ruby 3.1: undefined method `original_line' for nil:NilClass unless value.original_line

[jorgenschaefer]

We just upgraded to brakeman 5.2.2 and ruby 3.1.1. The command bundle exec brakeman results in the following output:

== Brakeman Report ==

Application Path: […]
Rails Version: 7.0.2.3
Brakeman Version: 5.2.2
Scan Date: 2022-04-07 10:29:53 +0200
Duration: 4.397862559 seconds
Checks Run: BasicAuth, BasicAuthTimingAttack, CSRFTokenForgeryCVE, ContentTag, CookieSerialization, CreateWith, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, DivideByZero, DynamicFinders, EOLRails, EOLRuby, EscapeFunction, Evaluation, Execute, FileAccess, FileDisclosure, FilterSkipping, ForceSSL, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONEncoding, JSONEntityEscape, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, MimeTypeDoS, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NestedAttributesBypass, NumberToCurrency, PageCachingCVE, PermitAttributes, QuoteTableName, Redirect, RegexDoS, Render, RenderDoS, RenderInline, ResponseSplitting, ReverseTabnabbing, RouteDoS, SQL, SQLCVEs, SSLVerify, SafeBufferManipulation, SanitizeMethods, Secrets, SelectTag, SelectVulnerability, Send, SendFile, SessionManipulation, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, SprocketsPathTraversal, StripTags, SymbolDoS, SymbolDoSCVE, TemplateInjection, TranslateBug, UnsafeReflection, UnsafeReflectionMethods, UnscopedFind, ValidationRegex, VerbConfusion, WeakHash, WithoutProtection, XMLDoS, YAMLParsing

== Overview ==

Controllers: 74
Models: 72
Templates: 69
Errors: 11
Security Warnings: 0
Ignored Warnings: 6

== Warning Types ==


== Errors ==

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

Error: undefined method `original_line' for nil:NilClass          unless value.original_line                     ^^^^^^^^^^^^^^
Location: /home/jorgen/.rbenv/versions/3.1.1/lib/ruby/gems/3.1.0/gems/brakeman-5.2.2/lib/brakeman/processors/lib/render_helper.rb:128:in `block in process_template'

No warnings found

Is there any way I can find out where this error is occurring, or provide more detail on why this is failing? :-)

[presidentbeef]

Hi @jorgenschaefer - yes, if you run with -d you will be able to get a full stack trace and it will be more apparent which file(s) are causing the issue.

[jorgenschaefer]

Hah! That helped.

Ruby 3.1 allows a shorthand syntax for passing key-value-pairs with the same name, e.g. { account: account } can be written as { account: }. Rubocop even enforces this by default. That apparently triggers the bug.

Example code:

  def new
    account = Customer.find(params.fetch(:customer_id)).accounts.build
    render 'new', locals: { account: }
  end

[presidentbeef]

Really helpful, thanks!