brakeman-min 0.2.0

data/lib/processors/base_processor.rb

@@ -0,0 +1,237 @@
+require 'rubygems'
+require 'sexp_processor'
+require 'processors/lib/processor_helper'
+require 'util'
+
+#Base processor for most processors.
+class BaseProcessor < SexpProcessor
+  include ProcessorHelper
+  include Util
+
+  attr_reader :ignore
+
+  #Return a new Processor.
+  def initialize tracker
+    super()
+    self.strict = false
+    self.auto_shift_type = false
+    self.require_empty = false
+    self.default_method = :process_default
+    self.warn_on_default = false
+    @last = nil
+    @tracker = tracker
+    @ignore = Sexp.new :ignore
+    @current_template = @current_module = @current_class = @current_method = nil
+  end
+
+  #Process a new scope. Removes expressions that are set to nil.
+  def process_scope exp
+    exp.shift
+    exp.map! do |e|
+      res = process e
+      if res.empty?
+        res = nil
+      else
+        res
+      end
+    end.compact
+    exp.unshift :scope
+  end
+
+  #Default processing.
+  def process_default exp
+    type = exp.shift
+    exp.each_with_index do |e, i|
+      if sexp? e and not e.empty?
+        exp[i] = process e
+      else
+        e
+      end
+    end
+  ensure
+    exp.unshift type
+  end
+
+  #Process an if statement.
+  def process_if exp
+    exp[1] = process exp[1]
+    exp[2] = process exp[2] if exp[2]
+    exp[3] = process exp[3] if exp[3]
+    exp
+  end
+
+  #Processes calls with blocks. Changes Sexp node type to :call_with_block
+  #
+  #s(:iter, CALL, {:lasgn|:masgn}, BLOCK)
+  def process_iter exp
+    call = process exp[1]
+    #deal with assignments somehow
+    if exp[3]
+      block = process exp[3]
+      block = nil if block.empty?
+    else
+      block = nil
+    end
+
+    call = Sexp.new(:call_with_block, call, exp[2], block).compact
+    call.line(exp.line)
+    call
+  end
+
+  #String with interpolation. Changes Sexp node type to :string_interp
+  def process_dstr exp
+    exp.shift
+    exp.map! do |e|
+      if e.is_a? String
+        e
+      elsif e[1].is_a? String
+        e[1]
+      else
+        res = process e
+        if res.empty?
+          nil
+        else
+          res
+        end
+      end
+    end.compact!
+
+    exp.unshift :string_interp
+  end
+
+  #Processes a block. Changes Sexp node type to :rlist
+  def process_block exp
+    exp.shift
+
+    exp.map! do |e|
+      process e
+    end
+
+    exp.unshift :rlist
+  end
+
+  #Processes the inside of an interpolated String.
+  #Changes Sexp node type to :string_eval
+  def process_evstr exp
+    exp[0] = :string_eval
+    exp[1] = process exp[1]
+    exp
+  end
+
+  #Processes an or keyword
+  def process_or exp
+    exp[1] = process exp[1]
+    exp[2] = process exp[2]
+    exp
+  end
+
+  #Processes an and keyword
+  def process_and exp
+    exp[1] = process exp[1]
+    exp[2] = process exp[2]
+    exp
+  end
+
+  #Processes a hash
+  def process_hash exp
+    exp.shift
+    exp.map! do |e|
+      if sexp? e
+        process e
+      else
+        e
+      end
+    end
+
+    exp.unshift :hash
+  end
+
+  #Processes the values in an argument list
+  def process_arglist exp
+    exp.shift
+    exp.map! do |e|
+      process e
+    end
+
+    exp.unshift :arglist
+  end
+
+  #Processes a local assignment
+  def process_lasgn exp
+    exp[2] = process exp[2]
+    exp
+  end
+
+  #Processes an instance variable assignment
+  def process_iasgn exp
+    exp[2] = process exp[2]
+    exp
+  end
+
+  #Processes an attribute assignment, which can be either x.y = 1 or x[:y] = 1
+  def process_attrasgn exp
+    exp[1] = process exp[1]
+    exp[3] = process exp[3]
+    exp
+  end
+
+  #Ignore ignore Sexps
+  def process_ignore exp
+    exp
+  end
+
+  #Generates :render node from call to render.
+  def make_render exp
+    render_type, value, rest = find_render_type exp[3]
+    rest = process rest
+    result = Sexp.new(:render, render_type, value, rest)
+    result.line(exp.line)
+    result
+  end
+
+  #Determines the type of a call to render.
+  #
+  #Possible types are:
+  #:action, :default :file, :inline, :js, :json, :nothing, :partial,
+  #:template, :text, :update, :xml
+  def find_render_type args
+    rest = Sexp.new(:hash)
+    type = nil
+    value = nil
+
+    if args.length == 2 and args[-1] == Sexp.new(:lit, :update)
+      return :update, nil, args[0..-2]
+    end
+
+    #Look for render :action, ... or render "action", ...
+    if string? args[1] or symbol? args[1]
+      type = :action
+      value = args[1]
+    elsif args[1].is_a? Symbol or args[1].is_a? String
+      type = :action
+      value = Sexp.new(:lit, args[1].to_sym)
+		elsif args[1].nil?
+			type = :default
+    elsif not hash? args[1]
+      type = :action
+      value = args[1]
+    end
+
+    if hash? args[-1]
+      hash_iterate(args[-1]) do |key, val|
+        case key[1]
+        when :action, :file, :inline, :js, :json, :nothing, :partial, :text, :update, :xml
+          type = key[1]
+          value = val
+        else  
+          rest << key << val
+        end
+      end
+    end
+
+    type ||= :default
+    value ||= :default
+    args[-1] = rest
+    return type, value, rest
+  end
+end

data/lib/processors/config_processor.rb

@@ -0,0 +1,146 @@
+require 'processors/base_processor'
+require 'processors/alias_processor'
+  
+#Replace block variable in
+#
+#  Rails::Initializer.run |config|
+#
+#with this value so we can keep track of it.
+RAILS_CONFIG = Sexp.new(:const, :"!BRAKEMAN_RAILS_CONFIG")
+
+#Processes configuration. Results are put in tracker.config.
+#
+#Configuration of Rails via Rails::Initializer are stored in tracker.config[:rails].
+#For example:
+#
+#  Rails::Initializer.run |config|
+#    config.action_controller.session_store = :cookie_store
+#  end
+#
+#will be stored in
+#
+#  tracker.config[:rails][:action_controller][:session_store]
+#
+#Values for tracker.config[:rails] will still be Sexps.
+class ConfigProcessor < BaseProcessor
+  def initialize *args
+    super
+    @tracker.config[:rails] ||= {}
+  end
+
+  #Use this method to process configuration file
+  def process_config src
+    res = ConfigAliasProcessor.new.process_safely(src)
+    process res
+  end
+
+  #Check if config is set to use Erubis
+  def process_call exp
+    target = exp[1]
+    target = process target if sexp? target
+
+    if exp[2] == :gem and exp[3][1][1] == "erubis"
+      warn "[Notice] Using Erubis for ERB templates"
+      @tracker.config[:erubis] = true
+    end
+
+    exp
+  end
+
+  #Look for configuration settings
+  def process_attrasgn exp
+    if exp[1] == RAILS_CONFIG
+      #Get rid of '=' at end
+      attribute = exp[2].to_s[0..-2].to_sym
+      if exp[3].length > 2
+        #Multiple arguments?...not sure if this will ever happen
+        @tracker.config[:rails][exp[2]] = exp[3][1..-1]
+      else
+        @tracker.config[:rails][exp[2]] = exp[3][1]
+      end
+    elsif include_rails_config? exp
+      options = get_rails_config exp
+      level = @tracker.config[:rails]
+      options[0..-2].each do |o|
+        level[o] ||= {}
+        level = level[o]
+      end
+
+      level[options.last] = exp[3][1]
+    end
+
+    exp
+  end
+
+  #Check for Rails version
+  def process_cdecl exp
+    #Set Rails version required
+    if exp[1] == :RAILS_GEM_VERSION
+      @tracker.config[:rails_version] = exp[2][1]
+    end
+
+    exp
+  end
+
+  #Check if an expression includes a call to set Rails config
+  def include_rails_config? exp
+    target = exp[1]
+    if call? target
+      if target[1] == RAILS_CONFIG
+        true
+      else
+        include_rails_config? target
+      end
+    elsif target == RAILS_CONFIG
+      true
+    else
+      false
+    end
+  end
+
+  #Returns an array of symbols for each 'level' in the config
+  #
+  #  config.action_controller.session_store = :cookie
+  #
+  #becomes
+  #
+  #  [:action_controller, :session_store]
+  def get_rails_config exp
+    if sexp? exp and exp.node_type == :attrasgn
+      attribute = exp[2].to_s[0..-2].to_sym
+      get_rails_config(exp[1]) << attribute
+    elsif call? exp
+      if exp[1] == RAILS_CONFIG
+        [exp[2]]
+      else
+        get_rails_config(exp[1]) << exp[2]
+      end
+    else
+      raise "WHAT"
+    end
+  end
+end
+
+#This is necessary to replace block variable so we can track config settings
+class ConfigAliasProcessor < AliasProcessor
+
+  RAILS_INIT = Sexp.new(:colon2, Sexp.new(:const, :Rails), :Initializer)
+
+  #Look for a call to 
+  #
+  #  Rails::Initializer.run do |config|
+  #    ...
+  #  end
+  #
+  #and replace config with RAILS_CONFIG
+  def process_iter exp
+    target = exp[1][1]
+    method = exp[1][2]
+
+    if sexp? target and target == RAILS_INIT and method == :run
+      exp[2][2] = RAILS_CONFIG
+    end
+
+    process_default exp
+  end
+end

data/lib/processors/controller_alias_processor.rb

@@ -0,0 +1,237 @@
+require 'processors/alias_processor'
+require 'processors/lib/render_helper'
+
+#Processes aliasing in controllers, but includes following
+#renders in routes and putting variables into templates
+class ControllerAliasProcessor < AliasProcessor
+  include RenderHelper
+
+  def initialize tracker
+    super()
+    @tracker = tracker
+    @rendered = false
+    @current_class = @current_module = @current_method = nil
+  end
+
+  #Processes a class which is probably a controller.
+  def process_class exp
+    @current_class = class_name(exp[1])
+    if @current_module
+      @current_class = (@current_module + "::" + @current_class.to_s).to_sym
+    end
+
+    process_default exp
+  end
+
+  #Processes a method definition, which may include
+  #processing any rendered templates.
+  def process_methdef exp
+    set_env_defaults
+    is_route = route? exp[1]
+    other_method = @current_method
+    @current_method = exp[1]
+    @rendered = false if is_route
+
+    env.scope do
+
+      if is_route
+        before_filter_list(@current_method, @current_class).each do |f|
+          process_before_filter f
+        end
+      end
+
+      process exp[3]
+
+      if is_route and not @rendered
+        process_default_render exp
+      end
+    end
+
+    @current_method = other_method
+    exp
+  end
+
+  #Look for calls to head()
+  def process_call exp
+    exp = super
+
+    if exp[2] == :head
+      @rendered = true
+    end
+    exp
+  end
+
+  #Check for +respond_to+
+  def process_call_with_block exp
+    process_default exp
+
+    if exp[1][2] == :respond_to
+      @rendered = true
+    end
+
+    exp
+  end
+
+  #Processes a call to a before filter.
+  #Basically, adds any instance variable assignments to the environment.
+  #TODO: method arguments?
+  def process_before_filter name 
+    method = find_method name, @current_class    
+
+    if method.nil?
+      warn "[Notice] Could not find filter #{name}" if OPTIONS[:debug]
+      return
+    end
+
+    processor = AliasProcessor.new
+    processor.process_safely(method[3])
+
+    processor.only_ivars.all.each do |variable, value|
+      env[variable] = value
+    end
+  end
+
+  #Processes the default template for the current action
+  def process_default_render exp
+    process_layout
+    process_template template_name, nil
+  end
+
+  #Process template and add the current class and method name as called_from info
+  def process_template name, args
+    super name, args, "#@current_class##@current_method"
+  end
+
+  #Turns a method name into a template name
+  def template_name name = nil
+    name ||= @current_method
+    name = name.to_s
+    if name.include? "/"
+      name
+    else
+      controller = @current_class.to_s.gsub("Controller", "")
+      controller.gsub!("::", "/")
+      underscore(controller + "/" + name.to_s)
+    end
+  end
+
+  #Determines default layout name
+  def layout_name
+    controller = @tracker.controllers[@current_class]
+
+    return controller[:layout] if controller[:layout]
+    return false if controller[:layout] == false
+
+    app_controller = @tracker.controllers[:ApplicationController]
+
+    return app_controller[:layout] if app_controller and app_controller[:layout]
+
+    nil
+  end
+
+  #Returns true if the given method name is also a route
+  def route? method
+    return true if @tracker.routes[:allow_all_actions]
+    routes = @tracker.routes[@current_class]
+    routes and (routes == :allow_all_actions or routes.include? method)
+  end
+
+  #Get list of filters, including those that are inherited
+  def before_filter_list method, klass
+    controller = @tracker.controllers[klass]
+    filters = []
+
+    while controller
+      filters = get_before_filters(method, controller) + filters
+
+      controller = @tracker.controllers[controller[:parent]]
+    end
+
+    filters
+  end
+
+  #Returns an array of filter names
+  def get_before_filters method, controller
+    filters = []
+    return filters unless controller[:options]
+    filter_list = controller[:options][:before_filters]
+    return filters unless filter_list
+
+    filter_list.each do |filter|
+      f = before_filter_to_hash filter
+      if f[:all] or 
+        (f[:only] == method) or
+        (f[:only].is_a? Array and f[:only].include? method) or 
+        (f[:except] == method) or
+        (f[:except].is_a? Array and not f[:except].include? method)
+
+        filters.concat f[:methods]
+      end
+    end
+
+    filters
+  end
+
+  #Returns a before filter as a hash table
+  def before_filter_to_hash args
+    filter = {}
+
+    #Process args for the uncommon but possible situation
+    #in which some variables are used in the filter.
+    args.each do |a|
+      if sexp? a
+        a = process_default a
+      end
+    end
+
+    filter[:methods] = [args[0][1]]
+
+    args[1..-1].each do |a|
+      filter[:methods] << a[1] unless a.node_type == :hash
+    end
+
+    if args[-1].node_type == :hash
+      option = args[-1][1][1]
+      value = args[-1][2]
+      case value.node_type
+      when :array
+        filter[option] = value[1..-1].map {|v| v[1] }
+      when :lit, :str
+        filter[option] = value[1]
+      else
+        warn "[Notice] Unknown before_filter value: #{option} => #{value}" if OPTIONS[:debug]
+      end
+    else
+      filter[:all] = true
+    end
+
+    filter
+  end
+
+  #Finds a method in the given class or a parent class
+  def find_method method_name, klass
+    return nil if sexp? method_name
+    method_name = method_name.to_sym
+    controller = @tracker.controllers[klass]
+    controller ||= @tracker.libs[klass]
+
+    if klass and controller
+      method = controller[:public][method_name]
+      method ||= controller[:private][method_name]
+      method ||= controller[:protected][method_name]
+
+      if method.nil?
+        controller[:includes].each do |included|
+          method = find_method method_name, included
+          return method if method
+        end
+
+        find_method method_name, controller[:parent]
+      else
+        method
+      end
+    else
+      nil
+    end
+  end
+end