Class: Brakeman::Constants

Inherits:

Object

• Object
• Brakeman::Constants

Includes:

Util

Defined in:

lib/brakeman/tracker/constants.rb

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Class Method Summary

• .constant_as_array(exp, context = nil) ⇒ Object
• .get_constant_base_name(exp) ⇒ Object

Instance Method Summary

• #[](exp) ⇒ Object
• #add(name, value, context = nil) ⇒ Object
• #each ⇒ Object
• #find_all(exp) ⇒ Object
• #find_constant(exp) ⇒ Object
• #get_simple_value(name) ⇒ Object

  Returns constant values that are not too complicated.

• #initialize ⇒ Constants constructor

  A new instance of Constants.

• #size ⇒ Object

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

#initialize ⇒ Constants

Returns a new instance of Constants.

# File 'lib/brakeman/tracker/constants.rb', line 54

def initialize
  @constants = {}
end

Class Method Details

.constant_as_array(exp, context = nil) ⇒ Object

# File 'lib/brakeman/tracker/constants.rb', line 132

def self.constant_as_array exp, context = nil
  # Only prepend context for simple (unqualified) constants
  if context && (exp.is_a?(Symbol) || (exp.is_a?(Sexp) && exp.node_type == :const))
    context_name = context[:module] || context[:class]
    context_name = context_name.name if context_name.respond_to?(:name)
    if context_name
      # Build colon2 chain: A::B becomes s(:colon2, s(:const, :A), :B)
      parts = context_name.to_s.split("::")
      base = Sexp.new(:const, parts.first.to_sym)
      parts[1..].each do |part|
        base = Sexp.new(:colon2, base, part.to_sym)
      end
      exp = Sexp.new(:colon2, base, exp)
    end
  end

  res = []
  while exp
    if exp.is_a? Sexp
      case exp.node_type
      when :const
        res << exp.value
        exp = nil
      when :colon3
        res << exp.value << :""
        exp = nil
      when :colon2
        res << exp.last
        exp = exp[1]
      else
        res << exp
        exp = nil
      end
    else
      res << exp
      exp = nil
    end
  end

  res.reverse!
  res
end

.get_constant_base_name(exp) ⇒ Object

# File 'lib/brakeman/tracker/constants.rb', line 175

def self.get_constant_base_name exp
  return exp unless exp.is_a? Sexp

  case exp.node_type
  when :const, :colon3
    exp.value
  when :colon2
    exp.last
  else
    exp
  end
end

Instance Method Details

#[](exp) ⇒ Object

# File 'lib/brakeman/tracker/constants.rb', line 62

def [] exp
  return unless constant? exp
  match = find_constant exp

  if match
    match.value
  else
    nil
  end
end

#add(name, value, context = nil) ⇒ Object

# File 'lib/brakeman/tracker/constants.rb', line 103

def add name, value, context = nil
  if call? value and value.method == :freeze
    value = value.target
  end

  base_name = Constants.get_constant_base_name(name)
  @constants[base_name] ||= []
  @constants[base_name] << Constant.new(name, value, context)
end

#each ⇒ Object

# File 'lib/brakeman/tracker/constants.rb', line 124

def each
  @constants.each do |name, values|
    values.each do |constant|
      yield constant
    end
  end
end

#find_all(exp) ⇒ Object

# File 'lib/brakeman/tracker/constants.rb', line 98

def find_all exp
  base_name = Constants.get_constant_base_name(exp)
  @constants[base_name]
end

#find_constant(exp) ⇒ Object

# File 'lib/brakeman/tracker/constants.rb', line 73

def find_constant exp
  base_name = Constants.get_constant_base_name(exp)

  if @constants.key? base_name
    @constants[base_name].find do |c|
      if c.match? exp
        return c
      end
    end

    name_array = Constants.constant_as_array(exp)

    # Avoid losing info about dynamic constant values
    return unless name_array.all? { |n| constant? n or n.is_a? Symbol }

    @constants[base_name].find do |c|
      if c.match? name_array
        return c
      end
    end
  end

  nil
end

#get_simple_value(name) ⇒ Object

Returns constant values that are not too complicated. Right now that means literal values (string, array, etc.) or calls on Dir.glob(..).whatever.

# File 'lib/brakeman/tracker/constants.rb', line 116

def get_simple_value name
  if x = self[name] and (literal? x or dir_glob? x)
    x
  else
    nil
  end
end

#size ⇒ Object

# File 'lib/brakeman/tracker/constants.rb', line 58

def size
  @constants.length
end