Class: Brakeman::Rails3ConfigProcessor
- Inherits:
-
BasicProcessor
- Object
- SexpProcessor
- BasicProcessor
- Brakeman::Rails3ConfigProcessor
- Defined in:
- lib/brakeman/processors/lib/rails3_config_processor.rb
Overview
Processes configuration. Results are put in tracker.config.
Configuration of Rails via Rails::Initializer are stored in tracker.config.rails. For example:
MyApp::Application.configure do
config.active_record.whitelist_attributes = true
end
will be stored in
tracker.config.rails[:active_record][:whitelist_attributes]
Values for tracker.config.rails will still be Sexps.
Constant Summary collapse
- RAILS_CONFIG =
Sexp.new(:call, nil, :config)
Constants included from Util
Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from SexpProcessor
Instance Method Summary collapse
-
#get_rails_config(exp) ⇒ Object
Returns an array of symbols for each ‘level’ in the config.
-
#include_rails_config?(exp) ⇒ Boolean
Check if an expression includes a call to set Rails config.
-
#initialize(*args) ⇒ Rails3ConfigProcessor
constructor
A new instance of Rails3ConfigProcessor.
-
#process_attrasgn(exp) ⇒ Object
Look for configuration settings.
-
#process_class(exp) ⇒ Object
Look for class Application < Rails::Application.
-
#process_config(src, file_name) ⇒ Object
Use this method to process configuration file.
-
#process_iter(exp) ⇒ Object
Look for MyApp::Application.configure do …
Methods inherited from BasicProcessor
Methods included from Util
#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#current_file_name, #process_all, #process_all!, #process_call_args, #process_call_defn?, #process_module
Methods inherited from SexpProcessor
#in_context, #process, processors, #scope
Constructor Details
#initialize(*args) ⇒ Rails3ConfigProcessor
Returns a new instance of Rails3ConfigProcessor.
21 22 23 24 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 21 def initialize *args super @inside_config = false end |
Instance Method Details
#get_rails_config(exp) ⇒ Object
Returns an array of symbols for each ‘level’ in the config
config.action_controller.session_store = :cookie
becomes
[:action_controller, :session_store]
118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 118 def get_rails_config exp if node_type? exp, :attrasgn attribute = exp.method.to_s[0..-2].to_sym get_rails_config(exp.target) << attribute elsif call? exp if exp.target == RAILS_CONFIG [exp.method] else get_rails_config(exp.target) << exp.method end else raise "WHAT" end end |
#include_rails_config?(exp) ⇒ Boolean
Check if an expression includes a call to set Rails config
96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 96 def include_rails_config? exp target = exp.target if call? target if target.target == RAILS_CONFIG true else include_rails_config? target end elsif target == RAILS_CONFIG true else false end end |
#process_attrasgn(exp) ⇒ Object
Look for configuration settings
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 61 def process_attrasgn exp return exp unless @inside_config if exp.target == RAILS_CONFIG #Get rid of '=' at end attribute = exp.method.to_s[0..-2].to_sym if exp.args.length > 1 #Multiple arguments?...not sure if this will ever happen @tracker.config.rails[attribute] = exp.args else @tracker.config.rails[attribute] = exp.first_arg end elsif include_rails_config? exp = get_rails_config exp level = @tracker.config.rails [0..-2].each do |o| level[o] ||= {} option = level[o] if not option.is_a? Hash Brakeman.debug "[Notice] Skipping config setting: #{.map(&:to_s).join(".")}" return exp end level = level[o] end level[.last] = exp.first_arg end exp end |
#process_class(exp) ⇒ Object
Look for class Application < Rails::Application
50 51 52 53 54 55 56 57 58 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 50 def process_class exp if exp.class_name == :Application @inside_config = true process_all exp.body if sexp? exp.body @inside_config = false end exp end |
#process_config(src, file_name) ⇒ Object
Use this method to process configuration file
27 28 29 30 31 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 27 def process_config src, file_name @file_name = file_name res = Brakeman::AliasProcessor.new(@tracker).process_safely(src, nil, @file_name) process res end |
#process_iter(exp) ⇒ Object
Look for MyApp::Application.configure do … end
34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 34 def process_iter exp call = exp.block_call if node_type?(call.target, :colon2) and call.target.rhs == :Application and call.method == :configure @inside_config = true process exp.block if sexp? exp.block @inside_config = false end exp end |