Module: Brakeman::ControllerMethods

Included in:
Controller, Library
Defined in:
lib/brakeman/tracker/controller.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#layoutObject

Returns the value of attribute layout.



5
6
7
# File 'lib/brakeman/tracker/controller.rb', line 5

def layout
  @layout
end

Instance Method Details

#add_before_filter(exp) ⇒ Object



19
20
21
# File 'lib/brakeman/tracker/controller.rb', line 19

def add_before_filter exp
  @options[:before_filters] << exp
end

#before_filter_list(processor, method) ⇒ Object



39
40
41
42
43
44
45
46
47
48
49
50
51
# File 'lib/brakeman/tracker/controller.rb', line 39

def before_filter_list processor, method
  controller = self
  filters = []

  while controller
    filters = controller.get_before_filters(processor, method) + filters

    controller = tracker.controllers[controller.parent] ||
      tracker.libs[controller.parent]
  end

  remove_skipped_filters processor, filters, method
end

#before_filter_to_hash(processor, args) ⇒ Object



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# File 'lib/brakeman/tracker/controller.rb', line 116

def before_filter_to_hash processor, args
  filter = {}

  #Process args for the uncommon but possible situation
  #in which some variables are used in the filter.
  args.each do |a|
    if sexp? a
      a = processor.process_default a
    end
  end

  filter[:methods] = []

  args.each do |a|
    filter[:methods] << a[1] if a.node_type == :lit
  end

  if args[-1].node_type == :hash
    option = args[-1][1][1]
    value = args[-1][2]
    case value.node_type
    when :array
      filter[option] = value[1..-1].map {|v| v[1] }
    when :lit, :str
      filter[option] = value[1]
    else
      Brakeman.debug "[Notice] Unknown before_filter value: #{option} => #{value}"
    end
  else
    filter[:all] = true
  end

  filter
end

#before_filtersObject



27
28
29
# File 'lib/brakeman/tracker/controller.rb', line 27

def before_filters
  @options[:before_filters]
end

#get_before_filters(processor, method) ⇒ Object



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# File 'lib/brakeman/tracker/controller.rb', line 90

def get_before_filters processor, method
  filters = []

  if @before_filter_cache.nil?
    @before_filter_cache = []

    before_filters.each do |filter|
      @before_filter_cache << before_filter_to_hash(processor, filter.args)
    end
  end

  @before_filter_cache.each do |f|
    if f[:all] or
      (f[:only] == method) or
      (f[:only].is_a? Array and f[:only].include? method) or
      (f[:except].is_a? Symbol and f[:except] != method) or
      (f[:except].is_a? Array and not f[:except].include? method)

      filters.concat f[:methods]
    end
  end


  filters
end

#get_skipped_filters(processor, method) ⇒ Object



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'lib/brakeman/tracker/controller.rb', line 53

def get_skipped_filters processor, method
  filters = []

  if @skip_filter_cache.nil?
    @skip_filter_cache = skip_filters.map do |filter|
      before_filter_to_hash(processor, filter.args)
    end
  end

  @skip_filter_cache.each do |f|
    if f[:all] or
      (f[:only] == method) or
      (f[:only].is_a? Array and f[:only].include? method) or
      (f[:except].is_a? Symbol and f[:except] != method) or
      (f[:except].is_a? Array and not f[:except].include? method)

      filters.concat f[:methods]
    else
    end
  end

  filters
end

#initialize_controllerObject



7
8
9
10
11
12
13
# File 'lib/brakeman/tracker/controller.rb', line 7

def initialize_controller
  @options[:before_filters] = []
  @options[:skip_filters] = []
  @layout = nil
  @skip_filter_cache = nil
  @before_filter_cache = nil
end

#prepend_before_filter(exp) ⇒ Object



23
24
25
# File 'lib/brakeman/tracker/controller.rb', line 23

def prepend_before_filter exp
  @options[:before_filters].unshift exp
end

#protect_from_forgery?Boolean

Returns:

  • (Boolean)


15
16
17
# File 'lib/brakeman/tracker/controller.rb', line 15

def protect_from_forgery?
  @options[:protect_from_forgery]
end

#remove_skipped_filters(processor, filters, method) ⇒ Object



77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/brakeman/tracker/controller.rb', line 77

def remove_skipped_filters processor, filters, method
  controller = self

  while controller
    filters = filters - controller.get_skipped_filters(processor, method)

    controller = tracker.controllers[controller.parent] ||
      tracker.libs[controller.parent]
  end

  filters
end

#skip_filter(exp) ⇒ Object



31
32
33
# File 'lib/brakeman/tracker/controller.rb', line 31

def skip_filter exp
  @options[:skip_filters] << exp
end

#skip_filtersObject



35
36
37
# File 'lib/brakeman/tracker/controller.rb', line 35

def skip_filters
  @options[:skip_filters]
end