lib/brakeman/processors/controller_alias_processor.rb in brakeman-lib-5.0.2 vs lib/brakeman/processors/controller_alias_processor.rb in brakeman-lib-5.0.4

@@ -49,11 +49,11 @@
 
       methods.each do |name|
         #Need to process the method like it was in a controller in order
         #to get the renders set
         processor = Brakeman::ControllerProcessor.new(@tracker, mixin.file)
-        method = mixin.get_method(name).src.deep_clone
+        method = mixin.get_method(name)[:src].deep_clone
 
         if node_type? method, :defn
           method = processor.process_defn method
         else
           #Should be a defn, but this will catch other cases
@@ -141,30 +141,30 @@
 
   #Processes a call to a before filter.
   #Basically, adds any instance variable assignments to the environment.
   #TODO: method arguments?
   def process_before_filter name
-    filter = tracker.find_method name, @current_class
+    filter = find_method name, @current_class
 
     if filter.nil?
       Brakeman.debug "[Notice] Could not find filter #{name}"
       return
     end
 
-    method = filter.src
+    method = filter[:method]
 
-    if ivars = @tracker.filter_cache[[filter.owner, name]]
+    if ivars = @tracker.filter_cache[[filter[:controller], name]]
       ivars.each do |variable, value|
         env[variable] = value
       end
     else
       processor = Brakeman::AliasProcessor.new @tracker
       processor.process_safely(method.body_list, only_ivars(:include_request_vars))
 
       ivars = processor.only_ivars(:include_request_vars).all
 
-      @tracker.filter_cache[[filter.owner, name]] = ivars
+      @tracker.filter_cache[[filter[:controller], name]] = ivars
 
       ivars.each do |variable, value|
         env[variable] = value
       end
     end
@@ -180,11 +180,11 @@
   def process_template name, args, _, line
     # If line is null, assume implicit render and set the end of the action
     # method as the line number
     if line.nil? and controller = @tracker.controllers[@current_class]
       if meth = controller.get_method(@current_method)
-        if line = meth.src && meth.src.last && meth.src.last.line
+        if line = meth[:src] && meth[:src].last && meth[:src].last.line
           line += 1
         else
           line = 1
         end
       end
@@ -237,8 +237,45 @@
 
     if controller
       controller.before_filter_list self, method
     else
       []
+    end
+  end
+
+  #Finds a method in the given class or a parent class
+  #
+  #Returns nil if the method could not be found.
+  #
+  #If found, returns hash table with controller name and method sexp.
+  def find_method method_name, klass
+    return nil if sexp? method_name
+    method_name = method_name.to_sym
+
+    if method = @method_cache[method_name]
+      return method
+    end
+
+    controller = @tracker.controllers[klass]
+    controller ||= @tracker.libs[klass]
+
+    if klass and controller
+      method = controller.get_method method_name
+
+      if method.nil?
+        controller.includes.each do |included|
+          method = find_method method_name, included
+          if method
+            @method_cache[method_name] = method
+            return method
+          end
+       end
+
+        @method_cache[method_name] = find_method method_name, controller.parent
+      else
+        @method_cache[method_name] = { :controller => controller.name, :method => method[:src] }
+      end
+    else
+      nil
     end
   end
 end