Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
Brakeman
提交
402609ec
B
Brakeman
项目概览
李少辉-开发者
/
Brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
Brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
402609ec
编写于
11月 25, 2013
作者:
J
Justin
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #407 from presidentbeef/fix_multiple_block_related_issues
Fix multiple block related issues
上级
75440c35
1ff4f810
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
200 addition
and
15 deletion
+200
-15
lib/brakeman/processors/alias_processor.rb
lib/brakeman/processors/alias_processor.rb
+26
-4
lib/brakeman/processors/controller_alias_processor.rb
lib/brakeman/processors/controller_alias_processor.rb
+2
-4
test/apps/rails4/app/controllers/friendly_controller.rb
test/apps/rails4/app/controllers/friendly_controller.rb
+9
-3
test/tests/alias_processor.rb
test/tests/alias_processor.rb
+152
-4
test/tests/rails4.rb
test/tests/rails4.rb
+11
-0
未找到文件。
lib/brakeman/processors/alias_processor.rb
浏览文件 @
402609ec
...
...
@@ -220,13 +220,24 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
#Process a method definition.
def
process_methdef
exp
env
.
scope
do
set_env_defaults
meth_env
do
exp
.
body
=
process_all!
exp
.
body
end
exp
end
def
meth_env
begin
env
.
scope
do
set_env_defaults
@meth_env
=
env
.
current
yield
end
ensure
@meth_env
=
nil
end
end
#Process a method definition on self.
def
process_selfdef
exp
env
.
scope
do
...
...
@@ -437,9 +448,11 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
branch_scopes
=
[]
exps
.
each_with_index
do
|
branch
,
i
|
scope
do
@branch_env
=
env
.
current
branch_index
=
2
+
i
# s(:if, condition, then_branch, else_branch)
exp
[
branch_index
]
=
process_if_branch
branch
branch_scopes
<<
env
.
current
@branch_env
=
nil
end
end
...
...
@@ -731,7 +744,17 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
end
if
@ignore_ifs
or
not
@inside_if
env
[
var
]
=
value
if
@meth_env
and
node_type?
var
,
:
ivar
and
env
[
var
].
nil?
@meth_env
[
var
]
=
value
else
env
[
var
]
=
value
end
elsif
env
.
current
[
var
]
env
.
current
[
var
]
=
value
elsif
@branch_env
and
@branch_env
[
var
]
@branch_env
[
var
]
=
value
elsif
@branch_env
and
@meth_env
and
node_type?
var
,
:ivar
@branch_env
[
var
]
=
value
else
env
.
current
[
var
]
=
value
end
...
...
@@ -776,5 +799,4 @@ class Brakeman::AliasProcessor < Brakeman::SexpProcessor
false
end
end
end
lib/brakeman/processors/controller_alias_processor.rb
浏览文件 @
402609ec
...
...
@@ -84,9 +84,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
@current_method
=
meth_name
@rendered
=
false
if
is_route
env
.
scope
do
set_env_defaults
meth_env
do
if
is_route
before_filter_list
(
@current_method
,
@current_class
).
each
do
|
f
|
process_before_filter
f
...
...
@@ -124,7 +122,7 @@ class Brakeman::ControllerAliasProcessor < Brakeman::AliasProcessor
#Check for +respond_to+
def
process_call_with_block
exp
process_default
exp
super
if
call?
exp
.
block_call
and
exp
.
block_call
.
method
==
:respond_to
@rendered
=
true
...
...
test/apps/rails4/app/controllers/friendly_controller.rb
浏览文件 @
402609ec
class
FriendlyController
some_helper_thing
do
@user
=
User
.
current_user
end
def
find
@user
=
User
.
friendly
.
find
(
params
[
:id
])
redirect_to
@user
end
end
\ No newline at end of file
def
some_user_thing
redirect_to
@user
.
url
end
end
test/tests/alias_processor.rb
浏览文件 @
402609ec
class
AliasProcessorTests
<
Test
::
Unit
::
TestCase
def
assert_alias
expected
,
original
def
assert_alias
expected
,
original
,
full
=
false
original_sexp
=
RubyParser
.
new
.
parse
original
expected_sexp
=
RubyParser
.
new
.
parse
expected
processed_sexp
=
Brakeman
::
AliasProcessor
.
new
.
process_safely
original_sexp
result
=
processed_sexp
.
last
assert_equal
expected_sexp
,
result
if
full
assert_equal
expected_sexp
,
processed_sexp
else
assert_equal
expected_sexp
,
processed_sexp
.
last
end
end
def
assert_output
input
,
output
assert_alias
output
,
input
,
true
end
def
test_addition
...
...
@@ -377,4 +383,146 @@ class AliasProcessorTests < Test::Unit::TestCase
y
RUBY
end
def
test_block_with_local
assert_output
<<-
INPUT
,
<<-
OUTPUT
def a
if b
c = nil
ds.each do |d|
e = T.new
c = e.map
end
r("f" + c.name)
else
g
end
end
INPUT
def a
if b
c = nil
ds.each do |d|
e = T.new
c = T.new.map
end
r("f" + T.new.map.name)
else
g
end
end
OUTPUT
end
def
test_block_in_class_scope
# Make sure blocks in class do not mess up instance variable scope
# for subsequent methods
assert_output
<<-
INPUT
,
<<-
OUTPUT
class A
x do
@a = 1
end
def b
@a
end
end
INPUT
class A
x do
@a = 1
end
def b
@a
end
end
OUTPUT
end
def
test_instance_method_scope_in_block
# Make sure instance variables set inside blocks are set at the method
# scope
assert_output
<<-
INPUT
,
<<-
OUTPUT
class A
def b
x do
@a = 1
end
@a
end
end
INPUT
class A
def b
x do
@a = 1
end
1
end
end
OUTPUT
end
def
test_instance_method_scope_in_if_with_blocks
# Make sure instance variables set inside if expressions are set at the
# method scope after being combined
assert_output
<<-
INPUT
,
<<-
OUTPUT
class A
def b
if something
x do
@a = 1
end
else
y do
@a = 2
end
end
@a
end
end
INPUT
class A
def b
if something
x do
@a = 1
end
else
y do
@a = 2
end
end
(1 or 2)
end
end
OUTPUT
end
def
test_branch_env_is_closed_after_if_statement
assert_output
<<-
'INPUT'
,
<<-
'OUTPUT'
def a
if b
return unless c # this was causing problems
@d = D.find(1)
@d
end
end
INPUT
def a
if b
return unless c
@d = D.find(1)
D.find(1)
end
end
OUTPUT
end
end
test/tests/rails4.rb
浏览文件 @
402609ec
...
...
@@ -110,4 +110,15 @@ class Rails4Tests < Test::Unit::TestCase
:confidence
=>
0
,
:relative_path
=>
"app/controllers/application_controller.rb"
end
def
test_redirect_with_instance_variable_from_block
assert_no_warning
:type
=>
:warning
,
:warning_code
=>
18
,
:fingerprint
=>
"e024f0cf67432409ec4afc80216fb2f6c9929fbbd32c2421e8867cd254f22d04"
,
:warning_type
=>
"Redirect"
,
:line
=>
12
,
:message
=>
/^Possible\ unprotected\ redirect/
,
:confidence
=>
0
,
:relative_path
=>
"app/controllers/friendly_controller.rb"
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录