Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

get_version() regexp fails when Gemfile.lock has CRLF line terminators #359

monkeynews opened this Issue Jul 3, 2013 · 1 comment


None yet
2 participants
Copy link

commented Jul 3, 2013

When Gemfile.lock has CRLF line endings (as it does when using rails on Windows/cygwin), the regexp in get_version() fails to match, because the closing paren is not the last character at the end of the line. (Rather, the \r is.)

Sticking \r* just before the $ anchor seems to fix it, i.e., changing the first line in the function to:

def get_version name, gem_lock
match = gem_lock.match(/\s#{name} ((\d+.\d+.\d+.))\r$/)


This comment has been minimized.

Copy link

commented Jul 3, 2013

Hi, thanks for reporting this issue.

I suspect this would work just fine if Ruby were running on Windows (since $ would match \r\n then). However, it looks like Brakeman uses very few regexes matching end of line characters, so I suppose we can support this odd case.

Repository owner locked and limited conversation to collaborators Feb 16, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.