by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
balatiruvalluru
@balatiruvalluru

%p= t('mailer.report.the_report_for_had_errors', type: t(@report.code, scope: 'reports.titles'), site: @report.site.description)

%pre= @status_messages

  • if @report_url.present?
    %p= t('mailer.report.you_can_view_it_online_here', href: link_to(t('mailer.here'), @report_url)).html_safe
brakeman -d output
balatiruvalluru
@balatiruvalluru
report_failed_email.html.haml
/Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/haml_template_processor.rb:61:in process_call': Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Error when processing report_mailer/report_failed_email: Unrecognized action on _hamlout: fix_textareas! (RuntimeError) from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:75:inblock in process'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:112:in in_context' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:71:inprocess'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/template_processor.rb:25:in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/haml_template_processor.rb:14:inprocess_call'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:75:in block in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:112:inin_context'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/ruby_parser/bm_sexp_processor.rb:71:in process' from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/template_processor.rb:25:inprocess'
from /Users/bala/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/brakeman-4.3.1/lib/brakeman/processors/base_processor.rb:146:in block in process_arglist' from (eval):3:inmap!'
from (eval):3:in `map!'
Justin Collins
@presidentbeef
@balatiruvalluru are you running Brakeman with rake? It looks like you may be picking up an unsupported version of Haml (see presidentbeef/brakeman#1044)
balatiruvalluru
@balatiruvalluru
The error is same as the #1044
i don't know if i am using rake.but haml version is
Haml 5.0.4
Justin Collins
@presidentbeef
How are you running Brakeman? Just brakeman? Try running outside of your application directory. Like brakeman path/to/your_app/
balatiruvalluru
@balatiruvalluru
yes, i tried that as well.
i will try now again and give you the result
Same error
Should i follow the instructions as below?
Justin Collins
@presidentbeef
Those aren't instructions, that is how the brakeman gem is built
balatiruvalluru
@balatiruvalluru
oh ok. sorry to bother you much, what is the next steps i have to di
do
Justin Collins
@presidentbeef
I don't really know why that version of Haml is being loaded, but you probably need to change your environment so it just has the brakeman gem in it.
balatiruvalluru
@balatiruvalluru
shall i install Brakeman on another machine or run from Jenkins?
Justin Collins
@presidentbeef
If you were using rvm you could just use a different gemset, but I'm not sure what to recommend for rbenv
balatiruvalluru
@balatiruvalluru
hmm. ok. Thank you very much for the help. i will try in another environment.
Maciej Mensfeld
@mensfeld
Hey @presidentbeef is there a chance to catch you somehow via email?
I have a licence related question as I want to publish an open source project that uses brakemen as one of the libs
Justin Collins
@presidentbeef
@mensfeld sure, justin@presidentbeef.com
Maciej Mensfeld
@mensfeld
Thanks @presidentbeef writing an email as we speak
Justin Collins
@presidentbeef
Brakeman 4.4.0 is out! https://brakemanscanner.org/blog/2019/01/17/brakeman-4-dot-4-dot-0-released
I know it's been a loooonnnnngggg time, so I apologize and thank everyone for your patience.
I expect to return to doing a release every 1-2 months. There is already a backlog of PRs for the next release.
Justin Collins
@presidentbeef
New release is pending...! Expect to have it out this evening. The minimum required Ruby version to run Brakeman will be raised from 1.9.3 (!!) to 2.3.0.
Additionally, the new version of RubyParser will fix a lot (all?) of the parsing issues folks have been seeing.
Maciej Mensfeld
@mensfeld
@presidentbeef will you update the license?
Rubygems still say non standard
which is really broad
also @presidentbeef is the license document for breakman open source or not? :D
That is, can the license it self be used in other software? :D
Justin Collins
@presidentbeef
So I didn't get the release out yet. Shouldn't have estimated the time when there's an external dependency..
@mensfeld when the release is out the license on rubygems
Will be updated
The license is based on the WPScan license... So I guess it's fine to take and adapt it if it fits your needs? Probably should ask a lawyer...
Maciej Mensfeld
@mensfeld
:D
OK their license is public
I will reuse it than
I have a lot of OSS that I want to release on the same license as Brakeman
that is - completely free to run as long as it runs within the organization (not when it is executed as a service by someone else for the organization)
Justin Collins
@presidentbeef
@mensfeld a couple notes:
1 - It's not an "open source" license, it does not meet the definition of open source by the OSI: https://opensource.org/osd
2 - The lawyer who wrote the Brakeman license said the WPScan license is flawed because it does not include a "Grant" section
Justin Collins
@presidentbeef
As noted earlier, the minimum Ruby version to run Brakeman is now 2.3.0. Finally, we can use modern Ruby syntax!
Maciej Mensfeld
@mensfeld
@presidentbeef thanks
Maciej Mensfeld
@mensfeld
@presidentbeef one more note
Brakeman Public Use License
I think it should be Brakeman Public Use License 1.0 :D
or something lik that
to easily indicate changes in the future
Justin Collins
@presidentbeef
@mensfeld Noted...but not planning on making the change at this point. If there is an updated license, the version number can be added then.
Maciej Mensfeld
@mensfeld
Jup :) just wanted to point that out