Class: Brakeman::BaseCheck

Inherits:

SexpProcessor

• Object
• SexpProcessor
• Brakeman::BaseCheck

show all

Includes:

ProcessorHelper, Util

Defined in:

lib/brakeman/checks/base_check.rb

Overview

Constant Summary

CONFIDENCE =

{ :high => 0, :med => 1, :low => 2 }

Constants included from Util

Util::ALL_PARAMETERS, Util::COOKIES, Util::PARAMETERS, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_PARAMETERS, Util::SESSION

Instance Attribute Summary (collapse)

• - (Object) tracker readonly

  Returns the value of attribute tracker.

• - (Object) warnings readonly

  Returns the value of attribute warnings.

Instance Method Summary (collapse)

• - (Object) add_result(result, location = nil)

  Add result to result list, which is used to check for duplicates.

• - (BaseCheck) initialize(tracker) constructor

  Initialize Check with Checks.

• - (Object) process_call(exp)

  Process calls and check if they include user input.

• - (Object) process_cookies(exp)

  Note that cookies are included in current expression.

• - (Object) process_default(exp)

  Default Sexp processing.

• - (Object) process_params(exp)

  Note that params are included in current expression.

Methods included from Util

#array?, #call?, #camelize, #cookies?, #false?, #hash?, #hash_insert, #hash_iterate, #integer?, #number?, #params?, #pluralize, #regexp?, #result?, #set_env_defaults, #sexp?, #string?, #symbol?, #true?, #underscore

Methods included from ProcessorHelper

#class_name, #process_module

16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

# File 'lib/brakeman/checks/base_check.rb', line 16

def initialize tracker
  super()
  @results = [] #only to check for duplicates
  @warnings = []
  @tracker = tracker
  @string_interp = false
  @current_set = nil
  @debug_mode = tracker.options[:debug]
  @current_template = @current_module = @current_class = @current_method = nil
  self.strict = false
  self.auto_shift_type = false
  self.require_empty = false
  self.default_method = :process_default
  self.warn_on_default = false
end

11
12
13

# File 'lib/brakeman/checks/base_check.rb', line 11

def tracker
  @tracker
end

11
12
13

# File 'lib/brakeman/checks/base_check.rb', line 11

def warnings
  @warnings
end

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

# File 'lib/brakeman/checks/base_check.rb', line 33

def add_result result, location = nil
  location ||= (@current_template && @current_template[:name]) || @current_class || @current_module || @current_set || result[:location][1]
  location = location[:name] if location.is_a? Hash
  location = location.to_sym

  if result.is_a? Hash
    line = result[:call].original_line || result[:call].line
  elsif sexp? result
    line = result.original_line || result.line
  else
    raise ArgumentError
  end

  @results << [line, location, result]
end

64
65
66
67
68
69
70
71
72
73
74
75
76
77

# File 'lib/brakeman/checks/base_check.rb', line 64

def process_call exp
  process exp[1] if sexp? exp[1]
  process exp[3]

  if params? exp[1]
    @has_user_input = :params
  elsif cookies? exp[1]
    @has_user_input = :cookies
  elsif sexp? exp[1] and model_name? exp[1][1]
    @has_user_input = :model
  end

  exp
end

86
87
88
89

# File 'lib/brakeman/checks/base_check.rb', line 86

def process_cookies exp
  @has_user_input = :cookies
  exp
end

51
52
53
54
55
56
57
58
59
60
61

# File 'lib/brakeman/checks/base_check.rb', line 51

def process_default exp
  exp.each_with_index do |e, i|
    if sexp? e
      process e
    else
      e
    end
  end

  exp
end

80
81
82
83

# File 'lib/brakeman/checks/base_check.rb', line 80

def process_params exp
  @has_user_input = :params
  exp
end