nil:NilClass (NoMethodError)

[philcox]

Got the same error through Jenkins, ran it by hand and got same problem. Run of other repositories on same system complete with no error. Any thoughts?

[Notice] Using Ruby 1.8.7. Please make sure this matches the one used to run your Rails application.
Processing application in /var/lib/jenkins/jobs/BrakemanScan/workspace
Processing configuration...
Processing gems...
Processing initializers...
Processing libs...
Processing routes...
Processing templates...
Processing data flow in templates...
Processing models...
Processing controllers...
Processing data flow in controllers...
Indexing call sites... ed
Running checks in parallel...

• CheckBasicAuth
• CheckCrossSiteScripting
• CheckDefaultRoutes
• CheckEscapeFunction
• CheckEvaluation
• CheckExecute
• CheckFileAccess
• CheckFilterSkipping
• CheckForgerySetting
• CheckLinkTo
• CheckLinkToHref
• CheckMailTo
• CheckMassAssignment
• CheckModelAttributes
• CheckNestedAttributes
• CheckQuoteTableName
• CheckRedirect
• CheckRender
• CheckResponseSplitting
• CheckSendFile
• CheckSessionSettings
• CheckSQL
• CheckStripTags
• CheckTranslateBug
• CheckValidationRegex
• CheckWithoutProtection
  Checks finished, collecting results...
  Generating report...
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman/warning.rb:74:in format_code': private methodgsub' called for nil:NilClass (NoMethodError)
  from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman/warning.rb:88:in format_message' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman/warning.rb:98:into_row'
  from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman/report.rb:105:in generate_warnings' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman/report.rb:104:ineach'
  from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman/report.rb:104:in generate_warnings' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman/report.rb:339:into_s'
  from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman.rb:262:in send' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman.rb:262:inscan'
  from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/../lib/brakeman.rb:55:in run' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.4.0/bin/brakeman:45 from /opt/ruby-enterprise-1.8.7-2012.02/bin/brakeman:19:inload'
  from /opt/ruby-enterprise-1.8.7-2012.02/bin/brakeman:19

[presidentbeef]

Hmm seems to be trying to format code on a warning with no code associated with it. I'll look into it.

[presidentbeef]

Hi Phil, can you try this with the latest (1.5.1) just to make sure it has not already been fixed? Thanks!

[philcox]

Justin,

I did have an older version running, tried it with 1.5.1, same errors:

Processing configuration...
Processing gems...
Processing initializers...
Processing libs...
Processing routes...
Processing templates...
Processing data flow in templates...
Processing models...
Processing controllers...
Processing data flow in controllers...
85/123 controllers processed

Indexing call sites... ed
Running checks in parallel...

• CheckBasicAuth
• CheckCrossSiteScripting
• CheckDefaultRoutes
• CheckEscapeFunction
• CheckEvaluation
• CheckExecute
• CheckFileAccess
• CheckFilterSkipping
• CheckForgerySetting
• CheckLinkTo
• CheckLinkToHref
• CheckMailTo
• CheckMassAssignment
• CheckModelAttributes
• CheckNestedAttributes
• CheckQuoteTableName
• CheckRedirect
• CheckRender
• CheckResponseSplitting
• CheckSafeBufferManipulation
• CheckSelectVulnerability
• CheckSendFile
• CheckSessionSettings
• CheckSkipBeforeFilter
• CheckSQL
• CheckStripTags
• CheckTranslateBug
• CheckValidationRegex
• CheckWithoutProtection
  Checks finished, collecting results...
  Generating report...
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:in
  format_code': private methodgsub' called for nil:NilClass (NoMethodError)
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in
  format_message' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:in to_row'
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in
  generate_warnings' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in each'
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in
  generate_warnings' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:in to_s'
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in
  send' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in scan'
  from
  /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in
  run' from /opt/ruby-enterprise-1.8.7-2012.02/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 from /opt/ruby-enterprise-1.8.7-2012.02/bin/brakeman:19:inload'
  from /opt/ruby-enterprise-1.8.7-2012.02/bin/brakeman:19
  [jenkins@01-2e2itao workspace]$

Phil

[philcox]

I cannot reproduce on my OSX box. Current running box is CentOS 5.6. If I specify checks, it seems to error when I have the "MassAssignment" check enabled. If I disable that one check, it works fine.

[philcox]

Have done a bit more debugging. It seems that it has something to do with the Git clone of the repo. When I add the repo by hand to a separate directory and run brakeman, it works with no problems. If I run it on the clone done by Jenkins, it fails. Any thoughts?

Running checks in parallel...

• CheckMassAssignment
  Finding possible mass assignment calls on 113 models
  Processing possible mass assignment calls
  Checks finished, collecting results...
  Generating report...

{:backtrace=>["could not parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/daemon/ec2_daemon.rb. There is probably a typo in the file. Test it with 'ruby_parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/daemon/ec2_daemon.rb'"], :error=>" parse error on value "true", 76"}
{:backtrace=>["could not parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/scripts/db_consistency_cron.rb. There is probably a typo in the file. Test it with 'ruby_parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/lib/scripts/db_consistency_cron.rb'"], :error=>" parse error on value "false", 149"}
{:backtrace=>["could not parse /var/lib/jenkins/jobs/RightApiBrakemanScanner/workspace/app/views/accounts/new.rhtml"], :error=>" parse error on value ";" (tSEMI)"}
While formatting s(s(:lit, :ip_address_lockout_count), nil): undefined method first' for nil:NilClass /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:453:inprocess_hash'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in send' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:inprocess'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:261:in error_handler' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:208:inprocess'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in in_context' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:180:inprocess'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:20:in process' /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:211:inprocess_call'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in in_context' /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:208:inprocess_call'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:52:in process_call' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:insend'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:261:inerror_handler'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:208:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:inin_context'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:180:in process' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:20:inprocess'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:13:in format' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:informat_code'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in format_message' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:into_row'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:ineach'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:into_s'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in send' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:inscan'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in run' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 /usr/bin/brakeman:19:inload'
/usr/bin/brakeman:19
While formatting s(): undefined method empty?' for nil:NilClass /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:213:inprocess_call'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:in in_context' /usr/lib/ruby/gems/1.8/gems/ruby2ruby-1.3.1/lib/ruby2ruby.rb:208:inprocess_call'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:52:in process_call' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:insend'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:209:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:261:inerror_handler'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:208:in process' /usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:326:inin_context'
/usr/lib/ruby/gems/1.8/gems/sexp_processor-3.1.0/lib/sexp_processor.rb:180:in process' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:20:inprocess'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/processors/output_processor.rb:13:in format' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:informat_code'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in format_message' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:into_row'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:ineach'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in generate_warnings' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:into_s'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in send' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:inscan'
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in run' /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 /usr/bin/brakeman:19:inload'
/usr/bin/brakeman:19
/usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:74:in format_code': private methodgsub' called for nil:NilClass (NoMethodError)
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:88:in format_message' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/warning.rb:98:into_row'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:105:in generate_warnings' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:ineach'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:104:in generate_warnings' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman/report.rb:339:into_s'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:in send' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:266:inscan'
from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/../lib/brakeman.rb:55:in run' from /usr/lib/ruby/gems/1.8/gems/brakeman-1.5.1/bin/brakeman:48 from /usr/bin/brakeman:19:inload'
from /usr/bin/brakeman:19

[presidentbeef]

Different Ruby versions, maybe?

[philcox]

Justin,

Nope, same exact Ruby, Rails, brakeman, ...

Just different BaseOS, and the fact that Jenkins is doing the "git clone"
instead of me doing it by hand.

Phil

On Mon, Mar 12, 2012 at 9:04 PM, Justin <
reply@reply.github.com

wrote:

Different Ruby versions, maybe?

---

Reply to this email directly or view it on GitHub:
#53 (comment)

Director of Security and Compliance
RightScale Inc - http://www.rightscale.com
805-243-0942
Skype: phil.cox.rs
Twitter: @sec_prof

[presidentbeef]

Any idea what the code that involves :ip_address_lockout_count looks like? It seems like there is some kind of issue with how it is being handled.

Sorry, these kinds of problems can be a pain to track down. I'm really not sure why different copies of the code are behaving differently, though.

[philcox]

Seems to be working now. Not sure what the deal was.

[dfuentes77]

Had the same problem and had to revert from 1.8.0 to 1.7.1 for it to work.

[presidentbeef]

@dfuentes77 can you clarify which problem you had? Can you paste the error/stack trace? Thanks!

[dfuentes77]

it was pretty much the same as the very first stack trace. I'd have to update my Gemfile again and duplicate it and I'm running tests against my app using 1.7.1 right now. I'd have to get back to you with the exact error.

[presidentbeef]

Okay, when you get a chance please run Brakeman with the -d flag and open a new issue, please. Thanks!

[dfuentes77]

I tried it again and for some reason, its working with 1.8.1 now. Don't know why. I reverted to 1.7.1 before and recently just changed the version in my Gemfile to 1.8.1 and did a "bundle update brakeman" and afterward it started working. Maybe another gem that was updated in my previous attempt was braking it.

[presidentbeef]

I fixed it in 1.8.1 ;)