Skip to content

Commit

Permalink
Add brakeman to new Rails applications
Browse files Browse the repository at this point in the history
It can be skipped with the `--skip-brakeman` flag.

Closes rails#50501
  • Loading branch information
vipulnsward committed Dec 31, 2023
1 parent 179b979 commit 8a0c986
Show file tree
Hide file tree
Showing 6 changed files with 47 additions and 3 deletions.
6 changes: 5 additions & 1 deletion railties/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
* Add RuboCop with rules from rubocop-rails-omakase by default. Skip with --skip-rubocop.
* Add brakeman gem by default for static analysis of security vulnerabilities. Allow skipping with --skip-brakeman option.

*vipulnsward*

* Add RuboCop with rules from rubocop-rails-omakase by default. Skip with --skip-rubocop.

*DHH* and *zzak*

Expand Down
6 changes: 6 additions & 0 deletions railties/lib/rails/generators/app_base.rb
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,9 @@ def self.add_shared_options_for(name)
class_option :skip_rubocop, type: :boolean, default: nil,
desc: "Skip RuboCop setup"

class_option :skip_brakeman, type: :boolean, default: nil,
desc: "Skip brakeman setup"

class_option :dev, type: :boolean, default: nil,
desc: "Set up the #{name} with Gemfile pointing to your Rails checkout"

Expand Down Expand Up @@ -386,6 +389,9 @@ def skip_rubocop?
options[:skip_rubocop]
end

def skip_brakeman?
options[:skip_brakeman]
end

class GemfileEntry < Struct.new(:name, :version, :comment, :options, :commented_out)
def initialize(name, version, comment, options = {}, commented_out = false)
Expand Down
7 changes: 5 additions & 2 deletions railties/lib/rails/generators/rails/app/app_generator.rb
Original file line number Diff line number Diff line change
Expand Up @@ -102,8 +102,11 @@ def app
end

def bin
options = skip_rubocop? ? { exclude_pattern: /rubocop/ } : {}
directory "bin", **options do |content|
patterns = []
patterns << /rubocop/ if skip_rubocop?
patterns << /brakeman/ if skip_brakeman?
exclude_pattern = Regexp.union(patterns)
directory "bin", { exclude_pattern: } do |content|
"#{shebang}\n" + content
end
chmod "bin", 0755 & ~File.umask, verbose: false
Expand Down
5 changes: 5 additions & 0 deletions railties/lib/rails/generators/rails/app/templates/Gemfile.tt
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ end
<% end -%>

group :development do
<%- unless options.skip_brakeman? -%>
# Static analysis for security vulnerabilities [https://brakemanscanner.org/]
gem "brakeman", require: false

<%- end -%>
<%- unless options.skip_rubocop? -%>
# Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/]
gem "rubocop-rails-omakase", require: false
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
require "rubygems"
require "bundler/setup"

load Gem.bin_path("brakeman", "brakeman")
22 changes: 22 additions & 0 deletions railties/test/generators/app_generator_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
app/views/layouts/mailer.html.erb
app/views/layouts/mailer.text.erb
bin/docker-entrypoint
bin/brakeman
bin/rails
bin/rake
bin/rubocop
Expand Down Expand Up @@ -638,6 +639,27 @@ def test_rubocop_is_skipped_if_required
assert_no_file ".rubocop.yml"
end

def test_inclusion_of_brakeman
run_generator
assert_gem "brakeman"
end

def test_brakeman_is_skipped_if_required
puts destination_root
run_generator [destination_root, "--skip-brakeman"]

assert_no_gem "brakeman"
assert_no_file "bin/brakeman"
end

def test_both_brakeman_and_rubocop_binstubs_are_skipped_if_required
puts destination_root
run_generator [destination_root, "--skip-brakeman", "--skip-rubocop"]

assert_no_file "bin/rubocop"
assert_no_file "bin/brakeman"
end

def test_usage_read_from_file
assert_called(File, :read, returns: "USAGE FROM FILE") do
assert_equal "USAGE FROM FILE", Rails::Generators::AppGenerator.desc
Expand Down

0 comments on commit 8a0c986

Please sign in to comment.