Class: Brakeman::Rails3ConfigProcessor
- Inherits:
-
BaseProcessor
- Object
- SexpProcessor
- BaseProcessor
- Brakeman::Rails3ConfigProcessor
- Defined in:
- lib/brakeman/processors/lib/rails3_config_processor.rb
Overview
Processes configuration. Results are put in tracker.config.
Configuration of Rails via Rails::Initializer are stored in tracker.config. For example:
MyApp::Application.configure do
config.active_record.whitelist_attributes = true
end
will be stored in
tracker.config[:rails][:active_record][:whitelist_attributes]
Values for tracker.config will still be Sexps.
Constant Summary collapse
- RAILS_CONFIG =
Sexp.new(:call, nil, :config)
Constants inherited from BaseProcessor
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from SexpProcessor
Instance Method Summary collapse
-
#get_rails_config(exp) ⇒ Object
Returns an array of symbols for each ‘level’ in the config.
-
#include_rails_config?(exp) ⇒ Boolean
Check if an expression includes a call to set Rails config.
-
#initialize(*args) ⇒ Rails3ConfigProcessor
constructor
A new instance of Rails3ConfigProcessor.
-
#process_attrasgn(exp) ⇒ Object
Look for configuration settings.
-
#process_class(exp) ⇒ Object
Look for class Application < Rails::Application.
-
#process_config(src) ⇒ Object
Use this method to process configuration file.
-
#process_iter(exp) ⇒ Object
Look for MyApp::Application.configure do …
Methods inherited from BaseProcessor
#find_render_type, #ignore, #make_render, #make_render_in_view, #process_arglist, #process_block, #process_default, #process_dstr, #process_evstr, #process_hash, #process_if, #process_ignore, #process_lasgn, #process_scope
Methods included from Util
#array?, #block?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#class_name, #process_all, #process_all!, #process_call_args, #process_module
Methods inherited from SexpProcessor
#error_handler, #in_context, #process, #process_dummy, #scope
Constructor Details
#initialize(*args) ⇒ Rails3ConfigProcessor
Returns a new instance of Rails3ConfigProcessor.
18 19 20 21 22 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 18 def initialize *args super @tracker.config[:rails] ||= {} @inside_config = false end |
Instance Method Details
#get_rails_config(exp) ⇒ Object
Returns an array of symbols for each ‘level’ in the config
config.action_controller.session_store = :cookie
becomes
[:action_controller, :session_store]
115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 115 def get_rails_config exp if node_type? exp, :attrasgn attribute = exp.method.to_s[0..-2].to_sym get_rails_config(exp.target) << attribute elsif call? exp if exp.target == RAILS_CONFIG [exp.method] else get_rails_config(exp.target) << exp.method end else raise "WHAT" end end |
#include_rails_config?(exp) ⇒ Boolean
Check if an expression includes a call to set Rails config
93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 93 def include_rails_config? exp target = exp.target if call? target if target.target == RAILS_CONFIG true else include_rails_config? target end elsif target == RAILS_CONFIG true else false end end |
#process_attrasgn(exp) ⇒ Object
Look for configuration settings
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 58 def process_attrasgn exp return exp unless @inside_config if exp.target == RAILS_CONFIG #Get rid of '=' at end attribute = exp.method.to_s[0..-2].to_sym if exp.args.length > 1 #Multiple arguments?...not sure if this will ever happen @tracker.config[:rails][attribute] = exp.args else @tracker.config[:rails][attribute] = exp.first_arg end elsif include_rails_config? exp = get_rails_config exp level = @tracker.config[:rails] [0..-2].each do |o| level[o] ||= {} option = level[o] if not option.is_a? Hash Brakeman.debug "[Notice] Skipping config setting: #{.map(&:to_s).join(".")}" return exp end level = level[o] end level[.last] = exp.first_arg end exp end |
#process_class(exp) ⇒ Object
Look for class Application < Rails::Application
47 48 49 50 51 52 53 54 55 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 47 def process_class exp if exp.class_name == :Application @inside_config = true process_all exp.body if sexp? exp.body @inside_config = false end exp end |
#process_config(src) ⇒ Object
Use this method to process configuration file
25 26 27 28 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 25 def process_config src res = Brakeman::AliasProcessor.new(@tracker).process_safely(src) process res end |
#process_iter(exp) ⇒ Object
Look for MyApp::Application.configure do … end
31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/brakeman/processors/lib/rails3_config_processor.rb', line 31 def process_iter exp call = exp.block_call if node_type?(call.target, :colon2) and call.target.rhs == :Application and call.method == :configure @inside_config = true process exp.block if sexp? exp.block @inside_config = false end exp end |