Add pre-push hook for brakeman #413

Closed
wants to merge 2 commits into
from

Conversation

Projects
None yet
3 participants
@morizyun
Contributor

morizyun commented Aug 13, 2016

This hook is to run brakeman to check static analysis security vulnerability.
As @ZeroS said in #406, I would like to run the hook to scan all project before git-push.

I am not good at English, but I will always do my best.
If you have any question or advice, please don't hesitate to tell me. 馃嵒

README.md
@@ -533,6 +533,7 @@ aborted.
* [ProtectedBranches](lib/overcommit/hook/pre_push/protected_branches.rb)
* [RSpec](lib/overcommit/hook/pre_push/r_spec.rb)
* [TestUnit](lib/overcommit/hook/pre_push/test_unit.rb)
+* [Brakeman](lib/overcommit/hook/pre_commit/brakeman.rb)

This comment has been minimized.

@sds

sds Aug 18, 2016

Collaborator

This should be lib/overcommit/hook/pre_push/brakeman.rb as it is a pre-push hook.

@sds

sds Aug 18, 2016

Collaborator

This should be lib/overcommit/hook/pre_push/brakeman.rb as it is a pre-push hook.

This comment has been minimized.

@morizyun

morizyun Aug 18, 2016

Contributor

Thanks!!

@morizyun

morizyun Aug 18, 2016

Contributor

Thanks!!

config/default.yml
+ flags: ['--exit-on-warn', '--quiet', '--summary']
+ install_command: 'gem install brakeman'
+ include:
+ - '**/*.rb'

This comment has been minimized.

@sds

sds Aug 18, 2016

Collaborator

Brakeman operates on more than just Ruby files. It also cares about ERB templates and other code.

It might be worth auditing their codebase to find all the file types and include an exhaustive list here, or we can omit the include option entirely and always run Brakeman on every push.

@sds

sds Aug 18, 2016

Collaborator

Brakeman operates on more than just Ruby files. It also cares about ERB templates and other code.

It might be worth auditing their codebase to find all the file types and include an exhaustive list here, or we can omit the include option entirely and always run Brakeman on every push.

This comment has been minimized.

@morizyun

morizyun Aug 18, 2016

Contributor

That's right. I will omit include option.

@morizyun

morizyun Aug 18, 2016

Contributor

That's right. I will omit include option.

@sds sds added the enhancement label Aug 18, 2016

@sds

This comment has been minimized.

Show comment
Hide comment
@sds

sds Aug 18, 2016

Collaborator

Thanks for the pull request, @morizyun!

Too small comments which need addressing and this is good to go!

Collaborator

sds commented Aug 18, 2016

Thanks for the pull request, @morizyun!

Too small comments which need addressing and this is good to go!

@sds sds closed this Aug 18, 2016

@sds sds reopened this Aug 18, 2016

@morizyun

This comment has been minimized.

Show comment
Hide comment
@morizyun

morizyun Aug 18, 2016

Contributor

@sds Thank you very much for your kind comments. I am going to fix them.

Contributor

morizyun commented Aug 18, 2016

@sds Thank you very much for your kind comments. I am going to fix them.

@sds

This comment has been minimized.

Show comment
Hide comment
@sds

sds Aug 18, 2016

Collaborator

Merged in b504142. Thanks!

Collaborator

sds commented Aug 18, 2016

Merged in b504142. Thanks!

@sds sds closed this Aug 18, 2016

@morizyun morizyun changed the title from Add pre-commit hook for brakeman to Add pre-push hook for brakeman Aug 20, 2016

@lfv89

This comment has been minimized.

Show comment
Hide comment
@lfv89

lfv89 Aug 31, 2016

Hey @sds!

I'm really looking forward to use this, but I don't want to point the gem directly to github. When will this be released to rubygems? Thank you.

lfv89 commented Aug 31, 2016

Hey @sds!

I'm really looking forward to use this, but I don't want to point the gem directly to github. When will this be released to rubygems? Thank you.

@sds

This comment has been minimized.

Show comment
Hide comment
@sds

sds Aug 31, 2016

Collaborator

0.36.0 has been released.

Collaborator

sds commented Aug 31, 2016

0.36.0 has been released.

@lfv89

This comment has been minimized.

Show comment
Hide comment
@lfv89

lfv89 Sep 1, 2016

I'm not able to make it work :-(

I updated overcommit to 0.36.0, added the brakeman gem, configured the .overcommit.yml file, run overcommit --install again but brakeman doesn't run before a git push. Any ideas? Thanks.

lfv89 commented Sep 1, 2016

I'm not able to make it work :-(

I updated overcommit to 0.36.0, added the brakeman gem, configured the .overcommit.yml file, run overcommit --install again but brakeman doesn't run before a git push. Any ideas? Thanks.

@sds

This comment has been minimized.

Show comment
Hide comment
@sds

sds Sep 1, 2016

Collaborator

Hey @lfv89,

Perhaps @morizyun can share his configuration with you to help out. Make sure your configuration is under the PrePush section, and not the PreCommit (which was where Brakeman used to be located).

Otherwise you'll need to include your .overcommit.yml in order for anyone to help.

Collaborator

sds commented Sep 1, 2016

Hey @lfv89,

Perhaps @morizyun can share his configuration with you to help out. Make sure your configuration is under the PrePush section, and not the PreCommit (which was where Brakeman used to be located).

Otherwise you'll need to include your .overcommit.yml in order for anyone to help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment