Class: Twig::NodeVisitor::SafeAnalysis

Inherits:
Base
  • Object
show all
Defined in:
lib/twig/node_visitor/safe_analysis.rb

Constant Summary collapse

SAFE_ALL = 
[
  Node::Expression::Constant,
  Node::Expression::BlockReference,
  Node::Expression::Parent,
  Node::Expression::MacroReference,
].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#priority

Constructor Details

#initializeSafeAnalysis 



13
14
15
16
17
18
 
# File 'lib/twig/node_visitor/safe_analysis.rb', line 13

def initialize
  super

  @data = {}
  @safe_vars = []
end

Instance Attribute Details

#safe_vars=(safe_vars) ⇒ Object 



85
86
87
 
# File 'lib/twig/node_visitor/safe_analysis.rb', line 85

def safe_vars=(safe_vars)
  @safe_vars = safe_vars.dup
end

Instance Method Details

#enter_node(node, env) ⇒ Object 



20
21
22
 
# File 'lib/twig/node_visitor/safe_analysis.rb', line 20

def enter_node(node, env)
  node
end

#leave_node(node, env) ⇒ Object 



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/twig/node_visitor/safe_analysis.rb', line 24

def leave_node(node, env)
  if SAFE_ALL.any? { |klass| node.is_a?(klass) }
    set_safe(node, [:all])
  elsif node.is_a?(Node::Expression::OperatorEscape)
    operands = node.operand_names_to_escape

    if operands.length > 2
      raise ArgumentError, "Operators with more than 2 operands are not supported yet, got #{operands.length}."
    elsif operands.length == 2
      safe = intersect_safe(safe(node.nodes[operands[0]]), safe(node.nodes[operands[1]]))
      set_safe(node, safe)
    end
  elsif node.is_a?(Node::Expression::Filter)
    # Filter expression is safe when the filter is safe
    if node.attributes.key?(:twig_callable) && (filter = node.attributes[:twig_callable])
      if (safe = filter.safe(node.nodes[:arguments])).empty?
        safe = intersect_safe(safe(node.nodes[:node]), filter.preserves_safety)
      end

      set_safe(node, safe)
    end
  elsif node.is_a?(Node::Expression::Function)
    # Function expression is safe when the function is safe
    if node.attributes.key?(:twig_callable) && (function = node.attributes[:twig_callable])
      set_safe(node, function.safe(node.nodes[:arguments]))
    else
      set_safe(node, [])
    end
  elsif node.is_a?(Node::Expression::GetAttribute) && node.nodes[:node].is_a?(Node::Expression::Variable::Context)
    name = node.nodes[:node].attributes[:name]

    if safe_vars.include?(name)
      set_safe(node, [:all])
    end
  end

  node
end

#safe(node) ⇒ Object 



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/twig/node_visitor/safe_analysis.rb', line 64

def safe(node)
  hash = node.object_id

  unless data.key?(hash)
    return []
  end

  data[hash].each do |bucket|
    next unless bucket[:key] == node

    if bucket[:value].include?(:html_attr)
      bucket[:value] << :html
    end

    return bucket[:value]
  end

  []
end