From c7584ea3b6b0ad9e4cd8cb886b7a6052afae60f1 Mon Sep 17 00:00:00 2001
From: Hayden Rouille <hayden@rouille.net>
Date: Sun, 17 Mar 2024 03:48:51 -0700
Subject: [PATCH] Add Brakeman (#731)

* Amend README to display correct Ruby version

* Add brakeman gem

* Add a workflow for brakeman

* Revert "Add brakeman gem"

This reverts commit bdaa4e92940614f59e9f0bd6628a820d52d39fcc.

* Add brakeman without rubocop fixes :-)

* Move brakeman to only be in the development gem group
---
 .github/workflows/backend.yml | 17 +++++++++++++++++
 README.md                     |  2 +-
 backend/Gemfile               |  1 +
 backend/Gemfile.lock          |  3 +++
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml
index 5cec3150..305e4bf2 100644
--- a/.github/workflows/backend.yml
+++ b/.github/workflows/backend.yml
@@ -135,3 +135,20 @@ jobs:
       - name: Run rspec
         run: |
           bundle exec rspec
+
+  brakeman:
+    name: Security Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          working-directory: backend
+          bundler-cache: true
+      - name: Brakeman
+        uses: reviewdog/action-brakeman@v2
+        with:
+          brakeman_version: gemfile
+          reporter: github-pr-review
diff --git a/README.md b/README.md
index e397d4b9..6157c733 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Help would be appreciated! Please join us in [slack #flaredown](https://rubyforg
 * PostgreSQL 12.8
 * MongoDB 4.4.9
 * Redis 6.2.3
-* Ruby 3.0.6
+* Ruby 3.1.3
 * Node 12.22.6
 
 ## Installation
diff --git a/backend/Gemfile b/backend/Gemfile
index bbcd16dc..3670eb02 100644
--- a/backend/Gemfile
+++ b/backend/Gemfile
@@ -84,6 +84,7 @@ group :development do
   gem "annotate"
   gem "awesome_print", "~>1.6"
   gem "better_errors", "~>2.1"
+  gem "brakeman", "6.1.2"
   gem "foreman", require: false
   gem "letter_opener"
 end
diff --git a/backend/Gemfile.lock b/backend/Gemfile.lock
index 16aa7427..1077d396 100644
--- a/backend/Gemfile.lock
+++ b/backend/Gemfile.lock
@@ -84,6 +84,8 @@ GEM
       erubi (~> 1.4)
       parser (>= 2.4)
       smart_properties
+    brakeman (6.1.2)
+      racc
     bson (4.12.1)
     bson (4.12.1-java)
     bugsnag (6.26.0)
@@ -491,6 +493,7 @@ DEPENDENCIES
   annotate
   awesome_print (~> 1.6)
   better_errors (~> 2.1)
+  brakeman (= 6.1.2)
   bugsnag (~> 6.22)
   bullet
   byebug