brakeman 0.0.2

data/lib/processors/config_processor.rb

@@ -0,0 +1,146 @@
+require 'processors/base_processor'
+require 'processors/alias_processor'
+  
+#Replace block variable in
+#
+#  Rails::Initializer.run |config|
+#
+#with this value so we can keep track of it.
+RAILS_CONFIG = Sexp.new(:const, :"!BRAKEMAN_RAILS_CONFIG")
+
+#Processes configuration. Results are put in tracker.config.
+#
+#Configuration of Rails via Rails::Initializer are stored in tracker.config[:rails].
+#For example:
+#
+#  Rails::Initializer.run |config|
+#    config.action_controller.session_store = :cookie_store
+#  end
+#
+#will be stored in
+#
+#  tracker.config[:rails][:action_controller][:session_store]
+#
+#Values for tracker.config[:rails] will still be Sexps.
+class ConfigProcessor < BaseProcessor
+  def initialize *args
+    super
+    @tracker.config[:rails] ||= {}
+  end
+
+  #Use this method to process configuration file
+  def process_config src
+    res = ConfigAliasProcessor.new.process_safely(src)
+    process res
+  end
+
+  #Check if config is set to use Erubis
+  def process_call exp
+    target = exp[1]
+    target = process target if sexp? target
+
+    if exp[2] == :gem and exp[3][1][1] == "erubis"
+      warn "[Notice] Using Erubis for ERB templates"
+      @tracker.config[:erubis] = true
+    end
+
+    exp
+  end
+
+  #Look for configuration settings
+  def process_attrasgn exp
+    if exp[1] == RAILS_CONFIG
+      #Get rid of '=' at end
+      attribute = exp[2].to_s[0..-2].to_sym
+      if exp[3].length > 2
+        #Multiple arguments?...not sure if this will ever happen
+        @tracker.config[:rails][exp[2]] = exp[3][1..-1]
+      else
+        @tracker.config[:rails][exp[2]] = exp[3][1]
+      end
+    elsif include_rails_config? exp
+      options = get_rails_config exp
+      level = @tracker.config[:rails]
+      options[0..-2].each do |o|
+        level[o] ||= {}
+        level = level[o]
+      end
+
+      level[options.last] = exp[3][1]
+    end
+
+    exp
+  end
+
+  #Check for Rails version
+  def process_cdecl exp
+    #Set Rails version required
+    if exp[1] == :RAILS_GEM_VERSION
+      @tracker.config[:rails_version] = exp[2][1]
+    end
+
+    exp
+  end
+
+  #Check if an expression includes a call to set Rails config
+  def include_rails_config? exp
+    target = exp[1]
+    if call? target
+      if target[1] == RAILS_CONFIG
+        true
+      else
+        include_rails_config? target
+      end
+    elsif target == RAILS_CONFIG
+      true
+    else
+      false
+    end
+  end
+
+  #Returns an array of symbols for each 'level' in the config
+  #
+  #  config.action_controller.session_store = :cookie
+  #
+  #becomes
+  #
+  #  [:action_controller, :session_store]
+  def get_rails_config exp
+    if sexp? exp and exp.node_type == :attrasgn
+      attribute = exp[2].to_s[0..-2].to_sym
+      get_rails_config(exp[1]) << attribute
+    elsif call? exp
+      if exp[1] == RAILS_CONFIG
+        [exp[2]]
+      else
+        get_rails_config(exp[1]) << exp[2]
+      end
+    else
+      raise "WHAT"
+    end
+  end
+end
+
+#This is necessary to replace block variable so we can track config settings
+class ConfigAliasProcessor < AliasProcessor
+
+  RAILS_INIT = Sexp.new(:colon2, Sexp.new(:const, :Rails), :Initializer)
+
+  #Look for a call to 
+  #
+  #  Rails::Initializer.run do |config|
+  #    ...
+  #  end
+  #
+  #and replace config with RAILS_CONFIG
+  def process_iter exp
+    target = exp[1][1]
+    method = exp[1][2]
+
+    if sexp? target and target == RAILS_INIT and method == :run
+      exp[2][2] = RAILS_CONFIG
+    end
+
+    process_default exp
+  end
+end

data/lib/processors/controller_alias_processor.rb

@@ -0,0 +1,222 @@
+require 'processors/alias_processor'
+require 'processors/lib/render_helper'
+
+#Processes aliasing in controllers, but includes following
+#renders in routes and putting variables into templates
+class ControllerAliasProcessor < AliasProcessor
+  include RenderHelper
+
+  def initialize tracker
+    super()
+    @tracker = tracker
+    @rendered = false
+    @current_class = @current_module = @current_method = nil
+  end
+
+  #Processes a class which is probably a controller.
+  def process_class exp
+    @current_class = class_name(exp[1])
+    if @current_module
+      @current_class = (@current_module + "::" + @current_class.to_s).to_sym
+    end
+
+    process_default exp
+  end
+
+  #Processes a method definition, which may include
+  #processing any rendered templates.
+  def process_methdef exp
+    set_env_defaults
+    is_route = route? exp[1]
+    other_method = @current_method
+    @current_method = exp[1]
+    @rendered = false if is_route
+
+    env.scope do
+
+      if is_route
+        before_filter_list(@current_method, @current_class).each do |f|
+          process_before_filter f
+        end
+      end
+
+      process exp[3]
+
+      if is_route and not @rendered
+        process_default_render exp
+      end
+    end
+
+    @current_method = other_method
+    exp
+  end
+
+  #Look for calls to head()
+  def process_call exp
+    exp = super
+
+    if exp[2] == :head
+      @rendered = true
+    end
+    exp
+  end
+
+  #Check for +respond_to+
+  def process_call_with_block exp
+    process_default exp
+
+    if exp[1][2] == :respond_to
+      @rendered = true
+    end
+
+    exp
+  end
+
+  #Processes a call to a before filter.
+  #Basically, adds any instance variable assignments to the environment.
+  #TODO: method arguments?
+  def process_before_filter name 
+    method = find_method name, @current_class    
+
+    if method.nil?
+      warn "[Notice] Could not find filter #{name}" if OPTIONS[:debug]
+      return
+    end
+
+    processor = AliasProcessor.new
+    processor.process_safely(method[3])
+
+    processor.only_ivars.all.each do |variable, value|
+      env[variable] = value
+    end
+  end
+
+  #Processes the default template for the current action
+  def process_default_render exp
+    process_template template_name, nil
+  end
+
+  #Process template and add the current class and method name as called_from info
+  def process_template name, args
+    super name, args, "#@current_class##@current_method"
+  end
+
+  #Turns a method name into a template name
+  def template_name name = nil
+    name ||= @current_method
+    name = name.to_s
+    if name.include? "/"
+      name
+    else
+      controller = @current_class.to_s.gsub("Controller", "")
+      controller.gsub!("::", "/")
+      underscore(controller + "/" + name.to_s)
+    end
+  end
+
+  #Returns true if the given method name is also a route
+  def route? method
+    return true if @tracker.routes[:allow_all_actions]
+    routes = @tracker.routes[@current_class]
+    routes and (routes == :allow_all_actions or routes.include? method)
+  end
+
+  #Get list of filters, including those that are inherited
+  def before_filter_list method, klass
+    controller = @tracker.controllers[klass]
+    filters = []
+
+    while controller
+      filters = get_before_filters(method, controller) + filters
+
+      controller = @tracker.controllers[controller[:parent]]
+    end
+
+    filters
+  end
+
+  #Returns an array of filter names
+  def get_before_filters method, controller
+    filters = []
+    return filters unless controller[:options]
+    filter_list = controller[:options][:before_filters]
+    return filters unless filter_list
+
+    filter_list.each do |filter|
+      f = before_filter_to_hash filter
+      if f[:all] or 
+        (f[:only] == method) or
+        (f[:only].is_a? Array and f[:only].include? method) or 
+        (f[:except] == method) or
+        (f[:except].is_a? Array and not f[:except].include? method)
+
+        filters.concat f[:methods]
+      end
+    end
+
+    filters
+  end
+
+  #Returns a before filter as a hash table
+  def before_filter_to_hash args
+    filter = {}
+
+    #Process args for the uncommon but possible situation
+    #in which some variables are used in the filter.
+    args.each do |a|
+      if sexp? a
+        a = process_default a
+      end
+    end
+
+    filter[:methods] = [args[0][1]]
+
+    args[1..-1].each do |a|
+      filter[:methods] << a[1] unless a.node_type == :hash
+    end
+
+    if args[-1].node_type == :hash
+      option = args[-1][1][1]
+      value = args[-1][2]
+      case value.node_type
+      when :array
+        filter[option] = value[1..-1].map {|v| v[1] }
+      when :lit, :str
+        filter[option] = value[1]
+      else
+        warn "[Notice] Unknown before_filter value: #{option} => #{value}" if OPTIONS[:debug]
+      end
+    else
+      filter[:all] = true
+    end
+
+    filter
+  end
+
+  #Finds a method in the given class or a parent class
+  def find_method method_name, klass
+    return nil if sexp? method_name
+    method_name = method_name.to_sym
+    controller = @tracker.controllers[klass]
+    controller ||= @tracker.libs[klass]
+
+    if klass and controller
+      method = controller[:public][method_name]
+      method ||= controller[:private][method_name]
+      method ||= controller[:protected][method_name]
+
+      if method.nil?
+        controller[:includes].each do |included|
+          method = find_method method_name, included
+          return method if method
+        end
+
+        find_method method_name, controller[:parent]
+      else
+        method
+      end
+    else
+      nil
+    end
+  end
+end

data/lib/processors/controller_processor.rb

@@ -0,0 +1,175 @@
+require 'ruby_parser'
+require 'processors/base_processor'
+
+#Processes controller. Results are put in tracker.controllers
+class ControllerProcessor < BaseProcessor
+  FORMAT_HTML = Sexp.new(:call, Sexp.new(:lvar, :format), :html, Sexp.new(:arglist))
+
+  def initialize tracker
+    super 
+    @controller = nil
+    @current_method = nil
+    @current_module = nil
+    @visibility = :public
+    @file_name = nil
+  end
+
+  #Use this method to process a Controller
+  def process_controller src, file_name = nil
+    @file_name = file_name
+    process src
+  end
+
+  #s(:class, NAME, PARENT, s(:scope ...))
+  def process_class exp
+    if @controller
+      warn "[Notice] Skipping inner class: #{class_name exp[1]}" if OPTIONS[:debug]
+      return ignore
+    end
+
+    name = class_name(exp[1])
+    if @current_module
+      name = (@current_module + "::" + name.to_s).to_sym
+    end
+    @controller = { :name => name,
+                    :parent => class_name(exp[2]),
+                    :includes => [],
+                    :public => {},
+                    :private => {},
+                    :protected => {},
+                    :options => {},
+                    :src => exp,
+                    :file => @file_name }
+    @tracker.controllers[@controller[:name]] = @controller
+    exp[3] = process exp[3]
+    @controller = nil
+    exp
+  end
+
+  #Look for specific calls inside the controller
+  def process_call exp
+    target = exp[1]
+    if sexp? target
+      target = process target
+    end
+
+    method = exp[2]
+    args = exp[3]
+
+    #Methods called inside class definition
+    #like attr_* and other settings
+    if @current_method.nil? and target.nil?
+      if args.length == 1 #actually, empty
+        case method
+        when :private, :protected, :public
+          @visibility = method
+        when :protect_from_forgery
+          @controller[:options][:protect_from_forgery] = true
+        else
+          #??
+        end
+      else
+        case method
+        when :include
+          @controller[:includes] << class_name(args[1]) if @controller
+        when :before_filter
+          @controller[:options][:before_filters] ||= []
+          @controller[:options][:before_filters] << args[1..-1]
+        end
+      end
+      ignore
+    elsif target == nil and method == :render
+      make_render exp
+    elsif exp == FORMAT_HTML and context[1] != :iter 
+      #This is an empty call to
+      # format.html
+      #Which renders the default template if no arguments
+      #Need to make more generic, though.
+      call = Sexp.new :render, :default, @current_method
+      call.line(exp.line)
+      call
+    else
+      call = Sexp.new :call, target, method, process(args)
+      call.line(exp.line)
+      call
+    end
+  end
+
+  #Process method definition and store in Tracker
+  def process_defn exp
+    name = exp[1]
+    @current_method = name
+    res = Sexp.new :methdef, name, process(exp[2]), process(exp[3][1])
+    res.line(exp.line)
+    @current_method = nil
+    @controller[@visibility][name] = res unless @controller.nil?
+
+    res
+  end
+
+  #Process self.method definition and store in Tracker
+  def process_defs exp
+    name = exp[2]
+
+    if exp[1].node_type == :self
+      target = @controller[:name]
+    else
+      target = class_name exp[1]
+    end
+
+    @current_method = name
+    res = Sexp.new :selfdef, target, name, process(exp[3]), process(exp[4][1])
+    res.line(exp.line)
+    @current_method = nil
+    @controller[@visibility][name] = res unless @controller.nil?
+
+    res
+  end
+
+  #Look for before_filters and add fake ones if necessary
+  def process_iter exp
+    if exp[1][2] == :before_filter
+      add_fake_filter exp
+    else
+      super
+    end
+  end
+
+  #This is to handle before_filter do |controller| ... end
+  #
+  #We build a new method and process that the same way as usual
+  #methods and filters.
+  def add_fake_filter exp
+    filter_name = ("fake_filter" + rand.to_s[/\d+$/]).to_sym
+    args = exp[1][3]
+    args.insert(1, Sexp.new(:lit, filter_name))
+    before_filter_call = Sexp.new(:call, nil, :before_filter, args)
+
+    if exp[2]
+      block_variable = exp[2][1]
+    else
+      block_variable = :temp
+    end
+
+    if sexp? exp[3] and exp[3].node_type == :block
+      block_inner = exp[3][1..-1]
+    else
+      block_inner = [exp[3]]
+    end
+
+    #Build Sexp for filter method
+    body = Sexp.new(:scope, 
+            Sexp.new(:block,
+              Sexp.new(:lasgn, block_variable, 
+                Sexp.new(:call, Sexp.new(:const, @controller[:name]), :new, Sexp.new(:arglist)))).concat(block_inner))
+
+    filter_method = Sexp.new(:defn, filter_name, Sexp.new(:args), body).line(exp.line)
+
+    vis = @visibility
+    @visibility = :private
+    process_defn filter_method
+    @visibility = vis
+    process before_filter_call
+    exp
+  end
+end