brakeman-lib 4.5.0 → 4.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES.md +15 -0
- data/README.md +6 -6
- data/lib/brakeman.rb +7 -0
- data/lib/brakeman/app_tree.rb +34 -22
- data/lib/brakeman/checks.rb +7 -7
- data/lib/brakeman/checks/base_check.rb +9 -9
- data/lib/brakeman/checks/check_cross_site_scripting.rb +5 -0
- data/lib/brakeman/checks/check_default_routes.rb +5 -0
- data/lib/brakeman/checks/check_deserialize.rb +52 -0
- data/lib/brakeman/checks/check_dynamic_finders.rb +1 -1
- data/lib/brakeman/checks/check_force_ssl.rb +27 -0
- data/lib/brakeman/checks/check_json_parsing.rb +5 -0
- data/lib/brakeman/checks/check_link_to_href.rb +6 -1
- data/lib/brakeman/checks/check_mail_to.rb +1 -1
- data/lib/brakeman/checks/check_model_attr_accessible.rb +1 -1
- data/lib/brakeman/checks/check_model_attributes.rb +12 -50
- data/lib/brakeman/checks/check_model_serialize.rb +1 -1
- data/lib/brakeman/checks/check_nested_attributes_bypass.rb +3 -3
- data/lib/brakeman/checks/check_secrets.rb +1 -1
- data/lib/brakeman/checks/check_session_settings.rb +10 -10
- data/lib/brakeman/checks/check_simple_format.rb +5 -0
- data/lib/brakeman/checks/check_skip_before_filter.rb +1 -1
- data/lib/brakeman/checks/check_sql.rb +15 -17
- data/lib/brakeman/checks/check_validation_regex.rb +1 -1
- data/lib/brakeman/file_parser.rb +6 -8
- data/lib/brakeman/file_path.rb +71 -0
- data/lib/brakeman/options.rb +7 -0
- data/lib/brakeman/parsers/template_parser.rb +3 -3
- data/lib/brakeman/processor.rb +3 -4
- data/lib/brakeman/processors/alias_processor.rb +12 -6
- data/lib/brakeman/processors/base_processor.rb +8 -7
- data/lib/brakeman/processors/controller_alias_processor.rb +10 -7
- data/lib/brakeman/processors/controller_processor.rb +5 -9
- data/lib/brakeman/processors/haml_template_processor.rb +5 -0
- data/lib/brakeman/processors/lib/module_helper.rb +8 -8
- data/lib/brakeman/processors/lib/processor_helper.rb +3 -3
- data/lib/brakeman/processors/lib/rails2_config_processor.rb +3 -3
- data/lib/brakeman/processors/lib/rails2_route_processor.rb +2 -2
- data/lib/brakeman/processors/lib/rails3_config_processor.rb +3 -3
- data/lib/brakeman/processors/lib/rails3_route_processor.rb +2 -2
- data/lib/brakeman/processors/lib/render_helper.rb +2 -2
- data/lib/brakeman/processors/lib/render_path.rb +18 -1
- data/lib/brakeman/processors/library_processor.rb +5 -5
- data/lib/brakeman/processors/model_processor.rb +4 -5
- data/lib/brakeman/processors/output_processor.rb +5 -0
- data/lib/brakeman/processors/template_alias_processor.rb +4 -5
- data/lib/brakeman/processors/template_processor.rb +4 -4
- data/lib/brakeman/report.rb +3 -3
- data/lib/brakeman/report/ignore/config.rb +2 -3
- data/lib/brakeman/report/ignore/interactive.rb +2 -2
- data/lib/brakeman/report/pager.rb +1 -0
- data/lib/brakeman/report/report_base.rb +51 -6
- data/lib/brakeman/report/report_codeclimate.rb +3 -3
- data/lib/brakeman/report/report_hash.rb +1 -1
- data/lib/brakeman/report/report_html.rb +2 -2
- data/lib/brakeman/report/report_json.rb +1 -24
- data/lib/brakeman/report/report_table.rb +20 -4
- data/lib/brakeman/report/report_tabs.rb +1 -1
- data/lib/brakeman/report/report_text.rb +2 -2
- data/lib/brakeman/rescanner.rb +9 -12
- data/lib/brakeman/scanner.rb +19 -14
- data/lib/brakeman/tracker.rb +4 -4
- data/lib/brakeman/tracker/collection.rb +4 -3
- data/lib/brakeman/tracker/config.rb +6 -0
- data/lib/brakeman/util.rb +1 -147
- data/lib/brakeman/version.rb +1 -1
- data/lib/brakeman/warning.rb +23 -13
- data/lib/brakeman/warning_codes.rb +1 -0
- data/lib/ruby_parser/bm_sexp_processor.rb +1 -0
- metadata +20 -10
@@ -13,7 +13,7 @@ module Brakeman
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def parse_template path, text
|
16
|
-
type = path.match(KNOWN_TEMPLATE_EXTENSIONS)[1].to_sym
|
16
|
+
type = path.relative.match(KNOWN_TEMPLATE_EXTENSIONS)[1].to_sym
|
17
17
|
type = :erb if type == :rhtml
|
18
18
|
name = template_path_to_name path
|
19
19
|
Brakeman.debug "Parsing #{path}"
|
@@ -63,7 +63,7 @@ module Brakeman
|
|
63
63
|
else
|
64
64
|
ERB.new(text, nil, '-').src
|
65
65
|
end
|
66
|
-
src.sub!(/^#.*\n/, '')
|
66
|
+
src.sub!(/^#.*\n/, '')
|
67
67
|
src
|
68
68
|
end
|
69
69
|
end
|
@@ -95,7 +95,7 @@ module Brakeman
|
|
95
95
|
end
|
96
96
|
|
97
97
|
def self.parse_inline_erb tracker, text
|
98
|
-
fp = Brakeman::FileParser.new(tracker
|
98
|
+
fp = Brakeman::FileParser.new(tracker)
|
99
99
|
tp = self.new(tracker, fp)
|
100
100
|
src = tp.parse_erb '_inline_', text
|
101
101
|
type = tp.erubis? ? :erubis : :erb
|
data/lib/brakeman/processor.rb
CHANGED
@@ -13,8 +13,7 @@ module Brakeman
|
|
13
13
|
include Util
|
14
14
|
|
15
15
|
def initialize(app_tree, options)
|
16
|
-
@
|
17
|
-
@tracker = Tracker.new(@app_tree, self, options)
|
16
|
+
@tracker = Tracker.new(app_tree, self, options)
|
18
17
|
end
|
19
18
|
|
20
19
|
def tracked_events
|
@@ -39,7 +38,7 @@ module Brakeman
|
|
39
38
|
#Process controller source. +file_name+ is used for reporting
|
40
39
|
def process_controller src, file_name
|
41
40
|
if contains_class? src
|
42
|
-
ControllerProcessor.new(@
|
41
|
+
ControllerProcessor.new(@tracker).process_controller src, file_name
|
43
42
|
else
|
44
43
|
LibraryProcessor.new(@tracker).process_library src, file_name
|
45
44
|
end
|
@@ -48,7 +47,7 @@ module Brakeman
|
|
48
47
|
#Process variable aliasing in controller source and save it in the
|
49
48
|
#tracker.
|
50
49
|
def process_controller_alias name, src, only_method = nil, file = nil
|
51
|
-
ControllerAliasProcessor.new(@
|
50
|
+
ControllerAliasProcessor.new(@tracker, only_method).process_controller name, src, file
|
52
51
|
end
|
53
52
|
|
54
53
|
#Process a model source
|
@@ -20,19 +20,18 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
20
20
|
#The recommended usage is:
|
21
21
|
#
|
22
22
|
# AliasProcessor.new.process_safely src
|
23
|
-
def initialize tracker = nil,
|
23
|
+
def initialize tracker = nil, current_file = nil
|
24
24
|
super()
|
25
25
|
@env = SexpProcessor::Environment.new
|
26
26
|
@inside_if = false
|
27
27
|
@ignore_ifs = nil
|
28
28
|
@exp_context = []
|
29
|
-
@current_module = nil
|
30
29
|
@tracker = tracker #set in subclass as necessary
|
31
30
|
@helper_method_cache = {}
|
32
31
|
@helper_method_info = Hash.new({})
|
33
32
|
@or_depth_limit = (tracker && tracker.options[:branch_limit]) || 5 #arbitrary default
|
34
33
|
@meth_env = nil
|
35
|
-
@
|
34
|
+
@current_file = current_file
|
36
35
|
set_env_defaults
|
37
36
|
end
|
38
37
|
|
@@ -44,8 +43,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
44
43
|
#
|
45
44
|
#This method returns a new Sexp with variables replaced with their values,
|
46
45
|
#where possible.
|
47
|
-
def process_safely src, set_env = nil,
|
48
|
-
@
|
46
|
+
def process_safely src, set_env = nil, current_file = @current_file
|
47
|
+
@current_file = current_file
|
49
48
|
@env = set_env || SexpProcessor::Environment.new
|
50
49
|
@result = src.deep_clone
|
51
50
|
process @result
|
@@ -270,6 +269,11 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
270
269
|
if array? target and target.length > 2 and (string? first_arg or first_arg.nil?)
|
271
270
|
exp = process_array_join(target, first_arg)
|
272
271
|
end
|
272
|
+
when :!
|
273
|
+
# Convert `!!a` to boolean
|
274
|
+
if call? target and target.method == :!
|
275
|
+
exp = s(:or, s(:true).line(exp.line), s(:false).line(exp.line)).line(exp.line)
|
276
|
+
end
|
273
277
|
end
|
274
278
|
|
275
279
|
exp
|
@@ -368,6 +372,8 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
368
372
|
elsif e.is_a? Symbol
|
369
373
|
local = Sexp.new(:lvar, e)
|
370
374
|
env.current[local] = local
|
375
|
+
elsif e.nil? # trailing comma, argument destructuring
|
376
|
+
next # Punt for now
|
371
377
|
else
|
372
378
|
raise "Unexpected value in block args: #{e.inspect}"
|
373
379
|
end
|
@@ -693,7 +699,7 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
|
|
693
699
|
if @tracker
|
694
700
|
@tracker.add_constant exp.lhs,
|
695
701
|
exp.rhs,
|
696
|
-
:file =>
|
702
|
+
:file => @current_file,
|
697
703
|
:module => @current_module,
|
698
704
|
:class => @current_class,
|
699
705
|
:method => @current_method
|
@@ -15,11 +15,12 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
|
|
15
15
|
super()
|
16
16
|
@last = nil
|
17
17
|
@tracker = tracker
|
18
|
-
@
|
18
|
+
@app_tree = tracker.app_tree if tracker
|
19
|
+
@current_template = @current_module = @current_class = @current_method = @current_file = nil
|
19
20
|
end
|
20
21
|
|
21
|
-
def process_file exp,
|
22
|
-
@
|
22
|
+
def process_file exp, current_file
|
23
|
+
@current_file = current_file
|
23
24
|
process exp
|
24
25
|
end
|
25
26
|
|
@@ -182,7 +183,7 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
|
|
182
183
|
if @tracker
|
183
184
|
@tracker.add_constant exp.lhs,
|
184
185
|
exp.rhs,
|
185
|
-
:file =>
|
186
|
+
:file => current_file,
|
186
187
|
:module => @current_module,
|
187
188
|
:class => @current_class,
|
188
189
|
:method => @current_method
|
@@ -234,8 +235,8 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
|
|
234
235
|
elsif first_arg.is_a? Symbol or first_arg.is_a? String
|
235
236
|
type = :action
|
236
237
|
value = Sexp.new(:lit, first_arg.to_sym)
|
237
|
-
|
238
|
-
|
238
|
+
elsif first_arg.nil?
|
239
|
+
type = :default
|
239
240
|
elsif not hash? first_arg
|
240
241
|
type = :action
|
241
242
|
value = first_arg
|
@@ -287,7 +288,7 @@ class Brakeman::BaseProcessor < Brakeman::SexpProcessor
|
|
287
288
|
template_name = "#@current_method/inline@#{value.line}:#{class_or_module}".to_sym
|
288
289
|
type, ast = Brakeman::TemplateParser.parse_inline_erb(@tracker, value.value)
|
289
290
|
ast = ast.deep_clone(value.line)
|
290
|
-
@tracker.processor.process_template(template_name, ast, type, nil, @
|
291
|
+
@tracker.processor.process_template(template_name, ast, type, nil, @current_file)
|
291
292
|
@tracker.processor.process_template_alias(@tracker.templates[template_name])
|
292
293
|
|
293
294
|
return s(:lit, template_name), options
|
@@ -11,22 +11,22 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
|
|
11
11
|
#If only_method is specified, only that method will be processed,
|
12
12
|
#other methods will be skipped.
|
13
13
|
#This is for rescanning just a single action.
|
14
|
-
def initialize
|
14
|
+
def initialize tracker, only_method = nil
|
15
15
|
super tracker
|
16
|
-
@app_tree = app_tree
|
16
|
+
@app_tree = tracker.app_tree
|
17
17
|
@only_method = only_method
|
18
18
|
@rendered = false
|
19
19
|
@current_class = @current_module = @current_method = nil
|
20
20
|
@method_cache = {} #Cache method lookups
|
21
21
|
end
|
22
22
|
|
23
|
-
def process_controller name, src,
|
23
|
+
def process_controller name, src, current_file
|
24
24
|
if not node_type? src, :class
|
25
25
|
Brakeman.debug "#{name} is not a class, it's a #{src.node_type}"
|
26
26
|
return
|
27
27
|
else
|
28
28
|
@current_class = name
|
29
|
-
@
|
29
|
+
@current_file = @app_tree.file_path(current_file)
|
30
30
|
|
31
31
|
process_default src
|
32
32
|
|
@@ -37,6 +37,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
|
|
37
37
|
#Process modules mixed into the controller, in case they contain actions.
|
38
38
|
def process_mixins
|
39
39
|
controller = @tracker.controllers[@current_class]
|
40
|
+
original_file = @current_file
|
40
41
|
|
41
42
|
controller.includes.each do |i|
|
42
43
|
mixin = @tracker.libs[i]
|
@@ -49,7 +50,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
|
|
49
50
|
methods.each do |name|
|
50
51
|
#Need to process the method like it was in a controller in order
|
51
52
|
#to get the renders set
|
52
|
-
processor = Brakeman::ControllerProcessor.new(@
|
53
|
+
processor = Brakeman::ControllerProcessor.new(@tracker, mixin.file)
|
53
54
|
method = mixin.get_method(name)[:src].deep_clone
|
54
55
|
|
55
56
|
if node_type? method, :defn
|
@@ -59,11 +60,13 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
|
|
59
60
|
method = processor.process method
|
60
61
|
end
|
61
62
|
|
62
|
-
@
|
63
|
+
@current_file = mixin.file
|
63
64
|
#Then process it like any other method in the controller
|
64
65
|
process method
|
65
66
|
end
|
66
67
|
end
|
68
|
+
ensure
|
69
|
+
@current_file = original_file
|
67
70
|
end
|
68
71
|
|
69
72
|
#Skip it, must be an inner class
|
@@ -187,7 +190,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
|
|
187
190
|
end
|
188
191
|
end
|
189
192
|
|
190
|
-
render_path = Brakeman::RenderPath.new.add_controller_render(@current_class, @current_method, line,
|
193
|
+
render_path = Brakeman::RenderPath.new.add_controller_render(@current_class, @current_method, line, @current_file)
|
191
194
|
super name, args, render_path, line
|
192
195
|
end
|
193
196
|
|
@@ -8,20 +8,16 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
|
|
8
8
|
|
9
9
|
FORMAT_HTML = Sexp.new(:call, Sexp.new(:lvar, :format), :html)
|
10
10
|
|
11
|
-
def initialize
|
11
|
+
def initialize tracker, current_file = nil
|
12
12
|
super(tracker)
|
13
|
-
@app_tree = app_tree
|
14
|
-
@current_class = nil
|
15
|
-
@current_method = nil
|
16
|
-
@current_module = nil
|
17
13
|
@visibility = :public
|
18
|
-
@
|
14
|
+
@current_file = current_file
|
19
15
|
@concerns = Set.new
|
20
16
|
end
|
21
17
|
|
22
18
|
#Use this method to process a Controller
|
23
|
-
def process_controller src,
|
24
|
-
@
|
19
|
+
def process_controller src, current_file = @current_file
|
20
|
+
@current_file = current_file
|
25
21
|
process src
|
26
22
|
end
|
27
23
|
|
@@ -35,7 +31,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
|
|
35
31
|
#a real controller, so we can't take this shortcut.
|
36
32
|
if @current_class and @current_class.name.to_s.end_with? "Controller"
|
37
33
|
Brakeman.debug "[Notice] Treating inner class as library: #{name}"
|
38
|
-
Brakeman::LibraryProcessor.new(@tracker).process_library exp, @
|
34
|
+
Brakeman::LibraryProcessor.new(@tracker).process_library exp, @current_file
|
39
35
|
return exp
|
40
36
|
end
|
41
37
|
|
@@ -7,6 +7,11 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor
|
|
7
7
|
JAVASCRIPT_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Javascript)
|
8
8
|
COFFEE_FILTER = s(:colon2, s(:colon2, s(:const, :Haml), :Filters), :Coffee)
|
9
9
|
|
10
|
+
def initialize *args
|
11
|
+
super
|
12
|
+
@javascript = false
|
13
|
+
end
|
14
|
+
|
10
15
|
#Processes call, looking for template output
|
11
16
|
def process_call exp
|
12
17
|
target = exp.target
|
@@ -13,9 +13,9 @@ module Brakeman::ModuleHelper
|
|
13
13
|
|
14
14
|
if @tracker.libs[name]
|
15
15
|
@current_module = @tracker.libs[name]
|
16
|
-
@current_module.add_file @
|
16
|
+
@current_module.add_file @current_file, exp
|
17
17
|
else
|
18
|
-
@current_module = tracker_class.new name, parent, @
|
18
|
+
@current_module = tracker_class.new name, parent, @current_file, exp, @tracker
|
19
19
|
@tracker.libs[name] = @current_module
|
20
20
|
end
|
21
21
|
|
@@ -45,9 +45,9 @@ module Brakeman::ModuleHelper
|
|
45
45
|
|
46
46
|
if collection[name]
|
47
47
|
@current_class = collection[name]
|
48
|
-
@current_class.add_file @
|
48
|
+
@current_class.add_file @current_file, exp
|
49
49
|
else
|
50
|
-
@current_class = tracker_class.new name, parent, @
|
50
|
+
@current_class = tracker_class.new name, parent, @current_file, exp, @tracker
|
51
51
|
collection[name] = @current_class
|
52
52
|
end
|
53
53
|
|
@@ -85,9 +85,9 @@ module Brakeman::ModuleHelper
|
|
85
85
|
@current_method = nil
|
86
86
|
|
87
87
|
if @current_class
|
88
|
-
@current_class.add_method @visibility, name, res, @
|
88
|
+
@current_class.add_method @visibility, name, res, @current_file
|
89
89
|
elsif @current_module
|
90
|
-
@current_module.add_method @visibility, name, res, @
|
90
|
+
@current_module.add_method @visibility, name, res, @current_file
|
91
91
|
end
|
92
92
|
res
|
93
93
|
end
|
@@ -101,9 +101,9 @@ module Brakeman::ModuleHelper
|
|
101
101
|
@current_method = nil
|
102
102
|
|
103
103
|
if @current_class
|
104
|
-
@current_class.add_method @visibility, name, res, @
|
104
|
+
@current_class.add_method @visibility, name, res, @current_file
|
105
105
|
elsif @current_module
|
106
|
-
@current_module.add_method @visibility, name, res, @
|
106
|
+
@current_module.add_method @visibility, name, res, @current_file
|
107
107
|
end
|
108
108
|
|
109
109
|
res
|
@@ -73,10 +73,10 @@ module Brakeman::ProcessorHelper
|
|
73
73
|
end
|
74
74
|
end
|
75
75
|
|
76
|
-
def
|
76
|
+
def current_file
|
77
77
|
case
|
78
|
-
when @
|
79
|
-
@
|
78
|
+
when @current_file
|
79
|
+
@current_file
|
80
80
|
when @current_class.is_a?(Brakeman::Collection)
|
81
81
|
@current_class.file
|
82
82
|
when @current_module.is_a?(Brakeman::Collection)
|
@@ -27,9 +27,9 @@ class Brakeman::Rails2ConfigProcessor < Brakeman::BasicProcessor
|
|
27
27
|
end
|
28
28
|
|
29
29
|
#Use this method to process configuration file
|
30
|
-
def process_config src,
|
31
|
-
@
|
32
|
-
res = Brakeman::ConfigAliasProcessor.new.process_safely(src, nil,
|
30
|
+
def process_config src, current_file
|
31
|
+
@current_file = current_file
|
32
|
+
res = Brakeman::ConfigAliasProcessor.new.process_safely(src, nil, current_file)
|
33
33
|
process res
|
34
34
|
end
|
35
35
|
|
@@ -16,7 +16,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BasicProcessor
|
|
16
16
|
@prefix = [] #Controller name prefix (a module name, usually)
|
17
17
|
@current_controller = nil
|
18
18
|
@with_options = nil #For use inside map.with_options
|
19
|
-
@
|
19
|
+
@current_file = "config/routes.rb"
|
20
20
|
end
|
21
21
|
|
22
22
|
#Call this with parsed route file information.
|
@@ -24,7 +24,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BasicProcessor
|
|
24
24
|
#This method first calls RouteAliasProcessor#process_safely on the +exp+,
|
25
25
|
#so it does not modify the +exp+.
|
26
26
|
def process_routes exp
|
27
|
-
process Brakeman::RouteAliasProcessor.new.process_safely(exp, nil, @
|
27
|
+
process Brakeman::RouteAliasProcessor.new.process_safely(exp, nil, @current_file)
|
28
28
|
end
|
29
29
|
|
30
30
|
#Looking for mapping of routes
|
@@ -24,9 +24,9 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BasicProcessor
|
|
24
24
|
end
|
25
25
|
|
26
26
|
#Use this method to process configuration file
|
27
|
-
def process_config src,
|
28
|
-
@
|
29
|
-
res = Brakeman::AliasProcessor.new(@tracker).process_safely(src, nil, @
|
27
|
+
def process_config src, current_file
|
28
|
+
@current_file = current_file
|
29
|
+
res = Brakeman::AliasProcessor.new(@tracker).process_safely(src, nil, @current_file)
|
30
30
|
process res
|
31
31
|
end
|
32
32
|
|
@@ -17,11 +17,11 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BasicProcessor
|
|
17
17
|
@current_controller = nil
|
18
18
|
@with_options = nil #For use inside map.with_options
|
19
19
|
@controller_block = false
|
20
|
-
@
|
20
|
+
@current_file = "config/routes.rb"
|
21
21
|
end
|
22
22
|
|
23
23
|
def process_routes exp
|
24
|
-
process Brakeman::AliasProcessor.new.process_safely(exp, nil, @
|
24
|
+
process Brakeman::AliasProcessor.new.process_safely(exp, nil, @current_file)
|
25
25
|
end
|
26
26
|
|
27
27
|
def process_call exp
|
@@ -36,7 +36,7 @@ module Brakeman::RenderHelper
|
|
36
36
|
|
37
37
|
#Determines file name for partial and then processes it
|
38
38
|
def process_partial name, args, line
|
39
|
-
if
|
39
|
+
if !(string? name or symbol? name) or name.value == ""
|
40
40
|
return
|
41
41
|
end
|
42
42
|
|
@@ -148,7 +148,7 @@ module Brakeman::RenderHelper
|
|
148
148
|
#This information will be stored in tracker.templates, but with a name
|
149
149
|
#specifying this particular route. The original source should remain
|
150
150
|
#pristine (so it can be processed within other environments).
|
151
|
-
@tracker.processor.process_template name, src, template.type, called_from
|
151
|
+
@tracker.processor.process_template name, src, template.type, called_from, template.file
|
152
152
|
end
|
153
153
|
end
|
154
154
|
|
@@ -83,7 +83,7 @@ module Brakeman
|
|
83
83
|
end
|
84
84
|
|
85
85
|
def map &block
|
86
|
-
@path.map
|
86
|
+
@path.map(&block)
|
87
87
|
end
|
88
88
|
|
89
89
|
def to_a
|
@@ -114,6 +114,23 @@ module Brakeman
|
|
114
114
|
JSON.generate(@path)
|
115
115
|
end
|
116
116
|
|
117
|
+
def with_relative_paths
|
118
|
+
@path.map do |loc|
|
119
|
+
r = loc.dup
|
120
|
+
|
121
|
+
if r[:file]
|
122
|
+
r[:file] = r[:file].relative
|
123
|
+
end
|
124
|
+
|
125
|
+
if r[:rendered] and r[:rendered][:file]
|
126
|
+
r[:rendered] = r[:rendered].dup
|
127
|
+
r[:rendered][:file] = r[:rendered][:file].relative
|
128
|
+
end
|
129
|
+
|
130
|
+
r
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
117
134
|
def initialize_copy original
|
118
135
|
@path = original.path.dup
|
119
136
|
self
|
@@ -9,15 +9,15 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
|
|
9
9
|
|
10
10
|
def initialize tracker
|
11
11
|
super
|
12
|
-
@
|
12
|
+
@current_file = nil
|
13
13
|
@alias_processor = Brakeman::AliasProcessor.new tracker
|
14
14
|
@current_module = nil
|
15
15
|
@current_class = nil
|
16
16
|
@initializer_env = nil
|
17
17
|
end
|
18
18
|
|
19
|
-
def process_library src,
|
20
|
-
@
|
19
|
+
def process_library src, current_file = @current_file
|
20
|
+
@current_file = current_file
|
21
21
|
process src
|
22
22
|
end
|
23
23
|
|
@@ -41,10 +41,10 @@ class Brakeman::LibraryProcessor < Brakeman::BaseProcessor
|
|
41
41
|
|
42
42
|
if @current_class
|
43
43
|
exp.body = process_all! exp.body
|
44
|
-
@current_class.add_method :public, exp.method_name, exp, @
|
44
|
+
@current_class.add_method :public, exp.method_name, exp, @current_file
|
45
45
|
elsif @current_module
|
46
46
|
exp.body = process_all! exp.body
|
47
|
-
@current_module.add_method :public, exp.method_name, exp, @
|
47
|
+
@current_module.add_method :public, exp.method_name, exp, @current_file
|
48
48
|
end
|
49
49
|
|
50
50
|
exp
|