From 9ee79d6fa0caefbf59a46e9285286072f0fe1a67 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Sun, 14 May 2017 17:18:26 -0700
Subject: [PATCH 1/2] Catch YAML parsing errors

fixes #1046
---
 lib/brakeman/checks/check_session_settings.rb | 8 +++++++-
 test/apps/rails5/config/secrets.yml           | 4 ++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/brakeman/checks/check_session_settings.rb b/lib/brakeman/checks/check_session_settings.rb
index ae55b3f3ac..30979096f8 100644
--- a/lib/brakeman/checks/check_session_settings.rb
+++ b/lib/brakeman/checks/check_session_settings.rb
@@ -115,7 +115,13 @@ def check_secrets_yaml
       yaml = @app_tree.read secrets_file
       require 'date' # https://github.com/dtao/safe_yaml/issues/80
       require 'safe_yaml/load'
-      secrets = SafeYAML.load yaml
+      begin
+        secrets = SafeYAML.load yaml
+      rescue => e
+        Brakeman.notify "[Notice] #{self.class}: Unable to parse `#{secrets_file}`"
+        Brakeman.debug "Failed to parse #{secrets_file}: #{e.inspect}"
+        return
+      end
 
       if secrets["production"] and secret = secrets["production"]["secret_key_base"]
         unless secret.include? "<%="
diff --git a/test/apps/rails5/config/secrets.yml b/test/apps/rails5/config/secrets.yml
index c13cebbfe5..3548d345fc 100644
--- a/test/apps/rails5/config/secrets.yml
+++ b/test/apps/rails5/config/secrets.yml
@@ -20,3 +20,7 @@ test:
 # instead read values from the environment.
 production:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+
+<% if Rails.root.join('config/ansible/secrets.yml').exist? %>
+<%= Rails.root.join('config/ansible/secrets.yml').read %>
+<% end %>

From 93964f8cdf8bc5eb1df5c8d41aaa3f064a15e36f Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Sun, 14 May 2017 19:56:19 -0700
Subject: [PATCH 2/2] Handle YAML errors in 1.9.3 too

---
 lib/brakeman/checks/check_session_settings.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/brakeman/checks/check_session_settings.rb b/lib/brakeman/checks/check_session_settings.rb
index 30979096f8..099e6f775b 100644
--- a/lib/brakeman/checks/check_session_settings.rb
+++ b/lib/brakeman/checks/check_session_settings.rb
@@ -117,7 +117,7 @@ def check_secrets_yaml
       require 'safe_yaml/load'
       begin
         secrets = SafeYAML.load yaml
-      rescue => e
+      rescue Psych::SyntaxError, RuntimeError => e
         Brakeman.notify "[Notice] #{self.class}: Unable to parse `#{secrets_file}`"
         Brakeman.debug "Failed to parse #{secrets_file}: #{e.inspect}"
         return