Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
社会瑞弟呀
brakeman
提交
6d5bb6bd
B
brakeman
项目概览
社会瑞弟呀
/
brakeman
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
B
brakeman
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
6d5bb6bd
编写于
1月 09, 2012
作者:
J
Justin Collins
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Move Brakeman::Rescanner to its own file
上级
3f0b45e0
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
204 addition
and
201 deletion
+204
-201
lib/brakeman.rb
lib/brakeman.rb
+2
-0
lib/brakeman/rescanner.rb
lib/brakeman/rescanner.rb
+202
-0
lib/brakeman/scanner.rb
lib/brakeman/scanner.rb
+0
-201
未找到文件。
lib/brakeman.rb
浏览文件 @
6d5bb6bd
...
...
@@ -253,6 +253,8 @@ module Brakeman
end
def
self
.
rescan
tracker
,
files
require
'brakeman/rescanner'
Rescanner
.
new
(
tracker
.
options
,
tracker
.
processor
,
files
).
recheck
end
end
lib/brakeman/rescanner.rb
0 → 100644
浏览文件 @
6d5bb6bd
require
'brakeman/scanner'
class
Brakeman::Rescanner
<
Brakeman
::
Scanner
def
initialize
options
,
processor
,
files
super
(
options
,
processor
)
@paths
=
files
#Files to rescan
@old_results
=
tracker
.
checks
#Old warnings from previous scan
@changes
=
nil
#True if files had to be rescanned
end
def
recheck
rescan
if
@changes
.
nil?
tracker
.
run_checks
if
@changes
Brakeman
::
RescanReport
.
new
@old_results
,
tracker
.
checks
end
def
rescan
tracker
.
template_cache
.
clear
@changes
=
false
@paths
.
each
do
|
path
|
if
rescan_file
path
@changes
=
true
end
end
index_call_sites
self
end
def
rescan_file
path
case
file_type
path
when
:controller
rescan_controller
path
when
:template
rescan_template
path
when
:model
rescan_model
path
when
:lib
process_library
path
when
:config
process_config
when
:initializer
process_initializer
path
when
:routes
# Routes affect which controller methods are treated as actions
# which affects which templates are rendered, so routes, controllers,
# and templates rendered from controllers must be rescanned
tracker
.
reset_routes
tracker
.
reset_templates
:only_rendered
=>
true
process_routes
process_controllers
when
:gemfile
process_gems
else
return
false
#Nothing to do, file hopefully does not need to be rescanned
end
true
end
def
rescan_controller
path
#Process source
process_controller
path
#Process data flow and template rendering
#from the controller
tracker
.
controllers
.
each
do
|
name
,
controller
|
if
controller
[
:file
]
==
path
tracker
.
templates
.
keys
.
each
do
|
template_name
|
if
template_name
.
to_s
.
match
/(.+)\.
#{
name
}
#/
tracker
.
templates
.
delete
template_name
end
end
@processor
.
process_controller_alias
controller
[
:src
]
end
end
end
def
rescan_template
path
template_name
=
template_path_to_name
(
path
)
tracker
.
reset_template
template_name
process_template
path
@processor
.
process_template_alias
tracker
.
templates
[
template_name
]
rescan
=
Set
.
new
rendered_from_controller
=
/^
#{
template_name
}
\.(.+Controller)#(.+)/
rendered_from_view
=
/^
#{
template_name
}
\.Template:(.+)/
#Search for processed template and process it.
#Search for rendered versions of template and re-render (if necessary)
tracker
.
templates
.
each
do
|
name
,
template
|
if
template
[
:file
]
==
path
or
template
[
:file
].
nil?
name
=
name
.
to_s
if
name
.
match
(
rendered_from_controller
)
#Rendered from controller, so reprocess controller
rescan
<<
[
:controller
,
$1
.
to_sym
,
$2
.
to_sym
]
elsif
name
.
match
(
rendered_from_view
)
#Rendered from another template, so reprocess that template
rescan
<<
[
:template
,
$1
.
to_sym
]
end
end
end
rescan
.
each
do
|
r
|
if
r
[
0
]
==
:controller
controller
=
tracker
.
controllers
[
r
[
1
]]
if
@paths
.
include?
controller
[
:file
]
rescan_controller
controller
[
:file
]
else
@processor
.
process_controller_alias
controller
[
:src
],
r
[
2
]
end
elsif
r
[
0
]
==
:template
template
=
tracker
.
templates
[
r
[
1
]]
rescan_template
template
[
:file
]
end
end
end
def
rescan_model
path
num_models
=
tracker
.
models
.
length
tracker
.
reset_model
path
process_model
path
if
File
.
exists?
path
#Only need to rescan other things if a model is added or removed
if
num_models
!=
tracker
.
models
.
length
process_templates
process_controllers
end
end
#Guess at what kind of file the path contains
def
file_type
path
case
path
when
/\/app\/controllers/
:controller
when
/\/app\/views/
:template
when
/\/app\/models/
:model
when
/\/lib/
:lib
when
/\/config\/initializers/
:initializer
when
/config\/routes\.rb/
:routes
when
/\/config/
:config
when
/Gemfile/
:gemfile
else
:unknown
end
end
end
class
Brakeman::RescanReport
attr_reader
:old_results
,
:new_results
def
initialize
old_results
,
new_results
@old_results
=
old_results
@new_results
=
new_results
@diff
=
nil
end
#Returns an array of warnings which were in the old report but are not in the
#new report after rescanning
def
fixed_warnings
diff
[
:fixed
]
end
#Returns an array of warnings which were in the new report but were not in
#the old report
def
new_warnings
diff
[
:new
]
end
#Returns true if there are any new or fixed warnings
def
warnings_changed?
not
(
diff
[
:new
].
empty?
and
diff
[
:fixed
].
empty?
)
end
#Returns a hash of arrays for :new and :fixed warnings
def
diff
@diff
||=
@old_results
.
diff
(
@new_results
)
end
end
lib/brakeman/scanner.rb
浏览文件 @
6d5bb6bd
...
...
@@ -361,207 +361,6 @@ class Brakeman::Scanner
end
end
class
Brakeman::Rescanner
<
Brakeman
::
Scanner
def
initialize
options
,
processor
,
files
super
(
options
,
processor
)
@paths
=
files
#Files to rescan
@old_results
=
tracker
.
checks
#Old warnings from previous scan
@changes
=
nil
#True if files had to be rescanned
end
def
recheck
rescan
if
@changes
.
nil?
tracker
.
run_checks
if
@changes
Brakeman
::
RescanReport
.
new
@old_results
,
tracker
.
checks
end
def
rescan
tracker
.
template_cache
.
clear
@changes
=
false
@paths
.
each
do
|
path
|
if
rescan_file
path
@changes
=
true
end
end
index_call_sites
self
end
def
rescan_file
path
case
file_type
path
when
:controller
rescan_controller
path
when
:template
rescan_template
path
when
:model
rescan_model
path
when
:lib
process_library
path
when
:config
process_config
when
:initializer
process_initializer
path
when
:routes
# Routes affect which controller methods are treated as actions
# which affects which templates are rendered, so routes, controllers,
# and templates rendered from controllers must be rescanned
tracker
.
reset_routes
tracker
.
reset_templates
:only_rendered
=>
true
process_routes
process_controllers
when
:gemfile
process_gems
else
return
false
#Nothing to do, file hopefully does not need to be rescanned
end
true
end
def
rescan_controller
path
#Process source
process_controller
path
#Process data flow and template rendering
#from the controller
tracker
.
controllers
.
each
do
|
name
,
controller
|
if
controller
[
:file
]
==
path
tracker
.
templates
.
keys
.
each
do
|
template_name
|
if
template_name
.
to_s
.
match
/(.+)\.
#{
name
}
#/
tracker
.
templates
.
delete
template_name
end
end
@processor
.
process_controller_alias
controller
[
:src
]
end
end
end
def
rescan_template
path
template_name
=
template_path_to_name
(
path
)
tracker
.
reset_template
template_name
process_template
path
@processor
.
process_template_alias
tracker
.
templates
[
template_name
]
rescan
=
Set
.
new
rendered_from_controller
=
/^
#{
template_name
}
\.(.+Controller)#(.+)/
rendered_from_view
=
/^
#{
template_name
}
\.Template:(.+)/
#Search for processed template and process it.
#Search for rendered versions of template and re-render (if necessary)
tracker
.
templates
.
each
do
|
name
,
template
|
if
template
[
:file
]
==
path
or
template
[
:file
].
nil?
name
=
name
.
to_s
if
name
.
match
(
rendered_from_controller
)
#Rendered from controller, so reprocess controller
rescan
<<
[
:controller
,
$1
.
to_sym
,
$2
.
to_sym
]
elsif
name
.
match
(
rendered_from_view
)
#Rendered from another template, so reprocess that template
rescan
<<
[
:template
,
$1
.
to_sym
]
end
end
end
rescan
.
each
do
|
r
|
if
r
[
0
]
==
:controller
controller
=
tracker
.
controllers
[
r
[
1
]]
if
@paths
.
include?
controller
[
:file
]
rescan_controller
controller
[
:file
]
else
@processor
.
process_controller_alias
controller
[
:src
],
r
[
2
]
end
elsif
r
[
0
]
==
:template
template
=
tracker
.
templates
[
r
[
1
]]
rescan_template
template
[
:file
]
end
end
end
def
rescan_model
path
num_models
=
tracker
.
models
.
length
tracker
.
reset_model
path
process_model
path
if
File
.
exists?
path
#Only need to rescan other things if a model is added or removed
if
num_models
!=
tracker
.
models
.
length
process_templates
process_controllers
end
end
#Guess at what kind of file the path contains
def
file_type
path
case
path
when
/\/app\/controllers/
:controller
when
/\/app\/views/
:template
when
/\/app\/models/
:model
when
/\/lib/
:lib
when
/\/config\/initializers/
:initializer
when
/config\/routes\.rb/
:routes
when
/\/config/
:config
when
/Gemfile/
:gemfile
else
:unknown
end
end
end
class
Brakeman::RescanReport
attr_reader
:old_results
,
:new_results
def
initialize
old_results
,
new_results
@old_results
=
old_results
@new_results
=
new_results
@diff
=
nil
end
#Returns an array of warnings which were in the old report but are not in the
#new report after rescanning
def
fixed_warnings
diff
[
:fixed
]
end
#Returns an array of warnings which were in the new report but were not in
#the old report
def
new_warnings
diff
[
:new
]
end
#Returns true if there are any new or fixed warnings
def
warnings_changed?
not
(
diff
[
:new
].
empty?
and
diff
[
:fixed
].
empty?
)
end
#Returns a hash of arrays for :new and :fixed warnings
def
diff
@diff
||=
@old_results
.
diff
(
@new_results
)
end
end
#This is from Rails 3 version of the Erubis handler
class
Brakeman::RailsXSSErubis
<
::
Erubis
::
Eruby
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录