brakeman-min 0.2.0

data/lib/processors/model_processor.rb

@@ -0,0 +1,125 @@
+require 'processors/base_processor'
+
+#Processes models. Puts results in tracker.models
+class ModelProcessor < BaseProcessor
+  def initialize tracker
+    super 
+    @model = nil
+    @current_method = nil
+    @visibility = :public
+    @file_name = nil
+  end
+
+  #Process model source
+  def process_model src, file_name = nil
+    @file_name = file_name
+    process src
+  end
+
+  #s(:class, NAME, PARENT, s(:scope ...))
+  def process_class exp
+    if @model
+      warn "[Notice] Skipping inner class: #{class_name exp[1]}" if OPTIONS[:debug]
+      ignore
+    else
+      @model = { :name => class_name(exp[1]),
+        :parent => class_name(exp[2]),
+        :includes => [],
+        :public => {},
+        :private => {},
+        :protected => {},
+        :options => {},
+        :file => @file_name }
+      @tracker.models[@model[:name]] = @model
+      res = process exp[3]
+      @model = nil
+      res
+    end
+  end
+
+  #Handle calls outside of methods,
+  #such as include, attr_accessible, private, etc.
+  def process_call exp
+    return exp unless @model
+    target = exp[1]
+    if sexp? target
+      target = process target
+    end
+
+    method = exp[2]
+    args = exp[3]
+
+    #Methods called inside class definition
+    #like attr_* and other settings
+    if @current_method.nil? and target.nil?
+      if args.length == 1 #actually, empty
+        case method
+        when :private, :protected, :public
+          @visibility = method
+        else
+          #??
+        end
+      else
+        case method
+        when :include
+          @model[:includes] << class_name(args[1]) if @model
+        when :attr_accessible
+          @model[:attr_accessible] ||= []
+          args = args[1..-1].map do |e|
+            e[1]
+          end
+
+          @model[:attr_accessible].concat args
+        else
+          if @model
+            @model[:options][method] ||= []
+            @model[:options][method] << process(args)
+          end
+        end
+      end
+      ignore
+    else
+      call = Sexp.new :call, target, method, process(args)
+      call.line(exp.line)
+      call
+    end
+  end
+
+  #Add method definition to tracker
+  def process_defn exp
+    return exp unless @model
+    name = exp[1]
+
+    @current_method = name
+    res = Sexp.new :methdef, name, process(exp[2]), process(exp[3][1])
+    res.line(exp.line)
+    @current_method = nil
+    if @model
+      list = @model[@visibility]
+      list[name] = res
+    end
+    res
+  end
+
+  #Add method definition to tracker
+  def process_defs exp
+    return exp unless @model
+    name = exp[2]
+
+    if exp[1].node_type == :self
+      target = @model[:name]
+    else
+      target = class_name exp[1]
+    end
+
+    @current_method = name
+    res = Sexp.new :selfdef, target, name, process(exp[3]), process(exp[4][1])
+    res.line(exp.line)
+    @current_method = nil
+    if @model
+      @model[@visibility][name] = res unless @model.nil?
+    end
+    res
+  end
+
+end

data/lib/processors/output_processor.rb

@@ -0,0 +1,233 @@
+require 'rubygems'
+require 'ruby2ruby'
+require 'util'
+
+#Produces formatted output strings from Sexps.
+#Recommended usage is
+#
+#  OutputProcessor.new.format(Sexp.new(:str, "hello"))
+class OutputProcessor < Ruby2Ruby
+  include Util
+
+  #Copies +exp+ and then formats it.
+  def format exp
+    process exp.deep_clone
+  end
+
+  alias process_safely format
+
+  def process exp
+    begin
+      super exp if sexp? exp and not exp.empty?
+    rescue Exception => e
+      warn "While formatting #{exp}: #{e}\n#{e.backtrace.join("\n")}" if OPTIONS[:debug]
+    end
+  end
+
+  def process_call exp
+    if exp[0].is_a? Symbol
+      target = exp[0]
+
+      method = exp[1]
+
+      args = process exp[2]
+
+      out = nil
+
+      if method == :[]
+        if target
+          out = "#{target}[#{args}]"
+        else
+          raise Exception.new("Not sure what to do with access and no target: #{exp}")
+        end
+      else
+        if target
+          out = "#{target}.#{method}(#{args})"
+        else
+          out = "#{method}(#{args})"
+        end
+      end
+      exp.clear
+      out
+    else
+      super exp
+    end
+  end
+
+  def process_lvar exp
+    out = "(local #{exp[0]})"
+    exp.clear
+    out
+  end
+
+  def process_ignore exp
+    exp.clear
+    "[ignored]"
+  end
+
+  def process_params exp
+    exp.clear
+    "params"
+  end
+
+  def process_session exp
+    exp.clear
+    "session"
+  end
+
+  def process_cookies exp
+    exp.clear
+    "cookies"
+  end
+
+  def process_string_interp exp
+    out = '"'
+    exp.each do |e|
+      if e.is_a? String
+        out << e
+      else
+        res = process e
+        out << res unless res == "" 
+      end
+    end
+    out << '"'
+    exp.clear
+    out
+  end
+
+  def process_string_eval exp
+    out = "\#{#{process(exp[0])}}"
+    exp.clear
+    out
+  end
+
+  def process_dxstr exp
+    out = "`"
+    out << exp.map! do |e|
+      if e.is_a? String
+        e
+      elsif string? e
+        e[1]
+      else
+        process e
+      end
+    end.join
+    exp.clear
+    out << "`"
+  end
+
+  def process_rlist exp
+    out = exp.map do |e|
+      res = process e
+      if res == ""
+        nil
+      else
+        res
+      end
+    end.compact.join("\n")
+    exp.clear
+    out
+  end
+
+  def process_call_with_block exp
+    call = process exp[0]
+    block = process exp[1] if exp[1]
+    out = "#{call} do\n #{block}\n end"
+    exp.clear
+    out
+  end
+
+  def process_output exp
+    out = if exp[0].node_type == :str
+            ""
+          else
+            res = process exp[0]
+
+            if res == ""
+              ""
+            else
+              "[Output] #{res}"
+            end
+          end
+    exp.clear
+    out
+  end
+
+  def process_format exp
+    out = if exp[0].node_type == :str or exp[0].node_type == :ignore
+            ""
+          else
+            res = process exp[0]
+
+            if res == ""
+              ""
+            else
+              "[Format] #{res}"
+            end
+          end
+    exp.clear
+    out
+  end
+
+  def process_format_escaped exp
+    out = if exp[0].node_type == :str or exp[0].node_type == :ignore
+            ""
+          else
+            res = process exp[0]
+
+            if res == ""
+              ""
+            else
+              "[Escaped] #{res}"
+            end
+          end
+    exp.clear
+    out
+  end
+
+  def process_const exp
+    if exp[0] == Tracker::UNKNOWN_MODEL
+      exp.clear
+      "(Unresolved Model)"
+    else
+      super exp
+    end
+  end
+
+  def process_render exp
+    exp[1] = process exp[1] if sexp? exp[1]
+    exp[2] = process exp[2] if sexp? exp[2]
+    out = "render(#{exp[0]} => #{exp[1]}, #{exp[2]})"
+    exp.clear
+    out
+  end
+
+  #This is copied from Ruby2Ruby, except the :string_eval type has been added
+  def util_dthing(type, exp)
+    s = []
+
+    # first item in sexp is a string literal
+    s << dthing_escape(type, exp.shift)
+
+    until exp.empty?
+      pt = exp.shift
+      case pt
+      when Sexp then
+        case pt.first
+        when :str then
+          s << dthing_escape(type, pt.last)
+        when :evstr, :string_eval then
+          s << '#{' << process(pt) << '}' # do not use interpolation here
+        else
+          raise "unknown type: #{pt.inspect}"
+        end
+      else
+        # HACK: raise "huh?: #{pt.inspect}" -- hitting # constants in regexps
+        # do nothing for now
+      end
+    end
+
+    s.join
+  end
+
+end

data/lib/processors/params_processor.rb

@@ -0,0 +1,77 @@
+require 'rubygems'
+require 'sexp_processor'
+require 'set'
+
+#Looks for request parameters. Not used currently.
+class ParamsProcessor < SexpProcessor
+  attr_reader :result
+
+  def initialize
+    super()
+    self.strict = false
+    self.auto_shift_type = false
+    self.require_empty = false
+    self.default_method = :process_default
+    self.warn_on_default = false
+    @result = []
+    @matched = false
+    @mark = false
+    @watch_nodes = Set.new([:call, :iasgn, :lasgn, :gasgn, :cvasgn, :return, :attrasgn])
+    @params = Sexp.new(:call, nil, :params, Sexp.new(:arglist))
+  end
+
+  def process_default exp
+    if @watch_nodes.include?(exp.node_type) and not @mark
+      @mark = true
+      @matched = false
+      process_these exp[1..-1]
+      if @matched
+        @result << exp
+        @matched = false
+      end
+      @mark = false
+    else
+      process_these exp[1..-1]
+    end
+
+    exp
+  end
+
+  def process_these exp
+    exp.each do |e|
+      if sexp? e and not e.empty?
+        process e
+      end
+    end
+  end
+
+  def process_call exp
+    if @mark
+      actually_process_call exp
+    else
+      @mark = true
+      actually_process_call exp
+      if @matched
+        @result << exp
+      end
+      @mark = @matched = false
+    end
+      
+    exp
+  end 
+
+  def actually_process_call exp
+    process exp[1]
+    process exp[3]
+    if exp[1] == @params or exp == @params
+      @matched = true
+    end
+  end
+
+  #Don't really care about condition
+  def process_if exp
+    process_these exp[2..-1]
+    exp
+  end
+
+end

data/lib/processors/route_processor.rb

@@ -0,0 +1,338 @@
+require 'processors/base_processor'
+require 'processors/alias_processor'
+require 'util'
+require 'set'
+
+#Processes the Sexp from routes.rb. Stores results in tracker.routes.
+#
+#Note that it is only interested in determining what methods on which
+#controllers are used as routes, not the generated URLs for routes.
+class RoutesProcessor < BaseProcessor
+  attr_reader :map, :nested, :current_controller
+
+  def initialize tracker
+    super
+    @map = Sexp.new(:lvar, :map)
+    @nested = nil  #used for identifying nested targets
+    @prefix = [] #Controller name prefix (a module name, usually)
+    @current_controller = nil
+    @with_options = nil #For use inside map.with_options
+  end
+
+  #Call this with parsed route file information.
+  #
+  #This method first calls RouteAliasProcessor#process_safely on the +exp+,
+  #so it does not modify the +exp+.
+  def process_routes exp
+    process RouteAliasProcessor.new.process_safely(exp)
+  end
+
+  #Looking for mapping of routes
+  def process_call exp
+    target = exp[1]
+
+    if target == map or target == nested
+      process_map exp
+
+    else
+      process_default exp
+    end
+
+    exp
+  end
+
+  #Process a map.something call
+  #based on the method used
+  def process_map exp
+    args = exp[3][1..-1]
+
+    case exp[2]
+    when :resource
+      process_resource args
+    when :resources
+      process_resources args
+    when :connect, :root
+      process_connect args
+    else
+      process_named_route args
+    end
+
+    exp
+  end
+
+  #Look for map calls that take a block.
+  #Otherwise, just do the default processing.
+  def process_iter exp
+    if exp[1][1] == map or exp[1][1] == nested
+      method = exp[1][2]
+      case method
+      when :namespace
+        process_namespace exp
+      when :resources, :resource
+        process_resources exp[1][3][1..-1]
+        process_default exp[3]
+      when :with_options
+        process_with_options exp
+      end
+      exp
+    else
+      super
+    end
+  end
+
+  #Process
+  # map.resources :x, :controller => :y, :member => ...
+  #etc.
+  def process_resources exp
+    controller = check_for_controller_name exp
+    if controller
+      self.current_controller = controller
+      process_resource_options exp[-1]
+    else
+      exp.each do |argument|
+        if sexp? argument and argument.node_type == :lit
+          self.current_controller = exp[0][1]
+          add_resources_routes
+          process_resource_options exp[-1]
+        end
+      end
+    end
+  end
+
+  #Add default routes
+  def add_resources_routes
+    @tracker.routes[@current_controller].merge [:index, :new, :create, :show, :edit, :update, :destroy]
+  end
+
+  #Process all the options that might be in the hash passed to
+  #map.resource, et al.
+  def process_resource_options exp
+    if exp.nil? and @with_options
+      exp = @with_options
+    elsif @with_options
+      exp = exp.concat @with_options[1..-1]
+    end
+    return unless exp.node_type == :hash
+
+    hash_iterate(exp) do |option, value|
+      case option[1]
+      when :controller, :requirements, :singular, :path_prefix, :as,
+        :path_names, :shallow, :name_prefix
+        #should be able to skip
+      when :collection, :member, :new
+        process_collection value
+      when :has_one
+        save_controller = current_controller
+        process_resource value[1..-1]
+        self.current_controller = save_controller
+      when :has_many
+        save_controller = current_controller
+        process_resources value[1..-1]
+        self.current_controller = save_controller
+      when :only
+        process_option_only value
+      when :except
+        process_option_except value
+      else
+        raise "Unhandled resource option: #{option}"
+      end
+    end
+  end
+
+  #Process route option :only => ...
+  def process_option_only exp
+    routes = @tracker.routes[@current_controller]
+    [:index, :new, :create, :show, :edit, :update, :destroy].each do |r|
+      routes.delete r
+    end
+
+    if exp.node_type == :array
+      exp[1..-1].each do |e|
+        routes << e[1]
+      end
+    end
+  end
+
+  #Process route option :except => ...
+  def process_option_except exp
+    return unless exp.node_type == :array
+    routes = @tracker.routes[@current_controller]
+
+    exp[1..-1].each do |e|
+      routes.delete e[1]
+    end
+  end
+
+  #  map.resource :x, ..
+  def process_resource exp
+    controller = check_for_controller_name exp
+    if controller
+      self.current_controller = controller
+      process_resource_options exp[-1]
+    else
+      exp.each do |argument|
+        if argument.node_type == :lit
+          self.current_controller = pluralize(exp[0][1].to_s)
+          add_resource_routes
+          process_resource_options exp[-1]
+        end
+      end
+    end
+  end
+
+  #Add default routes minus :index
+  def add_resource_routes
+    @tracker.routes[@current_controller].merge [:new, :create, :show, :edit, :update, :destroy]
+  end
+
+  #Process
+  # map.connect '/something', :controller => 'blah', :action => 'whatever'
+  def process_connect exp
+    controller = check_for_controller_name exp
+    self.current_controller = controller if controller
+    
+    #Check for default route
+    if string? exp[0]
+      if exp[0][1] == ":controller/:action/:id"
+        @tracker.routes[:allow_all_actions] = exp[0]
+      elsif exp[0][1].include? ":action"
+        @tracker.routes[@current_controller] = :allow_all_actions
+        return
+      end
+    end
+
+    #This -seems- redundant, but people might connect actions
+    #to a controller which already allows them all
+    return if @tracker.routes[@current_controller] == :allow_all_actions
+
+    exp[-1].each_with_index do |e,i|
+      if symbol? e and e[1] == :action
+        @tracker.routes[@current_controller] << exp[-1][i + 1][1].to_sym
+        return
+      end
+    end
+  end
+
+  # map.with_options :controller => 'something' do |something|
+  #   something.resources :blah
+  # end
+  def process_with_options exp
+    @with_options = exp[1][3][-1]
+    @nested = Sexp.new(:lvar, exp[2][1])
+
+    self.current_controller = check_for_controller_name exp[1][3]
+    
+    #process block
+    process exp[3] 
+
+    @with_options = nil
+    @nested = nil
+  end
+
+  # map.namespace :something do |something|
+  #   something.resources :blah
+  # end
+  def process_namespace exp
+    call = exp[1]
+    formal_args = exp[2]
+    block = exp[3]
+
+    @prefix << camelize(call[3][1][1])
+
+    @nested = Sexp.new(:lvar, formal_args[1])
+
+    process block
+
+    @prefix.pop
+  end
+
+  # map.something_abnormal '/blah', :controller => 'something', :action => 'wohoo'
+  def process_named_route exp
+    process_connect exp
+  end
+
+  #Process collection option
+  # :collection => { :some_action => :http_actions }
+  def process_collection exp
+    return unless exp.node_type == :hash
+    routes = @tracker.routes[@current_controller]
+
+    hash_iterate(exp) do |action, type|
+      routes << action[1]
+    end
+  end
+
+  #Manage Controller prefixes
+  #@prefix is an Array, but this method returns a string
+  #suitable for prefixing onto a controller name.
+  def prefix
+    if @prefix.length > 0
+      @prefix.join("::") << "::"
+    else
+      ''
+    end
+  end
+
+  #Sets the controller name to a proper class name.
+  #For example
+  # self.current_controller = :session
+  # @controller == :SessionController #true
+  #
+  #Also prepends the prefix if there is one set.
+  def current_controller= name
+    @current_controller = (prefix + camelize(name) + "Controller").to_sym
+    @tracker.routes[@current_controller] ||= Set.new
+  end
+
+  private
+
+  #Checks an argument list for a hash that has a key :controller.
+  #If it does, returns the value.
+  #
+  #Otherwise, returns nil.
+  def check_for_controller_name args
+    args.each do |a|
+      if hash? a
+        hash_iterate(a) do |k, v|
+          if k[1] == :controller
+            return v[1]
+          end 
+        end
+      end
+    end
+
+    nil
+  end
+end
+
+#This is for a really specific case where a hash is used as arguments
+#to one of the map methods.
+class RouteAliasProcessor < AliasProcessor
+  
+  #This replaces
+  # { :some => :hash }.keys
+  #with 
+  # [:some]
+  def process_call exp
+    process_default exp
+    
+    if hash? exp[1] and exp[2] == :keys
+        keys = get_keys exp[1] 
+      exp.clear
+      keys.each_with_index do |e,i|
+        exp[i] = e
+      end
+    end
+    exp
+  end
+
+  #Returns an array Sexp containing the keys from the hash
+  def get_keys hash
+    keys = Sexp.new(:array)
+    hash_iterate(hash) do |key, value|
+      keys << key
+    end
+
+    keys
+  end
+end