Class: Brakeman::ErbTemplateProcessor
- Inherits:
-
TemplateProcessor
- Object
- SexpProcessor
- BaseProcessor
- TemplateProcessor
- Brakeman::ErbTemplateProcessor
- Defined in:
- lib/brakeman/processors/erb_template_processor.rb
Overview
Processes ERB templates (those ending in .html.erb or .rthml).
Constant Summary
Constants inherited from BaseProcessor
Constants included from Util
Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::SESSION, Util::SESSION_SEXP
Constants inherited from SexpProcessor
Instance Attribute Summary
Attributes inherited from SexpProcessor
Instance Method Summary collapse
-
#process_block(exp) ⇒ Object
Process block, removing irrelevant expressions.
-
#process_call(exp) ⇒ Object
s(:call, TARGET, :method, ARGS).
Methods inherited from TemplateProcessor
#initialize, #process, #process_escaped_output, #process_lasgn, #process_output
Methods inherited from BaseProcessor
#find_render_type, #ignore, #initialize, #make_render, #make_render_in_view, #process_arglist, #process_attrasgn, #process_default, #process_dstr, #process_evstr, #process_hash, #process_if, #process_ignore, #process_iter, #process_lasgn, #process_scope
Methods included from Util
#array?, #block?, #call?, #camelize, #class_name, #contains_class?, #context_for, #cookies?, #false?, #file_by_name, #file_for, #github_url, #hash?, #hash_access, #hash_insert, #hash_iterate, #integer?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #regexp?, #relative_path, #request_env?, #request_value?, #result?, #set_env_defaults, #sexp?, #string?, #string_interp?, #symbol?, #table_to_csv, #template_path_to_name, #true?, #truncate_table, #underscore
Methods included from ProcessorHelper
#process_all, #process_all!, #process_call_args, #process_call_defn?, #process_class, #process_module
Methods inherited from SexpProcessor
#in_context, #initialize, #process, processors, #scope
Constructor Details
This class inherits a constructor from Brakeman::TemplateProcessor
Instance Method Details
#process_block(exp) ⇒ Object
Process block, removing irrelevant expressions
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/brakeman/processors/erb_template_processor.rb', line 56 def process_block exp exp = exp.dup exp.shift if @inside_concat @inside_concat = false exp[0..-2].each do |e| process e end @inside_concat = true process exp.last else exp.map! do |e| res = process e if res.empty? or res == ignore nil elsif node_type?(res, :lvar) and res.value == :_erbout nil else res end end block = Sexp.new(:rlist).concat(exp).compact block.line(exp.line) block end end |
#process_call(exp) ⇒ Object
s(:call, TARGET, :method, ARGS)
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/brakeman/processors/erb_template_processor.rb', line 8 def process_call exp target = exp.target if sexp? target target = process target end method = exp.method #_erbout is the default output variable for erb if node_type? target, :lvar and target.value == :_erbout if method == :concat @inside_concat = true exp.arglist = process(exp.arglist) @inside_concat = false if exp.second_arg raise "Did not expect more than a single argument to _erbout.concat" end arg = exp.first_arg if arg.node_type == :call and arg.method == :to_s #erb always calls to_s on output arg = arg.target end if arg.node_type == :str #ignore plain strings ignore else s = Sexp.new :output, arg s.line(exp.line) @current_template.add_output s s end elsif method == :force_encoding ignore else abort "Unrecognized action on _erbout: #{method}" end elsif target == nil and method == :render exp.arglist = process(exp.arglist) make_render_in_view exp else exp.target = target exp.arglist = process(exp.arglist) exp end end |