Class: Brakeman::BaseProcessor

# File 'lib/brakeman/processors/base_processor.rb', line 14

def initialize tracker
  super()
  @last = nil
  @tracker = tracker
  @app_tree = tracker.app_tree if tracker
  @current_template = @current_module = @current_class = @current_method = @current_file = nil
end

Instance Method Details

#find_render_type(call, in_view = false) ⇒ `Object`

Determines the type of a call to render.

Possible types are: :action, :default, :file, :inline, :js, :json, :nothing, :partial, :template, :text, :update, :xml

And also :layout for inside templates

# File 'lib/brakeman/processors/base_processor.rb', line 218

def find_render_type call, in_view = false
  rest = Sexp.new(:hash).line(call.line)
  type = nil
  value = nil
  first_arg = call.first_arg

  if call.second_arg.nil? and first_arg == Sexp.new(:lit, :update)
    return :update, nil, Sexp.new(:arglist, *call.args[0..-2]) #TODO HUH?
  end

  #Look for render :action, ... or render "action", ...
  if string? first_arg or symbol? first_arg
    if @current_template and @tracker.options[:rails3]
      type = :partial
      value = first_arg
    else
      type = :action
      value = first_arg
    end
  elsif first_arg.is_a? Symbol or first_arg.is_a? String
    type = :action
    value = Sexp.new(:lit, first_arg.to_sym).line(call.line)
  elsif first_arg.nil?
    type = :default
  elsif not hash? first_arg
    type = :action
    value = first_arg
  end

  types_in_hash = Set[:action, :file, :inline, :js, :json, :nothing, :partial, :template, :text, :update, :xml]

  #render :layout => "blah" means something else when in a template
  if in_view
    types_in_hash << :layout
  end

  last_arg = call.last_arg

  #Look for "type" of render in options hash
  #For example, render :file => "blah"
  if hash? last_arg
    hash_iterate(last_arg) do |key, val|
      if symbol? key and types_in_hash.include? key.value
        type = key.value
        value = val
      else  
        rest << key << val
      end
    end
  end

  type ||= :default
  value ||= :default

  if type == :inline and string? value and not hash_access(rest, :type)
    value, rest = make_inline_render(value, rest)
  end

  return type, value, rest
end

#ignore ⇒ `Object`



27
28
29

# File 'lib/brakeman/processors/base_processor.rb', line 27

def ignore
  IGNORE
end

#make_inline_render(value, options) ⇒ `Object`

# File 'lib/brakeman/processors/base_processor.rb', line 279

def make_inline_render value, options
  require 'brakeman/parsers/template_parser'

  class_or_module = (@current_class || @current_module)

  class_or_module = if class_or_module.nil?
                      "Unknown"
                    else
                      class_or_module.name
                    end

  template_name = "#@current_method/inline@#{value.line}:#{class_or_module}".to_sym
  type, ast = Brakeman::TemplateParser.parse_inline_erb(@tracker, value.value)
  ast = ast.deep_clone(value.line)
  @tracker.processor.process_template(template_name, ast, type, nil, @current_file)
  @tracker.processor.process_template_alias(@tracker.templates[template_name])

  return s(:lit, template_name).line(value.line), options
end

#make_render(exp, in_view = false) ⇒ `Object`

Generates :render node from call to render.

# File 'lib/brakeman/processors/base_processor.rb', line 203

def make_render exp, in_view = false 
  render_type, value, rest = find_render_type exp, in_view
  rest = process rest
  result = Sexp.new(:render, render_type, value, rest)
  result.line(exp.line)
  result
end

#make_render_in_view(exp) ⇒ `Object`

Convenience method for ‘make_render exp, true`



198
199
200

# File 'lib/brakeman/processors/base_processor.rb', line 198

def make_render_in_view exp
  make_render exp, true
end

#process_arglist(exp) ⇒ `Object`

Processes the values in an argument list

# File 'lib/brakeman/processors/base_processor.rb', line 145

def process_arglist exp
  exp = exp.dup
  exp.shift
  exp.map! do |e|
    process e
  end

  exp.unshift :arglist
end

#process_attrasgn(exp) ⇒ `Object`

Processes an attribute assignment, which can be either x.y = 1 or x = 1

# File 'lib/brakeman/processors/base_processor.rb', line 172

def process_attrasgn exp
  exp = exp.dup
  exp.target = process exp.target
  exp.arglist = process exp.arglist
  exp
end

#process_block(exp) ⇒ `Object` Also known as: process_rlist

Processes a block. Changes Sexp node type to :rlist

# File 'lib/brakeman/processors/base_processor.rb', line 106

def process_block exp
  exp = exp.dup
  exp.shift

  exp.map! do |e|
    process e
  end

  exp.unshift :rlist
end

#process_cdecl(exp) ⇒ `Object`

# File 'lib/brakeman/processors/base_processor.rb', line 184

def process_cdecl exp
  if @tracker
    @tracker.add_constant exp.lhs,
      exp.rhs,
      :file => current_file,
      :module => @current_module,
      :class => @current_class,
      :method => @current_method
  end

  exp
end

#process_default(exp) ⇒ `Object`

Default processing.

# File 'lib/brakeman/processors/base_processor.rb', line 37

def process_default exp
  exp = exp.dup

  exp.each_with_index do |e, i|
    exp[i] = process e if sexp? e and not e.empty?
  end

  exp
end

#process_dstr(exp) ⇒ `Object`

String with interpolation.

# File 'lib/brakeman/processors/base_processor.rb', line 86

def process_dstr exp
  exp = exp.dup
  exp.shift
  exp.map! do |e|
    if e.is_a? String
      e
    else
      res = process e
      if res.empty?
        nil
      else
        res
      end
    end
  end.compact!

  exp.unshift :dstr
end

#process_evstr(exp) ⇒ `Object`

Processes the inside of an interpolated String.

# File 'lib/brakeman/processors/base_processor.rb', line 120

def process_evstr exp
  exp = exp.dup
  if exp[1]
    exp[1] = process exp[1]
  end

  exp
end

#process_file(exp, current_file) ⇒ `Object`

# File 'lib/brakeman/processors/base_processor.rb', line 22

def process_file exp, current_file
  @current_file = current_file
  process exp
end

#process_hash(exp) ⇒ `Object`

Processes a hash

# File 'lib/brakeman/processors/base_processor.rb', line 130

def process_hash exp
  exp = exp.dup
  exp.shift
  exp.map! do |e|
    if sexp? e
      process e
    else
      e
    end
  end

  exp.unshift :hash
end

#process_if(exp) ⇒ `Object`

Process an if statement.

# File 'lib/brakeman/processors/base_processor.rb', line 48

def process_if exp
  exp = exp.dup
  condition = exp[1] = process exp.condition

  if true? condition
    exp[2] = process exp.then_clause if exp.then_clause
    exp[3] = nil
  elsif false? condition
    exp[2] = nil
    exp[3] = process exp.else_clause if exp.else_clause
  else
    exp[2] = process exp.then_clause if exp.then_clause
    exp[3] = process exp.else_clause if exp.else_clause
  end

  exp
end

#process_ignore(exp) ⇒ `Object`

Ignore ignore Sexps



180
181
182

# File 'lib/brakeman/processors/base_processor.rb', line 180

def process_ignore exp
  exp
end

#process_iter(exp) ⇒ `Object`

Processes calls with blocks.

s(:iter, CALL, :lasgn|:masgn, BLOCK)

# File 'lib/brakeman/processors/base_processor.rb', line 69

def process_iter exp
  exp = exp.dup
  call = process exp.block_call
  #deal with assignments somehow
  if exp.block
    block = process exp.block
    block = nil if block.empty?
  else
    block = nil
  end

  call = Sexp.new(:iter, call, exp.block_args, block).compact
  call.line(exp.line)
  call
end

#process_lasgn(exp) ⇒ `Object` Also known as: process_iasgn

Processes a local assignment

# File 'lib/brakeman/processors/base_processor.rb', line 156

def process_lasgn exp
  exp = exp.dup
  exp.rhs = process exp.rhs
  exp
end

#process_scope(exp) ⇒ `Object`

Process a new scope. Removes expressions that are set to nil.



32
33
34

# File 'lib/brakeman/processors/base_processor.rb', line 32

def process_scope exp
  #NOPE?
end

Class: Brakeman::BaseProcessor

Overview

Direct Known Subclasses

Constant Summary collapse

Constants included from Util

Constants inherited from SexpProcessor

Instance Attribute Summary

Attributes inherited from SexpProcessor

Instance Method Summary collapse

Methods included from Util

Methods included from ProcessorHelper

Methods inherited from SexpProcessor

Constructor Details

#initialize(tracker) ⇒ BaseProcessor

Instance Method Details

#find_render_type(call, in_view = false) ⇒ Object

#ignore ⇒ Object

#make_inline_render(value, options) ⇒ Object

#make_render(exp, in_view = false) ⇒ Object

#make_render_in_view(exp) ⇒ Object

#process_arglist(exp) ⇒ Object

#process_attrasgn(exp) ⇒ Object

#process_block(exp) ⇒ Object Also known as: process_rlist

#process_cdecl(exp) ⇒ Object

#process_default(exp) ⇒ Object

#process_dstr(exp) ⇒ Object

#process_evstr(exp) ⇒ Object

#process_file(exp, current_file) ⇒ Object

#process_hash(exp) ⇒ Object

#process_if(exp) ⇒ Object

#process_ignore(exp) ⇒ Object

#process_iter(exp) ⇒ Object

#process_lasgn(exp) ⇒ Object Also known as: process_iasgn

#process_scope(exp) ⇒ Object

#initialize(tracker) ⇒ `BaseProcessor`