Class: Brakeman::FindAllCalls

Inherits:
BasicProcessor show all
Defined in:
lib/brakeman/processors/lib/find_all_calls.rb

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Instance Attribute Summary collapse

Attributes inherited from SexpProcessor

#context, #env, #expected

Instance Method Summary collapse

Methods inherited from BasicProcessor

#process_default, #process_if

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Methods included from ProcessorHelper

#current_file, #process_all, #process_all!, #process_call_args, #process_call_defn?, #process_class, #process_module

Methods inherited from SexpProcessor

#in_context, #process, processors, #scope

Constructor Details

#initialize(tracker) ⇒ FindAllCalls

Returns a new instance of FindAllCalls.



6
7
8
9
10
11
12
13
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 6

def initialize tracker
  super

  @in_target = false
  @processing_class = false
  @calls = []
  @cache = {}
end

Instance Attribute Details

#callsObject (readonly)

Returns the value of attribute calls.



4
5
6
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 4

def calls
  @calls
end

Instance Method Details

#process_all_source(exp, opts) ⇒ Object

For whatever reason, originally the indexing of calls was performed on individual method bodies (see process_defn). This method explicitly indexes all calls everywhere given any source.



31
32
33
34
35
36
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 31

def process_all_source exp, opts
  @processing_class = true
  process_source exp, opts
ensure
  @processing_class = false
end

#process_attrasgn(exp) ⇒ Object

Process an assignment like a call



129
130
131
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 129

def process_attrasgn exp
  process_call exp
end

#process_call(exp) ⇒ Object 



63
64
65
66
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 63

def process_call exp
  @calls << create_call_hash(exp).freeze
  exp
end

#process_defn(exp) ⇒ Object Also known as: process_defs

Process body of method



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 39

def process_defn exp
  return exp unless @current_method or @processing_class

  # 'Normal' processing assumes the method name was given
  # as an option to `process_source` but for `process_all_source`
  # we don't want to do that.
  if @current_method.nil?
    @current_method = exp.method_name
    process_all exp.body
    @current_method = nil
  else
    process_all exp.body
  end

  exp
end

#process_dregx(exp) ⇒ Object

Process a dynamic regex like a call



120
121
122
123
124
125
126
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 120

def process_dregx exp
  exp.each { |arg| process arg if sexp? arg }

  add_simple_call :brakeman_regex_interp, exp

  exp
end

#process_dsym(exp) ⇒ Object

:“string” is equivalent to “string”.to_sym



111
112
113
114
115
116
117
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 111

def process_dsym exp
  exp.each { |arg| process arg if sexp? arg }

  add_simple_call :literal_to_sym, exp

  exp
end

#process_dxstr(exp) ⇒ Object

Technically, “ is call to Kernel#‘ But we just need them in the call cache for speed



102
103
104
105
106
107
108
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 102

def process_dxstr exp
  process exp.last if sexp? exp.last

  add_simple_call :`, exp

  exp
end

#process_iter(exp) ⇒ Object 



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 68

def process_iter exp
  call = exp.block_call

  if call.node_type == :call
    call_hash = create_call_hash(call)

    call_hash[:block] = exp.block
    call_hash[:block_args] = exp.block_args
    call_hash.freeze

    @calls << call_hash

    process exp.block
  else
    #Probably a :render call with block
    process call
    process exp.block
  end

  exp
end

#process_render(exp) ⇒ Object

Calls to render() are converted to s(:render, …) but we would like them in the call cache still for speed



92
93
94
95
96
97
98
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 92

def process_render exp
  process_all exp

  add_simple_call :render, exp

  exp
end

#process_rlist(exp) ⇒ Object

Process body of block



59
60
61
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 59

def process_rlist exp
  process_all exp
end

#process_source(exp, opts) ⇒ Object

Process the given source. Provide either class and method being searched or the template. These names are used when reporting results.



17
18
19
20
21
22
23
24
25
 
# File 'lib/brakeman/processors/lib/find_all_calls.rb', line 17

def process_source exp, opts
  @current_class = opts[:class]
  @current_method = opts[:method]
  @current_template = opts[:template]
  @current_file = opts[:file]
  @current_call = nil
  @full_call = nil
  process exp
end