Class: Brakeman::Constants

Inherits:
Object
  • Object
show all
Includes:
Util
Defined in:
lib/brakeman/tracker/constants.rb

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_env?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

#initializeConstants

Returns a new instance of Constants.



54
55
56
# File 'lib/brakeman/tracker/constants.rb', line 54

def initialize
  @constants = {}
end

Class Method Details

.constant_as_array(exp) ⇒ Object



132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# File 'lib/brakeman/tracker/constants.rb', line 132

def self.constant_as_array exp
  res = []
  while exp
    if exp.is_a? Sexp
      case exp.node_type
      when :const
        res << exp.value
        exp = nil
      when :colon3
        res << exp.value << :""
        exp = nil
      when :colon2
        res << exp.last
        exp = exp[1]
      else
        res << exp
        exp = nil
      end
    else
      res << exp
      exp = nil
    end
  end

  res.reverse!
  res
end

.get_constant_base_name(exp) ⇒ Object



160
161
162
163
164
165
166
167
168
169
170
171
# File 'lib/brakeman/tracker/constants.rb', line 160

def self.get_constant_base_name exp
  return exp unless exp.is_a? Sexp

  case exp.node_type
  when :const, :colon3
    exp.value
  when :colon2
    exp.last
  else
    exp
  end
end

Instance Method Details

#[](exp) ⇒ Object



62
63
64
65
66
67
68
69
70
71
# File 'lib/brakeman/tracker/constants.rb', line 62

def [] exp
  return unless constant? exp
  match = find_constant exp

  if match
    match.value
  else
    nil
  end
end

#add(name, value, context = nil) ⇒ Object



103
104
105
106
107
108
109
110
111
# File 'lib/brakeman/tracker/constants.rb', line 103

def add name, value, context = nil
  if call? value and value.method == :freeze
    value = value.target
  end

  base_name = Constants.get_constant_base_name(name)
  @constants[base_name] ||= []
  @constants[base_name] << Constant.new(name, value, context)
end

#eachObject



124
125
126
127
128
129
130
# File 'lib/brakeman/tracker/constants.rb', line 124

def each
  @constants.each do |name, values|
    values.each do |constant|
      yield constant
    end
  end
end

#find_all(exp) ⇒ Object



98
99
100
101
# File 'lib/brakeman/tracker/constants.rb', line 98

def find_all exp
  base_name = Constants.get_constant_base_name(exp)
  @constants[base_name]
end

#find_constant(exp) ⇒ Object



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# File 'lib/brakeman/tracker/constants.rb', line 73

def find_constant exp
  base_name = Constants.get_constant_base_name(exp)

  if @constants.key? base_name
    @constants[base_name].find do |c|
      if c.match? exp
        return c
      end
    end

    name_array = Constants.constant_as_array(exp)

    # Avoid losing info about dynamic constant values
    return unless name_array.all? { |n| constant? n or n.is_a? Symbol }

    @constants[base_name].find do |c|
      if c.match? name_array
        return c
      end
    end
  end

  nil
end

#get_simple_value(name) ⇒ Object

Returns constant values that are not too complicated. Right now that means literal values (string, array, etc.) or calls on Dir.glob(..).whatever.



116
117
118
119
120
121
122
# File 'lib/brakeman/tracker/constants.rb', line 116

def get_simple_value name
  if x = self[name] and (literal? x or dir_glob? x)
    x
  else
    nil
  end
end

#sizeObject



58
59
60
# File 'lib/brakeman/tracker/constants.rb', line 58

def size
  @constants.length
end