Merge pull request #1047 from presidentbeef/handle_yaml_failures

Catch YAML parsing errors
presidentbeef · May 15, 2017 · 7478021 · 7478021
2 parents 28d45a6 + 93964f8
commit 7478021
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/lib/brakeman/checks/check_session_settings.rb b/lib/brakeman/checks/check_session_settings.rb
@@ -115,7 +115,13 @@ def check_secrets_yaml
       yaml = @app_tree.read secrets_file
       require 'date' # https://github.com/dtao/safe_yaml/issues/80
       require 'safe_yaml/load'
-      secrets = SafeYAML.load yaml
+      begin
+        secrets = SafeYAML.load yaml
+      rescue Psych::SyntaxError, RuntimeError => e
+        Brakeman.notify "[Notice] #{self.class}: Unable to parse `#{secrets_file}`"
+        Brakeman.debug "Failed to parse #{secrets_file}: #{e.inspect}"
+        return
+      end
 
       if secrets["production"] and secret = secrets["production"]["secret_key_base"]
         unless secret.include? "<%="

diff --git a/test/apps/rails5/config/secrets.yml b/test/apps/rails5/config/secrets.yml
@@ -20,3 +20,7 @@ test:
 # instead read values from the environment.
 production:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+
+<% if Rails.root.join('config/ansible/secrets.yml').exist? %>
+<%= Rails.root.join('config/ansible/secrets.yml').read %>
+<% end %>