Sha256: c993b833ccc609289e5a3c5e46fce5ad7a02fe728d5616f8265bbaba0d312e0b
Contents?: true
Size: 1.37 KB
Versions: 11
Compression:
Stored size: 1.37 KB
Contents
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
# This module is used to track propagation through ERB template rendering
module ERBPropagator
class << self
def result_tagger patcher, preshift, ret, _block
return unless preshift.args.length >= 1
return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
used_binding = preshift.args[0]
binding_variable_set = used_binding.local_variables
erb_pre_result = preshift.object.src
parent_events = []
binding_variable_set.each do |bound_var_symbol|
bound_variable_value = used_binding.local_variable_get(bound_var_symbol)
next unless Contrast::Agent::Assess::Tracker.tracked?(bound_variable_value)
next unless erb_pre_result.include?(bound_var_symbol.to_s)
start_index = ret.index(bound_variable_value)
next if start_index.nil?
properties.copy_from(bound_variable_value, ret, start_index)
parent_event = Contrast::Agent::Assess::Tracker.properties(bound_variable_value)&.event
parent_events << parent_event if parent_event
end
properties.build_event(patcher, ret, preshift.object, ret, preshift.args, 1)
properties.event.instance_variable_set(:@_parent_events, parent_events)
ret
end
end
end
Version data entries
11 entries across 11 versions & 1 rubygems