Class: Brakeman::Processor

Inherits:
Object
  • Object
show all
Includes:
Util
Defined in:
lib/brakeman/processor.rb

Overview

Makes calls to the appropriate processor.

The ControllerProcessor, TemplateProcessor, and ModelProcessor will update the Tracker with information about what is parsed.

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Instance Method Summary collapse

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

#initialize(app_tree, options) ⇒ Processor

Returns a new instance of Processor.



15
16
17
 
# File 'lib/brakeman/processor.rb', line 15

def initialize(app_tree, options)
  @tracker = Tracker.new(app_tree, self, options)
end

Instance Method Details

#process_config(src, file_name) ⇒ Object

Process configuration file source



24
25
26
 
# File 'lib/brakeman/processor.rb', line 24

def process_config src, file_name
  ConfigProcessor.new(@tracker).process_config src, file_name
end

#process_controller(src, file_name) ⇒ Object

Process controller source. file_name is used for reporting



39
40
41
42
43
44
45
 
# File 'lib/brakeman/processor.rb', line 39

def process_controller src, file_name
  if contains_class? src
    ControllerProcessor.new(@tracker).process_controller src, file_name
  else
    LibraryProcessor.new(@tracker).process_library src, file_name
  end
end

#process_controller_alias(name, src, only_method = nil, file = nil) ⇒ Object

Process variable aliasing in controller source and save it in the tracker.



49
50
51
 
# File 'lib/brakeman/processor.rb', line 49

def process_controller_alias name, src, only_method = nil, file = nil
  ControllerAliasProcessor.new(@tracker, only_method).process_controller name, src, file
end

#process_gems(gem_files) ⇒ Object

Process Gemfile



29
30
31
 
# File 'lib/brakeman/processor.rb', line 29

def process_gems gem_files
  GemProcessor.new(@tracker).process_gems gem_files
end

#process_initializer(file_name, src) ⇒ Object

Process source for initializing files



90
91
92
93
94
 
# File 'lib/brakeman/processor.rb', line 90

def process_initializer file_name, src
  res = BaseProcessor.new(@tracker).process_file src, file_name
  res = AliasProcessor.new(@tracker).process_safely res, nil, file_name
  @tracker.initializers[file_name] = res
end

#process_lib(src, file_name) ⇒ Object

Process source for a library file



97
98
99
 
# File 'lib/brakeman/processor.rb', line 97

def process_lib src, file_name
  LibraryProcessor.new(@tracker).process_library src, file_name
end

#process_model(src, file_name) ⇒ Object

Process a model source



54
55
56
57
 
# File 'lib/brakeman/processor.rb', line 54

def process_model src, file_name
  result = ModelProcessor.new(@tracker).process_model src, file_name
  AliasProcessor.new(@tracker, file_name).process result if result
end

#process_routes(src) ⇒ Object

Process route file source



34
35
36
 
# File 'lib/brakeman/processor.rb', line 34

def process_routes src
  RoutesProcessor.new(@tracker).process_routes src
end

#process_template(name, src, type, called_from = nil, file_name = nil) ⇒ Object

Process either an ERB or HAML template



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/brakeman/processor.rb', line 60

def process_template name, src, type, called_from = nil, file_name = nil
  case type
  when :erb
    result = ErbTemplateProcessor.new(@tracker, name, called_from, file_name).process src
  when :haml
    result = HamlTemplateProcessor.new(@tracker, name, called_from, file_name).process src
  when :erubis
    result = ErubisTemplateProcessor.new(@tracker, name, called_from, file_name).process src
  when :slim
    result = SlimTemplateProcessor.new(@tracker, name, called_from, file_name).process src
  else
    abort "Unknown template type: #{type} (#{name})"
  end

  #Each template which is rendered is stored separately
  #with a new name.
  if called_from
    name = ("#{name}.#{called_from}").to_sym
  end

  @tracker.templates[name].src = result
  @tracker.templates[name].type = type
end

#process_template_alias(template) ⇒ Object

Process any calls to render() within a template



85
86
87
 
# File 'lib/brakeman/processor.rb', line 85

def process_template_alias template
  TemplateAliasProcessor.new(@tracker, template).process_safely template.src
end

#tracked_eventsObject 



19
20
21
 
# File 'lib/brakeman/processor.rb', line 19

def tracked_events
  @tracker
end