Class: Brakeman::Config
- Inherits:
-
Object
show all
- Includes:
- Util
- Defined in:
- lib/brakeman/tracker/config.rb
Constant Summary
Constants included
from Util
Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP
Instance Attribute Summary collapse
Instance Method Summary
collapse
Methods included from Util
#array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #remove_kwsplat, #request_env?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore
Constructor Details
#initialize(tracker) ⇒ Config
Returns a new instance of Config.
10
11
12
13
14
15
16
17
18
19
|
# File 'lib/brakeman/tracker/config.rb', line 10
def initialize tracker
@tracker = tracker
@rails = {}
@gems = {}
@settings = {}
@escape_html = nil
@erubis = nil
@ruby_version = ""
@rails_version = nil
end
|
Instance Attribute Details
#erubis=(value) ⇒ Object
Sets the attribute erubis
8
9
10
|
# File 'lib/brakeman/tracker/config.rb', line 8
def erubis=(value)
@erubis = value
end
|
#escape_html=(value) ⇒ Object
Sets the attribute escape_html
8
9
10
|
# File 'lib/brakeman/tracker/config.rb', line 8
def escape_html=(value)
@escape_html = value
end
|
#gems ⇒ Object
Returns the value of attribute gems.
7
8
9
|
# File 'lib/brakeman/tracker/config.rb', line 7
def gems
@gems
end
|
#rails ⇒ Object
Returns the value of attribute rails.
7
8
9
|
# File 'lib/brakeman/tracker/config.rb', line 7
def rails
@rails
end
|
#ruby_version ⇒ Object
Returns the value of attribute ruby_version.
7
8
9
|
# File 'lib/brakeman/tracker/config.rb', line 7
def ruby_version
@ruby_version
end
|
#tracker ⇒ Object
Returns the value of attribute tracker.
7
8
9
|
# File 'lib/brakeman/tracker/config.rb', line 7
def tracker
@tracker
end
|
Instance Method Details
#add_gem(name, version, file, line) ⇒ Object
60
61
62
63
64
65
66
67
|
# File 'lib/brakeman/tracker/config.rb', line 60
def add_gem name, version, file, line
name = name.to_sym
@gems[name] = {
:version => version,
:file => file,
:line => line
}
end
|
#default_protect_from_forgery? ⇒ Boolean
21
22
23
24
25
26
27
28
29
30
31
|
# File 'lib/brakeman/tracker/config.rb', line 21
def default_protect_from_forgery?
if version_between? "5.2.0.beta1", "9.9.9"
if @rails.dig(:action_controller, :default_protect_from_forgery) == Sexp.new(:false)
return false
else
return true
end
end
false
end
|
#erubis? ⇒ Boolean
33
34
35
|
# File 'lib/brakeman/tracker/config.rb', line 33
def erubis?
@erubis
end
|
#escape_filter_interpolations? ⇒ Boolean
46
47
48
49
50
|
# File 'lib/brakeman/tracker/config.rb', line 46
def escape_filter_interpolations?
has_gem?(:haml) and
version_between? "5.0.0", "5.99", gem_version(:haml)
end
|
#escape_html? ⇒ Boolean
37
38
39
|
# File 'lib/brakeman/tracker/config.rb', line 37
def escape_html?
@escape_html
end
|
#escape_html_entities_in_json? ⇒ Boolean
41
42
43
44
|
# File 'lib/brakeman/tracker/config.rb', line 41
def escape_html_entities_in_json?
true? @rails.dig(:active_support, :escape_html_entities_in_json)
end
|
127
128
129
130
131
|
# File 'lib/brakeman/tracker/config.rb', line 127
def version
return unless version.is_a? String
version[/\d+\.\d+(\.\d+.*)?/]
end
|
#gem_version(name) ⇒ Object
56
57
58
|
# File 'lib/brakeman/tracker/config.rb', line 56
def gem_version name
@gems.dig(name.to_sym, :version)
end
|
#get_gem(name) ⇒ Object
73
74
75
|
# File 'lib/brakeman/tracker/config.rb', line 73
def get_gem name
@gems[name.to_sym]
end
|
#has_gem?(name) ⇒ Boolean
69
70
71
|
# File 'lib/brakeman/tracker/config.rb', line 69
def has_gem? name
!!@gems[name.to_sym]
end
|
#rails_version ⇒ Object
117
118
119
120
121
|
# File 'lib/brakeman/tracker/config.rb', line 117
def rails_version
@rails_version
end
|
#session_settings ⇒ Object
147
148
149
|
# File 'lib/brakeman/tracker/config.rb', line 147
def session_settings
@rails.dig(:action_controller, :session)
end
|
#set_rails_version(version = nil) ⇒ Object
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
# File 'lib/brakeman/tracker/config.rb', line 77
def set_rails_version version = nil
version = if version
(version)
else
gem_version(:rails) || gem_version(:railties)
end
if version
@rails_version = version
if tracker.options[:rails3].nil? and tracker.options[:rails4].nil?
if @rails_version.start_with? "3"
tracker.options[:rails3] = true
Brakeman.notify "[Notice] Detected Rails 3 application"
elsif @rails_version.start_with? "4"
tracker.options[:rails3] = true
tracker.options[:rails4] = true
Brakeman.notify "[Notice] Detected Rails 4 application"
elsif @rails_version.start_with? "5"
tracker.options[:rails3] = true
tracker.options[:rails4] = true
tracker.options[:rails5] = true
Brakeman.notify "[Notice] Detected Rails 5 application"
elsif @rails_version.start_with? "6"
tracker.options[:rails3] = true
tracker.options[:rails4] = true
tracker.options[:rails5] = true
tracker.options[:rails6] = true
Brakeman.notify "[Notice] Detected Rails 6 application"
end
end
end
if get_gem :rails_xss
@escape_html = true
Brakeman.notify "[Notice] Escaping HTML by default"
end
end
|
#set_ruby_version(version) ⇒ Object
123
124
125
|
# File 'lib/brakeman/tracker/config.rb', line 123
def set_ruby_version version
@ruby_version = (version)
end
|
#version_between?(low_version, high_version, current_version = nil) ⇒ Boolean
Returns true if low_version <= RAILS_VERSION <= high_version
If the Rails version is unknown, returns false.
136
137
138
139
140
141
142
143
144
145
|
# File 'lib/brakeman/tracker/config.rb', line 136
def version_between? low_version, high_version, current_version = nil
current_version ||= rails_version
return false unless current_version
low = Gem::Version.new(low_version)
high = Gem::Version.new(high_version)
current = Gem::Version.new(current_version)
current.between?(low, high)
end
|
#whitelist_attributes? ⇒ Boolean
52
53
54
|
# File 'lib/brakeman/tracker/config.rb', line 52
def whitelist_attributes?
@rails.dig(:active_record, :whitelist_attributes) == Sexp.new(:true)
end
|