Module: Brakeman::ModelMethods

Included in:
Library, Model
Defined in:
lib/brakeman/tracker/model.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#associationsObject (readonly)

Returns the value of attribute associations


5
6
7
# File 'lib/brakeman/tracker/model.rb', line 5

def associations
  @associations
end

#attr_accessibleObject (readonly)

Returns the value of attribute attr_accessible


5
6
7
# File 'lib/brakeman/tracker/model.rb', line 5

def attr_accessible
  @attr_accessible
end

#role_accessibleObject (readonly)

Returns the value of attribute role_accessible


5
6
7
# File 'lib/brakeman/tracker/model.rb', line 5

def role_accessible
  @role_accessible
end

Instance Method Details

#association?(method_name) ⇒ Boolean

Returns:

  • (Boolean)

13
14
15
16
17
18
19
20
21
22
23
# File 'lib/brakeman/tracker/model.rb', line 13

def association? method_name
  @associations.each do |name, args|
    args.each do |arg|
      if symbol? arg and arg.value == method_name
        return true
      end
    end
  end

  false
end

#attr_protectedObject


65
66
67
# File 'lib/brakeman/tracker/model.rb', line 65

def attr_protected
  @options[:attr_protected]
end

#initialize_modelObject


7
8
9
10
11
# File 'lib/brakeman/tracker/model.rb', line 7

def initialize_model
  @associations = {}
  @role_accessible = []
  @attr_accessible = nil
end

#parent_classes_protected?(seen = {}) ⇒ Boolean

go up the chain of parent classes to see if any have attr_accessible

Returns:

  • (Boolean)

30
31
32
33
34
35
36
37
38
39
40
# File 'lib/brakeman/tracker/model.rb', line 30

def parent_classes_protected? seen={}
  seen[self.name] = true

  if @attr_accessible or self.includes.include? :"ActiveModel::ForbiddenAttributesProtection"
    true
  elsif parent = tracker.models[self.parent] and !seen[self.parent]
    parent.parent_classes_protected? seen
  else
    false
  end
end

#set_attr_accessible(exp = nil) ⇒ Object


42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/brakeman/tracker/model.rb', line 42

def set_attr_accessible exp = nil
  if exp
    args = []

    exp.each_arg do |e|
      if node_type? e, :lit
        args << e.value
      elsif hash? e
        @role_accessible.concat args
      end
    end

    @attr_accessible ||= []
    @attr_accessible.concat args
  else
    @attr_accessible ||= []
  end
end

#set_attr_protected(exp) ⇒ Object


61
62
63
# File 'lib/brakeman/tracker/model.rb', line 61

def set_attr_protected exp
  add_option :attr_protected, exp
end

#unprotected_model?Boolean

Returns:

  • (Boolean)

25
26
27
# File 'lib/brakeman/tracker/model.rb', line 25

def unprotected_model?
  @attr_accessible.nil? and !parent_classes_protected? and ancestor?(:"ActiveRecord::Base")
end