Class: Brakeman::Config
- Inherits:
-
Object
show all
- Includes:
- Util
- Defined in:
- lib/brakeman/tracker/config.rb
Constant Summary
Constants included
from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Instance Attribute Summary collapse
Instance Method Summary
collapse
Methods included from Util
#array?, #block?, #call?, #camelize, #class_name, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Constructor Details
#initialize(tracker) ⇒ Config
Returns a new instance of Config.
11
12
13
14
15
16
17
18
|
# File 'lib/brakeman/tracker/config.rb', line 11
def initialize tracker
@tracker = tracker
@rails = {}
@gems = {}
@settings = {}
@escape_html = nil
@erubis = nil
end
|
Instance Attribute Details
#erubis=(value) ⇒ Object
Sets the attribute erubis
9
10
11
|
# File 'lib/brakeman/tracker/config.rb', line 9
def erubis=(value)
@erubis = value
end
|
#escape_html=(value) ⇒ Object
Sets the attribute escape_html
9
10
11
|
# File 'lib/brakeman/tracker/config.rb', line 9
def escape_html=(value)
@escape_html = value
end
|
#rails ⇒ Object
Returns the value of attribute rails.
7
8
9
|
# File 'lib/brakeman/tracker/config.rb', line 7
def rails
@rails
end
|
#rails_version ⇒ Object
Returns the value of attribute rails_version.
8
9
10
|
# File 'lib/brakeman/tracker/config.rb', line 8
def rails_version
@rails_version
end
|
#tracker ⇒ Object
Returns the value of attribute tracker.
7
8
9
|
# File 'lib/brakeman/tracker/config.rb', line 7
def tracker
@tracker
end
|
Instance Method Details
#add_gem(name, version, file, line) ⇒ Object
48
49
50
51
52
53
54
55
|
# File 'lib/brakeman/tracker/config.rb', line 48
def add_gem name, version, file, line
name = name.to_sym
@gems[name] = {
:version => version,
:file => file,
:line => line
}
end
|
#allow_forgery_protection? ⇒ Boolean
20
21
22
23
|
# File 'lib/brakeman/tracker/config.rb', line 20
def allow_forgery_protection?
@rails[:action_controller] and
@rails[:action_controller][:allow_forgery_protection] == Sexp.new(:false)
end
|
#erubis? ⇒ Boolean
25
26
27
|
# File 'lib/brakeman/tracker/config.rb', line 25
def erubis?
@erubis
end
|
#escape_html? ⇒ Boolean
29
30
31
|
# File 'lib/brakeman/tracker/config.rb', line 29
def escape_html?
@escape_html
end
|
#escape_html_entities_in_json? ⇒ Boolean
33
34
35
36
37
|
# File 'lib/brakeman/tracker/config.rb', line 33
def escape_html_entities_in_json?
@rails[:active_support] and
true? @rails[:active_support][:escape_html_entities_in_json]
end
|
#gem_version(name) ⇒ Object
44
45
46
|
# File 'lib/brakeman/tracker/config.rb', line 44
def gem_version name
@gems[name] and @gems[name][:version]
end
|
#get_gem(name) ⇒ Object
61
62
63
|
# File 'lib/brakeman/tracker/config.rb', line 61
def get_gem name
@gems[name]
end
|
#has_gem?(name) ⇒ Boolean
57
58
59
|
# File 'lib/brakeman/tracker/config.rb', line 57
def has_gem? name
!!@gems[name]
end
|
#session_settings ⇒ Object
89
90
91
92
|
# File 'lib/brakeman/tracker/config.rb', line 89
def session_settings
@rails[:action_controller] &&
@rails[:action_controller][:session]
end
|
#set_rails_version ⇒ Object
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
# File 'lib/brakeman/tracker/config.rb', line 65
def set_rails_version
version = gem_version(:rails) || gem_version(:railties)
if version and version.match(/(\d+\.\d+\.\d+.*)/)
@rails_version = $1
if tracker.options[:rails3].nil? and tracker.options[:rails4].nil?
if @rails_version.start_with? "3"
tracker.options[:rails3] = true
Brakeman.notify "[Notice] Detected Rails 3 application"
elsif @rails_version.start_with? "4"
tracker.options[:rails3] = true
tracker.options[:rails4] = true
Brakeman.notify "[Notice] Detected Rails 4 application"
end
end
end
if get_gem :rails_xss
@escape_html = true
Brakeman.notify "[Notice] Escaping HTML by default"
end
end
|
#whitelist_attributes? ⇒ Boolean
39
40
41
42
|
# File 'lib/brakeman/tracker/config.rb', line 39
def whitelist_attributes?
@rails[:active_record] and
@rails[:active_record][:whitelist_attributes] == Sexp.new(:true)
end
|