Merge pull request #23191 from Fryguy/fix_brakeman_fingerprint_patch_…

…on_clones Fix brakeman fingerprint patch on clones
ManageIQ · Sep 18, 2024 · 07182cf · 07182cf
2 parents 92e8d0c + 00b8966
commit 07182cf
Show file tree

Hide file tree

Showing 2 changed files with 173 additions and 3 deletions.
diff --git a/lib/extensions/brakeman_fingerprint_patch.rb b/lib/extensions/brakeman_fingerprint_patch.rb
@@ -40,12 +40,12 @@ def self.rails_engine_paths
  # are standalone objects.
  def file_string
  engine_path = BrakemanFingerprintPatch.rails_engine_paths.detect { |p| self.file.absolute.start_with?(p) }
- if engine_path
+ if engine_path.nil? || (Rails.root.to_s.start_with?(engine_path) && self.file.absolute.start_with?(Rails.root.to_s))
+ self.file.relative
+ else
  engine_name = File.basename(engine_path).sub(/-\h+$/, "").sub(/-(?:\d+\.)+\d+$/, "")
  engine_relative = self.file.absolute.sub(engine_path, "")
  "(engine:#{engine_name}) #{engine_relative}"
- else
- self.file.relative
  end
  end
 
@@ -65,6 +65,8 @@ def fingerprint
  def to_hash(absolute_paths: true)
  super.tap do |h|
  h[:file] = (absolute_paths ? self.file.absolute : file_string)
+ h[:file_rel] = self.file.relative
+ h[:file_abs] = self.file.absolute
  end
  end
 end
diff --git a/spec/lib/extensions/brakeman_fingerprint_patch_spec.rb b/spec/lib/extensions/brakeman_fingerprint_patch_spec.rb
@@ -0,0 +1,168 @@
+RSpec.describe BrakemanFingerprintPatch do
+ subject do
+ Class.new do
+ include BrakemanFingerprintPatch
+ attr_accessor :file
+ def initialize = @warning_code = 0
+ def confidence = "High"
+ def location = {}
+ end.new
+ end
+
+ shared_examples_for "handles brakeman pathing" do
+ before do
+ allow(Rails).to receive(:root).and_return(Pathname.new(core_path))
+ allow(described_class).to receive(:rails_engine_paths).and_return([engine_path])
+ end
+
+ it "with an issue in the engine" do
+ subject.file = engine_issue
+
+ expect(subject.file_string).to eq("(engine:manageiq-ui-classic) app/controllers/application_controller.rb")
+ expect(subject.fingerprint).to eq("1ea1c06c8976493622ad8c668f56df3a44aac997fabd57ab58fcf59a37712e56")
+ end
+
+ it "with an issue in core" do
+ subject.file = core_issue
+
+ expect(subject.file_string).to eq("lib/ansible/runner.rb")
+ expect(subject.fingerprint).to eq("f06e25d3b6fa417a80313b2ebd451fbbeac3670f03897e26e86983a5c29635c1")
+ end
+ end
+
+ let(:core_path) { "/Users/user/dev/manageiq/" }
+ let(:core_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "lib/ansible/runner.rb",
+ :absolute => "/Users/user/dev/manageiq/lib/ansible/runner.rb"
+ )
+ end
+
+ context "running from the core repo" do
+ context "with a git-based engine" do
+ context "in the system gem location" do
+ let(:engine_path) { "/Users/user/.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/" }
+ let(:engine_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "../../.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/app/controllers/application_controller.rb",
+ :absolute => "/Users/user/.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/app/controllers/application_controller.rb"
+ )
+ end
+
+ include_examples "handles brakeman pathing"
+ end
+
+ context "in a vendored gem location inside of the core repo" do # This is the core CI case
+ let(:engine_path) { "/Users/user/dev/manageiq/vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/" }
+ let(:engine_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/app/controllers/application_controller.rb",
+ :absolute => "/Users/user/dev/manageiq/vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/app/controllers/application_controller.rb"
+ )
+ end
+
+ include_examples "handles brakeman pathing"
+ end
+ end
+
+ context "with a gem-based engine" do
+ context "in the system gem location" do
+ let(:engine_path) { "/Users/user/.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/" }
+ let(:engine_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "../../.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/app/controllers/application_controller.rb",
+ :absolute => "/Users/user/.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/app/controllers/application_controller.rb"
+ )
+ end
+
+ include_examples "handles brakeman pathing"
+ end
+
+ context "in a vendored gem location inside of the core repo" do # This is a core CI case in a future where we might use a versioned gem
+ let(:engine_path) { "/Users/user/dev/manageiq/vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/" }
+ let(:engine_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/app/controllers/application_controller.rb",
+ :absolute => "/Users/user/dev/manageiq/vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/app/controllers/application_controller.rb"
+ )
+ end
+
+ include_examples "handles brakeman pathing"
+ end
+ end
+
+ context "with a path-based engine" do
+ context "which is a sibling of the core repo" do
+ let(:engine_path) { "/Users/user/dev/manageiq-ui-classic/" }
+ let(:engine_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "../manageiq-ui-classic/app/controllers/application_controller.rb",
+ :absolute => "/Users/user/dev/manageiq-ui-classic/app/controllers/application_controller.rb"
+ )
+ end
+
+ include_examples "handles brakeman pathing"
+ end
+
+ context "which is inside of the core repo" do
+ let(:engine_path) { "/Users/user/dev/manageiq/plugins/manageiq-ui-classic/" }
+ let(:engine_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "plugins/manageiq-ui-classic/app/controllers/application_controller.rb",
+ :absolute => "/Users/user/dev/manageiq/plugins/manageiq-ui-classic/app/controllers/application_controller.rb"
+ )
+ end
+
+ include_examples "handles brakeman pathing"
+ end
+ end
+ end
+
+ context "running from an engine repo" do
+ context "with a symlinked spec/manageiq dir" do # When symlinked, the paths appear the same as a path-based gem, so these are copies of the path-based tests above
+ context "which is a sibling of the core repo" do
+ let(:engine_path) { "/Users/user/dev/manageiq-ui-classic/" }
+ let(:engine_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "../manageiq-ui-classic/app/controllers/application_controller.rb",
+ :absolute => "/Users/user/dev/manageiq-ui-classic/app/controllers/application_controller.rb"
+ )
+ end
+
+ include_examples "handles brakeman pathing"
+ end
+
+ context "which is inside of the core repo" do
+ let(:engine_path) { "/Users/user/dev/manageiq/plugins/manageiq-ui-classic/" }
+ let(:engine_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "plugins/manageiq-ui-classic/app/controllers/application_controller.rb",
+ :absolute => "/Users/user/dev/manageiq/plugins/manageiq-ui-classic/app/controllers/application_controller.rb"
+ )
+ end
+
+ include_examples "handles brakeman pathing"
+ end
+ end
+
+ context "with a cloned spec/manageiq dir" do # This is also the CI case for a plugin
+ let(:core_path) { "/Users/user/dev/manageiq-ui-classic/spec/manageiq/" }
+ let(:core_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "lib/ansible/runner.rb",
+ :absolute => "/Users/user/dev/manageiq-ui-classic/spec/manageiq/lib/ansible/runner.rb"
+ )
+ end
+
+ let(:engine_path) { "/Users/user/dev/manageiq-ui-classic/" }
+ let(:engine_issue) do
+ instance_double("Brakeman::FilePath",
+ :relative => "../../app/controllers/application_controller.rb",
+ :absolute => "/Users/user/dev/manageiq-ui-classic/app/controllers/application_controller.rb"
+ )
+ end
+
+ include_examples "handles brakeman pathing"
+ end
+ end
+end