Class: Brakeman::Tracker

Inherits:
Object show all
Defined in:
lib/brakeman/tracker.rb

Overview

The Tracker keeps track of all the processed information.

Constant Summary collapse

UNKNOWN_MODEL =

Place holder when there should be a model, but it is not clear what model it will be.

:BrakemanUnresolvedModel

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app_tree, processor = nil, options = {}) ⇒ Tracker

Creates a new Tracker.

The Processor argument is only used by other Processors that might need to access it.


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/brakeman/tracker.rb', line 23

def initialize(app_tree, processor = nil, options = {})
  @app_tree = app_tree
  @processor = processor
  @options = options

  @config = { :rails => {}, :gems => {} }
  @templates = {}
  @controllers = {}
  #Initialize models with the unknown model so
  #we can match models later without knowing precisely what
  #class they are.
  @models = { UNKNOWN_MODEL => { :name => UNKNOWN_MODEL,
      :parent => nil,
      :includes => [],
      :public => {},
      :private => {},
      :protected => {},
      :options => {},
      :files => [] } }
  @routes = {}
  @initializers = {}
  @errors = []
  @libs = {}
  @checks = nil
  @processed = nil
  @template_cache = Set.new
  @filter_cache = {}
  @call_index = nil
  @start_time = Time.now
  @end_time = nil
  @duration = nil
end

Instance Attribute Details

#checksObject

Returns the value of attribute checks


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def checks
  @checks
end

#configObject

Returns the value of attribute config


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def config
  @config
end

#controllersObject

Returns the value of attribute controllers


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def controllers
  @controllers
end

#durationObject

Returns the value of attribute duration


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def duration
  @duration
end

#end_timeObject

Returns the value of attribute end_time


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def end_time
  @end_time
end

#errorsObject

Returns the value of attribute errors


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def errors
  @errors
end

#filter_cacheObject

Returns the value of attribute filter_cache


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def filter_cache
  @filter_cache
end

#ignored_filterObject

Returns the value of attribute ignored_filter


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def ignored_filter
  @ignored_filter
end

#initializersObject

Returns the value of attribute initializers


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def initializers
  @initializers
end

#libsObject

Returns the value of attribute libs


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def libs
  @libs
end

#modelsObject

Returns the value of attribute models


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def models
  @models
end

#optionsObject

Returns the value of attribute options


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def options
  @options
end

#processorObject

Returns the value of attribute processor


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def processor
  @processor
end

#routesObject

Returns the value of attribute routes


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def routes
  @routes
end

#start_timeObject

Returns the value of attribute start_time


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def start_time
  @start_time
end

#template_cacheObject

Returns the value of attribute template_cache


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def template_cache
  @template_cache
end

#templatesObject

Returns the value of attribute templates


10
11
12
# File 'lib/brakeman/tracker.rb', line 10

def templates
  @templates
end

Instance Method Details

#app_pathObject


80
81
82
# File 'lib/brakeman/tracker.rb', line 80

def app_path
  @app_path ||= File.expand_path @options[:app_path]
end

#check_initializers(target, method) ⇒ Object

Searches the initializers for a method call


152
153
154
155
156
157
158
159
160
# File 'lib/brakeman/tracker.rb', line 152

def check_initializers target, method
  finder = Brakeman::FindCall.new target, method, self

  initializers.sort.each do |name, initializer|
    finder.process_source initializer
  end

  finder.matches
end

#each_methodObject

Iterate over all methods in controllers and models.


85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/brakeman/tracker.rb', line 85

def each_method
  classes = [self.controllers, self.models]

  if @options[:index_libs]
    classes << self.libs
  end

  classes.each do |set|
    set.each do |set_name, info|
      [:private, :public, :protected].each do |visibility|
        info[visibility].each do |method_name, definition|
          src = definition[:src]
          if src.node_type == :selfdef
            method_name = "#{src[1]}.#{method_name}"
          end

          yield src, set_name, method_name, definition[:file]

        end
      end
    end
  end
end

#each_templateObject

Iterates over each template, yielding the name and the template. Prioritizes templates which have been rendered.


111
112
113
114
115
116
117
118
119
120
121
122
123
# File 'lib/brakeman/tracker.rb', line 111

def each_template
  if @processed.nil?
    @processed, @rest = templates.keys.sort_by{|template| template.to_s}.partition { |k| k.to_s.include? "." }
  end

  @processed.each do |k|
    yield k, templates[k]
  end

  @rest.each do |k|
    yield k, templates[k]
  end
end

#error(exception, backtrace = nil) ⇒ Object

Add an error to the list. If no backtrace is given, the one from the exception will be used.


58
59
60
61
62
63
64
65
66
67
68
# File 'lib/brakeman/tracker.rb', line 58

def error exception, backtrace = nil
  backtrace ||= exception.backtrace
  unless backtrace.is_a? Array
    backtrace = [ backtrace ]
  end

  Brakeman.debug exception
  Brakeman.debug backtrace

  @errors << { :error => exception.to_s.gsub("\n", " "), :backtrace => backtrace }
end

#filtered_warningsObject


171
172
173
174
175
176
177
178
179
# File 'lib/brakeman/tracker.rb', line 171

def filtered_warnings
  if self.ignored_filter
    self.warnings.reject do |w|
      self.ignored_filter.ignored? w
    end
  else
    self.warnings
  end
end

#find_call(options) ⇒ Object

Find a method call.

Options:

* :target => target name(s)
* :method => method name(s)
* :chained => search in method chains

If :target => false or :target => nil, searches for methods without a target. Targets and methods can be specified as a symbol, an array of symbols, or a regular expression.

If :chained => true, matches target at head of method chain and method at end.

For example:

find_call :target => User, :method => :all, :chained => true

could match

User.human.active.all(...)

146
147
148
149
# File 'lib/brakeman/tracker.rb', line 146

def find_call options
  index_call_sites unless @call_index
  @call_index.find_calls options
end

#index_call_sitesObject


181
182
183
184
185
186
187
188
189
190
191
192
193
# File 'lib/brakeman/tracker.rb', line 181

def index_call_sites
  finder = Brakeman::FindAllCalls.new self

  self.each_method do |definition, set_name, method_name, file|
    finder.process_source definition, :class => set_name, :method => method_name, :file => file
  end

  self.each_template do |name, template|
    finder.process_source template[:src], :template => template, :file => template[:file]
  end

  @call_index = Brakeman::CallIndex.new finder.calls
end

#reindex_call_sites(locations) ⇒ Object

Reindex call sites

Takes a set of symbols which can include :templates, :models, or :controllers

This will limit reindexing to the given sets


201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
# File 'lib/brakeman/tracker.rb', line 201

def reindex_call_sites locations
  #If reindexing templates, models, and controllers, just redo
  #everything
  if locations.length == 3
    return index_call_sites
  end

  if locations.include? :templates
    @call_index.remove_template_indexes
  end

  classes_to_reindex = Set.new
  method_sets = []

  if locations.include? :models
    classes_to_reindex.merge self.models.keys
    method_sets << self.models
  end

  if locations.include? :controllers
    classes_to_reindex.merge self.controllers.keys
    method_sets << self.controllers
  end

  @call_index.remove_indexes_by_class classes_to_reindex

  finder = Brakeman::FindAllCalls.new self

  method_sets.each do |set|
    set.each do |set_name, info|
      [:private, :public, :protected].each do |visibility|
        info[visibility].each do |method_name, definition|
          src = definition[:src]
          if src.node_type == :selfdef
            method_name = "#{src[1]}.#{method_name}"
          end

          finder.process_source src, :class => set_name, :method => method_name, :file => definition[:file]

        end
      end
    end
  end

  if locations.include? :templates
    self.each_template do |name, template|
      finder.process_source template[:src], :template => template, :file => template[:file]
    end
  end

  @call_index.index_calls finder.calls
end

#reportObject

Returns a Report with this Tracker's information


163
164
165
# File 'lib/brakeman/tracker.rb', line 163

def report
  Brakeman::Report.new(@app_tree, self)
end

#reset_controller(path) ⇒ Object


307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
# File 'lib/brakeman/tracker.rb', line 307

def reset_controller path
  controller_name = nil

  #Remove from controller
  @controllers.each do |name, controller|
    if controller[:files].include?(path)
      controller_name = name
      template_matcher = /^#{name}#/

      #Remove templates rendered from this controller
      @templates.each do |template_name, template|
        if template[:caller] and not template[:caller].grep(template_matcher).empty?
          reset_template template_name
          @call_index.remove_template_indexes template_name
        end
      end

      #Remove calls indexed from this controller
      @call_index.remove_indexes_by_class [name]
      break
    end
  end
  @controllers.delete controller_name
end

#reset_lib(path) ⇒ Object

Clear information related to model


294
295
296
297
298
299
300
301
302
303
304
305
# File 'lib/brakeman/tracker.rb', line 294

def reset_lib path
  lib_name = nil

  @libs.each do |name, lib|
    if lib[:files].include?(path)
      lib_name = name
      break
    end
  end

  @libs.delete lib_name
end

#reset_model(path) ⇒ Object

Clear information related to model


280
281
282
283
284
285
286
287
288
289
290
291
# File 'lib/brakeman/tracker.rb', line 280

def reset_model path
  model_name = nil

  @models.each do |name, model|
    if model[:files].include?(path)
      model_name = name
      break
    end
  end

  @models.delete model_name
end

#reset_routesObject

Clear information about routes


333
334
335
# File 'lib/brakeman/tracker.rb', line 333

def reset_routes
  @routes = {}
end

#reset_template(name) ⇒ Object

Clear information related to template


271
272
273
274
275
276
277
# File 'lib/brakeman/tracker.rb', line 271

def reset_template name
  name = name.to_sym
  @templates.delete name
  @processed = nil
  @rest = nil
  @template_cache.clear
end

#reset_templates(options = { :only_rendered => false }) ⇒ Object

Clear information related to templates. If :only_rendered => true, will delete templates rendered from controllers (but not those rendered from other templates)


257
258
259
260
261
262
263
264
265
266
267
268
# File 'lib/brakeman/tracker.rb', line 257

def reset_templates options = { :only_rendered => false }
  if options[:only_rendered]
    @templates.delete_if do |name, template|
      name.to_s.include? "Controller#"
    end
  else
    @templates = {}
  end
  @processed = nil
  @rest = nil
  @template_cache.clear
end

#run_checksObject

Run a set of checks on the current information. Results will be stored in Tracker#checks.


72
73
74
75
76
77
78
# File 'lib/brakeman/tracker.rb', line 72

def run_checks
  @checks = Brakeman::Checks.run_checks(@app_tree, self)

  @end_time = Time.now
  @duration = @end_time - @start_time
  @checks
end

#warningsObject


167
168
169
# File 'lib/brakeman/tracker.rb', line 167

def warnings
  self.checks.all_warnings
end