Module Brakeman::Util
In: lib/brakeman/util.rb

This is a mixin containing utility methods.

Methods

Constants

QUERY_PARAMETERS = Sexp.new(:call, Sexp.new(:call, nil, :request), :query_parameters)
PATH_PARAMETERS = Sexp.new(:call, Sexp.new(:call, nil, :request), :path_parameters)
REQUEST_PARAMETERS = Sexp.new(:call, Sexp.new(:call, nil, :request), :request_parameters)
REQUEST_PARAMS = Sexp.new(:call, Sexp.new(:call, nil, :request), :parameters)
REQUEST_ENV = Sexp.new(:call, Sexp.new(:call, nil, :request), :env)
PARAMETERS = Sexp.new(:call, nil, :params)
COOKIES = Sexp.new(:call, nil, :cookies)
REQUEST_COOKIES = s(:call, s(:call, nil, :request), :cookies)
SESSION = Sexp.new(:call, nil, :session)
ALL_PARAMETERS = Set[PARAMETERS, QUERY_PARAMETERS, PATH_PARAMETERS, REQUEST_PARAMETERS, REQUEST_PARAMS]
ALL_COOKIES = Set[COOKIES, REQUEST_COOKIES]
SAFE_LITERAL = s(:lit, :BRAKEMAN_SAFE_LITERAL)
PARAMS_SEXP = Sexp.new(:params)   These are never modified
SESSION_SEXP = Sexp.new(:session)
COOKIES_SEXP = Sexp.new(:cookies)

Public Instance methods

Check if exp represents an array: s(:array, […])

Check if exp represents a block of code

Check if exp represents a method call: s(:call, …)

Convert a string from "something_like_this" to "SomethingLikeThis"

Taken from ActiveSupport.

Returns a class name as a Symbol. If class name cannot be determined, returns exp.

Returns true if the given exp contains a :class node.

Useful for checking if a module is just a module or if it is a namespace.

Return array of lines surrounding the warning location from the original file.

Check if exp represents a :false or :nil node

Attempt to determine path to context file based on the reported name in the warning.

For example,

  file_by_name FileController #=> "/rails/root/app/controllers/file_controller.rb

Return file name related to given warning. Uses +warning.file+ if it exists

Check if exp represents a hash: s(:hash, {…}) This also includes pseudo hashes params, session, and cookies.

Get value from hash using key.

If key is a Symbol, it will be converted to a Sexp(:lit, key).

Insert value into Hash Sexp

Takes an Sexp like

 (:hash, (:lit, :key), (:str, "value"))

and yields the key and value pairs to the given block.

For example:

 h = Sexp.new(:hash, (:lit, :name), (:str, "bob"), (:lit, :name), (:str, "jane"))
 names = []
 hash_iterate(h) do |key, value|
   if symbol? key and key[1] == :name
     names << value[1]
   end
 end
 names #["bob"]

Check if exp represents an Integer: s(:lit, …)

Check if exp is a Sexp and the node type matches one of the given types.

Check if exp represents a number: s(:lit, …)

Check if exp is a params hash

stupid simple, used to delegate to ActiveSupport

Check if exp represents a Regexp: s(:lit, /…/)

Check if exp is params, cookies, or request_env

Check if exp represents a result: s(:result, …)

Adds params, session, and cookies to environment so they can be replaced by their respective Sexps.

Check if exp is a Sexp.

Check if exp represents a String: s(:str, "…")

Check if exp represents a Symbol: s(:lit, :…)

Convert path/filename to view name

 views/test/something.html.erb -> test/something

Check if exp represents a :true, :lit, or :string node

Convert a string from "Something::LikeThis" to "something/like_this"

Taken from ActiveSupport.

[Validate]