Class: Brakeman::Processor

Inherits:
Object
  • Object
show all
Includes:
Util
Defined in:
lib/brakeman/processor.rb

Overview

Makes calls to the appropriate processor.

The ControllerProcessor, TemplateProcessor, and ModelProcessor will update the Tracker with information about what is parsed.

Constant Summary

Constants included from Util

Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS

Instance Method Summary collapse

Methods included from Util

#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore

Constructor Details

#initialize(app_tree, options) ⇒ Processor

Returns a new instance of Processor.



15
16
17
 
# File 'lib/brakeman/processor.rb', line 15

def initialize(app_tree, options)
  @tracker = Tracker.new(app_tree, self, options)
end

Instance Method Details

#process_config(src, file_name) ⇒ Object

Process configuration file source



24
25
26
 
# File 'lib/brakeman/processor.rb', line 24

def process_config src, file_name
  ConfigProcessor.new(@tracker).process_config src, file_name
end

#process_controller(src, file_name) ⇒ Object

Process controller source. file_name is used for reporting



39
40
41
42
43
44
45
 
# File 'lib/brakeman/processor.rb', line 39

def process_controller src, file_name
  if contains_class? src
    ControllerProcessor.new(@tracker).process_controller src, file_name
  else
    LibraryProcessor.new(@tracker).process_library src, file_name
  end
end

#process_controller_alias(name, src, only_method = nil, file = nil) ⇒ Object

Process variable aliasing in controller source and save it in the tracker.



49
50
51
 
# File 'lib/brakeman/processor.rb', line 49

def process_controller_alias name, src, only_method = nil, file = nil
  ControllerAliasProcessor.new(@tracker, only_method).process_controller name, src, file
end

#process_gems(gem_files) ⇒ Object

Process Gemfile



29
30
31
 
# File 'lib/brakeman/processor.rb', line 29

def process_gems gem_files
  GemProcessor.new(@tracker).process_gems gem_files
end

#process_initializer(file_name, src) ⇒ Object

Process source for initializing files



92
93
94
95
96
 
# File 'lib/brakeman/processor.rb', line 92

def process_initializer file_name, src
  res = BaseProcessor.new(@tracker).process_file src, file_name
  res = AliasProcessor.new(@tracker).process_safely res, nil, file_name
  @tracker.initializers[file_name] = res
end

#process_lib(src, file_name) ⇒ Object

Process source for a library file



99
100
101
 
# File 'lib/brakeman/processor.rb', line 99

def process_lib src, file_name
  LibraryProcessor.new(@tracker).process_library src, file_name
end

#process_model(src, file_name) ⇒ Object

Process a model source



54
55
56
57
 
# File 'lib/brakeman/processor.rb', line 54

def process_model src, file_name
  result = ModelProcessor.new(@tracker).process_model src, file_name
  AliasProcessor.new(@tracker, file_name).process result if result
end

#process_routes(src) ⇒ Object

Process route file source



34
35
36
 
# File 'lib/brakeman/processor.rb', line 34

def process_routes src
  RoutesProcessor.new(@tracker).process_routes src
end

#process_template(name, src, type, called_from = nil, file_name = nil) ⇒ Object

Process either an ERB or HAML template



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/brakeman/processor.rb', line 60

def process_template name, src, type, called_from = nil, file_name = nil
  case type
  when :erb
    result = ErbTemplateProcessor.new(@tracker, name, called_from, file_name).process src
  when :haml
    result = HamlTemplateProcessor.new(@tracker, name, called_from, file_name).process src
  when :haml6
    result = Haml6TemplateProcessor.new(@tracker, name, called_from, file_name).process src
  when :erubis
    result = ErubisTemplateProcessor.new(@tracker, name, called_from, file_name).process src
  when :slim
    result = SlimTemplateProcessor.new(@tracker, name, called_from, file_name).process src
  else
    abort "Unknown template type: #{type} (#{name})"
  end

  #Each template which is rendered is stored separately
  #with a new name.
  if called_from
    name = ("#{name}.#{called_from}").to_sym
  end

  @tracker.templates[name].src = result
  @tracker.templates[name].type = type
end

#process_template_alias(template) ⇒ Object

Process any calls to render() within a template



87
88
89
 
# File 'lib/brakeman/processor.rb', line 87

def process_template_alias template
  TemplateAliasProcessor.new(@tracker, template).process_safely template.src
end

#tracked_eventsObject 



19
20
21
 
# File 'lib/brakeman/processor.rb', line 19

def tracked_events
  @tracker
end