Class: Brakeman::OutputProcessor

Inherits:
Ruby2Ruby
  • Object
show all
Includes:
Util
Defined in:
lib/brakeman/processors/output_processor.rb

Overview

Produces formatted output strings from Sexps. Recommended usage is

OutputProcessor.new.format(Sexp.new(:str, "hello"))

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP

Instance Method Summary collapse

Methods included from Util

#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore

Instance Method Details

#format(exp, user_input = nil, &block) ⇒ Object Also known as: process_safely

Copies exp and then formats it.



12
13
14
15
16
# File 'lib/brakeman/processors/output_processor.rb', line 12

def format exp, user_input = nil, &block
  @user_input = user_input
  @user_input_block = block
  process(exp.deep_clone) || "[Format Error]"
end

#output_format(exp, tag) ⇒ Object



109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# File 'lib/brakeman/processors/output_processor.rb', line 109

def output_format exp, tag
  out = if exp[1].node_type == :str or exp[1].node_type == :ignore
          ""
        else
          res = process exp[1]

          if res == ""
            ""
          else
            "[#{tag}] #{res}"
          end
        end

  out
end

#process(exp) ⇒ Object



20
21
22
23
24
25
26
27
28
29
30
# File 'lib/brakeman/processors/output_processor.rb', line 20

def process exp
  begin
    if @user_input and @user_input == exp
      @user_input_block.call(exp, super(exp))
    else
      super exp if sexp? exp and not exp.empty?
    end
  rescue => e
    Brakeman.debug "While formatting #{exp}: #{e}\n#{e.backtrace.join("\n")}"
  end
end

#process_const(exp) ⇒ Object



125
126
127
128
129
130
131
132
# File 'lib/brakeman/processors/output_processor.rb', line 125

def process_const exp
  if exp[1] == Brakeman::Tracker::UNKNOWN_MODEL
    "(Unresolved Model)"
  else
    out = exp[1].to_s
    out
  end
end

#process_cookies(exp) ⇒ Object



44
45
46
# File 'lib/brakeman/processors/output_processor.rb', line 44

def process_cookies exp
  "cookies"
end

#process_defn(exp) ⇒ Object



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# File 'lib/brakeman/processors/output_processor.rb', line 61

def process_defn exp
  # Copied from Ruby2Ruby except without the whole
  # "convert methods to attr_*" stuff
  exp = exp.deep_clone
  exp.shift
  name = exp.shift
  args = process exp.shift
  args = "" if args == "()"

  exp.shift if exp == s(s(:nil)) # empty it out of a default nil expression

  body = []
  until exp.empty? do
    body << indent(process(exp.shift))
  end

  body << indent("# do nothing") if body.empty?

  body = body.join("\n")

  return "def #{name}#{args}\n#{body}\nend".gsub(/\n\s*\n+/, "\n")
end

#process_escaped_output(exp) ⇒ Object



96
97
98
# File 'lib/brakeman/processors/output_processor.rb', line 96

def process_escaped_output exp
  output_format exp, "Escaped Output"
end

#process_format(exp) ⇒ Object



101
102
103
# File 'lib/brakeman/processors/output_processor.rb', line 101

def process_format exp
  output_format exp, "Format"
end

#process_format_escaped(exp) ⇒ Object



105
106
107
# File 'lib/brakeman/processors/output_processor.rb', line 105

def process_format_escaped exp
  output_format exp, "Escaped"
end

#process_ignore(exp) ⇒ Object



32
33
34
# File 'lib/brakeman/processors/output_processor.rb', line 32

def process_ignore exp
  "[ignored]"
end

#process_iter(exp) ⇒ Object



84
85
86
87
88
89
90
# File 'lib/brakeman/processors/output_processor.rb', line 84

def process_iter exp
  call = process exp[1]
  block = process_rlist exp[3..-1]
  out = "#{call} do\n #{block}\n end"

  out
end

#process_output(exp) ⇒ Object



92
93
94
# File 'lib/brakeman/processors/output_processor.rb', line 92

def process_output exp
  output_format exp, "Output"
end

#process_params(exp) ⇒ Object



36
37
38
# File 'lib/brakeman/processors/output_processor.rb', line 36

def process_params exp
  "params"
end

#process_render(exp) ⇒ Object



134
135
136
137
138
139
140
141
142
143
# File 'lib/brakeman/processors/output_processor.rb', line 134

def process_render exp
  exp = exp.deep_clone
  exp.shift

  exp[1] = process exp[1] if sexp? exp[1]
  exp[2] = process exp[2] if sexp? exp[2]
  out = "render(#{exp[0]} => #{exp[1]}, #{exp[2]})"

  out
end

#process_rlist(exp) ⇒ Object



48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/brakeman/processors/output_processor.rb', line 48

def process_rlist exp
  out = exp.map do |e|
    res = process e
    if res == ""
      nil
    else
      res
    end
  end.compact.join("\n")

  out
end

#process_session(exp) ⇒ Object



40
41
42
# File 'lib/brakeman/processors/output_processor.rb', line 40

def process_session exp
  "session"
end