Class: Brakeman::BaseProcessor

Inherits:
SexpProcessor show all
Includes:
ProcessorHelper, SafeCallHelper, Util
Defined in:
lib/brakeman/processors/base_processor.rb

Overview

Base processor for most processors.

Constant Summary collapse

IGNORE = 
Sexp.new :ignore

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Instance Attribute Summary

Attributes inherited from SexpProcessor

#context, #env, #expected

Instance Method Summary collapse

Methods included from Util

#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore

Methods included from ProcessorHelper

#current_file_name, #process_all, #process_all!, #process_call_args, #process_call_defn?, #process_class, #process_module

Methods inherited from SexpProcessor

#in_context, #process, processors, #scope

Constructor Details

#initialize(tracker) ⇒ BaseProcessor

Return a new Processor.



14
15
16
17
18
19
 
# File 'lib/brakeman/processors/base_processor.rb', line 14

def initialize tracker
  super()
  @last = nil
  @tracker = tracker
  @current_template = @current_module = @current_class = @current_method = @file_name = nil
end

Instance Method Details

#find_render_type(call, in_view = false) ⇒ Object

Determines the type of a call to render.

Possible types are: :action, :default, :file, :inline, :js, :json, :nothing, :partial, :template, :text, :update, :xml

And also :layout for inside templates



215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
 
# File 'lib/brakeman/processors/base_processor.rb', line 215

def find_render_type call, in_view = false
  rest = Sexp.new(:hash)
  type = nil
  value = nil
  first_arg = call.first_arg

  if call.second_arg.nil? and first_arg == Sexp.new(:lit, :update)
    return :update, nil, Sexp.new(:arglist, *call.args[0..-2]) #TODO HUH?
  end

  #Look for render :action, ... or render "action", ...
  if string? first_arg or symbol? first_arg
    if @current_template and @tracker.options[:rails3]
      type = :partial
      value = first_arg
    else
      type = :action
      value = first_arg
    end
  elsif first_arg.is_a? Symbol or first_arg.is_a? String
    type = :action
    value = Sexp.new(:lit, first_arg.to_sym)
elsif first_arg.nil?
	type = :default
  elsif not hash? first_arg
    type = :action
    value = first_arg
  end

  types_in_hash = Set[:action, :file, :inline, :js, :json, :nothing, :partial, :template, :text, :update, :xml]

  #render :layout => "blah" means something else when in a template
  if in_view
    types_in_hash << :layout
  end

  last_arg = call.last_arg

  #Look for "type" of render in options hash
  #For example, render :file => "blah"
  if hash? last_arg
    hash_iterate(last_arg) do |key, val|
      if symbol? key and types_in_hash.include? key.value
        type = key.value
        value = val
      else  
        rest << key << val
      end
    end
  end

  type ||= :default
  value ||= :default

  if type == :inline and string? value and not hash_access(rest, :type)
    value, rest = make_inline_render(value, rest)
  end

  return type, value, rest
end

#ignoreObject 



26
27
28
 
# File 'lib/brakeman/processors/base_processor.rb', line 26

def ignore
  IGNORE
end

#make_inline_render(value, options) ⇒ Object 



276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
 
# File 'lib/brakeman/processors/base_processor.rb', line 276

def make_inline_render value, options
  require 'brakeman/parsers/template_parser'

  class_or_module = (@current_class || @current_module)

  class_or_module = if class_or_module.nil?
                      "Unknown"
                    else
                      class_or_module.name
                    end

  template_name = "#@current_method/inline@#{value.line}:#{class_or_module}".to_sym
  type, ast = Brakeman::TemplateParser.parse_inline_erb(@tracker, value.value)
  ast = ast.deep_clone(value.line)
  @tracker.processor.process_template(template_name, ast, type, nil, @file_name)
  @tracker.processor.process_template_alias(@tracker.templates[template_name])

  return s(:lit, template_name), options
end

#make_render(exp, in_view = false) ⇒ Object

Generates :render node from call to render.



200
201
202
203
204
205
206
 
# File 'lib/brakeman/processors/base_processor.rb', line 200

def make_render exp, in_view = false 
  render_type, value, rest = find_render_type exp, in_view
  rest = process rest
  result = Sexp.new(:render, render_type, value, rest)
  result.line(exp.line)
  result
end

#make_render_in_view(exp) ⇒ Object

Convenience method for ‘make_render exp, true`



195
196
197
 
# File 'lib/brakeman/processors/base_processor.rb', line 195

def make_render_in_view exp
  make_render exp, true
end

#process_arglist(exp) ⇒ Object

Processes the values in an argument list



142
143
144
145
146
147
148
149
150
 
# File 'lib/brakeman/processors/base_processor.rb', line 142

def process_arglist exp
  exp = exp.dup
  exp.shift
  exp.map! do |e|
    process e
  end

  exp.unshift :arglist
end

#process_attrasgn(exp) ⇒ Object

Processes an attribute assignment, which can be either x.y = 1 or x = 1



169
170
171
172
173
174
 
# File 'lib/brakeman/processors/base_processor.rb', line 169

def process_attrasgn exp
  exp = exp.dup
  exp.target = process exp.target
  exp.arglist = process exp.arglist
  exp
end

#process_block(exp) ⇒ Object

Processes a block. Changes Sexp node type to :rlist



105
106
107
108
109
110
111
112
113
114
 
# File 'lib/brakeman/processors/base_processor.rb', line 105

def process_block exp
  exp = exp.dup
  exp.shift

  exp.map! do |e|
    process e
  end

  exp.unshift :rlist
end

#process_cdecl(exp) ⇒ Object 



181
182
183
184
185
186
187
188
189
190
191
192
 
# File 'lib/brakeman/processors/base_processor.rb', line 181

def process_cdecl exp
  if @tracker
    @tracker.add_constant exp.lhs,
      exp.rhs,
      :file => current_file_name,
      :module => @current_module,
      :class => @current_class,
      :method => @current_method
  end

  exp
end

#process_default(exp) ⇒ Object

Default processing.



36
37
38
39
40
41
42
43
44
 
# File 'lib/brakeman/processors/base_processor.rb', line 36

def process_default exp
  exp = exp.dup

  exp.each_with_index do |e, i|
    exp[i] = process e if sexp? e and not e.empty?
  end

  exp
end

#process_dstr(exp) ⇒ Object

String with interpolation.



85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/brakeman/processors/base_processor.rb', line 85

def process_dstr exp
  exp = exp.dup
  exp.shift
  exp.map! do |e|
    if e.is_a? String
      e
    else
      res = process e
      if res.empty?
        nil
      else
        res
      end
    end
  end.compact!

  exp.unshift :dstr
end

#process_evstr(exp) ⇒ Object

Processes the inside of an interpolated String.



117
118
119
120
121
122
123
124
 
# File 'lib/brakeman/processors/base_processor.rb', line 117

def process_evstr exp
  exp = exp.dup
  if exp[1]
    exp[1] = process exp[1]
  end

  exp
end

#process_file(exp, file_name) ⇒ Object 



21
22
23
24
 
# File 'lib/brakeman/processors/base_processor.rb', line 21

def process_file exp, file_name
  @file_name = file_name
  process exp
end

#process_hash(exp) ⇒ Object

Processes a hash



127
128
129
130
131
132
133
134
135
136
137
138
139
 
# File 'lib/brakeman/processors/base_processor.rb', line 127

def process_hash exp
  exp = exp.dup
  exp.shift
  exp.map! do |e|
    if sexp? e
      process e
    else
      e
    end
  end

  exp.unshift :hash
end

#process_if(exp) ⇒ Object

Process an if statement.



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/brakeman/processors/base_processor.rb', line 47

def process_if exp
  exp = exp.dup
  condition = exp[1] = process exp.condition

  if true? condition
    exp[2] = process exp.then_clause if exp.then_clause
    exp[3] = nil
  elsif false? condition
    exp[2] = nil
    exp[3] = process exp.else_clause if exp.else_clause
  else
    exp[2] = process exp.then_clause if exp.then_clause
    exp[3] = process exp.else_clause if exp.else_clause
  end

  exp
end

#process_ignore(exp) ⇒ Object

Ignore ignore Sexps



177
178
179
 
# File 'lib/brakeman/processors/base_processor.rb', line 177

def process_ignore exp
  exp
end

#process_iter(exp) ⇒ Object

Processes calls with blocks.

s(:iter, CALL, :lasgn|:masgn, BLOCK)



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/brakeman/processors/base_processor.rb', line 68

def process_iter exp
  exp = exp.dup
  call = process exp.block_call
  #deal with assignments somehow
  if exp.block
    block = process exp.block
    block = nil if block.empty?
  else
    block = nil
  end

  call = Sexp.new(:iter, call, exp.block_args, block).compact
  call.line(exp.line)
  call
end

#process_lasgn(exp) ⇒ Object Also known as: process_iasgn

Processes a local assignment



153
154
155
156
157
 
# File 'lib/brakeman/processors/base_processor.rb', line 153

def process_lasgn exp
  exp = exp.dup
  exp.rhs = process exp.rhs
  exp
end

#process_scope(exp) ⇒ Object

Process a new scope. Removes expressions that are set to nil.



31
32
33
 
# File 'lib/brakeman/processors/base_processor.rb', line 31

def process_scope exp
  #NOPE?
end