Class: Brakeman::HamlTemplateProcessor

Inherits:
TemplateProcessor show all
Defined in:
lib/brakeman/processors/haml_template_processor.rb

Overview

Processes HAML templates.

Constant Summary collapse

HAML_FORMAT_METHOD = 
/format_script_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)/

Constants inherited from BaseProcessor

BaseProcessor::IGNORE

Constants included from Util

Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Instance Attribute Summary

Attributes inherited from SexpProcessor

#context, #env, #expected

Instance Method Summary collapse

Methods inherited from TemplateProcessor

#initialize, #process, #process_escaped_output, #process_lasgn, #process_output

Methods inherited from BaseProcessor

#find_render_type, #ignore, #initialize, #make_render, #make_render_in_view, #process_arglist, #process_attrasgn, #process_class, #process_default, #process_dstr, #process_evstr, #process_hash, #process_if, #process_ignore, #process_iter, #process_lasgn, #process_scope

Methods included from Util

#array?, #block?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #true?, #truncate_table, #underscore

Methods included from ProcessorHelper

#class_name, #process_all, #process_all!, #process_call_args, #process_module

Methods inherited from SexpProcessor

#error_handler, #in_context, #initialize, #process, #process_dummy, #scope

Constructor Details

This class inherits a constructor from Brakeman::TemplateProcessor

Instance Method Details

#is_buffer_target?(exp) ⇒ Boolean

Checks if the buffer is the target in a method call Sexp. TODO: Test this

Returns:

  • (Boolean) 


114
115
116
117
118
119
 
# File 'lib/brakeman/processors/haml_template_processor.rb', line 114

def is_buffer_target? exp
  exp.node_type == :call and
  node_type? exp.target, :lvar and
  exp.target.value == :_hamlout and
  exp.method == :buffer
end

#process_block(exp) ⇒ Object

If inside an output stream, only return the final expression



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/brakeman/processors/haml_template_processor.rb', line 89

def process_block exp
  exp = exp.dup
  exp.shift
  if @inside_concat
    @inside_concat = false
    exp[0..-2].each do |e|
      process e
    end
    @inside_concat = true
    process exp[-1]
  else
    exp.map! do |e|
      res = process e
      if res.empty?
        nil
      else
        res
      end
    end
    Sexp.new(:rlist).concat(exp).compact
  end
end

#process_call(exp) ⇒ Object

Processes call, looking for template output



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/brakeman/processors/haml_template_processor.rb', line 8

def process_call exp
  target = exp.target
  if sexp? target
    target = process target
  end

  method = exp.method

  if (call? target and target.method == :_hamlout)
    res = case method
          when :adjust_tabs, :rstrip!, :attributes #Check attributes, maybe?
            ignore
          when :options, :buffer
            exp
          when :open_tag
            process_call_args exp
          else
            arg = exp.first_arg

            if arg
              @inside_concat = true
              out = exp.first_arg = process(arg)
              @inside_concat = false
            else
              raise Exception.new("Empty _hamlout.#{method}()?")
            end

            if string? out
              ignore
            else
              case method.to_s
              when "push_text"
                s = Sexp.new(:output, out)
                @current_template[:outputs] << s
                s
              when HAML_FORMAT_METHOD
                if $4 == "true"
                  Sexp.new :format_escaped, out
                else
                  Sexp.new :format, out
                end
              else
                raise Exception.new("Unrecognized action on _hamlout: #{method}")
              end
            end

          end

    res.line(exp.line)
    res

    #_hamlout.buffer <<
    #This seems to be used rarely, but directly appends args to output buffer.
    #Has something to do with values of blocks?
  elsif sexp? target and method == :<< and is_buffer_target? target
    @inside_concat = true
    out = exp.first_arg = process(exp.first_arg)
    @inside_concat = false

    if out.node_type == :str #ignore plain strings
      ignore
    else
      s = Sexp.new(:output, out)
      @current_template[:outputs] << s
      s.line(exp.line)
      s
    end
  elsif target == nil and method == :render
    #Process call to render()
    exp.arglist = process exp.arglist
    make_render_in_view exp
  else
    #TODO: Do we really need a new Sexp here?
    call = make_call target, method, process_all!(exp.args)
    call.original_line = exp.original_line
    call.line(exp.line)
    call
  end
end