Class: Brakeman::TemplateProcessor

Inherits:

BaseProcessor

• Object
• SexpProcessor
• BaseProcessor
• Brakeman::TemplateProcessor

Defined in:

lib/brakeman/processors/template_processor.rb

Overview

Base Processor for templates/views

Direct Known Subclasses

ErbTemplateProcessor, ErubisTemplateProcessor, HamlTemplateProcessor, SlimTemplateProcessor

Constant Summary

Constants inherited from BaseProcessor

BaseProcessor::IGNORE

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Instance Attribute Summary

Attributes inherited from SexpProcessor

#context, #env, #expected

Instance Method Summary

• #add_escaped_output(output) ⇒ Object
• #add_output(output, type = :output) ⇒ Object
• #initialize(tracker, template_name, called_from = nil, current_file = nil) ⇒ TemplateProcessor constructor

  Initializes template information.

• #normalize_output(arg) ⇒ Object

  Pull out actual output value from template.

• #process(exp) ⇒ Object

  Process the template Sexp.

• #process_escaped_output(exp) ⇒ Object
• #process_lasgn(exp) ⇒ Object

  Ignore initial variable assignment.

• #process_output(exp) ⇒ Object

  Adds output to the list of outputs.

Methods inherited from BaseProcessor

#find_render_type, #ignore, #make_inline_render, #make_render, #make_render_in_view, #process_arglist, #process_attrasgn, #process_block, #process_cdecl, #process_default, #process_dstr, #process_evstr, #process_file, #process_hash, #process_if, #process_ignore, #process_iter, #process_scope

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Methods included from ProcessorHelper

#current_file, #process_all, #process_all!, #process_call_args, #process_call_defn?, #process_class, #process_module

Methods inherited from SexpProcessor

#in_context, processors, #scope

Constructor Details

#initialize(tracker, template_name, called_from = nil, current_file = nil) ⇒ TemplateProcessor

Initializes template information.

# File 'lib/brakeman/processors/template_processor.rb', line 8

def initialize tracker, template_name, called_from = nil, current_file = nil
  super(tracker)
  @current_template = Brakeman::Template.new template_name, called_from, current_file, tracker
  @current_file = @current_template.file

  if called_from
    template_name = (template_name.to_s + "." + called_from.to_s).to_sym
  end

  tracker.templates[template_name] = @current_template

  @inside_concat = false
end

Instance Method Details

#add_escaped_output(output) ⇒ Object

# File 'lib/brakeman/processors/template_processor.rb', line 75

def add_escaped_output output
  add_output output, :escaped_output
end

#add_output(output, type = :output) ⇒ Object

# File 'lib/brakeman/processors/template_processor.rb', line 79

def add_output output, type = :output
  if node_type? output, :or
    Sexp.new(:or, add_output(output.lhs, type), add_output(output.rhs, type)).line(output.line)
  else
    s = Sexp.new(type, output)
    s.line(output.line)
    @current_template.add_output s
    s
  end
end

#normalize_output(arg) ⇒ Object

Pull out actual output value from template

# File 'lib/brakeman/processors/template_processor.rb', line 57

def normalize_output arg
  if call? arg and [:to_s, :html_safe!, :freeze].include? arg.method
    arg.target
  elsif node_type? arg, :if
    branches = [arg.then_clause, arg.else_clause].compact

    if branches.empty?
      s(:nil).line(arg.line)
    elsif branches.length == 2
      Sexp.new(:or, *branches).line(arg.line)
    else
      branches.first
    end
  else
    arg
  end
end

#process(exp) ⇒ Object

Process the template Sexp.

# File 'lib/brakeman/processors/template_processor.rb', line 23

def process exp
  begin
    super
  rescue => e
    except = e.exception("Error when processing #{@current_template.name}: #{e.message}")
    except.set_backtrace(e.backtrace)
    raise except
  end
end

#process_escaped_output(exp) ⇒ Object

# File 'lib/brakeman/processors/template_processor.rb', line 52

def process_escaped_output exp
  process_output exp
end

#process_lasgn(exp) ⇒ Object

Ignore initial variable assignment

# File 'lib/brakeman/processors/template_processor.rb', line 34

def process_lasgn exp
  if exp.lhs == :_erbout and exp.rhs.node_type == :str  #ignore
    ignore
  elsif exp.lhs == :_buf and exp.rhs.node_type == :str
    ignore
  else
    exp.rhs = process exp.rhs
    exp
  end
end

#process_output(exp) ⇒ Object

Adds output to the list of outputs.

# File 'lib/brakeman/processors/template_processor.rb', line 46

def process_output exp
  exp.value = process exp.value
  @current_template.add_output exp unless exp.original_line
  exp
end