Use Util.node_type? wherever possible

instead of "sexp? exp and exp.node_type == :blah" or "sexp? exp and exp[0] == :blah"

Use Util.node_type? wherever possible
instead of "sexp? exp and exp.node_type == :blah" or "sexp? exp and exp[0] == :blah"
820ba362 · Justin Collins · e69ace89 · 820ba362 · 820ba362 · 820ba362
11 changed file
--- a/lib/brakeman/checks/check_link_to_href.rb
+++ b/lib/brakeman/checks/check_link_to_href.rb
@@ -35,7 +35,11 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
    call = result[:call] = result[:call].dup
    @matched = false
    url_arg = process call[3][2]
-    return if sexp?(url_arg) && url_arg.node_type == :string_interp && !url_arg[1].chomp.empty?
+
+    #Ignore situations where the href is an interpolated string
+    #with something before the user input
+    return if node_type?(url_arg, :string_interp) && !url_arg[1].chomp.empty?
+
    type, match = has_immediate_user_input? url_arg

    if type

--- a/lib/brakeman/checks/check_sql.rb
+++ b/lib/brakeman/checks/check_sql.rb
@@ -181,7 +181,7 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
    arg.each do |exp|
      #For now, don't warn on interpolation of Model.table_name
      #but check for other 'safe' things in the future
-      if sexp? exp and (exp.node_type == :string_eval or exp.node_type == :evstr)
+      if node_type? exp, :string_eval, :evstr
        if call? exp[1] and (model_name?(exp[1][1]) or exp[1][1].nil?) and exp[1][2] == :table_name
          return false
        end

--- a/lib/brakeman/processors/controller_processor.rb
+++ b/lib/brakeman/processors/controller_processor.rb
@@ -85,7 +85,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
            else
              Brakeman.debug "[Notice] Layout not found: #{name}"
            end
-          elsif sexp? args[-1] and (args[-1][0] == :nil or args[-1][0] == :false)
+          elsif node_type? args[-1], :nil, :false
            #layout :false or layout nil
            @controller[:layout] = false
          end
@@ -181,7 +181,7 @@ class Brakeman::ControllerProcessor < Brakeman::BaseProcessor
      block_variable = :temp
    end

-    if sexp? exp[3] and exp[3].node_type == :block
+    if node_type? exp[3], :block
      block_inner = exp[3][1..-1]
    else
      block_inner = [exp[3]]

--- a/lib/brakeman/processors/erb_template_processor.rb
+++ b/lib/brakeman/processors/erb_template_processor.rb
@@ -68,7 +68,7 @@ class Brakeman::ErbTemplateProcessor < Brakeman::TemplateProcessor
        res = process e
        if res.empty? or res == ignore
          nil
-        elsif sexp? res and res.node_type == :lvar and res[1] == :_erbout
+        elsif node_type?(res, :lvar) and res[1] == :_erbout
          nil

        else

--- a/lib/brakeman/processors/lib/find_all_calls.rb
+++ b/lib/brakeman/processors/lib/find_all_calls.rb
@@ -138,7 +138,7 @@ class Brakeman::FindAllCalls < Brakeman::BaseProcessor
  #Returns method chain as an array
  #For example, User.human.alive.all would return [:User, :human, :alive, :all]
  def get_chain call
-    if sexp? call and (call.node_type == :call or call.node_type == :attrasgn)
+    if node_type? call, :call, :attrasgn
      get_chain(call[1]) + [call[2]]
    else
      [get_target(call)]

--- a/lib/brakeman/processors/lib/find_call.rb
+++ b/lib/brakeman/processors/lib/find_call.rb
@@ -107,7 +107,7 @@ class Brakeman::FindCall < Brakeman::BaseProcessor
    #  User.find(:first, :conditions => "user = '#{params['user']}').name
    #
    #A search for User.find will not match this unless @in_depth is true.
-    if @in_depth and sexp? exp[1] and exp[1][0] == :call
+    if @in_depth and node_type? exp[1], :call
      process exp[1]
    end


--- a/lib/brakeman/processors/lib/rails2_config_processor.rb
+++ b/lib/brakeman/processors/lib/rails2_config_processor.rb
@@ -103,7 +103,7 @@ class Brakeman::Rails2ConfigProcessor < Brakeman::BaseProcessor
  #
  #  [:action_controller, :session_store]
  def get_rails_config exp
-    if sexp? exp and exp.node_type == :attrasgn
+    if node_type? exp, :attrasgn
      attribute = exp[2].to_s[0..-2].to_sym
      get_rails_config(exp[1]) << attribute
    elsif call? exp

--- a/lib/brakeman/processors/lib/rails2_route_processor.rb
+++ b/lib/brakeman/processors/lib/rails2_route_processor.rb
@@ -89,7 +89,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BaseProcessor
      process_resource_options exp[-1]
    else
      exp.each do |argument|
-        if sexp? argument and argument.node_type == :lit
+        if node_type? argument, :lit
          self.current_controller = exp[0][1]
          add_resources_routes
          process_resource_options exp[-1]
@@ -165,7 +165,7 @@ class Brakeman::Rails2RoutesProcessor < Brakeman::BaseProcessor
      process_resource_options exp[-1]
    else
      exp.each do |argument|
-        if sexp? argument and argument.node_type == :lit
+        if node_type? argument, :lit
          self.current_controller = pluralize(exp[0][1].to_s)
          add_resource_routes
          process_resource_options exp[-1]

--- a/lib/brakeman/processors/lib/rails3_config_processor.rb
+++ b/lib/brakeman/processors/lib/rails3_config_processor.rb
@@ -29,7 +29,7 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor

  #Look for MyApp::Application.configure do ... end
  def process_iter exp
-    if sexp?(exp[1][1]) and exp[1][1][0] == :colon2 and exp[1][1][2] == :Application
+    if node_type?(exp[1][1], :colon2) and exp[1][1][2] == :Application
      @inside_config = true
      process exp[-1] if sexp? exp[-1]
      @inside_config = false
@@ -100,7 +100,7 @@ class Brakeman::Rails3ConfigProcessor < Brakeman::BaseProcessor
  #
  #  [:action_controller, :session_store]
  def get_rails_config exp
-    if sexp? exp and exp.node_type == :attrasgn
+    if node_type? exp, :attrasgn
      attribute = exp[2].to_s[0..-2].to_sym
      get_rails_config(exp[1]) << attribute
    elsif call? exp

--- a/lib/brakeman/processors/lib/render_helper.rb
+++ b/lib/brakeman/processors/lib/render_helper.rb
@@ -75,7 +75,7 @@ module Brakeman::RenderHelper
      #Process layout
      if string? options[:layout]
        process_template "layouts/#{options[:layout][1]}", nil
-      elsif sexp? options[:layout] and options[:layout][0] == :false
+      elsif node_type? options[:layout], :false
        #nothing
      elsif not template[:name].to_s.match(/[^\/_][^\/]+$/)
        #Don't do this for partials

--- a/lib/brakeman/processors/template_alias_processor.rb
+++ b/lib/brakeman/processors/template_alias_processor.rb
@@ -40,7 +40,7 @@ class Brakeman::TemplateAliasProcessor < Brakeman::AliasProcessor

    #Check for e.g. Model.find.each do ... end
    if method == :each and args and block and model = get_model_target(target)
-      if sexp? args and args.node_type == :lasgn
+      if node_type? args, :lasgn
        if model == target[1]
          env[Sexp.new(:lvar, args[1])] = Sexp.new(:call, model, :new, Sexp.new(:arglist))
        else
@@ -50,7 +50,7 @@ class Brakeman::TemplateAliasProcessor < Brakeman::AliasProcessor
        process block if sexp? block
      end
    elsif FORM_METHODS.include? method
-      if sexp? args and args.node_type == :lasgn
+      if node_type? args, :lasgn
        env[Sexp.new(:lvar, args[1])] = Sexp.new(:call, Sexp.new(:const, :FormBuilder), :new, Sexp.new(:arglist)) 

        process block if sexp? block