Class: Brakeman::Rails3Erubis

Inherits:
Erubis::Eruby
  • Object
show all
Defined in:
lib/brakeman/parsers/rails3_erubis.rb

Overview

Constant Summary collapse

BLOCK_EXPR =
/\s*((\s+|\))do|\{)(\s*\|[^|]*\|)?\s*\Z/

Instance Method Summary collapse

Instance Method Details

#add_expr(src, code, indicator) ⇒ Object

Erubis toggles <%= and <%== behavior when escaping is enabled. We override to always treat <%== as escaped.



29
30
31
32
33
34
35
36
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 29

def add_expr(src, code, indicator)
  case indicator
  when '=='
    add_expr_escaped(src, code)
  else
    super
  end
end

#add_expr_escaped(src, code) ⇒ Object



49
50
51
52
53
54
55
56
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 49

def add_expr_escaped(src, code)
  flush_newline_if_pending(src)
  if code =~ BLOCK_EXPR
    src << "@output_buffer.safe_expr_append= " << code
  else
    src << "@output_buffer.safe_expr_append=(" << code << ");"
  end
end

#add_expr_literal(src, code) ⇒ Object



40
41
42
43
44
45
46
47
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 40

def add_expr_literal(src, code)
  flush_newline_if_pending(src)
  if code =~ BLOCK_EXPR
    src << '@output_buffer.append= ' << code
  else
    src << '@output_buffer.append=(' << code << ');'
  end
end

#add_postamble(src) ⇒ Object



63
64
65
66
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 63

def add_postamble(src)
  flush_newline_if_pending(src)
  src << '@output_buffer.to_s'
end

#add_preamble(src) ⇒ Object



7
8
9
10
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 7

def add_preamble(src)
  @newline_pending = 0
  src << "@output_buffer = output_buffer || ActionView::OutputBuffer.new;"
end

#add_stmt(src, code) ⇒ Object



58
59
60
61
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 58

def add_stmt(src, code)
  flush_newline_if_pending(src)
  super
end

#add_text(src, text) ⇒ Object



12
13
14
15
16
17
18
19
20
21
22
23
24
25
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 12

def add_text(src, text)
  return if text.empty?

  if text == "\n"
    @newline_pending += 1
  else
    src << "@output_buffer.safe_append='"
    src << "\n" * @newline_pending if @newline_pending > 0
    src << escape_text(text)
    src << "'.freeze;"

    @newline_pending = 0
  end
end

#convert_input(src, input) ⇒ Object



77
78
79
80
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 77

def convert_input(src, input)
  input = input.gsub(/<%graphql/, "<%#")
  super(src, input)
end

#flush_newline_if_pending(src) ⇒ Object



68
69
70
71
72
73
# File 'lib/brakeman/parsers/rails3_erubis.rb', line 68

def flush_newline_if_pending(src)
  if @newline_pending > 0
    src << "@output_buffer.safe_append='#{"\n" * @newline_pending}'.freeze;"
    @newline_pending = 0
  end
end