by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 10:24
    GrandGarcon starred presidentbeef/brakeman
  • 08:46
    macchiang starred presidentbeef/brakeman
  • 05:59

    presidentbeef on all_files_maybe

    Truly skip vendor/ (compare)

  • 05:26

    presidentbeef on all_files_maybe

    Actually really skip vendor may… (compare)

  • 05:00

    presidentbeef on all_files_maybe

    Actually skip vendor/ (compare)

  • 03:22

    presidentbeef on all_files_maybe

    Skip vendor/ directory by defau… (compare)

  • Sep 28 22:14
    presidentbeef opened #1517
  • Sep 28 20:35

    presidentbeef on main

    Add SARIF output format Update CHANGES * Add SARIF rep… Bump to 4.10.0 and 2 more (compare)

  • Sep 28 20:35

    presidentbeef on v4.10.0

    (compare)

  • Sep 28 20:26

    presidentbeef on 4_10_release

    Limit Haml version to ~5.1.0 U… (compare)

  • Sep 28 20:23

    presidentbeef on gh-pages

    Site updated at Mon 28 Sep 2020… (compare)

  • Sep 28 19:46
    presidentbeef commented #1505
  • Sep 28 19:30

    presidentbeef on 4_10_release

    Add SARIF output format Update CHANGES * Add SARIF rep… Bump to 4.10.0 (compare)

  • Sep 28 04:33
    adamnengland commented #1505
  • Sep 25 22:44

    presidentbeef on all_files_maybe

    Use relative paths for checking… (compare)

  • Sep 25 14:32
    stephanyan starred presidentbeef/brakeman
  • Sep 25 06:19

    presidentbeef on all_files_maybe

    Exclude paths for templates, too (compare)

  • Sep 25 03:58

    presidentbeef on all_files_maybe

    Handle template paths with no v… Merge branch 'all_files_maybe' … (compare)

  • Sep 24 06:33
    2TpwfxFeH8tg starred presidentbeef/brakeman
  • Sep 24 02:51
    EdeQin starred presidentbeef/brakeman
Justin Collins
@presidentbeef
That is correct
Although if you are feeling particularly brave you can try pointing --add-libs-path to vendor or wherever you put your gems but results are not guaranteed
AlanZY
@AlanZY
ok, thanks a lot!!
Justin Collins
@presidentbeef
Apparently I stopped posting releases here? Sorry! Brakeman 4.3.1 is out: https://brakemanscanner.org/blog/2018/06/06/brakeman-4-dot-3-1-released/
Sid Jayanna
@sjayanna
Hey! Is there a way to post brakeman errors right into the github PR as comments that way it is easy to see it by the devs.
Sid Jayanna
@sjayanna
Justin Collins
@presidentbeef
I don't recommend using Pronto. It tries to only scan changed files, but Brakeman needs to scan the entire application to be accurate.
the posting to GitHub feature is cool though
Sid Jayanna
@sjayanna
Thanks! @presidentbeef
Justin Collins
@presidentbeef
Hey folks - Brakeman/Brakeman Pro has been acquired by Synopsys: https://brakemanscanner.org/blog/2018/06/28/brakeman-has-been-acquired-by-synopsys/
As part of the acquisition agreement, Brakeman is being distributed under a new license. Essentially, it restricts companies from reselling Brakeman as a product feature without a commercial agreement with Synopsys. You can read my attempts at clarity here: https://github.com/presidentbeef/brakeman/pull/1238#issuecomment-401448976
Justin Collins
@presidentbeef
Brakeman is now on Docker Hub: https://hub.docker.com/r/presidentbeef/brakeman/
So you can do something like:
docker pull presidentbeef/brakeman
cd your/rails/app/
docker run -v "$(pwd)":/code brakeman --color
balatiruvalluru
@balatiruvalluru
Hi I new to using Brakeman, i just installed as per the document and ran the brake man, unfortunately i am seeing the below errors. Please help
Processing templates...
/Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/haml_template_processor.rb:61:in process_call': Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Unrecognized action on _hamlout: fix_textareas! (RuntimeError) from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:75:inblock in process'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:112:in in_context' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:71:inprocess'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/template_processor.rb:25:in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/haml_template_processor.rb:14:inprocess_call'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:75:in block in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:112:inin_context'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:71:in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/template_processor.rb:25:inprocess'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/base_processor.rb:146:in block in process_arglist' from (eval):3:inmap!'
from (eval):3:in map!' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/base_processor.rb:145:inprocess_arglist'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:75:in block in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:112:inin_context'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:71:in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/template_processor.rb:25:inprocess'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/haml_template_processor.rb:100:in process_call' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:75:inblock in process'
Using Rails 5.1.5 and brakeman 4.3.1
Justin Collins
@presidentbeef
@balatiruvalluru Hi! Is it possible to provide the report_mailer/report_failed_email.html.haml file? Or a small piece of it to reproduce the error? It seems there may be a Haml feature we aren't supporting correctly.
balatiruvalluru
@balatiruvalluru
Thanks for the quick reply. I am sorry i can't find that file. I am running the Brakeman from the root directory of the application.
Justin Collins
@presidentbeef
it would be app/views/report_mailer/report_failed_email.html.haml
probably
@balatiruvalluru or if you ran brakeman -d it should show you the exact file name
balatiruvalluru
@balatiruvalluru
i got that file with the below details

%p= t('mailer.report.the_report_for_had_errors', type: t(@report.code, scope: 'reports.titles'), site: @report.site.description)

%pre= @status_messages

  • if @report_url.present?
    %p= t('mailer.report.you_can_view_it_online_here', href: link_to(t('mailer.here'), @report_url)).html_safe
brakeman -d output
balatiruvalluru
@balatiruvalluru
report_failed_email.html.haml
/Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/haml_template_processor.rb:61:in process_call': Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Unrecognized action on _hamlout: fix_textareas! (RuntimeError) from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:75:inblock in process'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:112:in in_context' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:71:inprocess'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/template_processor.rb:25:in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/haml_template_processor.rb:14:inprocess_call'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:75:in block in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:112:inin_context'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:71:in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/template_processor.rb:25:inprocess'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/base_processor.rb:146:in block in process_arglist' from (eval):3:inmap!'
from (eval):3:in `map!'
Justin Collins
@presidentbeef
@balatiruvalluru are you running Brakeman with rake? It looks like you may be picking up an unsupported version of Haml (see presidentbeef/brakeman#1044)
balatiruvalluru
@balatiruvalluru
The error is same as the #1044
i don't know if i am using rake.but haml version is
Haml 5.0.4
Justin Collins
@presidentbeef
How are you running Brakeman? Just brakeman? Try running outside of your application directory. Like brakeman path/to/your_app/
balatiruvalluru
@balatiruvalluru
yes, i tried that as well.
i will try now again and give you the result
Same error
Should i follow the instructions as below?
Justin Collins
@presidentbeef
Those aren't instructions, that is how the brakeman gem is built
balatiruvalluru
@balatiruvalluru
oh ok. sorry to bother you much, what is the next steps i have to di
do
Justin Collins
@presidentbeef
I don't really know why that version of Haml is being loaded, but you probably need to change your environment so it just has the brakeman gem in it.
balatiruvalluru
@balatiruvalluru
shall i install Brakeman on another machine or run from Jenkins?
Justin Collins
@presidentbeef
If you were using rvm you could just use a different gemset, but I'm not sure what to recommend for rbenv
balatiruvalluru
@balatiruvalluru
hmm. ok. Thank you very much for the help. i will try in another environment.
Maciej Mensfeld
@mensfeld
Hey @presidentbeef is there a chance to catch you somehow via email?
I have a licence related question as I want to publish an open source project that uses brakemen as one of the libs
Justin Collins
@presidentbeef
@mensfeld sure, justin@presidentbeef.com
Maciej Mensfeld
@mensfeld
Thanks @presidentbeef writing an email as we speak
Justin Collins
@presidentbeef
Brakeman 4.4.0 is out! https://brakemanscanner.org/blog/2019/01/17/brakeman-4-dot-4-dot-0-released
I know it's been a loooonnnnngggg time, so I apologize and thank everyone for your patience.
I expect to return to doing a release every 1-2 months. There is already a backlog of PRs for the next release.
Justin Collins
@presidentbeef
New release is pending...! Expect to have it out this evening. The minimum required Ruby version to run Brakeman will be raised from 1.9.3 (!!) to 2.3.0.
Additionally, the new version of RubyParser will fix a lot (all?) of the parsing issues folks have been seeing.
Maciej Mensfeld
@mensfeld
@presidentbeef will you update the license?
Rubygems still say non standard
which is really broad
also @presidentbeef is the license document for breakman open source or not? :D