class Brakeman::Rails2ConfigProcessor

Values for tracker.config.rails will still be Sexps.<br><br>tracker.config[:action_controller][:session_store]

will be stored in
end
config.action_controller.session_store = :cookie_store
Rails::Initializer.run |config|
For example:
Configuration of Rails via Rails::Initializer are stored in tracker.config.rails.
Processes configuration. Results are put in tracker.config.

def get_rails_config exp

[:action_controller, :session_store]

becomes

config.action_controller.session_store = :cookie

Returns an array of symbols for each 'level' in the config

def get_rails_config exp
  if node_type? exp, :attrasgn
    attribute = exp.method.to_s[0..-2].to_sym
    get_rails_config(exp.target) << attribute
  elsif call? exp
    if exp.target == RAILS_CONFIG
      [exp.method]
    else
      get_rails_config(exp.target) << exp.method
    end
  else
    raise "WHAT"
  end
end

def include_rails_config? exp

Check if an expression includes a call to set Rails config

def include_rails_config? exp
  target = exp.target
  if call? target
    if target.target == RAILS_CONFIG
      true
    else
      include_rails_config? target
    end
  elsif target == RAILS_CONFIG
    true
  else
    false
  end
end

def initialize *args

def initialize *args
  super
end

def process_attrasgn exp

Look for configuration settings

def process_attrasgn exp
  if exp.target == RAILS_CONFIG
    #Get rid of '=' at end
    attribute = exp.method.to_s[0..-2].to_sym
    if exp.num_args > 1
      #Multiple arguments?...not sure if this will ever happen
      @tracker.config.rails[attribute] = exp.args
    else
      @tracker.config.rails[attribute] = exp.first_arg
    end
  elsif include_rails_config? exp
    options = get_rails_config exp
    level = @tracker.config.rails
    options[0..-2].each do |o|
      level[o] ||= {}
      level = level[o]
    end
    level[options.last] = exp.first_arg
  end
  exp
end

def process_call exp

but because it's 2026 we're going to use Erubi
Check if config is set to use Erubis

def process_call exp
  target = exp.target
  target = process target if sexp? target
  if exp.method == :gem and exp.first_arg.value == "erubis"
    Brakeman.debug "[Notice] Using Erubi for ERB templates"
    @tracker.config.erubi = true
  end
  exp
end

def process_cdecl exp

Check for Rails version

def process_cdecl exp
  #Set Rails version required
  if exp.lhs == :RAILS_GEM_VERSION
    @tracker.config.set_rails_version exp.rhs.value
  end
  exp
end

def process_config src, current_file

Use this method to process configuration file

def process_config src, current_file
  @current_file = current_file
  res = Brakeman::ConfigAliasProcessor.new.process_safely(src, nil, current_file)
  process res
end

Namespace

Brakeman

Parent class

Brakeman::BasicProcessor

Instance Methods

Defined in

lib/brakeman/processors/lib/rails2_config_processor.rb

Modules

Classes