brakeman-min 0.2.0

data/lib/processors/controller_processor.rb

@@ -0,0 +1,202 @@
+require 'ruby_parser'
+require 'processors/base_processor'
+
+#Processes controller. Results are put in tracker.controllers
+class ControllerProcessor < BaseProcessor
+  FORMAT_HTML = Sexp.new(:call, Sexp.new(:lvar, :format), :html, Sexp.new(:arglist))
+
+  def initialize tracker
+    super 
+    @controller = nil
+    @current_method = nil
+    @current_module = nil
+    @visibility = :public
+    @file_name = nil
+  end
+
+  #Use this method to process a Controller
+  def process_controller src, file_name = nil
+    @file_name = file_name
+    process src
+  end
+
+  #s(:class, NAME, PARENT, s(:scope ...))
+  def process_class exp
+    if @controller
+      warn "[Notice] Skipping inner class: #{class_name exp[1]}" if OPTIONS[:debug]
+      return ignore
+    end
+
+    name = class_name(exp[1])
+    if @current_module
+      name = (@current_module + "::" + name.to_s).to_sym
+    end
+    @controller = { :name => name,
+                    :parent => class_name(exp[2]),
+                    :includes => [],
+                    :public => {},
+                    :private => {},
+                    :protected => {},
+                    :options => {},
+                    :src => exp,
+                    :file => @file_name }
+    @tracker.controllers[@controller[:name]] = @controller
+    exp[3] = process exp[3]
+    set_layout_name
+    @controller = nil
+    exp
+  end
+
+  #Look for specific calls inside the controller
+  def process_call exp
+    target = exp[1]
+    if sexp? target
+      target = process target
+    end
+
+    method = exp[2]
+    args = exp[3]
+
+    #Methods called inside class definition
+    #like attr_* and other settings
+    if @current_method.nil? and target.nil?
+      if args.length == 1 #actually, empty
+        case method
+        when :private, :protected, :public
+          @visibility = method
+        when :protect_from_forgery
+          @controller[:options][:protect_from_forgery] = true
+        else
+          #??
+        end
+      else
+        case method
+        when :include
+          @controller[:includes] << class_name(args[1]) if @controller
+        when :before_filter
+          @controller[:options][:before_filters] ||= []
+          @controller[:options][:before_filters] << args[1..-1]
+        when :layout
+          if string? args[-1]
+            #layout "some_layout"
+
+            name = args[-1][1].to_s
+            unless Dir.glob("#{OPTIONS[:app_path]}/app/views/layouts/#{name}.html.{erb,haml}").empty?
+              @controller[:layout] = "layouts/#{name}"
+            else
+              warn "[Notice] Layout not found: #{name}" if OPTIONS[:debug]
+            end
+          elsif sexp? args[-1] and (args[-1][0] == :nil or args[-1][0] == :false)
+            #layout :false or layout nil
+            @controller[:layout] = false
+          end
+        end
+      end
+      ignore
+    elsif target == nil and method == :render
+      make_render exp
+    elsif exp == FORMAT_HTML and context[1] != :iter 
+      #This is an empty call to
+      # format.html
+      #Which renders the default template if no arguments
+      #Need to make more generic, though.
+      call = Sexp.new :render, :default, @current_method
+      call.line(exp.line)
+      call
+    else
+      call = Sexp.new :call, target, method, process(args)
+      call.line(exp.line)
+      call
+    end
+  end
+
+  #Process method definition and store in Tracker
+  def process_defn exp
+    name = exp[1]
+    @current_method = name
+    res = Sexp.new :methdef, name, process(exp[2]), process(exp[3][1])
+    res.line(exp.line)
+    @current_method = nil
+    @controller[@visibility][name] = res unless @controller.nil?
+
+    res
+  end
+
+  #Process self.method definition and store in Tracker
+  def process_defs exp
+    name = exp[2]
+
+    if exp[1].node_type == :self
+      target = @controller[:name]
+    else
+      target = class_name exp[1]
+    end
+
+    @current_method = name
+    res = Sexp.new :selfdef, target, name, process(exp[3]), process(exp[4][1])
+    res.line(exp.line)
+    @current_method = nil
+    @controller[@visibility][name] = res unless @controller.nil?
+
+    res
+  end
+
+  #Look for before_filters and add fake ones if necessary
+  def process_iter exp
+    if exp[1][2] == :before_filter
+      add_fake_filter exp
+    else
+      super
+    end
+  end
+
+  #Sets default layout for renders inside Controller
+  def set_layout_name
+    return if @controller[:layout]
+
+    name = underscore(@controller[:name].to_s.split("::")[-1].gsub("Controller", ''))
+
+    #There is a layout for this Controller
+    unless Dir.glob("#{OPTIONS[:app_path]}/app/views/layouts/#{name}.html.{erb,haml}").empty?
+      @controller[:layout] = "layouts/#{name}"
+    end
+  end
+
+  #This is to handle before_filter do |controller| ... end
+  #
+  #We build a new method and process that the same way as usual
+  #methods and filters.
+  def add_fake_filter exp
+    filter_name = ("fake_filter" + rand.to_s[/\d+$/]).to_sym
+    args = exp[1][3]
+    args.insert(1, Sexp.new(:lit, filter_name))
+    before_filter_call = Sexp.new(:call, nil, :before_filter, args)
+
+    if exp[2]
+      block_variable = exp[2][1]
+    else
+      block_variable = :temp
+    end
+
+    if sexp? exp[3] and exp[3].node_type == :block
+      block_inner = exp[3][1..-1]
+    else
+      block_inner = [exp[3]]
+    end
+
+    #Build Sexp for filter method
+    body = Sexp.new(:scope, 
+            Sexp.new(:block,
+              Sexp.new(:lasgn, block_variable, 
+                Sexp.new(:call, Sexp.new(:const, @controller[:name]), :new, Sexp.new(:arglist)))).concat(block_inner))
+
+    filter_method = Sexp.new(:defn, filter_name, Sexp.new(:args), body).line(exp.line)
+
+    vis = @visibility
+    @visibility = :private
+    process_defn filter_method
+    @visibility = vis
+    process before_filter_call
+    exp
+  end
+end

data/lib/processors/erb_template_processor.rb

@@ -0,0 +1,84 @@
+require 'processors/template_processor'
+
+#Processes ERB templates
+#(those ending in .html.erb or .rthml).
+class ErbTemplateProcessor < TemplateProcessor
+  
+  #s(:call, TARGET, :method, s(:arglist))
+  def process_call exp
+    target = exp[1]
+    if sexp? target
+      target = process target
+    end
+    method = exp[2]
+    
+    #_erbout is the default output variable for erb
+    if target and target[1] == :_erbout
+      if method == :concat
+        @inside_concat = true
+        args = exp[3] = process(exp[3])
+        @inside_concat = false
+
+        if args.length > 2
+          raise Exception.new("Did not expect more than a single argument to _erbout.concat")
+        end
+
+        args = args[1]
+
+        if args.node_type == :call and args[2] == :to_s #erb always calls to_s on output
+          args = args[1]
+        end
+
+        if args.node_type == :str #ignore plain strings
+          ignore
+        else
+          s = Sexp.new :output, args
+          s.line(exp.line)
+          @current_template[:outputs] << s
+          s
+        end
+      elsif method == :force_encoding
+        ignore
+      else
+        abort "Unrecognized action on _erbout: #{method}"
+      end
+    elsif target == nil and method == :render
+      exp[3] = process(exp[3])
+      make_render exp
+    else
+      args = exp[3] = process(exp[3])
+      call = Sexp.new :call, target, method, args
+      call.line(exp.line)
+      call
+    end
+  end
+
+  #Process block, removing irrelevant expressions
+  def process_block exp
+    exp.shift
+    if @inside_concat
+      @inside_concat = false
+      exp[0..-2].each do |e|
+        process e
+      end
+      @inside_concat = true
+      process exp[-1]
+    else
+      exp.map! do |e|
+        res = process e
+        if res.empty? or res == ignore
+          nil
+        elsif sexp? res and res.node_type == :lvar and res[1] == :_erbout
+          nil
+
+        else
+          res
+        end
+      end
+      block = Sexp.new(:rlist).concat(exp).compact
+      block.line(exp.line)
+      block
+    end
+  end
+
+end

data/lib/processors/erubis_template_processor.rb

@@ -0,0 +1,62 @@
+require 'processors/template_processor'
+
+#Processes ERB templates using Erubis instead of erb.
+class ErubisTemplateProcessor < TemplateProcessor
+  
+  #s(:call, TARGET, :method, s(:arglist))
+  def process_call exp
+    target = exp[1]
+    if sexp? target
+      target = process target
+    end
+    method = exp[2]
+    
+    #_buf is the default output variable for Erubis
+    if target and target[1] == :_buf
+      if method == :<<
+        args = exp[3][1] = process(exp[3][1])
+
+        if args.node_type == :call and args[2] == :to_s #just calling to_s on inner code 
+          args = args[1]
+        end
+
+        if args.node_type == :str #ignore plain strings
+          ignore
+        else
+          s = Sexp.new :output, args
+          s.line(exp.line)
+          @current_template[:outputs] << s
+          s
+        end
+      elsif method == :to_s
+        ignore
+      else
+        abort "Unrecognized action on _buf: #{method}"
+      end
+    elsif target == nil and method == :render
+      exp[3] = process exp[3]
+      make_render exp
+    else
+      args = exp[3] = process(exp[3])
+      call = Sexp.new :call, target, method, args
+      call.line(exp.line)
+      call
+    end
+  end
+
+  #Process blocks, ignoring :ignore exps
+  def process_block exp
+    exp.shift
+    exp.map! do |e|
+      res = process e
+      if res.empty? or res == ignore
+        nil
+      else
+        res
+      end
+    end
+    block = Sexp.new(:rlist).concat(exp).compact
+    block.line(exp.line)
+    block
+  end
+end

data/lib/processors/haml_template_processor.rb

@@ -0,0 +1,131 @@
+require 'processors/template_processor'
+
+#Processes HAML templates.
+class HamlTemplateProcessor < TemplateProcessor
+  HAML_FORMAT_METHOD = /format_script_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)/
+  
+  def initialize *args
+    super
+
+    @tracker.libs.each do |name, lib|
+      if name.to_s =~ /^Haml::Filters/
+        begin
+          require lib[:file]
+        rescue Exception => e
+          if OPTIONS[:debug]
+            raise e
+          end
+        end
+      end
+    end
+  end
+
+  #Processes call, looking for template output
+  def process_call exp
+    target = exp[1]
+    if sexp? target
+      target = process target
+    end
+
+    method = exp[2]
+
+    if (sexp? target and target[2] == :_hamlout) or target == :_hamlout
+      res = case method
+            when :adjust_tabs, :rstrip!
+              ignore
+            when :options
+              Sexp.new :call, :_hamlout, :options, exp[3]
+            when :buffer
+              Sexp.new :call, :_hamlout, :buffer, exp[3]
+            when :open_tag
+              Sexp.new(:tag, process(exp[3]))
+            else
+              arg = exp[3][1]
+
+              if arg
+                @inside_concat = true
+                out = exp[3][1] = process(arg)
+                @inside_concat = false
+              else
+                raise Exception.new("Empty _hamlout.#{method}()?")
+              end
+
+              if string? out
+                ignore
+              else
+                case method.to_s
+                when "push_text"
+                  s = Sexp.new(:output, out)
+                  @current_template[:outputs] << s
+                  s
+                when HAML_FORMAT_METHOD
+                  if $4 == "true"
+                    Sexp.new :format_escaped, out
+                  else
+                    Sexp.new :format, out
+                  end
+                else
+                  raise Exception.new("Unrecognized action on _hamlout: #{method}")
+                end
+              end
+
+            end
+
+      res.line(exp.line)
+      res
+
+      #_hamlout.buffer <<
+      #This seems to be used rarely, but directly appends args to output buffer
+    elsif sexp? target and method == :<< and is_buffer_target? target
+      @inside_concat = true
+      out = exp[3][1] = process(exp[3][1])
+      @inside_concat = false
+
+      if out.node_type == :str #ignore plain strings
+        ignore
+      else
+        s = Sexp.new(:output, out)
+        @current_template[:outputs] << s
+        s.line(exp.line)
+        s
+      end
+    elsif target == nil and method == :render
+      #Process call to render()
+      exp[3] = process exp[3]
+      make_render exp
+    else
+      args = process exp[3]
+      call = Sexp.new :call, target, method, args
+      call.line(exp.line)
+      call
+    end
+  end
+
+  #If inside an output stream, only return the final expression
+  def process_block exp
+    exp.shift
+    if @inside_concat
+      @inside_concat = false
+      exp[0..-2].each do |e|
+        process e
+      end
+      @inside_concat = true
+      process exp[-1]
+    else
+      exp.map! do |e|
+        res = process e
+        if res.empty?
+          nil
+        else
+          res
+        end
+      end
+      Sexp.new(:rlist).concat(exp).compact
+    end
+  end
+
+  #Checks if the buffer is the target in a method call Sexp.
+  def is_buffer_target? exp
+    exp.node_type == :call and exp[1] == :_hamlout and exp[2] == :buffer
+  end
+end