From 0adf5d52909b4f6bf620cd1d2344317347d10acc Mon Sep 17 00:00:00 2001
From: Matheus Alcantara <matheus.alcantara@zup.com.br>
Date: Wed, 15 Dec 2021 16:19:20 -0300
Subject: [PATCH] brakeman:fix - search for Gemfile's before start analysis

If there was no `Gemfile` file in the current directory, Brakeman would
generate an error stating that the project to be analyzed was not a Ruby
on Rails project.

This commit fix this issue by looking for a directory path that contains
a `Gemfile` filename and them using this path as a work dir to execute
Brakeman.

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
---
 .../formatters/ruby/brakeman/formatter.go     |  7 +++-
 internal/utils/file/file.go                   | 32 ++++++++++++++-----
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/internal/services/formatters/ruby/brakeman/formatter.go b/internal/services/formatters/ruby/brakeman/formatter.go
index 260aeefc9..03e2d1593 100644
--- a/internal/services/formatters/ruby/brakeman/formatter.go
+++ b/internal/services/formatters/ruby/brakeman/formatter.go
@@ -29,6 +29,7 @@ import (
 	"github.com/ZupIT/horusec/internal/enums/images"
 	"github.com/ZupIT/horusec/internal/helpers/messages"
 	"github.com/ZupIT/horusec/internal/services/formatters"
+	fileutils "github.com/ZupIT/horusec/internal/utils/file"
 	vulnhash "github.com/ZupIT/horusec/internal/utils/vuln_hash"
 )
 
@@ -118,7 +119,11 @@ func (f *Formatter) newVulnerability(output *warning, projectSubPath string) *vu
 
 func (f *Formatter) getDockerConfig(projectSubPath string) *docker.AnalysisData {
 	analysisData := &docker.AnalysisData{
-		CMD:      f.AddWorkDirInCmd(CMD, projectSubPath, tools.Brakeman),
+		CMD: f.AddWorkDirInCmd(
+			CMD,
+			fileutils.GetSubPathByFilename(f.GetConfigProjectPath(), projectSubPath, "Gemfile"),
+			tools.Brakeman,
+		),
 		Language: languages.Ruby,
 	}
 
diff --git a/internal/utils/file/file.go b/internal/utils/file/file.go
index 33fb13f42..df7c87bee 100644
--- a/internal/utils/file/file.go
+++ b/internal/utils/file/file.go
@@ -63,10 +63,20 @@ func GetPathFromFilename(filename, basePath string) string {
 	return filePath
 }
 
-func isSameExtensions(filename, path string) bool {
-	filenameExt := filepath.Ext(filename)
-	basePathExt := filepath.Ext(path)
-	return filenameExt == basePathExt
+// GetSubPathByFilename works like GetSubPathByExtension but for filenames.
+//
+// The value returned will be the first path that contains a file with a given
+// filename, otherwise will return an empty string.
+func GetSubPathByFilename(projectPath, subPath, filename string) string {
+	pathToWalk := joinProjectPathWithSubPath(projectPath, subPath)
+	logger.LogDebugWithLevel(fmt.Sprintf("Seaching for files with %s name on %s", filename, pathToWalk))
+
+	if path := GetPathFromFilename(filename, pathToWalk); path != "" {
+		logger.LogDebugWithLevel(fmt.Sprintf("Found file %s on %s", filename, path))
+		return filepath.Dir(path)
+	}
+
+	return ""
 }
 
 // ReplacePathSeparator replace slashes from path to OS specific.
@@ -115,10 +125,6 @@ func GetSubPathByExtension(projectPath, subPath, ext string) (extensionPath stri
 	return ""
 }
 
-func buildPattern(ext string) string {
-	return "*" + ext
-}
-
 // relativeDirIfPathMatch return relative directory of path based on projectPath
 // if path extension match ext.
 func relativeDirIfPathMatch(projectPath, path, ext string) string {
@@ -316,3 +322,13 @@ func CreateAndWriteFile(input, filename string) error {
 	_, err = file.WriteString(input)
 	return err
 }
+
+func isSameExtensions(filename, path string) bool {
+	filenameExt := filepath.Ext(filename)
+	basePathExt := filepath.Ext(path)
+	return filenameExt == basePathExt
+}
+
+func buildPattern(ext string) string {
+	return "*" + ext
+}