railroader 4.3.5 → 4.3.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +16 -0
- data/README.md +15 -0
- data/bin/railroader +1 -1
- data/lib/railroader/call_index.rb +11 -11
- data/lib/railroader/checks/base_check.rb +43 -43
- data/lib/railroader/checks/check_basic_auth.rb +3 -3
- data/lib/railroader/checks/check_content_tag.rb +9 -9
- data/lib/railroader/checks/check_create_with.rb +2 -2
- data/lib/railroader/checks/check_cross_site_scripting.rb +24 -24
- data/lib/railroader/checks/check_default_routes.rb +5 -5
- data/lib/railroader/checks/check_deserialize.rb +1 -1
- data/lib/railroader/checks/check_dynamic_finders.rb +1 -1
- data/lib/railroader/checks/check_escape_function.rb +3 -3
- data/lib/railroader/checks/check_evaluation.rb +4 -4
- data/lib/railroader/checks/check_execute.rb +8 -8
- data/lib/railroader/checks/check_file_access.rb +2 -2
- data/lib/railroader/checks/check_filter_skipping.rb +2 -2
- data/lib/railroader/checks/check_forgery_setting.rb +3 -3
- data/lib/railroader/checks/check_jruby_xml.rb +1 -1
- data/lib/railroader/checks/check_json_parsing.rb +2 -2
- data/lib/railroader/checks/check_link_to.rb +12 -12
- data/lib/railroader/checks/check_link_to_href.rb +9 -9
- data/lib/railroader/checks/check_mail_to.rb +4 -4
- data/lib/railroader/checks/check_mass_assignment.rb +5 -5
- data/lib/railroader/checks/check_model_attributes.rb +6 -6
- data/lib/railroader/checks/check_model_serialize.rb +2 -2
- data/lib/railroader/checks/check_nested_attributes.rb +2 -2
- data/lib/railroader/checks/check_nested_attributes_bypass.rb +1 -1
- data/lib/railroader/checks/check_quote_table_name.rb +3 -3
- data/lib/railroader/checks/check_redirect.rb +19 -19
- data/lib/railroader/checks/check_regex_dos.rb +3 -3
- data/lib/railroader/checks/check_render.rb +4 -4
- data/lib/railroader/checks/check_response_splitting.rb +2 -2
- data/lib/railroader/checks/check_safe_buffer_manipulation.rb +4 -4
- data/lib/railroader/checks/check_sanitize_methods.rb +2 -2
- data/lib/railroader/checks/check_select_tag.rb +4 -4
- data/lib/railroader/checks/check_select_vulnerability.rb +3 -3
- data/lib/railroader/checks/check_send.rb +1 -1
- data/lib/railroader/checks/check_send_file.rb +1 -1
- data/lib/railroader/checks/check_session_settings.rb +10 -10
- data/lib/railroader/checks/check_single_quotes.rb +8 -8
- data/lib/railroader/checks/check_skip_before_filter.rb +5 -5
- data/lib/railroader/checks/check_sql.rb +41 -41
- data/lib/railroader/checks/check_strip_tags.rb +6 -6
- data/lib/railroader/checks/check_symbol_dos_cve.rb +0 -1
- data/lib/railroader/checks/check_translate_bug.rb +4 -4
- data/lib/railroader/checks/check_unsafe_reflection.rb +1 -1
- data/lib/railroader/checks/check_validation_regex.rb +7 -7
- data/lib/railroader/checks/check_weak_hash.rb +1 -1
- data/lib/railroader/checks/check_without_protection.rb +9 -9
- data/lib/railroader/checks/check_yaml_parsing.rb +5 -5
- data/lib/railroader/checks.rb +18 -18
- data/lib/railroader/commandline.rb +1 -1
- data/lib/railroader/differ.rb +2 -2
- data/lib/railroader/options.rb +7 -7
- data/lib/railroader/parsers/rails2_erubis.rb +1 -1
- data/lib/railroader/parsers/rails2_xss_plugin_erubis.rb +4 -4
- data/lib/railroader/parsers/template_parser.rb +1 -1
- data/lib/railroader/processor.rb +17 -17
- data/lib/railroader/processors/alias_processor.rb +72 -72
- data/lib/railroader/processors/base_processor.rb +31 -31
- data/lib/railroader/processors/controller_alias_processor.rb +31 -31
- data/lib/railroader/processors/controller_processor.rb +29 -29
- data/lib/railroader/processors/erb_template_processor.rb +8 -8
- data/lib/railroader/processors/erubis_template_processor.rb +6 -6
- data/lib/railroader/processors/gem_processor.rb +1 -1
- data/lib/railroader/processors/haml_template_processor.rb +14 -14
- data/lib/railroader/processors/lib/call_conversion_helper.rb +1 -1
- data/lib/railroader/processors/lib/find_all_calls.rb +15 -15
- data/lib/railroader/processors/lib/find_call.rb +26 -26
- data/lib/railroader/processors/lib/find_return_value.rb +11 -11
- data/lib/railroader/processors/lib/module_helper.rb +1 -1
- data/lib/railroader/processors/lib/processor_helper.rb +4 -4
- data/lib/railroader/processors/lib/rails2_config_processor.rb +20 -20
- data/lib/railroader/processors/lib/rails2_route_processor.rb +38 -38
- data/lib/railroader/processors/lib/rails3_config_processor.rb +14 -14
- data/lib/railroader/processors/lib/rails3_route_processor.rb +16 -16
- data/lib/railroader/processors/lib/render_helper.rb +32 -32
- data/lib/railroader/processors/lib/route_helper.rb +12 -12
- data/lib/railroader/processors/library_processor.rb +1 -1
- data/lib/railroader/processors/model_processor.rb +9 -9
- data/lib/railroader/processors/output_processor.rb +3 -3
- data/lib/railroader/processors/slim_template_processor.rb +4 -4
- data/lib/railroader/processors/template_alias_processor.rb +10 -10
- data/lib/railroader/processors/template_processor.rb +7 -7
- data/lib/railroader/report/renderer.rb +1 -1
- data/lib/railroader/report/report_base.rb +12 -12
- data/lib/railroader/report/report_csv.rb +2 -2
- data/lib/railroader/report/report_html.rb +5 -5
- data/lib/railroader/report/report_markdown.rb +2 -2
- data/lib/railroader/report/report_table.rb +3 -3
- data/lib/railroader/report/report_tabs.rb +2 -2
- data/lib/railroader/report/report_text.rb +3 -4
- data/lib/railroader/report.rb +3 -3
- data/lib/railroader/rescanner.rb +36 -36
- data/lib/railroader/scanner.rb +23 -23
- data/lib/railroader/tracker/config.rb +3 -3
- data/lib/railroader/tracker/controller.rb +2 -2
- data/lib/railroader/tracker.rb +42 -42
- data/lib/railroader/util.rb +47 -47
- data/lib/railroader/version.rb +1 -1
- data/lib/railroader/warning.rb +9 -10
- data/lib/railroader.rb +32 -32
- data/lib/ruby_parser/bm_sexp.rb +63 -63
- data/lib/ruby_parser/bm_sexp_processor.rb +3 -3
- metadata +4 -4
@@ -1,9 +1,9 @@
|
|
1
1
|
require 'railroader/processors/lib/basic_processor'
|
2
2
|
|
3
|
-
#Processes the Sexp from routes.rb. Stores results in tracker.routes.
|
3
|
+
# Processes the Sexp from routes.rb. Stores results in tracker.routes.
|
4
4
|
#
|
5
|
-
#Note that it is only interested in determining what methods on which
|
6
|
-
#controllers are used as routes, not the generated URLs for routes.
|
5
|
+
# Note that it is only interested in determining what methods on which
|
6
|
+
# controllers are used as routes, not the generated URLs for routes.
|
7
7
|
class Railroader::Rails3RoutesProcessor < Railroader::BasicProcessor
|
8
8
|
include Railroader::RouteHelper
|
9
9
|
|
@@ -12,10 +12,10 @@ class Railroader::Rails3RoutesProcessor < Railroader::BasicProcessor
|
|
12
12
|
def initialize tracker
|
13
13
|
super
|
14
14
|
@map = Sexp.new(:lvar, :map)
|
15
|
-
@nested = nil #used for identifying nested targets
|
16
|
-
@prefix = [] #Controller name prefix (a module name, usually)
|
15
|
+
@nested = nil # used for identifying nested targets
|
16
|
+
@prefix = [] # Controller name prefix (a module name, usually)
|
17
17
|
@current_controller = nil
|
18
|
-
@with_options = nil #For use inside map.with_options
|
18
|
+
@with_options = nil # For use inside map.with_options
|
19
19
|
@controller_block = false
|
20
20
|
@file_name = "config/routes.rb"
|
21
21
|
end
|
@@ -62,7 +62,7 @@ class Railroader::Rails3RoutesProcessor < Railroader::BasicProcessor
|
|
62
62
|
|
63
63
|
def process_namespace exp
|
64
64
|
arg = exp.block_call.first_arg
|
65
|
-
return exp unless symbol? arg or string? arg
|
65
|
+
return exp unless symbol? arg or string? arg
|
66
66
|
|
67
67
|
name = arg.value
|
68
68
|
block = exp.block
|
@@ -76,7 +76,7 @@ class Railroader::Rails3RoutesProcessor < Railroader::BasicProcessor
|
|
76
76
|
exp
|
77
77
|
end
|
78
78
|
|
79
|
-
#TODO: Need test for this
|
79
|
+
# TODO: Need test for this
|
80
80
|
def process_root exp
|
81
81
|
if value = hash_access(exp.first_arg, :to)
|
82
82
|
if string? value
|
@@ -96,12 +96,12 @@ class Railroader::Rails3RoutesProcessor < Railroader::BasicProcessor
|
|
96
96
|
|
97
97
|
matcher = first_arg.value
|
98
98
|
if matcher == ':controller(/:action(/:id(.:format)))' or
|
99
|
-
matcher.include? ':controller' and action_route?(matcher) #Default routes
|
99
|
+
matcher.include? ':controller' and action_route?(matcher) # Default routes
|
100
100
|
@tracker.routes[:allow_all_actions] = first_arg
|
101
101
|
return exp
|
102
102
|
elsif action_route?(first_arg)
|
103
103
|
if hash? second_arg and controller_name = hash_access(second_arg, :controller)
|
104
|
-
loose_action(controller_name, "matched") #TODO: Parse verbs
|
104
|
+
loose_action(controller_name, "matched") # TODO: Parse verbs
|
105
105
|
end
|
106
106
|
elsif second_arg.nil? and in_controller_block? and not matcher.include? ":"
|
107
107
|
add_route matcher
|
@@ -173,7 +173,7 @@ class Railroader::Rails3RoutesProcessor < Railroader::BasicProcessor
|
|
173
173
|
end
|
174
174
|
end
|
175
175
|
elsif string? first_arg
|
176
|
-
if first_arg.value.include? ':controller' and action_route?(first_arg) #Default routes
|
176
|
+
if first_arg.value.include? ':controller' and action_route?(first_arg) # Default routes
|
177
177
|
@tracker.routes[:allow_all_actions] = first_arg
|
178
178
|
end
|
179
179
|
|
@@ -209,7 +209,7 @@ class Railroader::Rails3RoutesProcessor < Railroader::BasicProcessor
|
|
209
209
|
|
210
210
|
if second_arg and second_arg.node_type == :hash
|
211
211
|
self.current_controller = first_arg.value
|
212
|
-
#handle hash
|
212
|
+
# handle hash
|
213
213
|
add_resources_routes
|
214
214
|
elsif exp.args.all? { |s| symbol? s }
|
215
215
|
exp.each_arg do |s|
|
@@ -223,14 +223,14 @@ class Railroader::Rails3RoutesProcessor < Railroader::BasicProcessor
|
|
223
223
|
end
|
224
224
|
|
225
225
|
def process_resource exp
|
226
|
-
#Does resource even take more than one controller name?
|
226
|
+
# Does resource even take more than one controller name?
|
227
227
|
exp.each_arg do |s|
|
228
228
|
if symbol? s
|
229
229
|
self.current_controller = pluralize(s.value.to_s)
|
230
230
|
add_resource_routes
|
231
231
|
else
|
232
|
-
#handle something else, like options
|
233
|
-
#or something?
|
232
|
+
# handle something else, like options
|
233
|
+
# or something?
|
234
234
|
end
|
235
235
|
end
|
236
236
|
|
@@ -259,7 +259,7 @@ class Railroader::Rails3RoutesProcessor < Railroader::BasicProcessor
|
|
259
259
|
end
|
260
260
|
|
261
261
|
def process_scope_block exp
|
262
|
-
#How to deal with options?
|
262
|
+
# How to deal with options?
|
263
263
|
process exp.block
|
264
264
|
exp
|
265
265
|
end
|
@@ -1,9 +1,9 @@
|
|
1
1
|
require 'digest/sha1'
|
2
2
|
|
3
|
-
#Processes a call to render() in a controller or template
|
3
|
+
# Processes a call to render() in a controller or template
|
4
4
|
module Railroader::RenderHelper
|
5
5
|
|
6
|
-
#Process s(:render, TYPE, OPTION?, OPTIONS)
|
6
|
+
# Process s(:render, TYPE, OPTION?, OPTIONS)
|
7
7
|
def process_render exp
|
8
8
|
process_default exp
|
9
9
|
@rendered = true
|
@@ -23,7 +23,7 @@ module Railroader::RenderHelper
|
|
23
23
|
exp
|
24
24
|
end
|
25
25
|
|
26
|
-
#Processes layout
|
26
|
+
# Processes layout
|
27
27
|
def process_layout name = nil
|
28
28
|
if name.nil? and defined? layout_name
|
29
29
|
name = layout_name
|
@@ -34,7 +34,7 @@ module Railroader::RenderHelper
|
|
34
34
|
process_template name, nil, nil, nil
|
35
35
|
end
|
36
36
|
|
37
|
-
#Determines file name for partial and then processes it
|
37
|
+
# Determines file name for partial and then processes it
|
38
38
|
def process_partial name, args, line
|
39
39
|
if name == "" or !(string? name or symbol? name)
|
40
40
|
return
|
@@ -45,19 +45,19 @@ module Railroader::RenderHelper
|
|
45
45
|
process_template template_name(names.join("/")), args, nil, line
|
46
46
|
end
|
47
47
|
|
48
|
-
#Processes a given action
|
48
|
+
# Processes a given action
|
49
49
|
def process_action name, args, line
|
50
50
|
if name.is_a? String or name.is_a? Symbol
|
51
51
|
process_template template_name(name), args, nil, line
|
52
52
|
end
|
53
53
|
end
|
54
54
|
|
55
|
-
#Processes a template, adding any instance variables
|
56
|
-
#to its environment.
|
55
|
+
# Processes a template, adding any instance variables
|
56
|
+
# to its environment.
|
57
57
|
def process_template name, args, called_from = nil, *_
|
58
58
|
|
59
59
|
Railroader.debug "Rendering #{name} (#{called_from})"
|
60
|
-
#Get scanned source for this template
|
60
|
+
# Get scanned source for this template
|
61
61
|
name = name.to_s.gsub(/^\//, "")
|
62
62
|
template = @tracker.templates[name.to_sym]
|
63
63
|
unless template
|
@@ -67,26 +67,26 @@ module Railroader::RenderHelper
|
|
67
67
|
|
68
68
|
template_env = only_ivars(:include_request_vars)
|
69
69
|
|
70
|
-
#Hash the environment and the source of the template to avoid
|
71
|
-
#pointlessly processing templates, which can become prohibitively
|
72
|
-
#expensive in terms of time and memory.
|
70
|
+
# Hash the environment and the source of the template to avoid
|
71
|
+
# pointlessly processing templates, which can become prohibitively
|
72
|
+
# expensive in terms of time and memory.
|
73
73
|
digest = Digest::SHA1.new.update(template_env.instance_variable_get(:@env).to_a.sort.to_s << name).to_s.to_sym
|
74
74
|
|
75
75
|
if @tracker.template_cache.include? digest
|
76
|
-
#Already processed this template with identical environment
|
76
|
+
# Already processed this template with identical environment
|
77
77
|
return
|
78
78
|
else
|
79
79
|
@tracker.template_cache << digest
|
80
80
|
|
81
81
|
options = get_options args
|
82
82
|
|
83
|
-
#Process layout
|
83
|
+
# Process layout
|
84
84
|
if string? options[:layout]
|
85
85
|
process_template "layouts/#{options[:layout][1]}", nil, nil, nil
|
86
86
|
elsif node_type? options[:layout], :false
|
87
|
-
#nothing
|
87
|
+
# nothing
|
88
88
|
elsif not template.name.to_s.match(/[^\/_][^\/]+$/)
|
89
|
-
#Don't do this for partials
|
89
|
+
# Don't do this for partials
|
90
90
|
|
91
91
|
process_layout
|
92
92
|
end
|
@@ -99,11 +99,11 @@ module Railroader::RenderHelper
|
|
99
99
|
|
100
100
|
if options[:collection]
|
101
101
|
|
102
|
-
#The collection name is the name of the partial without the leading
|
103
|
-
#underscore.
|
102
|
+
# The collection name is the name of the partial without the leading
|
103
|
+
# underscore.
|
104
104
|
variable = template.name.to_s.match(/[^\/_][^\/]+$/)[0].to_sym
|
105
105
|
|
106
|
-
#Unless the :as => :variable_name option is used
|
106
|
+
# Unless the :as => :variable_name option is used
|
107
107
|
if options[:as]
|
108
108
|
if string? options[:as] or symbol? options[:as]
|
109
109
|
variable = options[:as].value.to_sym
|
@@ -115,19 +115,19 @@ module Railroader::RenderHelper
|
|
115
115
|
template_env[Sexp.new(:call, nil, variable)] = Sexp.new(:call, Sexp.new(:const, collection), :new)
|
116
116
|
end
|
117
117
|
|
118
|
-
#Set original_line for values so it is clear
|
119
|
-
#that values came from another file
|
118
|
+
# Set original_line for values so it is clear
|
119
|
+
# that values came from another file
|
120
120
|
template_env.all.each do |_var, value|
|
121
121
|
unless value.original_line
|
122
|
-
#TODO: This has been broken for a while now and no one noticed
|
123
|
-
#so maybe we can skip it
|
122
|
+
# TODO: This has been broken for a while now and no one noticed
|
123
|
+
# so maybe we can skip it
|
124
124
|
value.original_line = value.line
|
125
125
|
end
|
126
126
|
end
|
127
127
|
|
128
|
-
#Run source through AliasProcessor with instance variables from the
|
129
|
-
#current environment.
|
130
|
-
#TODO: Add in :locals => { ... } to environment
|
128
|
+
# Run source through AliasProcessor with instance variables from the
|
129
|
+
# current environment.
|
130
|
+
# TODO: Add in :locals => { ... } to environment
|
131
131
|
src = Railroader::TemplateAliasProcessor.new(@tracker, template, called_from).process_safely(template.src, template_env)
|
132
132
|
|
133
133
|
digest = Digest::SHA1.new.update(name + src.to_s).to_s.to_sym
|
@@ -138,21 +138,21 @@ module Railroader::RenderHelper
|
|
138
138
|
@tracker.template_cache << digest
|
139
139
|
end
|
140
140
|
|
141
|
-
#Run alias-processed src through the template processor to pull out
|
142
|
-
#information and outputs.
|
143
|
-
#This information will be stored in tracker.templates, but with a name
|
144
|
-
#specifying this particular route. The original source should remain
|
145
|
-
#pristine (so it can be processed within other environments).
|
141
|
+
# Run alias-processed src through the template processor to pull out
|
142
|
+
# information and outputs.
|
143
|
+
# This information will be stored in tracker.templates, but with a name
|
144
|
+
# specifying this particular route. The original source should remain
|
145
|
+
# pristine (so it can be processed within other environments).
|
146
146
|
@tracker.processor.process_template name, src, template.type, called_from
|
147
147
|
end
|
148
148
|
end
|
149
149
|
|
150
|
-
#Override to process name, such as adding the controller name.
|
150
|
+
# Override to process name, such as adding the controller name.
|
151
151
|
def template_name name
|
152
152
|
raise "RenderHelper#template_name should be overridden."
|
153
153
|
end
|
154
154
|
|
155
|
-
#Turn options Sexp into hash
|
155
|
+
# Turn options Sexp into hash
|
156
156
|
def get_options args
|
157
157
|
options = {}
|
158
158
|
return options unless hash? args
|
@@ -1,7 +1,7 @@
|
|
1
1
|
module Railroader::RouteHelper
|
2
|
-
#Manage Controller prefixes
|
3
|
-
|
4
|
-
#suitable for prefixing onto a controller name.
|
2
|
+
# Manage Controller prefixes
|
3
|
+
# @prefix is an Array, but this method returns a string
|
4
|
+
# suitable for prefixing onto a controller name.
|
5
5
|
def prefix
|
6
6
|
if @prefix.length > 0
|
7
7
|
@prefix.join("::") << "::"
|
@@ -10,20 +10,20 @@ module Railroader::RouteHelper
|
|
10
10
|
end
|
11
11
|
end
|
12
12
|
|
13
|
-
#Sets the controller name to a proper class name.
|
14
|
-
#For example
|
13
|
+
# Sets the controller name to a proper class name.
|
14
|
+
# For example
|
15
15
|
# self.current_controller = :session
|
16
16
|
# @controller == :SessionController #true
|
17
17
|
#
|
18
|
-
#Also prepends the prefix if there is one set.
|
18
|
+
# Also prepends the prefix if there is one set.
|
19
19
|
def current_controller= name
|
20
20
|
@current_controller = (prefix + camelize(name) + "Controller").to_sym
|
21
21
|
@tracker.routes[@current_controller] ||= Set.new
|
22
22
|
end
|
23
23
|
|
24
|
-
#Add route to controller. If a controller is specified,
|
25
|
-
#the current controller will be set to that controller.
|
26
|
-
#If no controller is specified, uses current controller value.
|
24
|
+
# Add route to controller. If a controller is specified,
|
25
|
+
# the current controller will be set to that controller.
|
26
|
+
# If no controller is specified, uses current controller value.
|
27
27
|
def add_route route, controller = nil
|
28
28
|
if node_type? route, :str, :lit
|
29
29
|
route = route.value
|
@@ -42,13 +42,13 @@ module Railroader::RouteHelper
|
|
42
42
|
end
|
43
43
|
|
44
44
|
routes = @tracker.routes[@current_controller]
|
45
|
-
|
45
|
+
|
46
46
|
if routes and not routes.include? :allow_all_actions
|
47
47
|
routes << route
|
48
48
|
end
|
49
49
|
end
|
50
50
|
|
51
|
-
#Add default routes
|
51
|
+
# Add default routes
|
52
52
|
def add_resources_routes
|
53
53
|
existing_routes = @tracker.routes[@current_controller]
|
54
54
|
|
@@ -57,7 +57,7 @@ module Railroader::RouteHelper
|
|
57
57
|
end
|
58
58
|
end
|
59
59
|
|
60
|
-
#Add default routes minus :index
|
60
|
+
# Add default routes minus :index
|
61
61
|
def add_resource_routes
|
62
62
|
existing_routes = @tracker.routes[@current_controller]
|
63
63
|
|
@@ -3,7 +3,7 @@ require 'railroader/processors/alias_processor'
|
|
3
3
|
require 'railroader/processors/lib/module_helper'
|
4
4
|
require 'railroader/tracker/library'
|
5
5
|
|
6
|
-
#Process generic library and stores it in Tracker.libs
|
6
|
+
# Process generic library and stores it in Tracker.libs
|
7
7
|
class Railroader::LibraryProcessor < Railroader::BaseProcessor
|
8
8
|
include Railroader::ModuleHelper
|
9
9
|
|
@@ -2,7 +2,7 @@ require 'railroader/processors/base_processor'
|
|
2
2
|
require 'railroader/processors/lib/module_helper'
|
3
3
|
require 'railroader/tracker/model'
|
4
4
|
|
5
|
-
#Processes models. Puts results in tracker.models
|
5
|
+
# Processes models. Puts results in tracker.models
|
6
6
|
class Railroader::ModelProcessor < Railroader::BaseProcessor
|
7
7
|
include Railroader::ModuleHelper
|
8
8
|
|
@@ -15,18 +15,18 @@ class Railroader::ModelProcessor < Railroader::BaseProcessor
|
|
15
15
|
@file_name = nil
|
16
16
|
end
|
17
17
|
|
18
|
-
#Process model source
|
18
|
+
# Process model source
|
19
19
|
def process_model src, file_name = nil
|
20
20
|
@file_name = file_name
|
21
21
|
process src
|
22
22
|
end
|
23
23
|
|
24
|
-
#s(:class, NAME, PARENT, BODY)
|
24
|
+
# s(:class, NAME, PARENT, BODY)
|
25
25
|
def process_class exp
|
26
26
|
name = class_name(exp.class_name)
|
27
27
|
parent = class_name(exp.parent_name)
|
28
28
|
|
29
|
-
#If inside an inner class we treat it as a library.
|
29
|
+
# If inside an inner class we treat it as a library.
|
30
30
|
if @current_class
|
31
31
|
Railroader.debug "[Notice] Treating inner class as library: #{name}"
|
32
32
|
Railroader::LibraryProcessor.new(@tracker).process_library exp, @file_name
|
@@ -40,8 +40,8 @@ class Railroader::ModelProcessor < Railroader::BaseProcessor
|
|
40
40
|
handle_module exp, Railroader::Model
|
41
41
|
end
|
42
42
|
|
43
|
-
#Handle calls outside of methods,
|
44
|
-
#such as include, attr_accessible, private, etc.
|
43
|
+
# Handle calls outside of methods,
|
44
|
+
# such as include, attr_accessible, private, etc.
|
45
45
|
def process_call exp
|
46
46
|
return exp unless @current_class
|
47
47
|
return exp if process_call_defn? exp
|
@@ -54,8 +54,8 @@ class Railroader::ModelProcessor < Railroader::BaseProcessor
|
|
54
54
|
method = exp.method
|
55
55
|
first_arg = exp.first_arg
|
56
56
|
|
57
|
-
#Methods called inside class definition
|
58
|
-
#like attr_* and other settings
|
57
|
+
# Methods called inside class definition
|
58
|
+
# like attr_* and other settings
|
59
59
|
if @current_method.nil? and target.nil?
|
60
60
|
if first_arg.nil?
|
61
61
|
case method
|
@@ -64,7 +64,7 @@ class Railroader::ModelProcessor < Railroader::BaseProcessor
|
|
64
64
|
when :attr_accessible
|
65
65
|
@current_class.set_attr_accessible
|
66
66
|
else
|
67
|
-
|
67
|
+
# ??
|
68
68
|
end
|
69
69
|
else
|
70
70
|
case method
|
@@ -1,14 +1,14 @@
|
|
1
1
|
Railroader.load_railroader_dependency 'ruby2ruby'
|
2
2
|
require 'railroader/util'
|
3
3
|
|
4
|
-
#Produces formatted output strings from Sexps.
|
5
|
-
#Recommended usage is
|
4
|
+
# Produces formatted output strings from Sexps.
|
5
|
+
# Recommended usage is
|
6
6
|
#
|
7
7
|
# OutputProcessor.new.format(Sexp.new(:str, "hello"))
|
8
8
|
class Railroader::OutputProcessor < Ruby2Ruby
|
9
9
|
include Railroader::Util
|
10
10
|
|
11
|
-
#Copies +exp+ and then formats it.
|
11
|
+
# Copies +exp+ and then formats it.
|
12
12
|
def format exp, user_input = nil, &block
|
13
13
|
@user_input = user_input
|
14
14
|
@user_input_block = block
|
@@ -44,8 +44,8 @@ class Railroader::SlimTemplateProcessor < Railroader::TemplateProcessor
|
|
44
44
|
end
|
45
45
|
end
|
46
46
|
|
47
|
-
#Slim likes to interpolate output into strings then pass them to safe_concat.
|
48
|
-
#Better to pull those values out directly.
|
47
|
+
# Slim likes to interpolate output into strings then pass them to safe_concat.
|
48
|
+
# Better to pull those values out directly.
|
49
49
|
def process_inside_interp exp
|
50
50
|
exp.map! do |e|
|
51
51
|
if node_type? e, :evstr
|
@@ -104,8 +104,8 @@ class Railroader::SlimTemplateProcessor < Railroader::TemplateProcessor
|
|
104
104
|
end
|
105
105
|
|
106
106
|
def process_render exp
|
107
|
-
#Still confused as to why this is not needed in other template processors
|
108
|
-
#but is needed here
|
107
|
+
# Still confused as to why this is not needed in other template processors
|
108
|
+
# but is needed here
|
109
109
|
exp
|
110
110
|
end
|
111
111
|
end
|
@@ -4,8 +4,8 @@ require 'railroader/processors/lib/render_helper'
|
|
4
4
|
require 'railroader/processors/lib/render_path'
|
5
5
|
require 'railroader/tracker'
|
6
6
|
|
7
|
-
#Processes aliasing in templates.
|
8
|
-
#Handles calls to +render+.
|
7
|
+
# Processes aliasing in templates.
|
8
|
+
# Handles calls to +render+.
|
9
9
|
class Railroader::TemplateAliasProcessor < Railroader::AliasProcessor
|
10
10
|
include Railroader::RenderHelper
|
11
11
|
|
@@ -17,7 +17,7 @@ class Railroader::TemplateAliasProcessor < Railroader::AliasProcessor
|
|
17
17
|
@called_from = called_from
|
18
18
|
end
|
19
19
|
|
20
|
-
#Process template
|
20
|
+
# Process template
|
21
21
|
def process_template name, args, _, line = nil, file_name = nil
|
22
22
|
@file_name = file_name || relative_path(@template.file || @tracker.templates[@template.name])
|
23
23
|
|
@@ -33,7 +33,7 @@ class Railroader::TemplateAliasProcessor < Railroader::AliasProcessor
|
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
36
|
-
#Determine template name
|
36
|
+
# Determine template name
|
37
37
|
def template_name name
|
38
38
|
if !name.to_s.include?('/') && @template.name.to_s.include?('/')
|
39
39
|
name = "#{@template.name.to_s.match(/^(.*\/).*$/)[1]}#{name}"
|
@@ -44,7 +44,7 @@ class Railroader::TemplateAliasProcessor < Railroader::AliasProcessor
|
|
44
44
|
UNKNOWN_MODEL_CALL = Sexp.new(:call, Sexp.new(:const, Railroader::Tracker::UNKNOWN_MODEL), :new)
|
45
45
|
FORM_BUILDER_CALL = Sexp.new(:call, Sexp.new(:const, :FormBuilder), :new)
|
46
46
|
|
47
|
-
#Looks for form methods and iterating over collections of Models
|
47
|
+
# Looks for form methods and iterating over collections of Models
|
48
48
|
def process_iter exp
|
49
49
|
process_default exp
|
50
50
|
|
@@ -56,7 +56,7 @@ class Railroader::TemplateAliasProcessor < Railroader::AliasProcessor
|
|
56
56
|
arg = exp.block_args.first_param
|
57
57
|
block = exp.block
|
58
58
|
|
59
|
-
#Check for e.g. Model.find.each do ... end
|
59
|
+
# Check for e.g. Model.find.each do ... end
|
60
60
|
if method == :each and arg and block and model = get_model_target(target)
|
61
61
|
if arg.is_a? Symbol
|
62
62
|
if model == target.target
|
@@ -81,12 +81,12 @@ class Railroader::TemplateAliasProcessor < Railroader::AliasProcessor
|
|
81
81
|
|
82
82
|
COLLECTION_METHODS = [:all, :find, :select, :where]
|
83
83
|
|
84
|
-
#Checks if +exp+ is a call to Model.all or Model.find*
|
84
|
+
# Checks if +exp+ is a call to Model.all or Model.find*
|
85
85
|
def get_model_target exp
|
86
86
|
if call? exp
|
87
87
|
target = exp.target
|
88
88
|
|
89
|
-
if COLLECTION_METHODS.include? exp.method or exp.method.to_s[0,4] == "find"
|
89
|
+
if COLLECTION_METHODS.include? exp.method or exp.method.to_s[0, 4] == "find"
|
90
90
|
models = Set.new @tracker.models.keys
|
91
91
|
name = class_name target
|
92
92
|
return target if models.include?(name)
|
@@ -98,8 +98,8 @@ class Railroader::TemplateAliasProcessor < Railroader::AliasProcessor
|
|
98
98
|
false
|
99
99
|
end
|
100
100
|
|
101
|
-
#Ignore `<<` calls on template variables which are used by the templating
|
102
|
-
#library (HAML, ERB, etc.)
|
101
|
+
# Ignore `<<` calls on template variables which are used by the templating
|
102
|
+
# library (HAML, ERB, etc.)
|
103
103
|
def find_push_target exp
|
104
104
|
if sexp? exp
|
105
105
|
if exp.node_type == :lvar and (exp.value == :_buf or exp.value == :_erbout)
|
@@ -1,12 +1,12 @@
|
|
1
1
|
require 'railroader/processors/base_processor'
|
2
2
|
require 'railroader/tracker/template'
|
3
3
|
|
4
|
-
#Base Processor for templates/views
|
4
|
+
# Base Processor for templates/views
|
5
5
|
class Railroader::TemplateProcessor < Railroader::BaseProcessor
|
6
6
|
|
7
|
-
#Initializes template information.
|
7
|
+
# Initializes template information.
|
8
8
|
def initialize tracker, template_name, called_from = nil, file_name = nil
|
9
|
-
super(tracker)
|
9
|
+
super(tracker)
|
10
10
|
@current_template = Railroader::Template.new template_name, called_from, file_name, tracker
|
11
11
|
@file_name = file_name
|
12
12
|
|
@@ -19,7 +19,7 @@ class Railroader::TemplateProcessor < Railroader::BaseProcessor
|
|
19
19
|
@inside_concat = false
|
20
20
|
end
|
21
21
|
|
22
|
-
#Process the template Sexp.
|
22
|
+
# Process the template Sexp.
|
23
23
|
def process exp
|
24
24
|
begin
|
25
25
|
super
|
@@ -30,9 +30,9 @@ class Railroader::TemplateProcessor < Railroader::BaseProcessor
|
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
33
|
-
#Ignore initial variable assignment
|
33
|
+
# Ignore initial variable assignment
|
34
34
|
def process_lasgn exp
|
35
|
-
if exp.lhs == :_erbout and exp.rhs.node_type == :str #ignore
|
35
|
+
if exp.lhs == :_erbout and exp.rhs.node_type == :str # ignore
|
36
36
|
ignore
|
37
37
|
elsif exp.lhs == :_buf and exp.rhs.node_type == :str
|
38
38
|
ignore
|
@@ -42,7 +42,7 @@ class Railroader::TemplateProcessor < Railroader::BaseProcessor
|
|
42
42
|
end
|
43
43
|
end
|
44
44
|
|
45
|
-
#Adds output to the list of outputs.
|
45
|
+
# Adds output to the list of outputs.
|
46
46
|
def process_output exp
|
47
47
|
exp.value = process exp.value
|
48
48
|
@current_template.add_output exp unless exp.original_line
|
@@ -22,7 +22,7 @@ class Railroader::Report::Base
|
|
22
22
|
@warnings_summary = nil
|
23
23
|
end
|
24
24
|
|
25
|
-
#Generate table of how many warnings of each warning type were reported
|
25
|
+
# Generate table of how many warnings of each warning type were reported
|
26
26
|
def generate_warning_overview
|
27
27
|
types = warnings_summary.keys
|
28
28
|
types.delete :high_confidence
|
@@ -32,7 +32,7 @@ class Railroader::Report::Base
|
|
32
32
|
render_array('warning_overview', ['Warning Type', 'Total'], values, locals)
|
33
33
|
end
|
34
34
|
|
35
|
-
#Generate table of controllers and routes found for those controllers
|
35
|
+
# Generate table of controllers and routes found for those controllers
|
36
36
|
def generate_controllers
|
37
37
|
controller_rows = []
|
38
38
|
|
@@ -43,9 +43,9 @@ class Railroader::Report::Base
|
|
43
43
|
if tracker.routes.include? :allow_all_actions or (tracker.routes[name] and tracker.routes[name].include? :allow_all_actions)
|
44
44
|
routes = c.methods_public.keys.map{|e| e.to_s}.sort.join(", ")
|
45
45
|
elsif tracker.routes[name].nil?
|
46
|
-
#No routes defined for this controller.
|
47
|
-
#This can happen when it is only a parent class
|
48
|
-
#for other controllers, for example.
|
46
|
+
# No routes defined for this controller.
|
47
|
+
# This can happen when it is only a parent class
|
48
|
+
# for other controllers, for example.
|
49
49
|
routes = "[None]"
|
50
50
|
|
51
51
|
else
|
@@ -74,7 +74,7 @@ class Railroader::Report::Base
|
|
74
74
|
render_array('controller_overview', cols, values, locals)
|
75
75
|
end
|
76
76
|
|
77
|
-
#Generate table of errors or return nil if no errors
|
77
|
+
# Generate table of errors or return nil if no errors
|
78
78
|
def generate_errors
|
79
79
|
values = tracker.errors.collect{|error| [error[:error], error[:backtrace][0]]}
|
80
80
|
render_array('error_overview', ['Error', 'Location'], values, {:tracker => tracker})
|
@@ -93,7 +93,7 @@ class Railroader::Report::Base
|
|
93
93
|
'Class'
|
94
94
|
end
|
95
95
|
|
96
|
-
#Generate table of template warnings or return nil if no warnings
|
96
|
+
# Generate table of template warnings or return nil if no warnings
|
97
97
|
def generate_template_warnings
|
98
98
|
render_warnings template_warnings,
|
99
99
|
:template,
|
@@ -103,7 +103,7 @@ class Railroader::Report::Base
|
|
103
103
|
|
104
104
|
end
|
105
105
|
|
106
|
-
#Generate table of model warnings or return nil if no warnings
|
106
|
+
# Generate table of model warnings or return nil if no warnings
|
107
107
|
def generate_model_warnings
|
108
108
|
render_warnings model_warnings,
|
109
109
|
:model,
|
@@ -112,7 +112,7 @@ class Railroader::Report::Base
|
|
112
112
|
'Model'
|
113
113
|
end
|
114
114
|
|
115
|
-
#Generate table of controller warnings or nil if no warnings
|
115
|
+
# Generate table of controller warnings or nil if no warnings
|
116
116
|
def generate_controller_warnings
|
117
117
|
render_warnings controller_warnings,
|
118
118
|
:controller,
|
@@ -193,7 +193,7 @@ class Railroader::Report::Base
|
|
193
193
|
end
|
194
194
|
end
|
195
195
|
|
196
|
-
#Return summary of warnings in hash and store in @warnings_summary
|
196
|
+
# Return summary of warnings in hash and store in @warnings_summary
|
197
197
|
def warnings_summary
|
198
198
|
return @warnings_summary if @warnings_summary
|
199
199
|
|
@@ -254,7 +254,7 @@ class Railroader::Report::Base
|
|
254
254
|
end
|
255
255
|
|
256
256
|
def number_of_templates tracker
|
257
|
-
Set.new(tracker.templates.map {|k,v| v.name.to_s[/[^.]+/]}).length
|
257
|
+
Set.new(tracker.templates.map {|k, v| v.name.to_s[/[^.]+/]}).length
|
258
258
|
end
|
259
259
|
|
260
260
|
def warning_file warning, absolute = @tracker.options[:absolute_paths]
|
@@ -280,7 +280,7 @@ class Railroader::Report::Base
|
|
280
280
|
end
|
281
281
|
end
|
282
282
|
|
283
|
-
#Escape warning message and highlight user input in text output
|
283
|
+
# Escape warning message and highlight user input in text output
|
284
284
|
def text_message warning, message
|
285
285
|
if @highlight_user_input and warning.user_input
|
286
286
|
user_input = warning.format_user_input
|
@@ -10,7 +10,7 @@ class Railroader::Report::CSV < Railroader::Report::Table
|
|
10
10
|
|
11
11
|
output << table_to_csv(generate_warning_overview) << "\n"
|
12
12
|
|
13
|
-
#Return output early if only summarizing
|
13
|
+
# Return output early if only summarizing
|
14
14
|
if tracker.options[:summary_only]
|
15
15
|
return output
|
16
16
|
end
|
@@ -46,7 +46,7 @@ class Railroader::Report::CSV < Railroader::Report::Table
|
|
46
46
|
output
|
47
47
|
end
|
48
48
|
|
49
|
-
#Generate header for CSV output
|
49
|
+
# Generate header for CSV output
|
50
50
|
def csv_header
|
51
51
|
header = CSV.generate_line(["Application Path", "Report Generation Time", "Checks Performed", "Rails Version"])
|
52
52
|
header << CSV.generate_line([File.expand_path(tracker.app_path), Time.now.to_s, checks.checks_run.sort.join(", "), rails_version])
|