brakeman-lib 3.3.1

data/lib/brakeman/version.rb

@@ -0,0 +1,3 @@
+module Brakeman
+  Version = "3.3.1"
+end

data/lib/brakeman/warning.rb

@@ -0,0 +1,255 @@
+require 'json'
+require 'digest/sha2'
+require 'brakeman/warning_codes'
+
+#The Warning class stores information about warnings
+class Brakeman::Warning
+  attr_reader :called_from, :check, :class, :confidence, :controller,
+    :line, :method, :model, :template, :user_input, :user_input_type,
+    :warning_code, :warning_set, :warning_type
+
+  attr_accessor :code, :context, :file, :message, :relative_path
+
+  TEXT_CONFIDENCE = [ "High", "Medium", "Weak" ]
+
+  OPTIONS = {:called_from => :@called_from,
+              :check => :@check,
+              :class => :@class,
+              :code => :@code,
+              :confidence => :@confidence,
+              :controller => :@controller,
+              :file => :@file,
+              :gem_info => :@gem_info,
+              :line => :@line,
+              :link_path => :@link_path,
+              :message => :@message,
+              :method => :@method,
+              :model => :@model,
+              :relative_path => :@relative_path,
+              :template => :@template,
+              :user_input => :@user_input,
+              :warning_set => :@warning_set,
+              :warning_type => :@warning_type
+            }
+
+  #+options[:result]+ can be a result from Tracker#find_call. Otherwise, it can be +nil+.
+  def initialize options = {}
+    @view_name = nil
+
+    OPTIONS.each do |key, var|
+      self.instance_variable_set(var, options[key])
+    end
+
+    result = options[:result]
+    if result
+      @code ||= result[:call]
+      @file ||= result[:location][:file]
+
+      if result[:location][:type] == :template #template result
+        @template ||= result[:location][:template]
+      else
+        @class ||= result[:location][:class]
+        @method ||= result[:location][:method]
+      end
+    end
+
+    if @method.to_s =~ /^fake_filter\d+/
+      @method = :before_filter
+    end
+
+    if @user_input.is_a? Brakeman::BaseCheck::Match
+      @user_input_type = @user_input.type
+      @user_input = @user_input.match
+    elsif @user_input == false
+      @user_input = nil
+    end
+
+    if not @line
+      if @user_input and @user_input.respond_to? :line
+        @line = @user_input.line
+      elsif @code and @code.respond_to? :line
+        @line = @code.line
+      end
+    end
+
+    if @gem_info
+      if @gem_info.is_a? Hash
+        @line ||= @gem_info[:line]
+        @file ||= @gem_info[:file]
+      else
+        # Fallback behavior returns just a string for the file name
+        @file ||= @gem_info
+      end
+    end
+
+    unless @warning_set
+      if self.model
+        @warning_set = :model
+      elsif self.template
+        @warning_set = :template
+        @called_from = self.template.render_path
+      elsif self.controller
+        @warning_set = :controller
+      else
+        @warning_set = :warning
+      end
+    end
+
+    if options[:warning_code]
+      @warning_code = Brakeman::WarningCodes.code options[:warning_code]
+    end
+
+    Brakeman.debug("Warning created without warning code: #{options[:warning_code]}") unless @warning_code
+
+    @format_message = nil
+    @row = nil
+  end
+
+  def hash
+    self.to_s.hash
+  end
+
+  def eql? other_warning
+    self.hash == other_warning.hash
+  end
+
+  #Returns name of a view, including where it was rendered from
+  def view_name(include_renderer = true)
+    if called_from and include_renderer
+      @view_name = "#{template.name} (#{called_from.last})"
+    else
+      @view_name = template.name
+    end
+  end
+
+  #Return String of the code output from the OutputProcessor and
+  #stripped of newlines and tabs.
+  def format_code strip = true
+    format_ruby self.code, strip
+  end
+
+  #Return String of the user input formatted and
+  #stripped of newlines and tabs.
+  def format_user_input strip = true
+    format_ruby self.user_input, strip
+  end
+
+  #Return formatted warning message
+  def format_message
+    return @format_message if @format_message
+
+    @format_message = self.message.dup
+
+    if self.line
+      @format_message << " near line #{self.line}"
+    end
+
+    if self.code
+      @format_message << ": #{format_code}"
+    end
+
+    @format_message
+  end
+
+  def link
+    return @link if @link
+
+    if @link_path
+      if @link_path.start_with? "http"
+        @link = @link_path
+      else
+        @link = "http://brakemanscanner.org/docs/warning_types/#{@link_path}"
+      end
+    else
+      warning_path = self.warning_type.to_s.downcase.gsub(/\s+/, '_') + "/"
+      @link = "http://brakemanscanner.org/docs/warning_types/#{warning_path}"
+    end
+
+    @link
+  end
+
+  #Generates a hash suitable for inserting into a table
+  def to_row type = :warning
+    @row = { "Confidence" => self.confidence,
+      "Warning Type" => self.warning_type.to_s,
+      "Message" => self.format_message }
+
+    case type
+    when :template
+      @row["Template"] = self.view_name.to_s
+    when :model
+      @row["Model"] = self.model.to_s
+    when :controller
+      @row["Controller"] = self.controller.to_s
+    when :warning
+      @row["Class"] = self.class.to_s
+      @row["Method"] = self.method.to_s
+    end
+
+    @row
+  end
+
+  def to_s
+   output =  "(#{TEXT_CONFIDENCE[self.confidence]}) #{self.warning_type} - #{self.message}"
+   output << " near line #{self.line}" if self.line
+   output << " in #{self.file}" if self.file
+   output << ": #{self.format_code}" if self.code
+
+   output
+  end
+
+  def fingerprint
+    loc = self.location
+    location_string = loc && loc.sort_by { |k, v| k.to_s }.inspect
+    warning_code_string = sprintf("%03d", @warning_code)
+    code_string = @code.inspect
+
+    Digest::SHA2.new(256).update("#{warning_code_string}#{code_string}#{location_string}#{@relative_path}#{self.confidence}").to_s
+  end
+
+  def location include_renderer = true
+    case @warning_set
+    when :template
+      location = { :type => :template, :template => self.view_name(include_renderer) }
+    when :model
+      location = { :type => :model, :model => self.model }
+    when :controller
+      location = { :type => :controller, :controller => self.controller }
+    when :warning
+      if self.class
+        location = { :type => :method, :class => self.class, :method => self.method }
+      else
+        location = nil
+      end
+    end
+  end
+
+  def to_hash
+    { :warning_type => self.warning_type,
+      :warning_code => @warning_code,
+      :fingerprint => self.fingerprint,
+      :message => self.message,
+      :file => self.file,
+      :line => self.line,
+      :link => self.link,
+      :code => (@code && self.format_code(false)),
+      :render_path => self.called_from,
+      :location => self.location(false),
+      :user_input => (@user_input && self.format_user_input(false)),
+      :confidence => TEXT_CONFIDENCE[self.confidence]
+    }
+  end
+
+  def to_json
+    JSON.generate self.to_hash
+  end
+
+  private
+
+  def format_ruby code, strip
+    formatted = Brakeman::OutputProcessor.new.format(code)
+    formatted.gsub!(/(\t|\r|\n)+/, " ") if strip
+    formatted
+  end
+end
+

data/lib/brakeman/warning_codes.rb

@@ -0,0 +1,111 @@
+module Brakeman::WarningCodes
+  Codes = {
+    :sql_injection => 0,
+    :sql_injection_limit_offset => 1,
+    :cross_site_scripting => 2,
+    :xss_link_to => 3,
+    :xss_link_to_href => 4,
+    :xss_to_json => 5,
+    :csrf_protection_disabled => 6,
+    :csrf_protection_missing => 7,
+    :csrf_blacklist => 8,
+    :basic_auth_password => 9,
+    :auth_blacklist => 10,
+    :all_default_routes => 11,
+    :controller_default_routes => 12,
+    :code_eval => 13,
+    :command_injection => 14,
+    :dynamic_render_path => 15,
+    :file_access => 16,
+    :mass_assign_call => 17,
+    :open_redirect => 18,
+    :no_attr_accessible => 19,
+    :attr_protected_used => 20,
+    :safe_buffer_vuln => 21,
+    :select_options_vuln => 22,
+    :dangerous_send => 23,
+    :unsafe_constantize => 24,
+    :unsafe_deserialize => 25,
+    :http_cookies => 26,
+    :secure_cookies => 27,
+    :translate_vuln => 28,
+    :session_secret => 29,
+    :validation_regex => 30,
+    :CVE_2010_3933 => 31,
+    :CVE_2011_0446 => 32,
+    :CVE_2011_0447 => 33,
+    :CVE_2011_2929 => 34,
+    :CVE_2011_2930 => 35,
+    :CVE_2011_2931 => 36,
+    :CVE_2011_3186 => 37,
+    :CVE_2012_2660 => 38,
+    :CVE_2012_2661 => 39,
+    :CVE_2012_2695 => 40,
+    #:CVE_2012_2931 => 41,
+    :CVE_2012_3424 => 42,
+    :CVE_2012_3463 => 43,
+    :CVE_2012_3464 => 44,
+    :CVE_2012_3465 => 45,
+    :CVE_2012_5664 => 46,
+    :CVE_2013_0155 => 47,
+    :CVE_2013_0156 => 48,
+    :CVE_2013_0269 => 49,
+    :CVE_2013_0277 => 50,
+    :CVE_2013_0276 => 51,
+    :CVE_2013_0333 => 52,
+    :xss_content_tag => 53,
+    :mass_assign_without_protection => 54,
+    :CVE_2013_1854 => 55,
+    :CVE_2013_1855 => 56,
+    :CVE_2013_1856 => 57,
+    :CVE_2013_1857 => 58,
+    :unsafe_symbol_creation => 59,
+    :dangerous_attr_accessible => 60,
+    :local_request_config => 61,
+    :detailed_exceptions => 62,
+    :CVE_2013_4491 => 63,
+    :CVE_2013_6414 => 64,
+    # Replaced by CVE_2014_0081
+    #:CVE_2013_6415 => 65,
+    #:CVE_2013_6415_call => 66,
+    :CVE_2013_6416 => 67,
+    :CVE_2013_6416_call => 68,
+    :CVE_2013_6417 => 69,
+    :mass_assign_permit! => 70,
+    :ssl_verification_bypass => 71,
+    :CVE_2014_0080 => 72,
+    :CVE_2014_0081 => 73,
+    :CVE_2014_0081_call => 74,
+    :CVE_2014_0082 => 75,
+    :regex_dos => 76,
+    :CVE_2014_0130 => 77,
+    :CVE_2014_3482 => 78,
+    :CVE_2014_3483 => 79,
+    :CVE_2014_3514 => 80,
+    :CVE_2014_3514_call => 81,
+    :unscoped_find => 82,
+    :CVE_2011_2932 => 83,
+    :cross_site_scripting_inline => 84,
+    :CVE_2014_7829 => 85,
+    :csrf_not_protected_by_raising_exception => 86,
+    :CVE_2015_3226 => 87,
+    :CVE_2015_3227 => 88,
+    :session_key_manipulation => 89,
+    :weak_hash_digest => 90,
+    :weak_hash_hmac => 91,
+    :sql_injection_dynamic_finder => 92,
+    :CVE_2015_7576 => 93,
+    :CVE_2016_0751 => 94,
+    :CVE_2015_7577 => 95,
+    :CVE_2015_7578 => 96,
+    :CVE_2015_7580 => 97,
+    :CVE_2015_7579 => 98,
+    :dynamic_render_path_rce => 99,
+    :CVE_2015_7581 => 100,
+    :secret_in_source => 101,
+  }
+
+  def self.code name
+    Codes[name]
+  end
+end

data/lib/ruby_parser/bm_sexp.rb

@@ -0,0 +1,610 @@
+#Sexp changes from ruby_parser
+#and some changes for caching hash value and tracking 'original' line number
+#of a Sexp.
+class Sexp
+  attr_accessor :original_line, :or_depth
+  ASSIGNMENT_BOOL = [:gasgn, :iasgn, :lasgn, :cvdecl, :cvasgn, :cdecl, :or, :and, :colon2]
+
+  def method_missing name, *args
+    #Brakeman does not use this functionality,
+    #so overriding it to raise a NoMethodError.
+    #
+    #The original functionality calls find_node and optionally
+    #deletes the node if found.
+    #
+    #Defining a method named "return" seems like a bad idea, so we have to
+    #check for it here instead
+    if name == :return
+      find_node name, *args
+    else
+      raise NoMethodError.new("No method '#{name}' for Sexp", name, args)
+    end
+  end
+
+  #Create clone of Sexp and nested Sexps but not their non-Sexp contents.
+  #If a line number is provided, also sets line/original_line on all Sexps.
+  def deep_clone line = nil
+    s = Sexp.new
+
+    self.each do |e|
+      if e.is_a? Sexp
+        s << e.deep_clone(line)
+      else
+        s << e
+      end
+    end
+
+    if line
+      s.original_line = self.original_line || self.line
+      s.line(line)
+    else
+      s.original_line = self.original_line
+      s.line(self.line)
+    end
+
+    s
+  end
+
+  def paren
+    @paren ||= false
+  end
+
+  def value
+    raise WrongSexpError, "Sexp#value called on multi-item Sexp", caller[1..-1] if size > 2
+    last
+  end
+
+  def value= exp
+    raise WrongSexpError, "Sexp#value= called on multi-item Sexp", caller[1..-1] if size > 2
+    @my_hash_value = nil
+    self[1] = exp
+  end
+
+  def second
+    self[1]
+  end
+
+  def to_sym
+    self.value.to_sym
+  end
+
+  def node_type= type
+    @my_hash_value = nil
+    self[0] = type
+  end
+
+  #Join self and exp into an :or Sexp.
+  #Sets or_depth.
+  #Used for combining "branched" values in AliasProcessor.
+  def combine exp, line = nil
+    combined = Sexp.new(:or, self, exp).line(line || -2)
+
+    combined.or_depth = [self.or_depth, exp.or_depth].compact.reduce(0, :+) + 1
+
+    combined
+  end
+
+  alias :node_type :sexp_type
+  alias :values :sexp_body # TODO: retire
+
+  alias :old_push :<<
+  alias :old_compact :compact
+  alias :old_fara :find_and_replace_all
+  alias :old_find_node :find_node
+
+  def << arg
+    @my_hash_value = nil
+    old_push arg
+  end
+
+  def hash
+    #There still seems to be some instances in which the hash of the
+    #Sexp changes, but I have not found what method call is doing it.
+    #Of course, Sexp is subclasses from Array, so who knows what might
+    #be going on.
+    @my_hash_value ||= super
+  end
+
+  def compact
+    @my_hash_value = nil
+    old_compact
+  end
+
+  def find_and_replace_all *args
+    @my_hash_value = nil
+    old_fara(*args)
+  end
+
+  def find_node *args
+    @my_hash_value = nil
+    old_find_node(*args)
+  end
+
+  #Iterates over the Sexps in an Sexp, skipping values that are not
+  #an Sexp.
+  def each_sexp
+    self.each do |e|
+      yield e if Sexp === e
+    end
+  end
+
+  #Raise a WrongSexpError if the nodes type does not match one of the expected
+  #types.
+  def expect *types
+    unless types.include? self.node_type
+      raise WrongSexpError, "Expected #{types.join ' or '} but given #{self.inspect}", caller[1..-1]
+    end
+  end
+
+  #Returns target of a method call:
+  #
+  #s(:call, s(:call, nil, :x, s(:arglist)), :y, s(:arglist, s(:lit, 1)))
+  #         ^-----------target-----------^
+  def target
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+    self[1]
+  end
+
+  #Sets the target of a method call:
+  def target= exp
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+    @my_hash_value = nil
+    self[1] = exp
+  end
+
+  #Returns method of a method call:
+  #
+  #s(:call, s(:call, nil, :x, s(:arglist)), :y, s(:arglist, s(:lit, 1)))
+  #                        ^- method
+  def method
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn, :super, :zsuper, :result
+
+    case self.node_type
+    when :call, :attrasgn, :safe_call, :safe_attrasgn
+      self[2]
+    when :super, :zsuper
+      :super
+    when :result
+      self.last
+    end
+  end
+
+  def method= name
+    expect :call, :safe_call
+
+    self[2] = name
+  end
+
+  #Sets the arglist in a method call.
+  def arglist= exp
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+    @my_hash_value = nil
+    start_index = 3
+
+    if exp.is_a? Sexp and exp.node_type == :arglist
+      exp = exp[1..-1]
+    end
+
+    exp.each_with_index do |e, i|
+      self[start_index + i] = e
+    end
+  end
+
+  def set_args *exp
+    self.arglist = exp
+  end
+
+  #Returns arglist for method call. This differs from Sexp#args, as Sexp#args
+  #does not return a 'real' Sexp (it does not have a node type) but
+  #Sexp#arglist returns a s(:arglist, ...)
+  #
+  #    s(:call, s(:call, nil, :x, s(:arglist)), :y, s(:arglist, s(:lit, 1), s(:lit, 2)))
+  #                                                 ^------------ arglist ------------^
+  def arglist
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn, :super, :zsuper
+
+    case self.node_type
+    when :call, :attrasgn, :safe_call, :safe_attrasgn
+      self[3..-1].unshift :arglist
+    when :super, :zsuper
+      if self[1]
+        self[1..-1].unshift :arglist
+      else
+        Sexp.new(:arglist)
+      end
+    end
+  end
+
+  #Returns arguments of a method call. This will be an 'untyped' Sexp.
+  #
+  #    s(:call, s(:call, nil, :x, s(:arglist)), :y, s(:arglist, s(:lit, 1), s(:lit, 2)))
+  #                                                             ^--------args--------^
+  def args
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn, :super, :zsuper
+
+    case self.node_type
+    when :call, :attrasgn, :safe_call, :safe_attrasgn
+      if self[3]
+        self[3..-1]
+      else
+        Sexp.new
+      end
+    when :super, :zsuper
+      if self[1]
+        self[1..-1]
+      else
+        Sexp.new
+      end
+    end
+  end
+
+  def each_arg replace = false
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn, :super, :zsuper
+    range = nil
+
+    case self.node_type
+    when :call, :attrasgn, :safe_call, :safe_attrasgn
+      if self[3]
+        range = (3...self.length)
+      end
+    when :super, :zsuper
+      if self[1]
+        range = (1...self.length)
+      end
+    end
+
+    if range
+      range.each do |i|
+        res = yield self[i]
+        self[i] = res if replace
+      end
+    end
+
+    self
+  end
+
+  def each_arg! &block
+    @my_hash_value = nil
+    self.each_arg true, &block
+  end
+
+  #Returns first argument of a method call.
+  def first_arg
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+    self[3]
+  end
+
+  #Sets first argument of a method call.
+  def first_arg= exp
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+    @my_hash_value = nil
+    self[3] = exp
+  end
+
+  #Returns second argument of a method call.
+  def second_arg
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+    self[4]
+  end
+
+  #Sets second argument of a method call.
+  def second_arg= exp
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+    @my_hash_value = nil
+    self[4] = exp
+  end
+
+  def third_arg
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+    self[5]
+  end
+
+  def third_arg= exp
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+    @my_hash_value = nil
+    self[5] = exp
+  end
+
+  def last_arg
+    expect :call, :attrasgn, :safe_call, :safe_attrasgn
+
+    if self[3]
+      self[-1]
+    else
+      nil
+    end
+  end
+
+  #Returns condition of an if expression:
+  #
+  #    s(:if,
+  #     s(:lvar, :condition), <-- condition
+  #     s(:lvar, :then_val),
+  #     s(:lvar, :else_val)))
+  def condition
+    expect :if
+    self[1]
+  end
+
+  def condition= exp
+    expect :if
+    self[1] = exp
+  end
+
+
+  #Returns 'then' clause of an if expression:
+  #
+  #    s(:if,
+  #     s(:lvar, :condition),
+  #     s(:lvar, :then_val), <-- then clause
+  #     s(:lvar, :else_val)))
+  def then_clause
+    expect :if
+    self[2]
+  end
+
+  #Returns 'else' clause of an if expression:
+  #
+  #    s(:if,
+  #     s(:lvar, :condition),
+  #     s(:lvar, :then_val),
+  #     s(:lvar, :else_val)))
+  #     ^---else caluse---^
+  def else_clause
+    expect :if
+    self[3]
+  end
+
+  #Method call associated with a block:
+  #
+  #    s(:iter,
+  #     s(:call, nil, :x, s(:arglist)), <- block_call
+  #      s(:lasgn, :y),
+  #       s(:block, s(:lvar, :y), s(:call, nil, :z, s(:arglist))))
+  def block_call
+    expect :iter
+    self[1]
+  end
+
+  #Returns block of a call with a block.
+  #Could be a single expression or a block:
+  #
+  #    s(:iter,
+  #     s(:call, nil, :x, s(:arglist)),
+  #      s(:lasgn, :y),
+  #       s(:block, s(:lvar, :y), s(:call, nil, :z, s(:arglist))))
+  #       ^-------------------- block --------------------------^
+  def block delete = nil
+    unless delete.nil? #this is from RubyParser
+      return find_node :block, delete
+    end
+
+    expect :iter, :scope, :resbody
+
+    case self.node_type
+    when :iter
+      self[3]
+    when :scope
+      self[1]
+    when :resbody
+      #This is for Ruby2Ruby ONLY
+      find_node :block
+    end
+  end
+
+  #Returns parameters for a block
+  #
+  #    s(:iter,
+  #     s(:call, nil, :x, s(:arglist)),
+  #      s(:lasgn, :y), <- block_args
+  #       s(:call, nil, :p, s(:arglist, s(:lvar, :y))))
+  def block_args
+    expect :iter
+    if self[2] == 0 # ?! See https://github.com/presidentbeef/brakeman/issues/331
+      return Sexp.new(:args)
+    else
+      self[2]
+    end
+  end
+
+  def first_param
+    expect :args
+    self[1]
+  end
+
+  #Returns the left hand side of assignment or boolean:
+  #
+  #    s(:lasgn, :x, s(:lit, 1))
+  #               ^--lhs
+  def lhs
+    expect(*ASSIGNMENT_BOOL)
+    self[1]
+  end
+
+  #Sets the left hand side of assignment or boolean.
+  def lhs= exp
+    expect(*ASSIGNMENT_BOOL)
+    @my_hash_value = nil
+    self[1] = exp
+  end
+
+  #Returns right side (value) of assignment or boolean:
+  #
+  #    s(:lasgn, :x, s(:lit, 1))
+  #                  ^--rhs---^
+  def rhs
+    expect :attrasgn, :safe_attrasgn, *ASSIGNMENT_BOOL
+
+    if self.node_type == :attrasgn or self.node_type == :safe_attrasgn
+      self[3]
+    else
+      self[2]
+    end
+  end
+
+  #Sets the right hand side of assignment or boolean.
+  def rhs= exp
+    expect :attrasgn, :safe_attrasgn, *ASSIGNMENT_BOOL
+    @my_hash_value = nil
+
+    if self.node_type == :attrasgn or self.node_type == :safe_attrasgn
+      self[3] = exp
+    else
+      self[2] = exp
+    end
+  end
+
+  #Returns name of method being defined in a method definition.
+  def method_name
+    expect :defn, :defs
+
+    case self.node_type
+    when :defn
+      self[1]
+    when :defs
+      self[2]
+    end
+  end
+
+  def formal_args
+    expect :defn, :defs
+
+    case self.node_type
+    when :defn
+      self[2]
+    when :defs
+      self[3]
+    end
+  end
+
+  #Sets body, which is now a complicated process because the body is no longer
+  #a separate Sexp, but just a list of Sexps.
+  def body= exp
+    expect :defn, :defs, :class, :module
+    @my_hash_value = nil
+
+    case self.node_type
+    when :defn, :class
+      index = 3
+    when :defs
+      index = 4
+    when :module
+      index = 2
+    end
+
+    self.slice!(index..-1) #Remove old body
+
+    #Insert new body
+    exp.each do |e|
+      self[index] = e
+      index += 1
+    end
+  end
+
+  #Returns body of a method definition, class, or module.
+  #This will be an untyped Sexp containing a list of Sexps from the body.
+  def body
+    expect :defn, :defs, :class, :module
+
+    case self.node_type
+    when :defn, :class
+      self[3..-1]
+    when :defs
+      self[4..-1]
+    when :module
+      self[2..-1]
+    end
+  end
+
+  #Like Sexp#body, except the returned Sexp is of type :rlist
+  #instead of untyped.
+  def body_list
+    self.body.unshift :rlist
+  end
+
+  def render_type
+    expect :render
+    self[1]
+  end
+
+  def class_name
+    expect :class, :module
+    self[1]
+  end
+
+  alias module_name class_name
+
+  def parent_name
+    expect :class
+    self[2]
+  end
+
+  #Returns the call Sexp in a result returned from FindCall
+  def call
+    expect :result
+
+    self.last
+  end
+
+  #Returns the module the call is inside
+  def module
+    expect :result
+
+    self[1]
+  end
+
+  #Return the class the call is inside
+  def result_class
+    expect :result
+
+    self[2]
+  end
+
+  require 'set'
+  def inspect seen = Set.new
+    if seen.include? self.object_id
+      's(...)'
+    else
+      seen << self.object_id
+      sexp_str = self.map do |x|
+        if x.is_a? Sexp
+          x.inspect seen
+        else
+          x.inspect
+        end
+      end.join(', ')
+
+      "s(#{sexp_str})"
+    end
+  end
+end
+
+#Invalidate hash cache if the Sexp changes
+[:[]=, :clear, :collect!, :compact!, :concat, :delete, :delete_at,
+  :delete_if, :drop, :drop_while, :fill, :flatten!, :replace, :insert,
+  :keep_if, :map!, :pop, :push, :reject!, :replace, :reverse!, :rotate!,
+  :select!, :shift, :shuffle!, :slice!, :sort!, :sort_by!, :transpose,
+  :uniq!, :unshift].each do |method|
+
+  Sexp.class_eval <<-RUBY
+    def #{method} *args
+      @my_hash_value = nil
+      super
+    end
+    RUBY
+end
+
+#Methods used by RubyParser which would normally go through method_missing but
+#we don't want that to happen because it hides Brakeman errors
+[:resbody, :lasgn, :iasgn, :splat].each do |method|
+  Sexp.class_eval <<-RUBY
+    def #{method} delete = false
+      if delete
+        @my_hash_value = false
+      end
+      find_node :#{method}, delete
+    end
+  RUBY
+end
+
+class WrongSexpError < RuntimeError; end