railroader 4.3.5 → 4.3.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +16 -0
- data/README.md +15 -0
- data/bin/railroader +1 -1
- data/lib/railroader/call_index.rb +11 -11
- data/lib/railroader/checks/base_check.rb +43 -43
- data/lib/railroader/checks/check_basic_auth.rb +3 -3
- data/lib/railroader/checks/check_content_tag.rb +9 -9
- data/lib/railroader/checks/check_create_with.rb +2 -2
- data/lib/railroader/checks/check_cross_site_scripting.rb +24 -24
- data/lib/railroader/checks/check_default_routes.rb +5 -5
- data/lib/railroader/checks/check_deserialize.rb +1 -1
- data/lib/railroader/checks/check_dynamic_finders.rb +1 -1
- data/lib/railroader/checks/check_escape_function.rb +3 -3
- data/lib/railroader/checks/check_evaluation.rb +4 -4
- data/lib/railroader/checks/check_execute.rb +8 -8
- data/lib/railroader/checks/check_file_access.rb +2 -2
- data/lib/railroader/checks/check_filter_skipping.rb +2 -2
- data/lib/railroader/checks/check_forgery_setting.rb +3 -3
- data/lib/railroader/checks/check_jruby_xml.rb +1 -1
- data/lib/railroader/checks/check_json_parsing.rb +2 -2
- data/lib/railroader/checks/check_link_to.rb +12 -12
- data/lib/railroader/checks/check_link_to_href.rb +9 -9
- data/lib/railroader/checks/check_mail_to.rb +4 -4
- data/lib/railroader/checks/check_mass_assignment.rb +5 -5
- data/lib/railroader/checks/check_model_attributes.rb +6 -6
- data/lib/railroader/checks/check_model_serialize.rb +2 -2
- data/lib/railroader/checks/check_nested_attributes.rb +2 -2
- data/lib/railroader/checks/check_nested_attributes_bypass.rb +1 -1
- data/lib/railroader/checks/check_quote_table_name.rb +3 -3
- data/lib/railroader/checks/check_redirect.rb +19 -19
- data/lib/railroader/checks/check_regex_dos.rb +3 -3
- data/lib/railroader/checks/check_render.rb +4 -4
- data/lib/railroader/checks/check_response_splitting.rb +2 -2
- data/lib/railroader/checks/check_safe_buffer_manipulation.rb +4 -4
- data/lib/railroader/checks/check_sanitize_methods.rb +2 -2
- data/lib/railroader/checks/check_select_tag.rb +4 -4
- data/lib/railroader/checks/check_select_vulnerability.rb +3 -3
- data/lib/railroader/checks/check_send.rb +1 -1
- data/lib/railroader/checks/check_send_file.rb +1 -1
- data/lib/railroader/checks/check_session_settings.rb +10 -10
- data/lib/railroader/checks/check_single_quotes.rb +8 -8
- data/lib/railroader/checks/check_skip_before_filter.rb +5 -5
- data/lib/railroader/checks/check_sql.rb +41 -41
- data/lib/railroader/checks/check_strip_tags.rb +6 -6
- data/lib/railroader/checks/check_symbol_dos_cve.rb +0 -1
- data/lib/railroader/checks/check_translate_bug.rb +4 -4
- data/lib/railroader/checks/check_unsafe_reflection.rb +1 -1
- data/lib/railroader/checks/check_validation_regex.rb +7 -7
- data/lib/railroader/checks/check_weak_hash.rb +1 -1
- data/lib/railroader/checks/check_without_protection.rb +9 -9
- data/lib/railroader/checks/check_yaml_parsing.rb +5 -5
- data/lib/railroader/checks.rb +18 -18
- data/lib/railroader/commandline.rb +1 -1
- data/lib/railroader/differ.rb +2 -2
- data/lib/railroader/options.rb +7 -7
- data/lib/railroader/parsers/rails2_erubis.rb +1 -1
- data/lib/railroader/parsers/rails2_xss_plugin_erubis.rb +4 -4
- data/lib/railroader/parsers/template_parser.rb +1 -1
- data/lib/railroader/processor.rb +17 -17
- data/lib/railroader/processors/alias_processor.rb +72 -72
- data/lib/railroader/processors/base_processor.rb +31 -31
- data/lib/railroader/processors/controller_alias_processor.rb +31 -31
- data/lib/railroader/processors/controller_processor.rb +29 -29
- data/lib/railroader/processors/erb_template_processor.rb +8 -8
- data/lib/railroader/processors/erubis_template_processor.rb +6 -6
- data/lib/railroader/processors/gem_processor.rb +1 -1
- data/lib/railroader/processors/haml_template_processor.rb +14 -14
- data/lib/railroader/processors/lib/call_conversion_helper.rb +1 -1
- data/lib/railroader/processors/lib/find_all_calls.rb +15 -15
- data/lib/railroader/processors/lib/find_call.rb +26 -26
- data/lib/railroader/processors/lib/find_return_value.rb +11 -11
- data/lib/railroader/processors/lib/module_helper.rb +1 -1
- data/lib/railroader/processors/lib/processor_helper.rb +4 -4
- data/lib/railroader/processors/lib/rails2_config_processor.rb +20 -20
- data/lib/railroader/processors/lib/rails2_route_processor.rb +38 -38
- data/lib/railroader/processors/lib/rails3_config_processor.rb +14 -14
- data/lib/railroader/processors/lib/rails3_route_processor.rb +16 -16
- data/lib/railroader/processors/lib/render_helper.rb +32 -32
- data/lib/railroader/processors/lib/route_helper.rb +12 -12
- data/lib/railroader/processors/library_processor.rb +1 -1
- data/lib/railroader/processors/model_processor.rb +9 -9
- data/lib/railroader/processors/output_processor.rb +3 -3
- data/lib/railroader/processors/slim_template_processor.rb +4 -4
- data/lib/railroader/processors/template_alias_processor.rb +10 -10
- data/lib/railroader/processors/template_processor.rb +7 -7
- data/lib/railroader/report/renderer.rb +1 -1
- data/lib/railroader/report/report_base.rb +12 -12
- data/lib/railroader/report/report_csv.rb +2 -2
- data/lib/railroader/report/report_html.rb +5 -5
- data/lib/railroader/report/report_markdown.rb +2 -2
- data/lib/railroader/report/report_table.rb +3 -3
- data/lib/railroader/report/report_tabs.rb +2 -2
- data/lib/railroader/report/report_text.rb +3 -4
- data/lib/railroader/report.rb +3 -3
- data/lib/railroader/rescanner.rb +36 -36
- data/lib/railroader/scanner.rb +23 -23
- data/lib/railroader/tracker/config.rb +3 -3
- data/lib/railroader/tracker/controller.rb +2 -2
- data/lib/railroader/tracker.rb +42 -42
- data/lib/railroader/util.rb +47 -47
- data/lib/railroader/version.rb +1 -1
- data/lib/railroader/warning.rb +9 -10
- data/lib/railroader.rb +32 -32
- data/lib/ruby_parser/bm_sexp.rb +63 -63
- data/lib/ruby_parser/bm_sexp_processor.rb +3 -3
- metadata +4 -4
data/lib/railroader/tracker.rb
CHANGED
@@ -7,21 +7,21 @@ require 'railroader/processors/lib/find_all_calls'
|
|
7
7
|
require 'railroader/tracker/config'
|
8
8
|
require 'railroader/tracker/constants'
|
9
9
|
|
10
|
-
#The Tracker keeps track of all the processed information.
|
10
|
+
# The Tracker keeps track of all the processed information.
|
11
11
|
class Railroader::Tracker
|
12
12
|
attr_accessor :controllers, :constants, :templates, :models, :errors,
|
13
13
|
:checks, :initializers, :config, :routes, :processor, :libs,
|
14
14
|
:template_cache, :options, :filter_cache, :start_time, :end_time,
|
15
15
|
:duration, :ignored_filter
|
16
16
|
|
17
|
-
#Place holder when there should be a model, but it is not
|
18
|
-
#clear what model it will be.
|
17
|
+
# Place holder when there should be a model, but it is not
|
18
|
+
# clear what model it will be.
|
19
19
|
UNKNOWN_MODEL = :RailroaderUnresolvedModel
|
20
20
|
|
21
|
-
#Creates a new Tracker.
|
21
|
+
# Creates a new Tracker.
|
22
22
|
#
|
23
|
-
#The Processor argument is only used by other Processors
|
24
|
-
#that might need to access it.
|
23
|
+
# The Processor argument is only used by other Processors
|
24
|
+
# that might need to access it.
|
25
25
|
def initialize(app_tree, processor = nil, options = {})
|
26
26
|
@app_tree = app_tree
|
27
27
|
@processor = processor
|
@@ -30,9 +30,9 @@ class Railroader::Tracker
|
|
30
30
|
@config = Railroader::Config.new(self)
|
31
31
|
@templates = {}
|
32
32
|
@controllers = {}
|
33
|
-
#Initialize models with the unknown model so
|
34
|
-
#we can match models later without knowing precisely what
|
35
|
-
#class they are.
|
33
|
+
# Initialize models with the unknown model so
|
34
|
+
# we can match models later without knowing precisely what
|
35
|
+
# class they are.
|
36
36
|
@models = {}
|
37
37
|
@models[UNKNOWN_MODEL] = Railroader::Model.new(UNKNOWN_MODEL, nil, nil, nil, self)
|
38
38
|
@routes = {}
|
@@ -50,8 +50,8 @@ class Railroader::Tracker
|
|
50
50
|
@duration = nil
|
51
51
|
end
|
52
52
|
|
53
|
-
#Add an error to the list. If no backtrace is given,
|
54
|
-
#the one from the exception will be used.
|
53
|
+
# Add an error to the list. If no backtrace is given,
|
54
|
+
# the one from the exception will be used.
|
55
55
|
def error exception, backtrace = nil
|
56
56
|
backtrace ||= exception.backtrace
|
57
57
|
unless backtrace.is_a? Array
|
@@ -64,8 +64,8 @@ class Railroader::Tracker
|
|
64
64
|
@errors << { :error => exception.to_s.gsub("\n", " "), :backtrace => backtrace }
|
65
65
|
end
|
66
66
|
|
67
|
-
#Run a set of checks on the current information. Results will be stored
|
68
|
-
#in Tracker#checks.
|
67
|
+
# Run a set of checks on the current information. Results will be stored
|
68
|
+
# in Tracker#checks.
|
69
69
|
def run_checks
|
70
70
|
@checks = Railroader::Checks.run_checks(@app_tree, self)
|
71
71
|
|
@@ -78,7 +78,7 @@ class Railroader::Tracker
|
|
78
78
|
@app_path ||= File.expand_path @options[:app_path]
|
79
79
|
end
|
80
80
|
|
81
|
-
#Iterate over all methods in controllers and models.
|
81
|
+
# Iterate over all methods in controllers and models.
|
82
82
|
def each_method
|
83
83
|
classes = [self.controllers, self.models]
|
84
84
|
|
@@ -96,8 +96,8 @@ class Railroader::Tracker
|
|
96
96
|
end
|
97
97
|
end
|
98
98
|
|
99
|
-
#Iterates over each template, yielding the name and the template.
|
100
|
-
#Prioritizes templates which have been rendered.
|
99
|
+
# Iterates over each template, yielding the name and the template.
|
100
|
+
# Prioritizes templates which have been rendered.
|
101
101
|
def each_template
|
102
102
|
if @processed.nil?
|
103
103
|
@processed, @rest = templates.keys.sort_by{|template| template.to_s}.partition { |k| k.to_s.include? "." }
|
@@ -129,24 +129,24 @@ class Railroader::Tracker
|
|
129
129
|
end
|
130
130
|
end
|
131
131
|
|
132
|
-
#Find a method call.
|
132
|
+
# Find a method call.
|
133
133
|
#
|
134
|
-
#Options:
|
134
|
+
# Options:
|
135
135
|
# * :target => target name(s)
|
136
136
|
# * :method => method name(s)
|
137
137
|
# * :chained => search in method chains
|
138
138
|
#
|
139
|
-
#If :target => false or :target => nil, searches for methods without a target.
|
140
|
-
#Targets and methods can be specified as a symbol, an array of symbols,
|
141
|
-
#or a regular expression.
|
139
|
+
# If :target => false or :target => nil, searches for methods without a target.
|
140
|
+
# Targets and methods can be specified as a symbol, an array of symbols,
|
141
|
+
# or a regular expression.
|
142
142
|
#
|
143
|
-
#If :chained => true, matches target at head of method chain and method at end.
|
143
|
+
# If :chained => true, matches target at head of method chain and method at end.
|
144
144
|
#
|
145
|
-
#For example:
|
145
|
+
# For example:
|
146
146
|
#
|
147
147
|
# find_call :target => User, :method => :all, :chained => true
|
148
148
|
#
|
149
|
-
#could match
|
149
|
+
# could match
|
150
150
|
#
|
151
151
|
# User.human.active.all(...)
|
152
152
|
#
|
@@ -155,7 +155,7 @@ class Railroader::Tracker
|
|
155
155
|
@call_index.find_calls options
|
156
156
|
end
|
157
157
|
|
158
|
-
#Searches the initializers for a method call
|
158
|
+
# Searches the initializers for a method call
|
159
159
|
def check_initializers target, method
|
160
160
|
finder = Railroader::FindCall.new target, method, self
|
161
161
|
|
@@ -166,7 +166,7 @@ class Railroader::Tracker
|
|
166
166
|
finder.matches
|
167
167
|
end
|
168
168
|
|
169
|
-
#Returns a Report with this Tracker's information
|
169
|
+
# Returns a Report with this Tracker's information
|
170
170
|
def report
|
171
171
|
Railroader::Report.new(@app_tree, self)
|
172
172
|
end
|
@@ -226,15 +226,15 @@ class Railroader::Tracker
|
|
226
226
|
@call_index = Railroader::CallIndex.new finder.calls
|
227
227
|
end
|
228
228
|
|
229
|
-
#Reindex call sites
|
229
|
+
# Reindex call sites
|
230
230
|
#
|
231
|
-
#Takes a set of symbols which can include :templates, :models,
|
232
|
-
#or :controllers
|
231
|
+
# Takes a set of symbols which can include :templates, :models,
|
232
|
+
# or :controllers
|
233
233
|
#
|
234
|
-
#This will limit reindexing to the given sets
|
234
|
+
# This will limit reindexing to the given sets
|
235
235
|
def reindex_call_sites locations
|
236
|
-
#If reindexing templates, models, and controllers, just redo
|
237
|
-
#everything
|
236
|
+
# If reindexing templates, models, and controllers, just redo
|
237
|
+
# everything
|
238
238
|
if locations.length == 3
|
239
239
|
return index_call_sites
|
240
240
|
end
|
@@ -278,9 +278,9 @@ class Railroader::Tracker
|
|
278
278
|
@call_index.index_calls finder.calls
|
279
279
|
end
|
280
280
|
|
281
|
-
#Clear information related to templates.
|
282
|
-
#If :only_rendered => true, will delete templates rendered from
|
283
|
-
#controllers (but not those rendered from other templates)
|
281
|
+
# Clear information related to templates.
|
282
|
+
# If :only_rendered => true, will delete templates rendered from
|
283
|
+
# controllers (but not those rendered from other templates)
|
284
284
|
def reset_templates options = { :only_rendered => false }
|
285
285
|
if options[:only_rendered]
|
286
286
|
@templates.delete_if do |_name, template|
|
@@ -294,7 +294,7 @@ class Railroader::Tracker
|
|
294
294
|
@template_cache.clear
|
295
295
|
end
|
296
296
|
|
297
|
-
#Clear information related to template
|
297
|
+
# Clear information related to template
|
298
298
|
def reset_template name
|
299
299
|
name = name.to_sym
|
300
300
|
@templates.delete name
|
@@ -303,7 +303,7 @@ class Railroader::Tracker
|
|
303
303
|
@template_cache.clear
|
304
304
|
end
|
305
305
|
|
306
|
-
#Clear information related to model
|
306
|
+
# Clear information related to model
|
307
307
|
def reset_model path
|
308
308
|
model_name = nil
|
309
309
|
|
@@ -317,7 +317,7 @@ class Railroader::Tracker
|
|
317
317
|
@models.delete model_name
|
318
318
|
end
|
319
319
|
|
320
|
-
#Clear information related to model
|
320
|
+
# Clear information related to model
|
321
321
|
def reset_lib path
|
322
322
|
lib_name = nil
|
323
323
|
|
@@ -334,12 +334,12 @@ class Railroader::Tracker
|
|
334
334
|
def reset_controller path
|
335
335
|
controller_name = nil
|
336
336
|
|
337
|
-
#Remove from controller
|
337
|
+
# Remove from controller
|
338
338
|
@controllers.each do |name, controller|
|
339
339
|
if controller.files.include?(path)
|
340
340
|
controller_name = name
|
341
341
|
|
342
|
-
#Remove templates rendered from this controller
|
342
|
+
# Remove templates rendered from this controller
|
343
343
|
@templates.each do |template_name, template|
|
344
344
|
if template.render_path and template.render_path.include_controller? name
|
345
345
|
reset_template template_name
|
@@ -347,7 +347,7 @@ class Railroader::Tracker
|
|
347
347
|
end
|
348
348
|
end
|
349
349
|
|
350
|
-
#Remove calls indexed from this controller
|
350
|
+
# Remove calls indexed from this controller
|
351
351
|
@call_index.remove_indexes_by_class [name]
|
352
352
|
break
|
353
353
|
end
|
@@ -355,7 +355,7 @@ class Railroader::Tracker
|
|
355
355
|
@controllers.delete controller_name
|
356
356
|
end
|
357
357
|
|
358
|
-
#Clear information about routes
|
358
|
+
# Clear information about routes
|
359
359
|
def reset_routes
|
360
360
|
@routes = {}
|
361
361
|
end
|
data/lib/railroader/util.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
require 'set'
|
2
2
|
require 'pathname'
|
3
3
|
|
4
|
-
#This is a mixin containing utility methods.
|
4
|
+
# This is a mixin containing utility methods.
|
5
5
|
module Railroader::Util
|
6
6
|
|
7
7
|
QUERY_PARAMETERS = Sexp.new(:call, Sexp.new(:call, nil, :request), :query_parameters)
|
@@ -28,20 +28,20 @@ module Railroader::Util
|
|
28
28
|
|
29
29
|
SAFE_LITERAL = s(:lit, :BRAKEMAN_SAFE_LITERAL)
|
30
30
|
|
31
|
-
#Convert a string from "something_like_this" to "SomethingLikeThis"
|
31
|
+
# Convert a string from "something_like_this" to "SomethingLikeThis"
|
32
32
|
#
|
33
|
-
#Taken from ActiveSupport.
|
33
|
+
# Taken from ActiveSupport.
|
34
34
|
def camelize lower_case_and_underscored_word
|
35
35
|
lower_case_and_underscored_word.to_s.gsub(/\/(.?)/) { "::#{$1.upcase}" }.gsub(/(?:^|_)(.)/) { $1.upcase }
|
36
36
|
end
|
37
37
|
|
38
|
-
#Convert a string from "Something::LikeThis" to "something/like_this"
|
38
|
+
# Convert a string from "Something::LikeThis" to "something/like_this"
|
39
39
|
#
|
40
|
-
#Taken from ActiveSupport.
|
40
|
+
# Taken from ActiveSupport.
|
41
41
|
def underscore camel_cased_word
|
42
42
|
camel_cased_word.to_s.gsub(/::/, '/').
|
43
|
-
gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
|
44
|
-
gsub(/([a-z\d])([A-Z])/,'\1_\2').
|
43
|
+
gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2').
|
44
|
+
gsub(/([a-z\d])([A-Z])/, '\1_\2').
|
45
45
|
tr("-", "_").
|
46
46
|
downcase
|
47
47
|
end
|
@@ -51,8 +51,8 @@ module Railroader::Util
|
|
51
51
|
word + "s"
|
52
52
|
end
|
53
53
|
|
54
|
-
#Returns a class name as a Symbol.
|
55
|
-
#If class name cannot be determined, returns _exp_.
|
54
|
+
# Returns a class name as a Symbol.
|
55
|
+
# If class name cannot be determined, returns _exp_.
|
56
56
|
def class_name exp
|
57
57
|
case exp
|
58
58
|
when Sexp
|
@@ -79,11 +79,11 @@ module Railroader::Util
|
|
79
79
|
end
|
80
80
|
end
|
81
81
|
|
82
|
-
#Takes an Sexp like
|
82
|
+
# Takes an Sexp like
|
83
83
|
# (:hash, (:lit, :key), (:str, "value"))
|
84
|
-
#and yields the key and value pairs to the given block.
|
84
|
+
# and yields the key and value pairs to the given block.
|
85
85
|
#
|
86
|
-
#For example:
|
86
|
+
# For example:
|
87
87
|
#
|
88
88
|
# h = Sexp.new(:hash, (:lit, :name), (:str, "bob"), (:lit, :name), (:str, "jane"))
|
89
89
|
# names = []
|
@@ -99,10 +99,10 @@ module Railroader::Util
|
|
99
99
|
end
|
100
100
|
end
|
101
101
|
|
102
|
-
#Insert value into Hash Sexp
|
102
|
+
# Insert value into Hash Sexp
|
103
103
|
def hash_insert hash, key, value
|
104
104
|
index = 1
|
105
|
-
hash_iterate hash.dup do |k,v|
|
105
|
+
hash_iterate hash.dup do |k, v|
|
106
106
|
if k == key
|
107
107
|
hash[index + 1] = value
|
108
108
|
return hash
|
@@ -115,9 +115,9 @@ module Railroader::Util
|
|
115
115
|
hash
|
116
116
|
end
|
117
117
|
|
118
|
-
#Get value from hash using key.
|
118
|
+
# Get value from hash using key.
|
119
119
|
#
|
120
|
-
#If _key_ is a Symbol, it will be converted to a Sexp(:lit, key).
|
120
|
+
# If _key_ is a Symbol, it will be converted to a Sexp(:lit, key).
|
121
121
|
def hash_access hash, key
|
122
122
|
if key.is_a? Symbol
|
123
123
|
key = Sexp.new(:lit, key)
|
@@ -130,21 +130,21 @@ module Railroader::Util
|
|
130
130
|
nil
|
131
131
|
end
|
132
132
|
|
133
|
-
#These are never modified
|
133
|
+
# These are never modified
|
134
134
|
PARAMS_SEXP = Sexp.new(:params)
|
135
135
|
SESSION_SEXP = Sexp.new(:session)
|
136
136
|
COOKIES_SEXP = Sexp.new(:cookies)
|
137
137
|
|
138
|
-
#Adds params, session, and cookies to environment
|
139
|
-
#so they can be replaced by their respective Sexps.
|
138
|
+
# Adds params, session, and cookies to environment
|
139
|
+
# so they can be replaced by their respective Sexps.
|
140
140
|
def set_env_defaults
|
141
141
|
@env[PARAMETERS] = PARAMS_SEXP
|
142
142
|
@env[SESSION] = SESSION_SEXP
|
143
143
|
@env[COOKIES] = COOKIES_SEXP
|
144
144
|
end
|
145
145
|
|
146
|
-
#Check if _exp_ represents a hash: s(:hash, {...})
|
147
|
-
#This also includes pseudo hashes params, session, and cookies.
|
146
|
+
# Check if _exp_ represents a hash: s(:hash, {...})
|
147
|
+
# This also includes pseudo hashes params, session, and cookies.
|
148
148
|
def hash? exp
|
149
149
|
exp.is_a? Sexp and (exp.node_type == :hash or
|
150
150
|
exp.node_type == :params or
|
@@ -152,12 +152,12 @@ module Railroader::Util
|
|
152
152
|
exp.node_type == :cookies)
|
153
153
|
end
|
154
154
|
|
155
|
-
#Check if _exp_ represents an array: s(:array, [...])
|
155
|
+
# Check if _exp_ represents an array: s(:array, [...])
|
156
156
|
def array? exp
|
157
157
|
exp.is_a? Sexp and exp.node_type == :array
|
158
158
|
end
|
159
159
|
|
160
|
-
#Check if _exp_ represents a String: s(:str, "...")
|
160
|
+
# Check if _exp_ represents a String: s(:str, "...")
|
161
161
|
def string? exp
|
162
162
|
exp.is_a? Sexp and exp.node_type == :str
|
163
163
|
end
|
@@ -166,57 +166,57 @@ module Railroader::Util
|
|
166
166
|
exp.is_a? Sexp and exp.node_type == :dstr
|
167
167
|
end
|
168
168
|
|
169
|
-
#Check if _exp_ represents a Symbol: s(:lit, :...)
|
169
|
+
# Check if _exp_ represents a Symbol: s(:lit, :...)
|
170
170
|
def symbol? exp
|
171
171
|
exp.is_a? Sexp and exp.node_type == :lit and exp[1].is_a? Symbol
|
172
172
|
end
|
173
173
|
|
174
|
-
#Check if _exp_ represents a method call: s(:call, ...)
|
174
|
+
# Check if _exp_ represents a method call: s(:call, ...)
|
175
175
|
def call? exp
|
176
176
|
exp.is_a? Sexp and
|
177
177
|
(exp.node_type == :call or exp.node_type == :safe_call)
|
178
178
|
end
|
179
179
|
|
180
|
-
#Check if _exp_ represents a Regexp: s(:lit, /.../)
|
180
|
+
# Check if _exp_ represents a Regexp: s(:lit, /.../)
|
181
181
|
def regexp? exp
|
182
182
|
exp.is_a? Sexp and exp.node_type == :lit and exp[1].is_a? Regexp
|
183
183
|
end
|
184
184
|
|
185
|
-
#Check if _exp_ represents an Integer: s(:lit, ...)
|
185
|
+
# Check if _exp_ represents an Integer: s(:lit, ...)
|
186
186
|
def integer? exp
|
187
187
|
exp.is_a? Sexp and exp.node_type == :lit and exp[1].is_a? Integer
|
188
188
|
end
|
189
189
|
|
190
|
-
#Check if _exp_ represents a number: s(:lit, ...)
|
190
|
+
# Check if _exp_ represents a number: s(:lit, ...)
|
191
191
|
def number? exp
|
192
192
|
exp.is_a? Sexp and exp.node_type == :lit and exp[1].is_a? Numeric
|
193
193
|
end
|
194
194
|
|
195
|
-
#Check if _exp_ represents a result: s(:result, ...)
|
195
|
+
# Check if _exp_ represents a result: s(:result, ...)
|
196
196
|
def result? exp
|
197
197
|
exp.is_a? Sexp and exp.node_type == :result
|
198
198
|
end
|
199
199
|
|
200
|
-
#Check if _exp_ represents a :true, :lit, or :string node
|
200
|
+
# Check if _exp_ represents a :true, :lit, or :string node
|
201
201
|
def true? exp
|
202
202
|
exp.is_a? Sexp and (exp.node_type == :true or
|
203
203
|
exp.node_type == :lit or
|
204
204
|
exp.node_type == :string)
|
205
205
|
end
|
206
206
|
|
207
|
-
#Check if _exp_ represents a :false or :nil node
|
207
|
+
# Check if _exp_ represents a :false or :nil node
|
208
208
|
def false? exp
|
209
209
|
exp.is_a? Sexp and (exp.node_type == :false or
|
210
210
|
exp.node_type == :nil)
|
211
211
|
end
|
212
212
|
|
213
|
-
#Check if _exp_ represents a block of code
|
213
|
+
# Check if _exp_ represents a block of code
|
214
214
|
def block? exp
|
215
215
|
exp.is_a? Sexp and (exp.node_type == :block or
|
216
216
|
exp.node_type == :rlist)
|
217
217
|
end
|
218
218
|
|
219
|
-
#Check if _exp_ is a params hash
|
219
|
+
# Check if _exp_ is a params hash
|
220
220
|
def params? exp
|
221
221
|
if exp.is_a? Sexp
|
222
222
|
return true if exp.node_type == :params or ALL_PARAMETERS.include? exp
|
@@ -253,7 +253,7 @@ module Railroader::Util
|
|
253
253
|
call? exp and (exp == REQUEST_ENV or exp[1] == REQUEST_ENV)
|
254
254
|
end
|
255
255
|
|
256
|
-
#Check if exp is params, cookies, or request_env
|
256
|
+
# Check if exp is params, cookies, or request_env
|
257
257
|
def request_value? exp
|
258
258
|
params? exp or
|
259
259
|
cookies? exp or
|
@@ -264,19 +264,19 @@ module Railroader::Util
|
|
264
264
|
node_type? exp, :const, :colon2, :colon3
|
265
265
|
end
|
266
266
|
|
267
|
-
#Check if _exp_ is a Sexp.
|
267
|
+
# Check if _exp_ is a Sexp.
|
268
268
|
def sexp? exp
|
269
269
|
exp.is_a? Sexp
|
270
270
|
end
|
271
271
|
|
272
|
-
#Check if _exp_ is a Sexp and the node type matches one of the given types.
|
272
|
+
# Check if _exp_ is a Sexp and the node type matches one of the given types.
|
273
273
|
def node_type? exp, *types
|
274
274
|
exp.is_a? Sexp and types.include? exp.node_type
|
275
275
|
end
|
276
276
|
|
277
|
-
#Returns true if the given _exp_ contains a :class node.
|
277
|
+
# Returns true if the given _exp_ contains a :class node.
|
278
278
|
#
|
279
|
-
#Useful for checking if a module is just a module or if it is a namespace.
|
279
|
+
# Useful for checking if a module is just a module or if it is a namespace.
|
280
280
|
def contains_class? exp
|
281
281
|
todo = [exp]
|
282
282
|
|
@@ -297,10 +297,10 @@ module Railroader::Util
|
|
297
297
|
call = Sexp.new(:call, target, method)
|
298
298
|
|
299
299
|
if args.empty? or args.first.empty?
|
300
|
-
#nothing to do
|
300
|
+
# nothing to do
|
301
301
|
elsif node_type? args.first, :arglist
|
302
302
|
call.concat args.first[1..-1]
|
303
|
-
elsif args.first.node_type.is_a? Sexp #just a list of args
|
303
|
+
elsif args.first.node_type.is_a? Sexp # just a list of args
|
304
304
|
call.concat args.first
|
305
305
|
else
|
306
306
|
call.concat args
|
@@ -329,7 +329,7 @@ module Railroader::Util
|
|
329
329
|
@tracker.config.rails_version
|
330
330
|
end
|
331
331
|
|
332
|
-
#Return file name related to given warning. Uses +warning.file+ if it exists
|
332
|
+
# Return file name related to given warning. Uses +warning.file+ if it exists
|
333
333
|
def file_for warning, tracker = nil
|
334
334
|
if tracker.nil?
|
335
335
|
tracker = @tracker || self.tracker
|
@@ -355,10 +355,10 @@ module Railroader::Util
|
|
355
355
|
end
|
356
356
|
end
|
357
357
|
|
358
|
-
#Attempt to determine path to context file based on the reported name
|
359
|
-
#in the warning.
|
358
|
+
# Attempt to determine path to context file based on the reported name
|
359
|
+
# in the warning.
|
360
360
|
#
|
361
|
-
#For example,
|
361
|
+
# For example,
|
362
362
|
#
|
363
363
|
# file_by_name FileController #=> "/rails/root/app/controllers/file_controller.rb
|
364
364
|
def file_by_name name, type, tracker = nil
|
@@ -405,8 +405,8 @@ module Railroader::Util
|
|
405
405
|
path
|
406
406
|
end
|
407
407
|
|
408
|
-
#Return array of lines surrounding the warning location from the original
|
409
|
-
#file.
|
408
|
+
# Return array of lines surrounding the warning location from the original
|
409
|
+
# file.
|
410
410
|
def context_for app_tree, warning, tracker = nil
|
411
411
|
file = file_for warning, tracker
|
412
412
|
context = []
|
@@ -446,7 +446,7 @@ module Railroader::Util
|
|
446
446
|
end
|
447
447
|
end
|
448
448
|
|
449
|
-
#Convert path/filename to view name
|
449
|
+
# Convert path/filename to view name
|
450
450
|
#
|
451
451
|
# views/test/something.html.erb -> test/something
|
452
452
|
def template_path_to_name path
|
data/lib/railroader/version.rb
CHANGED
data/lib/railroader/warning.rb
CHANGED
@@ -2,7 +2,7 @@ require 'json'
|
|
2
2
|
require 'digest/sha2'
|
3
3
|
require 'railroader/warning_codes'
|
4
4
|
|
5
|
-
#The Warning class stores information about warnings
|
5
|
+
# The Warning class stores information about warnings
|
6
6
|
class Railroader::Warning
|
7
7
|
attr_reader :called_from, :check, :class, :confidence, :controller,
|
8
8
|
:line, :method, :model, :template, :user_input, :user_input_type,
|
@@ -59,7 +59,7 @@ class Railroader::Warning
|
|
59
59
|
@code ||= result[:call]
|
60
60
|
@file ||= result[:location][:file]
|
61
61
|
|
62
|
-
if result[:location][:type] == :template #template result
|
62
|
+
if result[:location][:type] == :template # template result
|
63
63
|
@template ||= result[:location][:template]
|
64
64
|
else
|
65
65
|
@class ||= result[:location][:class]
|
@@ -141,7 +141,7 @@ class Railroader::Warning
|
|
141
141
|
raise "Invalid confidence: `#{@confidence}`" unless TEXT_CONFIDENCE[@confidence]
|
142
142
|
end
|
143
143
|
|
144
|
-
#Returns name of a view, including where it was rendered from
|
144
|
+
# Returns name of a view, including where it was rendered from
|
145
145
|
def view_name(include_renderer = true)
|
146
146
|
if called_from and include_renderer
|
147
147
|
@view_name = "#{template.name} (#{called_from.last})"
|
@@ -150,14 +150,14 @@ class Railroader::Warning
|
|
150
150
|
end
|
151
151
|
end
|
152
152
|
|
153
|
-
#Return String of the code output from the OutputProcessor and
|
154
|
-
#stripped of newlines and tabs.
|
153
|
+
# Return String of the code output from the OutputProcessor and
|
154
|
+
# stripped of newlines and tabs.
|
155
155
|
def format_code strip = true
|
156
156
|
format_ruby self.code, strip
|
157
157
|
end
|
158
158
|
|
159
|
-
#Return String of the user input formatted and
|
160
|
-
#stripped of newlines and tabs.
|
159
|
+
# Return String of the user input formatted and
|
160
|
+
# stripped of newlines and tabs.
|
161
161
|
def format_user_input strip = true
|
162
162
|
format_ruby self.user_input, strip
|
163
163
|
end
|
@@ -172,7 +172,7 @@ class Railroader::Warning
|
|
172
172
|
end
|
173
173
|
end
|
174
174
|
|
175
|
-
#Return formatted warning message
|
175
|
+
# Return formatted warning message
|
176
176
|
def format_message
|
177
177
|
return @format_message if @format_message
|
178
178
|
|
@@ -206,7 +206,7 @@ class Railroader::Warning
|
|
206
206
|
@link
|
207
207
|
end
|
208
208
|
|
209
|
-
#Generates a hash suitable for inserting into a table
|
209
|
+
# Generates a hash suitable for inserting into a table
|
210
210
|
def to_row type = :warning
|
211
211
|
@row = { "Confidence" => self.confidence,
|
212
212
|
"Warning Type" => self.warning_type.to_s,
|
@@ -291,4 +291,3 @@ class Railroader::Warning
|
|
291
291
|
formatted
|
292
292
|
end
|
293
293
|
end
|
294
|
-
|