nil:NilClass (NoMethodError) about brakeman HOT 15 CLOSED

Hmm seems to be trying to format code on a warning with no code associated with it. I'll look into it.

from brakeman.

Hi Phil, can you try this with the latest (1.5.1) just to make sure it has not already been fixed? Thanks!

from brakeman.

Justin,

I did have an older version running, tried it with 1.5.1, same errors:

Processing configuration...
Processing gems...
Processing initializers...
Processing libs...
Processing routes...
Processing templates...
Processing data flow in templates...
Processing models...
Processing controllers...
Processing data flow in controllers...
85/123 controllers processed

Indexing call sites... ed
Running checks in parallel...

• CheckBasicAuth
• CheckCrossSiteScripting
• CheckDefaultRoutes
• CheckEscapeFunction
• CheckEvaluation
• CheckExecute
• CheckFileAccess
• CheckFilterSkipping
• CheckForgerySetting
• CheckLinkTo
• CheckLinkToHref
• CheckMailTo
• CheckMassAssignment
• CheckModelAttributes
• CheckNestedAttributes
• CheckQuoteTableName
• CheckRedirect
• CheckRender
• CheckResponseSplitting
• CheckSafeBufferManipulation
• CheckSelectVulnerability
• CheckSendFile
• CheckSessionSettings
• CheckSkipBeforeFilter
• CheckSQL
• CheckStripTags
• CheckTranslateBug
• CheckValidationRegex
• CheckWithoutProtection
  Checks finished, collecting results...
  Generating report...
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:in
  format_code': private methodgsub' called for nil:NilClass (NoMethodError)
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in
  format_message' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:in to_row'
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in
  generate_warnings' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in each'
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in
  generate_warnings' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:in to_s'
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in
  send' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in scan'
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in
  run' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 from /opt/ruby-enterprise-1.8.7-2012.02/bin/brakeman:19:inload'
  from /opt/ruby-enterprise-1.8.7-2012.02/bin/brakeman:19
  [jenkins@01-2e2itao workspace]$

Phil

from brakeman.

I cannot reproduce on my OSX box. Current running box is CentOS 5.6. If I specify checks, it seems to error when I have the "MassAssignment" check enabled. If I disable that one check, it works fine.

from brakeman.

Have done a bit more debugging. It seems that it has something to do with the Git clone of the repo. When I add the repo by hand to a separate directory and run brakeman, it works with no problems. If I run it on the clone done by Jenkins, it fails. Any thoughts?

Running checks in parallel...

• CheckMassAssignment
  Finding possible mass assignment calls on 113 models
  Processing possible mass assignment calls
  Checks finished, collecting results...
  Generating report...

{:backtrace=>["could not parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/daemon/ec2_daemon.rb. There is probably a typo in the file. Test it with 'ruby_parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/daemon/ec2_daemon.rb'"], :error=>" parse error on value "true", 76"}
{:backtrace=>["could not parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/scripts/db_consistency_cron.rb. There is probably a typo in the file. Test it with 'ruby_parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/scripts/db_consistency_cron.rb'"], :error=>" parse error on value "false", 149"}
{:backtrace=>["could not parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/app/views/accounts/new.rhtml"], :error=>" parse error on value ";" (tSEMI)"}
While formatting s(s(:lit, :ip_address_lockout_count), nil): undefined method first' for nil:NilClass /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:453:inprocess_hash'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in send' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:inprocess'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:261:in error_handler' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:208:inprocess'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in in_context' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:180:inprocess'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:20:in process' /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:211:inprocess_call'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in in_context' /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:208:inprocess_call'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:52:in process_call' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:insend'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:261:inerror_handler'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:208:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:inin_context'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:180:in process' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:20:inprocess'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:13:in format' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:informat_code'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in format_message' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:into_row'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:ineach'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:into_s'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in send' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:inscan'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in run' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 /usr/bin/brakeman:19:inload'
/usr/bin/brakeman:19
While formatting s(): undefined method empty?' for nil:NilClass /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:213:inprocess_call'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in in_context' /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:208:inprocess_call'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:52:in process_call' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:insend'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:261:inerror_handler'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:208:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:inin_context'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:180:in process' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:20:inprocess'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:13:in format' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:informat_code'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in format_message' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:into_row'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:ineach'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:into_s'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in send' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:inscan'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in run' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 /usr/bin/brakeman:19:inload'
/usr/bin/brakeman:19
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:in format_code': private methodgsub' called for nil:NilClass (NoMethodError)
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in format_message' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:into_row'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in generate_warnings' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:ineach'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in generate_warnings' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:into_s'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in send' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:inscan'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in run' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 from /usr/bin/brakeman:19:inload'
from /usr/bin/brakeman:19

from brakeman.

Different Ruby versions, maybe?

from brakeman.

Justin,

Nope, same exact Ruby, Rails, brakeman, ...

Just different BaseOS, and the fact that Jenkins is doing the "git clone"
instead of me doing it by hand.

Phil

On Mon, Mar 12, 2012 at 9:04 PM, Justin <
[email protected]

wrote:

Different Ruby versions, maybe?

---

Reply to this email directly or view it on GitHub:
#53 (comment)

Director of Security and Compliance
RightScale Inc - http://www.rightscale.com
805-243-0942
Skype: phil.cox.rs
Twitter: @sec_prof

from brakeman.

Any idea what the code that involves :ip_address_lockout_count looks like? It seems like there is some kind of issue with how it is being handled.

Sorry, these kinds of problems can be a pain to track down. I'm really not sure why different copies of the code are behaving differently, though.

from brakeman.

Seems to be working now. Not sure what the deal was.

from brakeman.

Had the same problem and had to revert from 1.8.0 to 1.7.1 for it to work.

from brakeman.

@dfuentes77 can you clarify which problem you had? Can you paste the error/stack trace? Thanks!

from brakeman.

it was pretty much the same as the very first stack trace. I'd have to update my Gemfile again and duplicate it and I'm running tests against my app using 1.7.1 right now. I'd have to get back to you with the exact error.

from brakeman.

Okay, when you get a chance please run Brakeman with the -d flag and open a new issue, please. Thanks!

from brakeman.

I tried it again and for some reason, its working with 1.8.1 now. Don't know why. I reverted to 1.7.1 before and recently just changed the version in my Gemfile to 1.8.1 and did a "bundle update brakeman" and afterward it started working. Maybe another gem that was updated in my previous attempt was braking it.

from brakeman.

I fixed it in 1.8.1 ;)

from brakeman.