Module: Brakeman::ControllerMethods

Included in:
Controller, Library
Defined in:
lib/brakeman/tracker/controller.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#layoutObject

Returns the value of attribute layout


5
6
7
# File 'lib/brakeman/tracker/controller.rb', line 5

def layout
  @layout
end

Instance Method Details

#add_before_filter(exp) ⇒ Object


19
20
21
# File 'lib/brakeman/tracker/controller.rb', line 19

def add_before_filter exp
  @options[:before_filters] << exp
end

#before_filter_list(processor, method) ⇒ Object


39
40
41
42
43
44
45
46
47
48
49
50
51
# File 'lib/brakeman/tracker/controller.rb', line 39

def before_filter_list processor, method
  controller = self
  filters = []

  while controller
    filters = controller.get_before_filters(processor, method) + filters

    controller = tracker.controllers[controller.parent] ||
      tracker.libs[controller.parent]
  end

  remove_skipped_filters processor, filters, method
end

#before_filter_to_hash(processor, args) ⇒ Object


106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# File 'lib/brakeman/tracker/controller.rb', line 106

def before_filter_to_hash processor, args
  filter = {}

  #Process args for the uncommon but possible situation
  #in which some variables are used in the filter.
  args.each do |a|
    if sexp? a
      a = processor.process_default a
    end
  end

  filter[:methods] = []

  args.each do |a|
    filter[:methods] << a[1] if a.node_type == :lit
  end

  if args[-1].node_type == :hash
    option = args[-1][1][1]
    value = args[-1][2]
    case value.node_type
    when :array
      filter[option] = value[1..-1].map {|v| v[1] }
    when :lit, :str
      filter[option] = value[1]
    else
      Brakeman.debug "[Notice] Unknown before_filter value: #{option} => #{value}"
    end
  else
    filter[:all] = true
  end

  filter
end

#before_filtersObject


27
28
29
# File 'lib/brakeman/tracker/controller.rb', line 27

def before_filters
  @options[:before_filters]
end

#get_before_filters(processor, method) ⇒ Object


86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# File 'lib/brakeman/tracker/controller.rb', line 86

def get_before_filters processor, method
  filters = []

  if @before_filter_cache.nil?
    @before_filter_cache = []

    before_filters.each do |filter|
      @before_filter_cache << before_filter_to_hash(processor, filter.args)
    end
  end

  @before_filter_cache.each do |f|
    if filter_includes_method? f, method
      filters.concat f[:methods]
    end
  end

  filters
end

#get_skipped_filters(processor, method) ⇒ Object


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# File 'lib/brakeman/tracker/controller.rb', line 53

def get_skipped_filters processor, method
  filters = []

  if @skip_filter_cache.nil?
    @skip_filter_cache = skip_filters.map do |filter|
      before_filter_to_hash(processor, filter.args)
    end
  end

  @skip_filter_cache.each do |f|
    if filter_includes_method? f, method
      filters.concat f[:methods]
    else
    end
  end

  filters
end

#initialize_controllerObject


7
8
9
10
11
12
13
# File 'lib/brakeman/tracker/controller.rb', line 7

def initialize_controller
  @options[:before_filters] = []
  @options[:skip_filters] = []
  @layout = nil
  @skip_filter_cache = nil
  @before_filter_cache = nil
end

#prepend_before_filter(exp) ⇒ Object


23
24
25
# File 'lib/brakeman/tracker/controller.rb', line 23

def prepend_before_filter exp
  @options[:before_filters].unshift exp
end

#protect_from_forgery?Boolean

Returns:

  • (Boolean)

15
16
17
# File 'lib/brakeman/tracker/controller.rb', line 15

def protect_from_forgery?
  @options[:protect_from_forgery]
end

#remove_skipped_filters(processor, filters, method) ⇒ Object


73
74
75
76
77
78
79
80
81
82
83
84
# File 'lib/brakeman/tracker/controller.rb', line 73

def remove_skipped_filters processor, filters, method
  controller = self

  while controller
    filters = filters - controller.get_skipped_filters(processor, method)

    controller = tracker.controllers[controller.parent] ||
      tracker.libs[controller.parent]
  end

  filters
end

#skip_filter(exp) ⇒ Object


31
32
33
# File 'lib/brakeman/tracker/controller.rb', line 31

def skip_filter exp
  @options[:skip_filters] << exp
end

#skip_filtersObject


35
36
37
# File 'lib/brakeman/tracker/controller.rb', line 35

def skip_filters
  @options[:skip_filters]
end