Class: Brakeman::FindCall

Inherits:

BasicProcessor

• Object
• SexpProcessor
• BasicProcessor
• Brakeman::FindCall

Defined in:

lib/brakeman/processors/lib/find_call.rb

Overview

Finds method calls matching the given target(s).

#-- This should be deprecated --#
#--  Do not use for new code  --#

Targets/methods can be:

• nil: matches anything, including nothing

• Empty array: matches nothing

• Symbol: matches single target/method exactly

• Array of symbols: matches against any of the symbols

• Regular expression: matches the expression

• Array of regular expressions: matches any of the expressions

If a target is also the name of a class, methods called on instances of that class will also be matched, in a very limited way. (Any methods called on Klass.new, basically. More useful when used in conjunction with AliasProcessor.)

Examples:

#To find any uses of this class: FindCall.new :FindCall, nil

#Find system calls without a target FindCall.new [], [:system, :exec, :syscall]

#Find all calls to length(), no matter the target FindCall.new nil, :length

#Find all calls to sub, sub!, gsub, or gsub! FindCall.new nil, /^g?sub!?$/

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Instance Attribute Summary

Attributes inherited from SexpProcessor

#context, #env, #expected

Instance Method Summary

• #initialize(targets, methods, tracker) ⇒ FindCall constructor

  A new instance of FindCall.

• #matches ⇒ Object

  Returns a list of results.

• #process_attrasgn(exp) ⇒ Object

  Process an assignment like a call.

• #process_call(exp) ⇒ Object

  Look for matching calls and add them to results.

• #process_defn(exp) ⇒ Object (also: #process_defs)

  Process body of method.

• #process_source(exp) ⇒ Object

  Process the given source.

Methods inherited from BasicProcessor

#process_default, #process_if

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Methods included from ProcessorHelper

#current_file, #process_all, #process_all!, #process_call_args, #process_call_defn?, #process_class, #process_module

Methods inherited from SexpProcessor

#in_context, #process, processors, #scope

Constructor Details

#initialize(targets, methods, tracker) ⇒ FindCall

Returns a new instance of FindCall.

# File 'lib/brakeman/processors/lib/find_call.rb', line 36

def initialize targets, methods, tracker
  super tracker
  @calls = []
  @find_targets = targets
  @find_methods = methods
  @current_class = nil
  @current_method = nil
end

Instance Method Details

#matches ⇒ Object

Returns a list of results.

A result looks like:

s(:result, :ClassName, :method_name, s(:call, …))

# File 'lib/brakeman/processors/lib/find_call.rb', line 50

def matches
  @calls
end

#process_attrasgn(exp) ⇒ Object

Process an assignment like a call

# File 'lib/brakeman/processors/lib/find_call.rb', line 84

def process_attrasgn exp
  process_call exp
end

#process_call(exp) ⇒ Object

Look for matching calls and add them to results

# File 'lib/brakeman/processors/lib/find_call.rb', line 70

def process_call exp
  target = get_target exp.target
  method = exp.method

  process_call_args exp

  if match(@find_targets, target) and match(@find_methods, method)
    @calls << Sexp.new(:result, @current_module, @current_class, @current_method, exp).line(exp.line)
  end
  
  exp
end

#process_defn(exp) ⇒ Object Also known as: process_defs

Process body of method

# File 'lib/brakeman/processors/lib/find_call.rb', line 63

def process_defn exp
  process_all exp.body
end

#process_source(exp) ⇒ Object

Process the given source. Provide either class and method being searched or the template. These names are used when reporting results.

Use FindCall#matches to retrieve results.

# File 'lib/brakeman/processors/lib/find_call.rb', line 58

def process_source exp
  process exp
end