Last active
May 14, 2021 01:13
-
-
Save rebelweb/19b3cb705a8058128579 to your computer and use it in GitHub Desktop.
Brakeman/RSpec Inegration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ENV["RAILS_ENV"] ||= 'test' | |
require 'spec_helper' | |
require File.expand_path("../../config/environment", __FILE__) | |
require 'rspec/rails' | |
require 'brakeman' | |
ActiveRecord::Migration.maintain_test_schema! | |
RSpec.configure do |config| | |
config.use_transactional_fixtures = true | |
config.infer_spec_type_from_file_location! | |
#Use this for a Rails Application | |
config.after(:suite) {Brakeman.run app_path: "#{Rails.root}", output_files: ['brakeman.html']} | |
#Use this for a Rails Engine | |
config.after(:suite) {Brakeman.run app_path: "#{MyEngine::Engine.root}", output_files: ['brakeman.html']} | |
end |
If you want to discarded ignored critical warnings, line about the count the serious
warnings should be something like:
serious =res.filtered_warnings.count { |w| w.confidence==0 }
@heliocola I haven't done any serious Ruby on Rails development in a couple of years. So this is pretty stale on my end. Thanks for adding info for others who see this thread.
From what I can see that is still one way to do this, so THANK YOU!
There is also a way to run this via CircleCI command bundle exec brakeman
.
IMHO: this absolutely aged very, very well!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Found more examples online - here's how we connected the Brakeman result to rspec result:
#Use this for a Rails Application
config.after(:suite) do
example_group = RSpec.describe('Brakeman Issues')
example = example_group.example('must have 0 Critical Security Issues') do
res=Brakeman.run app_path: "#{Rails.root}", output_files: ['brakeman.html']
serious=res.warnings.count { |w| w.confidence==0 }
puts "\n\nBrakeman Result:\n Critical Security Issues = #{serious}"
expect(serious).to eq 0
end
example_group.run
passed = example.execution_result.status == :passed
RSpec.configuration.reporter.example_failed example unless passed
end