brakeman 1.8.3 → 1.9.0.pre1

data/lib/brakeman/processors/lib/find_call.rb

@@ -69,7 +69,7 @@ class Brakeman::FindCall < Brakeman::BaseProcessor
 
   #Process body of method
   def process_methdef exp
-    process exp.body
+    process_all exp.body
   end
 
   alias :process_selfdef :process_methdef
@@ -84,7 +84,7 @@ class Brakeman::FindCall < Brakeman::BaseProcessor
     target = get_target exp.target
     method = exp.method
 
-    process_all exp.args
+    process_call_args exp
 
     if match(@find_targets, target) and match(@find_methods, method)
 

data/lib/brakeman/processors/lib/find_return_value.rb

@@ -0,0 +1,134 @@
+require 'brakeman/processors/alias_processor'
+
+#Attempts to determine the return value of a method.
+#
+#Preferred usage:
+#
+#  Brakeman::FindReturnValue.return_value exp
+class Brakeman::FindReturnValue
+  include Brakeman::Util
+
+  #Returns a guess at the return value of a given method or other block of code.
+  #
+  #If multiple return values are possible, returns all values in an :or Sexp.
+  def self.return_value exp, env = nil
+    self.new.get_return_value exp, env
+  end
+
+  def initialize
+    @uses_ivars = false
+    @return_values = []
+  end
+
+  def uses_ivars?
+    @uses_ivars
+  end
+
+  #Find return value of Sexp. Takes an optional starting environment.
+  def get_return_value exp, env = nil
+    process_method exp, env
+    value = make_return_value
+    value.original_line(exp.line)
+    value
+  end
+
+  #Process method (or, actually, any Sexp) for return value.
+  def process_method exp, env = nil
+    exp = Brakeman::AliasProcessor.new.process_safely exp, env
+
+    find_explicit_return_values exp
+
+    if node_type? exp, :methdef, :selfdef, :defn, :defs
+      body = exp.body
+
+      unless body.empty?
+        @return_values << last_value(body)
+      else
+        Brakeman.debug "FindReturnValue: Empty method? #{exp.inspect}"
+      end
+    elsif exp
+      @return_values << last_value(exp)
+    else
+       Brakeman.debug "FindReturnValue: Given something strange? #{exp.inspect}"
+    end
+
+    exp
+  end
+
+  #Searches expression for return statements.
+  def find_explicit_return_values exp
+    todo = [exp]
+
+    until todo.empty?
+      current = todo.shift
+
+      @uses_ivars = true if node_type? current, :ivar
+
+      if node_type? current, :return
+        @return_values << current.value unless current.value.nil?
+      elsif sexp? current
+        todo = current[1..-1].concat todo
+      end
+    end
+  end
+
+  #Determines the "last value" of an expression.
+  def last_value exp
+    case exp.node_type
+    when :rlist, :block, :scope, Sexp
+      last_value exp.last
+    when :if
+      then_clause = exp.then_clause
+      else_clause = exp.else_clause
+
+      if then_clause.nil?
+        last_value else_clause
+      elsif else_clause.nil?
+        last_value then_clause
+      else
+        true_branch = last_value then_clause
+        false_branch = last_value else_clause
+
+        if true_branch and false_branch
+          value = make_or(true_branch, false_branch)
+          value.original_line(value.rhs.line)
+          value
+        else #Unlikely?
+          true_branch or false_branch
+        end
+      end
+    when :lasgn, :iasgn
+      exp.rhs
+    when :return
+      exp.value
+    else
+      exp.original_line(exp.line) unless exp.original_line
+      exp
+    end
+  end
+
+  def make_or lhs, rhs
+    #Better checks in future
+    if lhs == rhs
+      lhs
+    else
+      Sexp.new(:or, lhs, rhs)
+    end
+  end
+
+  #Turns the array of return values into an :or Sexp
+  def make_return_value
+    @return_values.compact!
+    @return_values.uniq!
+
+    if @return_values.empty?
+      Sexp.new(:nil)
+    elsif @return_values.length == 1
+      @return_values.first
+    else
+      @return_values.reduce do |value, sexp|
+        make_or value, sexp
+      end
+    end
+  end
+end

data/lib/brakeman/processors/lib/processor_helper.rb

@@ -7,6 +7,28 @@ module Brakeman::ProcessorHelper
     exp
   end
 
+  def process_all! exp
+    exp.map! do |e|
+      if sexp? e
+        process e
+      else
+        e
+      end
+    end
+
+    exp
+  end
+
+  #Process the arguments of a method call. Does not store results.
+  #
+  #This method is used because Sexp#args and Sexp#arglist create new objects.
+  def process_call_args exp
+    exp.each_arg do |a|
+      process a if sexp? a
+    end
+
+    exp
+  end
   #Sets the current module.
   def process_module exp
     module_name = class_name(exp.class_name).to_s
@@ -18,7 +40,7 @@ module Brakeman::ProcessorHelper
       @current_module = module_name
     end
 
-    process exp.body
+    process_all exp.body
 
     @current_module = prev_module
 
@@ -35,7 +57,7 @@ module Brakeman::ProcessorHelper
       when :lvar
         exp.value.to_sym
       when :colon2
-        "#{class_name(exp[1])}::#{exp[2]}".to_sym
+        "#{class_name(exp.lhs)}::#{exp.rhs}".to_sym
       when :colon3
         "::#{exp.value}".to_sym
       when :call

data/lib/brakeman/processors/lib/rails2_config_processor.rb

@@ -1,10 +1,3 @@
-#Replace block variable in
-#
-#  Rails::Initializer.run |config|
-#
-#with this value so we can keep track of it.
-Brakeman::RAILS_CONFIG = Sexp.new(:const, :"!BRAKEMAN_RAILS_CONFIG") unless defined? Brakeman::RAILS_CONFIG
-
 #Processes configuration. Results are put in tracker.config.
 #
 #Configuration of Rails via Rails::Initializer are stored in tracker.config[:rails].
@@ -20,6 +13,13 @@ Brakeman::RAILS_CONFIG = Sexp.new(:const, :"!BRAKEMAN_RAILS_CONFIG") unless defi
 #
 #Values for tracker.config[:rails] will still be Sexps.
 class Brakeman::Rails2ConfigProcessor < Brakeman::BaseProcessor
+  #Replace block variable in
+  #
+  #  Rails::Initializer.run |config|
+  #
+  #with this value so we can keep track of it.
+  RAILS_CONFIG = Sexp.new(:const, :"!BRAKEMAN_RAILS_CONFIG")
+
   def initialize *args
     super
     @tracker.config[:rails] ||= {}
@@ -46,7 +46,7 @@ class Brakeman::Rails2ConfigProcessor < Brakeman::BaseProcessor
 
   #Look for configuration settings
   def process_attrasgn exp
-    if exp.target == Brakeman::RAILS_CONFIG
+    if exp.target == RAILS_CONFIG
       #Get rid of '=' at end
       attribute = exp.method.to_s[0..-2].to_sym
       if exp.args.length > 1
@@ -83,12 +83,12 @@ class Brakeman::Rails2ConfigProcessor < Brakeman::BaseProcessor
   def include_rails_config? exp
     target = exp.target
     if call? target
-      if target.target == Brakeman::RAILS_CONFIG
+      if target.target == RAILS_CONFIG
         true
       else
         include_rails_config? target
       end
-    elsif target == Brakeman::RAILS_CONFIG
+    elsif target == RAILS_CONFIG
       true
     else
       false
@@ -107,7 +107,7 @@ class Brakeman::Rails2ConfigProcessor < Brakeman::BaseProcessor
       attribute = exp.method.to_s[0..-2].to_sym
       get_rails_config(exp.target) << attribute
     elsif call? exp
-      if exp.target == Brakeman::RAILS_CONFIG
+      if exp.target == RAILS_CONFIG
         [exp.method]
       else
         get_rails_config(exp.target) << exp.method
@@ -129,14 +129,13 @@ class Brakeman::ConfigAliasProcessor < Brakeman::AliasProcessor
   #    ...
   #  end
   #
-  #and replace config with Brakeman::RAILS_CONFIG
+  #and replace config with RAILS_CONFIG
   def process_iter exp
     target = exp.block_call.target
     method = exp.block_call.method
 
-
     if sexp? target and target == RAILS_INIT and method == :run
-      exp.block_args.rhs = Brakeman::RAILS_CONFIG
+      env[Sexp.new(:lvar, exp.block_args.value)] = Brakeman::Rails2ConfigProcessor::RAILS_CONFIG
     end
 
     process_default exp

data/lib/brakeman/processors/lib/rails2_route_processor.rb

@@ -200,7 +200,12 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BaseProcessor
 
     exp.last.each_with_index do |e,i|
       if symbol? e and e.value == :action
-        @tracker.routes[@current_controller] << exp.last[i + 1].value.to_sym
+        action = exp.last[i + 1]
+        
+        if node_type? action, :lit
+          @tracker.routes[@current_controller] << action.value.to_sym
+        end
+
         return
       end
     end
@@ -210,8 +215,8 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BaseProcessor
   #   something.resources :blah
   # end
   def process_with_options exp
-    @with_options = exp.block_call.args.last
-    @nested = Sexp.new(:lvar, exp.block_args.lhs)
+    @with_options = exp.block_call.last_arg
+    @nested = Sexp.new(:lvar, exp.block_args.value)
 
     self.current_controller = check_for_controller_name exp.block_call.args
     
@@ -233,7 +238,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BaseProcessor
     @prefix << camelize(call.first_arg.value)
 
     if formal_args
-      @nested = Sexp.new(:lvar, formal_args.lhs)
+      @nested = Sexp.new(:lvar, formal_args.value)
     end
 
     process block

data/lib/brakeman/processors/lib/rails3_config_processor.rb

@@ -1,5 +1,3 @@
-Brakeman::RAILS_CONFIG = Sexp.new(:call, nil, :config, Sexp.new(:arglist))
-  
 #Processes configuration. Results are put in tracker.config.
 #
 #Configuration of Rails via Rails::Initializer are stored in tracker.config[:rails].
@@ -15,6 +13,8 @@ Brakeman::RAILS_CONFIG = Sexp.new(:call, nil, :config, Sexp.new(:arglist))
 #
 #Values for tracker.config[:rails] will still be Sexps.
 class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor
+  RAILS_CONFIG = Sexp.new(:call, nil, :config)
+
   def initialize *args
     super
     @tracker.config[:rails] ||= {}
@@ -31,7 +31,7 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor
   def process_iter exp
     if node_type?(exp.block_call.target, :colon2) and exp.block_call.method == :Application
       @inside_config = true
-      process exp.body if sexp? exp.body
+      process_all exp.body if sexp? exp.body
       @inside_config = false
     end
 
@@ -42,7 +42,7 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor
   def process_class exp
     if exp.class_name == :Application
       @inside_config = true
-      process exp.body if sexp? exp.body
+      process_all exp.body if sexp? exp.body
       @inside_config = false
     end
 
@@ -53,7 +53,7 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor
   def process_attrasgn exp
     return exp unless @inside_config
 
-    if exp.target == Brakeman::RAILS_CONFIG
+    if exp.target == RAILS_CONFIG
       #Get rid of '=' at end
       attribute = exp.method.to_s[0..-2].to_sym
       if exp.args.length > 1
@@ -80,12 +80,12 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor
   def include_rails_config? exp
     target = exp.target
     if call? target
-      if target.target == Brakeman::RAILS_CONFIG
+      if target.target == RAILS_CONFIG
         true
       else
         include_rails_config? target
       end
-    elsif target == Brakeman::RAILS_CONFIG
+    elsif target == RAILS_CONFIG
       true
     else
       false
@@ -104,7 +104,7 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor
       attribute = exp.method.to_s[0..-2].to_sym
       get_rails_config(exp.target) << attribute
     elsif call? exp
-      if exp.target == Brakeman::RAILS_CONFIG
+      if exp.target == RAILS_CONFIG
         [exp.method]
       else
         get_rails_config(exp.target) << exp.method

data/lib/brakeman/processors/lib/rails3_route_processor.rb

@@ -72,9 +72,7 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BaseProcessor
 
   #TODO: Need test for this
   def process_root exp
-    args = exp.args
-
-    if value = hash_access(args.first, :to)
+    if value = hash_access(exp.first_arg, :to)
       if string? value
         add_route_from_string value
       end
@@ -84,27 +82,29 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BaseProcessor
   end
 
   def process_match exp
-    args = exp.args
+    first_arg = exp.first_arg
+    second_arg = exp.second_arg
+    last_arg = exp.last_arg
 
     #Check if there is an unrestricted action parameter
     action_variable = false
 
-    if string? args.first
-      matcher = args.first.value
+    if string? first_arg
+      matcher = first_arg.value
 
       if matcher == ':controller(/:action(/:id(.:format)))' or
         matcher.include? ':controller' and matcher.include? ':action' #Default routes
-        @tracker.routes[:allow_all_actions] = args.first
+        @tracker.routes[:allow_all_actions] = first_arg
         return exp
       elsif matcher.include? ':action'
         action_variable = true
-      elsif args[1].nil? and in_controller_block? and not matcher.include? ":"
+      elsif second_arg.nil? and in_controller_block? and not matcher.include? ":"
         add_route matcher
       end
     end
 
-    if hash? args.last
-      hash_iterate args.last do |k, v|
+    if hash? last_arg
+      hash_iterate last_arg do |k, v|
         if string? k
           if string? v
             add_route_from_string v
@@ -153,13 +153,13 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BaseProcessor
   end
 
   def process_verb exp
-    args = exp.args
-    first_arg = args.first
+    first_arg = exp.first_arg
+    second_arg = exp.second_arg
 
-    if symbol? first_arg and not hash? args.second
+    if symbol? first_arg and not hash? second_arg
       add_route first_arg
-    elsif hash? args.second
-      hash_iterate args.second do |k, v|
+    elsif hash? second_arg
+      hash_iterate second_arg do |k, v|
         if symbol? k and k.value == :to
           if string? v
             add_route_from_string v
@@ -194,12 +194,15 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BaseProcessor
   end
 
   def process_resources exp
-    if exp.args and exp.args.second and exp.args.second.node_type == :hash
-      self.current_controller = exp.first_arg.value
+    first_arg = exp.first_arg
+    second_arg = exp.second_arg
+
+    if second_arg and second_arg.node_type == :hash
+      self.current_controller = first_arg.value
       #handle hash
       add_resources_routes
     elsif exp.args.all? { |s| symbol? s }
-      exp.args.each do |s|
+      exp.each_arg do |s|
         self.current_controller = s.value
         add_resources_routes
       end
@@ -211,7 +214,7 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BaseProcessor
 
   def process_resource exp
     #Does resource even take more than one controller name?
-    exp.args.each do |s|
+    exp.each_arg do |s|
       if symbol? s
         self.current_controller = pluralize(s.value.to_s)
         add_resource_routes
@@ -252,8 +255,7 @@ class Brakeman::Rails3RoutesProcessor < Brakeman::BaseProcessor
   end
 
   def process_controller_block exp
-    args = exp[1][3]
-    self.current_controller = args[1][1]
+    self.current_controller = exp.block_call.first_arg.value
 
     in_controller_block do
       process exp[-1] if exp[-1]