist(exp) ⇒ Object
Processes the values in an argument list.
-
#process_attrasgn(exp) ⇒ Object
Processes an attribute assignment, which can be either x.y = 1 or x = 1.
-
#process_block(exp) ⇒ Object
Processes a block.
- #process_class(exp) ⇒ Object
-
#process_default(exp) ⇒ Object
Default processing.
-
#process_dstr(exp) ⇒ Object
String with interpolation.
-
#process_evstr(exp) ⇒ Object
Processes the inside of an interpolated String.
-
#process_hash(exp) ⇒ Object
Processes a hash.
-
#process_if(exp) ⇒ Object
Process an if statement.
-
#process_ignore(exp) ⇒ Object
Ignore ignore Sexps.
-
#process_iter(exp) ⇒ Object
Processes calls with blocks.
-
#process_lasgn(exp) ⇒ Object
(also: #process_iasgn)
Processes a local assignment.
-
#process_scope(exp) ⇒ Object
Process a new scope.
Methods included from Util
#array?, #block?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_all!, #process_call_args, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #process, #process_dummy, #scope
Constructor Details
#initialize(tracker) ⇒ BaseProcessor
Return a new Processor.
12 13 14 15 16 17 |
# File 'lib/brakeman/processors/base_processor.rb', line 12 def initialize tracker super() @last = nil @tracker = tracker @current_template = @current_module = @current_class = @current_method = nil end |
Instance Method Details
#find_render_type(call, in_view = false) ⇒ Object
Determines the type of a call to render.
Possible types are: :action, :default, :file, :inline, :js, :json, :nothing, :partial, :template, :text, :update, :xml
And also :layout for inside templates
198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 |
# File 'lib/brakeman/processors/base_processor.rb', line 198 def find_render_type call, in_view = false rest = Sexp.new(:hash) type = nil value = nil first_arg = call.first_arg if call.second_arg.nil? and first_arg == Sexp.new(:lit, :update) return :update, nil, Sexp.new(:arglist, *call.args[0..-2]) #TODO HUH? end #Look for render :action, ... or render "action", ... if string? first_arg or symbol? first_arg if @current_template and @tracker.[:rails3] type = :partial value = first_arg else type = :action value = first_arg end elsif first_arg.is_a? Symbol or first_arg.is_a? String type = :action value = Sexp.new(:lit, first_arg.to_sym) elsif first_arg.nil? type = :default elsif not hash? first_arg type = :action value = first_arg end types_in_hash = Set[:action, :file, :inline, :js, :json, :nothing, :partial, :template, :text, :update, :xml] #render :layout => "blah" means something else when in a template if in_view types_in_hash << :layout end last_arg = call.last_arg #Look for "type" of render in options hash #For example, render :file => "blah" if hash? last_arg hash_iterate(last_arg) do |key, val| if symbol? key and types_in_hash.include? key.value type = key.value value = val else rest << key << val end end end type ||= :default value ||= :default return type, value, rest end |
#ignore ⇒ Object
19 20 21 |
# File 'lib/brakeman/processors/base_processor.rb', line 19 def ignore IGNORE end |
#make_render(exp, in_view = false) ⇒ Object
Generates :render node from call to render.
183 184 185 186 187 188 189 |
# File 'lib/brakeman/processors/base_processor.rb', line 183 def make_render exp, in_view = false render_type, value, rest = find_render_type exp, in_view rest = process rest result = Sexp.new(:render, render_type, value, rest) result.line(exp.line) result end |
#make_render_in_view(exp) ⇒ Object
Convenience method for ‘make_render exp, true`
178 179 180 |
# File 'lib/brakeman/processors/base_processor.rb', line 178 def make_render_in_view exp make_render exp, true end |
#process_arglist(exp) ⇒ Object
Processes the values in an argument list
138 139 140 141 142 143 144 145 146 |
# File 'lib/brakeman/processors/base_processor.rb', line 138 def process_arglist exp exp = exp.dup exp.shift exp.map! do |e| process e end exp.unshift :arglist end |
#process_attrasgn(exp) ⇒ Object
Processes an attribute assignment, which can be either x.y = 1 or x = 1
165 166 167 168 169 170 |
# File 'lib/brakeman/processors/base_processor.rb', line 165 def process_attrasgn exp exp = exp.dup exp.target = process exp.target exp.arglist = process exp.arglist exp end |
#process_block(exp) ⇒ Object
Processes a block. Changes Sexp node type to :rlist
102 103 104 105 106 107 108 109 110 111 |
# File 'lib/brakeman/processors/base_processor.rb', line 102 def process_block exp exp = exp.dup exp.shift exp.map! do |e| process e end exp.unshift :rlist end |
#process_class(exp) ⇒ Object
23 24 25 26 27 28 29 |
# File 'lib/brakeman/processors/base_processor.rb', line 23 def process_class exp current_class = @current_class @current_class = class_name exp[1] process_all exp.body @current_class = current_class exp end |
#process_default(exp) ⇒ Object
Default processing.
37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/brakeman/processors/base_processor.rb', line 37 def process_default exp exp = exp.dup exp.each_with_index do |e, i| if sexp? e and not e.empty? exp[i] = process e else e end end exp end |
#process_dstr(exp) ⇒ Object
String with interpolation. Changes Sexp node type to :string_interp
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# File 'lib/brakeman/processors/base_processor.rb', line 80 def process_dstr exp exp = exp.dup exp.shift exp.map! do |e| if e.is_a? String e elsif e.value.is_a? String e.value else res = process e if res.empty? nil else res end end end.compact! exp.unshift :string_interp end |
#process_evstr(exp) ⇒ Object
Processes the inside of an interpolated String. Changes Sexp node type to :string_eval
115 116 117 118 119 120 |
# File 'lib/brakeman/processors/base_processor.rb', line 115 def process_evstr exp exp = exp.dup exp[0] = :string_eval exp[1] = process exp[1] exp end |
#process_hash(exp) ⇒ Object
Processes a hash
123 124 125 126 127 128 129 130 131 132 133 134 135 |
# File 'lib/brakeman/processors/base_processor.rb', line 123 def process_hash exp exp = exp.dup exp.shift exp.map! do |e| if sexp? e process e else e end end exp.unshift :hash end |
#process_if(exp) ⇒ Object
Process an if statement.
52 53 54 55 56 57 58 |
# File 'lib/brakeman/processors/base_processor.rb', line 52 def process_if exp exp = exp.dup exp[1] = process exp.condition exp[2] = process exp.then_clause if exp.then_clause exp[3] = process exp.else_clause if exp.else_clause exp end |
#process_ignore(exp) ⇒ Object
Ignore ignore Sexps
173 174 175 |
# File 'lib/brakeman/processors/base_processor.rb', line 173 def process_ignore exp exp end |
#process_iter(exp) ⇒ Object
Processes calls with blocks. Changes Sexp node type to :call_with_block
s(:iter, CALL, :lasgn|:masgn, BLOCK)
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
# File 'lib/brakeman/processors/base_processor.rb', line 63 def process_iter exp exp = exp.dup call = process exp.block_call #deal with assignments somehow if exp.block block = process exp.block block = nil if block.empty? else block = nil end call = Sexp.new(:call_with_block, call, exp.block_args, block).compact call.line(exp.line) call end |
#process_lasgn(exp) ⇒ Object Also known as: process_iasgn
Processes a local assignment
149 150 151 152 153 |
# File 'lib/brakeman/processors/base_processor.rb', line 149 def process_lasgn exp exp = exp.dup exp.rhs = process exp.rhs exp end |
#process_scope(exp) ⇒ Object
Process a new scope. Removes expressions that are set to nil.
32 33 34 |
# File 'lib/brakeman/processors/base_processor.rb', line 32 def process_scope exp #NOPE? end |