Comments (15)
Hmm seems to be trying to format code on a warning with no code associated with it. I'll look into it.
from brakeman.
Hi Phil, can you try this with the latest (1.5.1) just to make sure it has not already been fixed? Thanks!
from brakeman.
Justin,
I did have an older version running, tried it with 1.5.1, same errors:
Processing configuration...
Processing gems...
Processing initializers...
Processing libs...
Processing routes...
Processing templates...
Processing data flow in templates...
Processing models...
Processing controllers...
Processing data flow in controllers...
85/123 controllers processed
Indexing call sites... ed
Running checks in parallel...
- CheckBasicAuth
- CheckCrossSiteScripting
- CheckDefaultRoutes
- CheckEscapeFunction
- CheckEvaluation
- CheckExecute
- CheckFileAccess
- CheckFilterSkipping
- CheckForgerySetting
- CheckLinkTo
- CheckLinkToHref
- CheckMailTo
- CheckMassAssignment
- CheckModelAttributes
- CheckNestedAttributes
- CheckQuoteTableName
- CheckRedirect
- CheckRender
- CheckResponseSplitting
- CheckSafeBufferManipulation
- CheckSelectVulnerability
- CheckSendFile
- CheckSessionSettings
- CheckSkipBeforeFilter
- CheckSQL
- CheckStripTags
- CheckTranslateBug
- CheckValidationRegex
- CheckWithoutProtection
Checks finished, collecting results...
Generating report...
/opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:in
format_code': private method
gsub' called for nil:NilClass (NoMethodError)
from
/opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in
format_message' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:in
to_row'
from
/opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in
generate_warnings' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in
each'
from
/opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in
generate_warnings' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:in
to_s'
from
/opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in
send' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in
scan'
from
/opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in
run' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 from /opt/ruby-enterprise-1.8.7-2012.02/bin/brakeman:19:in
load'
from /opt/ruby-enterprise-1.8.7-2012.02/bin/brakeman:19
[jenkins@01-2e2itao workspace]$
Phil
from brakeman.
I cannot reproduce on my OSX box. Current running box is CentOS 5.6. If I specify checks, it seems to error when I have the "MassAssignment" check enabled. If I disable that one check, it works fine.
from brakeman.
Have done a bit more debugging. It seems that it has something to do with the Git clone of the repo. When I add the repo by hand to a separate directory and run brakeman, it works with no problems. If I run it on the clone done by Jenkins, it fails. Any thoughts?
Running checks in parallel...
- CheckMassAssignment
Finding possible mass assignment calls on 113 models
Processing possible mass assignment calls
Checks finished, collecting results...
Generating report...
{:backtrace=>["could not parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/daemon/ec2_daemon.rb. There is probably a typo in the file. Test it with 'ruby_parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/daemon/ec2_daemon.rb'"], :error=>" parse error on value "true", 76"}
{:backtrace=>["could not parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/scripts/db_consistency_cron.rb. There is probably a typo in the file. Test it with 'ruby_parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/scripts/db_consistency_cron.rb'"], :error=>" parse error on value "false", 149"}
{:backtrace=>["could not parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/app/views/accounts/new.rhtml"], :error=>" parse error on value ";" (tSEMI)"}
While formatting s(s(:lit, :ip_address_lockout_count), nil): undefined method first' for nil:NilClass /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:453:in
process_hash'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in send' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in
process'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:261:in error_handler' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:208:in
process'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in in_context' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:180:in
process'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:20:in process' /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:211:in
process_call'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in in_context' /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:208:in
process_call'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:52:in process_call' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in
send'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:261:in
error_handler'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:208:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in
in_context'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:180:in process' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:20:in
process'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:13:in format' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:in
format_code'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in format_message' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:in
to_row'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in
each'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:in
to_s'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in send' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in
scan'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in run' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 /usr/bin/brakeman:19:in
load'
/usr/bin/brakeman:19
While formatting s(): undefined method empty?' for nil:NilClass /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:213:in
process_call'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in in_context' /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:208:in
process_call'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:52:in process_call' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in
send'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:261:in
error_handler'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:208:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in
in_context'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:180:in process' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:20:in
process'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:13:in format' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:in
format_code'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in format_message' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:in
to_row'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in
each'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:in
to_s'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in send' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in
scan'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in run' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 /usr/bin/brakeman:19:in
load'
/usr/bin/brakeman:19
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:in format_code': private method
gsub' called for nil:NilClass (NoMethodError)
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in format_message' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:in
to_row'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in generate_warnings' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in
each'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in generate_warnings' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:in
to_s'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in send' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in
scan'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in run' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 from /usr/bin/brakeman:19:in
load'
from /usr/bin/brakeman:19
from brakeman.
Different Ruby versions, maybe?
from brakeman.
Justin,
Nope, same exact Ruby, Rails, brakeman, ...
Just different BaseOS, and the fact that Jenkins is doing the "git clone"
instead of me doing it by hand.
Phil
On Mon, Mar 12, 2012 at 9:04 PM, Justin <
[email protected]
wrote:
Different Ruby versions, maybe?
Reply to this email directly or view it on GitHub:
#53 (comment)
Director of Security and Compliance
RightScale Inc - http://www.rightscale.com
805-243-0942
Skype: phil.cox.rs
Twitter: @sec_prof
from brakeman.
Any idea what the code that involves :ip_address_lockout_count
looks like? It seems like there is some kind of issue with how it is being handled.
Sorry, these kinds of problems can be a pain to track down. I'm really not sure why different copies of the code are behaving differently, though.
from brakeman.
Seems to be working now. Not sure what the deal was.
from brakeman.
Had the same problem and had to revert from 1.8.0 to 1.7.1 for it to work.
from brakeman.
@dfuentes77 can you clarify which problem you had? Can you paste the error/stack trace? Thanks!
from brakeman.
it was pretty much the same as the very first stack trace. I'd have to update my Gemfile again and duplicate it and I'm running tests against my app using 1.7.1 right now. I'd have to get back to you with the exact error.
from brakeman.
Okay, when you get a chance please run Brakeman with the -d
flag and open a new issue, please. Thanks!
from brakeman.
I tried it again and for some reason, its working with 1.8.1 now. Don't know why. I reverted to 1.7.1 before and recently just changed the version in my Gemfile to 1.8.1 and did a "bundle update brakeman" and afterward it started working. Maybe another gem that was updated in my previous attempt was braking it.
from brakeman.
I fixed it in 1.8.1 ;)
from brakeman.
Related Issues (20)
- Possibility to ignore/skip directories/paths HOT 4
- UnsafeReflection requires array to be defined with values strictly in the context of the execution HOT 4
- Brakeman does not follow directory symlinks HOT 7
- Brakeman hangs on some platforms HOT 5
- Brakeman unable to detect Renderables in a Gem? HOT 2
- Command Injection doesn't detect shellescape unless the code is in the same function HOT 2
- Undeliverable address [email protected] in LICENSE.md HOT 2
- Controller with "log" in pathname excluded from scan HOT 1
- Check Graphql end-point for vulnerabilities HOT 1
- with_content for ViewComponent flagged as dynamic render path HOT 4
- Parsing Error on splat operator
- Issue with adding autoload_paths for views dir HOT 1
- False negatives due to --skip-libs ignoring app/ files. HOT 2
- Support non-standard gemfile naming for dual booting Rails apps HOT 1
- brakeman still references haml 4 - which is a bit long in the tooth (Haml::Filter::Coffee class vs. module)
- Incorrect identification of User input; Unable to dynamically render fully qualified path HOT 1
- Command injection false positive HOT 2
- Does not identify Rails 8 applications
- `eval` call not being detected HOT 2
- Unvalidated `redirect_back` false negatives HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brakeman.