Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[update] haml dependency #1044

Closed
joshRpowell opened this issue May 9, 2017 · 8 comments

Comments

@joshRpowell
Copy link

@joshRpowell joshRpowell commented May 9, 2017

haml was recently updated: https://github.com/haml/haml/releases/tag/v5.0.0

opened a PR #1043

@swalberg

This comment has been minimized.

Copy link

@swalberg swalberg commented May 9, 2017

I run Brakeman in CI with a rake task

 require 'brakeman'
 desc 'Run brakeman'
     task :brakeman do
        Brakeman.run app_path: '.', output_files: ['brakeman-output.tabs']
     end

After updating HAML from 4.0.7 to 5.0.0, Brakeman has been failing with:

/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/haml_template_processor.rb:61:in `process_call'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:75:in `block in process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:112:in `in_context'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:71:in `process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/template_processor.rb:25:in `process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/haml_template_processor.rb:14:in `process_call'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:75:in `block in process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:112:in `in_context'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:71:in `process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/template_processor.rb:25:in `process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/base_processor.rb:150:in `block in process_arglist'
(eval):3:in `map!'
(eval):3:in `map!'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/base_processor.rb:149:in `process_arglist'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:75:in `block in process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:112:in `in_context'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:71:in `process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/template_processor.rb:25:in `process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/haml_template_processor.rb:100:in `process_call'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:75:in `block in process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:112:in `in_context'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/ruby_parser/bm_sexp_processor.rb:71:in `process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/template_processor.rb:25:in `process'
/Users/sean/.gem/ruby/2.3.1/gems/brakeman-3.6.0/lib/brakeman/processors/haml_template_processor.rb:118:in `block in process_block'
(eval):3:in `map!'
(eval):3:in `map!'
...

Brakeman 3.6.1 and 3.6.0 and HAML 5.0.0, works in 4.0.7.

You mentioned in #1043 that this should work -- since I'm requiring the gem inside my application and I'm using bundler, is there a better way to do this?

Thanks!

@presidentbeef

This comment has been minimized.

Copy link
Owner

@presidentbeef presidentbeef commented May 10, 2017

I recommend not using Rake to run Brakeman, as it will load your entire Rails application and cause odd issues like this.

Unfortunately there is no way of making Brakeman compatible with all possible permutations of application dependencies. That's why I started vendoring/bundling Brakeman's dependencies (more info here). It is safe to put Brakeman in your Gemfile, but if run with Rake the libraries will still collide.

@swalberg

This comment has been minimized.

Copy link

@swalberg swalberg commented May 10, 2017

That's fair. I'll change it to shell out. All I care about is that output file anyway. Thanks!

@jekuno

This comment has been minimized.

Copy link

@jekuno jekuno commented May 23, 2017

I had similar errors with running brakeman from a Rake task Unrecognized action on _hamlout: fix_textareas!). Maybe we could add a hint at https://github.com/presidentbeef/brakeman#usage that using Rake might lead to errors.

@presidentbeef

This comment has been minimized.

Copy link
Owner

@presidentbeef presidentbeef commented May 23, 2017

@jekuno is that error only occurring when you use a Rake task?

@jekuno

This comment has been minimized.

Copy link

@jekuno jekuno commented May 23, 2017

Yes. Running it from command line works without any problems.

@jaredmoody

This comment has been minimized.

Copy link

@jaredmoody jaredmoody commented Jun 6, 2017

I was getting the following error after upgrading to haml 5 when I had gem 'guard-brakeman' in my Gemfile:

/Users/jaredmoody/.gem/ruby/2.3.4/gems/brakeman-3.6.2/bundle/ruby/2.3.0/gems/haml-4.0.7/lib/haml/template.rb:13:in `alias_method': undefined method `precompiled_method_return_value' for class `Haml::Compiler' (NameError)

added require: false to my Gemfile to workaround.

@presidentbeef

This comment has been minimized.

Copy link
Owner

@presidentbeef presidentbeef commented Mar 16, 2019

Turns out Haml 5.x totally changes what the compiled Haml looks like, which means a big change to how Brakeman handles it.

rgarner added a commit to dxw/DataSubmissionServiceAPI that referenced this issue Apr 17, 2019
We were getting HAML errors; this is down to brakeman not being able
to keep track of every possible dependency and needing to be run in its
own process so as to not load the world (including HAML which is causing
the problem in this instance)

presidentbeef/brakeman#1044
rgarner added a commit to dxw/DataSubmissionServiceAPI that referenced this issue Apr 17, 2019
We were getting HAML errors; this is down to brakeman not being able
to keep track of every possible dependency and needing to be run in its
own process so as to not load the world (including HAML which is causing
the problem in this instance)

presidentbeef/brakeman#1044
Repository owner locked and limited conversation to collaborators Oct 29, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
5 participants
You can’t perform that action at this time.