Class: Sqreen::Rules::Haml4ParserTagHookCB

Inherits:
RuleCB show all
Defined in:
lib/sqreen/rules/xss_cb.rb

Overview

Hook into haml4 tag parser

Constant Summary

Constants inherited from RuleCB

RuleCB::DEFAULT_PAYLOAD

Constants included from CallCountable

CallCountable::COUNT_CALLS, CallCountable::FAILING, CallCountable::POST, CallCountable::PRE

Constants inherited from CB

CB::DEFAULT_PRIORITY

Instance Attribute Summary

Attributes inherited from RuleCB

#block, #payload_tpl, #test

Attributes included from CallCountable

#call_count_interval, #call_counts

Attributes inherited from FrameworkCB

#framework

Attributes inherited from CB

#klass, #method, #overtimeable

Instance Method Summary collapse

Methods inherited from RuleCB

#advise_action, #overtime!, #priority, #record_event, #record_exception, #rule_name, #rulespack_id

Methods included from CallCountable

#count_callback_calls, #failing_with_count, #post_with_count, #pre_with_count

Methods included from Conditionable

#condition_callbacks, #failing_with_conditions, #post_with_conditions, #pre_with_conditions

Methods inherited from FrameworkCB

#record_observation, #whitelisted?

Methods inherited from CB

#failing?, #framework, #overtime!, #post?, #pre?, #priority, #to_s, #whitelisted?

Constructor Details

#initialize(*args) ⇒ Haml4ParserTagHookCB 



141
142
143
144
 
# File 'lib/sqreen/rules/xss_cb.rb', line 141

def initialize(*args)
  super(*args)
  @overtimeable = false
end

Instance Method Details

#post(ret, _inst, _args, _budget = nil, &_block) ⇒ Object 



146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'lib/sqreen/rules/xss_cb.rb', line 146

def post(ret, _inst, _args, _budget = nil, &_block)
  return unless Haml::VERSION < '5'
  tag = ret
  if tag.value[:escape_html] == false &&
     tag.value[:value].respond_to?(:include?) &&
     !tag.value[:value].include?('html_escape') &&
     tag.value[:parse] == true
    tag.value[:value] = "Sqreen.escape_haml((#{tag.value[:value]}))"
    return { :status => :override, :new_return_value => tag }
  end
  nil
end