Class: Brakeman::SlimTemplateProcessor
- Inherits:
-
TemplateProcessor
- Object
- SexpProcessor
- BaseProcessor
- TemplateProcessor
- Brakeman::SlimTemplateProcessor
- Includes:
- RenderHelper
- Defined in:
- lib/brakeman/processors/slim_template_processor.rb
Constant Summary collapse
- SAFE_BUFFER =
s(:call, s(:colon2, s(:const, :ActiveSupport), :SafeBuffer), :new)
- OUTPUT_BUFFER =
s(:ivar, :@output_buffer)
- TEMPLE_UTILS =
s(:colon2, s(:colon3, :Temple), :Utils)
- ATTR_MERGE =
s(:call, s(:call, s(:array), :reject, s(:block_pass, s(:lit, :empty?))), :join, s(:str, " "))
- EMBEDDED_FILTER =
s(:const, :BrakemanFilter)
Constants inherited from BaseProcessor
Constants included from Util
Util::ALL_COOKIES, Util::ALL_PARAMETERS, Util::COOKIES, Util::COOKIES_SEXP, Util::DIR_CONST, Util::LITERALS, Util::PARAMETERS, Util::PARAMS_SEXP, Util::PATH_PARAMETERS, Util::QUERY_PARAMETERS, Util::REQUEST_COOKIES, Util::REQUEST_ENV, Util::REQUEST_PARAMETERS, Util::REQUEST_PARAMS, Util::REQUEST_REQUEST_PARAMETERS, Util::SAFE_LITERAL, Util::SESSION, Util::SESSION_SEXP, Util::SIMPLE_LITERALS
Constants inherited from SexpProcessor
Brakeman::SexpProcessor::VERSION
Instance Attribute Summary
Attributes inherited from SexpProcessor
Instance Method Summary collapse
- #add_escaped_output(exp) ⇒ Object
-
#embedded_filter?(arg) ⇒ Boolean
Handle our “fake” embedded filters.
- #internal_variable?(exp) ⇒ Boolean
- #is_escaped?(exp) ⇒ Boolean
- #normalize_output(arg) ⇒ Object
- #process_call(exp) ⇒ Object
-
#process_inside_interp(exp) ⇒ Object
Slim likes to interpolate output into strings then pass them to safe_concat.
- #process_interp_output(exp) ⇒ Object
- #process_render(exp) ⇒ Object
- #render?(exp) ⇒ Boolean
Methods included from RenderHelper
#get_class_target, #get_options, #process_action, #process_layout, #process_partial, #process_template, #template_name
Methods inherited from TemplateProcessor
#add_output, #initialize, #process, #process_escaped_output, #process_lasgn, #process_output
Methods inherited from BaseProcessor
#find_render_type, #ignore, #initialize, #make_inline_render, #make_render, #make_render_in_view, #process_arglist, #process_attrasgn, #process_block, #process_cdecl, #process_default, #process_dstr, #process_evstr, #process_file, #process_hash, #process_if, #process_ignore, #process_iter, #process_lasgn, #process_scope
Methods included from Util
#all_literals?, #array?, #block?, #call?, #camelize, #class_name, #constant?, #contains_class?, #cookies?, #dir_glob?, #false?, #hash?, #hash_access, #hash_insert, #hash_iterate, #hash_values, #integer?, #kwsplat?, #literal?, #make_call, #node_type?, #number?, #params?, #pluralize, #rails_version, #recurse_check?, #regexp?, #remove_kwsplat, #request_headers?, #request_value?, #result?, #safe_literal, #safe_literal?, #safe_literal_target?, #set_env_defaults, #sexp?, #simple_literal?, #string?, #string_interp?, #symbol?, #template_path_to_name, #true?, #underscore
Methods included from ProcessorHelper
#current_file, #process_all, #process_all!, #process_call_args, #process_call_defn?, #process_class, #process_module
Methods inherited from SexpProcessor
#in_context, #initialize, #process, processors, #scope
Constructor Details
This class inherits a constructor from Brakeman::TemplateProcessor
Instance Method Details
#add_escaped_output(exp) ⇒ Object
[View source]
97 98 99 100 101 102 103 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 97 def add_escaped_output exp exp = normalize_output(exp) return exp if string? exp or internal_variable? exp super exp end |
#embedded_filter?(arg) ⇒ Boolean
Handle our “fake” embedded filters
59 60 61 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 59 def arg call? arg and arg.method == :render and arg.target == EMBEDDED_FILTER end |
#internal_variable?(exp) ⇒ Boolean
111 112 113 114 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 111 def internal_variable? exp node_type? exp, :lvar and exp.value =~ /^_(temple_|slim_)/ end |
#is_escaped?(exp) ⇒ Boolean
105 106 107 108 109 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 105 def is_escaped? exp call? exp and exp.target == TEMPLE_UTILS and (exp.method == :escape_html or exp.method == :escape_html_safe) end |
#normalize_output(arg) ⇒ Object
[View source]
48 49 50 51 52 53 54 55 56 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 48 def normalize_output arg arg = super(arg) if arg super(arg.first_arg) else arg end end |
#process_call(exp) ⇒ Object
[View source]
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 13 def process_call exp target = exp.target method = exp.method if method == :safe_concat and (target == SAFE_BUFFER or target == OUTPUT_BUFFER) arg = normalize_output(exp.first_arg) if is_escaped? arg add_escaped_output arg.first_arg elsif string? arg ignore elsif render? arg add_output make_render_in_view arg elsif string_interp? arg process_inside_interp arg elsif node_type? arg, :ignore ignore elsif internal_variable? arg ignore elsif arg == ATTR_MERGE ignore else add_output arg end elsif is_escaped? exp add_escaped_output arg elsif target == nil and method == :render exp.arglist = process exp.arglist make_render_in_view exp else exp.arglist = process exp.arglist exp end end |
#process_inside_interp(exp) ⇒ Object
Slim likes to interpolate output into strings then pass them to safe_concat. Better to pull those values out directly.
65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 65 def process_inside_interp exp exp.map! do |e| if node_type? e, :evstr e.value = process_interp_output e.value e else e end end exp end |
#process_interp_output(exp) ⇒ Object
[View source]
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 78 def process_interp_output exp if sexp? exp if node_type? exp, :if process_interp_output exp.then_clause process_interp_output exp.else_clause elsif exp == SAFE_BUFFER ignore elsif render? exp add_output make_render_in_view exp elsif node_type? :output, :escaped_output exp elsif is_escaped? exp add_escaped_output exp else add_output exp end end end |
#process_render(exp) ⇒ Object
[View source]
122 123 124 125 126 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 122 def process_render exp #Still confused as to why this is not needed in other template processors #but is needed here exp end |
#render?(exp) ⇒ Boolean
116 117 118 119 120 |
# File 'lib/brakeman/processors/slim_template_processor.rb', line 116 def render? exp call? exp and exp.target.nil? and exp.method == :render end |