-
-
Save oamike/78724239f8c1824b1f6c to your computer and use it in GitHub Desktop.
Brakeman/RSpec Inegration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ENV["RAILS_ENV"] ||= 'test' | |
| require 'spec_helper' | |
| require File.expand_path("../../config/environment", __FILE__) | |
| require 'rspec/rails' | |
| require 'brakeman' | |
| ActiveRecord::Migration.maintain_test_schema! | |
| RSpec.configure do |config| | |
| config.use_transactional_fixtures = true | |
| config.infer_spec_type_from_file_location! | |
| #Use this for a Rails Application | |
| config.after(:suite) do | |
| example_group = RSpec.describe('Brakeman Issues') | |
| example = example_group.example('must have 0 Critical Security Issues') do | |
| res=Brakeman.run app_path: "#{Rails.root}", output_files: ['brakeman.html'] | |
| serious=res.warnings.count { |w| w.confidence==0 } | |
| puts "\n\nBrakeman Result:\n Critical Security Issues = #{serious}" | |
| expect(serious).to eq 0 | |
| end | |
| puts "\nBrakeman Report available here: ./brakeman.html" | |
| example_group.run | |
| passed = example.execution_result.status == :passed | |
| RSpec.configuration.reporter.example_failed example unless passed | |
| end | |
| end |
If you want to discarded ignored critical warnings, line #17 above should be something like:
serious=res.filtered_warnings.count { |w| w.confidence==0 }
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This example both runs Brakeman after all specs AND fails rspec if ANY critical (High Confidence) issues exist.