From 4fc89dec2bdc8e5c70b9df15ff5302886d3db7ce Mon Sep 17 00:00:00 2001 From: Justin Collins Date: Mon, 22 Oct 2012 15:19:59 -0700 Subject: [PATCH] Do not process appending to HAML template variable in the alias processor. Should fix #168 --- lib/brakeman/processors/haml_template_processor.rb | 3 ++- lib/brakeman/processors/template_alias_processor.rb | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/brakeman/processors/haml_template_processor.rb b/lib/brakeman/processors/haml_template_processor.rb index 64d142df..6e6f0afe 100644 --- a/lib/brakeman/processors/haml_template_processor.rb +++ b/lib/brakeman/processors/haml_template_processor.rb @@ -74,7 +74,8 @@ class Brakeman::HamlTemplateProcessor < Brakeman::TemplateProcessor res #_hamlout.buffer << - #This seems to be used rarely, but directly appends args to output buffer + #This seems to be used rarely, but directly appends args to output buffer. + #Has something to do with values of blocks? elsif sexp? target and method == :<< and is_buffer_target? target @inside_concat = true out = exp.arglist[1] = process(exp.arglist[1]) diff --git a/lib/brakeman/processors/template_alias_processor.rb b/lib/brakeman/processors/template_alias_processor.rb index 65a6fbfb..7e903af9 100644 --- a/lib/brakeman/processors/template_alias_processor.rb +++ b/lib/brakeman/processors/template_alias_processor.rb @@ -96,11 +96,17 @@ class Brakeman::TemplateAliasProcessor < Brakeman::AliasProcessor false end + #Ignore `<<` calls on template variables which are used by the templating + #library (HAML, ERB, etc.) def find_push_target exp if sexp? exp if exp.node_type == :lvar and (exp.value == :_buf or exp.value == :_erbout) return nil elsif exp.node_type == :ivar and exp.value == :@output_buffer + return nil + elsif exp.node_type == :call and exp.target.node_type == :call and + exp.target.method == :_hamlout and exp.method == :buffer + return nil end end -- GitLab