Class: Twig::NodeVisitor::SafeAnalysis

Inherits:

Base

• Object
• Base
• Twig::NodeVisitor::SafeAnalysis

Defined in:

lib/twig/node_visitor/safe_analysis.rb

Constant Summary

SAFE_ALL =

[
  Node::Expression::Constant,
  Node::Expression::BlockReference,
  Node::Expression::Parent,
  Node::Expression::MacroReference,
].freeze

Instance Attribute Summary

• #safe_vars ⇒ Object writeonly

Instance Method Summary

• #enter_node(node, env) ⇒ Object
• #initialize ⇒ SafeAnalysis constructor

  A new instance of SafeAnalysis.

• #leave_node(node, env) ⇒ Object
• #safe(node) ⇒ Object

Methods inherited from Base

#priority

Constructor Details

#initialize ⇒ SafeAnalysis

Returns a new instance of SafeAnalysis.

# File 'lib/twig/node_visitor/safe_analysis.rb', line 13

def initialize
  super

  @data = {}
  @safe_vars = []
end

Instance Attribute Details

#safe_vars=(safe_vars) ⇒ Object

Parameters:

• safe_vars (Array<String>)

# File 'lib/twig/node_visitor/safe_analysis.rb', line 85

def safe_vars=(safe_vars)
  @safe_vars = safe_vars.dup
end

Instance Method Details

#enter_node(node, env) ⇒ Object

# File 'lib/twig/node_visitor/safe_analysis.rb', line 20

def enter_node(node, env)
  node
end

#leave_node(node, env) ⇒ Object

# File 'lib/twig/node_visitor/safe_analysis.rb', line 24

def leave_node(node, env)
  if SAFE_ALL.any? { |klass| node.is_a?(klass) }
    set_safe(node, [:all])
  elsif node.is_a?(Node::Expression::OperatorEscape)
    operands = node.operand_names_to_escape

    if operands.length > 2
      raise ArgumentError, "Operators with more than 2 operands are not supported yet, got #{operands.length}."
    elsif operands.length == 2
      safe = intersect_safe(safe(node.nodes[operands[0]]), safe(node.nodes[operands[1]]))
      set_safe(node, safe)
    end
  elsif node.is_a?(Node::Expression::Filter)
    # Filter expression is safe when the filter is safe
    if node.attributes.key?(:twig_callable) && (filter = node.attributes[:twig_callable])
      if (safe = filter.safe(node.nodes[:arguments])).empty?
        safe = intersect_safe(safe(node.nodes[:node]), filter.preserves_safety)
      end

      set_safe(node, safe)
    end
  elsif node.is_a?(Node::Expression::Function)
    # Function expression is safe when the function is safe
    if node.attributes.key?(:twig_callable) && (function = node.attributes[:twig_callable])
      set_safe(node, function.safe(node.nodes[:arguments]))
    else
      set_safe(node, [])
    end
  elsif node.is_a?(Node::Expression::GetAttribute) && node.nodes[:node].is_a?(Node::Expression::Variable::Context)
    name = node.nodes[:node].attributes[:name]

    if safe_vars.include?(name)
      set_safe(node, [:all])
    end
  end

  node
end

#safe(node) ⇒ Object

Parameters:

• node (Node::Base)

# File 'lib/twig/node_visitor/safe_analysis.rb', line 64

def safe(node)
  hash = node.object_id

  unless data.key?(hash)
    return []
  end

  data[hash].each do |bucket|
    next unless bucket[:key] == node

    if bucket[:value].include?(:html_attr)
      bucket[:value] << :html
    end

    return bucket[:value]
  end

  []
end