railroader 4.3.5 → 4.3.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +16 -0
- data/README.md +15 -0
- data/bin/railroader +1 -1
- data/lib/railroader/call_index.rb +11 -11
- data/lib/railroader/checks/base_check.rb +43 -43
- data/lib/railroader/checks/check_basic_auth.rb +3 -3
- data/lib/railroader/checks/check_content_tag.rb +9 -9
- data/lib/railroader/checks/check_create_with.rb +2 -2
- data/lib/railroader/checks/check_cross_site_scripting.rb +24 -24
- data/lib/railroader/checks/check_default_routes.rb +5 -5
- data/lib/railroader/checks/check_deserialize.rb +1 -1
- data/lib/railroader/checks/check_dynamic_finders.rb +1 -1
- data/lib/railroader/checks/check_escape_function.rb +3 -3
- data/lib/railroader/checks/check_evaluation.rb +4 -4
- data/lib/railroader/checks/check_execute.rb +8 -8
- data/lib/railroader/checks/check_file_access.rb +2 -2
- data/lib/railroader/checks/check_filter_skipping.rb +2 -2
- data/lib/railroader/checks/check_forgery_setting.rb +3 -3
- data/lib/railroader/checks/check_jruby_xml.rb +1 -1
- data/lib/railroader/checks/check_json_parsing.rb +2 -2
- data/lib/railroader/checks/check_link_to.rb +12 -12
- data/lib/railroader/checks/check_link_to_href.rb +9 -9
- data/lib/railroader/checks/check_mail_to.rb +4 -4
- data/lib/railroader/checks/check_mass_assignment.rb +5 -5
- data/lib/railroader/checks/check_model_attributes.rb +6 -6
- data/lib/railroader/checks/check_model_serialize.rb +2 -2
- data/lib/railroader/checks/check_nested_attributes.rb +2 -2
- data/lib/railroader/checks/check_nested_attributes_bypass.rb +1 -1
- data/lib/railroader/checks/check_quote_table_name.rb +3 -3
- data/lib/railroader/checks/check_redirect.rb +19 -19
- data/lib/railroader/checks/check_regex_dos.rb +3 -3
- data/lib/railroader/checks/check_render.rb +4 -4
- data/lib/railroader/checks/check_response_splitting.rb +2 -2
- data/lib/railroader/checks/check_safe_buffer_manipulation.rb +4 -4
- data/lib/railroader/checks/check_sanitize_methods.rb +2 -2
- data/lib/railroader/checks/check_select_tag.rb +4 -4
- data/lib/railroader/checks/check_select_vulnerability.rb +3 -3
- data/lib/railroader/checks/check_send.rb +1 -1
- data/lib/railroader/checks/check_send_file.rb +1 -1
- data/lib/railroader/checks/check_session_settings.rb +10 -10
- data/lib/railroader/checks/check_single_quotes.rb +8 -8
- data/lib/railroader/checks/check_skip_before_filter.rb +5 -5
- data/lib/railroader/checks/check_sql.rb +41 -41
- data/lib/railroader/checks/check_strip_tags.rb +6 -6
- data/lib/railroader/checks/check_symbol_dos_cve.rb +0 -1
- data/lib/railroader/checks/check_translate_bug.rb +4 -4
- data/lib/railroader/checks/check_unsafe_reflection.rb +1 -1
- data/lib/railroader/checks/check_validation_regex.rb +7 -7
- data/lib/railroader/checks/check_weak_hash.rb +1 -1
- data/lib/railroader/checks/check_without_protection.rb +9 -9
- data/lib/railroader/checks/check_yaml_parsing.rb +5 -5
- data/lib/railroader/checks.rb +18 -18
- data/lib/railroader/commandline.rb +1 -1
- data/lib/railroader/differ.rb +2 -2
- data/lib/railroader/options.rb +7 -7
- data/lib/railroader/parsers/rails2_erubis.rb +1 -1
- data/lib/railroader/parsers/rails2_xss_plugin_erubis.rb +4 -4
- data/lib/railroader/parsers/template_parser.rb +1 -1
- data/lib/railroader/processor.rb +17 -17
- data/lib/railroader/processors/alias_processor.rb +72 -72
- data/lib/railroader/processors/base_processor.rb +31 -31
- data/lib/railroader/processors/controller_alias_processor.rb +31 -31
- data/lib/railroader/processors/controller_processor.rb +29 -29
- data/lib/railroader/processors/erb_template_processor.rb +8 -8
- data/lib/railroader/processors/erubis_template_processor.rb +6 -6
- data/lib/railroader/processors/gem_processor.rb +1 -1
- data/lib/railroader/processors/haml_template_processor.rb +14 -14
- data/lib/railroader/processors/lib/call_conversion_helper.rb +1 -1
- data/lib/railroader/processors/lib/find_all_calls.rb +15 -15
- data/lib/railroader/processors/lib/find_call.rb +26 -26
- data/lib/railroader/processors/lib/find_return_value.rb +11 -11
- data/lib/railroader/processors/lib/module_helper.rb +1 -1
- data/lib/railroader/processors/lib/processor_helper.rb +4 -4
- data/lib/railroader/processors/lib/rails2_config_processor.rb +20 -20
- data/lib/railroader/processors/lib/rails2_route_processor.rb +38 -38
- data/lib/railroader/processors/lib/rails3_config_processor.rb +14 -14
- data/lib/railroader/processors/lib/rails3_route_processor.rb +16 -16
- data/lib/railroader/processors/lib/render_helper.rb +32 -32
- data/lib/railroader/processors/lib/route_helper.rb +12 -12
- data/lib/railroader/processors/library_processor.rb +1 -1
- data/lib/railroader/processors/model_processor.rb +9 -9
- data/lib/railroader/processors/output_processor.rb +3 -3
- data/lib/railroader/processors/slim_template_processor.rb +4 -4
- data/lib/railroader/processors/template_alias_processor.rb +10 -10
- data/lib/railroader/processors/template_processor.rb +7 -7
- data/lib/railroader/report/renderer.rb +1 -1
- data/lib/railroader/report/report_base.rb +12 -12
- data/lib/railroader/report/report_csv.rb +2 -2
- data/lib/railroader/report/report_html.rb +5 -5
- data/lib/railroader/report/report_markdown.rb +2 -2
- data/lib/railroader/report/report_table.rb +3 -3
- data/lib/railroader/report/report_tabs.rb +2 -2
- data/lib/railroader/report/report_text.rb +3 -4
- data/lib/railroader/report.rb +3 -3
- data/lib/railroader/rescanner.rb +36 -36
- data/lib/railroader/scanner.rb +23 -23
- data/lib/railroader/tracker/config.rb +3 -3
- data/lib/railroader/tracker/controller.rb +2 -2
- data/lib/railroader/tracker.rb +42 -42
- data/lib/railroader/util.rb +47 -47
- data/lib/railroader/version.rb +1 -1
- data/lib/railroader/warning.rb +9 -10
- data/lib/railroader.rb +32 -32
- data/lib/ruby_parser/bm_sexp.rb +63 -63
- data/lib/ruby_parser/bm_sexp_processor.rb +3 -3
- metadata +4 -4
@@ -1,10 +1,10 @@
|
|
1
1
|
require 'railroader/processors/lib/basic_processor'
|
2
2
|
|
3
|
-
#Finds method calls matching the given target(s).
|
3
|
+
# Finds method calls matching the given target(s).
|
4
4
|
# #-- This should be deprecated --#
|
5
5
|
# #-- Do not use for new code --#
|
6
6
|
#
|
7
|
-
#Targets/methods can be:
|
7
|
+
# Targets/methods can be:
|
8
8
|
#
|
9
9
|
# - nil: matches anything, including nothing
|
10
10
|
# - Empty array: matches nothing
|
@@ -13,12 +13,12 @@ require 'railroader/processors/lib/basic_processor'
|
|
13
13
|
# - Regular expression: matches the expression
|
14
14
|
# - Array of regular expressions: matches any of the expressions
|
15
15
|
#
|
16
|
-
#If a target is also the name of a class, methods called on instances
|
17
|
-
#of that class will also be matched, in a very limited way.
|
18
|
-
#(Any methods called on Klass.new, basically. More useful when used
|
19
|
-
#in conjunction with AliasProcessor.)
|
16
|
+
# If a target is also the name of a class, methods called on instances
|
17
|
+
# of that class will also be matched, in a very limited way.
|
18
|
+
# (Any methods called on Klass.new, basically. More useful when used
|
19
|
+
# in conjunction with AliasProcessor.)
|
20
20
|
#
|
21
|
-
#Examples:
|
21
|
+
# Examples:
|
22
22
|
#
|
23
23
|
# #To find any uses of this class:
|
24
24
|
# FindCall.new :FindCall, nil
|
@@ -43,23 +43,23 @@ class Railroader::FindCall < Railroader::BasicProcessor
|
|
43
43
|
@in_depth = in_depth
|
44
44
|
end
|
45
45
|
|
46
|
-
#Returns a list of results.
|
46
|
+
# Returns a list of results.
|
47
47
|
#
|
48
|
-
#A result looks like:
|
48
|
+
# A result looks like:
|
49
49
|
#
|
50
50
|
# s(:result, :ClassName, :method_name, s(:call, ...))
|
51
51
|
#
|
52
|
-
#or
|
52
|
+
# or
|
53
53
|
#
|
54
54
|
# s(:result, :template_name, s(:call, ...))
|
55
55
|
def matches
|
56
56
|
@calls
|
57
57
|
end
|
58
58
|
|
59
|
-
#Process the given source. Provide either class and method being searched
|
60
|
-
#or the template. These names are used when reporting results.
|
59
|
+
# Process the given source. Provide either class and method being searched
|
60
|
+
# or the template. These names are used when reporting results.
|
61
61
|
#
|
62
|
-
#Use FindCall#matches to retrieve results.
|
62
|
+
# Use FindCall#matches to retrieve results.
|
63
63
|
def process_source exp, klass = nil, method = nil, template = nil
|
64
64
|
@current_class = klass
|
65
65
|
@current_method = method
|
@@ -67,19 +67,19 @@ class Railroader::FindCall < Railroader::BasicProcessor
|
|
67
67
|
process exp
|
68
68
|
end
|
69
69
|
|
70
|
-
#Process body of method
|
70
|
+
# Process body of method
|
71
71
|
def process_defn exp
|
72
72
|
process_all exp.body
|
73
73
|
end
|
74
74
|
|
75
75
|
alias :process_defs :process_defn
|
76
76
|
|
77
|
-
#Process body of block
|
77
|
+
# Process body of block
|
78
78
|
def process_rlist exp
|
79
79
|
process_all exp
|
80
80
|
end
|
81
81
|
|
82
|
-
#Look for matching calls and add them to results
|
82
|
+
# Look for matching calls and add them to results
|
83
83
|
def process_call exp
|
84
84
|
target = get_target exp.target
|
85
85
|
method = exp.method
|
@@ -95,13 +95,13 @@ class Railroader::FindCall < Railroader::BasicProcessor
|
|
95
95
|
end
|
96
96
|
|
97
97
|
end
|
98
|
-
|
99
|
-
#Normally FindCall won't match a method invocation that is the target of
|
100
|
-
#another call, such as:
|
98
|
+
|
99
|
+
# Normally FindCall won't match a method invocation that is the target of
|
100
|
+
# another call, such as:
|
101
101
|
#
|
102
102
|
# User.find(:first, :conditions => "user = '#{params['user']}').name
|
103
103
|
#
|
104
|
-
#A search for User.find will not match this unless @in_depth is true.
|
104
|
+
# A search for User.find will not match this unless @in_depth is true.
|
105
105
|
if @in_depth and call? exp.target
|
106
106
|
process exp.target
|
107
107
|
end
|
@@ -109,15 +109,15 @@ class Railroader::FindCall < Railroader::BasicProcessor
|
|
109
109
|
exp
|
110
110
|
end
|
111
111
|
|
112
|
-
#Process an assignment like a call
|
112
|
+
# Process an assignment like a call
|
113
113
|
def process_attrasgn exp
|
114
114
|
process_call exp
|
115
115
|
end
|
116
116
|
|
117
117
|
private
|
118
118
|
|
119
|
-
#Gets the target of a call as a Symbol
|
120
|
-
#if possible
|
119
|
+
# Gets the target of a call as a Symbol
|
120
|
+
# if possible
|
121
121
|
def get_target exp
|
122
122
|
if sexp? exp
|
123
123
|
case exp.node_type
|
@@ -135,7 +135,7 @@ class Railroader::FindCall < Railroader::BasicProcessor
|
|
135
135
|
end
|
136
136
|
end
|
137
137
|
|
138
|
-
#Checks if the search terms match the given item
|
138
|
+
# Checks if the search terms match the given item
|
139
139
|
def match search_terms, item
|
140
140
|
case search_terms
|
141
141
|
when Symbol
|
@@ -152,7 +152,7 @@ class Railroader::FindCall < Railroader::BasicProcessor
|
|
152
152
|
if search_terms.empty?
|
153
153
|
item == nil
|
154
154
|
else
|
155
|
-
search_terms.each do|term|
|
155
|
+
search_terms.each do |term|
|
156
156
|
if match(term, item)
|
157
157
|
return true
|
158
158
|
end
|
@@ -168,7 +168,7 @@ class Railroader::FindCall < Railroader::BasicProcessor
|
|
168
168
|
end
|
169
169
|
end
|
170
170
|
|
171
|
-
#Checks if +item+ is an instance of +klass+ by looking for Klass.new
|
171
|
+
# Checks if +item+ is an instance of +klass+ by looking for Klass.new
|
172
172
|
def is_instance_of? item, klass
|
173
173
|
if call? item
|
174
174
|
if sexp? item.target
|
@@ -1,16 +1,16 @@
|
|
1
1
|
require 'railroader/processors/alias_processor'
|
2
2
|
|
3
|
-
#Attempts to determine the return value of a method.
|
3
|
+
# Attempts to determine the return value of a method.
|
4
4
|
#
|
5
|
-
#Preferred usage:
|
5
|
+
# Preferred usage:
|
6
6
|
#
|
7
7
|
# Railroader::FindReturnValue.return_value exp
|
8
8
|
class Railroader::FindReturnValue
|
9
9
|
include Railroader::Util
|
10
10
|
|
11
|
-
#Returns a guess at the return value of a given method or other block of code.
|
11
|
+
# Returns a guess at the return value of a given method or other block of code.
|
12
12
|
#
|
13
|
-
#If multiple return values are possible, returns all values in an :or Sexp.
|
13
|
+
# If multiple return values are possible, returns all values in an :or Sexp.
|
14
14
|
def self.return_value exp, env = nil
|
15
15
|
self.new.get_return_value exp, env
|
16
16
|
end
|
@@ -24,7 +24,7 @@ class Railroader::FindReturnValue
|
|
24
24
|
@uses_ivars
|
25
25
|
end
|
26
26
|
|
27
|
-
#Find return value of Sexp. Takes an optional starting environment.
|
27
|
+
# Find return value of Sexp. Takes an optional starting environment.
|
28
28
|
def get_return_value exp, env = nil
|
29
29
|
process_method exp, env
|
30
30
|
value = make_return_value
|
@@ -32,7 +32,7 @@ class Railroader::FindReturnValue
|
|
32
32
|
value
|
33
33
|
end
|
34
34
|
|
35
|
-
#Process method (or, actually, any Sexp) for return value.
|
35
|
+
# Process method (or, actually, any Sexp) for return value.
|
36
36
|
def process_method exp, env = nil
|
37
37
|
exp = Railroader::AliasProcessor.new.process_safely exp, env
|
38
38
|
|
@@ -55,7 +55,7 @@ class Railroader::FindReturnValue
|
|
55
55
|
exp
|
56
56
|
end
|
57
57
|
|
58
|
-
#Searches expression for return statements.
|
58
|
+
# Searches expression for return statements.
|
59
59
|
def find_explicit_return_values exp
|
60
60
|
todo = [exp]
|
61
61
|
|
@@ -72,7 +72,7 @@ class Railroader::FindReturnValue
|
|
72
72
|
end
|
73
73
|
end
|
74
74
|
|
75
|
-
#Determines the "last value" of an expression.
|
75
|
+
# Determines the "last value" of an expression.
|
76
76
|
def last_value exp
|
77
77
|
case exp.node_type
|
78
78
|
when :rlist, :block, :scope, Sexp
|
@@ -95,7 +95,7 @@ class Railroader::FindReturnValue
|
|
95
95
|
value = make_or(true_branch, false_branch)
|
96
96
|
value.original_line = value.rhs.line
|
97
97
|
value
|
98
|
-
else #Unlikely?
|
98
|
+
else # Unlikely?
|
99
99
|
true_branch or false_branch
|
100
100
|
end
|
101
101
|
end
|
@@ -140,7 +140,7 @@ class Railroader::FindReturnValue
|
|
140
140
|
end
|
141
141
|
|
142
142
|
def make_or lhs, rhs
|
143
|
-
#Better checks in future
|
143
|
+
# Better checks in future
|
144
144
|
if lhs == rhs
|
145
145
|
lhs
|
146
146
|
else
|
@@ -148,7 +148,7 @@ class Railroader::FindReturnValue
|
|
148
148
|
end
|
149
149
|
end
|
150
150
|
|
151
|
-
#Turns the array of return values into an :or Sexp
|
151
|
+
# Turns the array of return values into an :or Sexp
|
152
152
|
def make_return_value
|
153
153
|
@return_values.compact!
|
154
154
|
@return_values.uniq!
|
@@ -47,7 +47,7 @@ module Railroader::ModuleHelper
|
|
47
47
|
@current_class = collection[name]
|
48
48
|
@current_class.add_file @file_name, exp
|
49
49
|
else
|
50
|
-
@current_class = tracker_class.new name, parent, @file_name, exp, @tracker
|
50
|
+
@current_class = tracker_class.new name, parent, @file_name, exp, @tracker
|
51
51
|
collection[name] = @current_class
|
52
52
|
end
|
53
53
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
#Contains a couple shared methods for Processors.
|
1
|
+
# Contains a couple shared methods for Processors.
|
2
2
|
module Railroader::ProcessorHelper
|
3
3
|
def process_all exp
|
4
4
|
exp.each_sexp do |e|
|
@@ -19,9 +19,9 @@ module Railroader::ProcessorHelper
|
|
19
19
|
exp
|
20
20
|
end
|
21
21
|
|
22
|
-
#Process the arguments of a method call. Does not store results.
|
22
|
+
# Process the arguments of a method call. Does not store results.
|
23
23
|
#
|
24
|
-
#This method is used because Sexp#args and Sexp#arglist create new objects.
|
24
|
+
# This method is used because Sexp#args and Sexp#arglist create new objects.
|
25
25
|
def process_call_args exp
|
26
26
|
exp.each_arg do |a|
|
27
27
|
process a if sexp? a
|
@@ -38,7 +38,7 @@ module Railroader::ProcessorHelper
|
|
38
38
|
exp
|
39
39
|
end
|
40
40
|
|
41
|
-
#Sets the current module.
|
41
|
+
# Sets the current module.
|
42
42
|
def process_module exp
|
43
43
|
module_name = class_name(exp.class_name).to_s
|
44
44
|
prev_module = @current_module
|
@@ -1,39 +1,39 @@
|
|
1
1
|
require 'railroader/processors/lib/basic_processor'
|
2
2
|
|
3
|
-
#Processes configuration. Results are put in tracker.config.
|
3
|
+
# Processes configuration. Results are put in tracker.config.
|
4
4
|
#
|
5
|
-
#Configuration of Rails via Rails::Initializer are stored in tracker.config.rails.
|
6
|
-
#For example:
|
5
|
+
# Configuration of Rails via Rails::Initializer are stored in tracker.config.rails.
|
6
|
+
# For example:
|
7
7
|
#
|
8
8
|
# Rails::Initializer.run |config|
|
9
9
|
# config.action_controller.session_store = :cookie_store
|
10
10
|
# end
|
11
11
|
#
|
12
|
-
#will be stored in
|
12
|
+
# will be stored in
|
13
13
|
#
|
14
14
|
# tracker.config[:rails][:action_controller][:session_store]
|
15
15
|
#
|
16
|
-
#Values for tracker.config.rails will still be Sexps.
|
16
|
+
# Values for tracker.config.rails will still be Sexps.
|
17
17
|
class Railroader::Rails2ConfigProcessor < Railroader::BasicProcessor
|
18
|
-
#Replace block variable in
|
18
|
+
# Replace block variable in
|
19
19
|
#
|
20
20
|
# Rails::Initializer.run |config|
|
21
21
|
#
|
22
|
-
#with this value so we can keep track of it.
|
22
|
+
# with this value so we can keep track of it.
|
23
23
|
RAILS_CONFIG = Sexp.new(:const, :"!BRAKEMAN_RAILS_CONFIG")
|
24
24
|
|
25
25
|
def initialize *args
|
26
26
|
super
|
27
27
|
end
|
28
28
|
|
29
|
-
#Use this method to process configuration file
|
29
|
+
# Use this method to process configuration file
|
30
30
|
def process_config src, file_name
|
31
31
|
@file_name = file_name
|
32
32
|
res = Railroader::ConfigAliasProcessor.new.process_safely(src, nil, file_name)
|
33
33
|
process res
|
34
34
|
end
|
35
35
|
|
36
|
-
#Check if config is set to use Erubis
|
36
|
+
# Check if config is set to use Erubis
|
37
37
|
def process_call exp
|
38
38
|
target = exp.target
|
39
39
|
target = process target if sexp? target
|
@@ -46,13 +46,13 @@ class Railroader::Rails2ConfigProcessor < Railroader::BasicProcessor
|
|
46
46
|
exp
|
47
47
|
end
|
48
48
|
|
49
|
-
#Look for configuration settings
|
49
|
+
# Look for configuration settings
|
50
50
|
def process_attrasgn exp
|
51
51
|
if exp.target == RAILS_CONFIG
|
52
|
-
#Get rid of '=' at end
|
52
|
+
# Get rid of '=' at end
|
53
53
|
attribute = exp.method.to_s[0..-2].to_sym
|
54
54
|
if exp.args.length > 1
|
55
|
-
#Multiple arguments?...not sure if this will ever happen
|
55
|
+
# Multiple arguments?...not sure if this will ever happen
|
56
56
|
@tracker.config.rails[attribute] = exp.args
|
57
57
|
else
|
58
58
|
@tracker.config.rails[attribute] = exp.first_arg
|
@@ -71,9 +71,9 @@ class Railroader::Rails2ConfigProcessor < Railroader::BasicProcessor
|
|
71
71
|
exp
|
72
72
|
end
|
73
73
|
|
74
|
-
#Check for Rails version
|
74
|
+
# Check for Rails version
|
75
75
|
def process_cdecl exp
|
76
|
-
#Set Rails version required
|
76
|
+
# Set Rails version required
|
77
77
|
if exp.lhs == :RAILS_GEM_VERSION
|
78
78
|
@tracker.config.rails_version = exp.rhs.value
|
79
79
|
end
|
@@ -81,7 +81,7 @@ class Railroader::Rails2ConfigProcessor < Railroader::BasicProcessor
|
|
81
81
|
exp
|
82
82
|
end
|
83
83
|
|
84
|
-
#Check if an expression includes a call to set Rails config
|
84
|
+
# Check if an expression includes a call to set Rails config
|
85
85
|
def include_rails_config? exp
|
86
86
|
target = exp.target
|
87
87
|
if call? target
|
@@ -97,11 +97,11 @@ class Railroader::Rails2ConfigProcessor < Railroader::BasicProcessor
|
|
97
97
|
end
|
98
98
|
end
|
99
99
|
|
100
|
-
#Returns an array of symbols for each 'level' in the config
|
100
|
+
# Returns an array of symbols for each 'level' in the config
|
101
101
|
#
|
102
102
|
# config.action_controller.session_store = :cookie
|
103
103
|
#
|
104
|
-
#becomes
|
104
|
+
# becomes
|
105
105
|
#
|
106
106
|
# [:action_controller, :session_store]
|
107
107
|
def get_rails_config exp
|
@@ -120,18 +120,18 @@ class Railroader::Rails2ConfigProcessor < Railroader::BasicProcessor
|
|
120
120
|
end
|
121
121
|
end
|
122
122
|
|
123
|
-
#This is necessary to replace block variable so we can track config settings
|
123
|
+
# This is necessary to replace block variable so we can track config settings
|
124
124
|
class Railroader::ConfigAliasProcessor < Railroader::AliasProcessor
|
125
125
|
|
126
126
|
RAILS_INIT = Sexp.new(:colon2, Sexp.new(:const, :Rails), :Initializer)
|
127
127
|
|
128
|
-
#Look for a call to
|
128
|
+
# Look for a call to
|
129
129
|
#
|
130
130
|
# Rails::Initializer.run do |config|
|
131
131
|
# ...
|
132
132
|
# end
|
133
133
|
#
|
134
|
-
#and replace config with RAILS_CONFIG
|
134
|
+
# and replace config with RAILS_CONFIG
|
135
135
|
def process_iter exp
|
136
136
|
target = exp.block_call.target
|
137
137
|
method = exp.block_call.method
|
@@ -1,9 +1,9 @@
|
|
1
1
|
require 'railroader/processors/lib/basic_processor'
|
2
2
|
|
3
|
-
#Processes the Sexp from routes.rb. Stores results in tracker.routes.
|
3
|
+
# Processes the Sexp from routes.rb. Stores results in tracker.routes.
|
4
4
|
#
|
5
|
-
#Note that it is only interested in determining what methods on which
|
6
|
-
#controllers are used as routes, not the generated URLs for routes.
|
5
|
+
# Note that it is only interested in determining what methods on which
|
6
|
+
# controllers are used as routes, not the generated URLs for routes.
|
7
7
|
class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
8
8
|
include Railroader::RouteHelper
|
9
9
|
|
@@ -12,22 +12,22 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
12
12
|
def initialize tracker
|
13
13
|
super
|
14
14
|
@map = Sexp.new(:lvar, :map)
|
15
|
-
@nested = nil #used for identifying nested targets
|
16
|
-
@prefix = [] #Controller name prefix (a module name, usually)
|
15
|
+
@nested = nil # used for identifying nested targets
|
16
|
+
@prefix = [] # Controller name prefix (a module name, usually)
|
17
17
|
@current_controller = nil
|
18
|
-
@with_options = nil #For use inside map.with_options
|
18
|
+
@with_options = nil # For use inside map.with_options
|
19
19
|
@file_name = "config/routes.rb"
|
20
20
|
end
|
21
21
|
|
22
|
-
#Call this with parsed route file information.
|
22
|
+
# Call this with parsed route file information.
|
23
23
|
#
|
24
|
-
#This method first calls RouteAliasProcessor#process_safely on the +exp+,
|
25
|
-
#so it does not modify the +exp+.
|
24
|
+
# This method first calls RouteAliasProcessor#process_safely on the +exp+,
|
25
|
+
# so it does not modify the +exp+.
|
26
26
|
def process_routes exp
|
27
27
|
process Railroader::RouteAliasProcessor.new.process_safely(exp, nil, @file_name)
|
28
28
|
end
|
29
29
|
|
30
|
-
#Looking for mapping of routes
|
30
|
+
# Looking for mapping of routes
|
31
31
|
def process_call exp
|
32
32
|
target = exp.target
|
33
33
|
|
@@ -40,8 +40,8 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
40
40
|
exp
|
41
41
|
end
|
42
42
|
|
43
|
-
#Process a map.something call
|
44
|
-
#based on the method used
|
43
|
+
# Process a map.something call
|
44
|
+
# based on the method used
|
45
45
|
def process_map exp
|
46
46
|
args = exp.args
|
47
47
|
|
@@ -59,8 +59,8 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
59
59
|
exp
|
60
60
|
end
|
61
61
|
|
62
|
-
#Look for map calls that take a block.
|
63
|
-
#Otherwise, just do the default processing.
|
62
|
+
# Look for map calls that take a block.
|
63
|
+
# Otherwise, just do the default processing.
|
64
64
|
def process_iter exp
|
65
65
|
target = exp.block_call.target
|
66
66
|
|
@@ -81,9 +81,9 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
81
81
|
end
|
82
82
|
end
|
83
83
|
|
84
|
-
#Process
|
84
|
+
# Process
|
85
85
|
# map.resources :x, :controller => :y, :member => ...
|
86
|
-
#etc.
|
86
|
+
# etc.
|
87
87
|
def process_resources exp
|
88
88
|
controller = check_for_controller_name exp
|
89
89
|
if controller
|
@@ -100,8 +100,8 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
100
100
|
end
|
101
101
|
end
|
102
102
|
|
103
|
-
#Process all the options that might be in the hash passed to
|
104
|
-
#map.resource, et al.
|
103
|
+
# Process all the options that might be in the hash passed to
|
104
|
+
# map.resource, et al.
|
105
105
|
def process_resource_options exp
|
106
106
|
if exp.nil? and @with_options
|
107
107
|
exp = @with_options
|
@@ -115,12 +115,12 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
115
115
|
when :controller, :requirements, :singular, :path_prefix, :as,
|
116
116
|
:path_names, :shallow, :name_prefix, :member_path, :nested_member_path,
|
117
117
|
:belongs_to, :conditions, :active_scaffold
|
118
|
-
#should be able to skip
|
118
|
+
# should be able to skip
|
119
119
|
when :collection, :member, :new
|
120
120
|
process_collection value
|
121
121
|
when :has_one
|
122
122
|
save_controller = current_controller
|
123
|
-
process_resource value[1..-1] #Verify this is proper behavior
|
123
|
+
process_resource value[1..-1] # Verify this is proper behavior
|
124
124
|
self.current_controller = save_controller
|
125
125
|
when :has_many
|
126
126
|
save_controller = current_controller
|
@@ -136,7 +136,7 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
136
136
|
end
|
137
137
|
end
|
138
138
|
|
139
|
-
#Process route option :only => ...
|
139
|
+
# Process route option :only => ...
|
140
140
|
def process_option_only exp
|
141
141
|
routes = @tracker.routes[@current_controller]
|
142
142
|
[:index, :new, :create, :show, :edit, :update, :destroy].each do |r|
|
@@ -150,7 +150,7 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
150
150
|
end
|
151
151
|
end
|
152
152
|
|
153
|
-
#Process route option :except => ...
|
153
|
+
# Process route option :except => ...
|
154
154
|
def process_option_except exp
|
155
155
|
return unless exp.node_type == :array
|
156
156
|
routes = @tracker.routes[@current_controller]
|
@@ -177,7 +177,7 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
177
177
|
end
|
178
178
|
end
|
179
179
|
|
180
|
-
#Process
|
180
|
+
# Process
|
181
181
|
# map.connect '/something', :controller => 'blah', :action => 'whatever'
|
182
182
|
def process_connect exp
|
183
183
|
return if exp.empty?
|
@@ -185,7 +185,7 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
185
185
|
controller = check_for_controller_name exp
|
186
186
|
self.current_controller = controller if controller
|
187
187
|
|
188
|
-
#Check for default route
|
188
|
+
# Check for default route
|
189
189
|
if string? exp.first
|
190
190
|
if exp.first.value == ":controller/:action/:id"
|
191
191
|
@tracker.routes[:allow_all_actions] = exp.first
|
@@ -195,11 +195,11 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
195
195
|
end
|
196
196
|
end
|
197
197
|
|
198
|
-
#This -seems- redundant, but people might connect actions
|
199
|
-
#to a controller which already allows them all
|
198
|
+
# This -seems- redundant, but people might connect actions
|
199
|
+
# to a controller which already allows them all
|
200
200
|
return if @tracker.routes[@current_controller].is_a? Array and @tracker.routes[@current_controller][0] == :allow_all_actions
|
201
201
|
|
202
|
-
exp.last.each_with_index do |e,i|
|
202
|
+
exp.last.each_with_index do |e, i|
|
203
203
|
if symbol? e and e.value == :action
|
204
204
|
action = exp.last[i + 1]
|
205
205
|
|
@@ -221,7 +221,7 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
221
221
|
|
222
222
|
self.current_controller = check_for_controller_name exp.block_call.args
|
223
223
|
|
224
|
-
#process block
|
224
|
+
# process block
|
225
225
|
process exp.block
|
226
226
|
|
227
227
|
@with_options = nil
|
@@ -252,7 +252,7 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
252
252
|
process_connect exp
|
253
253
|
end
|
254
254
|
|
255
|
-
#Process collection option
|
255
|
+
# Process collection option
|
256
256
|
# :collection => { :some_action => :http_actions }
|
257
257
|
def process_collection exp
|
258
258
|
return unless exp.node_type == :hash
|
@@ -265,10 +265,10 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
265
265
|
|
266
266
|
private
|
267
267
|
|
268
|
-
#Checks an argument list for a hash that has a key :controller.
|
269
|
-
#If it does, returns the value.
|
268
|
+
# Checks an argument list for a hash that has a key :controller.
|
269
|
+
# If it does, returns the value.
|
270
270
|
#
|
271
|
-
#Otherwise, returns nil.
|
271
|
+
# Otherwise, returns nil.
|
272
272
|
def check_for_controller_name args
|
273
273
|
args.each do |a|
|
274
274
|
if hash? a and value = hash_access(a, :controller)
|
@@ -280,13 +280,13 @@ class Railroader::Rails2RoutesProcessor < Railroader::BasicProcessor
|
|
280
280
|
end
|
281
281
|
end
|
282
282
|
|
283
|
-
#This is for a really specific case where a hash is used as arguments
|
284
|
-
#to one of the map methods.
|
283
|
+
# This is for a really specific case where a hash is used as arguments
|
284
|
+
# to one of the map methods.
|
285
285
|
class Railroader::RouteAliasProcessor < Railroader::AliasProcessor
|
286
286
|
|
287
|
-
#This replaces
|
287
|
+
# This replaces
|
288
288
|
# { :some => :hash }.keys
|
289
|
-
#with
|
289
|
+
# with
|
290
290
|
# [:some]
|
291
291
|
def process_call exp
|
292
292
|
process_default exp
|
@@ -294,14 +294,14 @@ class Railroader::RouteAliasProcessor < Railroader::AliasProcessor
|
|
294
294
|
if hash? exp.target and exp.method == :keys
|
295
295
|
keys = get_keys exp.target
|
296
296
|
exp.clear
|
297
|
-
keys.each_with_index do |e,i|
|
297
|
+
keys.each_with_index do |e, i|
|
298
298
|
exp[i] = e
|
299
299
|
end
|
300
300
|
end
|
301
301
|
exp
|
302
302
|
end
|
303
303
|
|
304
|
-
#Returns an array Sexp containing the keys from the hash
|
304
|
+
# Returns an array Sexp containing the keys from the hash
|
305
305
|
def get_keys hash
|
306
306
|
keys = Sexp.new(:array)
|
307
307
|
hash_iterate(hash) do |key, _value|
|
@@ -1,20 +1,20 @@
|
|
1
1
|
|
2
2
|
require 'railroader/processors/lib/basic_processor'
|
3
3
|
|
4
|
-
#Processes configuration. Results are put in tracker.config.
|
4
|
+
# Processes configuration. Results are put in tracker.config.
|
5
5
|
#
|
6
|
-
#Configuration of Rails via Rails::Initializer are stored in tracker.config.rails.
|
7
|
-
#For example:
|
6
|
+
# Configuration of Rails via Rails::Initializer are stored in tracker.config.rails.
|
7
|
+
# For example:
|
8
8
|
#
|
9
9
|
# MyApp::Application.configure do
|
10
10
|
# config.active_record.whitelist_attributes = true
|
11
11
|
# end
|
12
12
|
#
|
13
|
-
#will be stored in
|
13
|
+
# will be stored in
|
14
14
|
#
|
15
15
|
# tracker.config.rails[:active_record][:whitelist_attributes]
|
16
16
|
#
|
17
|
-
#Values for tracker.config.rails will still be Sexps.
|
17
|
+
# Values for tracker.config.rails will still be Sexps.
|
18
18
|
class Railroader::Rails3ConfigProcessor < Railroader::BasicProcessor
|
19
19
|
RAILS_CONFIG = Sexp.new(:call, nil, :config)
|
20
20
|
|
@@ -23,14 +23,14 @@ class Railroader::Rails3ConfigProcessor < Railroader::BasicProcessor
|
|
23
23
|
@inside_config = false
|
24
24
|
end
|
25
25
|
|
26
|
-
#Use this method to process configuration file
|
26
|
+
# Use this method to process configuration file
|
27
27
|
def process_config src, file_name
|
28
28
|
@file_name = file_name
|
29
29
|
res = Railroader::AliasProcessor.new(@tracker).process_safely(src, nil, @file_name)
|
30
30
|
process res
|
31
31
|
end
|
32
32
|
|
33
|
-
#Look for MyApp::Application.configure do ... end
|
33
|
+
# Look for MyApp::Application.configure do ... end
|
34
34
|
def process_iter exp
|
35
35
|
call = exp.block_call
|
36
36
|
|
@@ -46,7 +46,7 @@ class Railroader::Rails3ConfigProcessor < Railroader::BasicProcessor
|
|
46
46
|
exp
|
47
47
|
end
|
48
48
|
|
49
|
-
#Look for class Application < Rails::Application
|
49
|
+
# Look for class Application < Rails::Application
|
50
50
|
def process_class exp
|
51
51
|
if exp.class_name == :Application
|
52
52
|
@inside_config = true
|
@@ -57,15 +57,15 @@ class Railroader::Rails3ConfigProcessor < Railroader::BasicProcessor
|
|
57
57
|
exp
|
58
58
|
end
|
59
59
|
|
60
|
-
#Look for configuration settings
|
60
|
+
# Look for configuration settings
|
61
61
|
def process_attrasgn exp
|
62
62
|
return exp unless @inside_config
|
63
63
|
|
64
64
|
if exp.target == RAILS_CONFIG
|
65
|
-
#Get rid of '=' at end
|
65
|
+
# Get rid of '=' at end
|
66
66
|
attribute = exp.method.to_s[0..-2].to_sym
|
67
67
|
if exp.args.length > 1
|
68
|
-
#Multiple arguments?...not sure if this will ever happen
|
68
|
+
# Multiple arguments?...not sure if this will ever happen
|
69
69
|
@tracker.config.rails[attribute] = exp.args
|
70
70
|
else
|
71
71
|
@tracker.config.rails[attribute] = exp.first_arg
|
@@ -92,7 +92,7 @@ class Railroader::Rails3ConfigProcessor < Railroader::BasicProcessor
|
|
92
92
|
exp
|
93
93
|
end
|
94
94
|
|
95
|
-
#Check if an expression includes a call to set Rails config
|
95
|
+
# Check if an expression includes a call to set Rails config
|
96
96
|
def include_rails_config? exp
|
97
97
|
target = exp.target
|
98
98
|
if call? target
|
@@ -108,11 +108,11 @@ class Railroader::Rails3ConfigProcessor < Railroader::BasicProcessor
|
|
108
108
|
end
|
109
109
|
end
|
110
110
|
|
111
|
-
#Returns an array of symbols for each 'level' in the config
|
111
|
+
# Returns an array of symbols for each 'level' in the config
|
112
112
|
#
|
113
113
|
# config.action_controller.session_store = :cookie
|
114
114
|
#
|
115
|
-
#becomes
|
115
|
+
# becomes
|
116
116
|
#
|
117
117
|
# [:action_controller, :session_store]
|
118
118
|
def get_rails_config exp
|