Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

brakeman 5.2.2: undefined method `sexp_type' for nil:NilClass #1704

Closed
karlxavier opened this issue Apr 14, 2022 · 1 comment
Closed

brakeman 5.2.2: undefined method `sexp_type' for nil:NilClass #1704

karlxavier opened this issue Apr 14, 2022 · 1 comment

Comments

@karlxavier
Copy link

karlxavier commented Apr 14, 2022
edited
Loading

Background

Brakeman version: 5.2.2
Rails version: 6.1
Ruby version: 3.1.1

  • I have this error while running brakeman and i dont know why and what cause this errors

Parse Error

/.rvm/gems/ruby-3.1.1/bin/ruby_executable_hooks:22:in `eval'
/.rvm/gems/ruby-3.1.1/bin/ruby_executable_hooks:22:in `<main>'
While formatting s(:hash, s(:lit, :current_contract), nil, s(:lit, :vacancy), s(:call, s(:const, :Vacancy), :find, s(:call, s(:params), :[], s(:lit, :id)))): undefined method `sexp_type' for nil:NilClass
        t = v.sexp_type
...
...
...
/.rvm/gems/ruby-3.1.1/bin/ruby_executable_hooks:22:in `eval'
/.rvm/gems/ruby-3.1.1/bin/ruby_executable_hooks:22:in `<main>'
While formatting s(:call, s(:colon2, s(:const, :Vacancy), :Copy), :new, s(:hash, s(:lit, :current_contract), nil, s(:lit, :vacancy), s(:call, s(:const, :Vacancy), :find, s(:call, s(:params), :[], s(:lit, :id))))): undefined method `empty?' for nil:NilClass
        next if arg.empty?
@presidentbeef
Copy link
Owner

Hi @karlxavier - this is a bug in ruby2ruby not supporting hash shorthand syntax.

The code causing this looks something like:

{ current_contract:, vacancy: Vacancy.find(params[:id]) }

It's possible #1701 will fix this for you, otherwise I've opened seattlerb/ruby2ruby#55

jcowhigjr added a commit to jcowhigjr/yelp_search_demo that referenced this issue Apr 29, 2022
@jcowhigjr
corrected more rubocop errors
9403cd6 
added the rubo cop todo list file so they can be fixed at a later time
made a note about brakeman failing on the 3.1 shorthand hash syntax in certain cases
	presidentbeef/brakeman#1704
@jcowhigjr jcowhigjr mentioned this issue Apr 29, 2022
Merged
jcowhigjr added a commit to jcowhigjr/yelp_search_demo that referenced this issue Apr 29, 2022
@jcowhigjr
Add Linting, Style and Security Audit to local workflow (#24)
20e5c4c 
* chore: Correct source files with rubocop Layout/LineLength cop

* corrected more rubocop errors
added the rubo cop todo list file so they can be fixed at a later time
made a note about brakeman failing on the 3.1 shorthand hash syntax in certain cases
	presidentbeef/brakeman#1704

* updated and added wip configuration for linters
added initial brakeman report
updated rubocop and erb lint config

* updated lefthook to enable lefthook run fixer and precommit

* updated Gemfile because security audit asked to remove the dependency on  ruby_parser-legacy

* reverted shorthand syntax and noted rationale here -> presidentbeef/brakeman#1709

v5.2.2...main

I get a bundle audit issue when doing this so for now I'm just not going to use the shorthand nested local syntax like you mention and wait for a release.

* removed 2 brakeman 'weak confidence' warnings after reviewing the brakeman documentation on the warning
added brakeman results to git ignore so as not to tip off a hacker about a vulnerability

Additinal info:
I believe the risks identified to be non-existant if I trust that the yelp api is sending safe data.
Also, I think that rails would escape any unsafe data in these strings when saving to the database.
I likely will open another PR to add some explicit tests or additional sanitization

Co-authored-by: Rubocop Auto Correct <rubocop@rubocop>
Repository owner locked and limited conversation to collaborators May 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@presidentbeef @karlxavier