Parent

Class/Module Index [+]

Quicksearch

Brakeman::Tracker

The Tracker keeps track of all the processed information.

Constants

UNKNOWN_MODEL

Place holder when there should be a model, but it is not clear what model it will be.

Attributes

checks[RW]
config[RW]
controllers[RW]
duration[RW]
end_time[RW]
errors[RW]
filter_cache[RW]
initializers[RW]
libs[RW]
models[RW]
options[RW]
processor[RW]
routes[RW]
start_time[RW]
template_cache[RW]
templates[RW]

Public Class Methods

new(app_tree, processor = nil, options = {}) click to toggle source

Creates a new Tracker.

The Processor argument is only used by other Processors that might need to access it.

# File lib/brakeman/tracker.rb, line 23
def initialize(app_tree, processor = nil, options = {})
  @app_tree = app_tree
  @processor = processor
  @options = options

  @config = {}
  @templates = {}
  @controllers = {}
  #Initialize models with the unknown model so
  #we can match models later without knowing precisely what
  #class they are.
  @models = { UNKNOWN_MODEL => { :name => UNKNOWN_MODEL,
      :parent => nil,
      :includes => [],
      :public => {},
      :private => {},
      :protected => {},
      :options => {} } }
  @routes = {}
  @initializers = {}
  @errors = []
  @libs = {}
  @checks = nil
  @processed = nil
  @template_cache = Set.new
  @filter_cache = {}
  @call_index = nil
  @start_time = Time.now
  @end_time = nil
  @duration = nil
end

Public Instance Methods

check_initializers(target, method) click to toggle source

Searches the initializers for a method call

# File lib/brakeman/tracker.rb, line 140
def check_initializers target, method
  finder = Brakeman::FindCall.new target, method, self

  initializers.sort.each do |name, initializer|
    finder.process_source initializer
  end

  finder.matches
end
each_method() click to toggle source

Iterate over all methods in controllers and models.

# File lib/brakeman/tracker.rb, line 80
def each_method
  [self.controllers, self.models].each do |set|
    set.each do |set_name, info|
      [:private, :public, :protected].each do |visibility|
        info[visibility].each do |method_name, definition|
          if definition.node_type == :selfdef
            method_name = "#{definition[1]}.#{method_name}"
          end

          yield definition, set_name, method_name

        end
      end
    end
  end
end
each_template() click to toggle source

Iterates over each template, yielding the name and the template. Prioritizes templates which have been rendered.

# File lib/brakeman/tracker.rb, line 99
def each_template
  if @processed.nil?
    @processed, @rest = templates.keys.sort_by{|template| template.to_s}.partition { |k| k.to_s.include? "." }
  end

  @processed.each do |k|
    yield k, templates[k]
  end

  @rest.each do |k|
    yield k, templates[k]
  end
end
error(exception, backtrace = nil) click to toggle source

Add an error to the list. If no backtrace is given, the one from the exception will be used.

# File lib/brakeman/tracker.rb, line 57
def error exception, backtrace = nil
  backtrace ||= exception.backtrace
  unless backtrace.is_a? Array
    backtrace = [ backtrace ]
  end

  Brakeman.debug exception
  Brakeman.debug backtrace

  @errors << { :error => exception.to_s.gsub("\n", " "), :backtrace => backtrace }
end
find_call(options) click to toggle source

Find a method call.

Options:

* :target => target name(s)
* :method => method name(s)
* :chained => search in method chains

If :target => false or :target => nil, searches for methods without a target. Targets and methods can be specified as a symbol, an array of symbols, or a regular expression.

If :chained => true, matches target at head of method chain and method at end.

For example:

find_call :target => User, :method => :all, :chained => true

could match

User.human.active.all(...)
# File lib/brakeman/tracker.rb, line 134
def find_call options
  index_call_sites unless @call_index
  @call_index.find_calls options
end
index_call_sites() click to toggle source
# File lib/brakeman/tracker.rb, line 155
def index_call_sites
  finder = Brakeman::FindAllCalls.new self

  self.each_method do |definition, set_name, method_name|
    finder.process_source definition, set_name, method_name
  end

  self.each_template do |name, template|
    finder.process_source template[:src], nil, nil, template
  end

  @call_index = Brakeman::CallIndex.new finder.calls
end
reindex_call_sites(locations) click to toggle source

Reindex call sites

Takes a set of symbols which can include :templates, :models, or :controllers

This will limit reindexing to the given sets

# File lib/brakeman/tracker.rb, line 175
def reindex_call_sites locations
  #If reindexing templates, models, and controllers, just redo
  #everything
  if locations.length == 3
    return index_call_sites
  end

  if locations.include? :templates
    @call_index.remove_template_indexes
  end

  classes_to_reindex = Set.new
  method_sets = []

  if locations.include? :models
    classes_to_reindex.merge self.models.keys
    method_sets << self.models
  end

  if locations.include? :controllers
    classes_to_reindex.merge self.controllers.keys
    method_sets << self.controllers
  end

  @call_index.remove_indexes_by_class classes_to_reindex

  finder = Brakeman::FindAllCalls.new self

  method_sets.each do |set|
    set.each do |set_name, info|
      [:private, :public, :protected].each do |visibility|
        info[visibility].each do |method_name, definition|
          if definition.node_type == :selfdef
            method_name = "#{definition[1]}.#{method_name}"
          end

          finder.process_source definition, set_name, method_name

        end
      end
    end
  end

  if locations.include? :templates
    self.each_template do |name, template|
      finder.process_source template[:src], nil, nil, template
    end
  end

  @call_index.index_calls finder.calls
end
report() click to toggle source

Returns a Report with this Tracker's information

# File lib/brakeman/tracker.rb, line 151
def report
  Brakeman::Report.new(@app_tree, self)
end
reset_controller(path) click to toggle source
# File lib/brakeman/tracker.rb, line 266
def reset_controller path
  #Remove from controller
  @controllers.delete_if do |name, controller|
    if controller[:file] == path
      template_matcher = /^#{name}#/

      #Remove templates rendered from this controller
      @templates.each do |template_name, template|
        if template[:caller] and not template[:caller].grep(template_matcher).empty?
          reset_template template_name
          @call_index.remove_template_indexes template_name
        end
      end

      #Remove calls indexed from this controller
      @call_index.remove_indexes_by_class [name]

      true
    end
  end
end
reset_model(path) click to toggle source

Clear information related to model

# File lib/brakeman/tracker.rb, line 253
def reset_model path
  model_name = nil

  @models.each do |name, model|
    if model[:file] == path
      model_name = name
      break
    end
  end

  @models.delete model_name
end
reset_routes() click to toggle source

Clear information about routes

# File lib/brakeman/tracker.rb, line 289
def reset_routes
  @routes = {}
end
reset_template(name) click to toggle source

Clear information related to template

# File lib/brakeman/tracker.rb, line 244
def reset_template name
  name = name.to_sym
  @templates.delete name
  @processed = nil
  @rest = nil
  @template_cache.clear
end
reset_templates(options = { :only_rendered => false }) click to toggle source

Clear information related to templates. If :only_rendered => true, will delete templates rendered from controllers (but not those rendered from other templates)

# File lib/brakeman/tracker.rb, line 230
def reset_templates options = { :only_rendered => false }
  if options[:only_rendered]
    @templates.delete_if do |name, template|
      name.to_s.include? "Controller#"
    end
  else
    @templates = {}
  end
  @processed = nil
  @rest = nil
  @template_cache.clear
end
run_checks() click to toggle source

Run a set of checks on the current information. Results will be stored in Tracker#checks.

# File lib/brakeman/tracker.rb, line 71
def run_checks
  @checks = Brakeman::Checks.run_checks(@app_tree, self)

  @end_time = Time.now
  @duration = @end_time - @start_time
  @checks
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.