Module: Brakeman::ModelMethods

Included in:

Library, Model

Defined in:

lib/brakeman/tracker/model.rb

Instance Attribute Summary

• #associations ⇒ Object readonly

  Returns the value of attribute associations.

• #attr_accessible ⇒ Object readonly

  Returns the value of attribute attr_accessible.

• #role_accessible ⇒ Object readonly

  Returns the value of attribute role_accessible.

Instance Method Summary

• #association?(method_name) ⇒ Boolean
• #attr_protected ⇒ Object
• #initialize_model ⇒ Object
• #parent_classes_protected?(seen = {}) ⇒ Boolean

  go up the chain of parent classes to see if any have attr_accessible.

• #set_attr_accessible(exp = nil) ⇒ Object
• #set_attr_protected(exp) ⇒ Object
• #unprotected_model? ⇒ Boolean

Instance Attribute Details

#associations ⇒ Object (readonly)

Returns the value of attribute associations.

# File 'lib/brakeman/tracker/model.rb', line 5

def associations
  @associations
end

#attr_accessible ⇒ Object (readonly)

Returns the value of attribute attr_accessible.

# File 'lib/brakeman/tracker/model.rb', line 5

def attr_accessible
  @attr_accessible
end

#role_accessible ⇒ Object (readonly)

Returns the value of attribute role_accessible.

# File 'lib/brakeman/tracker/model.rb', line 5

def role_accessible
  @role_accessible
end

Instance Method Details

#association?(method_name) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/brakeman/tracker/model.rb', line 13

def association? method_name
  @associations.each do |name, args|
    args.each do |arg|
      if symbol? arg and arg.value == method_name
        return true
      end
    end
  end

  false
end

#attr_protected ⇒ Object

# File 'lib/brakeman/tracker/model.rb', line 65

def attr_protected
  @options[:attr_protected]
end

#initialize_model ⇒ Object

# File 'lib/brakeman/tracker/model.rb', line 7

def initialize_model
  @associations = {}
  @role_accessible = []
  @attr_accessible = nil
end

#parent_classes_protected?(seen = {}) ⇒ Boolean

go up the chain of parent classes to see if any have attr_accessible

Returns:

• (Boolean)

# File 'lib/brakeman/tracker/model.rb', line 30

def parent_classes_protected? seen={}
  seen[self.name] = true

  if @attr_accessible or self.includes.include? :"ActiveModel::ForbiddenAttributesProtection"
    true
  elsif parent = tracker.models[self.parent] and !seen[self.parent]
    parent.parent_classes_protected? seen
  else
    false
  end
end

#set_attr_accessible(exp = nil) ⇒ Object

# File 'lib/brakeman/tracker/model.rb', line 42

def set_attr_accessible exp = nil
  if exp
    args = []

    exp.each_arg do |e|
      if node_type? e, :lit
        args << e.value
      elsif hash? e
        @role_accessible.concat args
      end
    end

    @attr_accessible ||= []
    @attr_accessible.concat args
  else
    @attr_accessible ||= []
  end
end

#set_attr_protected(exp) ⇒ Object

# File 'lib/brakeman/tracker/model.rb', line 61

def set_attr_protected exp
  add_option :attr_protected, exp
end

#unprotected_model? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/brakeman/tracker/model.rb', line 25

def unprotected_model?
  @attr_accessible.nil? and !parent_classes_protected? and ancestor?(:"ActiveRecord::Base")
end