VEN-99 Run brakeman #11537
VEN-99 Run brakeman #11537
Conversation
|
Changes preview: Legend: |
|
@damianlegawiec You can not pass in an array of applications for brakeman to check (no implicit conversion of Array into String (TypeError)), you must specify one path. There is a --force-scan option to check all files and it disregards any other options, but it works only locally and not with codeclimate. |
locally doesn't work for us if we cannot use code climate, please add brakeman as an additional step for circle ci |
.circleci/config.yml
Outdated
| - run: | ||
| name: Ensure Brakeman Installed | ||
| command: | | ||
| gem install brakeman -v 4.3.1 && bundle install |
There was a problem hiding this comment.
@aleksandarpetrushev please add this gem to common_spree_dependencies
There was a problem hiding this comment.
@damianlegawiec it is added, but when I try to execute with bundle, I get an error (https://app.circleci.com/pipelines/github/spree/spree/5491/workflows/3f2a5355-920e-4742-800a-97cffe8a22a6/jobs/48149). Same happens locally when I execute from repository root (with bundler). But when I just run brakeman --options (no bundle exec) it runs. Not sure how to go about this
There was a problem hiding this comment.
and same error without bundler on CircleCI
There was a problem hiding this comment.
@damianlegawiec it is definitely an incompatibility with brakeman versions and Rails/Ruby or other gems versions. It works with brakeman latest version.
|
@damianlegawiec Now basically the brakeman check will always pass, and output the results in an artifact. There are no serious issues. Just ones where example we interpolate a quoted table name in a scope (we are not interpolating params or something like that). |
We don't want it to always pass, we definitely want it to fail on serious issues, will it? |
|
@damianlegawiec Now it is set up to fail on warnings. I have tested it. When we have a warning, it will be red |
No description provided.