Class: Brakeman::Config
- Inherits:
-
Object
show all
- Includes:
- Util
- Defined in:
- lib/brakeman/tracker/config.rb
Constant Summary
Constants included
from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Instance Attribute Summary collapse
Instance Method Summary
collapse
Methods included from Util
#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Constructor Details
#initialize(tracker) ⇒ Config
Returns a new instance of Config.
12
13
14
15
16
17
18
19
20
|
# File 'lib/brakeman/tracker/config.rb', line 12
def initialize tracker
@tracker = tracker
@rails = {}
@gems = {}
@settings = {}
@escape_html = nil
@erubis = nil
@ruby_version = ""
end
|
Instance Attribute Details
#erubis=(value) ⇒ Object
Sets the attribute erubis
9
10
11
|
# File 'lib/brakeman/tracker/config.rb', line 9
def erubis=(value)
@erubis = value
end
|
#escape_html=(value) ⇒ Object
Sets the attribute escape_html
9
10
11
|
# File 'lib/brakeman/tracker/config.rb', line 9
def escape_html=(value)
@escape_html = value
end
|
#gems ⇒ Object
Returns the value of attribute gems.
10
11
12
|
# File 'lib/brakeman/tracker/config.rb', line 10
def gems
@gems
end
|
#rails ⇒ Object
Returns the value of attribute rails.
7
8
9
|
# File 'lib/brakeman/tracker/config.rb', line 7
def rails
@rails
end
|
#rails_version ⇒ Object
Returns the value of attribute rails_version.
8
9
10
|
# File 'lib/brakeman/tracker/config.rb', line 8
def rails_version
@rails_version
end
|
#ruby_version ⇒ Object
Returns the value of attribute ruby_version.
8
9
10
|
# File 'lib/brakeman/tracker/config.rb', line 8
def ruby_version
@ruby_version
end
|
#tracker ⇒ Object
Returns the value of attribute tracker.
7
8
9
|
# File 'lib/brakeman/tracker/config.rb', line 7
def tracker
@tracker
end
|
Instance Method Details
#add_gem(name, version, file, line) ⇒ Object
50
51
52
53
54
55
56
57
|
# File 'lib/brakeman/tracker/config.rb', line 50
def add_gem name, version, file, line
name = name.to_sym
@gems[name] = {
:version => version,
:file => file,
:line => line
}
end
|
#allow_forgery_protection? ⇒ Boolean
22
23
24
25
|
# File 'lib/brakeman/tracker/config.rb', line 22
def allow_forgery_protection?
@rails[:action_controller] and
@rails[:action_controller][:allow_forgery_protection] == Sexp.new(:false)
end
|
#erubis? ⇒ Boolean
27
28
29
|
# File 'lib/brakeman/tracker/config.rb', line 27
def erubis?
@erubis
end
|
#escape_html? ⇒ Boolean
31
32
33
|
# File 'lib/brakeman/tracker/config.rb', line 31
def escape_html?
@escape_html
end
|
#escape_html_entities_in_json? ⇒ Boolean
35
36
37
38
39
|
# File 'lib/brakeman/tracker/config.rb', line 35
def escape_html_entities_in_json?
@rails[:active_support] and
true? @rails[:active_support][:escape_html_entities_in_json]
end
|
#gem_version(name) ⇒ Object
46
47
48
|
# File 'lib/brakeman/tracker/config.rb', line 46
def gem_version name
@gems[name] and @gems[name][:version]
end
|
#get_gem(name) ⇒ Object
63
64
65
|
# File 'lib/brakeman/tracker/config.rb', line 63
def get_gem name
@gems[name]
end
|
#has_gem?(name) ⇒ Boolean
59
60
61
|
# File 'lib/brakeman/tracker/config.rb', line 59
def has_gem? name
!!@gems[name]
end
|
#session_settings ⇒ Object
104
105
106
107
|
# File 'lib/brakeman/tracker/config.rb', line 104
def session_settings
@rails[:action_controller] &&
@rails[:action_controller][:session]
end
|
#set_rails_version ⇒ Object
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# File 'lib/brakeman/tracker/config.rb', line 67
def set_rails_version
version = gem_version(:rails) || gem_version(:railties)
if version and version.match(/(\d+\.\d+\.\d+.*)/)
@rails_version = $1
if tracker.options[:rails3].nil? and tracker.options[:rails4].nil?
if @rails_version.start_with? "3"
tracker.options[:rails3] = true
Brakeman.notify "[Notice] Detected Rails 3 application"
elsif @rails_version.start_with? "4"
tracker.options[:rails3] = true
tracker.options[:rails4] = true
Brakeman.notify "[Notice] Detected Rails 4 application"
elsif @rails_version.start_with? "5"
tracker.options[:rails3] = true
tracker.options[:rails4] = true
tracker.options[:rails5] = true
Brakeman.notify "[Notice] Detected Rails 5 application"
end
end
end
if get_gem :rails_xss
@escape_html = true
Brakeman.notify "[Notice] Escaping HTML by default"
end
end
|
#set_ruby_version(version) ⇒ Object
96
97
98
99
100
101
102
|
# File 'lib/brakeman/tracker/config.rb', line 96
def set_ruby_version version
return unless version.is_a? String
if version =~ /(\d+\.\d+\.\d+)/
self.ruby_version = $1
end
end
|
#whitelist_attributes? ⇒ Boolean
41
42
43
44
|
# File 'lib/brakeman/tracker/config.rb', line 41
def whitelist_attributes?
@rails[:active_record] and
@rails[:active_record][:whitelist_attributes] == Sexp.new(:true)
end
|