brakeman 0.0.2

data/lib/processors/erb_template_processor.rb

@@ -0,0 +1,84 @@
+require 'processors/template_processor'
+
+#Processes ERB templates
+#(those ending in .html.erb or .rthml).
+class ErbTemplateProcessor < TemplateProcessor
+  
+  #s(:call, TARGET, :method, s(:arglist))
+  def process_call exp
+    target = exp[1]
+    if sexp? target
+      target = process target
+    end
+    method = exp[2]
+    
+    #_erbout is the default output variable for erb
+    if target and target[1] == :_erbout
+      if method == :concat
+        @inside_concat = true
+        args = exp[3] = process(exp[3])
+        @inside_concat = false
+
+        if args.length > 2
+          raise Exception.new("Did not expect more than a single argument to _erbout.concat")
+        end
+
+        args = args[1]
+
+        if args.node_type == :call and args[2] == :to_s #erb always calls to_s on output
+          args = args[1]
+        end
+
+        if args.node_type == :str #ignore plain strings
+          ignore
+        else
+          s = Sexp.new :output, args
+          s.line(exp.line)
+          @current_template[:outputs] << s
+          s
+        end
+      elsif method == :force_encoding
+        ignore
+      else
+        abort "Unrecognized action on _erbout: #{method}"
+      end
+    elsif target == nil and method == :render
+      exp[3] = process(exp[3])
+      make_render exp
+    else
+      args = exp[3] = process(exp[3])
+      call = Sexp.new :call, target, method, args
+      call.line(exp.line)
+      call
+    end
+  end
+
+  #Process block, removing irrelevant expressions
+  def process_block exp
+    exp.shift
+    if @inside_concat
+      @inside_concat = false
+      exp[0..-2].each do |e|
+        process e
+      end
+      @inside_concat = true
+      process exp[-1]
+    else
+      exp.map! do |e|
+        res = process e
+        if res.empty? or res == ignore
+          nil
+        elsif sexp? res and res.node_type == :lvar and res[1] == :_erbout
+          nil
+
+        else
+          res
+        end
+      end
+      block = Sexp.new(:rlist).concat(exp).compact
+      block.line(exp.line)
+      block
+    end
+  end
+
+end

data/lib/processors/erubis_template_processor.rb

@@ -0,0 +1,62 @@
+require 'processors/template_processor'
+
+#Processes ERB templates using Erubis instead of erb.
+class ErubisTemplateProcessor < TemplateProcessor
+  
+  #s(:call, TARGET, :method, s(:arglist))
+  def process_call exp
+    target = exp[1]
+    if sexp? target
+      target = process target
+    end
+    method = exp[2]
+    
+    #_buf is the default output variable for Erubis
+    if target and target[1] == :_buf
+      if method == :<<
+        args = exp[3][1] = process(exp[3][1])
+
+        if args.node_type == :call and args[2] == :to_s #just calling to_s on inner code 
+          args = args[1]
+        end
+
+        if args.node_type == :str #ignore plain strings
+          ignore
+        else
+          s = Sexp.new :output, args
+          s.line(exp.line)
+          @current_template[:outputs] << s
+          s
+        end
+      elsif method == :to_s
+        ignore
+      else
+        abort "Unrecognized action on _buf: #{method}"
+      end
+    elsif target == nil and method == :render
+      exp[3] = process exp[3]
+      make_render exp
+    else
+      args = exp[3] = process(exp[3])
+      call = Sexp.new :call, target, method, args
+      call.line(exp.line)
+      call
+    end
+  end
+
+  #Process blocks, ignoring :ignore exps
+  def process_block exp
+    exp.shift
+    exp.map! do |e|
+      res = process e
+      if res.empty? or res == ignore
+        nil
+      else
+        res
+      end
+    end
+    block = Sexp.new(:rlist).concat(exp).compact
+    block.line(exp.line)
+    block
+  end
+end

data/lib/processors/haml_template_processor.rb

@@ -0,0 +1,115 @@
+require 'processors/template_processor'
+
+#Processes HAML templates.
+class HamlTemplateProcessor < TemplateProcessor
+  HAML_FORMAT_METHOD = /format_script_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)_(true|false)/
+
+  #Processes call, looking for template output
+  def process_call exp
+    target = exp[1]
+    if sexp? target
+      target = process target
+    end
+
+    method = exp[2]
+
+    if (sexp? target and target[2] == :_hamlout) or target == :_hamlout
+      res = case method
+            when :adjust_tabs, :rstrip!
+              ignore
+            when :options
+              Sexp.new :call, :_hamlout, :options, exp[3]
+            when :buffer
+              Sexp.new :call, :_hamlout, :buffer, exp[3]
+            when :open_tag
+              Sexp.new(:tag, process(exp[3]))
+            else
+              arg = exp[3][1]
+
+              if arg
+                @inside_concat = true
+                out = exp[3][1] = process(arg)
+                @inside_concat = false
+              else
+                raise Exception.new("Empty _hamlout.#{method}()?")
+              end
+
+              if string? out
+                ignore
+              else
+                case method.to_s
+                when "push_text"
+                  s = Sexp.new(:output, out)
+                  @current_template[:outputs] << s
+                  s
+                when HAML_FORMAT_METHOD
+                  if $4 == "true"
+                    Sexp.new :format_escaped, out
+                  else
+                    Sexp.new :format, out
+                  end
+                else
+                  raise Exception.new("Unrecognized action on _hamlout: #{method}")
+                end
+              end
+
+            end
+
+      res.line(exp.line)
+      res
+
+      #_hamlout.buffer <<
+      #This seems to be used rarely, but directly appends args to output buffer
+    elsif sexp? target and method == :<< and is_buffer_target? target
+      @inside_concat = true
+      out = exp[3][1] = process(exp[3][1])
+      @inside_concat = false
+
+      if out.node_type == :str #ignore plain strings
+        ignore
+      else
+        s = Sexp.new(:output, out)
+        @current_template[:outputs] << s
+        s.line(exp.line)
+        s
+      end
+    elsif target == nil and method == :render
+      #Process call to render()
+      exp[3] = process exp[3]
+      make_render exp
+    else
+      args = process exp[3]
+      call = Sexp.new :call, target, method, args
+      call.line(exp.line)
+      call
+    end
+  end
+
+  #If inside an output stream, only return the final expression
+  def process_block exp
+    exp.shift
+    if @inside_concat
+      @inside_concat = false
+      exp[0..-2].each do |e|
+        process e
+      end
+      @inside_concat = true
+      process exp[-1]
+    else
+      exp.map! do |e|
+        res = process e
+        if res.empty?
+          nil
+        else
+          res
+        end
+      end
+      Sexp.new(:rlist).concat(exp).compact
+    end
+  end
+
+  #Checks if the buffer is the target in a method call Sexp.
+  def is_buffer_target? exp
+    exp.node_type == :call and exp[1] == :_hamlout and exp[2] == :buffer
+  end
+end

data/lib/processors/lib/find_call.rb

@@ -0,0 +1,176 @@
+require 'processors/base_processor'
+
+#Finds method calls matching the given target(s).
+#
+#Targets/methods can be:
+#
+# - nil: matches anything, including nothing
+# - Empty array: matches nothing
+# - Symbol: matches single target/method exactly
+# - Array of symbols: matches against any of the symbols
+# - Regular expression: matches the expression
+# - Array of regular expressions: matches any of the expressions
+#
+#If a target is also the name of a class, methods called on instances
+#of that class will also be matched, in a very limited way.
+#(Any methods called on Klass.new, basically. More useful when used
+#in conjunction with AliasProcessor.)
+#
+#Examples:
+#
+# #To find any uses of this class:
+# FindCall.new :FindCall, nil
+#
+# #Find system calls without a target
+# FindCall.new [], [:system, :exec, :syscall]
+#
+# #Find all calls to length(), no matter the target
+# FindCall.new nil, :length
+#
+# #Find all calls to sub, sub!, gsub, or gsub!
+# FindCall.new nil, /^g?sub!?$/
+class FindCall < BaseProcessor
+
+  def initialize targets, methods
+    super(nil)
+    @calls = []
+    @find_targets = targets
+    @find_methods = methods
+    @current_class = nil
+    @current_method = nil
+  end
+
+  #Returns a list of results.
+  #
+  #A result looks like:
+  #
+  # s(:result, :ClassName, :method_name, s(:call, ...))
+  #
+  #or
+  #
+  # s(:result, :template_name, s(:call, ...))
+  def matches
+    @calls
+  end
+
+  #Process the given source. Provide either class and method being searched
+  #or the template. These names are used when reporting results.
+  #
+  #Use FindCall#matches to retrieve results.
+  def process_source exp, klass = nil, method = nil, template = nil
+    @current_class = klass
+    @current_method = method
+    @current_template = template
+    process exp
+  end
+
+  #Process body of method
+  def process_methdef exp
+    process exp[3]
+  end
+
+  #Process body of method
+  def process_selfdef exp
+    process exp[4]
+  end
+
+  #Process body of block
+  def process_rlist exp
+    exp[1..-1].each do |e|
+      process e
+    end
+
+    exp
+  end
+
+  #Look for matching calls and add them to results
+  def process_call exp
+    target = get_target exp[1] 
+    method = exp[2]
+
+    process exp[3]
+
+    if match(@find_targets, target) and match(@find_methods, method)
+
+      if @current_template
+        @calls << Sexp.new(:result, @current_template, exp).line(exp.line)
+      else
+        @calls << Sexp.new(:result, @current_class, @current_method, exp).line(exp.line)
+      end
+    end
+
+    exp
+  end
+
+  #Process an assignment like a call
+  def process_attrasgn exp
+    process_call exp
+  end
+
+  private
+
+  #Gets the target of a call as a Symbol
+  #if possible
+  def get_target exp
+    if sexp? exp
+      case exp.node_type
+      when :ivar, :lvar, :const
+        exp[1]
+      when :true, :false
+        exp[0]
+      when :lit
+        exp[1]
+      when :colon2
+        class_name exp
+      else
+        exp
+      end
+    else
+      exp
+    end
+  end
+
+  #Checks if the search terms match the given item
+  def match search_terms, item
+    case search_terms
+    when Symbol
+      if search_terms == item
+        true
+      elsif sexp? item
+        is_instance_of? item, search_terms
+      else
+        false
+      end
+    when Enumerable
+      if search_terms.empty?
+        item == nil
+      else
+        search_terms.each do|term|
+          if match(term, item)
+            return true
+          end
+        end
+        false
+      end
+    when Regexp
+      search_terms.match item.to_s
+    when nil
+      true
+    else
+      raise "Cannot match #{search_terms} and #{item}"
+    end
+  end
+
+  #Checks if +item+ is an instance of +klass+ by looking for Klass.new
+  def is_instance_of? item, klass
+    if call? item
+      if sexp? item[1]
+        item[2] == :new and item[1].node_type == :const and item[1][1] == klass
+      else
+        item[2] == :new and item[1] == klass
+      end
+    else
+      false
+    end
+  end
+end

data/lib/processors/lib/find_model_call.rb

@@ -0,0 +1,39 @@
+require 'processors/lib/find_call'
+
+#This processor specifically looks for calls like
+# User.active.human.find(:all, :conditions => ...)
+class FindModelCall < FindCall
+
+  #Passes +targets+ to FindCall
+  def initialize targets
+    super(targets, /^(find.*|first|last|all)$/)
+  end 
+
+  #Matches entire method chain as a target. This differs from
+  #FindCall#get_target, which only matches the first expression in the chain.
+  def get_target exp
+    if sexp? exp
+      case exp.node_type
+      when :ivar, :lvar, :const
+        exp[1]
+      when :true, :false
+        exp[0]
+      when :lit
+        exp[1]
+      when :colon2
+        class_name exp
+      when :call
+        t = get_target(exp[1])
+        if t and match(@find_targets, t)
+          t
+        else
+          process exp
+        end
+      else
+        process exp
+      end
+    else
+      exp
+    end
+  end
+end