Module: Brakeman::ControllerMethods

Included in:

Controller, Library

Defined in:

lib/brakeman/tracker/controller.rb

Instance Attribute Summary

• #layout ⇒ Object

  Returns the value of attribute layout.

Instance Method Summary

• #add_before_filter(exp) ⇒ Object
• #before_filter_list(processor, method) ⇒ Object
• #before_filter_to_hash(processor, args) ⇒ Object
• #before_filters ⇒ Object
• #get_before_filters(processor, method) ⇒ Object
• #get_skipped_filters(processor, method) ⇒ Object
• #initialize_controller ⇒ Object
• #prepend_before_filter(exp) ⇒ Object
• #protect_from_forgery? ⇒ Boolean
• #remove_skipped_filters(processor, filters, method) ⇒ Object
• #skip_filter(exp) ⇒ Object
• #skip_filters ⇒ Object

Instance Attribute Details

#layout ⇒ Object

Returns the value of attribute layout.

# File 'lib/brakeman/tracker/controller.rb', line 5

def layout
  @layout
end

Instance Method Details

#add_before_filter(exp) ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 19

def add_before_filter exp
  @options[:before_filters] << exp
end

#before_filter_list(processor, method) ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 39

def before_filter_list processor, method
  controller = self
  filters = []

  while controller
    filters = controller.get_before_filters(processor, method) + filters

    controller = tracker.controllers[controller.parent] ||
      tracker.libs[controller.parent]
  end

  remove_skipped_filters processor, filters, method
end

#before_filter_to_hash(processor, args) ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 106

def before_filter_to_hash processor, args
  filter = {}

  #Process args for the uncommon but possible situation
  #in which some variables are used in the filter.
  args.each do |a|
    if sexp? a
      a = processor.process_default a
    end
  end

  filter[:methods] = []

  args.each do |a|
    filter[:methods] << a[1] if a.node_type == :lit
  end

  options = args.last

  if hash? options
    # Probably only one option,
    # but this also avoids issues with kwsplats
    hash_iterate(options) do |option, value|
      case value.node_type
      when :array
        filter[option.value] = value.sexp_body.map {|v| v[1] }
      when :lit, :str
        filter[option.value] = value[1]
      else
        Brakeman.debug "[Notice] Unknown before_filter value: #{option} => #{value}"
      end
    end
  else
    filter[:all] = true
  end

  filter
end

#before_filters ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 27

def before_filters
  @options[:before_filters]
end

#get_before_filters(processor, method) ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 86

def get_before_filters processor, method
  filters = []

  if @before_filter_cache.nil?
    @before_filter_cache = []

    before_filters.each do |filter|
      @before_filter_cache << before_filter_to_hash(processor, filter.args)
    end
  end

  @before_filter_cache.each do |f|
    if filter_includes_method? f, method
      filters.concat f[:methods]
    end
  end

  filters
end

#get_skipped_filters(processor, method) ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 53

def get_skipped_filters processor, method
  filters = []

  if @skip_filter_cache.nil?
    @skip_filter_cache = skip_filters.map do |filter|
      before_filter_to_hash(processor, filter.args)
    end
  end

  @skip_filter_cache.each do |f|
    if filter_includes_method? f, method
      filters.concat f[:methods]
    else
    end
  end

  filters
end

#initialize_controller ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 7

def initialize_controller
  @options[:before_filters] = []
  @options[:skip_filters] = []
  @layout = nil
  @skip_filter_cache = nil
  @before_filter_cache = nil
end

#prepend_before_filter(exp) ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 23

def prepend_before_filter exp
  @options[:before_filters].unshift exp
end

#protect_from_forgery? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/brakeman/tracker/controller.rb', line 15

def protect_from_forgery?
  @options[:protect_from_forgery]
end

#remove_skipped_filters(processor, filters, method) ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 73

def remove_skipped_filters processor, filters, method
  controller = self

  while controller
    filters = filters - controller.get_skipped_filters(processor, method)

    controller = tracker.controllers[controller.parent] ||
      tracker.libs[controller.parent]
  end

  filters
end

#skip_filter(exp) ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 31

def skip_filter exp
  @options[:skip_filters] << exp
end

#skip_filters ⇒ Object

# File 'lib/brakeman/tracker/controller.rb', line 35

def skip_filters
  @options[:skip_filters]
end