Class: Brakeman::OutputProcessor

Inherits:

Ruby2Ruby

• Object
• Ruby2Ruby
• Brakeman::OutputProcessor

Includes:

Util

Defined in:

lib/brakeman/processors/output_processor.rb

Overview

Produces formatted output strings from Sexps. Recommended usage is

OutputProcessor.new.format(Sexp.new(:str, "hello"))

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Instance Method Summary

• #format(exp, user_input = nil, &block) ⇒ Object (also: #process_safely)

  Copies exp and then formats it.

• #initialize(*args) ⇒ OutputProcessor constructor

  A new instance of OutputProcessor.

• #output_format(exp, tag) ⇒ Object
• #process(exp) ⇒ Object
• #process_const(exp) ⇒ Object
• #process_cookies(exp) ⇒ Object
• #process_defn(exp) ⇒ Object
• #process_escaped_output(exp) ⇒ Object
• #process_format(exp) ⇒ Object
• #process_format_escaped(exp) ⇒ Object
• #process_ignore(exp) ⇒ Object
• #process_iter(exp) ⇒ Object
• #process_output(exp) ⇒ Object
• #process_params(exp) ⇒ Object
• #process_render(exp) ⇒ Object
• #process_rlist(exp) ⇒ Object
• #process_session(exp) ⇒ Object

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

#initialize(*args) ⇒ OutputProcessor

Returns a new instance of OutputProcessor.

# File 'lib/brakeman/processors/output_processor.rb', line 11

def initialize *args
  super
  @user_input = nil
end

Instance Method Details

#format(exp, user_input = nil, &block) ⇒ Object Also known as: process_safely

Copies exp and then formats it.

# File 'lib/brakeman/processors/output_processor.rb', line 17

def format exp, user_input = nil, &block
  @user_input = user_input
  @user_input_block = block
  process(exp.deep_clone) || "[Format Error]"
end

#output_format(exp, tag) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 114

def output_format exp, tag
  out = if exp[1].node_type == :str or exp[1].node_type == :ignore
          ""
        else
          res = process exp[1]

          if res == ""
            ""
          else
            "[#{tag}] #{res}"
          end
        end

  out
end

#process(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 25

def process exp
  begin
    if @user_input and @user_input == exp
      @user_input_block.call(exp, super(exp))
    else
      super exp if sexp? exp and not exp.empty?
    end
  rescue => e
    Brakeman.debug "While formatting #{exp}: #{e}\n#{e.backtrace.join("\n")}"
  end
end

#process_const(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 130

def process_const exp
  if exp[1] == Brakeman::Tracker::UNKNOWN_MODEL
    "(Unresolved Model)"
  else
    out = exp[1].to_s
    out
  end
end

#process_cookies(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 49

def process_cookies exp
  "cookies"
end

#process_defn(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 66

def process_defn exp
  # Copied from Ruby2Ruby except without the whole
  # "convert methods to attr_*" stuff
  exp = exp.deep_clone
  exp.shift
  name = exp.shift
  args = process exp.shift
  args = "" if args == "()"

  exp.shift if exp == s(s(:nil)) # empty it out of a default nil expression

  body = []
  until exp.empty? do
    body << indent(process(exp.shift))
  end

  body << indent("# do nothing") if body.empty?

  body = body.join("\n")

  return "def #{name}#{args}\n#{body}\nend".gsub(/\n\s*\n+/, "\n")
end

#process_escaped_output(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 101

def process_escaped_output exp
  output_format exp, "Escaped Output"
end

#process_format(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 106

def process_format exp
  output_format exp, "Format"
end

#process_format_escaped(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 110

def process_format_escaped exp
  output_format exp, "Escaped"
end

#process_ignore(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 37

def process_ignore exp
  "[ignored]"
end

#process_iter(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 89

def process_iter exp
  call = process exp[1]
  block = process_rlist exp.sexp_body(3)
  out = "#{call} do\n #{block}\n end"

  out
end

#process_output(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 97

def process_output exp
  output_format exp, "Output"
end

#process_params(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 41

def process_params exp
  "params"
end

#process_render(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 139

def process_render exp
  exp = exp.deep_clone
  exp.shift

  exp[1] = process exp[1] if sexp? exp[1]
  exp[2] = process exp[2] if sexp? exp[2]
  out = "render(#{exp[0]} => #{exp[1]}, #{exp[2]})"

  out
end

#process_rlist(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 53

def process_rlist exp
  out = exp.map do |e|
    res = process e
    if res == ""
      nil
    else
      res
    end
  end.compact.join("\n")

  out
end

#process_session(exp) ⇒ Object

# File 'lib/brakeman/processors/output_processor.rb', line 45

def process_session exp
  "session"
end