module Brakeman::ControllerMethods
Attributes
layout[RW]
Public Instance Methods
add_before_filter(exp)
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 19 def add_before_filter exp @options[:before_filters] << exp end
before_filter_list(processor, method)
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 39 def before_filter_list processor, method controller = self filters = [] while controller filters = controller.get_before_filters(processor, method) + filters controller = tracker.controllers[controller.parent] || tracker.libs[controller.parent] end remove_skipped_filters processor, filters, method end
before_filter_to_hash(processor, args)
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 106 def before_filter_to_hash processor, args filter = {} #Process args for the uncommon but possible situation #in which some variables are used in the filter. args.each do |a| if sexp? a a = processor.process_default a end end filter[:methods] = [] args.each do |a| filter[:methods] << a[1] if a.node_type == :lit end options = args.last if hash? options # Probably only one option, # but this also avoids issues with kwsplats hash_iterate(options) do |option, value| case value.node_type when :array filter[option.value] = value.sexp_body.map {|v| v[1] } when :lit, :str filter[option.value] = value[1] else Brakeman.debug "[Notice] Unknown before_filter value: #{option} => #{value}" end end else filter[:all] = true end filter end
before_filters()
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 27 def before_filters @options[:before_filters] end
get_before_filters(processor, method)
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 86 def get_before_filters processor, method filters = [] if @before_filter_cache.nil? @before_filter_cache = [] before_filters.each do |filter| @before_filter_cache << before_filter_to_hash(processor, filter.args) end end @before_filter_cache.each do |f| if filter_includes_method? f, method filters.concat f[:methods] end end filters end
get_skipped_filters(processor, method)
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 53 def get_skipped_filters processor, method filters = [] if @skip_filter_cache.nil? @skip_filter_cache = skip_filters.map do |filter| before_filter_to_hash(processor, filter.args) end end @skip_filter_cache.each do |f| if filter_includes_method? f, method filters.concat f[:methods] else end end filters end
initialize_controller()
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 7 def initialize_controller @options[:before_filters] = [] @options[:skip_filters] = [] @layout = nil @skip_filter_cache = nil @before_filter_cache = nil end
prepend_before_filter(exp)
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 23 def prepend_before_filter exp @options[:before_filters].unshift exp end
protect_from_forgery?()
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 15 def protect_from_forgery? @options[:protect_from_forgery] end
remove_skipped_filters(processor, filters, method)
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 73 def remove_skipped_filters processor, filters, method controller = self while controller filters = filters - controller.get_skipped_filters(processor, method) controller = tracker.controllers[controller.parent] || tracker.libs[controller.parent] end filters end
skip_filter(exp)
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 31 def skip_filter exp @options[:skip_filters] << exp end
skip_filters()
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 35 def skip_filters @options[:skip_filters] end
Private Instance Methods
filter_includes_method?(filter_rule, method_name)
click to toggle source
# File lib/brakeman/tracker/controller.rb, line 147 def filter_includes_method? filter_rule, method_name filter_rule[:all] or (filter_rule[:only] == method_name) or (filter_rule[:only].is_a? Array and filter_rule[:only].include? method_name) or (filter_rule[:except].is_a? Symbol and filter_rule[:except] != method_name) or (filter_rule[:except].is_a? Array and not filter_rule[:except].include? method_name) end