lib/brakeman/processors/lib/rails3_route_processor.rb in brakeman-1.6.2 vs lib/brakeman/processors/lib/rails3_route_processor.rb in brakeman-1.7.0
- old
+ new
@@ -12,10 +12,11 @@
@map = Sexp.new(:lvar, :map)
@nested = nil #used for identifying nested targets
@prefix = [] #Controller name prefix (a module name, usually)
@current_controller = nil
@with_options = nil #For use inside map.with_options
+ @controller_block = false
end
def process_routes exp
process exp.dup
end
@@ -47,10 +48,12 @@
process_resource_block exp
when :resources
process_resources_block exp
when :scope
process_scope_block exp
+ when :controller
+ process_controller_block exp
else
super
end
end
@@ -69,15 +72,12 @@
def process_root exp
args = exp[3][1..-1]
if value = hash_access(args[0], :to)
- if string? value[1]
- controller, action = extract_action v[1]
-
- self.current_controller = controller
- @tracker.routes[@current_controller] << action.to_sym
+ if string? value
+ add_route_from_string value
end
end
exp
end
@@ -95,69 +95,101 @@
matcher.include? ':controller' and matcher.include? ':action' #Default routes
@tracker.routes[:allow_all_actions] = args[0]
return exp
elsif matcher.include? ':action'
action_variable = true
+ elsif args[1].nil? and in_controller_block? and not matcher.include? ":"
+ add_route matcher
end
end
if hash? args[-1]
hash_iterate args[-1] do |k, v|
- if string? k and string? v
- controller, action = extract_action v[1]
+ if string? k
+ if string? v
+ add_route_from_string v[1]
+ elsif in_controller_block? and symbol? v
+ add_route v
+ end
+ elsif symbol? k
+ case k[1]
+ when :action
+ if string? v
+ add_route_from_string v
+ else
+ add_route v
+ end
- self.current_controller = controller
- @tracker.routes[@current_controller] << action.to_sym if action
- elsif symbol? k and k[1] == :action
- @tracker.routes[@current_controller] << v[1].to_sym
action_variable = false
+ when :to
+ if string? v
+ add_route_from_string v[1]
+ elsif in_controller_block? and symbol? v
+ add_route v
+ end
+ end
end
end
end
if action_variable
@tracker.routes[@current_controller] = :allow_all_actions
end
+ @current_controller = nil unless in_controller_block?
exp
end
+ def add_route_from_string value
+ value = value[1] if string? value
+
+ controller, action = extract_action value
+
+ if action
+ add_route action, controller
+ elsif in_controller_block?
+ add_route value
+ end
+ end
+
def process_verb exp
args = exp[3][1..-1]
if symbol? args[0] and not hash? args[1]
- @tracker.routes[@current_controller] << args[0][1]
+ add_route args[0]
elsif hash? args[1]
hash_iterate args[1] do |k, v|
- if symbol? k and k[1] == :to and string? v
- controller, action = extract_action v[1]
-
- self.current_controller = controller
- @tracker.routes[@current_controller] << action.to_sym
+ if symbol? k and k[1] == :to
+ if string? v
+ add_route_from_string v[1]
+ elsif in_controller_block? and symbol? v
+ add_route v
+ end
end
end
elsif string? args[0]
route = args[0][1].split "/"
if route.length != 2
- @tracker.routes[@current_controller] << route[0].to_sym
+ add_route route[0]
else
- self.current_controller = route[0]
- @tracker.routes[@current_controller] << route[1].to_sym
- @current_controller = nil
+ add_route route[1], route[0]
end
+ elsif in_controller_block? and symbol? args[0]
+ add_route args[0]
else hash? args[0]
hash_iterate args[0] do |k, v|
- if string? v
- controller, action = extract_action v[1]
-
- self.current_controller = controller
- @tracker.routes[@current_controller] << action.to_sym
- break
+ if string? k
+ if string? v
+ add_route_from_string v
+ elsif in_controller_block?
+ add_route v
+ end
end
end
end
+ @current_controller = nil unless in_controller_block?
exp
end
def process_resources exp
if exp[3] and exp[3][2] and exp[3][2][0] == :hash
@@ -169,10 +201,11 @@
self.current_controller = s[1]
add_resources_routes
end
end
+ @current_controller = nil unless in_controller_block?
exp
end
def process_resource exp
#Does resource even take more than one controller name?
@@ -184,30 +217,62 @@
#handle something else, like options
#or something?
end
end
+ @current_controller = nil unless in_controller_block?
exp
end
def process_resources_block exp
- process_resources exp[1]
- process exp[3]
+ in_controller_block do
+ process_resources exp[1]
+ process exp[3]
+ end
+
+ @current_controller = nil
exp
end
def process_resource_block exp
- process_resource exp[1]
- process exp[3]
+ in_controller_block do
+ process_resource exp[1]
+ process exp[3]
+ end
+
+ @current_controller = nil
exp
end
def process_scope_block exp
#How to deal with options?
process exp[3]
exp
end
+ def process_controller_block exp
+ args = exp[1][3]
+ self.current_controller = args[1][1]
+
+ in_controller_block do
+ process exp[-1] if exp[-1]
+ end
+
+ @current_controller = nil
+ exp
+ end
+
def extract_action str
str.split "#"
+ end
+
+ def in_controller_block?
+ @controller_block
+ end
+
+ def in_controller_block
+ prev_block = @controller_block
+ @controller_block = true
+ yield
+ @controller_block = prev_block
end
end