by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Aug 01 23:17
    JordanLoehr starred presidentbeef/brakeman
  • Aug 01 05:11
    presidentbeef opened #1496
  • Aug 01 02:47

    presidentbeef on safe_yaml_load_false_positive

    Oops check the YAML.load if saf… (compare)

  • Aug 01 02:32

    presidentbeef on safe_yaml_load_false_positive

    Avoid warning about YAML.load i… (compare)

  • Jul 31 20:49

    presidentbeef on better_handle_safe_methods

    Clear the whole thing, don't ma… (compare)

  • Jul 30 17:47
    BuonOmo commented #1494
  • Jul 30 17:44

    presidentbeef on better_handle_safe_methods

    Better safe method handling Add per-check hook for checking… Use per_check_safe_call? in Che… and 3 more (compare)

  • Jul 30 17:03
    presidentbeef commented #1494
  • Jul 30 16:21

    presidentbeef on main

    Add check for user input unsafe… Merge branch 'include_erb' of h… Update ERB injection tests and 1 more (compare)

  • Jul 30 16:21

    presidentbeef on update_erb_check_pr

    (compare)

  • Jul 30 16:21
    presidentbeef closed #1495
  • Jul 30 03:15
  • Jul 29 11:19
    marian13 starred presidentbeef/brakeman
  • Jul 28 17:20
    sebastiendeu starred presidentbeef/brakeman
  • Jul 28 09:15
    patevs starred presidentbeef/brakeman
  • Jul 28 08:05
    JuPlutonic starred presidentbeef/brakeman
  • Jul 25 17:05
    Abd-Elrazek starred presidentbeef/brakeman
  • Jul 24 09:36
    bartekadams starred presidentbeef/brakeman
  • Jul 23 11:47
    AdamDubnytskyy starred presidentbeef/brakeman
  • Jul 22 23:57
    presidentbeef commented #1493
Justin Collins
@presidentbeef
How are you running Brakeman? Just brakeman? Try running outside of your application directory. Like brakeman path/to/your_app/
balatiruvalluru
@balatiruvalluru
yes, i tried that as well.
i will try now again and give you the result
Same error
Should i follow the instructions as below?
Justin Collins
@presidentbeef
Those aren't instructions, that is how the brakeman gem is built
balatiruvalluru
@balatiruvalluru
oh ok. sorry to bother you much, what is the next steps i have to di
do
Justin Collins
@presidentbeef
I don't really know why that version of Haml is being loaded, but you probably need to change your environment so it just has the brakeman gem in it.
balatiruvalluru
@balatiruvalluru
shall i install Brakeman on another machine or run from Jenkins?
Justin Collins
@presidentbeef
If you were using rvm you could just use a different gemset, but I'm not sure what to recommend for rbenv
balatiruvalluru
@balatiruvalluru
hmm. ok. Thank you very much for the help. i will try in another environment.
Maciej Mensfeld
@mensfeld
Hey @presidentbeef is there a chance to catch you somehow via email?
I have a licence related question as I want to publish an open source project that uses brakemen as one of the libs
Justin Collins
@presidentbeef
@mensfeld sure, justin@presidentbeef.com
Maciej Mensfeld
@mensfeld
Thanks @presidentbeef writing an email as we speak
Justin Collins
@presidentbeef
Brakeman 4.4.0 is out! https://brakemanscanner.org/blog/2019/01/17/brakeman-4-dot-4-dot-0-released
I know it's been a loooonnnnngggg time, so I apologize and thank everyone for your patience.
I expect to return to doing a release every 1-2 months. There is already a backlog of PRs for the next release.
Justin Collins
@presidentbeef
New release is pending...! Expect to have it out this evening. The minimum required Ruby version to run Brakeman will be raised from 1.9.3 (!!) to 2.3.0.
Additionally, the new version of RubyParser will fix a lot (all?) of the parsing issues folks have been seeing.
Maciej Mensfeld
@mensfeld
@presidentbeef will you update the license?
Rubygems still say non standard
which is really broad
also @presidentbeef is the license document for breakman open source or not? :D
That is, can the license it self be used in other software? :D
Justin Collins
@presidentbeef
So I didn't get the release out yet. Shouldn't have estimated the time when there's an external dependency..
@mensfeld when the release is out the license on rubygems
Will be updated
The license is based on the WPScan license... So I guess it's fine to take and adapt it if it fits your needs? Probably should ask a lawyer...
Maciej Mensfeld
@mensfeld
:D
OK their license is public
I will reuse it than
I have a lot of OSS that I want to release on the same license as Brakeman
that is - completely free to run as long as it runs within the organization (not when it is executed as a service by someone else for the organization)
Justin Collins
@presidentbeef
@mensfeld a couple notes:
1 - It's not an "open source" license, it does not meet the definition of open source by the OSI: https://opensource.org/osd
2 - The lawyer who wrote the Brakeman license said the WPScan license is flawed because it does not include a "Grant" section
Justin Collins
@presidentbeef
As noted earlier, the minimum Ruby version to run Brakeman is now 2.3.0. Finally, we can use modern Ruby syntax!
Maciej Mensfeld
@mensfeld
@presidentbeef thanks
Maciej Mensfeld
@mensfeld
@presidentbeef one more note
Brakeman Public Use License
I think it should be Brakeman Public Use License 1.0 :D
or something lik that
to easily indicate changes in the future
Justin Collins
@presidentbeef
@mensfeld Noted...but not planning on making the change at this point. If there is an updated license, the version number can be added then.
Maciej Mensfeld
@mensfeld
Jup :) just wanted to point that out
thanks!
linosgian
@linosgian
Hello! I was wondering whether the ruby 1.9.3 requirement under https://github.com/presidentbeef/brakeman/blob/master/CONTRIBUTING.md is up to date
Justin Collins
@presidentbeef
@linosgian it is not... 2.3.0 is the current minimum
linosgian
@linosgian
I thought so since it's discontinued for so long, just making sure before I start developing. Cheers!
Justin Collins
@presidentbeef
@/all Hi folks - if you are interested in "incremental scans" - scanning only a subset of files for e.g. a git commit hook or IDE integration, I would appreciate your feedback here: presidentbeef/brakeman#1368
linosgian
@linosgian
In the case of a function call (e.g. func(var1, var2)), variables will appear as :call right? Is this because of the () being optional in Ruby? Is there a way to distinguish the no-argument function call vs variable passing in brakeman (aka statically)?