Class: Brakeman::AliasProcessor

Inherits:

SexpProcessor

• Object
• SexpProcessor
• Brakeman::AliasProcessor

Includes:

ProcessorHelper, Util

Defined in:

lib/brakeman/processors/alias_processor.rb

Overview

Returns an s-expression with aliases replaced with their value. This does not preserve semantics (due to side effects, etc.), but it makes processing easier when searching for various things.

Direct Known Subclasses

ConfigAliasProcessor, ControllerAliasProcessor, RouteAliasProcessor, TemplateAliasProcessor

Constant Summary

Constants included from Util

Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP

Constants inherited from SexpProcessor

SexpProcessor::VERSION

Instance Attribute Summary

• #result ⇒ Object readonly

  Returns the value of attribute result.

Attributes inherited from SexpProcessor

#context, #env, #expected

Instance Method Summary

• #assign_args(method_exp, args, meth_env = SexpProcessor::Environment.new) ⇒ Object
• #collapse_send_call(exp, first_arg) ⇒ Object

  Change x.send(:y, 1) to x.y(1).

• #duplicate?(exp) ⇒ Boolean
• #find_method(*args) ⇒ Object
• #find_push_target(exp) ⇒ Object

  Finds the inner most call target which is not the target of a call to <<.

• #get_call_value(call) ⇒ Object
• #initialize(tracker = nil) ⇒ AliasProcessor constructor

  Returns a new AliasProcessor with an empty environment.

• #join_arrays(array1, array2) ⇒ Object

  Join two array literals into one.

• #join_strings(string1, string2) ⇒ Object

  Join two string literals into one.

• #merge_if_branch(branch_env) ⇒ Object
• #meth_env ⇒ Object
• #only_ivars(include_request_vars = false, lenv = nil) ⇒ Object

  Returns a new SexpProcessor::Environment containing only instance variables.

• #only_request_vars ⇒ Object
• #process_array_access(target, args) ⇒ Object

  Process single integer access to an array.

• #process_attrasgn(exp) ⇒ Object

  ‘Attribute’ assignment x.y = 1 or x = 1.

• #process_block(exp) ⇒ Object

  Start new scope for block.

• #process_call(exp) ⇒ Object

  Process a method call.

• #process_call_with_block(exp) ⇒ Object (also: #process_iter)
• #process_cdecl(exp) ⇒ Object

  Constant assignments like BIG_CONSTANT = 234810983.

• #process_cvdecl(exp) ⇒ Object

  Class variable assignment @@x = 1.

• #process_default(exp) ⇒ Object

  Process a Sexp.

• #process_gasgn(exp) ⇒ Object

  Global assignment $x = 1.

• #process_hash_access(target, index) ⇒ Object

  Process hash access by returning the value associated with the given argument.

• #process_hash_merge(hash, args) ⇒ Object

  Return a new hash Sexp with the given values merged into it.

• #process_hash_merge!(hash, args) ⇒ Object

  Merge values into hash when processing.

• #process_helper_method(method_exp, args) ⇒ Object
• #process_iasgn(exp) ⇒ Object

  Instance variable assignment.

• #process_if(exp) ⇒ Object

  Sets @inside_if = true.

• #process_if_branch(exp) ⇒ Object
• #process_lasgn(exp) ⇒ Object

  Local assignment x = 1.

• #process_masgn(exp) ⇒ Object

  Multiple/parallel assignment:.

• #process_methdef(exp) ⇒ Object (also: #process_defn)

  Process a method definition.

• #process_op_asgn1(exp) ⇒ Object

  Assignments like this x ||= 1.

• #process_op_asgn2(exp) ⇒ Object

  Assignments like this x.y ||= 1.

• #process_or_simple_operation(exp) ⇒ Object

  If possible, distribute operation over both sides of an or.

• #process_or_target(value, copy) ⇒ Object
• #process_safely(src, set_env = nil) ⇒ Object

  This method processes the given Sexp, but copies it first so the original argument will not be modified.

• #process_scope(exp) ⇒ Object

  Process a new scope.

• #process_selfdef(exp) ⇒ Object (also: #process_defs)

  Process a method definition on self.

• #process_svalue(exp) ⇒ Object

  This is the right hand side value of a multiple assignment, like ‘x = y, z`.

• #same_value?(lhs, rhs) ⇒ Boolean

  Return true if lhs == rhs or lhs is an or expression and rhs is one of its values.

• #self_assign?(var, value) ⇒ Boolean
• #self_assign_target?(var, value) ⇒ Boolean

  Return true for x = x.blah.

• #self_assign_var?(var, value) ⇒ Boolean

  Return true if for x = blah or @x = blah.

• #set_value(var, value) ⇒ Object

  Set variable to given value.

• #too_deep?(exp) ⇒ Boolean
• #top_target(exp, last = nil) ⇒ Object

  Returns last non-nil target in a call chain.

• #value_from_if(exp) ⇒ Object

Methods included from Util

#array?, #block?, #call?, #camelize, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore

Methods included from ProcessorHelper

#class_name, #process_all, #process_all!, #process_call_args, #process_class, #process_module

Methods inherited from SexpProcessor

#error_handler, #in_context, #process, #process_dummy, #scope

Constructor Details

#initialize(tracker = nil) ⇒ AliasProcessor

Returns a new AliasProcessor with an empty environment.

The recommended usage is:

AliasProcessor.new.process_safely src

# File 'lib/brakeman/processors/alias_processor.rb', line 19

def initialize tracker = nil
  super()
  @env = SexpProcessor::Environment.new
  @inside_if = false
  @ignore_ifs = nil
  @exp_context = []
  @current_module = nil
  @tracker = tracker #set in subclass as necessary
  @helper_method_cache = {}
  @helper_method_info = Hash.new({})
  @or_depth_limit = (tracker && tracker.options[:branch_limit]) || 5 #arbitrary default
  set_env_defaults
end

Instance Attribute Details

#result ⇒ Object (readonly)

Returns the value of attribute result.

# File 'lib/brakeman/processors/alias_processor.rb', line 12

def result
  @result
end

Instance Method Details

#assign_args(method_exp, args, meth_env = SexpProcessor::Environment.new) ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 727

def assign_args method_exp, args, meth_env = SexpProcessor::Environment.new
  formal_args = method_exp.formal_args

  formal_args.each_with_index do |arg, index|
    next if index == 0

    if arg.is_a? Symbol and sexp? args[index - 1]
      meth_env[Sexp.new(:lvar, arg)] = args[index - 1]
    end
  end

  meth_env
end

#collapse_send_call(exp, first_arg) ⇒ Object

Change x.send(:y, 1) to x.y(1)

# File 'lib/brakeman/processors/alias_processor.rb', line 595

def collapse_send_call exp, first_arg
  return unless symbol? first_arg or string? first_arg
  exp.method = first_arg.value.to_sym
  args = exp.args
  exp.pop # remove last arg
  if args.length > 1
    exp.arglist = args[1..-1]
  end
end

#duplicate?(exp) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/brakeman/processors/alias_processor.rb', line 750

def duplicate? exp
  @exp_context[0..-2].reverse_each do |e|
    return true if exp == e
  end

  false
end

#find_method(*args) ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 758

def find_method *args
  nil
end

#find_push_target(exp) ⇒ Object

Finds the inner most call target which is not the target of a call to <<

# File 'lib/brakeman/processors/alias_processor.rb', line 742

def find_push_target exp
  if call? exp and exp.method == :<<
    find_push_target exp.target
  else
    exp
  end
end

#get_call_value(call) ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 642

def get_call_value call
  method_name = call.method

  #Look for helper methods and see if we can get a return value
  if found_method = find_method(method_name, @current_class)
    helper = found_method[:method]

    if sexp? helper
      value = process_helper_method helper, call.args
      value.line(call.line)
      return value
    else
      raise "Unexpected value for method: #{found_method}"
    end
  else
    call
  end
end

#join_arrays(array1, array2) ⇒ Object

Join two array literals into one.

# File 'lib/brakeman/processors/alias_processor.rb', line 576

def join_arrays array1, array2
  result = Sexp.new(:array)
  result.concat array1[1..-1]
  result.concat array2[1..-1]
end

#join_strings(string1, string2) ⇒ Object

Join two string literals into one.

# File 'lib/brakeman/processors/alias_processor.rb', line 583

def join_strings string1, string2
  result = Sexp.new(:str)
  result.value = string1.value + string2.value

  if result.value.length > 50
    string1
  else
    result
  end
end

#merge_if_branch(branch_env) ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 527

def merge_if_branch branch_env
  branch_env.each do |k, v|
    next if v.nil?

    current_val = env[k]

    if current_val
      unless same_value?(current_val, v)
        if too_deep? current_val
          # Give up branching, start over with latest value
          env[k] = v
        else
          env[k] = current_val.combine(v, k.line)
        end
      end
    else
      env[k] = v
    end
  end
end

#meth_env ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 235

def meth_env
  begin
    env.scope do
      set_env_defaults
      @meth_env = env.current
      yield
    end
  ensure
    @meth_env = nil
  end
end

#only_ivars(include_request_vars = false, lenv = nil) ⇒ Object

Returns a new SexpProcessor::Environment containing only instance variables. This is useful, for example, when processing views.

# File 'lib/brakeman/processors/alias_processor.rb', line 607

def only_ivars include_request_vars = false, lenv = nil
  lenv ||= env
  res = SexpProcessor::Environment.new

  if include_request_vars
    lenv.all.each do |k, v|
      #TODO Why would this have nil values?
      if (k.node_type == :ivar or request_value? k) and not v.nil?
        res[k] = v.dup
      end
    end
  else
    lenv.all.each do |k, v|
      #TODO Why would this have nil values?
      if k.node_type == :ivar and not v.nil?
        res[k] = v.dup
      end
    end
  end

  res
end

#only_request_vars ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 630

def only_request_vars
  res = SexpProcessor::Environment.new

  env.all.each do |k, v|
    if request_value? k and not v.nil?
      res[k] = v.dup
    end
  end

  res
end

#process_array_access(target, args) ⇒ Object

Process single integer access to an array.

Returns the value inside the array, if possible.

# File 'lib/brakeman/processors/alias_processor.rb', line 558

def process_array_access target, args
  if args.length == 1 and integer? args.first
    index = args.first.value

    #Have to do this because first element is :array and we have to skip it
    target[1..-1][index]
  else
    nil
  end
end

#process_attrasgn(exp) ⇒ Object

‘Attribute’ assignment x.y = 1 or x = 1

# File 'lib/brakeman/processors/alias_processor.rb', line 325

def process_attrasgn exp
  tar_variable = exp.target
  target = exp.target = process(exp.target)
  method = exp.method
  index_arg = exp.first_arg
  value_arg = exp.second_arg

  if method == :[]=
    index = exp.first_arg = process(index_arg)
    value = exp.second_arg = process(value_arg)
    match = Sexp.new(:call, target, :[], index)

    set_value match, value

    if hash? target
      env[tar_variable] = hash_insert target.deep_clone, index, value
    end
  elsif method.to_s[-1,1] == "="
    value = exp.first_arg = process(index_arg)
    #This is what we'll replace with the value
    match = Sexp.new(:call, target, method.to_s[0..-2].to_sym)

    set_value match, value
  else
    raise "Unrecognized assignment: #{exp}"
  end
  exp
end

#process_block(exp) ⇒ Object

Start new scope for block.

# File 'lib/brakeman/processors/alias_processor.rb', line 221

def process_block exp
  env.scope do
    process_default exp
  end
end

#process_call(exp) ⇒ Object

Process a method call.

# File 'lib/brakeman/processors/alias_processor.rb', line 78

def process_call exp
  target_var = exp.target
  exp = process_default exp

  #In case it is replaced with something else
  unless call? exp
    return exp
  end

  target = exp.target
  method = exp.method
  first_arg = exp.first_arg

  if method == :send or method == :try
    collapse_send_call exp, first_arg
  end

  if node_type? target, :or and [:+, :-, :*, :/].include? method
    res = process_or_simple_operation(exp)
    return res if res
  end

  #See if it is possible to simplify some basic cases
  #of addition/concatenation.
  case method
  when :+
    if array? target and array? first_arg
      joined = join_arrays target, first_arg
      joined.line(exp.line)
      exp = joined
    elsif string? first_arg
      if string? target # "blah" + "blah"
        joined = join_strings target, first_arg
        joined.line(exp.line)
        exp = joined
      elsif call? target and target.method == :+ and string? target.first_arg
        joined = join_strings target.first_arg, first_arg
        joined.line(exp.line)
        target.first_arg = joined
        exp = target
      end
    elsif number? first_arg
      if number? target
        exp = Sexp.new(:lit, target.value + first_arg.value)
      elsif call? target and target.method == :+ and number? target.first_arg
        target.first_arg = Sexp.new(:lit, target.first_arg.value + first_arg.value)
        exp = target
      end
    end
  when :-
    if number? target and number? first_arg
      exp = Sexp.new(:lit, target.value - first_arg.value)
    end
  when :*
    if number? target and number? first_arg
      exp = Sexp.new(:lit, target.value * first_arg.value)
    end
  when :/
    if number? target and number? first_arg
      exp = Sexp.new(:lit, target.value / first_arg.value)
    end
  when :[]
    if array? target
      temp_exp = process_array_access target, exp.args
      exp = temp_exp if temp_exp
    elsif hash? target
      temp_exp = process_hash_access target, first_arg
      exp = temp_exp if temp_exp
    end
  when :merge!, :update
    if hash? target and hash? first_arg
       target = process_hash_merge! target, first_arg
       env[target_var] = target
       return target
    end
  when :merge
    if hash? target and hash? first_arg
      return process_hash_merge(target, first_arg)
    end
  when :<<
    if string? target and string? first_arg
      target.value << first_arg.value
      env[target_var] = target
      return target
    elsif array? target
      target << first_arg
      env[target_var] = target
      return target
    else
      target = find_push_target exp
      env[target] = exp unless target.nil? #Happens in TemplateAliasProcessor
    end
  end

  exp
end

#process_call_with_block(exp) ⇒ Object Also known as: process_iter

# File 'lib/brakeman/processors/alias_processor.rb', line 175

def process_call_with_block exp
  exp[1] = process exp.block_call

  env.scope do
    exp.block_args.each do |e|
      #Force block arg(s) to be local
      if node_type? e, :lasgn
        env.current[Sexp.new(:lvar, e.lhs)] = e.rhs
      elsif node_type? e, :kwarg
        env.current[Sexp.new(:lvar, e[1])] = e[2]
      elsif node_type? e, :masgn
        e[1..-1].each do |var|
          local = Sexp.new(:lvar, var)
          env.current[local] = local
        end
      elsif e.is_a? Symbol
        local = Sexp.new(:lvar, e)
        env.current[local] = local
      else
        raise "Unexpected value in block args: #{e.inspect}"
      end
    end

    block = exp.block

    if block? block
      process_all! block
    else
      exp[3] = process block
    end
  end

  exp
end

#process_cdecl(exp) ⇒ Object

Constant assignments like BIG_CONSTANT = 234810983

# File 'lib/brakeman/processors/alias_processor.rb', line 452

def process_cdecl exp
  if sexp? exp.rhs
    exp.rhs = process exp.rhs
  end

  if exp.lhs.is_a? Symbol
    match = Sexp.new(:const, exp.lhs)
  else
    match = exp.lhs
  end

  env[match] = exp.rhs

  exp
end

#process_cvdecl(exp) ⇒ Object

Class variable assignment @@x = 1

# File 'lib/brakeman/processors/alias_processor.rb', line 312

def process_cvdecl exp
  match = Sexp.new(:cvar, exp.lhs)
  value = exp.rhs = process(exp.rhs)

  set_value match, value

  exp
end

#process_default(exp) ⇒ Object

Process a Sexp. If the Sexp has a value associated with it in the environment, that value will be returned.

# File 'lib/brakeman/processors/alias_processor.rb', line 50

def process_default exp
  @exp_context.push exp

  begin
    exp.map! do |e|
      if sexp? e and not e.empty?
        process e
      else
        e
      end
    end
  rescue => err
    @tracker.error err if @tracker
  end

  #Generic replace
  if replacement = env[exp] and not duplicate? replacement
    result = replacement.deep_clone(exp.line)
  else
    result = exp
  end

  @exp_context.pop

  result
end

#process_gasgn(exp) ⇒ Object

Global assignment $x = 1

# File 'lib/brakeman/processors/alias_processor.rb', line 300

def process_gasgn exp
  match = Sexp.new(:gvar, exp.lhs)
  value = exp.rhs = process(exp.rhs)
  value.line = exp.line

  set_value match, value

  exp
end

#process_hash_access(target, index) ⇒ Object

Process hash access by returning the value associated with the given argument.

# File 'lib/brakeman/processors/alias_processor.rb', line 571

def process_hash_access target, index
  hash_access(target, index)
end

#process_hash_merge(hash, args) ⇒ Object

Return a new hash Sexp with the given values merged into it.

args should be a hash Sexp as well.

# File 'lib/brakeman/processors/alias_processor.rb', line 397

def process_hash_merge hash, args
  hash = hash.deep_clone
  hash_iterate args do |key, replacement|
    hash_insert hash, key, replacement
  end
  hash
end

#process_hash_merge!(hash, args) ⇒ Object

Merge values into hash when processing

h.merge! :something => “value”

# File 'lib/brakeman/processors/alias_processor.rb', line 384

def process_hash_merge! hash, args
  hash = hash.deep_clone
  hash_iterate args do |key, replacement|
    hash_insert hash, key, replacement
    match = Sexp.new(:call, hash, :[], key)
    env[match] = replacement
  end
  hash
end

#process_helper_method(method_exp, args) ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 661

def process_helper_method method_exp, args
  method_name = method_exp.method_name
  Brakeman.debug "Processing method #{method_name}"

  info = @helper_method_info[method_name]

  #If method uses instance variables, then include those and request
  #variables (params, etc) in the method environment. Otherwise,
  #only include request variables.
  if info[:uses_ivars]
    meth_env = only_ivars(:include_request_vars)
  else
    meth_env = only_request_vars
  end

  #Add arguments to method environment
  assign_args method_exp, args, meth_env


  #Find return values if method does not depend on environment/args
  values = @helper_method_cache[method_name]

  unless values
    #Serialize environment for cache key
    meth_values = meth_env.instance_variable_get(:@env).to_a
    meth_values.sort!
    meth_values = meth_values.to_s

    digest = Digest::SHA1.new.update(meth_values << method_name.to_s).to_s.to_sym

    values = @helper_method_cache[digest]
  end

  if values
    #Use values from cache
    values[:ivar_values].each do |var, val|
      env[var] = val
    end

    values[:return_value]
  else
    #Find return value for method
    frv = Brakeman::FindReturnValue.new
    value = frv.get_return_value(method_exp.body_list, meth_env)

    ivars = {}

    only_ivars(false, meth_env).all.each do |var, val|
      env[var] = val
      ivars[var] = val
    end

    if not frv.uses_ivars? and args.length == 0
      #Store return value without ivars and args if they are not used
      @helper_method_cache[method_exp.method_name] = { :return_value => value, :ivar_values => ivars }
    else
      @helper_method_cache[digest] = { :return_value => value, :ivar_values => ivars }
    end

    #Store information about method, just ivar usage for now
    @helper_method_info[method_name] = { :uses_ivars => frv.uses_ivars? }

    value
  end
end

#process_iasgn(exp) ⇒ Object

Instance variable assignment

# File 'lib/brakeman/processors/alias_processor.rb', line 280

def process_iasgn exp
  self_assign = self_assign?(exp.lhs, exp.rhs)
  exp.rhs = process exp.rhs
  ivar = Sexp.new(:ivar, exp.lhs).line(exp.line)

  if self_assign
    if env[ivar].nil? and @meth_env
      @meth_env[ivar] = exp.rhs
    else
      env[ivar] = exp.rhs
    end
  else
    set_value ivar, exp.rhs
  end

  exp
end

#process_if(exp) ⇒ Object

Sets @inside_if = true

# File 'lib/brakeman/processors/alias_processor.rb', line 469

def process_if exp
  if @ignore_ifs.nil?
    @ignore_ifs = @tracker && @tracker.options[:ignore_ifs]
  end

  condition = process exp.condition

  #Check if a branch is obviously going to be taken
  if true? condition
    no_branch = true
    exps = [exp.then_clause, nil]
  elsif false? condition
    no_branch = true
    exps = [nil, exp.else_clause]
  else
    no_branch = false
    exps = [exp.then_clause, exp.else_clause]
  end

  if @ignore_ifs or no_branch
    exps.each_with_index do |branch, i|
      exp[2 + i] = process_if_branch branch
    end
  else
    was_inside = @inside_if
    @inside_if = true

    branch_scopes = []
    exps.each_with_index do |branch, i|
      scope do
        @branch_env = env.current
        branch_index = 2 + i # s(:if, condition, then_branch, else_branch)
        exp[branch_index] = process_if_branch branch
        branch_scopes << env.current
        @branch_env = nil
      end
    end

    @inside_if = was_inside

    branch_scopes.each do |s|
      merge_if_branch s
    end
  end

  exp
end

#process_if_branch(exp) ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 517

def process_if_branch exp
  if sexp? exp
    if block? exp
      process_default exp
    else
      process exp
    end
  end
end

#process_lasgn(exp) ⇒ Object

Local assignment x = 1

# File 'lib/brakeman/processors/alias_processor.rb', line 261

def process_lasgn exp
  self_assign = self_assign?(exp.lhs, exp.rhs)
  exp.rhs = process exp.rhs if sexp? exp.rhs
  return exp if exp.rhs.nil?

  local = Sexp.new(:lvar, exp.lhs).line(exp.line || -2)

  if self_assign
    # Skip branching
    env[local] = exp.rhs
  else
    set_value local, exp.rhs
  end

  exp
end

#process_masgn(exp) ⇒ Object

Multiple/parallel assignment:

x, y = z, w

# File 'lib/brakeman/processors/alias_processor.rb', line 357

def process_masgn exp
  unless array? exp[1] and array? exp[2] and exp[1].length == exp[2].length
    return process_default(exp)
  end

  vars = exp[1].dup
  vals = exp[2].dup

  vars.shift
  vals.shift

  # Call each assignment as if it is normal
  vars.each_with_index do |var, i|
    val = vals[i]
    if val
      assign = var.dup
      assign.rhs = val
      process assign
    end
  end

  exp
end

#process_methdef(exp) ⇒ Object Also known as: process_defn

Process a method definition.

# File 'lib/brakeman/processors/alias_processor.rb', line 228

def process_methdef exp
  meth_env do
    exp.body = process_all! exp.body
  end
  exp
end

#process_op_asgn1(exp) ⇒ Object

Assignments like this x ||= 1

# File 'lib/brakeman/processors/alias_processor.rb', line 407

def process_op_asgn1 exp
  return process_default(exp) if exp[3] != :"||"

  target = exp[1] = process(exp[1])
  index = exp[2][1] = process(exp[2][1])
  value = exp[4] = process(exp[4])
  match = Sexp.new(:call, target, :[], index)

  unless env[match]
    if request_value? target
      env[match] = match.combine(value)
    else
      env[match] = value
    end
  end

  exp
end

#process_op_asgn2(exp) ⇒ Object

Assignments like this x.y ||= 1

# File 'lib/brakeman/processors/alias_processor.rb', line 428

def process_op_asgn2 exp
  return process_default(exp) if exp[3] != :"||"

  target = exp[1] = process(exp[1])
  value = exp[4] = process(exp[4])
  method = exp[2]

  match = Sexp.new(:call, target, method.to_s[0..-2].to_sym)

  unless env[match]
    env[match] = value
  end

  exp
end

#process_or_simple_operation(exp) ⇒ Object

If possible, distribute operation over both sides of an or. For example,

(1 or 2) * 5

Becomes

(5 or 10)

Only works for strings and numbers right now.

# File 'lib/brakeman/processors/alias_processor.rb', line 866

def process_or_simple_operation exp
  arg = exp.first_arg
  return nil unless string? arg or number? arg

  target = exp.target
  lhs = process_or_target(target.lhs, exp.dup)
  rhs = process_or_target(target.rhs, exp.dup)

  if lhs and rhs
    if same_value? lhs, rhs
      lhs
    else
      exp.target.lhs = lhs
      exp.target.rhs = rhs
      exp.target
    end
  else
    nil
  end
end

#process_or_target(value, copy) ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 887

def process_or_target value, copy
  if string? value or number? value
    copy.target = value
    process copy
  else
    false
  end
end

#process_safely(src, set_env = nil) ⇒ Object

This method processes the given Sexp, but copies it first so the original argument will not be modified.

set_env should be an instance of SexpProcessor::Environment. If provided, it will be used as the starting environment.

This method returns a new Sexp with variables replaced with their values, where possible.

# File 'lib/brakeman/processors/alias_processor.rb', line 41

def process_safely src, set_env = nil
  @env = set_env || SexpProcessor::Environment.new
  @result = src.deep_clone
  process @result
  @result
end

#process_scope(exp) ⇒ Object

Process a new scope.

# File 'lib/brakeman/processors/alias_processor.rb', line 213

def process_scope exp
  env.scope do
    process exp.block
  end
  exp
end

#process_selfdef(exp) ⇒ Object Also known as: process_defs

Process a method definition on self.

# File 'lib/brakeman/processors/alias_processor.rb', line 248

def process_selfdef exp
  env.scope do
    set_env_defaults
    exp.body = process_all! exp.body
  end
  exp
end

#process_svalue(exp) ⇒ Object

This is the right hand side value of a multiple assignment, like ‘x = y, z`

# File 'lib/brakeman/processors/alias_processor.rb', line 446

def process_svalue exp
  exp.value
end

#same_value?(lhs, rhs) ⇒ Boolean

Return true if lhs == rhs or lhs is an or expression and rhs is one of its values

Returns:

• (Boolean)

# File 'lib/brakeman/processors/alias_processor.rb', line 764

def same_value? lhs, rhs
  if lhs == rhs
    true
  elsif node_type? lhs, :or
    lhs.rhs == rhs or lhs.lhs == rhs
  else
    false
  end
end

#self_assign?(var, value) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/brakeman/processors/alias_processor.rb', line 774

def self_assign? var, value
  self_assign_var?(var, value) or self_assign_target?(var, value)
end

#self_assign_target?(var, value) ⇒ Boolean

Return true for x = x.blah

Returns:

• (Boolean)

# File 'lib/brakeman/processors/alias_processor.rb', line 787

def self_assign_target? var, value
  target = top_target(value)

  if node_type? target, :lvar, :ivar
    target = target.value
  end

  var == target
end

#self_assign_var?(var, value) ⇒ Boolean

Return true if for x = blah or @x = blah

Returns:

• (Boolean)

# File 'lib/brakeman/processors/alias_processor.rb', line 779

def self_assign_var? var, value
  call? value and
  value.method == :+ and
  node_type? value.target, :lvar, :ivar and
  value.target.value == var
end

#set_value(var, value) ⇒ Object

Set variable to given value. Creates “branched” versions of values when appropriate. Avoids creating multiple branched versions inside same if branch.

# File 'lib/brakeman/processors/alias_processor.rb', line 834

def set_value var, value
  if node_type? value, :if
    value = value_from_if(value)
  end

  if @ignore_ifs or not @inside_if
    if @meth_env and node_type? var, :ivar and env[var].nil?
      @meth_env[var] = value
    else
      env[var] = value
    end
  elsif env.current[var]
    env.current[var] = value
  elsif @branch_env and @branch_env[var]
    @branch_env[var] = value
  elsif @branch_env and @meth_env and node_type? var, :ivar
    @branch_env[var] = value
  else
    env.current[var] = value
  end
end

#too_deep?(exp) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/brakeman/processors/alias_processor.rb', line 548

def too_deep? exp
  @or_depth_limit >= 0 and
  node_type? exp, :or and
  exp.or_depth and
  exp.or_depth >= @or_depth_limit
end

#top_target(exp, last = nil) ⇒ Object

Returns last non-nil target in a call chain

# File 'lib/brakeman/processors/alias_processor.rb', line 798

def top_target exp, last = nil
  if call? exp
    top_target exp.target, exp
  elsif node_type? exp, :iter, :call_with_block
    top_target exp.block_call, last
  else
    exp || last
  end
end

#value_from_if(exp) ⇒ Object

# File 'lib/brakeman/processors/alias_processor.rb', line 808

def value_from_if exp
  if block? exp.else_clause or block? exp.then_clause
    #If either clause is more than a single expression, just use entire
    #if expression for now
    exp
  elsif exp.else_clause.nil?
    exp.then_clause
  elsif exp.then_clause.nil?
    exp.else_clause
  else
    condition = exp.condition

    if true? condition
      exp.then_clause
    elsif false? condition
      exp.else_clause
    else
      exp.then_clause.combine(exp.else_clause, exp.line)
    end
  end
end